diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-02-10 10:35:29 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-02-10 10:35:29 +0100 |
commit | 309f04b111bcb507f6abed9669185fe1de66787f (patch) | |
tree | c01bc96bb95aa77e2bca46bfae87e314e33c050b /doc/cha-cert-auth.texi | |
parent | 2fe123a63342125ac101df5ce5ab978dc5e3ed36 (diff) | |
download | gnutls-309f04b111bcb507f6abed9669185fe1de66787f.tar.gz |
Removed the application field and added an expiration field.
Diffstat (limited to 'doc/cha-cert-auth.texi')
-rw-r--r-- | doc/cha-cert-auth.texi | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/doc/cha-cert-auth.texi b/doc/cha-cert-auth.texi index 7fb41a60dd..a2656ad94d 100644 --- a/doc/cha-cert-auth.texi +++ b/doc/cha-cert-auth.texi @@ -87,7 +87,7 @@ acceptable. The framework is illustrated on @ref{fig:x509}. * X.509 distinguished names:: * Verifying X.509 certificate paths:: * Verifying a certificate in the context of TLS session:: -* Verifying a certificate using SSH-style authentication:: +* Verifying a certificate using trust on first use authentication:: @end menu @node X.509 certificate structure @@ -277,15 +277,16 @@ about the peer's identity. It is required to verify if the certificate's owner is the one you expect. For more information consult @xcite{RFC2818} and section @ref{ex:verify} for an example. -@node Verifying a certificate using SSH-style authentication -@subsection Verifying a certificate using SSH-style authentication +@node Verifying a certificate using trust on first use authentication +@subsection Verifying a certificate using trust on first use authentication @cindex verifying certificate paths @cindex SSH-style authentication +@cindex Trust on first use @tindex gnutls_certificate_verify_flags -It is possible to use an SSH-style authentication method in GnuTLS. -That means that having seen and associated a public key with a host -is enough to trust it on the subsequent connections. +It is possible to use a trust on first use (similar to SSH) authentication +method in GnuTLS. That means that having seen and associated a public key +with a host is enough to trust it on the subsequent connections. A hybrid system with X.509 and SSH authentication is shown in @ref{Simple client example with SSH-style certificate verification}. |