gnutls_certificate_verify_peers2: document that hostname comparison follows RFC6125

author Nikos Mavrogiannopoulos <nmav@redhat.com>

Thu, 21 Jul 2016 14:02:42 +0000 (16:02 +0200)

committer Nikos Mavrogiannopoulos <nmav@redhat.com>

Thu, 21 Jul 2016 14:02:42 +0000 (16:02 +0200)
author Nikos Mavrogiannopoulos <nmav@redhat.com>
Thu, 21 Jul 2016 14:02:42 +0000 (16:02 +0200)
committer Nikos Mavrogiannopoulos <nmav@redhat.com>
Thu, 21 Jul 2016 14:02:42 +0000 (16:02 +0200)
diff --git a/lib/cert.c b/lib/cert.c

index c49bbe760ac890e82068e455ccd094ccfaa21957..2bf7b6ab8ff1dca713858c3be1b115b68f358974 100644 (file)
--- a/lib/cert.c
+++ b/lib/cert.c
@@ -627,9 +627,9 @@ gnutls_certificate_verify_peers2(gnutls_session_t session,
   * of gnutls_certificate_verify_peers2() for details in the verification process.
   *
   * If the @hostname provided is non-NULL then this function will compare
- * the hostname in the certificate against the given. The comparison will
- * be accurate for ascii names; non-ascii names are compared byte-by-byte. 
- * If names do not match the %GNUTLS_CERT_UNEXPECTED_OWNER status flag will be set.
+ * the hostname in the certificate against it. The comparison will follow
+ * the RFC6125 recommendations. If names do not match the
+ * %GNUTLS_CERT_UNEXPECTED_OWNER status flag will be set.
   *
   * In order to verify the purpose of the end-certificate (by checking the extended
   * key usage), use gnutls_certificate_verify_peers().
author	Nikos Mavrogiannopoulos <nmav@redhat.com>
	Thu, 21 Jul 2016 14:02:42 +0000 (16:02 +0200)
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>
	Thu, 21 Jul 2016 14:02:42 +0000 (16:02 +0200)