** gnutls-cli: added the --ocsp option which will verify
the peer's certificate with OCSP.
-** gnutls-cli: added the --tofu and if specified, gnutls-cli
+** gnutls-cli: added the --tofu option and if specified, gnutls-cli
will use an ssh-style authentication method.
** gnutls-cli: if no --x509cafile is provided a default is
- Texlive & epsf <http://www.tug.org/texlive/> (for PDF manual)
- CVS <http://www.gnu.org/software/cvs/> (for gettext autopoint)
- GTK-DOC <http://www.gtk.org/gtk-doc/> (for API manual)
-- Git <http://git.or.cz/>
+- Git <http://git-scm.com/>
- Perl <http://www.cpan.org/>
- Valgrind <http://valgrind.org/> (optional)
+- Nettle <http://www.lysator.liu.se/~nisse/nettle/>
- Guile <http://www.gnu.org/software/guile/>
- p11-kit <http://p11-glue.freedesktop.org/p11-kit.html>
- libtasn1 <http://josefsson.org/libtasn1/> (optional)
@item Weak message integrity for export ciphers.
The cryptographic keys in @acronym{SSLv2} are used for both message
authentication and encryption, so if weak encryption schemes are
-negotiated (say 40-bit keys) the message authentication code use the
+negotiated (say 40-bit keys) the message authentication code uses the
same weak key, which isn't necessary.
@end itemize
-The AES-NI and Padlock implementation by Andy Polyakov are not part of the
-GnuTLS library, but is used with GnuTLS. Their license is included in
+The AES-NI and Padlock implementations by Andy Polyakov are not part of the
+GnuTLS library, but are used with GnuTLS. Their license is included in
license.txt.
/* This file contains common stuff in Ephemeral Diffie-Hellman (DHE)
* and Anonymous DH key exchange(DHA). These are used in the handshake
- * procedure of the certificate and anoymous authentication.
+ * procedure of the certificate and anonymous authentication.
*/
#include "gnutls_int.h"
_gnutls_gen_cert_server_crt,
_gnutls_gen_cert_client_crt,
gen_dhe_server_kx,
- _gnutls_gen_ecdh_common_client_kx, /* This is the only different */
+ _gnutls_gen_ecdh_common_client_kx, /* This is the only difference */
_gnutls_gen_cert_client_crt_vrfy,
_gnutls_gen_cert_server_cert_req,
_gnutls_gen_cert_server_crt,
_gnutls_gen_cert_client_crt,
gen_dhe_server_kx,
- _gnutls_gen_ecdh_common_client_kx, /* This is the only different */
+ _gnutls_gen_ecdh_common_client_kx, /* This is the only difference */
_gnutls_gen_cert_client_crt_vrfy,
_gnutls_gen_cert_server_cert_req,
}
/* Check if N is a prime and G a generator of the
- * group. This is check only done if N is big enough.
+ * group. This check is only done if N is big enough.
* Otherwise only the included parameters must be used.
*/
static int
#ifdef ENABLE_SRP
-/* this a modified base64 for srp !!!
- * It seems that everybody makes an own base64 conversion.
+/* this is a modified base64 for srp !!!
+ * It seems that everybody makes their own base64 conversion.
*/
static const uint8_t b64table[] =
"0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./";
* Apply the TLS Pseudo-Random-Function (PRF) on the master secret
* and the provided data.
*
- * The @label variable usually contain a string denoting the purpose
- * for the generated data. The @seed usually contain data such as the
+ * The @label variable usually contains a string denoting the purpose
+ * for the generated data. The @seed usually contains data such as the
* client and server random, perhaps together with some additional
* data that is added to guarantee uniqueness of the output for a
* particular purpose.
*
* Because the output is not guaranteed to be unique for a particular
- * session unless @seed include the client random and server random
+ * session unless @seed includes the client random and server random
* fields (the PRF would output the same data on another connection
* resumed from the first one), it is not recommended to use this
- * function directly. The gnutls_prf() function seed the PRF with the
+ * function directly. The gnutls_prf() function seeds the PRF with the
* client and server random fields directly, and is recommended if you
* want to generate pseudo random data unique for each session.
*
* Apply the TLS Pseudo-Random-Function (PRF) on the master secret
* and the provided data, seeded with the client and server random fields.
*
- * The @label variable usually contain a string denoting the purpose
- * for the generated data. The @server_random_first indicate whether
+ * The @label variable usually contains a string denoting the purpose
+ * for the generated data. The @server_random_first indicates whether
* the client random field or the server random field should be first
- * in the seed. Non-0 indicate that the server random field is first,
+ * in the seed. Non-0 indicates that the server random field is first,
* 0 that the client random field is first.
*
* The @extra variable can be used to add more data to the seed, after
- * the random variables. It can be used to tie make sure the
+ * the random variables. It can be used to make sure the
* generated output is strongly connected to some additional data
* (e.g., a string used in user authentication).
*
* @ptr: is the user pointer
*
* This function will set (associate) the user given pointer @ptr to
- * the session structure. This is pointer can be accessed with
+ * the session structure. This pointer can be accessed with
* gnutls_session_get_ptr().
**/
void
* @client: the client part of the random
* @server: the server part of the random
*
- * This functions returns pointers to the client and server
+ * This function returns pointers to the client and server
* random fields used in the TLS handshake. The pointers are
* not to be modified or deallocated.
*
_gnutls_debug_log ("Found prime q of %u bits. Looking for generator...\n",
*q_bits);
- /* finally a prime! Let calculate generator
+ /* finally a prime! Let's calculate generator
*/
/* c = r^((p-1)/q), r == random