diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-11-04 22:03:25 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-11-04 22:03:25 +0100 |
commit | 97871a2d8ec3fc8ae7bded31feabf783cfdaed81 (patch) | |
tree | 2cfbc2fed7bf12137f682892d8df7704bb33d6be /doc/cha-gtls-app.texi | |
parent | afb47325dcb473f4b07a4ea13c49a3ee596f88f6 (diff) | |
download | gnutls-97871a2d8ec3fc8ae7bded31feabf783cfdaed81.tar.gz |
Include only a single example with X.509 client. This example includes certificate verification.
Diffstat (limited to 'doc/cha-gtls-app.texi')
-rw-r--r-- | doc/cha-gtls-app.texi | 25 |
1 files changed, 6 insertions, 19 deletions
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi index 1e20f02fce..72aab12e6d 100644 --- a/doc/cha-gtls-app.texi +++ b/doc/cha-gtls-app.texi @@ -480,7 +480,6 @@ implemented by another example. * Simple client example with X.509 certificate support:: * Simple Datagram TLS client example:: * Obtaining session information:: -* Verifying peer's certificate:: * Using a callback to select the certificate to use:: * Verifying a certificate:: * Client using a PKCS 11 token with TLS:: @@ -503,16 +502,17 @@ However, the data is integrity and privacy protected. @node Simple client example with X.509 certificate support @subsection Simple client example with @acronym{X.509} certificate support +@anchor{ex:verify} Let's assume now that we want to create a TCP client which communicates with servers that use @acronym{X.509} or @acronym{OpenPGP} certificate authentication. The following client is -a very simple @acronym{TLS} client, it does not support session -resuming, not even certificate verification. The TCP functions defined -in this example are used in most of the other examples below, without -redefining them. +a very simple @acronym{TLS} client, which uses the high level verification +functions for certificates, but does not support session +resumption. The TCP functions defined in this example are used +in most of the other examples below, without redefining them. -@verbatiminclude examples/ex-client2.c +@verbatiminclude examples/ex-rfc2818.c @node Simple Datagram TLS client example @subsection Simple datagram @acronym{TLS} client example @@ -534,19 +534,6 @@ if called after a successful @funcref{gnutls_handshake}. @verbatiminclude examples/ex-session-info.c -@node Verifying peer's certificate -@subsection Verifying peer's certificate -@anchor{ex:verify} - -A @acronym{TLS} session is not secure just after the handshake -procedure has finished. It must be considered secure, only after the -peer's certificate and identity have been verified. That is, you have -to verify the signature in peer's certificate, the hostname in the -certificate, and expiration dates. Just after this step you should -treat the connection as being a secure one. - -@verbatiminclude examples/ex-rfc2818.c - @node Using a callback to select the certificate to use @subsection Using a callback to select the certificate to use |