[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [gnutls-dev] Preparing for the next stable release
From: |
Ludovic Courtès |
Subject: |
Re: [gnutls-dev] Preparing for the next stable release |
Date: |
Mon, 09 Jul 2007 18:00:32 +0200 |
User-agent: |
Gnus/5.11 (Gnus v5.11) Emacs/22.1 (gnu/linux) |
Hi,
Simon Josefsson <address@hidden> writes:
> I solved this by removing internals.texi and moving the contents inside
> gnutls.texi.
Works perfectly here.
I just noticed I had forgotten to capitalize all subsections. Attached
is an additional patch.
Thanks,
Ludovic.
>From 7b3b8986de3f0d1ed281e8a93f1db74edd3cf118 Mon Sep 17 00:00:00 2001
From: =?utf-8?q?Ludovic=20Court=C3=A8s?= <address@hidden>
Date: Mon, 9 Jul 2007 17:58:17 +0200
Subject: [PATCH] Capitalized subsection titles.
* doc/gnutls.texi: Capitalized subsection titles.
* doc/signatures.texi: Likewise.
---
doc/gnutls.texi | 82 +++++++++++++++++++++++++-------------------------
doc/signatures.texi | 4 +-
2 files changed, 43 insertions(+), 43 deletions(-)
diff --git a/doc/gnutls.texi b/doc/gnutls.texi
index 05a9a3f..415b8ff 100644
--- a/doc/gnutls.texi
+++ b/doc/gnutls.texi
@@ -677,7 +677,7 @@ just after the handshake protocol has finished.
@end menu
@node Encryption algorithms used in the record layer
address@hidden Encryption algorithms used in the record layer
address@hidden Encryption Algorithms Used in the Record Layer
@cindex Symmetric encryption algorithms
Confidentiality in the record layer is achieved by using symmetric
@@ -727,7 +727,7 @@ bits of data.
@end table
@node Compression algorithms used in the record layer
address@hidden Compression algorithms used in the record layer
address@hidden Compression Algorithms Used in the Record Layer
@cindex Compression algorithms
The TLS record layer also supports compression. The algorithms
@@ -762,7 +762,7 @@ and the private extensions are enabled.
@end table
@node Weaknesses and countermeasures
address@hidden Weaknesses and countermeasures
address@hidden Weaknesses and Countermeasures
Some weaknesses that may affect the security of the Record layer have
been found in @acronym{TLS} 1.0 protocol. These weaknesses can be
@@ -870,7 +870,7 @@ To set whether client certificate is required or not.
To initiate the handshake.
@end table
address@hidden TLS cipher suites
address@hidden TLS Cipher Suites
The Handshake Protocol of @acronym{TLS} negotiates cipher suites of
the form @code{TLS_DHE_RSA_WITH_3DES_CBC_SHA}. The usual cipher
@@ -902,7 +902,7 @@ true. For several reasons, not discussed here, some
combinations were
not defined in the @acronym{TLS} protocol. The supported ciphersuites
are shown in @ref{ciphersuites}.
address@hidden Client authentication
address@hidden Client Authentication
@cindex Client Certificate authentication
In the case of ciphersuites that use certificate authentication, the
@@ -942,7 +942,7 @@ reasons, thus it may be normal for a server not to resume a
session
even if you requested that. Also note that you must enable, using the
priority functions, at least the algorithms used in the last session.
address@hidden Resuming internals
address@hidden Resuming Internals
The resuming capability, mostly in the server side, is one of the
problems of a thread-safe TLS implementations. The problem is that all
@@ -996,7 +996,7 @@ in @acronym{GnuTLS} are:
and they will be discussed in the subsections that follow.
address@hidden Maximum fragment length negotiation
address@hidden Maximum Fragment Length Negotiation
@cindex TLS Extensions
@cindex Maximum fragment length
@@ -1006,7 +1006,7 @@ useful to clients with constrained capabilities. See the
@ref{gnutls_record_set_max_size} and the
@ref{gnutls_record_get_max_size} functions.
address@hidden Server name indication
address@hidden Server Name Indication
@anchor{serverind}
@cindex TLS Extensions
@cindex Server name indication
@@ -1102,7 +1102,7 @@ are:
@node Certificate authentication
@section Certificate Authentication
address@hidden Authentication using @acronym{X.509} certificates
address@hidden Authentication Using @acronym{X.509} Certificates
@cindex @acronym{X.509} certificates
@acronym{X.509} certificates contain the public parameters, of a
@@ -1110,7 +1110,7 @@ public key algorithm, and an authority's signature, which
proves the
authenticity of the parameters. @xref{The X.509 trust model}, for
more information on @acronym{X.509} protocols.
address@hidden Authentication using @acronym{OpenPGP} keys
address@hidden Authentication Using @acronym{OpenPGP} Keys
@cindex @acronym{OpenPGP} Keys
@acronym{OpenPGP} keys also contain public parameters of a public key
@@ -1123,7 +1123,7 @@ based on the @xcite{TLSPGP} proposal.
@acronym{OpenPGP} trust model. For a more detailed introduction to
@acronym{OpenPGP} and @acronym{GnuPG} see @xcite{GPGH}.
address@hidden Using certificate authentication
address@hidden Using Certificate Authentication
In @acronym{GnuTLS} both the @acronym{OpenPGP} and @acronym{X.509}
certificates are part of the certificate authentication and thus are
@@ -1550,7 +1550,7 @@ handling @acronym{X.509} certificates is described at
section
@end menu
@node X.509 certificates
address@hidden @acronym{X.509} certificates
address@hidden @acronym{X.509} Certificates
An @acronym{X.509} certificate usually contains information about the
certificate holder, the signer, a unique serial number, expiration
@@ -1640,7 +1640,7 @@ functions for @acronym{X.509} certificate handling have
their prototypes in
parsing capabilities can be found at section @ref{ex:x509-info}.
@node Verifying X.509 certificate paths
address@hidden Verifying @acronym{X.509} certificate paths
address@hidden Verifying @acronym{X.509} Certificate Paths
@cindex Verifying certificate paths
Verifying certificate paths is important in @acronym{X.509} authentication. For
@@ -1723,7 +1723,7 @@ certificate's owner is the one you expect. For more
information consult @xcite{R
and section @ref{ex:verify} for an example.
@node PKCS #10 certificate requests
address@hidden @acronym{PKCS} #10 certificate requests
address@hidden @acronym{PKCS} #10 Certificate Requests
@cindex Certificate requests
@cindex @acronym{PKCS} #10
@@ -1739,7 +1739,7 @@ using the @code{gnutls_x509_crq_t} type. An example of a
certificate
request generation can be found at section @ref{ex:crq}.
@node PKCS #12 structures
address@hidden @acronym{PKCS} #12 structures
address@hidden @acronym{PKCS} #12 Structures
@cindex @acronym{PKCS} #12
A @acronym{PKCS} #12 structure @xcite{PKCS12} usually contains a user's
@@ -1786,7 +1786,7 @@ only Kevin, for some reason. A reason could be that Bob
is lazy
enough, and signs other people's keys without being sure that they
belong to the actual owner.
address@hidden @acronym{OpenPGP} keys
address@hidden @acronym{OpenPGP} Keys
In @acronym{GnuTLS} the @acronym{OpenPGP} key structures
@xcite{RFC2440} are handled using the @code{gnutls_openpgp_key_t} type
@@ -1794,7 +1794,7 @@ and the corresponding private keys with the
@code{gnutls_openpgp_privkey_t} type. All the prototypes for the key
handling functions can be found at @file{gnutls/openpgp.h}.
address@hidden Verifying an @acronym{OpenPGP} key
address@hidden Verifying an @acronym{OpenPGP} Key
The verification functions of @acronym{OpenPGP} keys, included in
@acronym{GnuTLS}, are simple ones, and do not use the features of the
@@ -2011,7 +2011,7 @@ available by including the header file
@file{gnutls/extra.h} in your
programs.
@node Version check
address@hidden Version check
address@hidden Version Check
It is often desirable to check that the version of `gnutls' used is
indeed one which fits all requirements. Even with binary
@@ -2021,7 +2021,7 @@ want to check that the version is okay right after
program startup.
See the function @ref{gnutls_check_version}.
@node Building the source
address@hidden Building the source
address@hidden Building the Source
If you want to compile a source file including the `gnutls/gnutls.h'
header file, you must make sure that the compiler can find it in the
@@ -2067,7 +2067,7 @@ gcc -o foo foo.c `libgnutls-config --cflags --libs`
@end example
@node Multi-threaded applications
address@hidden Multi-threaded applications
address@hidden Multi-Threaded Applications
Although the @acronym{GnuTLS} library is thread safe by design, some
parts of the crypto backend, such as the random generator, are
@@ -2152,7 +2152,7 @@ implemented by another example.
@end menu
@node Simple client example with anonymous authentication
address@hidden Simple client example with anonymous authentication
address@hidden Simple Client Example with Anonymous Authentication
The simplest client using TLS is the one that doesn't do any
authentication. This means no external certificates or passwords are
@@ -2163,7 +2163,7 @@ However, the data is integrity and privacy protected.
@verbatiminclude examples/ex-client1.c
@node Simple client example with X.509 certificate support
address@hidden Simple client example with @acronym{X.509} certificate support
address@hidden Simple Client Example with @acronym{X.509} Certificate Support
Let's assume now that we want to create a TCP client which
communicates with servers that use @acronym{X.509} or
@@ -2176,7 +2176,7 @@ redefining them.
@verbatiminclude examples/ex-client2.c
@node Obtaining session information
address@hidden Obtaining session information
address@hidden Obtaining Session Information
Most of the times it is desirable to know the security properties of
the current established session. This includes the underlying ciphers
@@ -2187,7 +2187,7 @@ if called after a successful @ref{gnutls_handshake}.
@verbatiminclude examples/ex-session-info.c
@node Verifying peer's certificate
address@hidden Verifying peer's certificate
address@hidden Verifying Peer's Certificate
@anchor{ex:verify}
A @acronym{TLS} session is not secure just after the handshake
@@ -2205,7 +2205,7 @@ verification output.
@verbatiminclude examples/ex-verify.c
@node Using a callback to select the certificate to use
address@hidden Using a callback to select the certificate to use
address@hidden Using a Callback to Select the Certificate to Use
There are cases where a client holds several certificate and key
pairs, and may not want to load all of them in the credentials
@@ -2215,7 +2215,7 @@ certificate selection callback.
@verbatiminclude examples/ex-cert-select.c
@node Client with Resume capability example
address@hidden Client with Resume capability example
address@hidden Client with Resume Capability Example
@anchor{ex:resume-client}
This is a modification of the simple client example. Here we
@@ -2226,7 +2226,7 @@ establish a new connection using the previously
negotiated data.
@verbatiminclude examples/ex-client-resume.c
@node Simple client example with SRP authentication
address@hidden Simple client example with @acronym{SRP} authentication
address@hidden Simple Client Example with @acronym{SRP} Authentication
The following client is a very simple @acronym{SRP} @acronym{TLS}
client which connects to a server and authenticates using a
@@ -2236,7 +2236,7 @@ itself using a certificate, and in that case it has to be
verified.
@verbatiminclude examples/ex-client-srp.c
@node Simple client example with TLS/IA support
address@hidden Simple client example with @acronym{TLS/IA} support
address@hidden Simple Client Example with @acronym{TLS/IA} Support
The following client is a simple client which uses the
@acronym{TLS/IA} extension to authenticate with the server.
@@ -2244,7 +2244,7 @@ The following client is a simple client which uses the
@verbatiminclude examples/ex-client-tlsia.c
@node Simple client example with authorization support
address@hidden Simple client example with authorization support
address@hidden Simple Client Example with Authorization Support
The following client require that the server sends authorization data,
and the client will send authorization data to the server as well.
@@ -2253,7 +2253,7 @@ For authentication, X.509 is used.
@verbatiminclude examples/ex-client-authz.c
@node Helper function for TCP connections
address@hidden Helper function for TCP connections
address@hidden Helper Function for TCP Connections
This helper function abstracts away TCP connection handling from the
other examples. It is required to build some examples.
@@ -2276,7 +2276,7 @@ servers, using @acronym{GnuTLS}.
@end menu
@node Echo Server with X.509 authentication
address@hidden Echo Server with @acronym{X.509} authentication
address@hidden Echo Server with @acronym{X.509} Authentication
This example is a very simple echo server which supports
@acronym{X.509} authentication, using the RSA ciphersuites.
@@ -2284,7 +2284,7 @@ This example is a very simple echo server which supports
@verbatiminclude examples/ex-serv1.c
@node Echo Server with X.509 authentication II
address@hidden Echo Server with @acronym{X.509} authentication II
address@hidden Echo Server with @acronym{X.509} Authentication II
The following example is a server which supports @acronym{X.509}
authentication. This server supports the export-grade cipher suites,
@@ -2293,7 +2293,7 @@ the DHE ciphersuites and session resuming.
@verbatiminclude examples/ex-serv-export.c
@node Echo Server with OpenPGP authentication
address@hidden Echo Server with @acronym{OpenPGP} authentication
address@hidden Echo Server with @acronym{OpenPGP} Authentication
@cindex @acronym{OpenPGP} Server
The following example is an echo server which supports
@@ -2305,7 +2305,7 @@ them to keep these examples as simple as possible.
@verbatiminclude examples/ex-serv-pgp.c
@node Echo Server with SRP authentication
address@hidden Echo Server with @acronym{SRP} authentication
address@hidden Echo Server with @acronym{SRP} Authentication
This is a server which supports @acronym{SRP} authentication. It is
also possible to combine this functionality with a certificate
@@ -2314,7 +2314,7 @@ server. Here it is separate for simplicity.
@verbatiminclude examples/ex-serv-srp.c
@node Echo Server with anonymous authentication
address@hidden Echo Server with anonymous authentication
address@hidden Echo Server with Anonymous Authentication
This example server support anonymous authentication, and could be
used to serve the example client for anonymous authentication.
@@ -2322,7 +2322,7 @@ used to serve the example client for anonymous
authentication.
@verbatiminclude examples/ex-serv-anon.c
@node Echo Server with authorization support
address@hidden Echo Server with authorization support
address@hidden Echo Server with Authorization Support
This example server support authorization data, and can be used to
serve the example client with authorization support.
@@ -2340,7 +2340,7 @@ serve the example client with authorization support.
@end menu
@node Checking for an alert
address@hidden Checking for an alert
address@hidden Checking for an Alert
This is a function that checks if an alert has been received in the
current session.
@@ -2348,7 +2348,7 @@ current session.
@verbatiminclude examples/ex-alert.c
@node X.509 certificate parsing example
address@hidden @acronym{X.509} certificate parsing example
address@hidden @acronym{X.509} Certificate Parsing Example
@anchor{ex:x509-info}
To demonstrate the @acronym{X.509} parsing capabilities an example program is
@@ -2358,7 +2358,7 @@ information about it.
@verbatiminclude examples/ex-x509-info.c
@node Certificate request generation
address@hidden Certificate request generation
address@hidden Certificate Request Generation
@anchor{ex:crq}
The following example is about generating a certificate request, and a
@@ -2368,7 +2368,7 @@ which should return a signed certificate.
@verbatiminclude examples/ex-crq.c
@node PKCS #12 structure generation
address@hidden @acronym{PKCS} #12 structure generation
address@hidden @acronym{PKCS} #12 Structure Generation
@anchor{ex:pkcs12}
The following example is about generating a @acronym{PKCS} #12
@@ -2615,7 +2615,7 @@ Usage: gnutls-serv [options]
--copyright prints the program's license
@end verbatim
address@hidden Setting up a test HTTPS server
address@hidden Setting Up a Test HTTPS Server
@cindex HTTPS server
@cindex debug server
diff --git a/doc/signatures.texi b/doc/signatures.texi
index 85d17db..7ad761f 100644
--- a/doc/signatures.texi
+++ b/doc/signatures.texi
@@ -56,7 +56,7 @@ sometime in the future, SHA-1 will be disabled as well. The
collision
attacks on SHA-1 may also get better, given the new interest in tools
for creating them.
address@hidden Supported algorithms
address@hidden Supported Algorithms
The available digital signature algorithms in @acronym{GnuTLS} are
listed below:
@@ -96,7 +96,7 @@ the EU project RIPE. Outputs 160 bits of data.
@end table
address@hidden Trading security for interoperability
address@hidden Trading Security for Interoperability
If you connect to a server and use GnuTLS' functions to verify the
certificate chain, and get a @ref{GNUTLS_CERT_INSECURE_ALGORITHM}
--
1.5.2.1
- [gnutls-dev] GnuTLS 1.7.15, Simon Josefsson, 2007/07/02
- [gnutls-dev] Preparing for the next stable release, Simon Josefsson, 2007/07/02
- Re: [gnutls-dev] Preparing for the next stable release, Ludovic Courtès, 2007/07/02
- Re: [gnutls-dev] Preparing for the next stable release, Simon Josefsson, 2007/07/03
- Re: [gnutls-dev] Preparing for the next stable release, Ludovic Courtès, 2007/07/03
- Re: [gnutls-dev] Preparing for the next stable release, Simon Josefsson, 2007/07/06
- Re: [gnutls-dev] Preparing for the next stable release, Ludovic Courtès, 2007/07/08
- Re: [gnutls-dev] Preparing for the next stable release, Simon Josefsson, 2007/07/08
- Re: [gnutls-dev] Preparing for the next stable release, Simon Josefsson, 2007/07/08
- Re: [gnutls-dev] Preparing for the next stable release,
Ludovic Courtès <=
- Re: [gnutls-dev] Preparing for the next stable release, Simon Josefsson, 2007/07/09
Re: [gnutls-dev] Preparing for the next stable release, Joe Orton, 2007/07/26
Re: [gnutls-dev] GnuTLS 1.7.15, Alon Bar-Lev, 2007/07/02