[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, gnutls_3_0_x, updated. gnutls_3_0_0-99-g6a0f768
From: |
Nikos Mavrogiannopoulos |
Subject: |
[SCM] GNU gnutls branch, gnutls_3_0_x, updated. gnutls_3_0_0-99-g6a0f768 |
Date: |
Fri, 12 Aug 2011 15:53:10 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=6a0f768fa1faed834ce534295ebe5223532c3dc2
The branch, gnutls_3_0_x has been updated
via 6a0f768fa1faed834ce534295ebe5223532c3dc2 (commit)
via 466b56cc3416ef366bbf043db7c090bd17b77e34 (commit)
via e617a9abfd122d6b8b4eefcbded2b99d25c72868 (commit)
via 317f8a832b1d685e7a785ced7f9741278084e243 (commit)
via 4c722d46b244f8786c9701b042dd6bb0f8a49d8c (commit)
via 4a91ff90f4ebf44219b228ea11bbddf52eb4b002 (commit)
via c47a98e03d9d5d25958b3304d8ebc0cc0d9a7c8b (commit)
via 0b0a2de3c84c51136d8f114284d7279dd4087538 (commit)
via c5444982b322a1917b477a2053845bc9fab970ad (commit)
via c67dcd8b833b63f26d1a34b7205d2758e0758542 (commit)
via 6e59b2e7e4704d2086f44fa35501ecd704774046 (commit)
via 479a89f3aa8f699407f59e901af7c425858d8728 (commit)
via 00dd846d5954a6a923254d2df4148d8e8d1eb30e (commit)
via 35a691adec3e65bd734ced3711bf654a86966185 (commit)
via 89ed3802465f4212402f4c95a5e336791741adf8 (commit)
via d21285196611811120ff1ba41e64f716f244f3d8 (commit)
via 641115f7ebcb29b1ff6ebd0aa5de13b94684c13b (commit)
via f2dd1a574c79b5d2c378ce632d7469abaff9683e (commit)
via e4349502a4e7122469720944344aeded87a35dd8 (commit)
via 18dc39549f3d7a52c42595acb1d872947d472ed3 (commit)
via cb2161afd4aad9dcbaf8db8a97e489faef277cab (commit)
via 1a4ab65aa3870fc037e332e2fdd2a5d31aae711c (commit)
via 449101db1991ab5e7fdbfcb20fa8ff9e78d7f66e (commit)
via c04eec439adc54a476ecf5d3d56878b929aa6f9e (commit)
via 3c642c598327c3538fe5f902f65fab8c375f54d9 (commit)
via 892498cd2c25e3cc7b20d6723affaf9734bc0b60 (commit)
via 99c30761cd072643d7b589eb14d6c1cfd00c696f (commit)
via 16214580b35ac3348f1afda0f58b2f1350c040ef (commit)
via 6b98dddd3c03340d2a35690516f6f315eeaa0afd (commit)
via 1dcfbfecc29c0ade2145a96550ea9a7cf08d6c45 (commit)
via 4031dd45a48058419aba97a4d153e3f01bafd5e3 (commit)
via ae034fc1be82210f28a33a02a0e02a902969c6ae (commit)
via f9f6655af3521dde83f2fa84c85b7e245ecb4356 (commit)
via ae155d81b9b0282e1fe2fdfc18f3bfa3ec6a5074 (commit)
via 5ca16d756ababb14e31d09ac4f1c1514de2ff5b9 (commit)
via 05dac5357d4069b458d820a1af716d2ef08c73d2 (commit)
via bc4910722e2957d7ad8400a8bfe347a00411cf7b (commit)
via 71a81fe65148b540f36ad0c48cfb774873e1bf92 (commit)
via 96c2db887d486e8cf27e6769257d7d53f00f1c25 (commit)
via cb4407d2c74562724a3922955271c07c944e9acb (commit)
via f7545b3beb54c33f38b457d2e03c970777f235ba (commit)
via fd2e6e3f249056c8caa00b109971727cd40e03a7 (commit)
via 1e99a8efa7cc494e1f7b098183346bbe78716663 (commit)
via bb3071944a5cb27b72e19168d7c7630dcc9d3eb9 (commit)
via d5c4facbf60e704ac574cfb1378fdc3b43b2977b (commit)
via a7ece2ae178bb0c168d7e1537df06e7743ae134f (commit)
via 717118b68a2518caec8f363bc694a3679b0a98c6 (commit)
via 3c04faca8fb6fa505b24af190903886371fbeafa (commit)
via 6ab4070464285f651526000afacdc81f352cbcce (commit)
via 85986c82ec5edf498196476bcf671a36cf4ed091 (commit)
via c86c2f88be5644ec8c82d23138fd23bc20184842 (commit)
via 199ef70e8d1fb87f3547f2cdb0edd20f68d4febd (commit)
from 8950117e8410fe615753de5939d6258e9662b68e (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 6a0f768fa1faed834ce534295ebe5223532c3dc2
Merge: 8950117 466b56c
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Aug 12 17:51:56 2011 +0200
Merge branch 'master' into gnutls_3_0_x
-----------------------------------------------------------------------
Summary of changes:
doc/cha-gtls-app.texi | 20 +++++++++-----------
doc/cha-programs.texi | 20 ++++++++++----------
doc/cha-support.texi | 7 +++----
doc/cha-tls-app.texi | 12 ++++++------
doc/manpages/gnutls-cli.1 | 8 ++++----
5 files changed, 32 insertions(+), 35 deletions(-)
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi
index 2b250b2..b684085 100644
--- a/doc/cha-gtls-app.texi
+++ b/doc/cha-gtls-app.texi
@@ -672,13 +672,13 @@ In user authentication protocols (e.g., EAP or SASL
mechanisms) it is
useful to have a unique string that identifies the secure channel that
is used, to bind together the user authentication with the secure
channel. This can protect against man-in-the-middle attacks in some
-situations. The unique strings is a ``channel bindings''. For
-background and more discussion see @xcite{RFC5056}.
+situations. That unique string is called a ``channel binding''. For
+background and discussion see @xcite{RFC5056}.
-You can extract a channel bindings using the
+In @acronym{GnuTLS} you can extract a channel binding using the
@funcref{gnutls_session_channel_binding} function. Currently only the
address@hidden type is supported, which corresponds to
-the @code{tls-unique} channel bindings for TLS defined in
+type @code{GNUTLS_CB_TLS_UNIQUE} is supported, which corresponds to
+the @code{tls-unique} channel binding for TLS defined in
@xcite{RFC5929}.
The following example describes how to print the channel binding data.
@@ -711,17 +711,15 @@ Note that it must be run after a successful TLS handshake.
@cindex OpenSSL
To ease @acronym{GnuTLS}' integration with existing applications, a
-compatibility layer with the widely used OpenSSL library is included
+compatibility layer with the OpenSSL library is included
in the @code{gnutls-openssl} library. This compatibility layer is not
complete and it is not intended to completely re-implement the OpenSSL
API with @acronym{GnuTLS}. It only provides limited source-level
-compatibility. There is currently no attempt to make it
-binary-compatible with OpenSSL.
+compatibility.
The prototypes for the compatibility functions are in the
address@hidden/openssl.h} header file.
-
-Current limitations imposed by the compatibility layer include:
address@hidden/openssl.h} header file. The limitations
+imposed by the compatibility layer include:
@itemize
diff --git a/doc/cha-programs.texi b/doc/cha-programs.texi
index 46dfe10..b0d46cf 100644
--- a/doc/cha-programs.texi
+++ b/doc/cha-programs.texi
@@ -411,15 +411,6 @@ Usage: gnutls-cli [options] hostname
-v, --version prints the program's version number
@end example
-To connect to a server using PSK authentication, you may use something
-like:
-
address@hidden
-$ gnutls-cli -p 5556 test.gnutls.org --pskusername jas \
- --pskkey 9e32cf7786321a828ef7668f09fb35db \
- --priority NORMAL:-KX-ALL:+ECDHE-PSK:DHE-PSK:+PSK
address@hidden smallexample
-
@menu
* Example client PSK connection::
@end menu
@@ -428,6 +419,15 @@ $ gnutls-cli -p 5556 test.gnutls.org --pskusername jas \
@subsection Example client PSK connection
@cindex PSK client
+To connect to a server using PSK authentication, you may use something
+like:
+
address@hidden
+$ gnutls-cli -p 5556 test.gnutls.org --pskusername jas \
+ --pskkey 9e32cf7786321a828ef7668f09fb35db \
+ --priority NORMAL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK
address@hidden smallexample
+
If your server only supports the PSK ciphersuite, connecting to it
should be as simple as connecting to the server:
@@ -482,7 +482,7 @@ This program was created to assist in debugging
@acronym{GnuTLS}, but
it might be useful to extract a @acronym{TLS} server's capabilities.
It's purpose is to connect onto a @acronym{TLS} server, perform some
tests and print the server's capabilities. If called with the `-v'
-parameter a more checks will be performed. An example output is:
+parameter more checks will be performed. An example output is:
@example
crystal:/cvs/gnutls/src$ ./gnutls-cli-debug localhost -p 5556
diff --git a/doc/cha-support.texi b/doc/cha-support.texi
index 604f85f..835482f 100644
--- a/doc/cha-support.texi
+++ b/doc/cha-support.texi
@@ -56,7 +56,7 @@ E-mail: address@hidden
@end verbatim
If your company provides support related to GnuTLS and would like to
-be mentioned here, contact the authors using the address at @ref{Bug Reports}.
+be mentioned here, contact the authors.
@node Downloading and Installing
@section Downloading and Installing
@@ -155,7 +155,7 @@ Send your bug report to:
@cindex Contributing
@cindex Hacking
-If you want to submit a patch for inclusion -- from solve a typo you
+If you want to submit a patch for inclusion -- from solving a typo you
discovered, up to adding support for a new feature -- you should
submit it as a bug report, using the process in @ref{Bug Reports}. There are
some
things that you can do to increase the chances for it to be included
@@ -168,8 +168,7 @@ already signed papers, we will send you the necessary
information when
you submit your contribution.
For contributions that doesn't consist of actual programming code, the
-only guidelines are common sense. Use it.
-
+only guidelines are common sense.
For code contributions, a number of style guides will help you:
@itemize @bullet
diff --git a/doc/cha-tls-app.texi b/doc/cha-tls-app.texi
index 9344522..b8e83ed 100644
--- a/doc/cha-tls-app.texi
+++ b/doc/cha-tls-app.texi
@@ -43,12 +43,13 @@ soon obsoleted.
Other application address@hidden LDAP, IMAP etc.} use a
different approach to enable the secure layer. They use something
-called the ``TLS upgrade'' method. This method is quite tricky but it
+often called as the ``TLS upgrade'' method. This method is quite tricky but it
is more flexible. The idea is to extend the application protocol to
have a ``STARTTLS'' request, whose purpose it to start the TLS
protocols just after the client requests it. This approach
-does not require an extra port and is used by almost all modern protocols.
-There is even an extension to HTTP protocol to support that method
@xcite{RFC2817}.
+does not require any extra port to be reserved.
+There is even an extension to HTTP protocol to support
+that method @xcite{RFC2817}.
The tricky part, in this method, is that the ``STARTTLS'' request is
sent in the clear, thus is vulnerable to modifications. A typical
@@ -94,7 +95,7 @@ CLIENT: HERE ARE SOME CONFIDENTIAL DATA
As you can see above the client was fooled, and was dummy enough to
send the confidential data in the clear.
-How to avoid the above attack? As you may have already thought this
+How to avoid the above attack? As you may have already noticed this
one is easy to avoid. The client has to ask the user before it
connects whether the user requests @acronym{TLS} or not. If the user
answered that he certainly wants the secure layer the last
@@ -123,5 +124,4 @@ traditional method, and the security properties remain the
same, since
only denial of service is possible. The benefit is that the server may
request additional data before the @acronym{TLS} Handshake protocol
starts, in order to send the correct certificate, use the correct
-password address@hidden @acronym{SRP} authentication}, or anything
-else!
+password file, or anything else!
diff --git a/doc/manpages/gnutls-cli.1 b/doc/manpages/gnutls-cli.1
index 0b170ec..8a42a5c 100644
--- a/doc/manpages/gnutls-cli.1
+++ b/doc/manpages/gnutls-cli.1
@@ -123,14 +123,14 @@ SRP password to use.
.IP "\-\-srpusername \fINAME\fR"
SRP username to use.
.IP "\-\-x509cafile \fIFILE\fR"
-Certificate file to use. This option accepts PKCS \#11 URLs such as
-pkcs11:token=Root%20CA%20Certificates;serial=1%3AROOTS%3ADEFAULT;model=1%2E0;manufacturer=Gnome%20Keyring
+Certificate file to use. This option accepts PKCS #11 URLs such as
+"pkcs11:token=xxx"
.IP "\-\-x509certfile \fIFILE\fR"
-X.509 Certificate file to use, or a PKCS \#11 URL.
+X.509 Certificate file to use, or a PKCS #11 URL.
.IP "\-\-x509fmtder"
Use DER format for certificates
.IP "\-\-x509keyfile \fIFILE\fR"
-X.509 key file or PKCS \#11 URL to use.
+X.509 key file or PKCS #11 URL to use.
.IP "\-\-x509crlfile \fIFILE\fR"
X.509 CRL file to use.
.IP "\-\-pskusername \fINAME\fR"
hooks/post-receive
--
GNU gnutls
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, gnutls_3_0_x, updated. gnutls_3_0_0-99-g6a0f768,
Nikos Mavrogiannopoulos <=