GnuTLS implements the TLS/SSL (Transport Layer Security aka Secure
Sockets Layer) protocol. GnuTLS is a GNU project. Additional
-information can be found at <http://www.gnutls.org/>.
+information can be found at <https://www.gnutls.org/>.
README
sources but do not necessarily develop. If you are interested
in developing and contributing to the GnuTLS project, please
see README-alpha and visit
-http://www.gnutls.org/manual/html_node/Contributing.html.
+https://www.gnutls.org/manual/html_node/Contributing.html.
COMPILATION
and gnutls-cli.
The library depends on libnettle and gmplib.
-* gmplib: for big number arithmetic, http://gmplib.org/
-* nettle: for cryptographic algorithms, http://www.lysator.liu.se/~nisse/nettle/
+* gmplib: for big number arithmetic, https://gmplib.org/
+* nettle: for cryptographic algorithms, https://www.lysator.liu.se/~nisse/nettle/
Optionally it may use the following libraries:
* libtasn1: For ASN.1 parsing (a copy is included, if not found), https://www.gnu.org/software/libtasn1/
-* p11-kit: for smart card support, http://p11-glue.freedesktop.org/p11-kit.html
-* libtspi: for Trusted Platform Module (TPM) support, http://trousers.sourceforge.net/
-* libunbound: For DNSSEC/DANE support, http://unbound.net/
-* libz: For compression support, http://www.zlib.net/
+* p11-kit: for smart card support, https://p11-glue.freedesktop.org/p11-kit.html
+* libtspi: for Trusted Platform Module (TPM) support, https://trousers.sourceforge.net/
+* libunbound: For DNSSEC/DANE support, https://unbound.net/
+* libz: For compression support, https://www.zlib.net/
* libidn: For supporting internationalized DNS names (IDNA 2003), https://www.gnu.org/software/libidn/
* libidn2: For supporting internationalized DNS names (IDNA 2008), https://www.gnu.org/software/libidn/#libidn2
=============
See the documentation in doc/ and online at
-http://www.gnutls.org/manual.
+https://www.gnutls.org/manual.
EXAMPLES
========
See the examples in doc/examples/ and online at 'How To Use GnuTLS in
-Applications' at http://www.gnutls.org/manual.
+Applications' at https://www.gnutls.org/manual.
SECURITY ADVISORIES
incidents and vulnerabilities. Open information exchange, including
information which is [sometimes] suppressed in non-open or non-free
projects, is one of the goals of the GnuTLS project. Please visit
-http://www.gnutls.org/security.html.
+https://www.gnutls.org/security.html.
MAILING LISTS
=============
The GnuTLS project maintains mailing lists for users, developers, and
-commits. Please see http://www.gnutls.org/lists.html.
+commits. Please see https://www.gnutls.org/lists.html.
LICENSING
git format-patch
```
-For more information on use of Git, visit http://git-scm.com/
+For more information on use of Git, visit https://git-scm.com/
----------------------------------------------------------------------
Copying and distribution of this file, with or without modification,
GnuTLS implements the TLS/SSL (Transport Layer Security aka Secure
Sockets Layer) protocol. Additional information can be found at
-[www.gnutls.org](http://www.gnutls.org/).
+[www.gnutls.org](https://www.gnutls.org/).
This file contains instructions for developers and advanced users that
want to build from version controlled sources. See [INSTALL.md](INSTALL.md)
* [Texinfo](https://www.gnu.org/software/texinfo/)
* [Tar](https://www.gnu.org/software/tar/)
* [Gzip](https://www.gnu.org/software/gzip/)
-* [Texlive & epsf](http://www.tug.org/texlive/) (for PDF manual)
-* [GTK-DOC](http://www.gtk.org/gtk-doc/) (for API manual)
-* [Git](http://git-scm.com/)
-* [Perl](http://www.cpan.org/)
-* [Nettle](http://www.lysator.liu.se/~nisse/nettle/)
+* [Texlive & epsf](https://www.tug.org/texlive/) (for PDF manual)
+* [GTK-DOC](https://www.gtk.org/gtk-doc/) (for API manual)
+* [Git](https://git-scm.com/)
+* [Perl](https://www.cpan.org/)
+* [Nettle](https://www.lysator.liu.se/~nisse/nettle/)
* [Guile](https://www.gnu.org/software/guile/)
-* [p11-kit](http://p11-glue.freedesktop.org/p11-kit.html)
+* [p11-kit](https://p11-glue.freedesktop.org/p11-kit.html)
* [gperf](https://www.gnu.org/software/gperf/)
* [libtasn1](https://www.gnu.org/software/libtasn1/) (optional)
* [Libidn2](https://www.gnu.org/software/libidn/#libidn2) (optional, for internationalization of DNS, IDNA 2008)
* [AWK](https://www.gnu.org/software/awk/) (for make dist, pmccabe2html)
* [bison](https://www.gnu.org/software/bison) (for datetime parser in certtool)
* [libunbound](https://unbound.net/) (for DANE support)
-* [abi-compliance-checker](http://ispras.linuxbase.org/index.php/ABI_compliance_checker) (for make dist)
-* [tcsd](http://trousers.sourceforge.net/) (for TPM support; optional)
+* [abi-compliance-checker](https://ispras.linuxbase.org/index.php/ABI_compliance_checker) (for make dist)
+* [tcsd](https://trousers.sourceforge.net/) (for TPM support; optional)
* [swtpm](https://github.com/stefanberger/swtpm) (for TPM test; optional)
* [ncat](https://nmap.org/download.html) (for TPM test; optional)
-* [tpm-tools](http://trousers.sourceforge.net/) (for TPM test; optional)
+* [tpm-tools](https://trousers.sourceforge.net/) (for TPM test; optional)
* [expect](https://core.tcl.tk/expect/index) (for TPM test; optional)
The required software is typically distributed with your operating
Moreover, for basic interoperability testing you may want to install openssl
and mbedtls.
-* [Valgrind](http://valgrind.org/) (optional)
+* [Valgrind](https://valgrind.org/) (optional)
* [Libasan](https://gcc.gnu.org//) (optional)
-* [datefudge](http://packages.debian.org/datefudge) (optional)
-* [nodejs](http://nodejs.org/) (needed for certain test cases)
-* [softhsm](http://www.opendnssec.org/softhsm/) (for testing smart card support)
-* [dieharder](http://www.phy.duke.edu/~rgb/General/dieharder.php) (for testing PRNG)
-* [lcov](http://linux-test-project.github.io/) (for code coverage)
+* [datefudge](https://packages.debian.org/datefudge) (optional)
+* [nodejs](https://nodejs.org/) (needed for certain test cases)
+* [softhsm](https://www.opendnssec.org/softhsm/) (for testing smart card support)
+* [dieharder](https://www.phy.duke.edu/~rgb/General/dieharder.php) (for testing PRNG)
+* [lcov](https://linux-test-project.github.io/) (for code coverage)
Debian/Ubuntu:
```
dnl Note that g*l_INIT are run after we check for library capabilities,
dnl to prevent issues from caching lib dependencies. See discussion
dnl in https://bugs.gentoo.org/show_bug.cgi?id=494940 and
-dnl http://gnu-autoconf.7623.n7.nabble.com/Correct-way-to-check-for-clock-gettime-td12276.html
+dnl https://gnu-autoconf.7623.n7.nabble.com/Correct-way-to-check-for-clock-gettime-td12276.html
gl_INIT
ggl_INIT
unistring_INIT
***
*** p11-kit >= $P11_KIT_MINIMUM was not found. To disable PKCS #11 support
*** use --without-p11-kit, otherwise you may get p11-kit from
-*** http://p11-glue.freedesktop.org/p11-kit.html
+*** https://p11-glue.freedesktop.org/p11-kit.html
*** ]])
fi
fi
["$with_default_trust_store_dir"], [use the given directory as default trust store])
fi
-dnl auto detect http://lists.gnu.org/archive/html/help-gnutls/2012-05/msg00004.html
+dnl auto detect https://lists.gnu.org/archive/html/help-gnutls/2012-05/msg00004.html
AC_ARG_WITH([default-trust-store-file],
[AS_HELP_STRING([--with-default-trust-store-file=FILE],
[use the given file default trust store])], with_default_trust_store_file="$withval",
Adam Sampson <ats||offog.org>
16 Jul 2013 (received by personal mail by nmav)
- http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6857
+ https://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6857
Alessandro Ghedini <alessandro||ghedini.me>
1 Aug 2015
- http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8266
+ https://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8266
Frank Morgner <morgner||informatik.hu-berlin.de>
30 Aug 2013
- http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6960
+ https://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6960
Wolfgang Meyer zu Bergsten <w.bergsten||sirrix.com>
25 Oct 2013
- http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7068
+ https://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7068
Jens Lechtenboerger <jens.lechtenboerger||fsfe.org>
22 Feb 2014
- http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7337
+ https://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7337
Jason Spafford <nullprogrammer||gmail.com>
6 Mar 2014
- http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7352
+ https://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7352
Simon Arlott <simon||arlott.org>
10 Jul 2014
- http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7572
+ https://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7572
Alon Bar-Lev <alon.barlev||gmail.com>
25 Aug 2014
- http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7615
+ https://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7615
Armin Burgmeier <armin||arbur.net>
16 Sep 2014
- http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7657
+ https://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7657
Jaak Ristioja <jaak.ristioja||cyber.ee>
17 Dec 2014
- http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7885
+ https://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7885
Luke Dashjr <luke-jr+git||utopios.org>
13 Jan 2015
- http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7949
+ https://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7949
Tim Kosse <tim.kosse||filezilla-project.org>
30 May 2016
- http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8559
+ https://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8559
GNU GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
- Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
under the GNU Free Documentation License version 1.3 (or later).
The project page of the library is available at:
- http://www.gnutls.org/
+ https://www.gnutls.org/
What's New
==========
If you need help to use GnuTLS, or want to help others, you are invited
to join our help-gnutls mailing list, see:
- http://lists.gnutls.org/mailman/listinfo/gnutls-help
+ https://lists.gnutls.org/mailman/listinfo/gnutls-help
If you wish to participate in the development of GnuTLS, you are invited
to join our gnutls-dev mailing list, see:
- http://lists.gnutls.org/mailman/listinfo/gnutls-dev
+ https://lists.gnutls.org/mailman/listinfo/gnutls-dev
Internationalization
====================
# An URL that has CRLs (certificate revocation lists)
# available. Needed in CA certificates.
-#crl_dist_points = "http://www.getcrl.crl/getcrl/"
+#crl_dist_points = "https://www.getcrl.crl/getcrl/"
# Whether this is a CA certificate or not
#ca
#path_len = 2
# OCSP URI
-# ocsp_uri = http://my.ocsp.server/ocsp
+# ocsp_uri = https://my.ocsp.server/ocsp
# CA issuers URI
-# ca_issuers_uri = http://my.ca.issuer
+# ca_issuers_uri = https://my.ca.issuer
# Certificate policies
#policy1 = 1.3.6.1.4.1.5484.1.10.99.1.0
@item @anchor{CBCATT}[CBCATT]
Bodo Moeller, "Security of CBC Ciphersuites in SSL/TLS: Problems and
Countermeasures", 2002, available from
-@url{http://www.openssl.org/~bodo/tls-cbc.txt}.
+@url{https://www.openssl.org/~bodo/tls-cbc.txt}.
@item @anchor{GPGH}[GPGH]
Mike Ashley, "The GNU Privacy Handbook", 2002, available from
-@url{http://www.gnupg.org/gph/en/manual.pdf}.
+@url{https://www.gnupg.org/gph/en/manual.pdf}.
@item @anchor{GUTPKI}[GUTPKI]
Peter Gutmann, "Everything you never wanted to know about PKI but were
forced to find out", Available from
-@url{http://www.cs.auckland.ac.nz/~pgut001/}.
+@url{https://www.cs.auckland.ac.nz/~pgut001/}.
@item @anchor{PRNGATTACKS}[PRNGATTACKS]
John Kelsey and Bruce Schneier, "Cryptanalytic Attacks on Pseudorandom Number Generators",
@item @anchor{KEYPIN}[KEYPIN]
Chris Evans and Chris Palmer, "Public Key Pinning Extension for HTTP",
-Available from @url{http://tools.ietf.org/html/draft-ietf-websec-key-pinning-01}.
+Available from @url{https://tools.ietf.org/html/draft-ietf-websec-key-pinning-01}.
@item @anchor{NISTSP80057}[NISTSP80057]
NIST Special Publication 800-57, "Recommendation for Key Management -
@item @anchor{RFC7413}[RFC7413]
Y. Cheng and J. Chu and S. Radhakrishnan and A. Jain, "TCP Fast Open",
December 2014, Available from
-@url{http://www.ietf.org/rfc/rfc7413.txt}.
+@url{https://www.ietf.org/rfc/rfc7413.txt}.
@item @anchor{RFC7918}[RFC7918]
A. Langley, N. Modadugu, B. Moeller, "Transport Layer Security (TLS) False Start",
August 2016, Available from
-@url{http://www.ietf.org/rfc/rfc7918.txt}.
+@url{https://www.ietf.org/rfc/rfc7918.txt}.
@item @anchor{RFC6125}[RFC6125]
Peter Saint-Andre and Jeff Hodges, "Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X.509 (PKIX) Certificates in the Context of Transport Layer Security (TLS)",
March 2011, Available from
-@url{http://www.ietf.org/rfc/rfc6125.txt}.
+@url{https://www.ietf.org/rfc/rfc6125.txt}.
@item @anchor{RFC7685}[RFC7685]
Adam Langley, "A Transport Layer Security (TLS) ClientHello Padding Extension",
October 2015, Available from
-@url{http://www.ietf.org/rfc/rfc7685.txt}.
+@url{https://www.ietf.org/rfc/rfc7685.txt}.
@item @anchor{RFC7613}[RFC7613]
Peter Saint-Andre and Alexey Melnikov, "Preparation, Enforcement, and Comparison of Internationalized Strings Representing Usernames and Passwords",
August 2015, Available from
-@url{http://www.ietf.org/rfc/rfc7613.txt}.
+@url{https://www.ietf.org/rfc/rfc7613.txt}.
@item @anchor{RFC2246}[RFC2246]
Tim Dierks and Christopher Allen, "The TLS Protocol Version 1.0",
January 1999, Available from
-@url{http://www.ietf.org/rfc/rfc2246.txt}.
+@url{https://www.ietf.org/rfc/rfc2246.txt}.
@item @anchor{RFC6083}[RFC6083]
M. Tuexen and R. Seggelmann and E. Rescorla, "Datagram Transport Layer Security (DTLS) for Stream Control Transmission Protocol (SCTP)",
January 2011, Available from
-@url{http://www.ietf.org/rfc/rfc6083.txt}.
+@url{https://www.ietf.org/rfc/rfc6083.txt}.
@item @anchor{RFC4418}[RFC4418]
Ted Krovetz, "UMAC: Message Authentication Code using Universal Hashing",
March 2006, Available from
-@url{http://www.ietf.org/rfc/rfc4418.txt}.
+@url{https://www.ietf.org/rfc/rfc4418.txt}.
@item @anchor{RFC4680}[RFC4680]
S. Santesson, "TLS Handshake Message for Supplemental Data",
September 2006, Available from
-@url{http://www.ietf.org/rfc/rfc4680.txt}.
+@url{https://www.ietf.org/rfc/rfc4680.txt}.
@item @anchor{RFC7633}[RFC7633]
P. Hallam-Baker, "X.509v3 Transport Layer Security (TLS) Feature Extension",
October 2015, Available from
-@url{http://www.ietf.org/rfc/rfc7633.txt}.
+@url{https://www.ietf.org/rfc/rfc7633.txt}.
@item @anchor{RFC7919}[RFC7919]
D. Gillmor, "Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security (TLS)",
August 2016, Available from
-@url{http://www.ietf.org/rfc/rfc7919.txt}.
+@url{https://www.ietf.org/rfc/rfc7919.txt}.
@item @anchor{RFC4514}[RFC4514]
Kurt D. Zeilenga, "Lightweight Directory Access Protocol (LDAP): String Representation of Distinguished Names",
June 2006, Available from
-@url{http://www.ietf.org/rfc/rfc4513.txt}.
+@url{https://www.ietf.org/rfc/rfc4513.txt}.
@item @anchor{RFC4346}[RFC4346]
Tim Dierks and Eric Rescorla, "The TLS Protocol Version 1.1", Match
-2006, Available from @url{http://www.ietf.org/rfc/rfc4346.txt}.
+2006, Available from @url{https://www.ietf.org/rfc/rfc4346.txt}.
@item @anchor{RFC4347}[RFC4347]
Eric Rescorla and Nagendra Modadugu, "Datagram Transport Layer Security", April
-2006, Available from @url{http://www.ietf.org/rfc/rfc4347.txt}.
+2006, Available from @url{https://www.ietf.org/rfc/rfc4347.txt}.
@item @anchor{RFC5246}[RFC5246]
Tim Dierks and Eric Rescorla, "The TLS Protocol Version 1.2", August
-2008, Available from @url{http://www.ietf.org/rfc/rfc5246.txt}.
+2008, Available from @url{https://www.ietf.org/rfc/rfc5246.txt}.
@item @anchor{RFC2440}[RFC2440]
Jon Callas, Lutz Donnerhacke, Hal Finney and Rodney Thayer, "OpenPGP
Message Format", November 1998, Available from
-@url{http://www.ietf.org/rfc/rfc2440.txt}.
+@url{https://www.ietf.org/rfc/rfc2440.txt}.
@item @anchor{RFC4880}[RFC4880]
Jon Callas, Lutz Donnerhacke, Hal Finney, David Shaw and Rodney
Thayer, "OpenPGP Message Format", November 2007, Available from
-@url{http://www.ietf.org/rfc/rfc4880.txt}.
+@url{https://www.ietf.org/rfc/rfc4880.txt}.
@item @anchor{RFC4211}[RFC4211]
J. Schaad, "Internet X.509 Public Key Infrastructure Certificate
Request Message Format (CRMF)", September 2005, Available from
-@url{http://www.ietf.org/rfc/rfc4211.txt}.
+@url{https://www.ietf.org/rfc/rfc4211.txt}.
@item @anchor{RFC2817}[RFC2817]
Rohit Khare and Scott Lawrence, "Upgrading to TLS Within HTTP/1.1",
-May 2000, Available from @url{http://www.ietf.org/rfc/rfc2817.txt}
+May 2000, Available from @url{https://www.ietf.org/rfc/rfc2817.txt}
@item @anchor{RFC2818}[RFC2818]
Eric Rescorla, "HTTP Over TLS", May 2000, Available from
-@url{http://www.ietf/rfc/rfc2818.txt}.
+@url{https://www.ietf/rfc/rfc2818.txt}.
@item @anchor{RFC2945}[RFC2945]
Tom Wu, "The SRP Authentication and Key Exchange System", September
-2000, Available from @url{http://www.ietf.org/rfc/rfc2945.txt}.
+2000, Available from @url{https://www.ietf.org/rfc/rfc2945.txt}.
@item @anchor{RFC7301}[RFC7301]
S. Friedl, A. Popov, A. Langley, E. Stephan, "Transport Layer Security (TLS) Application-Layer Protocol Negotiation Extension",
-July 2014, Available from @url{http://www.ietf.org/rfc/rfc7301.txt}.
+July 2014, Available from @url{https://www.ietf.org/rfc/rfc7301.txt}.
@item @anchor{RFC2986}[RFC2986]
Magnus Nystrom and Burt Kaliski, "PKCS 10 v1.7: Certification Request
Syntax Specification", November 2000, Available from
-@url{http://www.ietf.org/rfc/rfc2986.txt}.
+@url{https://www.ietf.org/rfc/rfc2986.txt}.
@item @anchor{PKIX}[PKIX]
D. Cooper, S. Santesson, S. Farrel, S. Boeyen, R. Housley, W. Polk,
"Internet X.509 Public Key Infrastructure Certificate and Certificate
Revocation List (CRL) Profile", May 2008, available from
-@url{http://www.ietf.org/rfc/rfc5280.txt}.
+@url{https://www.ietf.org/rfc/rfc5280.txt}.
@item @anchor{RFC3749}[RFC3749]
Scott Hollenbeck, "Transport Layer Security Protocol Compression
Methods", May 2004, available from
-@url{http://www.ietf.org/rfc/rfc3749.txt}.
+@url{https://www.ietf.org/rfc/rfc3749.txt}.
@item @anchor{RFC3820}[RFC3820]
Steven Tuecke, Von Welch, Doug Engert, Laura Pearlman, and Mary
Thompson, "Internet X.509 Public Key Infrastructure (PKI) Proxy
Certificate Profile", June 2004, available from
-@url{http://www.ietf.org/rfc/rfc3820}.
+@url{https://www.ietf.org/rfc/rfc3820}.
@item @anchor{RFC6520}[RFC6520]
R. Seggelmann, M. Tuexen, and M. Williams, "Transport Layer Security (TLS) and
Datagram Transport Layer Security (DTLS) Heartbeat Extension", February 2012, available from
-@url{http://www.ietf.org/rfc/rfc6520}.
+@url{https://www.ietf.org/rfc/rfc6520}.
@item @anchor{RFC5746}[RFC5746]
E. Rescorla, M. Ray, S. Dispensa, and N. Oskov, "Transport Layer
Security (TLS) Renegotiation Indication Extension", February 2010,
-available from @url{http://www.ietf.org/rfc/rfc5746}.
+available from @url{https://www.ietf.org/rfc/rfc5746}.
@item @anchor{RFC5280}[RFC5280]
D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, and
W. Polk, "Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile", May 2008, available from
-@url{http://www.ietf.org/rfc/rfc5280}.
+@url{https://www.ietf.org/rfc/rfc5280}.
@item @anchor{TLSTKT}[TLSTKT]
Joseph Salowey, Hao Zhou, Pasi Eronen, Hannes Tschofenig, "Transport
Layer Security (TLS) Session Resumption without Server-Side State",
-January 2008, available from @url{http://www.ietf.org/rfc/rfc5077}.
+January 2008, available from @url{https://www.ietf.org/rfc/rfc5077}.
@item @anchor{PKCS12}[PKCS12]
RSA Laboratories, "PKCS 12 v1.0: Personal Information Exchange
-Syntax", June 1999, Available from @url{http://www.rsa.com}.
+Syntax", June 1999, Available from @url{https://www.rsa.com}.
@item @anchor{PKCS11}[PKCS11]
RSA Laboratories, "PKCS #11 Base Functionality v2.30: Cryptoki – Draft 4",
-July 2009, Available from @url{http://www.rsa.com}.
+July 2009, Available from @url{https://www.rsa.com}.
@item @anchor{RESCORLA}[RESCORLA]
Eric Rescorla, "SSL and TLS: Designing and Building Secure Systems",
@item @anchor{SELKEY}[SELKEY]
Arjen Lenstra and Eric Verheul, "Selecting Cryptographic Key Sizes",
-2003, available from @url{http://www.win.tue.nl/~klenstra/key.pdf}.
+2003, available from @url{https://www.win.tue.nl/~klenstra/key.pdf}.
@item @anchor{SSL3}[SSL3]
Alan Freier, Philip Karlton and Paul Kocher, "The Secure Sockets Layer (SSL) Protocol Version 3.0",
-August 2011, Available from @url{http://www.ietf.org/rfc/rfc6101.txt}.
+August 2011, Available from @url{https://www.ietf.org/rfc/rfc6101.txt}.
@item @anchor{STEVENS}[STEVENS]
Richard Stevens, "UNIX Network Programming, Volume 1", Prentice Hall
@item @anchor{TLSEXT}[TLSEXT]
Simon Blake-Wilson, Magnus Nystrom, David Hopwood, Jan Mikkelsen and
Tim Wright, "Transport Layer Security (TLS) Extensions", June 2003,
-Available from @url{http://www.ietf.org/rfc/rfc3546.txt}.
+Available from @url{https://www.ietf.org/rfc/rfc3546.txt}.
@item @anchor{TLSPGP}[TLSPGP]
Nikos Mavrogiannopoulos, "Using OpenPGP keys for TLS authentication",
January 2011. Available from
-@url{http://www.ietf.org/rfc/rfc6091.txt}.
+@url{https://www.ietf.org/rfc/rfc6091.txt}.
@item @anchor{TLSSRP}[TLSSRP]
David Taylor, Trevor Perrin, Tom Wu and Nikos Mavrogiannopoulos,
"Using SRP for TLS Authentication", November 2007. Available from
-@url{http://www.ietf.org/rfc/rfc5054.txt}.
+@url{https://www.ietf.org/rfc/rfc5054.txt}.
@item @anchor{TLSPSK}[TLSPSK]
Pasi Eronen and Hannes Tschofenig, "Pre-shared key Ciphersuites for
TLS", December 2005, Available from
-@url{http://www.ietf.org/rfc/rfc4279.txt}.
+@url{https://www.ietf.org/rfc/rfc4279.txt}.
@item @anchor{TOMSRP}[TOMSRP]
Tom Wu, "The Stanford SRP Authentication Project", Available at
-@url{http://srp.stanford.edu/}.
+@url{https://srp.stanford.edu/}.
@item @anchor{WEGER}[WEGER]
Arjen Lenstra and Xiaoyun Wang and Benne de Weger, "Colliding X.509
Certificates", Cryptology ePrint Archive, Report 2005/067, Available
-at @url{http://eprint.iacr.org/}.
+at @url{https://eprint.iacr.org/}.
@item @anchor{ECRYPT}[ECRYPT]
European Network of Excellence in Cryptology II, "ECRYPT II Yearly
Report on Algorithms and Keysizes (2009-2010)", Available
-at @url{http://www.ecrypt.eu.org/documents/D.SPA.13.pdf}.
+at @url{https://www.ecrypt.eu.org/documents/D.SPA.13.pdf}.
@item @anchor{RFC5056}[RFC5056]
N. Williams, "On the Use of Channel Bindings to Secure Channels",
-November 2007, available from @url{http://www.ietf.org/rfc/rfc5056}.
+November 2007, available from @url{https://www.ietf.org/rfc/rfc5056}.
@item @anchor{RFC5764}[RFC5764]
D. McGrew, E. Rescorla, "Datagram Transport Layer Security (DTLS) Extension to Establish Keys for the Secure Real-time Transport Protocol (SRTP)On the Use of Channel Bindings to Secure Channels",
-May 2010, available from @url{http://www.ietf.org/rfc/rfc5764}.
+May 2010, available from @url{https://www.ietf.org/rfc/rfc5764}.
@item @anchor{RFC5929}[RFC5929]
J. Altman, N. Williams, L. Zhu, "Channel Bindings for TLS", July 2010,
-available from @url{http://www.ietf.org/rfc/rfc5929}.
+available from @url{https://www.ietf.org/rfc/rfc5929}.
@item @anchor{PKCS11URI}[PKCS11URI]
J. Pechanec, D. Moffat, "The PKCS#11 URI Scheme", April 2015,
-available from @url{http://www.ietf.org/rfc/rfc7512}.
+available from @url{https://www.ietf.org/rfc/rfc7512}.
@item @anchor{TPMURI}[TPMURI]
C. Latze, N. Mavrogiannopoulos, "The TPMKEY URI Scheme", January 2013,
-Work in progress, available from @url{http://tools.ietf.org/html/draft-mavrogiannopoulos-tpmuri-01}.
+Work in progress, available from @url{https://tools.ietf.org/html/draft-mavrogiannopoulos-tpmuri-01}.
@item @anchor{ANDERSON}[ANDERSON]
R. J. Anderson, "Security Engineering: A Guide to Building Dependable Distributed Systems",
@item @anchor{RFC4821}[RFC4821]
M. Mathis, J. Heffner, "Packetization Layer Path MTU Discovery", March 2007,
-available from @url{http://www.ietf.org/rfc/rfc4821.txt}.
+available from @url{https://www.ietf.org/rfc/rfc4821.txt}.
@item @anchor{RFC2560}[RFC2560]
M. Myers et al, "X.509 Internet Public Key Infrastructure Online
Certificate Status Protocol - OCSP", June 1999, Available from
-@url{http://www.ietf.org/rfc/rfc2560.txt}.
+@url{https://www.ietf.org/rfc/rfc2560.txt}.
@item @anchor{RIVESTCRL}[RIVESTCRL]
R. L. Rivest, "Can We Eliminate Certificate Revocation Lists?",
Proceedings of Financial Cryptography '98; Springer Lecture Notes in
Computer Science No. 1465 (Rafael Hirschfeld, ed.), February 1998),
pages 178--183, available from
-@url{http://people.csail.mit.edu/rivest/Rivest-CanWeEliminateCertificateRevocationLists.pdf}.
+@url{https://people.csail.mit.edu/rivest/Rivest-CanWeEliminateCertificateRevocationLists.pdf}.
@end table
Some systems provide a system wide trusted certificate storage accessible using
the PKCS #11 API. That is, the trusted certificates are queried and accessed using the
PKCS #11 API, and trusted certificate properties, such as purpose, are marked using
-attached extensions. One example is the p11-kit trust module@footnote{see @url{http://p11-glue.freedesktop.org/trust-module.html}.}.
+attached extensions. One example is the p11-kit trust module@footnote{see @url{https://p11-glue.freedesktop.org/trust-module.html}.}.
These special PKCS #11 modules can be used for GnuTLS certificate verification if marked as trust
policy modules, i.e., with @code{trust-policy: yes} in the p11-kit module file.
it abstracts the internal cryptographic back-end (see @ref{Cryptographic Backend}),
providing symmetric crypto, hash and HMAC algorithms, as well access
to the random number generation. For a low-level crypto API the usage of nettle
-@footnote{See @uref{http://www.lysator.liu.se/~nisse/nettle/}.} library is recommended.
+@footnote{See @uref{https://www.lysator.liu.se/~nisse/nettle/}.} library is recommended.
@menu
* Symmetric algorithms::
program in all the targeted platforms when filters like seccomp are in place.
An example with a seccomp filter from GnuTLS' test suite is at:
-@url{http://gitlab.com/gnutls/gnutls/blob/master/tests/seccomp.c}.
+@url{https://gitlab.com/gnutls/gnutls/blob/master/tests/seccomp.c}.
@node Sessions and fork
@subsection Sessions and fork
The Cryptographic library layer, currently supports only
libnettle. Older versions of GnuTLS used to support libgcrypt,
but it was switched with nettle mainly for performance reasons@footnote{See
-@url{http://lists.gnu.org/archive/html/gnutls-devel/2011-02/msg00079.html}.}
+@url{https://lists.gnu.org/archive/html/gnutls-devel/2011-02/msg00079.html}.}
and secondary because it is a simpler library to use.
In the future other cryptographic libraries might be supported as well.
kernel drivers to utilize the operations from software. For this reason
GnuTLS provides a layer where each individual algorithm used can be replaced
by another implementation, i.e., the one provided by the driver. The
-FreeBSD, OpenBSD and Linux kernels@footnote{Check @url{http://home.gna.org/cryptodev-linux/}
+FreeBSD, OpenBSD and Linux kernels@footnote{Check @url{https://home.gna.org/cryptodev-linux/}
for the Linux kernel implementation of @code{/dev/crypto}.} include already
a number of hardware assisted implementations, and also provide an interface
to access them, called @code{/dev/crypto}.
@cindex download
GnuTLS is available for download at:
-@url{http://www.gnutls.org/download.html}
+@url{https://www.gnutls.org/download.html}
GnuTLS uses a development cycle where even minor version numbers
indicate a stable release and a odd minor version number indicate a
GnuTLS depends on @code{nettle} and @code{gmplib}, and you will need to install it
before installing GnuTLS. The @code{nettle} library is available from
-@url{http://www.lysator.liu.se/~nisse/nettle/}, while @code{gmplib} is available
-from @url{http://www.gmplib.org/}.
+@url{https://www.lysator.liu.se/~nisse/nettle/}, while @code{gmplib} is available
+from @url{https://www.gmplib.org/}.
Don't forget to verify the cryptographic signature after downloading
source code packages.
provides the trusted certificates, but allows the categorization of them using purpose,
e.g., CAs can be restricted for e-mail usage only, or administrative restrictions of CAs, for
examples by restricting a CA to only issue certificates for a given DNS domain using NameConstraints.
-A publicly available PKCS #11 trust module is p11-kit's trust module@footnote{@url{http://p11-glue.freedesktop.org/doc/p11-kit/trust-module.html}}.
+A publicly available PKCS #11 trust module is p11-kit's trust module@footnote{@url{https://p11-glue.freedesktop.org/doc/p11-kit/trust-module.html}}.
@node Document overview
@section Overview
and to security engineering in @xcite{ANDERSON}.
Updated versions of the @acronym{GnuTLS} software and this document
-will be available from @url{http://www.gnutls.org/}.
+will be available from @url{https://www.gnutls.org/}.
reach it by sending e-mail to @email{gnutls-help@@gnutls.org}. Archives
of the mailing list discussions, and an interface to manage
subscriptions, is available through the World Wide Web at
-@url{http://lists.gnutls.org/pipermail/gnutls-help/}.
+@url{https://lists.gnutls.org/pipermail/gnutls-help/}.
A mailing list for developers are also available, see
-@url{http://www.gnutls.org/lists.html}.
+@url{https://www.gnutls.org/lists.html}.
Bug reports should be sent to @email{bugs@@gnutls.org}, see
@ref{Bug Reports}.
@section Commercial Support
Commercial support is available for users of GnuTLS. See
-@url{http://www.gnutls.org/commercial.html} for more information.
+@url{https://www.gnutls.org/commercial.html} for more information.
@node Bug Reports
call of a @acronym{PKCS} #11 related function, in a thread safe way.
The default initialization process, utilizes p11-kit configuration, and loads any
appropriate @acronym{PKCS} #11 modules. The p11-kit configuration
-files@footnote{@url{http://p11-glue.freedesktop.org/}} are typically stored in @code{/etc/pkcs11/modules/}.
+files@footnote{@url{https://p11-glue.freedesktop.org/}} are typically stored in @code{/etc/pkcs11/modules/}.
For example a file that will instruct GnuTLS to load the @acronym{OpenSC} module,
could be named @code{/etc/pkcs11/modules/opensc.module} and contain the following:
same operating system to access shared cryptographic keys and certificates in a
uniform way, as in @ref{fig-pkcs11-vision}. That way applications could load their
trusted certificate list, as well as user certificates from a common PKCS #11 module.
-Such a provider is the p11-kit trust storage module@footnote{@url{http://p11-glue.freedesktop.org/trust-module.html}}
+Such a provider is the p11-kit trust storage module@footnote{@url{https://p11-glue.freedesktop.org/trust-module.html}}
and it provides access to the trusted Root CA certificates in a system. That
provides a more dynamic list of Root CA certificates, as opposed to a static
list in a file or directory.
That store, allows for blacklisting of CAs or certificates, as well as
categorization of the Root CAs (Web verification, Code signing, etc.), in
addition to restricting their purpose via stapled extensions@footnote{See
-the 'Restricting the scope of CA certificates' post at @url{http://nmav.gnutls.org/2016/06/restricting-scope-of-ca-certificates.html}}.
+the 'Restricting the scope of CA certificates' post at @url{https://nmav.gnutls.org/2016/06/restricting-scope-of-ca-certificates.html}}.
GnuTLS will utilize the p11-kit trust module as the default trust store
if configured to; i.e., if '--with-default-trust-store-pkcs11=pkcs11:' is given to
the configure script.
# You can define message sequence charts within doxygen comments using the \msc
# command. Doxygen will then run the mscgen tool (see
-# http://www.mcternan.me.uk/mscgen/) to produce the chart and insert it in the
+# https://www.mcternan.me.uk/mscgen/) to produce the chart and insert it in the
# documentation. The MSCGEN_PATH tag allows you to specify the directory where
# the mscgen tool resides. If left empty the tool is assumed to be found in the
# default search path.
# You can define message sequence charts within doxygen comments using the \msc
# command. Doxygen will then run the mscgen tool (see
-# http://www.mcternan.me.uk/mscgen/) to produce the chart and insert it in the
+# https://www.mcternan.me.uk/mscgen/) to produce the chart and insert it in the
# documentation. The MSCGEN_PATH tag allows you to specify the directory where
# the mscgen tool resides. If left empty the tool is assumed to be found in the
# default search path.
This manual describes the @uref{https://www.gnu.org/software/guile/,
GNU Guile} Scheme programming interface to GnuTLS, which is distributed
-as part of @uref{http://gnutls.org,GnuTLS}. The reader is
+as part of @uref{https://gnutls.org,GnuTLS}. The reader is
assumed to have basic knowledge of the protocol and library. Details
missing from this chapter may be found in Function reference,
of the C API reference.
(bye session close-request/rdwr))))
@end example
-@c See <http://bugs.gnu.org/22966> for details.
+@c See <https://bugs.gnu.org/22966> for details.
@cindex buffering
Note that each write to the session record port leads to the
transmission of an encrypted TLS ``Application Data'' packet. In the
\bigskip
- \url{http://fsf.org/}
+ \url{https://fsf.org/}
\bigskip
title = "{Public Key Pinning Extension for HTTP}",
month = "December",
year = "2011",
- note = "Available from \url{http://tools.ietf.org/html/draft-ietf-websec-key-pinning-01}",
- url = "http://tools.ietf.org/html/draft-ietf-websec-key-pinning-01"
+ note = "Available from \url{https://tools.ietf.org/html/draft-ietf-websec-key-pinning-01}",
+ url = "https://tools.ietf.org/html/draft-ietf-websec-key-pinning-01"
}
@misc{RFC6083,
issn = {2070-1721},
publisher = {RFC Editor},
institution = {RFC Editor},
- url = {http://www.rfc-editor.org/rfc/rfc6083.txt},
- note = {\url{http://www.rfc-editor.org/rfc/rfc6083.txt}},
+ url = {https://www.rfc-editor.org/rfc/rfc6083.txt},
+ note = {\url{https://www.rfc-editor.org/rfc/rfc6083.txt}},
}
@misc{RFC7413,
issn = {2070-1721},
publisher = {RFC Editor},
institution = {RFC Editor},
- url = {http://www.rfc-editor.org/rfc/rfc7413.txt},
+ url = {https://www.rfc-editor.org/rfc/rfc7413.txt},
}
@misc{RFC7633,
issn = {2070-1721},
publisher = {RFC Editor},
institution = {RFC Editor},
- url = {http://www.rfc-editor.org/rfc/rfc7918.txt},
+ url = {https://www.rfc-editor.org/rfc/rfc7918.txt},
}
@misc{RFC5764,
issn = {2070-1721},
publisher = {RFC Editor},
institution = {RFC Editor},
- url = {http://www.rfc-editor.org/rfc/rfc5764.txt},
+ url = {https://www.rfc-editor.org/rfc/rfc5764.txt},
}
@misc{rfc7919,
organization="Internet Engineering Task Force",
year=2016,
month=aug,
- url="http://www.ietf.org/rfc/rfc7919.txt",
+ url="https://www.ietf.org/rfc/rfc7919.txt",
}
@misc{RFC5280,
organization="Internet Engineering Task Force",
year=2008,
month=may,
- note="Available from \url{http://www.ietf.org/rfc/rfc5280}",
+ note="Available from \url{https://www.ietf.org/rfc/rfc5280}",
}
@misc{rfc7301,
organization="Internet Engineering Task Force",
year=2014,
month=jul,
- note="Available from \url{http://www.ietf.org/rfc/rfc7301}",
+ note="Available from \url{https://www.ietf.org/rfc/rfc7301}",
}
@Misc{ RFC7613,
title = "{Preparation, Enforcement, and Comparison of Internationalized Strings Representing Usernames and Passwords}",
month = "August",
year = "2015",
- note = "Available from \url{http://www.ietf.org/rfc/rfc7613}",
- url = "http://www.ietf.org/rfc/rfc7613"
+ note = "Available from \url{https://www.ietf.org/rfc/rfc7613}",
+ url = "https://www.ietf.org/rfc/rfc7613"
}
@Misc{ RFC6125,
title = "{Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X.509 (PKIX) Certificates in the Context of Transport Layer Security (TLS)}",
month = "March",
year = "2011",
- note = "Available from \url{http://www.ietf.org/rfc/rfc6125}",
- url = "http://www.ietf.org/rfc/rfc6125"
+ note = "Available from \url{https://www.ietf.org/rfc/rfc6125}",
+ url = "https://www.ietf.org/rfc/rfc6125"
}
@Misc{ RFC7685,
title = "{A Transport Layer Security (TLS) ClientHello Padding Extension}",
month = "October",
year = "2015",
- note = "Available from \url{http://www.ietf.org/rfc/rfc7685}",
- url = "http://www.ietf.org/rfc/rfc7685"
+ note = "Available from \url{https://www.ietf.org/rfc/rfc7685}",
+ url = "https://www.ietf.org/rfc/rfc7685"
}
@Misc{ RFC2246 ,
author = "Tim Dierks and Christopher Allen",
title = "{The TLS Protocol Version 1.0}",
month = "January",
year = "1999",
- note = "Available from \url{http://www.ietf.org/rfc/rfc2246}",
- url = "http://www.ietf.org/rfc/rfc2246"
+ note = "Available from \url{https://www.ietf.org/rfc/rfc2246}",
+ url = "https://www.ietf.org/rfc/rfc2246"
}
@Misc{ RFC6520,
title = "{Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) Heartbeat Extension}",
month = "February",
year = "2012",
- note = "Available from \url{http://www.ietf.org/rfc/rfc6520}",
- url = "http://www.ietf.org/rfc/rfc6520"
+ note = "Available from \url{https://www.ietf.org/rfc/rfc6520}",
+ url = "https://www.ietf.org/rfc/rfc6520"
}
@Misc{ RFC4680,
title = "{TLS Handshake Message for Supplemental Data}",
month = "September",
year = "2006",
- note = "Available from \url{http://www.ietf.org/rfc/rfc4680}",
- url = "http://www.ietf.org/rfc/rfc4680"
+ note = "Available from \url{https://www.ietf.org/rfc/rfc4680}",
+ url = "https://www.ietf.org/rfc/rfc4680"
}
@Misc{ RFC4514,
title = "{Lightweight Directory Access Protocol (LDAP): String Representation of Distinguished Names}",
month = "June",
year = "2006",
- note = "Available from \url{http://www.ietf.org/rfc/rfc4514}",
- url = "http://www.ietf.org/rfc/rfc4514"
+ note = "Available from \url{https://www.ietf.org/rfc/rfc4514}",
+ url = "https://www.ietf.org/rfc/rfc4514"
}
@Misc{ RIVESTCRL,
title = "{Can We Eliminate Certificate Revocation Lists?}",
month = "February",
year = "1998",
- note = "Available from \url{http://people.csail.mit.edu/rivest/Rivest-CanWeEliminateCertificateRevocationLists.pdf}",
- url = "http://people.csail.mit.edu/rivest/Rivest-CanWeEliminateCertificateRevocationLists.pdf"
+ note = "Available from \url{https://people.csail.mit.edu/rivest/Rivest-CanWeEliminateCertificateRevocationLists.pdf}",
+ url = "https://people.csail.mit.edu/rivest/Rivest-CanWeEliminateCertificateRevocationLists.pdf"
}
@misc{RFC3820,
title="Internet {X.509} Public Key Infrastructure {(PKI)} Proxy Certificate Profile",
month="June",
year=2004,
- note = "Available from \url{http://www.ietf.org/rfc/rfc3820}",
- url = "http://www.ietf.org/rfc/rfc3820"
+ note = "Available from \url{https://www.ietf.org/rfc/rfc3820}",
+ url = "https://www.ietf.org/rfc/rfc3820"
}
@misc{RFC2560,
title="{X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP}",
month="June",
year=1999,
- note = "Available from \url{http://www.ietf.org/rfc/rfc2560}",
- url = "http://www.ietf.org/rfc/rfc2560"
+ note = "Available from \url{https://www.ietf.org/rfc/rfc2560}",
+ url = "https://www.ietf.org/rfc/rfc2560"
}
@misc{RFC5746,
title = "Transport Layer Security {(TLS)} Renegotiation Indication Extension",
month ="February",
year=2010,
- note = "Available from \url{http://www.ietf.org/rfc/rfc5746}",
- url = "http://www.ietf.org/rfc/rfc5746"
+ note = "Available from \url{https://www.ietf.org/rfc/rfc5746}",
+ url = "https://www.ietf.org/rfc/rfc5746"
}
@Misc{TLSTKT,
title = "Transport Layer Security {(TLS)} Session Resumption without Server-Side State",
month="January",
year="2008",
- note = "Available from \url{http://www.ietf.org/rfc/rfc5077}",
- url = "http://www.ietf.org/rfc/rfc5077"
+ note = "Available from \url{https://www.ietf.org/rfc/rfc5077}",
+ url = "https://www.ietf.org/rfc/rfc5077"
}
@Misc{PKCS11,
publisher = "RSA Laboratories",
title = "{PKCS \#11 Base Functionality v2.30: Cryptoki – Draft 4}",
- url = "http://www.rsa.com",
+ url = "https://www.rsa.com",
month="July",
year=2009
}
@Misc{ECRYPT,
publisher = "European Network of Excellence in Cryptology II",
title = "{ECRYPT II Yearly Report on Algorithms and Keysizes (2009-2010)}",
- url = "http://www.ecrypt.eu.org/documents/D.SPA.13.pdf",
+ url = "https://www.ecrypt.eu.org/documents/D.SPA.13.pdf",
year=2010
}
title = "{The TLS Protocol Version 1.2}",
month = "August",
year = "2008",
- note = "Available from \url{http://www.ietf.org/rfc/rfc5246}",
- url = "http://www.ietf.org/rfc/rfc5246"
+ note = "Available from \url{https://www.ietf.org/rfc/rfc5246}",
+ url = "https://www.ietf.org/rfc/rfc5246"
}
@Misc{ WEGER,
title = "{Colliding X.509 Certificates}",
publisher = "Cryptology ePrint Archive, Report 2005/067",
year = "2005",
- note = "Available from \url{http://eprint.iacr.org/2005/067}",
- url = "http://eprint.iacr.org/2005/067"
+ note = "Available from \url{https://eprint.iacr.org/2005/067}",
+ url = "https://eprint.iacr.org/2005/067"
}
@Misc{ RFC3749,
title = "Transport Layer Security Protocol Compression Methods",
month = "May",
year = "2004",
- note = "Available from \url{http://www.ietf.org/rfc/rfc3749}",
- url = "http://www.ietf.org/rfc/rfc3749"
+ note = "Available from \url{https://www.ietf.org/rfc/rfc3749}",
+ url = "https://www.ietf.org/rfc/rfc3749"
}
@Misc{ RFC4347,
title = "Datagram Transport Layer Security",
month = "April",
year = "2006",
- note = "Available from \url{http://www.ietf.org/rfc/rfc4347}",
- url = "http://www.ietf.org/rfc/rfc4347"
+ note = "Available from \url{https://www.ietf.org/rfc/rfc4347}",
+ url = "https://www.ietf.org/rfc/rfc4347"
}
@Misc{ RFC4346,
title = "The {TLS} Protocol Version 1.1",
month = "April",
year = "2006",
- note = "Available from \url{http://www.ietf.org/rfc/rfc4346}",
- url = "http://www.ietf.org/rfc/rfc4346"
+ note = "Available from \url{https://www.ietf.org/rfc/rfc4346}",
+ url = "https://www.ietf.org/rfc/rfc4346"
}
@Misc{ RFC2440,
title = "{OpenPGP} Message Format",
month = "November",
year = "2007",
- note = "Available from \url{http://www.ietf.org/rfc/rfc4880}",
- url = "http://www.ietf.org/rfc/rfc4880"
+ note = "Available from \url{https://www.ietf.org/rfc/rfc4880}",
+ url = "https://www.ietf.org/rfc/rfc4880"
}
@Misc{ RFC2511,
title = "Internet {X.509} Certificate Request Message Format",
month = "March",
year = "1999",
- note = "Available from \url{http://www.ietf.org/rfc/rfc2511}",
- url = "http://www.ietf.org/rfc/rfc2511"
+ note = "Available from \url{https://www.ietf.org/rfc/rfc2511}",
+ url = "https://www.ietf.org/rfc/rfc2511"
}
@Misc{ RFC2817,
title = "Upgrading to {TLS} Within {HTTP/1.1}",
month = "May",
year = "2000",
- note = "Available from \url{http://www.ietf.org/rfc/rfc2817}",
- url = "http://www.ietf.org/rfc/rfc2817"
+ note = "Available from \url{https://www.ietf.org/rfc/rfc2817}",
+ url = "https://www.ietf.org/rfc/rfc2817"
}
@Misc{ RFC2818,
title = "{HTTP over TLS}",
month = "May",
year = "2000",
- note = "Available from \url{http://www.ietf.org/rfc/rfc2818}",
- url = "http://www.ietf.org/rfc/rfc2818"
+ note = "Available from \url{https://www.ietf.org/rfc/rfc2818}",
+ url = "https://www.ietf.org/rfc/rfc2818"
}
@Misc{ RFC2945,
title = "The {SRP} Authentication and Key Exchange System",
month = "September",
year = "2000",
- note = "Available from \url{http://www.ietf.org/rfc/rfc2945}",
- url = "http://www.ietf.org/rfc/rfc2945"
+ note = "Available from \url{https://www.ietf.org/rfc/rfc2945}",
+ url = "https://www.ietf.org/rfc/rfc2945"
}
@Misc{ RFC2986,
title = "{PKCS 10 v1.7:} Certification Request Syntax Specification",
month = "November",
year = "2000",
- note = "Available from \url{http://www.ietf.org/rfc/rfc2986}",
- url = "http://www.ietf.org/rfc/rfc2986"
+ note = "Available from \url{https://www.ietf.org/rfc/rfc2986}",
+ url = "https://www.ietf.org/rfc/rfc2986"
}
@Misc{PKIX,
title = "Internet {X.509} Public Key Infrastructure Certificate and Certificate Revocation List {(CRL)} Profile",
month = "April",
year = "2002",
- note = "Available from \url{http://www.ietf.org/rfc/rfc3280}",
- url = "http://www.ietf.org/rfc/rfc3280"
+ note = "Available from \url{https://www.ietf.org/rfc/rfc3280}",
+ url = "https://www.ietf.org/rfc/rfc3280"
}
@Misc{SSL3,
title = "The Secure Sockets Layer (SSL) Protocol Version 3.0",
month = "August",
year = "2011",
- note = "Available from \url{http://www.ietf.org/rfc/rfc6101}",
- url = "http://www.ietf.org/rfc/rfc6101"
+ note = "Available from \url{https://www.ietf.org/rfc/rfc6101}",
+ url = "https://www.ietf.org/rfc/rfc6101"
}
@Misc{PKCS12,
title = "Transport Layer Security {(TLS)} Extensions",
month = "June",
year = "2003",
- note = "Available from \url{http://www.ietf.org/rfc/rfc3546}",
- url = "http://www.ietf.org/rfc/rfc3546"
+ note = "Available from \url{https://www.ietf.org/rfc/rfc3546}",
+ url = "https://www.ietf.org/rfc/rfc3546"
}
@Misc{ TLSSRP,
title = "Using {SRP for TLS} Authentication",
month = "November",
year = "2007",
- note = "Available from \url{http://www.ietf.org/rfc/rfc5054}",
- url = "http://www.ietf.org/rfc/rfc5054"
+ note = "Available from \url{https://www.ietf.org/rfc/rfc5054}",
+ url = "https://www.ietf.org/rfc/rfc5054"
}
@Misc{ RFC5056,
title = "On the Use of Channel Bindings to Secure Channels",
month = "November",
year = "2007",
- note = "Available from \url{http://www.ietf.org/rfc/rfc5056}",
- url = "http://www.ietf.org/rfc/rfc5056"
+ note = "Available from \url{https://www.ietf.org/rfc/rfc5056}",
+ url = "https://www.ietf.org/rfc/rfc5056"
}
@Misc{ RFC5929,
title = "Channel Bindings for {TLS}",
month = "July",
year = "2010",
- note = "Available from \url{http://www.ietf.org/rfc/rfc5929}",
- url = "http://www.ietf.org/rfc/rfc5929"
+ note = "Available from \url{https://www.ietf.org/rfc/rfc5929}",
+ url = "https://www.ietf.org/rfc/rfc5929"
}
@Misc{ TLSPSK,
title = "Pre-shared key Ciphersuites for {TLS}",
month = "December",
year = "2005",
- note = "Available from http://www.ietf.org/rfc/rfc4279",
- url = "http://www.ietf.org/rfc/rfc4279"
+ note = "Available from https://www.ietf.org/rfc/rfc4279",
+ url = "https://www.ietf.org/rfc/rfc4279"
}
@Misc{ TLSPGP,
title = "{Using OpenPGP Keys for Transport Layer Security (TLS) Authentication}",
month = "February",
year = "2011",
- note = "Available from \url{http://www.ietf.org/rfc/rfc6091}",
- url = "http://www.ietf.org/rfc/rfc6091"
+ note = "Available from \url{https://www.ietf.org/rfc/rfc6091}",
+ url = "https://www.ietf.org/rfc/rfc6091"
}
@Misc{ RFC4821,
title = "{Packetization Layer Path MTU Discovery}",
month = "March",
year = "2007",
- note = "Available from \url{http://www.ietf.org/rfc/rfc4821}",
- url = "http://www.ietf.org/rfc/rfc4821"
+ note = "Available from \url{https://www.ietf.org/rfc/rfc4821}",
+ url = "https://www.ietf.org/rfc/rfc4821"
}
@Misc{ TLSCOMP,
title = "Transport Layer Security Protocol Compression Methods",
month = "May",
year = "2004",
- note = "Available from \url{http://www.ietf.org/rfc/rfc3749}",
- url = "http://www.ietf.org/rfc/rfc3749"
+ note = "Available from \url{https://www.ietf.org/rfc/rfc3749}",
+ url = "https://www.ietf.org/rfc/rfc3749"
}
@Misc{ CBCATT,
author = "Bodo Moeller",
title = "Security of {CBC} Ciphersuites in {SSL/TLS}: Problems and Countermeasures",
year = "2002",
- note = "Available from \url{http://www.openssl.org/\~bodo/tls-cbc.txt}",
- url = "http://www.openssl.org/~bodo/tls-cbc.txt"
+ note = "Available from \url{https://www.openssl.org/\~bodo/tls-cbc.txt}",
+ url = "https://www.openssl.org/~bodo/tls-cbc.txt"
}
@Misc{ GUTPKI,
author = "Peter Gutmann",
title = "Everything you never wanted to know about {PKI} but were forced to find out",
year = "2002",
- note = "Available from \url{http://www.cs.auckland.ac.nz/\~pgut001/pubs/pkitutorial.pdf}",
- url = "http://www.cs.auckland.ac.nz/~pgut001/pubs/pkitutorial.pdf"
+ note = "Available from \url{https://www.cs.auckland.ac.nz/\~pgut001/pubs/pkitutorial.pdf}",
+ url = "https://www.cs.auckland.ac.nz/~pgut001/pubs/pkitutorial.pdf"
}
@Misc{ GPGH,
author = "Mike Ashley",
title = "The {GNU} Privacy Handbook",
year = "2002",
- note = "Available from \url{http://www.gnupg.org/gph/en/manual.pdf}",
- url = "http://www.gnupg.org/gph/en/manual.pdf"
+ note = "Available from \url{https://www.gnupg.org/gph/en/manual.pdf}",
+ url = "https://www.gnupg.org/gph/en/manual.pdf"
}
@Misc{ TOMSRP,
author = "Tom Wu",
title = "The Stanford {SRP} Authentication Project",
- note = "Available from \url{http://srp.stanford.edu/}",
- url = "http://srp.stanford.edu/"
+ note = "Available from \url{https://srp.stanford.edu/}",
+ url = "https://srp.stanford.edu/"
}
@Misc{ PRNGATTACKS,
organization="Internet Engineering Task Force",
year=2015,
month=apr,
- url="http://www.ietf.org/rfc/rfc7512.txt",
+ url="https://www.ietf.org/rfc/rfc7512.txt",
}
@misc{TPMURI,
title="{The TPMKEY URI Scheme}",
month="January",
year=2013,
- note = "Work in progress, available from \url{http://tools.ietf.org/html/draft-mavrogiannopoulos-tpmuri-01}",
- url = "http://tools.ietf.org/html/draft-mavrogiannopoulos-tpmuri-01"
+ note = "Work in progress, available from \url{https://tools.ietf.org/html/draft-mavrogiannopoulos-tpmuri-01}",
+ url = "https://tools.ietf.org/html/draft-mavrogiannopoulos-tpmuri-01"
}
@misc{rfc4418,
organization="Internet Engineering Task Force",
year=2006,
month=mar,
- url="http://www.ietf.org/rfc/rfc4418.txt",
+ url="https://www.ietf.org/rfc/rfc4418.txt",
}
$(top_srcdir)/doc/scripts/gdoc -man \
-module $(PACKAGE) -sourceversion $(VERSION) \
-bugsto $(PACKAGE_BUGREPORT) \
- -pkg-site "http://www.gnutls.org" \
+ -pkg-site "https://www.gnutls.org" \
-include "gnutls/`basename $$header .in`" \
-seeinfo $(PACKAGE) -verbatimcopying \
-copyright "2001-$(YEAR) Free Software Foundation, Inc., and others" \
<?xml version="1.0"?>
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
- "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd"
+ "https://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd"
[
- <!ENTITY % local.common.attrib "xmlns:xi CDATA #FIXED 'http://www.w3.org/2003/XInclude'">
+ <!ENTITY % local.common.attrib "xmlns:xi CDATA #FIXED 'https://www.w3.org/2003/XInclude'">
<!ENTITY version SYSTEM "version.xml">
]>
<book id="index">
<releaseinfo>
for GnuTLS &version;.
The latest version of this documentation can be found on-line at
- <ulink role="online-location" url="http://www.gnutls.org/reference/">http://www.gnutls.org/reference/</ulink>.
+ <ulink role="online-location" url="https://www.gnutls.org/reference/">https://www.gnutls.org/reference/</ulink>.
</releaseinfo>
</bookinfo>
<para>
More up to date information can be found at
- <ulink url="http://www.gnutls.org/">
- http://www.gnutls.org/</ulink>.
+ <ulink url="https://www.gnutls.org/">
+ https://www.gnutls.org/</ulink>.
</para>
<xi:include href="xml/gnutls.xml"/>
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
-# http://www.apache.org/licenses/LICENSE-2.0
+# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
-# http://www.apache.org/licenses/LICENSE-2.0
+# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
-# http://www.apache.org/licenses/LICENSE-2.0
+# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
-# http://www.apache.org/licenses/LICENSE-2.0
+# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
-# http://www.apache.org/licenses/LICENSE-2.0
+# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
-# http://www.apache.org/licenses/LICENSE-2.0
+# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
-# http://www.apache.org/licenses/LICENSE-2.0
+# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
-# http://www.apache.org/licenses/LICENSE-2.0
+# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
-# http://www.apache.org/licenses/LICENSE-2.0
+# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
-# http://www.apache.org/licenses/LICENSE-2.0
+# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
-# http://www.apache.org/licenses/LICENSE-2.0
+# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
-# http://www.apache.org/licenses/LICENSE-2.0
+# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
-# http://www.apache.org/licenses/LICENSE-2.0
+# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
-# http://www.apache.org/licenses/LICENSE-2.0
+# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
-# http://www.apache.org/licenses/LICENSE-2.0
+# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# Unset 'GUILE_LOAD_COMPILED_PATH' so we can be sure that any .go file that we
# load comes from the build directory.
# XXX: Use the C locale for when Guile lacks
-# <http://git.sv.gnu.org/cgit/guile.git/commit/?h=stable-2.0&id=e2c6bf3866d1186c60bacfbd4fe5037087ee5e3f>.
+# <https://git.sv.gnu.org/cgit/guile.git/commit/?h=stable-2.0&id=e2c6bf3866d1186c60bacfbd4fe5037087ee5e3f>.
%.go: %.scm modules/gnutls.scm
$(AM_V_GUILEC)$(MKDIR_P) "`dirname "$@"`" ; \
$(AM_V_P) && out=1 || out=- ; \
They were stolen from Guile-Reader 0.3:
- http://www.nongnu.org/guile-reader/
+ https://www.nongnu.org/guile-reader/
It was only slightly modified.
# Use '-module' to build a "dlopenable module", in Libtool terms.
# Use '-undefined' to placate Libtool on Windows; see
-# <http://lists.gnutls.org/pipermail/gnutls-devel/2014-December/007294.html>.
+# <https://lists.gnutls.org/pipermail/gnutls-devel/2014-December/007294.html>.
guile_gnutls_v_2_la_LDFLAGS = -module -no-undefined
# Linking against GnuTLS.
# Note: we cannot use the portable ".c.x" form, since that leads
# prerequisites to be ignored:
-# <http://lists.gnutls.org/pipermail/gnutls-devel/2013-September/006453.html>.
+# <https://lists.gnutls.org/pipermail/gnutls-devel/2013-September/006453.html>.
%.x: %.c $(GENERATED_BINDINGS)
$(AM_V_GEN)$(guile_snarf) -o $@ $< $(snarfcppopts)
(SCM cert),
"Return the distinguished name (DN) of X.509 certificate "
"@var{cert}. The form of the DN is as described in @uref{"
- "http://tools.ietf.org/html/rfc2253, RFC 2253}.")
+ "https://tools.ietf.org/html/rfc2253, RFC 2253}.")
#define FUNC_NAME s_scm_gnutls_x509_certificate_dn
{
X509_CERTIFICATE_DN_FUNCTION_BODY (gnutls_x509_crt_get_dn);
(SCM cert, SCM hostname),
"Return true if @var{cert} matches @var{hostname}, a string "
"denoting a DNS host name. This is the basic implementation "
- "of @uref{http://tools.ietf.org/html/rfc2818, RFC 2818} (aka. "
+ "of @uref{https://tools.ietf.org/html/rfc2818, RFC 2818} (aka. "
"HTTPS).")
#define FUNC_NAME s_scm_gnutls_x509_certificate_matches_hostname_p
{
projects / thirdparty / gnutls.git / commitdiff
