Removed the application field and added an expiration field.

3 files changed, 15 insertions, 11 deletions

diff --git a/doc/cha-cert-auth.texi b/doc/cha-cert-auth.texi
index 7fb41a60dd..a2656ad94d 100644
--- a/doc/cha-cert-auth.texi
+++ b/doc/cha-cert-auth.texi
@@ -87,7 +87,7 @@ acceptable.  The framework is illustrated on @ref{fig:x509}.
 * X.509 distinguished names::
 * Verifying X.509 certificate paths::
 * Verifying a certificate in the context of TLS session::
-* Verifying a certificate using SSH-style authentication::
+* Verifying a certificate using trust on first use authentication::
 @end menu
 
 @node X.509 certificate structure
@@ -277,15 +277,16 @@ about the peer's identity. It is required to verify if the
 certificate's owner is the one you expect. For more information
 consult @xcite{RFC2818} and section @ref{ex:verify} for an example.
 
-@node Verifying a certificate using SSH-style authentication
-@subsection Verifying a certificate using SSH-style authentication
+@node Verifying a certificate using trust on first use authentication
+@subsection Verifying a certificate using trust on first use authentication
 @cindex verifying certificate paths
 @cindex SSH-style authentication
+@cindex Trust on first use
 @tindex gnutls_certificate_verify_flags
 
-It is possible to use an SSH-style authentication method in GnuTLS.
-That means that having seen and associated a public key with a host
-is enough to trust it on the subsequent connections.
+It is possible to use a trust on first use (similar to SSH) authentication 
+method in GnuTLS. That means that having seen and associated a public key 
+with a host is enough to trust it on the subsequent connections.
 A hybrid system with X.509 and SSH authentication is 
 shown in @ref{Simple client example with SSH-style certificate verification}.
 
diff --git a/doc/cha-gtls-examples.texi b/doc/cha-gtls-examples.texi
index 9d253a0045..637653c46a 100644
--- a/doc/cha-gtls-examples.texi
+++ b/doc/cha-gtls-examples.texi
@@ -70,8 +70,9 @@ resumption.
 
 This is an alternative verification function that will use the
 X.509 certificate authorities for verification, but also assume an
-SSH-like authentication system. That is the user is prompted on unknown 
-public keys and known public keys are considered trusted.
+trust on first use (SSH-like) authentication system. That is the user is 
+prompted on unknown public keys and known public keys are considered 
+trusted.
 
 @verbatiminclude examples/ex-verify-ssh.c
 
diff --git a/doc/examples/ex-verify-ssh.c b/doc/examples/ex-verify-ssh.c
index c9a66b27bc..fb211c5746 100644
--- a/doc/examples/ex-verify-ssh.c
+++ b/doc/examples/ex-verify-ssh.c
@@ -92,8 +92,10 @@ _ssh_verify_certificate_callback (gnutls_session_t session)
 
   gnutls_x509_crt_deinit (cert);
   
-  ret = gnutls_verify_stored_pubkey(NULL, NULL, hostname, "443", 
-                                    GNUTLS_CRT_X509, &cert_list[0], 0);
+  /* service may be obtained alternatively using getservbyport() */
+  ret = gnutls_verify_stored_pubkey(NULL, hostname, "https", 
+                                    GNUTLS_CRT_X509, &cert_list[0], 
+                                    0, 0);
   if (ret == GNUTLS_E_NO_CERTIFICATE_FOUND)
     {
       fprintf(stderr, "Host %s is not known.", hostname);
@@ -128,7 +130,7 @@ _ssh_verify_certificate_callback (gnutls_session_t session)
   /* user trusts the key -> store it */
   if (ret != 0)
     {
-      ret = gnutls_store_pubkey(NULL, NULL, hostname, "443", GNUTLS_CRT_X509, &cert_list[0], 0);
+      ret = gnutls_store_pubkey(NULL, hostname, "https", GNUTLS_CRT_X509, &cert_list[0], 0);
       if (ret < 0)
         fprintf(stderr, "gnutls_store_pubkey: %s\n", gnutls_strerror(ret));
     }