diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-07-13 07:10:11 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-07-13 07:15:42 +0200 |
commit | 1cf1c04d88e58288e1fef4e5c702352d9e990bd3 (patch) | |
tree | 2bd0e6408fbae3ea022ad27aa2e91e6eefd21977 | |
parent | f219d12e59540fc5eb0239f880cdbd5199dd79b8 (diff) | |
download | gnutls-tmp-gnutls-cli-debug-updates.tar.gz |
doc: minor text updatestmp-gnutls-cli-debug-updates
Updated text for gnutls_session_ext_master_secret_status and for
GNUTLS_NO_EXTENSIONS flag which is defunc.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
-rw-r--r-- | lib/ext/ext_master_secret.c | 3 | ||||
-rw-r--r-- | lib/includes/gnutls/gnutls.h.in | 2 |
2 files changed, 3 insertions, 2 deletions
diff --git a/lib/ext/ext_master_secret.c b/lib/ext/ext_master_secret.c index c9ee5cfe8c..311c096273 100644 --- a/lib/ext/ext_master_secret.c +++ b/lib/ext/ext_master_secret.c @@ -140,7 +140,8 @@ _gnutls_ext_master_secret_send_params(gnutls_session_t session, * @session: is a #gnutls_session_t type. * * Get the status of the extended master secret extension negotiation. - * This is in accordance to draft-ietf-tls-session-hash-01 + * This is in accordance to RFC7627. That information is also + * available to the more generic gnutls_session_get_flags(). * * Returns: Non-zero if the negotiation was successful or zero otherwise. **/ diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index f57d0d7cc7..52e9727486 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -377,7 +377,7 @@ typedef enum { * @GNUTLS_DATAGRAM: Connection is datagram oriented (DTLS). Since 3.0.0. * @GNUTLS_NONBLOCK: Connection should not block. Since 3.0.0. * @GNUTLS_NO_SIGNAL: In systems where SIGPIPE is delivered on send, it will be disabled. That flag has effect in systems which support the MSG_NOSIGNAL sockets flag (since 3.4.2). - * @GNUTLS_NO_EXTENSIONS: Do not enable any TLS extensions by default (since 3.1.2). + * @GNUTLS_NO_EXTENSIONS: Do not enable any TLS extensions by default (since 3.1.2). As TLS 1.2 and later require extensions this option is considered obsolete and should not be used. * @GNUTLS_NO_REPLAY_PROTECTION: Disable any replay protection in DTLS. This must only be used if replay protection is achieved using other means. Since 3.2.2. * @GNUTLS_ALLOW_ID_CHANGE: Allow the peer to replace its certificate, or change its ID during a rehandshake. This change is often used in attacks and thus prohibited by default. Since 3.5.0. * @GNUTLS_ENABLE_FALSE_START: Enable the TLS false start on client side if the negotiated ciphersuites allow it. This will enable sending data prior to the handshake being complete, and may introduce a risk of crypto failure when combined with certain key exchanged; for that GnuTLS may not enable that option in ciphersuites that are known to be not safe for false start. Since 3.5.0. |