mutex locks which are setup by @acronym{GnuTLS}.
Applications can either call @funcref{gnutls_global_init} which will initialize the default
operating system provided locks (i.e. @code{pthreads} on GNU/Linux and
-@code{CriticalSection} on Windows), or specify manually the locking system using
+@code{CriticalSection} on Windows), or manually specify the locking system using
the function @funcref{gnutls_global_set_mutex} before calling @funcref{gnutls_global_init}.
-Setting manually mutexes is recommended
-only to applications that have full control of the underlying libraries. If this
+Setting mutexes manually is recommended
+only for applications that have full control of the underlying libraries. If this
is not the case, the use of the operating system defaults is recommended. An example of
non-native thread usage is shown below.
When using certificates the server is required to have at least one
certificate and private key pair. Clients may not hold such
-a pair, but a server could require it. On this section we discuss
+a pair, but a server could require it. In this section we discuss
general issues applying to both client and server certificates. The next
section will elaborate on issues arising from client authentication only.
@showfuncdesc{gnutls_error_is_fatal}
-In DTLS it is adviceable to use the extended receive
+In DTLS it is advisable to use the extended receive
function shown below, because it allows the extraction
of the sequence number. This is required in DTLS because
messages may arrive out of order.
from becoming long-term keys. Also note that as a client you must enable, using the
priority functions, at least the algorithms used in the last session.
-It is highly recommended clients to enable the session ticket extension using
+It is highly recommended for clients to enable the session ticket extension using
@funcref{gnutls_session_ticket_enable_client} in order to allow resumption with
servers that do not store any state.
@node Echo server with anonymous authentication
@subsection Echo server with anonymous authentication
-This example server support anonymous authentication, and could be
+This example server supports anonymous authentication, and could be
used to serve the example client for anonymous authentication.
@verbatiminclude examples/ex-serv-anon.c
The @funcintref{_foobar_send_params} function is responsible for
sending extension data (both in the client and server).
-If you receive length fields that doesn't match, return
+If you receive length fields that don't match, return
@code{GNUTLS_E_@-UNEXPECTED_@-PACKET_@-LENGTH}. If you receive invalid
data, return @code{GNUTLS_E_@-RECEIVED_@-ILLEGAL_@-PARAMETER}. You can use
other error codes from the list in @ref{Error codes}. Return 0 on success.
* View first: "The order of encryption and authentication for
* protecting communications" by Hugo Krawczyk - CRYPTO 2001
*
- * Make sure to updated MAX_CIPHER_BLOCK_SIZE and MAX_CIPHER_KEY_SIZE as well.
+ * Make sure to update MAX_CIPHER_BLOCK_SIZE and MAX_CIPHER_KEY_SIZE as well.
*/
static const gnutls_cipher_entry algorithms[] = {
{"AES-256-CBC", GNUTLS_CIPHER_AES_256_CBC, 16, 32, CIPHER_BLOCK, 16, 0, 0},
/**
* gnutls_cipher_get_id:
- * @name: is a MAC algorithm name
+ * @name: is a cipher algorithm name
*
* The names are compared in a case insensitive way.
*
*
* Get a list of supported protocols, e.g. SSL 3.0, TLS 1.0 etc.
*
- * This function is not threat safe.
+ * This function is not thread safe.
*
* Returns: a (0)-terminated list of #gnutls_protocol_t integers
* indicating the available protocols.
* Convert a #gnutls_sec_param_t value to a string.
*
* Returns: a pointer to a string that contains the name of the
- * specified public key algorithm, or %NULL.
+ * specified security level, or %NULL.
*
* Since: 2.12.0
**/
* sending the names of it would just consume bandwidth without providing
* information to client.
*
- * CA names are used by servers to advertize the CAs they support to
+ * CA names are used by servers to advertise the CAs they support to
* clients.
**/
void
#define MAX_PREAMBLE_SIZE 16
/* generates the authentication data (data to be hashed only
- * and are not to be send). Returns their size.
+ * and are not to be sent). Returns their size.
*/
static inline int
make_preamble (opaque * uint64_data, opaque type, int length,
* @session: is a #gnutls_session_t structure.
* @store_func: is the function
*
- * Sets the function that will be used to store data from the resumed
- * sessions database. This function must remove 0 on success.
+ * Sets the function that will be used to store data in the resumed
+ * sessions database. This function must return 0 on success.
*
* The first argument to @store_func will be null unless
* gnutls_db_set_ptr() has been called.
* @seconds: is the number of seconds.
*
* Set the expiration time for resumed sessions. The default is 3600
- * (one hour) at the time writing this.
+ * (one hour) at the time of this writing.
**/
void
gnutls_db_set_cache_expiration (gnutls_session_t session, int seconds)
* @session_entry: is the session data (not key)
*
* Check if database entry has expired. This function is to be used
- * when you want to clear unnesessary session which occupy space in
+ * when you want to clear unnecessary sessions which occupy space in
* your backend.
*
* Returns: Returns %GNUTLS_E_EXPIRED, if the database entry has
* @realloc_func: A realloc function
* @free_func: The function that frees allocated data. Must accept a NULL pointer.
*
- * This is the function were you set the memory allocation functions
+ * This is the function where you set the memory allocation functions
* gnutls is going to use. By default the libc's allocation functions
* (malloc(), free()), are used by gnutls, to allocate both sensitive
* and not sensitive data. This function is provided to set the
* Note that this function will also initialize the underlying crypto
* backend, if it has not been initialized before.
*
- * This function increment a global counter, so that
+ * This function increments a global counter, so that
* gnutls_global_deinit() only releases resources when it has been
* called as many times as gnutls_global_init(). This is useful when
* GnuTLS is used by more than one library in an application. This
*
* The non-fatal errors such as %GNUTLS_E_AGAIN and
* %GNUTLS_E_INTERRUPTED interrupt the handshake procedure, which
- * should be later be resumed. Call this function again, until it
+ * should be resumed later. Call this function again, until it
* returns 0; cf. gnutls_record_get_direction() and
* gnutls_error_is_fatal().
*
static const int kx_priority_secure[] = {
/* The ciphersuites that offer forward secrecy take
- * precendance
+ * precedence
*/
GNUTLS_KX_ECDHE_ECDSA,
GNUTLS_KX_ECDHE_RSA,
};
static const int comp_priority[] = {
- /* compression should be explicitely requested to be enabled */
+ /* compression should be explicitly requested to be enabled */
GNUTLS_COMP_NULL,
0
};
*
* If status is non zero, this function will order gnutls not to send
* the rdnSequence in the certificate request message. That is the
- * server will not advertize it's trusted CAs to the peer. If status
+ * server will not advertise its trusted CAs to the peer. If status
* is zero then the default behaviour will take effect, which is to
- * advertize the server's trusted CAs.
+ * advertise the server's trusted CAs.
*
* This function has no effect in clients, and in authentication
* methods other than certificate with X.509 certificates.
*/
/* This file contains certificate authentication functions to be exported in the
- * API and did not fit elsewhere.
+ * API which did not fit elsewhere.
*/
#include <gnutls_int.h>
* @session: is a #gnutls_session_t structure.
* @bits: is the number of bits
*
- * This function sets the number of bits, for use in an Diffie-Hellman
+ * This function sets the number of bits, for use in a Diffie-Hellman
* key exchange. This is used both in DH ephemeral and DH anonymous
* cipher suites. This will set the minimum size of the prime that
* will be used for the handshake.
* This function will return the bits of the prime used in the last
* Diffie-Hellman key exchange with the peer. Should be used for both
* anonymous and ephemeral Diffie-Hellman. Note that some ciphers,
- * like RSA and DSA without DHE, does not use a Diffie-Hellman key
+ * like RSA and DSA without DHE, do not use a Diffie-Hellman key
* exchange, and then this function will return 0.
*
* Returns: The Diffie-Hellman bit strength is returned, or 0 if no
&& (init || ((now - device_last_read) > DEVICE_READ_INTERVAL)))
{
- /* More than a minute since we last read the device */
+ /* More than 20 minutes since we last read the device */
uint8_t buf[DEVICE_READ_SIZE_MAX];
if (!CryptGenRandom (device_fd, (DWORD) read_size, buf))
if ((device_fd > 0)
&& (init || ((now - device_last_read) > DEVICE_READ_INTERVAL)))
{
- /* More than a minute since we last read the device */
+ /* More than 20 minutes since we last read the device */
uint8_t buf[DEVICE_READ_SIZE_MAX];
uint32_t done;
&& (init || ((now - device_last_read) > DEVICE_READ_INTERVAL)))
{
- /* More than a minute since we last read the device */
+ /* More than 20 minutes since we last read the device */
uint8_t buf[DEVICE_READ_SIZE_MAX];
uint32_t done;