[SCM] GNU gnutls branch, master, updated. gnutls_3_0

gnutls-commit
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_0-51-g466b56c

From:	Nikos Mavrogiannopoulos
Subject:	[SCM] GNU gnutls branch, master, updated. gnutls_3_0_0-51-g466b56c
Date:	Fri, 12 Aug 2011 15:53:10 +0000
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=466b56cc3416ef366bbf043db7c090bd17b77e34

The branch, master has been updated
       via  466b56cc3416ef366bbf043db7c090bd17b77e34 (commit)
       via  e617a9abfd122d6b8b4eefcbded2b99d25c72868 (commit)
       via  317f8a832b1d685e7a785ced7f9741278084e243 (commit)
       via  4c722d46b244f8786c9701b042dd6bb0f8a49d8c (commit)
      from  4a91ff90f4ebf44219b228ea11bbddf52eb4b002 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
-----------------------------------------------------------------------

Summary of changes:
 doc/cha-gtls-app.texi     |   20 +++++++++-----------
 doc/cha-programs.texi     |   20 ++++++++++----------
 doc/cha-support.texi      |    7 +++----
 doc/cha-tls-app.texi      |   12 ++++++------
 doc/manpages/gnutls-cli.1 |    8 ++++----
 5 files changed, 32 insertions(+), 35 deletions(-)

diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi
index 2b250b2..b684085 100644
--- a/doc/cha-gtls-app.texi
+++ b/doc/cha-gtls-app.texi
@@ -672,13 +672,13 @@ In user authentication protocols (e.g., EAP or SASL 
mechanisms) it is
 useful to have a unique string that identifies the secure channel that
 is used, to bind together the user authentication with the secure
 channel.  This can protect against man-in-the-middle attacks in some
-situations.  The unique strings is a ``channel bindings''.  For
-background and more discussion see @xcite{RFC5056}.
+situations.  That unique string is called a ``channel binding''.  For
+background and discussion see @xcite{RFC5056}.
 
-You can extract a channel bindings using the
+In @acronym{GnuTLS} you can extract a channel binding using the
 @funcref{gnutls_session_channel_binding} function.  Currently only the
address@hidden type is supported, which corresponds to
-the @code{tls-unique} channel bindings for TLS defined in
+type @code{GNUTLS_CB_TLS_UNIQUE} is supported, which corresponds to
+the @code{tls-unique} channel binding for TLS defined in
 @xcite{RFC5929}.
 
 The following example describes how to print the channel binding data.
@@ -711,17 +711,15 @@ Note that it must be run after a successful TLS handshake.
 @cindex OpenSSL
 
 To ease @acronym{GnuTLS}' integration with existing applications, a
-compatibility layer with the widely used OpenSSL library is included
+compatibility layer with the OpenSSL library is included
 in the @code{gnutls-openssl} library. This compatibility layer is not
 complete and it is not intended to completely re-implement the OpenSSL
 API with @acronym{GnuTLS}.  It only provides limited source-level
-compatibility. There is currently no attempt to make it
-binary-compatible with OpenSSL.
+compatibility. 
 
 The prototypes for the compatibility functions are in the
address@hidden/openssl.h} header file.
-
-Current limitations imposed by the compatibility layer include:
address@hidden/openssl.h} header file. The limitations 
+imposed by the compatibility layer include:
 
 @itemize
 
diff --git a/doc/cha-programs.texi b/doc/cha-programs.texi
index 46dfe10..b0d46cf 100644
--- a/doc/cha-programs.texi
+++ b/doc/cha-programs.texi
@@ -411,15 +411,6 @@ Usage:  gnutls-cli [options] hostname
      -v, --version            prints the program's version number
 @end example
 
-To connect to a server using PSK authentication, you may use something
-like:
-
address@hidden
-$ gnutls-cli -p 5556 test.gnutls.org --pskusername jas \
-  --pskkey 9e32cf7786321a828ef7668f09fb35db \
-  --priority NORMAL:-KX-ALL:+ECDHE-PSK:DHE-PSK:+PSK
address@hidden smallexample
-
 @menu
 * Example client PSK connection::
 @end menu
@@ -428,6 +419,15 @@ $ gnutls-cli -p 5556 test.gnutls.org --pskusername jas \
 @subsection Example client PSK connection
 @cindex PSK client
 
+To connect to a server using PSK authentication, you may use something
+like:
+
address@hidden
+$ gnutls-cli -p 5556 test.gnutls.org --pskusername jas \
+  --pskkey 9e32cf7786321a828ef7668f09fb35db \
+  --priority NORMAL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK
address@hidden smallexample
+
 If your server only supports the PSK ciphersuite, connecting to it
 should be as simple as connecting to the server:
 
@@ -482,7 +482,7 @@ This program was created to assist in debugging 
@acronym{GnuTLS}, but
 it might be useful to extract a @acronym{TLS} server's capabilities.
 It's purpose is to connect onto a @acronym{TLS} server, perform some
 tests and print the server's capabilities. If called with the `-v'
-parameter a more checks will be performed. An example output is:
+parameter more checks will be performed. An example output is:
 
 @example
 crystal:/cvs/gnutls/src$ ./gnutls-cli-debug localhost -p 5556
diff --git a/doc/cha-support.texi b/doc/cha-support.texi
index 604f85f..835482f 100644
--- a/doc/cha-support.texi
+++ b/doc/cha-support.texi
@@ -56,7 +56,7 @@ E-mail: address@hidden
 @end verbatim
 
 If your company provides support related to GnuTLS and would like to
-be mentioned here, contact the authors using the address at @ref{Bug Reports}.
+be mentioned here, contact the authors.
 
 @node Downloading and Installing
 @section Downloading and Installing
@@ -155,7 +155,7 @@ Send your bug report to:
 @cindex Contributing
 @cindex Hacking
 
-If you want to submit a patch for inclusion -- from solve a typo you
+If you want to submit a patch for inclusion -- from solving a typo you
 discovered, up to adding support for a new feature -- you should
 submit it as a bug report, using the process in @ref{Bug Reports}.  There are 
some
 things that you can do to increase the chances for it to be included
@@ -168,8 +168,7 @@ already signed papers, we will send you the necessary 
information when
 you submit your contribution.
 
 For contributions that doesn't consist of actual programming code, the
-only guidelines are common sense.  Use it.
-
+only guidelines are common sense.  
 For code contributions, a number of style guides will help you:
 
 @itemize @bullet
diff --git a/doc/cha-tls-app.texi b/doc/cha-tls-app.texi
index 9344522..b8e83ed 100644
--- a/doc/cha-tls-app.texi
+++ b/doc/cha-tls-app.texi
@@ -43,12 +43,13 @@ soon obsoleted.
 
 Other application address@hidden LDAP, IMAP etc.}  use a
 different approach to enable the secure layer.  They use something
-called the ``TLS upgrade'' method. This method is quite tricky but it
+often called as the ``TLS upgrade'' method. This method is quite tricky but it
 is more flexible. The idea is to extend the application protocol to
 have a ``STARTTLS'' request, whose purpose it to start the TLS
 protocols just after the client requests it.  This approach
-does not require an extra port and is used by almost all modern protocols.
-There is even an extension to HTTP protocol to support that method 
@xcite{RFC2817}.
+does not require any extra port to be reserved.
+There is even an extension to HTTP protocol to support 
+that method @xcite{RFC2817}.
 
 The tricky part, in this method, is that the ``STARTTLS'' request is
 sent in the clear, thus is vulnerable to modifications.  A typical
@@ -94,7 +95,7 @@ CLIENT: HERE ARE SOME CONFIDENTIAL DATA
 As you can see above the client was fooled, and was dummy enough to
 send the confidential data in the clear.
 
-How to avoid the above attack? As you may have already thought this
+How to avoid the above attack? As you may have already noticed this
 one is easy to avoid. The client has to ask the user before it
 connects whether the user requests @acronym{TLS} or not. If the user
 answered that he certainly wants the secure layer the last
@@ -123,5 +124,4 @@ traditional method, and the security properties remain the 
same, since
 only denial of service is possible. The benefit is that the server may
 request additional data before the @acronym{TLS} Handshake protocol
 starts, in order to send the correct certificate, use the correct
-password address@hidden @acronym{SRP} authentication}, or anything
-else!
+password file, or anything else!
diff --git a/doc/manpages/gnutls-cli.1 b/doc/manpages/gnutls-cli.1
index 0b170ec..8a42a5c 100644
--- a/doc/manpages/gnutls-cli.1
+++ b/doc/manpages/gnutls-cli.1
@@ -123,14 +123,14 @@ SRP password to use.
 .IP "\-\-srpusername \fINAME\fR"
 SRP username to use.
 .IP "\-\-x509cafile \fIFILE\fR"
-Certificate file to use. This option accepts PKCS \#11 URLs such as
-pkcs11:token=Root%20CA%20Certificates;serial=1%3AROOTS%3ADEFAULT;model=1%2E0;manufacturer=Gnome%20Keyring
+Certificate file to use. This option accepts PKCS #11 URLs such as
+"pkcs11:token=xxx"
 .IP "\-\-x509certfile \fIFILE\fR"
-X.509 Certificate file to use, or a PKCS \#11 URL.
+X.509 Certificate file to use, or a PKCS #11 URL.
 .IP "\-\-x509fmtder"
 Use DER format for certificates
 .IP "\-\-x509keyfile \fIFILE\fR"
-X.509 key file or PKCS \#11 URL to use.
+X.509 key file or PKCS #11 URL to use.
 .IP "\-\-x509crlfile \fIFILE\fR"
 X.509 CRL file to use.
 .IP "\-\-pskusername \fINAME\fR"


hooks/post-receive
-- 
GNU gnutls
[Prev in Thread]
Current Thread
[Next in Thread]
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_0-51-g466b56c, Nikos Mavrogiannopoulos <=
Prev by Date: [SCM] GNU gnutls branch, gnutls_3_0_x, updated. gnutls_3_0_0-99-g6a0f768
Next by Date: [SCM] GNU gnutls branch, ecc, created. gnutls_2_99_1-37-ga8e8ba0
Previous by thread: [SCM] GNU gnutls branch, gnutls_3_0_x, updated. gnutls_3_0_0-99-g6a0f768
Next by thread: [SCM] GNU gnutls branch, ecc, created. gnutls_2_99_1-37-ga8e8ba0
Index(es):
- Date
- Thread