Modified gdoc to be able to handle enumerations. Only valid to latex.

14 files changed, 615 insertions, 474 deletions

diff --git a/.gitignore b/.gitignore
index 1440d0931f..4c10f3bbf1 100644
--- a/.gitignore
+++ b/.gitignore
@@ -510,3 +510,7 @@ gl/getopt.h
 gl/math.h
 doc/doxygen/latex/
 doc/doxygen/html/
+doc/latex/gnutls-enums.tex
+doc/latex/enums
+doc/latex/gnutls.lof
+doc/latex/gnutls.lot
diff --git a/doc/cha-cert-auth.texi b/doc/cha-cert-auth.texi
index cc519e9126..6ee340d75d 100644
--- a/doc/cha-cert-auth.texi
+++ b/doc/cha-cert-auth.texi
@@ -157,9 +157,11 @@ provided.
 The verification function will verify a given certificate chain against a list of certificate
 authorities and certificate revocation lists, and output
 a bit-wise OR of elements of the @code{gnutls_@-certificate_@-status_t} 
-enumeration. 
-A detailed description of these elements can be found 
-in @ref{tab:cert-verify}. An example of certificate verification is shown in @ref{ex:verify2}.
+enumeration shown in @ref{gnutls_certificate_status_t}. 
+
+@showenumdesc{gnutls_certificate_status_t,The @code{gnutls_@-certificate_@-status_t} enumeration.}
+
+An example of certificate verification is shown in @ref{ex:verify2}.
 It is also possible to have a set of certificates that
 are trusted for a particular server but not to authorize other certificates.
 This purpose is served by the functions @funcref{gnutls_x509_trust_list_add_named_crt} and @funcref{gnutls_x509_trust_list_verify_named_crt}.
@@ -177,88 +179,15 @@ Convenience functions such as @funcref{gnutls_certificate_verify_peers2}
 are equivalent and will verify the peer's certificate chain
 in a TLS session. 
 
-@float Table,tab:cert-verify
-@multitable @columnfractions .46 .44
-
-@headitem Flag @tab Description
-
-@item GNUTLS_CERT_INVALID @tab
-The certificate is not signed by one of the known authorities, or
-the signature is invalid.
-
-@item GNUTLS_CERT_REVOKED @tab
-The certificate has been revoked by its CA.
-
-@item GNUTLS_CERT_SIGNER_NOT_FOUND @tab
-The certificate's issuer is not known. This is the case when the
-issuer is not in the trusted certificates list.
-
-@item GNUTLS_CERT_SIGNER_NOT_CA @tab
-The certificate's signer was not a CA. This may happen if
-this was a version 1 certificate, which is common with some CAs, or
-a version 3 certificate without the basic constrains extension.
-
-@item GNUTLS_CERT_INSECURE_ALGORITHM @tab
-The certificate was signed using an insecure algorithm such as MD2 or
-MD5.  These algorithms have been broken and should not be trusted.
-
-@end multitable
-@caption{Certificate verification output flags.}
-@end float
-
 There is also the possibility to pass some input to the verification
 functions in the form of flags. For @funcref{gnutls_x509_trust_list_verify_crt} the
 flags are passed straightforward, but
 @funcref{gnutls_certificate_verify_peers2} depends on the flags set by
 calling @funcref{gnutls_certificate_set_verify_flags}.  All the available
 flags are part of the enumeration
-@code{gnutls_certificate_verify_flags} and are explained in @ref{tab:cert-flags}.
+@code{gnutls_@-certificate_@-verify_@-flags} shown in @ref{gnutls_certificate_verify_flags}.
 
-@float Table,tab:cert-flags
-@multitable @columnfractions .5 .4
-
-@headitem Flag @tab Description
-@item GNUTLS_VERIFY_@-DISABLE_CA_SIGN @tab
-If set a signer does not have to be a certificate authority. This
-flag should normally be disabled, unless you know what this means.
-
-@item GNUTLS_VERIFY_@-ALLOW_X509_V1_CA_CRT @tab
-Allow only trusted CA certificates that have version 1.  This is
-safer than GNUTLS_VERIFY_@-ALLOW_ANY_X509_V1_CA_CRT, and should be
-used instead. That way only signers in your trusted list will be
-allowed to have certificates of version 1. This is the default.
-
-@item GNUTLS_VERIFY_@-DO_NOT_ALLOW_X509_V1_CA_CRT @tab
-Do not allow trusted version 1 CA certificates.  This option is to be used
-in order consider all V1 certificates as deprecated.
-
-@item GNUTLS_VERIFY_@-ALLOW_ANY_X509_V1_CA_CRT @tab
-Allow CA certificates that have version 1 (both root and
-intermediate). This is dangerous since those haven't the
-basicConstraints extension. Must be used in combination with
-GNUTLS_VERIFY_@-ALLOW_X509_V1_CA_CRT.
-
-@item GNUTLS_VERIFY_@-DO_NOT_ALLOW_SAME @tab
-If a certificate is not signed by anyone trusted but exists in
-the trusted CA list do not treat it as trusted.
-
-@item GNUTLS_VERIFY_@-ALLOW_SIGN_RSA_MD2 @tab
-Allow certificates to be signed using the old MD2 algorithm.
-
-@item GNUTLS_VERIFY_@-ALLOW_SIGN_RSA_MD5 @tab
-Allow certificates to be signed using the broken MD5 algorithm.
-
-@item GNUTLS_VERIFY_@-DISABLE_TIME_CHECKS @tab
-Disable checking of activation
-and expiration validity periods of certificate chains. Don't set
-this unless you understand the security implications.
-
-@item GNUTLS_VERIFY_@-DISABLE_CRL_CHECKS @tab
-Disables checking for validity using certificate revocation lists.
-
-@end multitable
-@caption{Certificate verification flags.}
-@end float
+@showenumdesc{gnutls_certificate_verify_flags,The @code{gnutls_@-certificate_@-verify_@-flags} enumeration.}
 
 Although the verification of a certificate path indicates that the
 certificate is signed by trusted authority, does not reveal anything
@@ -281,6 +210,7 @@ are not currently supported.
 @showfuncB{gnutls_x509_crq_init,gnutls_x509_crq_deinit}
 
 @showfuncdesc{gnutls_x509_crq_import}
+
 @showfuncdesc{gnutls_x509_crq_export}
 
 A certificate request can be generated by
diff --git a/doc/cha-intro-tls.texi b/doc/cha-intro-tls.texi
index c0afef1c3a..8380c6cf75 100644
--- a/doc/cha-intro-tls.texi
+++ b/doc/cha-intro-tls.texi
@@ -681,6 +681,8 @@ parameter with actual bit sizes of parameters for DH, RSA, SRP and ECC algorithm
 A mapping to @code{gnutls_sec_param_t} value is given for each security parameter, on
 the next column, and finally a brief description of the level.
 
+@c @showenumdesc{gnutls_sec_param_t,The @code{gnutls_sec_@-param_t} enumeration.}
+
 Note, however, that the values suggested here are nothing more than an
 educated guess that is valid today. There are no guarantees that an
 algorithm will remain unbreakable or that these values will remain
diff --git a/doc/gnutls.texi b/doc/gnutls.texi
index 3010b474bc..044aee8b4b 100644
--- a/doc/gnutls.texi
+++ b/doc/gnutls.texi
@@ -132,6 +132,14 @@ Documentation License''.
 @end itemize
 @end macro
 
+@macro showenumdesc{ref}
+@float Table,\ref\
+@itemize
+@item @code{\ref\}
+@end itemize
+@end float
+@end macro
+
 @contents
 
 @ifnottex
diff --git a/doc/latex/Makefile.am b/doc/latex/Makefile.am
index a4c2d437c7..6fffa400eb 100644
--- a/doc/latex/Makefile.am
+++ b/doc/latex/Makefile.am
@@ -68,6 +68,16 @@ gnutls-api.tex: $(srcdir)/../../lib/*.c $(srcdir)/../../lib/ext/*.c $(srcdir)/..
 	rm -f $@-tmp
 	mv -f $@-tmp2 $@
 
+gnutls-enums.tex: $(srcdir)/../../lib/includes/gnutls/*.h
+	echo "" > $@-tmp
+	for i in $^; do \
+		echo -n "Creating documentation for file $$i... " && \
+		$(srcdir)/../scripts/gdoc -tex $$i >> $@-tmp && \
+		echo "ok"; \
+	done
+	$(srcdir)/../scripts/split.pl enums enum < $@-tmp
+	mv -f $@-tmp $@
+
 x509-api.tex: $(srcdir)/../../lib/x509/*.c
 	echo "" > $@-tmp
 	for i in $^; do \
@@ -104,9 +114,9 @@ extra-api.tex: $(srcdir)/../../libextra/gnutls_extra.c
 	rm -f $@-tmp
 	mv -f $@-tmp2 $@
 
-SOURCE_GEN_FILES =  extra-api.tex pgp-api.tex x509-api.tex gnutls-api.tex
+SOURCE_GEN_FILES =  extra-api.tex pgp-api.tex x509-api.tex gnutls-api.tex gnutls-enums.tex
 
-gnutls.pdf: $(TEX_OBJECTS) $(GEN_TEX_OBJECTS) $(SOURCE_GEN_FILES)
+gnutls.pdf: $(SOURCE_GEN_FILES) $(TEX_OBJECTS) $(GEN_TEX_OBJECTS)
 	-pdflatex gnutls.tex
 	-bibtex gnutls
 	-makeindex gnutls.idx
@@ -114,5 +124,5 @@ gnutls.pdf: $(TEX_OBJECTS) $(GEN_TEX_OBJECTS) $(SOURCE_GEN_FILES)
 
 clean-am:
 	rm -f $(GEN_TEX_OBJECTS) $(SOURCE_GEN_FILES) gnutls.aux gnutls.bbl gnutls.blg gnutls.idx gnutls.ilg gnutls.ind gnutls.log gnutls.out gnutls.toc
-	rm -rf functions
+	rm -rf functions enums
 
diff --git a/doc/latex/gnutls.tex b/doc/latex/gnutls.tex
index 65207ec870..ba4a9d3be4 100644
--- a/doc/latex/gnutls.tex
+++ b/doc/latex/gnutls.tex
@@ -37,6 +37,8 @@
 
 \setcounter{tocdepth}{1}
 \tableofcontents
+\listoftables
+\listoffigures
 
 \pagestyle{fancy}
 \fancyhead[RE]{\slshape \rightmark}
diff --git a/doc/latex/macros.tex b/doc/latex/macros.tex
index 0a53b47bf4..1b48459ba7 100644
--- a/doc/latex/macros.tex
+++ b/doc/latex/macros.tex
@@ -69,8 +69,24 @@
    \input{functions/#1}
   }
  \end{framed}
+ \vspace{0.10cm}
+ \end{minipage}
+ \par
+}
+
+\newcommand{\showenumdesc}[2]{%
+ \begin{table}[h]
+ \begin{minipage}[l]{\linewidth}
+ \begin{framed}
+  \texttt{
+   \input{enums/#1}
+  }
+ \end{framed}
  \vspace{0.15cm}
  \end{minipage}
+ \caption{#2}
+ \label{#1}
+ \end{table}
 }
 
 \newcommand{\showfuncA}[1]{%
@@ -162,7 +178,20 @@
 {\vspace{0.5cm}{\bf Description:}\footnotesize}
 {}
 
+\newenvironment{enum}%
+{}%
+{}
+
+\newcommand{\enumElement}[2]{%
+{\scriptsize {\bf #1}} & {\scriptsize #2}\\%
+}
+
+\newenvironment{enumList}%
+{\begin{tabular}{p{.43\linewidth}p{.53\linewidth}}}%
+{\end{tabular}}
+
 \newcommand{\functionTitle}[1]{}
+\newcommand{\enumTitle}[1]{enum {\bf #1}:}
 
 \newenvironment{functionReturns}%
 {\vspace{0.5cm}{\bf Returns:}\footnotesize}
diff --git a/doc/scripts/gdoc b/doc/scripts/gdoc
index 49868dbd68..86dceb3c68 100755
--- a/doc/scripts/gdoc
+++ b/doc/scripts/gdoc
@@ -502,6 +502,46 @@ sub output_tex {
     print "\\end{function}\n\n";
 }
 
+sub output_enum_tex {
+    my %args = %{$_[0]};
+    my ($parameter, $section);
+    my $count;
+    my $name = $args{'enum'};
+    my $param;
+    my $param2;
+    my $sec;
+    my $check;
+    my $type;
+
+    $func =~ s/_/\\_/g;
+
+    print "\n\n\\begin{enum}\n";
+    $name =~ s/_/\\_/g;
+    print "\\enumTitle{". $name . "}\n";
+
+    print "\n\\begin{enumList}\n";
+
+    $check=0;
+    foreach $parameter (@{$args{'parameterlist'}}) {
+        $param1 = $parameter;
+	$param1 =~ s/_/\\_\\-/g;
+
+	$check = 1;
+	print "\\enumElement{".$param1."}{";
+#	print "\n";
+
+        $param2 = $args{'parameters'}{$parameter};
+	$param2 =~ s/\#([a-zA-Z\_]+)/{\\it $1}/g;
+	$param2 =~ s/\%([a-zA-Z\_]+)/{\\bf $1}/g;
+	$out = just_highlight($param2);
+	$out =~ s/_/\\_/g;
+	chomp $out;
+	print $out . "}\n";
+    }
+    print "\\end{enumList}\n";
+
+    print "\\end{enum}\n\n";
+}
 
 # output in sgml DocBook
 sub output_sgml {
@@ -707,6 +747,10 @@ sub output_function {
     eval "output_".$output_mode."(\@_);";
 }
 
+sub output_enum {
+    eval "output_enum_".$output_mode."(\@_);";
+}
+
 
 ##
 # takes a function prototype and spits out all the details
@@ -783,6 +827,56 @@ sub dump_function {
     }
 }
 
+sub dump_enum {
+    my $prototype = shift @_;
+
+    if (($prototype =~ m/^\s*typedef\s+enum\s*[a-zA-Z0-9_~:]*\s*\{([a-zA-Z0-9_~=,:\s]+)\s*\}\s*([a-zA-Z0-9_]+);.*/)) {
+#        || $prototype =~ m/^\s*enum\s+([a-zA-Z0-9_~:]+).*/) {
+        $args = $1;
+	$name = $2;
+
+	foreach $arg (split ',', $args) {
+	    # strip leading/trailing spaces
+	    $arg =~ s/^\s*//;
+	    $arg =~ s/\s*$//;
+	    $arg =~ s/([A-Za-z0-9_]+)\s*=.*/$1/g;
+#	    print STDERR "SCAN ARG: '$arg'\n";
+
+            next if $arg eq '';
+	    if ((!defined($parameters{$arg}) || $parameters{$arg} eq "")) {
+		$parameters{$arg} = "-- undescribed --";
+		print STDERR "warning: $lineno: Enumeration parameter '$arg' not described in '$name'\n";
+	    }
+
+	    push @parameterlist, $arg;
+
+#	    print STDERR "param = '$arg'\n";
+	}
+    } else {
+#	print STDERR "warning: $lineno: Cannot understand enumeration: '$prototype'\n";
+	return;
+    }
+
+    output_enum({'enum' => $name,
+			 'module' => $modulename,
+			 'sourceversion' => $sourceversion,
+			 'include' => $include,
+			 'includefuncprefix' => $includefuncprefix,
+			 'bugsto' => $bugsto,
+			 'pkgname' => $pkgname,
+			 'copyright' => $copyright,
+			 'verbatimcopying' => $verbatimcopying,
+			 'seeinfo' => $seeinfo,
+			 'functiontype' => $return_type,
+			 'parameterlist' => \@parameterlist,
+			 'parameters' => \%parameters,
+			 'parametertypes' => \%parametertypes,
+			 'sectionlist' => \@sectionlist,
+			 'sections' => \%sections,
+			 'purpose' => $function_purpose
+			 });
+}
+
 ######################################################################
 # main
 # states
@@ -811,6 +905,7 @@ $doc_content = $doc_com."(.*)";
 $contents = "";
 $section_default = "Description";	# default section
 $section = $section_default;
+$enum = 0;
 
 $lineno = 0;
 foreach $file (@ARGV) {
@@ -818,18 +913,21 @@ foreach $file (@ARGV) {
 	print STDERR "Error: Cannot open file $file\n";
 	next;
     }
-    while (<IN>) {
+    while ($line = <IN>) {
 	$lineno++;
 
 	if ($state == 0) {
-	    if (/$doc_start/o) {
+	    if ($line =~ /$doc_start/o) {
 		$state = 1;		# next line is always the function name
+#	    print STDERR "XXX: start of doc comment\n";
 	    }
 	} elsif ($state == 1) {	# this line is the function name (always)
-	    if (/$doc_func/o) {
+	    if ($line =~ /$doc_func/o) {
 		$function = $1;
 		$state = 2;
-		if (/-\s*(.*)/) {
+#	    print STDERR "XXX: start of doc comment, looking for prototype\n";
+
+		if ($line =~ /-\s*(.*)/) {
 		    $function_purpose = $1;
 		} else {
 		    $function_purpose = "";
@@ -843,7 +941,7 @@ foreach $file (@ARGV) {
 		$state = 0;
 	    }
 	} elsif ($state == 2) {	# look for head: lines, and include content
-	    if (/$doc_sect/o) {
+	    if ($line =~ /$doc_sect/o) {
 		$newsection = $1;
 		$newcontents = $2;
 
@@ -857,7 +955,7 @@ foreach $file (@ARGV) {
 		    $contents .= "\n";
 		}
 		$section = $newsection;
-	    } elsif (/$doc_end/) {
+	    } elsif ($line =~ /$doc_end/) {
 
 		if ($contents ne "") {
 		    dump_section($section, $contents);
@@ -865,10 +963,9 @@ foreach $file (@ARGV) {
 		    $contents = "";
 		}
 
-#	    print STDERR "end of doc comment, looking for prototype\n";
 		$prototype = "";
 		$state = 3;
-	    } elsif (/$doc_content/) {
+	    } elsif ($line =~ /$doc_content/) {
 		# miguel-style comment kludge, look for blank lines after
 		# @parameter line to signify start of description
 		if ($1 eq "" && $section =~ m/^@/) {
@@ -883,17 +980,20 @@ foreach $file (@ARGV) {
 		print STDERR "warning: $lineno: Bad line: $_";
 	    }
 	} elsif ($state == 3) {	# scanning for function { (end of prototype)
-	    if (m#\s*/\*\s+MACDOC\s*#io) {
+	    if ($line =~ m#\s*/\*\s+MACDOC\s*#io) {
 	      # do nothing
 	    }
-	    elsif (/([^\{]*)/) {
+	    elsif ($enum == 1 && $line =~ /(^\s*\{).*/) {
+		$prototype .= "{";
+	    }
+	    elsif ($line =~ /([^\{]*)/) {
 		$prototype .= $1;
 	    }
-	    if (/\{/) {
+	    if ($enum == 0 && $line =~ /\{/) {
 		$prototype =~ s@/\*.*?\*/@@gos;	# strip comments.
 		$prototype =~ s@[\r\n]+@ @gos; # strip newlines/cr's.
 		$prototype =~ s@^ +@@gos; # strip leading spaces
-		dump_function($prototype);
+ 	        dump_function($prototype);
 
 		$function = "";
 		%constants = ();
@@ -903,9 +1003,32 @@ foreach $file (@ARGV) {
 		%sections = ();
 		@sectionlist = ();
 		$prototype = "";
+		$enum = 0;
 
 		$state = 0;
 	    }
+	    elsif ($enum == 1 && $line =~ /\}/) {
+		$prototype =~ s@/\*.*?\*/@@gos;	# strip comments.
+		$prototype =~ s@[\r\n]+@ @gos; # strip newlines/cr's.
+		$prototype =~ s@^ +@@gos; # strip leading spaces
+		dump_enum($prototype);
+
+		$function = "";
+		%constants = ();
+		%parameters = ();
+		%parametertypes = ();
+		@parameterlist = ();
+		%sections = ();
+		@sectionlist = ();
+		$prototype = "";
+		$enum = 0;
+
+		$state = 0;
+	    }
+	    elsif ($line =~ /([a-zA-Z\s]+)enum(.*)$/) {
+	        $enum = 1;
+	    }
+    
 	}
     }
 }
diff --git a/doc/scripts/mytexi2latex b/doc/scripts/mytexi2latex
index 53f88de4bf..74829b93a1 100755
--- a/doc/scripts/mytexi2latex
+++ b/doc/scripts/mytexi2latex
@@ -47,10 +47,18 @@ my $suffix = $_[0];
 	return "\\showfuncdesc\{$suffix\}";
 }
 
+sub showenumdesc()
+{
+my $suffix = $_[0];
+	$suffix =~ s/\\//g;
+	return "\\showenumdesc\{$suffix\}";
+}
+
 my $punescape = \&unescape;
 my $pfuncref = \&funcref;
 my $pshowfunc = \&showfunc;
 my $pshowfuncdesc = \&showfuncdesc;
+my $pshowenumdesc = \&showenumdesc;
 my $mode;
 my $num_args = $#ARGV + 1;
 
@@ -331,6 +339,7 @@ multitable:
 		$line =~ s/\@funcintref\{($codematch+)\}/$pfuncref->($1)/ge;
 		$line =~ s/\@showfunc([A-Z])\{($codematch+)\}/$pshowfunc->($1,$2)/ge;
 		$line =~ s/\@showfuncdesc\{($codematch+)\}/$pshowfuncdesc->($1)/ge;
+		$line =~ s/\@showenumdesc\{($codematch+)\}/$pshowenumdesc->($1)/ge;
 		$line =~ s/\@pxref\{/\\myref\{/g;
 		$line =~ s/\@center (.*)/\\begin{center}\n$1\n\\end{center}/g;
 		if ($line =~ m/\@email/) {
diff --git a/doc/scripts/split.pl b/doc/scripts/split.pl
index ca7d7855e0..ed716344a8 100755
--- a/doc/scripts/split.pl
+++ b/doc/scripts/split.pl
@@ -1,6 +1,13 @@
 #!/usr/bin/perl
 
 $dir = shift;
+$param2 = shift;
+
+if ($param2 ne '') {
+  $enum = 1;
+} else {
+  $enum = 0;
+}
 
 sub key_of_record {
   local($record) = @_;
@@ -11,12 +18,20 @@ sub key_of_record {
   my ($i) = 1;
   my ($key) = $lines[$i]; 
 
-  while( !($key =~ m/^\\functionTitle\{(.*)\}/) && ($i < 5)) { $i=$i+1; $key = $lines[$i]; }
+  if ($enum == 1) {
+    while( !($key =~ m/^$\\enumTitle\{(.*)\}/) && ($i < 5)) { $i=$i+1; $key = $lines[$i]; }
+  } else {
+    while( !($key =~ m/^$\\functionTitle\{(.*)\}/) && ($i < 5)) { $i=$i+1; $key = $lines[$i]; }
+  }
 
   return $key;
 }
 
-$/="\n\\end{function}";          # Records are separated by blank lines.
+if ($enum == 1) {
+  $/="\n\\end{enum}";          # Records are separated by blank lines.
+} else {
+  $/="\n\\end{function}";          # Records are separated by blank lines.
+}
 @records = <>;  # Read in whole file, one record per array element.
 
 mkdir $dir;
@@ -24,11 +39,15 @@ mkdir $dir;
 @records = sort { key_of_record($a) cmp key_of_record($b) } @records;
 foreach (@records) {
   $key = $_;
-  $key =~  m/\\functionTitle\{(.*)\}/;
+  if ($enum == 1) {
+    $key =~ m/\\enumTitle\{(.*)\}/;
+    $key = $1;
+  } else {
+    $key =~ m/\\functionTitle\{(.*)\}/;
+    $key = $1;
+  }
 
-  $key = $1;
   $key =~ s/\\_/_/g;
-
   if (defined $key && $key ne "") {
     open FILE, "> $dir/$key\n" or die $!;
     print FILE $_ . "\n";
diff --git a/lib/includes/gnutls/dtls.h b/lib/includes/gnutls/dtls.h
index 7a43707081..2f3369cd21 100644
--- a/lib/includes/gnutls/dtls.h
+++ b/lib/includes/gnutls/dtls.h
@@ -45,17 +45,17 @@ unsigned int gnutls_dtls_get_data_mtu (gnutls_session_t session);
 
   void gnutls_dtls_set_mtu (gnutls_session_t session, unsigned int mtu);
 
-  /**
-   * gnutls_dtls_prestate_st:
-   * @record_seq: record sequence number
-   * @hsk_read_seq: handshake read sequence number
-   * @hsk_write_seq: handshake write sequence number
-   *
-   * DTLS cookie prestate struct.  This is usually never modified by
-   * the application, it is used to carry the cookie data between
-   * gnutls_dtls_cookie_send(), gnutls_dtls_cookie_verify() and
-   * gnutls_dtls_prestate_set().
-   */
+/**
+ * gnutls_dtls_prestate_st:
+ * @record_seq: record sequence number
+ * @hsk_read_seq: handshake read sequence number
+ * @hsk_write_seq: handshake write sequence number
+ *
+ * DTLS cookie prestate struct.  This is usually never modified by
+ * the application, it is used to carry the cookie data between
+ * gnutls_dtls_cookie_send(), gnutls_dtls_cookie_verify() and
+ * gnutls_dtls_prestate_set().
+ */
   typedef struct
   {
     unsigned int record_seq;
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index 3488c555ee..dea88db02d 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -63,34 +63,34 @@ extern "C"
 #define GNUTLS_CIPHER_RIJNDAEL_CBC GNUTLS_CIPHER_AES_128_CBC
 #define GNUTLS_CIPHER_ARCFOUR GNUTLS_CIPHER_ARCFOUR_128
 
-  /**
-   * gnutls_cipher_algorithm_t:
-   * @GNUTLS_CIPHER_UNKNOWN: Unknown algorithm.
-   * @GNUTLS_CIPHER_NULL: NULL algorithm.
-   * @GNUTLS_CIPHER_ARCFOUR_128: ARCFOUR stream cipher with 128-bit keys.
-   * @GNUTLS_CIPHER_3DES_CBC: 3DES in CBC mode.
-   * @GNUTLS_CIPHER_AES_128_CBC: AES in CBC mode with 128-bit keys.
-   * @GNUTLS_CIPHER_AES_192_CBC: AES in CBC mode with 192-bit keys.
-   * @GNUTLS_CIPHER_AES_256_CBC: AES in CBC mode with 256-bit keys.
-   * @GNUTLS_CIPHER_ARCFOUR_40: ARCFOUR stream cipher with 40-bit keys.
-   * @GNUTLS_CIPHER_CAMELLIA_128_CBC: Camellia in CBC mode with 128-bit keys.
-   * @GNUTLS_CIPHER_CAMELLIA_256_CBC: Camellia in CBC mode with 256-bit keys.
-   * @GNUTLS_CIPHER_RC2_40_CBC: RC2 in CBC mode with 40-bit keys.
-   * @GNUTLS_CIPHER_DES_CBC: DES in CBC mode (56-bit keys).
-   * @GNUTLS_CIPHER_AES_128_GCM: AES in GCM mode with 128-bit keys.
-   * @GNUTLS_CIPHER_AES_256_GCM: AES in GCM mode with 256-bit keys.
-   * @GNUTLS_CIPHER_IDEA_PGP_CFB: IDEA in CFB mode.
-   * @GNUTLS_CIPHER_3DES_PGP_CFB: 3DES in CFB mode.
-   * @GNUTLS_CIPHER_CAST5_PGP_CFB: CAST5 in CFB mode.
-   * @GNUTLS_CIPHER_BLOWFISH_PGP_CFB: Blowfish in CFB mode.
-   * @GNUTLS_CIPHER_SAFER_SK128_PGP_CFB: Safer-SK in CFB mode with 128-bit keys.
-   * @GNUTLS_CIPHER_AES128_PGP_CFB: AES in CFB mode with 128-bit keys.
-   * @GNUTLS_CIPHER_AES192_PGP_CFB: AES in CFB mode with 192-bit keys.
-   * @GNUTLS_CIPHER_AES256_PGP_CFB: AES in CFB mode with 256-bit keys.
-   * @GNUTLS_CIPHER_TWOFISH_PGP_CFB: Twofish in CFB mode.
-   *
-   * Enumeration of different symmetric encryption algorithms.
-   */
+/**
+ * gnutls_cipher_algorithm_t:
+ * @GNUTLS_CIPHER_UNKNOWN: Unknown algorithm.
+ * @GNUTLS_CIPHER_NULL: NULL algorithm.
+ * @GNUTLS_CIPHER_ARCFOUR_128: ARCFOUR stream cipher with 128-bit keys.
+ * @GNUTLS_CIPHER_3DES_CBC: 3DES in CBC mode.
+ * @GNUTLS_CIPHER_AES_128_CBC: AES in CBC mode with 128-bit keys.
+ * @GNUTLS_CIPHER_AES_192_CBC: AES in CBC mode with 192-bit keys.
+ * @GNUTLS_CIPHER_AES_256_CBC: AES in CBC mode with 256-bit keys.
+ * @GNUTLS_CIPHER_ARCFOUR_40: ARCFOUR stream cipher with 40-bit keys.
+ * @GNUTLS_CIPHER_CAMELLIA_128_CBC: Camellia in CBC mode with 128-bit keys.
+ * @GNUTLS_CIPHER_CAMELLIA_256_CBC: Camellia in CBC mode with 256-bit keys.
+ * @GNUTLS_CIPHER_RC2_40_CBC: RC2 in CBC mode with 40-bit keys.
+ * @GNUTLS_CIPHER_DES_CBC: DES in CBC mode (56-bit keys).
+ * @GNUTLS_CIPHER_AES_128_GCM: AES in GCM mode with 128-bit keys.
+ * @GNUTLS_CIPHER_AES_256_GCM: AES in GCM mode with 256-bit keys.
+ * @GNUTLS_CIPHER_IDEA_PGP_CFB: IDEA in CFB mode.
+ * @GNUTLS_CIPHER_3DES_PGP_CFB: 3DES in CFB mode.
+ * @GNUTLS_CIPHER_CAST5_PGP_CFB: CAST5 in CFB mode.
+ * @GNUTLS_CIPHER_BLOWFISH_PGP_CFB: Blowfish in CFB mode.
+ * @GNUTLS_CIPHER_SAFER_SK128_PGP_CFB: Safer-SK in CFB mode with 128-bit keys.
+ * @GNUTLS_CIPHER_AES128_PGP_CFB: AES in CFB mode with 128-bit keys.
+ * @GNUTLS_CIPHER_AES192_PGP_CFB: AES in CFB mode with 192-bit keys.
+ * @GNUTLS_CIPHER_AES256_PGP_CFB: AES in CFB mode with 256-bit keys.
+ * @GNUTLS_CIPHER_TWOFISH_PGP_CFB: Twofish in CFB mode.
+ *
+ * Enumeration of different symmetric encryption algorithms.
+ */
   typedef enum gnutls_cipher_algorithm
   {
     GNUTLS_CIPHER_UNKNOWN = 0,
@@ -121,26 +121,26 @@ extern "C"
     GNUTLS_CIPHER_TWOFISH_PGP_CFB = 208
   } gnutls_cipher_algorithm_t;
 
-  /**
-   * gnutls_kx_algorithm_t:
-   * @GNUTLS_KX_UNKNOWN: Unknown key-exchange algorithm.
-   * @GNUTLS_KX_RSA: RSA key-exchange algorithm.
-   * @GNUTLS_KX_DHE_DSS: DHE-DSS key-exchange algorithm.
-   * @GNUTLS_KX_DHE_RSA: DHE-RSA key-exchange algorithm.
-   * @GNUTLS_KX_ECDHE_RSA: ECDHE-RSA key-exchange algorithm.
-   * @GNUTLS_KX_ECDHE_ECDSA: ECDHE-ECDSA key-exchange algorithm.
-   * @GNUTLS_KX_ANON_DH: Anon-DH key-exchange algorithm.
-   * @GNUTLS_KX_ANON_ECDH: Anon-ECDH key-exchange algorithm.
-   * @GNUTLS_KX_SRP: SRP key-exchange algorithm.
-   * @GNUTLS_KX_RSA_EXPORT: RSA-EXPORT key-exchange algorithm.
-   * @GNUTLS_KX_SRP_RSA: SRP-RSA key-exchange algorithm.
-   * @GNUTLS_KX_SRP_DSS: SRP-DSS key-exchange algorithm.
-   * @GNUTLS_KX_PSK: PSK key-exchange algorithm.
-   * @GNUTLS_KX_DHE_PSK: DHE-PSK key-exchange algorithm.
-   * @GNUTLS_KX_ECDHE_PSK: ECDHE-PSK key-exchange algorithm.
-   *
-   * Enumeration of different key exchange algorithms.
-   */
+/**
+ * gnutls_kx_algorithm_t:
+ * @GNUTLS_KX_UNKNOWN: Unknown key-exchange algorithm.
+ * @GNUTLS_KX_RSA: RSA key-exchange algorithm.
+ * @GNUTLS_KX_DHE_DSS: DHE-DSS key-exchange algorithm.
+ * @GNUTLS_KX_DHE_RSA: DHE-RSA key-exchange algorithm.
+ * @GNUTLS_KX_ECDHE_RSA: ECDHE-RSA key-exchange algorithm.
+ * @GNUTLS_KX_ECDHE_ECDSA: ECDHE-ECDSA key-exchange algorithm.
+ * @GNUTLS_KX_ANON_DH: Anon-DH key-exchange algorithm.
+ * @GNUTLS_KX_ANON_ECDH: Anon-ECDH key-exchange algorithm.
+ * @GNUTLS_KX_SRP: SRP key-exchange algorithm.
+ * @GNUTLS_KX_RSA_EXPORT: RSA-EXPORT key-exchange algorithm.
+ * @GNUTLS_KX_SRP_RSA: SRP-RSA key-exchange algorithm.
+ * @GNUTLS_KX_SRP_DSS: SRP-DSS key-exchange algorithm.
+ * @GNUTLS_KX_PSK: PSK key-exchange algorithm.
+ * @GNUTLS_KX_DHE_PSK: DHE-PSK key-exchange algorithm.
+ * @GNUTLS_KX_ECDHE_PSK: ECDHE-PSK key-exchange algorithm.
+ *
+ * Enumeration of different key exchange algorithms.
+ */
   typedef enum
   {
     GNUTLS_KX_UNKNOWN = 0,
@@ -160,14 +160,14 @@ extern "C"
     GNUTLS_KX_ECDHE_PSK = 14,
   } gnutls_kx_algorithm_t;
 
-  /**
-   * gnutls_params_type_t:
-   * @GNUTLS_PARAMS_RSA_EXPORT: Session RSA-EXPORT parameters.
-   * @GNUTLS_PARAMS_DH: Session Diffie-Hellman parameters.
-   * @GNUTLS_PARAMS_ECDH: Session Elliptic-Curve Diffie-Hellman parameters.
-   *
-   * Enumeration of different TLS session parameter types.
-   */
+/**
+ * gnutls_params_type_t:
+ * @GNUTLS_PARAMS_RSA_EXPORT: Session RSA-EXPORT parameters.
+ * @GNUTLS_PARAMS_DH: Session Diffie-Hellman parameters.
+ * @GNUTLS_PARAMS_ECDH: Session Elliptic-Curve Diffie-Hellman parameters.
+ *
+ * Enumeration of different TLS session parameter types.
+ */
   typedef enum
   {
     GNUTLS_PARAMS_RSA_EXPORT = 1,
@@ -175,16 +175,16 @@ extern "C"
     GNUTLS_PARAMS_ECDH = 3,
   } gnutls_params_type_t;
 
-  /**
-   * gnutls_credentials_type_t:
-   * @GNUTLS_CRD_CERTIFICATE: Certificate credential.
-   * @GNUTLS_CRD_ANON: Anonymous credential.
-   * @GNUTLS_CRD_SRP: SRP credential.
-   * @GNUTLS_CRD_PSK: PSK credential.
-   * @GNUTLS_CRD_IA: IA credential.
-   *
-   * Enumeration of different credential types.
-   */
+/**
+ * gnutls_credentials_type_t:
+ * @GNUTLS_CRD_CERTIFICATE: Certificate credential.
+ * @GNUTLS_CRD_ANON: Anonymous credential.
+ * @GNUTLS_CRD_SRP: SRP credential.
+ * @GNUTLS_CRD_PSK: PSK credential.
+ * @GNUTLS_CRD_IA: IA credential.
+ *
+ * Enumeration of different credential types.
+ */
   typedef enum
   {
     GNUTLS_CRD_CERTIFICATE = 1,
@@ -197,23 +197,23 @@ extern "C"
 #define GNUTLS_MAC_SHA GNUTLS_MAC_SHA1
 #define GNUTLS_DIG_SHA GNUTLS_DIG_SHA1
 
-  /**
-   * gnutls_mac_algorithm_t:
-   * @GNUTLS_MAC_UNKNOWN: Unknown MAC algorithm.
-   * @GNUTLS_MAC_NULL: NULL MAC algorithm (empty output).
-   * @GNUTLS_MAC_MD5: HMAC-MD5 algorithm.
-   * @GNUTLS_MAC_SHA1: HMAC-SHA-1 algorithm.
-   * @GNUTLS_MAC_RMD160: HMAC-RMD160 algorithm.
-   * @GNUTLS_MAC_MD2: HMAC-MD2 algorithm.
-   * @GNUTLS_MAC_SHA256: HMAC-SHA-256 algorithm.
-   * @GNUTLS_MAC_SHA384: HMAC-SHA-384 algorithm.
-   * @GNUTLS_MAC_SHA512: HMAC-SHA-512 algorithm.
-   * @GNUTLS_MAC_SHA224: HMAC-SHA-224 algorithm.
-   * @GNUTLS_MAC_AEAD: MAC implicit through AEAD cipher.
-   *
-   * Enumeration of different Message Authentication Code (MAC)
-   * algorithms.
-   */
+/**
+ * gnutls_mac_algorithm_t:
+ * @GNUTLS_MAC_UNKNOWN: Unknown MAC algorithm.
+ * @GNUTLS_MAC_NULL: NULL MAC algorithm (empty output).
+ * @GNUTLS_MAC_MD5: HMAC-MD5 algorithm.
+ * @GNUTLS_MAC_SHA1: HMAC-SHA-1 algorithm.
+ * @GNUTLS_MAC_RMD160: HMAC-RMD160 algorithm.
+ * @GNUTLS_MAC_MD2: HMAC-MD2 algorithm.
+ * @GNUTLS_MAC_SHA256: HMAC-SHA-256 algorithm.
+ * @GNUTLS_MAC_SHA384: HMAC-SHA-384 algorithm.
+ * @GNUTLS_MAC_SHA512: HMAC-SHA-512 algorithm.
+ * @GNUTLS_MAC_SHA224: HMAC-SHA-224 algorithm.
+ * @GNUTLS_MAC_AEAD: MAC implicit through AEAD cipher.
+ *
+ * Enumeration of different Message Authentication Code (MAC)
+ * algorithms.
+ */
   typedef enum
   {
     GNUTLS_MAC_UNKNOWN = 0,
@@ -231,21 +231,21 @@ extern "C"
     GNUTLS_MAC_AEAD = 200 /* indicates that MAC is on the cipher */
   } gnutls_mac_algorithm_t;
 
-  /**
-   * gnutls_digest_algorithm_t:
-   * @GNUTLS_DIG_UNKNOWN: Unknown hash algorithm.
-   * @GNUTLS_DIG_NULL: NULL hash algorithm (empty output).
-   * @GNUTLS_DIG_MD5: MD5 algorithm.
-   * @GNUTLS_DIG_SHA1: SHA-1 algorithm.
-   * @GNUTLS_DIG_RMD160: RMD160 algorithm.
-   * @GNUTLS_DIG_MD2: MD2 algorithm.
-   * @GNUTLS_DIG_SHA256: SHA-256 algorithm.
-   * @GNUTLS_DIG_SHA384: SHA-384 algorithm.
-   * @GNUTLS_DIG_SHA512: SHA-512 algorithm.
-   * @GNUTLS_DIG_SHA224: SHA-224 algorithm.
-   *
-   * Enumeration of different digest (hash) algorithms.
-   */
+/**
+ * gnutls_digest_algorithm_t:
+ * @GNUTLS_DIG_UNKNOWN: Unknown hash algorithm.
+ * @GNUTLS_DIG_NULL: NULL hash algorithm (empty output).
+ * @GNUTLS_DIG_MD5: MD5 algorithm.
+ * @GNUTLS_DIG_SHA1: SHA-1 algorithm.
+ * @GNUTLS_DIG_RMD160: RMD160 algorithm.
+ * @GNUTLS_DIG_MD2: MD2 algorithm.
+ * @GNUTLS_DIG_SHA256: SHA-256 algorithm.
+ * @GNUTLS_DIG_SHA384: SHA-384 algorithm.
+ * @GNUTLS_DIG_SHA512: SHA-512 algorithm.
+ * @GNUTLS_DIG_SHA224: SHA-224 algorithm.
+ *
+ * Enumeration of different digest (hash) algorithms.
+ */
   typedef enum
   {
     GNUTLS_DIG_UNKNOWN = GNUTLS_MAC_UNKNOWN,
@@ -267,15 +267,15 @@ extern "C"
    */
 #define GNUTLS_MAX_ALGORITHM_NUM 32
 
-  /**
-   * gnutls_compression_method_t:
-   * @GNUTLS_COMP_UNKNOWN: Unknown compression method.
-   * @GNUTLS_COMP_NULL: The NULL compression method (uncompressed).
-   * @GNUTLS_COMP_DEFLATE: The deflate/zlib compression method.
-   * @GNUTLS_COMP_ZLIB: Same as %GNUTLS_COMP_DEFLATE.
-   *
-   * Enumeration of different TLS compression methods.
-   */
+/**
+ * gnutls_compression_method_t:
+ * @GNUTLS_COMP_UNKNOWN: Unknown compression method.
+ * @GNUTLS_COMP_NULL: The NULL compression method (uncompressed).
+ * @GNUTLS_COMP_DEFLATE: The deflate/zlib compression method.
+ * @GNUTLS_COMP_ZLIB: Same as %GNUTLS_COMP_DEFLATE.
+ *
+ * Enumeration of different TLS compression methods.
+ */
   typedef enum
   {
     GNUTLS_COMP_UNKNOWN = 0,
@@ -299,56 +299,56 @@ extern "C"
 #define GNUTLS_DATAGRAM (1<<2)
 #define GNUTLS_NONBLOCK (1<<3)
 
-  /**
-   * gnutls_alert_level_t:
-   * @GNUTLS_AL_WARNING: Alert of warning severity.
-   * @GNUTLS_AL_FATAL: Alert of fatal severity.
-   *
-   * Enumeration of different TLS alert severities.
-   */
+/**
+ * gnutls_alert_level_t:
+ * @GNUTLS_AL_WARNING: Alert of warning severity.
+ * @GNUTLS_AL_FATAL: Alert of fatal severity.
+ *
+ * Enumeration of different TLS alert severities.
+ */
   typedef enum
   {
     GNUTLS_AL_WARNING = 1,
     GNUTLS_AL_FATAL
   } gnutls_alert_level_t;
 
-  /**
-   * gnutls_alert_description_t:
-   * @GNUTLS_A_CLOSE_NOTIFY: Close notify.
-   * @GNUTLS_A_UNEXPECTED_MESSAGE: Unexpected message.
-   * @GNUTLS_A_BAD_RECORD_MAC: Bad record MAC.
-   * @GNUTLS_A_DECRYPTION_FAILED: Decryption failed.
-   * @GNUTLS_A_RECORD_OVERFLOW: Record overflow.
-   * @GNUTLS_A_DECOMPRESSION_FAILURE: Decompression failed.
-   * @GNUTLS_A_HANDSHAKE_FAILURE: Handshake failed.
-   * @GNUTLS_A_SSL3_NO_CERTIFICATE: No certificate.
-   * @GNUTLS_A_BAD_CERTIFICATE: Certificate is bad.
-   * @GNUTLS_A_UNSUPPORTED_CERTIFICATE: Certificate is not supported.
-   * @GNUTLS_A_CERTIFICATE_REVOKED: Certificate was revoked.
-   * @GNUTLS_A_CERTIFICATE_EXPIRED: Certificate is expired.
-   * @GNUTLS_A_CERTIFICATE_UNKNOWN: Unknown certificate.
-   * @GNUTLS_A_ILLEGAL_PARAMETER: Illegal parameter.
-   * @GNUTLS_A_UNKNOWN_CA: CA is unknown.
-   * @GNUTLS_A_ACCESS_DENIED: Access was denied.
-   * @GNUTLS_A_DECODE_ERROR: Decode error.
-   * @GNUTLS_A_DECRYPT_ERROR: Decrypt error.
-   * @GNUTLS_A_EXPORT_RESTRICTION: Export restriction.
-   * @GNUTLS_A_PROTOCOL_VERSION: Error in protocol version.
-   * @GNUTLS_A_INSUFFICIENT_SECURITY: Insufficient security.
-   * @GNUTLS_A_USER_CANCELED: User canceled.
-   * @GNUTLS_A_INTERNAL_ERROR: Internal error.
-   * @GNUTLS_A_NO_RENEGOTIATION: No renegotiation is allowed.
-   * @GNUTLS_A_CERTIFICATE_UNOBTAINABLE: Could not retrieve the
-   *   specified certificate.
-   * @GNUTLS_A_UNSUPPORTED_EXTENSION: An unsupported extension was
-   *   sent.
-   * @GNUTLS_A_UNRECOGNIZED_NAME: The server name sent was not
-   *   recognized.
-   * @GNUTLS_A_UNKNOWN_PSK_IDENTITY: The SRP/PSK username is missing
-   *   or not known.
-   *
-   * Enumeration of different TLS alerts.
-   */
+/**
+ * gnutls_alert_description_t:
+ * @GNUTLS_A_CLOSE_NOTIFY: Close notify.
+ * @GNUTLS_A_UNEXPECTED_MESSAGE: Unexpected message.
+ * @GNUTLS_A_BAD_RECORD_MAC: Bad record MAC.
+ * @GNUTLS_A_DECRYPTION_FAILED: Decryption failed.
+ * @GNUTLS_A_RECORD_OVERFLOW: Record overflow.
+ * @GNUTLS_A_DECOMPRESSION_FAILURE: Decompression failed.
+ * @GNUTLS_A_HANDSHAKE_FAILURE: Handshake failed.
+ * @GNUTLS_A_SSL3_NO_CERTIFICATE: No certificate.
+ * @GNUTLS_A_BAD_CERTIFICATE: Certificate is bad.
+ * @GNUTLS_A_UNSUPPORTED_CERTIFICATE: Certificate is not supported.
+ * @GNUTLS_A_CERTIFICATE_REVOKED: Certificate was revoked.
+ * @GNUTLS_A_CERTIFICATE_EXPIRED: Certificate is expired.
+ * @GNUTLS_A_CERTIFICATE_UNKNOWN: Unknown certificate.
+ * @GNUTLS_A_ILLEGAL_PARAMETER: Illegal parameter.
+ * @GNUTLS_A_UNKNOWN_CA: CA is unknown.
+ * @GNUTLS_A_ACCESS_DENIED: Access was denied.
+ * @GNUTLS_A_DECODE_ERROR: Decode error.
+ * @GNUTLS_A_DECRYPT_ERROR: Decrypt error.
+ * @GNUTLS_A_EXPORT_RESTRICTION: Export restriction.
+ * @GNUTLS_A_PROTOCOL_VERSION: Error in protocol version.
+ * @GNUTLS_A_INSUFFICIENT_SECURITY: Insufficient security.
+ * @GNUTLS_A_USER_CANCELED: User canceled.
+ * @GNUTLS_A_INTERNAL_ERROR: Internal error.
+ * @GNUTLS_A_NO_RENEGOTIATION: No renegotiation is allowed.
+ * @GNUTLS_A_CERTIFICATE_UNOBTAINABLE: Could not retrieve the
+ *   specified certificate.
+ * @GNUTLS_A_UNSUPPORTED_EXTENSION: An unsupported extension was
+ *   sent.
+ * @GNUTLS_A_UNRECOGNIZED_NAME: The server name sent was not
+ *   recognized.
+ * @GNUTLS_A_UNKNOWN_PSK_IDENTITY: The SRP/PSK username is missing
+ *   or not known.
+ *
+ * Enumeration of different TLS alerts.
+ */
   typedef enum
   {
     GNUTLS_A_CLOSE_NOTIFY,
@@ -381,26 +381,26 @@ extern "C"
     GNUTLS_A_UNKNOWN_PSK_IDENTITY = 115,
   } gnutls_alert_description_t;
 
-  /**
-   * gnutls_handshake_description_t:
-   * @GNUTLS_HANDSHAKE_HELLO_REQUEST: Hello request.
-   * @GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST: DTLS Hello verify request.
-   * @GNUTLS_HANDSHAKE_CLIENT_HELLO: Client hello.
-   * @GNUTLS_HANDSHAKE_SERVER_HELLO: Server hello.
-   * @GNUTLS_HANDSHAKE_NEW_SESSION_TICKET: New session ticket.
-   * @GNUTLS_HANDSHAKE_CERTIFICATE_PKT: Certificate packet.
-   * @GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE: Server key exchange.
-   * @GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST: Certificate request.
-   * @GNUTLS_HANDSHAKE_SERVER_HELLO_DONE: Server hello done.
-   * @GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY: Certificate verify.
-   * @GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE: Client key exchange.
-   * @GNUTLS_HANDSHAKE_FINISHED: Finished.
-   * @GNUTLS_HANDSHAKE_SUPPLEMENTAL: Supplemental.
-   * @GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC: Change Cipher Spec
-   * @GNUTLS_HANDSHAKE_CLIENT_HELLO_V2: SSLv2 Client Hello.
-   *
-   * Enumeration of different TLS handshake packets.
-   */
+/**
+ * gnutls_handshake_description_t:
+ * @GNUTLS_HANDSHAKE_HELLO_REQUEST: Hello request.
+ * @GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST: DTLS Hello verify request.
+ * @GNUTLS_HANDSHAKE_CLIENT_HELLO: Client hello.
+ * @GNUTLS_HANDSHAKE_SERVER_HELLO: Server hello.
+ * @GNUTLS_HANDSHAKE_NEW_SESSION_TICKET: New session ticket.
+ * @GNUTLS_HANDSHAKE_CERTIFICATE_PKT: Certificate packet.
+ * @GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE: Server key exchange.
+ * @GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST: Certificate request.
+ * @GNUTLS_HANDSHAKE_SERVER_HELLO_DONE: Server hello done.
+ * @GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY: Certificate verify.
+ * @GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE: Client key exchange.
+ * @GNUTLS_HANDSHAKE_FINISHED: Finished.
+ * @GNUTLS_HANDSHAKE_SUPPLEMENTAL: Supplemental.
+ * @GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC: Change Cipher Spec
+ * @GNUTLS_HANDSHAKE_CLIENT_HELLO_V2: SSLv2 Client Hello.
+ *
+ * Enumeration of different TLS handshake packets.
+ */
   typedef enum
   {
     GNUTLS_HANDSHAKE_HELLO_REQUEST = 0,
@@ -420,25 +420,28 @@ extern "C"
     GNUTLS_HANDSHAKE_CLIENT_HELLO_V2 = 1024,
   } gnutls_handshake_description_t;
 
-  /**
-   * gnutls_certificate_status_t:
-   * @GNUTLS_CERT_INVALID: Will be set if the certificate was not
-   *   verified.
-   * @GNUTLS_CERT_REVOKED: Certificate revoked.  In X.509 this will be
-   *   set only if CRLs are checked.
-   * @GNUTLS_CERT_SIGNER_NOT_FOUND: Certificate not verified.  Signer
-   *   not found.
-   * @GNUTLS_CERT_SIGNER_NOT_CA: Certificate not verified.  Signer
-   *   not a CA certificate.
-   * @GNUTLS_CERT_INSECURE_ALGORITHM: Certificate not verified,
-   *   insecure algorithm.
-   * @GNUTLS_CERT_NOT_ACTIVATED: Certificate not yet activated.
-   * @GNUTLS_CERT_EXPIRED: Certificate expired.
-   *
-   * Enumeration of certificate status codes.  Note that the status
-   * bits have different meanings in OpenPGP keys and X.509
-   * certificate verification.
-   */
+/**
+ * gnutls_certificate_status_t:
+ * @GNUTLS_CERT_INVALID: The certificate is not signed by one of the
+ *   known authorities or the signature is invalid.
+ * @GNUTLS_CERT_REVOKED: Certificate is revoked by its authority.  In X.509 this will be
+ *   set only if CRLs are checked.
+ * @GNUTLS_CERT_SIGNER_NOT_FOUND: The certificate's issuer is not known. 
+ *   This is the case if the issue is not included in the trusted certificate list.
+ *   not found.
+ * @GNUTLS_CERT_SIGNER_NOT_CA: The certificate’s signer was not a CA. This
+ *   may happen if this was a version 1 certificate, which is common with 
+ *   some CAs, or a version 3 certificate without the basic constrains extension.
+ * @GNUTLS_CERT_INSECURE_ALGORITHM:  The certificate was signed using an in-
+ *   secure algorithm such as MD2 or MD5. These algorithms have been broken and
+ *   should not be trusted.
+ * @GNUTLS_CERT_NOT_ACTIVATED: The certificate is not yet activated.
+ * @GNUTLS_CERT_EXPIRED: The certificate has expired.
+ *
+ * Enumeration of certificate status codes.  Note that the status
+ * bits have different meanings in OpenPGP keys and X.509
+ * certificate verification.
+ */
   typedef enum
   {
     GNUTLS_CERT_INVALID = 2,
@@ -450,14 +453,14 @@ extern "C"
     GNUTLS_CERT_EXPIRED = 1024
   } gnutls_certificate_status_t;
 
-  /**
-   * gnutls_certificate_request_t:
-   * @GNUTLS_CERT_IGNORE: Ignore certificate.
-   * @GNUTLS_CERT_REQUEST: Request certificate.
-   * @GNUTLS_CERT_REQUIRE: Require certificate.
-   *
-   * Enumeration of certificate request types.
-   */
+/**
+ * gnutls_certificate_request_t:
+ * @GNUTLS_CERT_IGNORE: Ignore certificate.
+ * @GNUTLS_CERT_REQUEST: Request certificate.
+ * @GNUTLS_CERT_REQUIRE: Require certificate.
+ *
+ * Enumeration of certificate request types.
+ */
   typedef enum
   {
     GNUTLS_CERT_IGNORE = 0,
@@ -465,45 +468,45 @@ extern "C"
     GNUTLS_CERT_REQUIRE = 2
   } gnutls_certificate_request_t;
 
-  /**
-   * gnutls_openpgp_crt_status_t:
-   * @GNUTLS_OPENPGP_CERT: Send entire certificate.
-   * @GNUTLS_OPENPGP_CERT_FINGERPRINT: Send only certificate fingerprint.
-   *
-   * Enumeration of ways to send OpenPGP certificate.
-   */
+/**
+ * gnutls_openpgp_crt_status_t:
+ * @GNUTLS_OPENPGP_CERT: Send entire certificate.
+ * @GNUTLS_OPENPGP_CERT_FINGERPRINT: Send only certificate fingerprint.
+ *
+ * Enumeration of ways to send OpenPGP certificate.
+ */
   typedef enum
   {
     GNUTLS_OPENPGP_CERT = 0,
     GNUTLS_OPENPGP_CERT_FINGERPRINT = 1
   } gnutls_openpgp_crt_status_t;
 
-  /**
-   * gnutls_close_request_t:
-   * @GNUTLS_SHUT_RDWR: Disallow further receives/sends.
-   * @GNUTLS_SHUT_WR: Disallow further sends.
-   *
-   * Enumeration of how TLS session should be terminated.  See gnutls_bye().
-   */
+/**
+ * gnutls_close_request_t:
+ * @GNUTLS_SHUT_RDWR: Disallow further receives/sends.
+ * @GNUTLS_SHUT_WR: Disallow further sends.
+ *
+ * Enumeration of how TLS session should be terminated.  See gnutls_bye().
+ */
   typedef enum
   {
     GNUTLS_SHUT_RDWR = 0,
     GNUTLS_SHUT_WR = 1
   } gnutls_close_request_t;
 
-  /**
-   * gnutls_protocol_t:
-   * @GNUTLS_SSL3: SSL version 3.0.
-   * @GNUTLS_TLS1_0: TLS version 1.0.
-   * @GNUTLS_TLS1: Same as %GNUTLS_TLS1_0.
-   * @GNUTLS_TLS1_1: TLS version 1.1.
-   * @GNUTLS_TLS1_2: TLS version 1.2.
-   * @GNUTLS_DTLS1_0: DTLS version 1.0.
-   * @GNUTLS_VERSION_MAX: Maps to the highest supported TLS version.
-   * @GNUTLS_VERSION_UNKNOWN: Unknown SSL/TLS version.
-   *
-   * Enumeration of different SSL/TLS protocol versions.
-   */
+/**
+ * gnutls_protocol_t:
+ * @GNUTLS_SSL3: SSL version 3.0.
+ * @GNUTLS_TLS1_0: TLS version 1.0.
+ * @GNUTLS_TLS1: Same as %GNUTLS_TLS1_0.
+ * @GNUTLS_TLS1_1: TLS version 1.1.
+ * @GNUTLS_TLS1_2: TLS version 1.2.
+ * @GNUTLS_DTLS1_0: DTLS version 1.0.
+ * @GNUTLS_VERSION_MAX: Maps to the highest supported TLS version.
+ * @GNUTLS_VERSION_UNKNOWN: Unknown SSL/TLS version.
+ *
+ * Enumeration of different SSL/TLS protocol versions.
+ */
   typedef enum
   {
     GNUTLS_SSL3 = 1,
@@ -516,14 +519,14 @@ extern "C"
     GNUTLS_VERSION_UNKNOWN = 0xff
   } gnutls_protocol_t;
 
-  /**
-   * gnutls_certificate_type_t:
-   * @GNUTLS_CRT_UNKNOWN: Unknown certificate type.
-   * @GNUTLS_CRT_X509: X.509 Certificate.
-   * @GNUTLS_CRT_OPENPGP: OpenPGP certificate.
-   *
-   * Enumeration of different certificate types.
-   */
+/**
+ * gnutls_certificate_type_t:
+ * @GNUTLS_CRT_UNKNOWN: Unknown certificate type.
+ * @GNUTLS_CRT_X509: X.509 Certificate.
+ * @GNUTLS_CRT_OPENPGP: OpenPGP certificate.
+ *
+ * Enumeration of different certificate types.
+ */
   typedef enum
   {
     GNUTLS_CRT_UNKNOWN = 0,
@@ -531,27 +534,27 @@ extern "C"
     GNUTLS_CRT_OPENPGP = 2
   } gnutls_certificate_type_t;
 
-  /**
-   * gnutls_x509_crt_fmt_t:
-   * @GNUTLS_X509_FMT_DER: X.509 certificate in DER format (binary).
-   * @GNUTLS_X509_FMT_PEM: X.509 certificate in PEM format (text).
-   *
-   * Enumeration of different certificate encoding formats.
-   */
+/**
+ * gnutls_x509_crt_fmt_t:
+ * @GNUTLS_X509_FMT_DER: X.509 certificate in DER format (binary).
+ * @GNUTLS_X509_FMT_PEM: X.509 certificate in PEM format (text).
+ *
+ * Enumeration of different certificate encoding formats.
+ */
   typedef enum
   {
     GNUTLS_X509_FMT_DER = 0,
     GNUTLS_X509_FMT_PEM = 1
   } gnutls_x509_crt_fmt_t;
 
-  /**
-   * gnutls_certificate_print_formats_t:
-   * @GNUTLS_CRT_PRINT_FULL: Full information about certificate.
-   * @GNUTLS_CRT_PRINT_ONELINE: Information about certificate in one line.
-   * @GNUTLS_CRT_PRINT_UNSIGNED_FULL: All info for an unsigned certificate.
-   *
-   * Enumeration of different certificate printing variants.
-   */
+/**
+ * gnutls_certificate_print_formats_t:
+ * @GNUTLS_CRT_PRINT_FULL: Full information about certificate.
+ * @GNUTLS_CRT_PRINT_ONELINE: Information about certificate in one line.
+ * @GNUTLS_CRT_PRINT_UNSIGNED_FULL: All info for an unsigned certificate.
+ *
+ * Enumeration of different certificate printing variants.
+ */
   typedef enum gnutls_certificate_print_formats
   {
     GNUTLS_CRT_PRINT_FULL = 0,
@@ -559,16 +562,16 @@ extern "C"
     GNUTLS_CRT_PRINT_UNSIGNED_FULL = 2
   } gnutls_certificate_print_formats_t;
 
-  /**
-   * gnutls_pk_algorithm_t:
-   * @GNUTLS_PK_UNKNOWN: Unknown public-key algorithm.
-   * @GNUTLS_PK_RSA: RSA public-key algorithm.
-   * @GNUTLS_PK_DSA: DSA public-key algorithm.
-   * @GNUTLS_PK_DH: Diffie-Hellman algorithm. Used to generate parameters.
-   * @GNUTLS_PK_ECC: Elliptic curve algorithm. Used to generate parameters.
-   *
-   * Enumeration of different public-key algorithms.
-   */
+/**
+ * gnutls_pk_algorithm_t:
+ * @GNUTLS_PK_UNKNOWN: Unknown public-key algorithm.
+ * @GNUTLS_PK_RSA: RSA public-key algorithm.
+ * @GNUTLS_PK_DSA: DSA public-key algorithm.
+ * @GNUTLS_PK_DH: Diffie-Hellman algorithm. Used to generate parameters.
+ * @GNUTLS_PK_ECC: Elliptic curve algorithm. Used to generate parameters.
+ *
+ * Enumeration of different public-key algorithms.
+ */
   typedef enum
   {
     GNUTLS_PK_UNKNOWN = 0,
@@ -580,30 +583,30 @@ extern "C"
 
   const char *gnutls_pk_algorithm_get_name (gnutls_pk_algorithm_t algorithm);
 
-  /**
-   * gnutls_sign_algorithm_t:
-   * @GNUTLS_SIGN_UNKNOWN: Unknown signature algorithm.
-   * @GNUTLS_SIGN_RSA_SHA1: Digital signature algorithm RSA with SHA-1
-   * @GNUTLS_SIGN_RSA_SHA: Same as %GNUTLS_SIGN_RSA_SHA1.
-   * @GNUTLS_SIGN_DSA_SHA1: Digital signature algorithm DSA with SHA-1
-   * @GNUTLS_SIGN_DSA_SHA224: Digital signature algorithm DSA with SHA-224
-   * @GNUTLS_SIGN_DSA_SHA256: Digital signature algorithm DSA with SHA-256
-   * @GNUTLS_SIGN_DSA_SHA: Same as %GNUTLS_SIGN_DSA_SHA1.
-   * @GNUTLS_SIGN_RSA_MD5: Digital signature algorithm RSA with MD5.
-   * @GNUTLS_SIGN_RSA_MD2: Digital signature algorithm RSA with MD2.
-   * @GNUTLS_SIGN_RSA_RMD160: Digital signature algorithm RSA with RMD-160.
-   * @GNUTLS_SIGN_RSA_SHA256: Digital signature algorithm RSA with SHA-256.
-   * @GNUTLS_SIGN_RSA_SHA384: Digital signature algorithm RSA with SHA-384.
-   * @GNUTLS_SIGN_RSA_SHA512: Digital signature algorithm RSA with SHA-512.
-   * @GNUTLS_SIGN_RSA_SHA224: Digital signature algorithm RSA with SHA-224.
-   * @GNUTLS_SIGN_ECDSA_SHA1: ECDSA with SHA1.
-   * @GNUTLS_SIGN_ECDSA_SHA256: Digital signature algorithm ECDSA with SHA-256.
-   * @GNUTLS_SIGN_ECDSA_SHA384: Digital signature algorithm ECDSA with SHA-384.
-   * @GNUTLS_SIGN_ECDSA_SHA512: Digital signature algorithm ECDSA with SHA-512.
-   * @GNUTLS_SIGN_ECDSA_SHA224: Digital signature algorithm ECDSA with SHA-224.
-   *
-   * Enumeration of different digital signature algorithms.
-   */
+/**
+ * gnutls_sign_algorithm_t:
+ * @GNUTLS_SIGN_UNKNOWN: Unknown signature algorithm.
+ * @GNUTLS_SIGN_RSA_SHA1: Digital signature algorithm RSA with SHA-1
+ * @GNUTLS_SIGN_RSA_SHA: Same as %GNUTLS_SIGN_RSA_SHA1.
+ * @GNUTLS_SIGN_DSA_SHA1: Digital signature algorithm DSA with SHA-1
+ * @GNUTLS_SIGN_DSA_SHA224: Digital signature algorithm DSA with SHA-224
+ * @GNUTLS_SIGN_DSA_SHA256: Digital signature algorithm DSA with SHA-256
+ * @GNUTLS_SIGN_DSA_SHA: Same as %GNUTLS_SIGN_DSA_SHA1.
+ * @GNUTLS_SIGN_RSA_MD5: Digital signature algorithm RSA with MD5.
+ * @GNUTLS_SIGN_RSA_MD2: Digital signature algorithm RSA with MD2.
+ * @GNUTLS_SIGN_RSA_RMD160: Digital signature algorithm RSA with RMD-160.
+ * @GNUTLS_SIGN_RSA_SHA256: Digital signature algorithm RSA with SHA-256.
+ * @GNUTLS_SIGN_RSA_SHA384: Digital signature algorithm RSA with SHA-384.
+ * @GNUTLS_SIGN_RSA_SHA512: Digital signature algorithm RSA with SHA-512.
+ * @GNUTLS_SIGN_RSA_SHA224: Digital signature algorithm RSA with SHA-224.
+ * @GNUTLS_SIGN_ECDSA_SHA1: ECDSA with SHA1.
+ * @GNUTLS_SIGN_ECDSA_SHA256: Digital signature algorithm ECDSA with SHA-256.
+ * @GNUTLS_SIGN_ECDSA_SHA384: Digital signature algorithm ECDSA with SHA-384.
+ * @GNUTLS_SIGN_ECDSA_SHA512: Digital signature algorithm ECDSA with SHA-512.
+ * @GNUTLS_SIGN_ECDSA_SHA224: Digital signature algorithm ECDSA with SHA-224.
+ *
+ * Enumeration of different digital signature algorithms.
+ */
   typedef enum
   {
     GNUTLS_SIGN_UNKNOWN = 0,
@@ -627,16 +630,16 @@ extern "C"
     GNUTLS_SIGN_ECDSA_SHA512 = 16,
   } gnutls_sign_algorithm_t;
 
-  /**
-   * gnutls_ecc_curve_t:
-   * @GNUTLS_ECC_CURVE_INVALID: Cannot be known
-   * @GNUTLS_ECC_CURVE_SECP224R1: the SECP224R1 curve
-   * @GNUTLS_ECC_CURVE_SECP256R1: the SECP256R1 curve
-   * @GNUTLS_ECC_CURVE_SECP384R1: the SECP384R1 curve
-   * @GNUTLS_ECC_CURVE_SECP521R1: the SECP521R1 curve
-   *
-   * Enumeration of ECC curves.
-   */
+/**
+ * gnutls_ecc_curve_t:
+ * @GNUTLS_ECC_CURVE_INVALID: Cannot be known
+ * @GNUTLS_ECC_CURVE_SECP224R1: the SECP224R1 curve
+ * @GNUTLS_ECC_CURVE_SECP256R1: the SECP256R1 curve
+ * @GNUTLS_ECC_CURVE_SECP384R1: the SECP384R1 curve
+ * @GNUTLS_ECC_CURVE_SECP521R1: the SECP521R1 curve
+ *
+ * Enumeration of ECC curves.
+ */
 typedef enum
 {
   GNUTLS_ECC_CURVE_INVALID=0,
@@ -646,17 +649,17 @@ typedef enum
   GNUTLS_ECC_CURVE_SECP521R1,
 } gnutls_ecc_curve_t;
 
-  /**
-   * gnutls_sec_param_t:
-   * @GNUTLS_SEC_PARAM_UNKNOWN: Cannot be known
-   * @GNUTLS_SEC_PARAM_WEAK: 50 or less bits of security
-   * @GNUTLS_SEC_PARAM_LOW: 80 bits of security
-   * @GNUTLS_SEC_PARAM_NORMAL: 112 bits of security
-   * @GNUTLS_SEC_PARAM_HIGH: 128 bits of security
-   * @GNUTLS_SEC_PARAM_ULTRA: 192 bits of security
-   *
-   * Enumeration of security parameters for passive attacks
-   */
+/**
+ * gnutls_sec_param_t:
+ * @GNUTLS_SEC_PARAM_UNKNOWN: Cannot be known
+ * @GNUTLS_SEC_PARAM_WEAK: 50 or less bits of security
+ * @GNUTLS_SEC_PARAM_LOW: 80 bits of security
+ * @GNUTLS_SEC_PARAM_NORMAL: 112 bits of security
+ * @GNUTLS_SEC_PARAM_HIGH: 128 bits of security
+ * @GNUTLS_SEC_PARAM_ULTRA: 192 bits of security
+ *
+ * Enumeration of security parameters for passive attacks
+ */
   typedef enum
   {
     GNUTLS_SEC_PARAM_UNKNOWN,
@@ -667,12 +670,12 @@ typedef enum
     GNUTLS_SEC_PARAM_ULTRA
   } gnutls_sec_param_t;
 
-  /**
-   * gnutls_channel_binding_t:
-   * @GNUTLS_CB_TLS_UNIQUE: "tls-unique" (RFC 5929) channel binding
-   *
-   * Enumeration of support channel binding types.
-   */
+/**
+ * gnutls_channel_binding_t:
+ * @GNUTLS_CB_TLS_UNIQUE: "tls-unique" (RFC 5929) channel binding
+ *
+ * Enumeration of support channel binding types.
+ */
   typedef enum
   {
     GNUTLS_CB_TLS_UNIQUE
@@ -854,12 +857,12 @@ gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t session);
                       size_t seed_size, const char *seed,
                       size_t outsize, char *out);
 
-  /**
-   * gnutls_server_name_type_t:
-   * @GNUTLS_NAME_DNS: Domain Name System name type.
-   *
-   * Enumeration of different server name types.
-   */
+/**
+ * gnutls_server_name_type_t:
+ * @GNUTLS_NAME_DNS: Domain Name System name type.
+ *
+ * Enumeration of different server name types.
+ */
   typedef enum
   {
     GNUTLS_NAME_DNS = 1
@@ -876,12 +879,12 @@ gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t session);
   /* Safe renegotiation */
   int gnutls_safe_renegotiation_status (gnutls_session_t session);
 
-  /**
-   * gnutls_supplemental_data_format_type_t:
-   * @GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA: Supplemental user mapping data.
-   *
-   * Enumeration of different supplemental data types (RFC 4680).
-   */
+/**
+ * gnutls_supplemental_data_format_type_t:
+ * @GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA: Supplemental user mapping data.
+ *
+ * Enumeration of different supplemental data types (RFC 4680).
+ */
   typedef enum
   {
     GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA = 0
@@ -1388,13 +1391,13 @@ gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t session);
   typedef struct gnutls_psk_client_credentials_st
     *gnutls_psk_client_credentials_t;
 
-  /**
-   * gnutls_psk_key_flags:
-   * @GNUTLS_PSK_KEY_RAW: PSK-key in raw format.
-   * @GNUTLS_PSK_KEY_HEX: PSK-key in hex format.
-   *
-   * Enumeration of different PSK key flags.
-   */
+/**
+ * gnutls_psk_key_flags:
+ * @GNUTLS_PSK_KEY_RAW: PSK-key in raw format.
+ * @GNUTLS_PSK_KEY_HEX: PSK-key in hex format.
+ *
+ * Enumeration of different PSK key flags.
+ */
   typedef enum gnutls_psk_key_flags
   {
     GNUTLS_PSK_KEY_RAW = 0,
@@ -1456,19 +1459,19 @@ gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t session);
                                            res,
                                            gnutls_params_function * func);
 
-  /**
-   * gnutls_x509_subject_alt_name_t:
-   * @GNUTLS_SAN_DNSNAME: DNS-name SAN.
-   * @GNUTLS_SAN_RFC822NAME: E-mail address SAN.
-   * @GNUTLS_SAN_URI: URI SAN.
-   * @GNUTLS_SAN_IPADDRESS: IP address SAN.
-   * @GNUTLS_SAN_OTHERNAME: OtherName SAN.
-   * @GNUTLS_SAN_DN: DN SAN.
-   * @GNUTLS_SAN_OTHERNAME_XMPP: Virtual SAN, used by
-   *   gnutls_x509_crt_get_subject_alt_othername_oid().
-   *
-   * Enumeration of different subject alternative names types.
-   */
+/**
+ * gnutls_x509_subject_alt_name_t:
+ * @GNUTLS_SAN_DNSNAME: DNS-name SAN.
+ * @GNUTLS_SAN_RFC822NAME: E-mail address SAN.
+ * @GNUTLS_SAN_URI: URI SAN.
+ * @GNUTLS_SAN_IPADDRESS: IP address SAN.
+ * @GNUTLS_SAN_OTHERNAME: OtherName SAN.
+ * @GNUTLS_SAN_DN: DN SAN.
+ * @GNUTLS_SAN_OTHERNAME_XMPP: Virtual SAN, used by
+ *   gnutls_x509_crt_get_subject_alt_othername_oid().
+ *
+ * Enumeration of different subject alternative names types.
+ */
   typedef enum gnutls_x509_subject_alt_name_t
   {
     GNUTLS_SAN_DNSNAME = 1,
@@ -1492,14 +1495,14 @@ gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t session);
   struct gnutls_pkcs11_privkey_st;
   typedef struct gnutls_pkcs11_privkey_st *gnutls_pkcs11_privkey_t;
 
-  /**
-   * gnutls_privkey_type_t:
-   * @GNUTLS_PRIVKEY_X509: X.509 private key, #gnutls_x509_privkey_t.
-   * @GNUTLS_PRIVKEY_OPENPGP: OpenPGP private key, #gnutls_openpgp_privkey_t.
-   * @GNUTLS_PRIVKEY_PKCS11: PKCS11 private key, #gnutls_pkcs11_privkey_t.
-   *
-   * Enumeration of different private key types.
-   */
+/**
+ * gnutls_privkey_type_t:
+ * @GNUTLS_PRIVKEY_X509: X.509 private key, #gnutls_x509_privkey_t.
+ * @GNUTLS_PRIVKEY_OPENPGP: OpenPGP private key, #gnutls_openpgp_privkey_t.
+ * @GNUTLS_PRIVKEY_PKCS11: PKCS11 private key, #gnutls_pkcs11_privkey_t.
+ *
+ * Enumeration of different private key types.
+ */
   typedef enum
     {
       GNUTLS_PRIVKEY_X509,
diff --git a/lib/includes/gnutls/pkcs12.h b/lib/includes/gnutls/pkcs12.h
index 45fce1fb01..85a1259d75 100644
--- a/lib/includes/gnutls/pkcs12.h
+++ b/lib/includes/gnutls/pkcs12.h
@@ -58,19 +58,19 @@ extern "C"
   int gnutls_pkcs12_bag_encrypt (gnutls_pkcs12_bag_t bag, const char *pass,
                                  unsigned int flags);
 
-  /**
-   * gnutls_pkcs12_bag_type_t:
-   * @GNUTLS_BAG_EMPTY: Empty PKCS-12 bag.
-   * @GNUTLS_BAG_PKCS8_ENCRYPTED_KEY: PKCS-12 bag with PKCS-8 encrypted key.
-   * @GNUTLS_BAG_PKCS8_KEY: PKCS-12 bag with PKCS-8 key.
-   * @GNUTLS_BAG_CERTIFICATE: PKCS-12 bag with certificate.
-   * @GNUTLS_BAG_CRL: PKCS-12 bag with CRL.
-   * @GNUTLS_BAG_SECRET: PKCS-12 bag with secret PKCS-9 keys.
-   * @GNUTLS_BAG_ENCRYPTED: Encrypted PKCS-12 bag.
-   * @GNUTLS_BAG_UNKNOWN: Unknown PKCS-12 bag.
-   *
-   * Enumeration of different PKCS 12 bag types.
-   */
+/**
+ * gnutls_pkcs12_bag_type_t:
+ * @GNUTLS_BAG_EMPTY: Empty PKCS-12 bag.
+ * @GNUTLS_BAG_PKCS8_ENCRYPTED_KEY: PKCS-12 bag with PKCS-8 encrypted key.
+ * @GNUTLS_BAG_PKCS8_KEY: PKCS-12 bag with PKCS-8 key.
+ * @GNUTLS_BAG_CERTIFICATE: PKCS-12 bag with certificate.
+ * @GNUTLS_BAG_CRL: PKCS-12 bag with CRL.
+ * @GNUTLS_BAG_SECRET: PKCS-12 bag with secret PKCS-9 keys.
+ * @GNUTLS_BAG_ENCRYPTED: Encrypted PKCS-12 bag.
+ * @GNUTLS_BAG_UNKNOWN: Unknown PKCS-12 bag.
+ *
+ * Enumeration of different PKCS 12 bag types.
+ */
   typedef enum gnutls_pkcs12_bag_type_t
   {
     GNUTLS_BAG_EMPTY = 0,
diff --git a/lib/includes/gnutls/x509.h b/lib/includes/gnutls/x509.h
index 9344558ebe..67b5a1e37d 100644
--- a/lib/includes/gnutls/x509.h
+++ b/lib/includes/gnutls/x509.h
@@ -527,11 +527,13 @@ extern "C"
  *   unless you know what this means.
  * @GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS: If set a signer in the trusted
  *   list is never checked for expiration or activation.
- * @GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT: Allow trusted CA
- *   certificates that have version 1.  This is the default.
+ * @GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT: Allow trusted CA certificates
+ *   with version 1. This is safer than %GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT,
+ *   and should be used instead. That way only signers in your trusted list
+ *   will be allowed to have certificates of version 1. This is the default.
  * @GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT: Do not allow trusted CA
  *   certificates that have version 1.  This option is to be used
- *   to deprecate all V1 certificates.
+ *   to deprecate all certificates of version 1.
  * @GNUTLS_VERIFY_DO_NOT_ALLOW_SAME: If a certificate is not signed by
  *   anyone trusted but exists in the trusted CA list do not treat it
  *   as trusted.