Commit 5007a975 authored by Nikos Mavrogiannopoulos's avatar Nikos Mavrogiannopoulos
Browse files

renamed the auto-verification functions

The names are more consistent with the rest of the library.
parent 108f26f8
Pipeline #120819 failed with stage
......@@ -376,7 +376,7 @@ to use the system trust storage (see @funcref{gnutls_certificate_set_x509_system
Unlike the previous section it is not required to setup a trusted list, and there
are two approaches to verify the peer's certificate and identity.
The recommended in GnuTLS 3.5.0 and later is via the @funcref{gnutls_session_auto_verify_cert},
The recommended in GnuTLS 3.5.0 and later is via the @funcref{gnutls_session_set_verify_cert},
but for older GnuTLS versions you may use an explicit callback set via
@funcref{gnutls_certificate_set_verify_function} and then utilize
@funcref{gnutls_certificate_verify_peers3} for verification.
......@@ -385,7 +385,7 @@ in the previous section.
Note that in certain cases it is required to check the marked purpose of
the end certificate (e.g. @code{GNUTLS_KP_TLS_WWW_SERVER}); in these cases
the more advanced @funcref{gnutls_session_auto_verify_cert2} and
the more advanced @funcref{gnutls_session_set_verify_cert2} and
@funcref{gnutls_certificate_verify_peers} should be used instead.
There is also the possibility to pass some input to the verification
......
......@@ -575,7 +575,7 @@ the following functions, applicable to X.509 and OpenPGP certificates.
@showfuncC{gnutls_certificate_set_x509_system_trust,gnutls_certificate_set_x509_trust_file,gnutls_certificate_set_openpgp_keyring_file}
The peer's certificate will be automatically verified if
@funcref{gnutls_session_auto_verify_cert} is called prior to handshake.
@funcref{gnutls_session_set_verify_cert} is called prior to handshake.
Alternatively, one must set a callback function during the handshake
using @funcref{gnutls_certificate_set_verify_function}, which
......@@ -590,7 +590,7 @@ functions discussed in @ref{X.509 certificates}.
In both the automatic and the manual cases, the verification status returned
can be printed using @funcref{gnutls_certificate_verification_status_print}.
@showfuncdesc{gnutls_session_auto_verify_cert}
@showfuncdesc{gnutls_session_set_verify_cert}
@showfuncB{gnutls_certificate_verify_peers3,gnutls_certificate_set_verify_function}
......@@ -841,7 +841,7 @@ exchange.
@showfuncdesc{gnutls_handshake_set_timeout}
In GnuTLS 3.5.0 and later it is recommended to use @funcref{gnutls_session_auto_verify_cert}
In GnuTLS 3.5.0 and later it is recommended to use @funcref{gnutls_session_set_verify_cert}
for the handshake process to ensure the verification of the peer's identity.
In older GnuTLS versions it is required to manually verify the peer's certificate
......@@ -849,7 +849,7 @@ during the handshake by using @funcref{gnutls_certificate_set_verify_function},
@funcref{gnutls_certificate_verify_peers2}. See @ref{Certificate authentication}
for more information.
@showfuncB{gnutls_session_auto_verify_cert,gnutls_certificate_verify_peers2}
@showfuncB{gnutls_session_set_verify_cert,gnutls_certificate_verify_peers2}
@node Data transfer and termination
@section Data transfer and termination
......
......@@ -85,7 +85,7 @@ int main(void)
/* put the x509 credentials to the current session
*/
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
gnutls_session_auto_verify_cert(session, "my_host_name", 0);
gnutls_session_set_verify_cert(session, "my_host_name", 0);
/* connect to the peer
*/
......
......@@ -54,7 +54,7 @@ static int auto_verify_cb(gnutls_session_t session)
}
/**
* gnutls_session_auto_verify_cert:
* gnutls_session_set_verify_cert:
* @session: is a gnutls session
* @hostname: is the expected name of the peer; may be %NULL
* @flags: flags for certificate verification -- #gnutls_certificate_verify_flags
......@@ -68,13 +68,13 @@ static int auto_verify_cb(gnutls_session_t session)
* of the session. More precisely it should be available during any subsequent
* handshakes. If not hostname is provided, no hostname verification
* will be performed. For a more advanced verification function check
* gnutls_session_auto_verify_cert2().
* gnutls_session_set_verify_cert2().
*
* That function is intended to be used by clients.
*
* Since: 3.5.0
**/
void gnutls_session_auto_verify_cert(gnutls_session_t session,
void gnutls_session_set_verify_cert(gnutls_session_t session,
const char *hostname, unsigned flags)
{
if (hostname) {
......@@ -94,7 +94,7 @@ void gnutls_session_auto_verify_cert(gnutls_session_t session,
}
/**
* gnutls_session_auto_verify_cert2:
* gnutls_session_set_verify_cert2:
* @session: is a gnutls session
* @data: an array of typed data
* @elements: the number of data elements
......@@ -111,7 +111,7 @@ void gnutls_session_auto_verify_cert(gnutls_session_t session,
*
* Since: 3.5.0
**/
void gnutls_session_auto_verify_cert2(gnutls_session_t session,
void gnutls_session_set_verify_cert2(gnutls_session_t session,
gnutls_typed_vdata_st * data,
unsigned elements,
unsigned flags)
......@@ -130,8 +130,8 @@ void gnutls_session_auto_verify_cert2(gnutls_session_t session,
* @session: is a gnutls session
*
* This function returns the status of the verification when initiated
* via auto-verification, i.e., by gnutls_session_auto_verify_cert2() or
* gnutls_session_auto_verify_cert(). If no certificate verification
* via auto-verification, i.e., by gnutls_session_set_verify_cert2() or
* gnutls_session_set_verify_cert(). If no certificate verification
* was occurred then the return value would be set to ((unsigned int)-1).
*
* The certificate verification status is the same as in gnutls_certificate_verify_peers().
......
......@@ -1305,11 +1305,11 @@ typedef struct {
unsigned int size;
} gnutls_typed_vdata_st;
void gnutls_session_auto_verify_cert(gnutls_session_t session,
void gnutls_session_set_verify_cert(gnutls_session_t session,
const char *hostname, unsigned flags);
void
gnutls_session_auto_verify_cert2(gnutls_session_t session,
gnutls_session_set_verify_cert2(gnutls_session_t session,
gnutls_typed_vdata_st * data,
unsigned elements, unsigned flags);
......
......@@ -1053,8 +1053,8 @@ GNUTLS_3_4
gnutls_hex_decode2;
gnutls_hex_encode2;
gnutls_session_set_verify_function;
gnutls_session_auto_verify_cert;
gnutls_session_auto_verify_cert2;
gnutls_session_set_verify_cert;
gnutls_session_set_verify_cert2;
gnutls_session_get_verify_cert_status;
local:
*;
......
......@@ -278,7 +278,7 @@ void test_failure(void)
vdata[1].type = GNUTLS_DT_KEY_PURPOSE_OID;
vdata[1].data = (void*)GNUTLS_KP_TLS_WWW_SERVER;
gnutls_session_auto_verify_cert2(client, vdata, 2, 0);
gnutls_session_set_verify_cert2(client, vdata, 2, 0);
HANDSHAKE_EXPECT(client, server, GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR, GNUTLS_E_AGAIN);
......@@ -403,7 +403,7 @@ void test_success1(void)
vdata[1].type = GNUTLS_DT_KEY_PURPOSE_OID;
vdata[1].data = (void*)GNUTLS_KP_TLS_WWW_SERVER;
gnutls_session_auto_verify_cert2(client, vdata, 2, 0);
gnutls_session_set_verify_cert2(client, vdata, 2, 0);
HANDSHAKE(client, server);
......@@ -518,7 +518,7 @@ void test_success2(void)
gnutls_transport_set_pull_function(client, client_pull);
gnutls_transport_set_ptr(client, client);
gnutls_session_auto_verify_cert(client, "localhost", 0);
gnutls_session_set_verify_cert(client, "localhost", 0);
HANDSHAKE(client, server);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment