const unsigned char *data, unsigned size)
@{
if (tls_id == 0) @{ /* server name */
- /* figure the advertized name - the following hack
+ /* figure the advertised name - the following hack
* relies on the fact that this extension only supports
* DNS names, and due to a protocol bug cannot be extended
* to support anything else. */
identity by presenting a new certificate. Unlike TLS 1.2, the server
is not allowed to change identities. That client re-authentication, or
post-handshake authentication can be initiated only by the server using
-@funcref{gnutls_reauth}, and only if a client has advertized support for it.
+@funcref{gnutls_reauth}, and only if a client has advertised support for it.
Both server and client have to explicitly enable support for post handshake
authentication using the @code{GNUTLS_POST_HANDSHAKE_AUTH} flag at @funcref{gnutls_init}.
is vulnerable to a man in the middle attack, but can be
used even if there is no prior communication or shared trusted parties
with the peer. It is useful to establish a session over which certificate
-authentication will occur in order to hide the indentities of the participants
+authentication will occur in order to hide the identities of the participants
from passive eavesdroppers. It is only available under TLS 1.2 or earlier
versions.
}
if (session->internals.hsk_flags & HSK_HAVE_FFDHE) {
- /* if the client has advertized FFDHE then it doesn't matter
+ /* if the client has advertised FFDHE then it doesn't matter
* whether we have server DH parameters. They are no good. */
gnutls_assert();
return 0;
}
/* Finds the appropriate certificate depending on the cA Distinguished name
- * advertized by the server. If none matches then returns 0 and -1 as index.
+ * advertised by the server. If none matches then returns 0 and -1 as index.
* In case of an error a negative error code, is returned.
*
* 20020128: added ability to select a certificate depending on the SIGN
}
/* We must set ptext_data after the above
- * grow/append opereations, otherwise it will point to an invalid pointer after realloc.
+ * grow/append operations, otherwise it will point to an invalid pointer after realloc.
*/
ptext_data = (uint8_t *)ptext.data + _tag_size;
ptext_size = ptext.length - _tag_size;
}
/* We must set ptext_data after the above
- * grow/append opereations, otherwise it will point to an invalid pointer after realloc.
+ * grow/append operations, otherwise it will point to an invalid pointer after realloc.
*/
ptext_data = ptext.data;
ptext_size = ptext.length;
}
/* We must set ctext_data after the above
- * grow/append opereations, otherwise it will point to an invalid pointer after realloc.
+ * grow/append operations, otherwise it will point to an invalid pointer after realloc.
*/
ctext_data = (uint8_t *)ctext.data + tag_size;
} else {
ctext.length += tag_size;
/* We must set ctext_data after the above
- * grow/append opereations, otherwise it will point to an invalid pointer after realloc.
+ * grow/append operations, otherwise it will point to an invalid pointer after realloc.
*/
ctext_data = ctext.data;
}
*auth_struct; /* used in handshake packets and KX algorithms */
/* this is the highest version available
- * to the peer. (advertized version).
+ * to the peer. (advertised version).
* This is obtained by the Handshake Client Hello
* message. (some implementations read the Record version)
*/
#define HSK_KEY_UPDATE_ASKED (1 << 7) /* flag is not used during handshake */
#define HSK_FALSE_START_USED (1 << 8) /* TLS1.2 only */
#define HSK_HAVE_FFDHE \
- (1 << 9) /* whether the peer has advertized at least an FFDHE group */
+ (1 << 9) /* whether the peer has advertised at least an FFDHE group */
#define HSK_USED_FFDHE \
(1 << 10) /* whether ffdhe was actually negotiated and used */
#define HSK_PSK_KE_MODES_SENT (1 << 11)
const version_entry_st *aversion = nversion_to_entry(major, minor);
/* if we do not support that version, unless that version is TLS 1.2;
- * TLS 1.2 is handled separately because it is always advertized under TLS 1.3 or later */
+ * TLS 1.2 is handled separately because it is always advertised under TLS 1.3 or later */
if (aversion == NULL ||
_gnutls_nversion_is_supported(session, major, minor) == 0) {
if (aversion && aversion->id == GNUTLS_TLS1_2) {
/* if we are replying to an HRR the version is already negotiated */
if (!(session->internals.hsk_flags & HSK_HRR_RECEIVED) ||
!get_version(session)) {
- /* Set the version we advertized as maximum
+ /* Set the version we advertised as maximum
* (RSA uses it). */
set_adv_version(session, hver->major, hver->minor);
if (_gnutls_set_current_version(session, hver->id) <
/* Checks if the extension @id provided has been requested
* by us (in client side).In server side it checks whether this
- * extension was advertized by the client.
+ * extension was advertised by the client.
*
* It returns non-zero for true, otherwise zero.
*/
* For example (ECDH + x25519). This is the default.
* @GNUTLS_KEY_SHARE_TOP: Generate key share for the first group which is enabled.
* For example x25519. This option is the most performant for client (less CPU spent
- * generating keys), but if the server doesn't support the advertized option it may
+ * generating keys), but if the server doesn't support the advertised option it may
* result to more roundtrips needed to discover the server's choice.
* @GNUTLS_NO_AUTO_REKEY: Disable auto-rekeying under TLS1.3. If this option is not specified
* gnutls will force a rekey after 2^24 records have been sent.
return 0;
}
-/* Here we check if the advertized version is the one we
+/* Here we check if the advertised version is the one we
* negotiated in the handshake.
*/
inline static int record_check_version(gnutls_session_t session,
if ((ret = check_recv_type(session, record->type)) < 0)
return gnutls_assert_val(ret);
- /* Here we check if the advertized version is the one we
+ /* Here we check if the advertised version is the one we
* negotiated in the handshake.
*/
if ((ret = record_check_version(session, htype, record->version)) < 0)
{
gnutls_pk_params_clear(&key->params);
gnutls_pk_params_release(&key->params);
- /* avoid re-use of fields which may have had some sensible value */
+ /* avoid reuse of fields which may have had some sensible value */
zeroize_key(&key->params, sizeof(key->params));
if (key->key)
if (vparams->max_path == 0) {
MARK_INVALID(GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE);
- /* bail immediately, to avoid inconistency */
+ /* bail immediately, to avoid inconsistency */
goto cleanup;
}
vparams->max_path--;
* PKIX - certificate chain - verification. To be run independently
* the %DANE_VFLAG_ONLY_CHECK_EE_USAGE flag should be specified;
* then the function will check whether the key of the peer matches the
- * key advertized in the DANE entry.
+ * key advertised in the DANE entry.
*
* Returns: a negative error code on error and %DANE_E_SUCCESS (0)
* when the DANE entries were successfully parsed, irrespective of
!(flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_DISTRUSTED)) {
gnutls_datum_t hex;
/* attempting to discover public keys matching this one,
- * and if yes, re-use their ID. We don't do it for CAs (trusted/distrusted
+ * and if yes, reuse their ID. We don't do it for CAs (trusted/distrusted
* or explicitly marked as such. */
/* try without login */
app_exit(1);
}
fprintf(stderr,
- "note: will re-use ID %s from corresponding public key\n",
+ "note: will reuse ID %s from corresponding public key\n",
hex.data);
gnutls_free(hex.data);
app_exit(1);
}
fprintf(stderr,
- "note: will re-use ID %s from corresponding private key\n",
+ "note: will reuse ID %s from corresponding private key\n",
hex.data);
gnutls_free(hex.data);
}
. ${srcdir}/../scripts/common.sh
-#check whether a different PKCS #1 signature than the advertized in certificate is tolerated
+#check whether a different PKCS #1 signature than the advertised in certificate is tolerated
${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/data/invalid-sig.pem"
rc=$?
}
if (memcmp(buf1, buf2, sizeof(buf1)) == 0) {
- fail("error in the random generator (%u). Produces same valus after fork()\n",
+ fail("error in the random generator (%u). Produces same values after fork()\n",
i);
return;
}
"xn--fiqu1az03c18t.xn--mxah1amo.com", NULL, NULL,
NULL); /* its IDNA equivalent */
- /* the raw DNS should result to verification failure as the advertized name should
+ /* the raw DNS should result to verification failure as the advertised name should
* not be considered and the first cert should be provided */
test_cli_serv_expect(x509_cred, clicred, "NORMAL", "NORMAL",
"raw:简体中文.εξτρα.com",
projects / thirdparty / gnutls.git / commitdiff
