From: Nikos Mavrogiannopoulos Date: Wed, 23 Jan 2013 21:12:21 +0000 (+0100) Subject: doc updates X-Git-Tag: gnutls_3_1_7~82 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2ecb0f5b18db456d8ff271d54b783ee0ed1d89ef;p=thirdparty%2Fgnutls.git doc updates --- diff --git a/NEWS b/NEWS index 3a12ec9558..15ad84a9bd 100644 --- a/NEWS +++ b/NEWS @@ -35,6 +35,10 @@ gnutls_x509_crt_set_dn: Added gnutls_x509_crt_set_issuer_dn: Added gnutls_x509_crq_set_dn: Added dane_state_set_dlv_file: Added +gnutls_record_send_range: Added +gnutls_record_set_max_empty_records: Added +gnutls_range_send_message: Added +gnutls_record_can_use_length_hiding: Added * Version 3.1.6 (released 2013-01-02) diff --git a/doc/invoke-gnutls-cli.texi b/doc/invoke-gnutls-cli.texi index 44a1ef3def..560726f27e 100644 --- a/doc/invoke-gnutls-cli.texi +++ b/doc/invoke-gnutls-cli.texi @@ -6,7 +6,7 @@ # # DO NOT EDIT THIS FILE (invoke-gnutls-cli.texi) # -# It has been AutoGen-ed January 22, 2013 at 05:28:22 PM by AutoGen 5.15 +# It has been AutoGen-ed January 23, 2013 at 09:08:13 PM by AutoGen 5.16 # From the definitions ../src/cli-args.def # and the template file agtexi-cmd.tpl @end ignore @@ -21,9 +21,16 @@ This software is released under the GNU General Public License, version 3 or lat @anchor{gnutls-cli usage} -@subheading gnutls-cli usage (-h) +@subheading gnutls-cli help/usage (-h) +@cindex gnutls-cli help -This is the automatically generated usage text for gnutls-cli: +This is the automatically generated usage text for gnutls-cli. +The text printed is the same whether for the @code{help} option (-h) or the @code{more-help} option (-!). @code{more-help} will print +the usage text by passing it through a pager program. +@code{more-help} is disabled on platforms without a working +@code{fork(2)} function. The @code{PAGER} environment variable is +used to select the program, defaulting to @file{more}. Both will exit +with a status code of 0. @exampleindent 0 @example @@ -84,7 +91,7 @@ USAGE: gnutls-cli [ - [] | --[@{=| @}] ]... [hostname] --pskkey=str PSK key (in hex) to use -p, --port=str The port or service to connect to --insecure Don't abort program if server certificate can't be validated - --ranges When possible, use length-hiding padding to prevent traffic analysis + --ranges Use length-hiding padding to prevent traffic analysis --benchmark-ciphers Benchmark individual ciphers --benchmark-soft-ciphers Benchmark individual software ciphers (no hw acceleration) --benchmark-tls-kx Benchmark TLS key exchange methods @@ -100,57 +107,25 @@ Operands and options may be intermixed. They will be reordered. -Simple client program to set up a TLS connection to some other computer. -It sets up a TLS connection and forwards data from the standard input to -the secured socket and vice versa. +Simple client program to set up a TLS connection to some other computer. It +sets up a TLS connection and forwards data from the standard input to the +secured socket and vice versa. please send bug reports to: bug-gnutls@@gnu.org @end example @exampleindent 4 -@anchor{gnutls-cli benchmark-ciphers} -@subheading benchmark-ciphers option - -This is the ``benchmark individual ciphers'' option. - - -@anchor{gnutls-cli benchmark-soft-ciphers} -@subheading benchmark-soft-ciphers option - -This is the ``benchmark individual software ciphers (no hw acceleration)'' option. - - -@anchor{gnutls-cli benchmark-tls-ciphers} -@subheading benchmark-tls-ciphers option - -This is the ``benchmark tls ciphers'' option. - - -@anchor{gnutls-cli benchmark-tls-kx} -@subheading benchmark-tls-kx option - -This is the ``benchmark tls key exchange methods'' option. - - -@anchor{gnutls-cli ca-verification} -@subheading ca-verification option - -This is the ``disable ca certificate verification'' option. - -This option has some usage constraints. It: -@itemize @bullet -@item -is enabled by default. -@end itemize - -This option will disable CA certificate verification. It is to be used with the --dane or --tofu options. - -@anchor{gnutls-cli crlf} -@subheading crlf option - -This is the ``send cr lf instead of lf'' option. +@anchor{gnutls-cli debug} +@subheading debug option (-d) +This is the ``enable debugging.'' option. +This option takes an argument number. +Specifies the debug level. +@anchor{gnutls-cli tofu} +@subheading tofu option +This is the ``enable trust on first use authentication'' option. +This option will, in addition to certificate authentication, perform authentication based on previously seen public keys, a model similar to SSH authentication. @anchor{gnutls-cli dane} @subheading dane option @@ -158,256 +133,93 @@ This is the ``enable dane certificate verification (dnssec)'' option. This option will, in addition to certificate authentication using the trusted CAs, verify the server certificates using on the DANE information available via DNSSEC. - -@anchor{gnutls-cli debug} -@subheading debug option (-d) - -This is the ``enable debugging.'' option. -Specifies the debug level. - -@anchor{gnutls-cli dh-bits} -@subheading dh-bits option - -This is the ``the minimum number of bits allowed for dh'' option. -This option sets the minimum number of bits allowed for a Diffie-Hellman key exchange. You may want to lower the default value if the peer sends a weak prime and you get an connection error with unacceptable prime. - -@anchor{gnutls-cli disable-extensions} -@subheading disable-extensions option - -This is the ``disable all the tls extensions'' option. -This option disables all TLS extensions. Deprecated option. Use the priority string. - -@anchor{gnutls-cli fingerprint} -@subheading fingerprint option (-f) - -This is the ``send the openpgp fingerprint, instead of the key'' option. - - -@anchor{gnutls-cli heartbeat} -@subheading heartbeat option (-b) - -This is the ``activate heartbeat support'' option. - - -@anchor{gnutls-cli insecure} -@subheading insecure option - -This is the ``don't abort program if server certificate can't be validated'' option. - - -@anchor{gnutls-cli list} -@subheading list option (-l) - -This is the ``print a list of the supported algorithms and modes'' option. -Print a list of the supported algorithms and modes. If a priority string is given then only the enabled ciphersuites are shown. - @anchor{gnutls-cli local-dns} @subheading local-dns option This is the ``use the local dns server for dnssec resolving.'' option. This option will use the local DNS server for DNSSEC. This is disabled by default due to many servers not allowing DNSSEC. +@anchor{gnutls-cli ca-verification} +@subheading ca-verification option -@anchor{gnutls-cli mtu} -@subheading mtu option - -This is the ``set mtu for datagram tls'' option. - - -@anchor{gnutls-cli noticket} -@subheading noticket option - -This is the ``don't accept session tickets'' option. +This is the ``disable ca certificate verification'' option. +@noindent +This option has some usage constraints. It: +@itemize @bullet +@item +is enabled by default. +@end itemize +This option will disable CA certificate verification. It is to be used with the --dane or --tofu options. @anchor{gnutls-cli ocsp} @subheading ocsp option This is the ``enable ocsp certificate verification'' option. This option will enable verification of the peer's certificate using ocsp +@anchor{gnutls-cli resume} +@subheading resume option (-r) -@anchor{gnutls-cli pgpcertfile} -@subheading pgpcertfile option - -This is the ``pgp public key (certificate) file to use'' option. - - -@anchor{gnutls-cli pgpkeyfile} -@subheading pgpkeyfile option - -This is the ``pgp key file to use'' option. - - -@anchor{gnutls-cli pgpkeyring} -@subheading pgpkeyring option - -This is the ``pgp key ring file to use'' option. - - -@anchor{gnutls-cli pgpsubkey} -@subheading pgpsubkey option - -This is the ``pgp subkey to use (hex or auto)'' option. - - -@anchor{gnutls-cli port} -@subheading port option (-p) - -This is the ``the port or service to connect to'' option. - +This is the ``establish a session and resume'' option. +Connect, establish a session, reconnect and resume. +@anchor{gnutls-cli rehandshake} +@subheading rehandshake option (-e) -@anchor{gnutls-cli print-cert} -@subheading print-cert option +This is the ``establish a session and rehandshake'' option. +Connect, establish a session and rehandshake immediately. +@anchor{gnutls-cli starttls} +@subheading starttls option (-s) -This is the ``print peer's certificate in pem format'' option. +This is the ``connect, establish a plain session and start tls.'' option. +The TLS session will be initiated when EOF or a SIGALRM is received. +@anchor{gnutls-cli disable-extensions} +@subheading disable-extensions option +This is the ``disable all the tls extensions'' option. +This option disables all TLS extensions. Deprecated option. Use the priority string. +@anchor{gnutls-cli dh-bits} +@subheading dh-bits option +This is the ``the minimum number of bits allowed for dh'' option. +This option takes an argument number. +This option sets the minimum number of bits allowed for a Diffie-Hellman key exchange. You may want to lower the default value if the peer sends a weak prime and you get an connection error with unacceptable prime. @anchor{gnutls-cli priority} @subheading priority option This is the ``priorities string'' option. +This option takes an argument string. TLS algorithms and protocols to enable. You can use predefined sets of ciphersuites such as PERFORMANCE, NORMAL, SECURE128, SECURE256. Check the GnuTLS manual on section ``Priority strings'' for more information on allowed keywords - -@anchor{gnutls-cli pskkey} -@subheading pskkey option - -This is the ``psk key (in hex) to use'' option. - - -@anchor{gnutls-cli pskusername} -@subheading pskusername option - -This is the ``psk username to use'' option. - - @anchor{gnutls-cli ranges} @subheading ranges option -This is the ``when possible, use length-hiding padding to prevent traffic analysis'' option. - - -@anchor{gnutls-cli recordsize} -@subheading recordsize option - -This is the ``the maximum record size to advertize'' option. - - -@anchor{gnutls-cli rehandshake} -@subheading rehandshake option (-e) - -This is the ``establish a session and rehandshake'' option. -Connect, establish a session and rehandshake immediately. - -@anchor{gnutls-cli resume} -@subheading resume option (-r) - -This is the ``establish a session and resume'' option. -Connect, establish a session, reconnect and resume. - -@anchor{gnutls-cli srppasswd} -@subheading srppasswd option - -This is the ``srp password to use'' option. - - -@anchor{gnutls-cli srpusername} -@subheading srpusername option - -This is the ``srp username to use'' option. - - -@anchor{gnutls-cli srtp-profiles} -@subheading srtp-profiles option - -This is the ``offer srtp profiles'' option. - - -@anchor{gnutls-cli starttls} -@subheading starttls option (-s) - -This is the ``connect, establish a plain session and start tls.'' option. -The TLS session will be initiated when EOF or a SIGALRM is received. - -@anchor{gnutls-cli tofu} -@subheading tofu option - -This is the ``enable trust on first use authentication'' option. -This option will, in addition to certificate authentication, perform authentication based on previously seen public keys, a model similar to SSH authentication. - -@anchor{gnutls-cli udp} -@subheading udp option (-u) - -This is the ``use dtls (datagram tls) over udp'' option. - - -@anchor{gnutls-cli verbose} -@subheading verbose option (-V) - -This is the ``more verbose output'' option. - -This option has some usage constraints. It: -@itemize @bullet -@item -may appear an unlimited number of times. -@end itemize - - - -@anchor{gnutls-cli x509cafile} -@subheading x509cafile option - -This is the ``certificate file or pkcs #11 url to use'' option. - - -@anchor{gnutls-cli x509certfile} -@subheading x509certfile option - -This is the ``x.509 certificate file or pkcs #11 url to use'' option. - - -@anchor{gnutls-cli x509crlfile} -@subheading x509crlfile option - -This is the ``crl file to use'' option. - - -@anchor{gnutls-cli x509fmtder} -@subheading x509fmtder option - -This is the ``use der format for certificates to read from'' option. - - -@anchor{gnutls-cli x509keyfile} -@subheading x509keyfile option - -This is the ``x.509 key file or pkcs #11 url to use'' option. +This is the ``use length-hiding padding to prevent traffic analysis'' option. +When possible (e.g., when %NEW_PADDING is specified), use length-hiding padding to prevent traffic analysis. +@anchor{gnutls-cli list} +@subheading list option (-l) +This is the ``print a list of the supported algorithms and modes'' option. +Print a list of the supported algorithms and modes. If a priority string is given then only the enabled ciphersuites are shown. @anchor{gnutls-cli exit status} @subheading gnutls-cli exit status One of the following exit values will be returned: @table @samp -@item 0 +@item 0 (EXIT_SUCCESS) Successful program execution. -@item 1 +@item 1 (EXIT_FAILURE) The operation failed or the command syntax was not valid. @end table - - @anchor{gnutls-cli See Also} @subheading gnutls-cli See Also - gnutls-cli-debug(1), gnutls-serv(1) - @anchor{gnutls-cli Examples} @subheading gnutls-cli Examples - @subheading Connecting using PSK authentication To connect to a server using PSK authentication, you need to enable the choice of PSK by using a cipher priority parameter such as in the example below. @example