diff options
-rw-r--r-- | doc/cha-cert-auth.texi | 2 | ||||
-rw-r--r-- | doc/cha-library.texi | 2 | ||||
-rw-r--r-- | doc/cha-tokens.texi | 4 |
3 files changed, 4 insertions, 4 deletions
diff --git a/doc/cha-cert-auth.texi b/doc/cha-cert-auth.texi index f26f90e57e..cea30cf465 100644 --- a/doc/cha-cert-auth.texi +++ b/doc/cha-cert-auth.texi @@ -409,7 +409,7 @@ flags are part of the enumeration Some systems provide a system wide trusted certificate storage accessible using the PKCS #11 API. That is, the trusted certificates are queried and accessed using the PKCS #11 API, and trusted certificate properties, such as purpose, are marked using -attached extensions. One example is the p11-kit trust module@footnote{see @url{https://p11-glue.freedesktop.org/trust-module.html}.}. +attached extensions. One example is the p11-kit trust module@footnote{see @url{https://p11-glue.github.io/p11-glue/trust-module.html}.}. These special PKCS #11 modules can be used for GnuTLS certificate verification if marked as trust policy modules, i.e., with @code{trust-policy: yes} in the p11-kit module file. diff --git a/doc/cha-library.texi b/doc/cha-library.texi index ff21ba6d83..6e5df6eaaa 100644 --- a/doc/cha-library.texi +++ b/doc/cha-library.texi @@ -142,7 +142,7 @@ the last, which allows to use a PKCS #11 trust policy module. That module not on provides the trusted certificates, but allows the categorization of them using purpose, e.g., CAs can be restricted for e-mail usage only, or administrative restrictions of CAs, for examples by restricting a CA to only issue certificates for a given DNS domain using NameConstraints. -A publicly available PKCS #11 trust module is p11-kit's trust module@footnote{@url{https://p11-glue.freedesktop.org/doc/p11-kit/trust-module.html}}. +A publicly available PKCS #11 trust module is p11-kit's trust module@footnote{@url{https://p11-glue.github.io/p11-glue/trust-module.html}}. @node Document overview @section Overview diff --git a/doc/cha-tokens.texi b/doc/cha-tokens.texi index 6057feda2f..ab7a5fbf32 100644 --- a/doc/cha-tokens.texi +++ b/doc/cha-tokens.texi @@ -302,7 +302,7 @@ and tokens, @acronym{PKCS} #11 is automatically initialized during the first call of a @acronym{PKCS} #11 related function, in a thread safe way. The default initialization process, utilizes p11-kit configuration, and loads any appropriate @acronym{PKCS} #11 modules. The p11-kit configuration -files@footnote{@url{https://p11-glue.freedesktop.org/}} are typically stored in @code{/etc/pkcs11/modules/}. +files@footnote{@url{https://p11-glue.github.io/p11-glue/p11-kit.html}} are typically stored in @code{/etc/pkcs11/modules/}. For example a file that will instruct GnuTLS to load the @acronym{OpenSC} module, could be named @code{/etc/pkcs11/modules/opensc.module} and contain the following: @@ -506,7 +506,7 @@ The @acronym{PKCS} #11 API can be used to allow all applications in the same operating system to access shared cryptographic keys and certificates in a uniform way, as in @ref{fig-pkcs11-vision}. That way applications could load their trusted certificate list, as well as user certificates from a common PKCS #11 module. -Such a provider is the p11-kit trust storage module@footnote{@url{https://p11-glue.freedesktop.org/trust-module.html}} +Such a provider is the p11-kit trust storage module@footnote{@url{https://p11-glue.github.io/p11-glue/trust-module.html}} and it provides access to the trusted Root CA certificates in a system. That provides a more dynamic list of Root CA certificates, as opposed to a static list in a file or directory. |