Commit 699cd8bd authored by Tim Rühsen's avatar Tim Rühsen 🛠
Browse files

Use https:// for arbitrary files #1


Signed-off-by: Tim Rühsen's avatarTim Rühsen <tim.ruehsen@gmx.de>
parent 8e749db3
......@@ -3,7 +3,7 @@ GnuTLS README -- Important introductory notes
GnuTLS implements the TLS/SSL (Transport Layer Security aka Secure
Sockets Layer) protocol. GnuTLS is a GNU project. Additional
information can be found at <http://www.gnutls.org/>.
information can be found at <https://www.gnutls.org/>.
README
......@@ -13,7 +13,7 @@ This README is targeted for users of the library who build from
sources but do not necessarily develop. If you are interested
in developing and contributing to the GnuTLS project, please
see README-alpha and visit
http://www.gnutls.org/manual/html_node/Contributing.html.
https://www.gnutls.org/manual/html_node/Contributing.html.
COMPILATION
......@@ -36,15 +36,15 @@ the shared object (libgnutls.so), and additional binaries such as certtool
and gnutls-cli.
The library depends on libnettle and gmplib.
* gmplib: for big number arithmetic, http://gmplib.org/
* nettle: for cryptographic algorithms, http://www.lysator.liu.se/~nisse/nettle/
* gmplib: for big number arithmetic, https://gmplib.org/
* nettle: for cryptographic algorithms, https://www.lysator.liu.se/~nisse/nettle/
Optionally it may use the following libraries:
* libtasn1: For ASN.1 parsing (a copy is included, if not found), https://www.gnu.org/software/libtasn1/
* p11-kit: for smart card support, http://p11-glue.freedesktop.org/p11-kit.html
* libtspi: for Trusted Platform Module (TPM) support, http://trousers.sourceforge.net/
* libunbound: For DNSSEC/DANE support, http://unbound.net/
* libz: For compression support, http://www.zlib.net/
* p11-kit: for smart card support, https://p11-glue.freedesktop.org/p11-kit.html
* libtspi: for Trusted Platform Module (TPM) support, https://trousers.sourceforge.net/
* libunbound: For DNSSEC/DANE support, https://unbound.net/
* libz: For compression support, https://www.zlib.net/
* libidn: For supporting internationalized DNS names (IDNA 2003), https://www.gnu.org/software/libidn/
* libidn2: For supporting internationalized DNS names (IDNA 2008), https://www.gnu.org/software/libidn/#libidn2
......@@ -74,14 +74,14 @@ DOCUMENTATION
=============
See the documentation in doc/ and online at
http://www.gnutls.org/manual.
https://www.gnutls.org/manual.
EXAMPLES
========
See the examples in doc/examples/ and online at 'How To Use GnuTLS in
Applications' at http://www.gnutls.org/manual.
Applications' at https://www.gnutls.org/manual.
SECURITY ADVISORIES
......@@ -91,14 +91,14 @@ The project collects and publishes information on past security
incidents and vulnerabilities. Open information exchange, including
information which is [sometimes] suppressed in non-open or non-free
projects, is one of the goals of the GnuTLS project. Please visit
http://www.gnutls.org/security.html.
https://www.gnutls.org/security.html.
MAILING LISTS
=============
The GnuTLS project maintains mailing lists for users, developers, and
commits. Please see http://www.gnutls.org/lists.html.
commits. Please see https://www.gnutls.org/lists.html.
LICENSING
......@@ -144,7 +144,7 @@ of a previous git clone.
git format-patch
```
For more information on use of Git, visit http://git-scm.com/
For more information on use of Git, visit https://git-scm.com/
----------------------------------------------------------------------
Copying and distribution of this file, with or without modification,
......
......@@ -13,7 +13,7 @@
GnuTLS implements the TLS/SSL (Transport Layer Security aka Secure
Sockets Layer) protocol. Additional information can be found at
[www.gnutls.org](http://www.gnutls.org/).
[www.gnutls.org](https://www.gnutls.org/).
This file contains instructions for developers and advanced users that
want to build from version controlled sources. See [INSTALL.md](INSTALL.md)
......@@ -30,13 +30,13 @@ We require several tools to check out and build the software, including:
* [Texinfo](https://www.gnu.org/software/texinfo/)
* [Tar](https://www.gnu.org/software/tar/)
* [Gzip](https://www.gnu.org/software/gzip/)
* [Texlive & epsf](http://www.tug.org/texlive/) (for PDF manual)
* [GTK-DOC](http://www.gtk.org/gtk-doc/) (for API manual)
* [Git](http://git-scm.com/)
* [Perl](http://www.cpan.org/)
* [Nettle](http://www.lysator.liu.se/~nisse/nettle/)
* [Texlive & epsf](https://www.tug.org/texlive/) (for PDF manual)
* [GTK-DOC](https://www.gtk.org/gtk-doc/) (for API manual)
* [Git](https://git-scm.com/)
* [Perl](https://www.cpan.org/)
* [Nettle](https://www.lysator.liu.se/~nisse/nettle/)
* [Guile](https://www.gnu.org/software/guile/)
* [p11-kit](http://p11-glue.freedesktop.org/p11-kit.html)
* [p11-kit](https://p11-glue.freedesktop.org/p11-kit.html)
* [gperf](https://www.gnu.org/software/gperf/)
* [libtasn1](https://www.gnu.org/software/libtasn1/) (optional)
* [Libidn2](https://www.gnu.org/software/libidn/#libidn2) (optional, for internationalization of DNS, IDNA 2008)
......@@ -44,11 +44,11 @@ We require several tools to check out and build the software, including:
* [AWK](https://www.gnu.org/software/awk/) (for make dist, pmccabe2html)
* [bison](https://www.gnu.org/software/bison) (for datetime parser in certtool)
* [libunbound](https://unbound.net/) (for DANE support)
* [abi-compliance-checker](http://ispras.linuxbase.org/index.php/ABI_compliance_checker) (for make dist)
* [tcsd](http://trousers.sourceforge.net/) (for TPM support; optional)
* [abi-compliance-checker](https://ispras.linuxbase.org/index.php/ABI_compliance_checker) (for make dist)
* [tcsd](https://trousers.sourceforge.net/) (for TPM support; optional)
* [swtpm](https://github.com/stefanberger/swtpm) (for TPM test; optional)
* [ncat](https://nmap.org/download.html) (for TPM test; optional)
* [tpm-tools](http://trousers.sourceforge.net/) (for TPM test; optional)
* [tpm-tools](https://trousers.sourceforge.net/) (for TPM test; optional)
* [expect](https://core.tcl.tk/expect/index) (for TPM test; optional)
The required software is typically distributed with your operating
......@@ -79,13 +79,13 @@ Dependencies that are used during make check or make dist are listed below.
Moreover, for basic interoperability testing you may want to install openssl
and mbedtls.
* [Valgrind](http://valgrind.org/) (optional)
* [Valgrind](https://valgrind.org/) (optional)
* [Libasan](https://gcc.gnu.org//) (optional)
* [datefudge](http://packages.debian.org/datefudge) (optional)
* [nodejs](http://nodejs.org/) (needed for certain test cases)
* [softhsm](http://www.opendnssec.org/softhsm/) (for testing smart card support)
* [dieharder](http://www.phy.duke.edu/~rgb/General/dieharder.php) (for testing PRNG)
* [lcov](http://linux-test-project.github.io/) (for code coverage)
* [datefudge](https://packages.debian.org/datefudge) (optional)
* [nodejs](https://nodejs.org/) (needed for certain test cases)
* [softhsm](https://www.opendnssec.org/softhsm/) (for testing smart card support)
* [dieharder](https://www.phy.duke.edu/~rgb/General/dieharder.php) (for testing PRNG)
* [lcov](https://linux-test-project.github.io/) (for code coverage)
Debian/Ubuntu:
```
......
......@@ -388,7 +388,7 @@ AM_CONDITIONAL(HAVE_LIBUNISTRING, test "$ac_have_unistring" = "yes")
dnl Note that g*l_INIT are run after we check for library capabilities,
dnl to prevent issues from caching lib dependencies. See discussion
dnl in https://bugs.gentoo.org/show_bug.cgi?id=494940 and
dnl http://gnu-autoconf.7623.n7.nabble.com/Correct-way-to-check-for-clock-gettime-td12276.html
dnl https://gnu-autoconf.7623.n7.nabble.com/Correct-way-to-check-for-clock-gettime-td12276.html
gl_INIT
ggl_INIT
unistring_INIT
......@@ -650,7 +650,7 @@ if test "$with_p11_kit" != "no"; then
***
*** p11-kit >= $P11_KIT_MINIMUM was not found. To disable PKCS #11 support
*** use --without-p11-kit, otherwise you may get p11-kit from
*** http://p11-glue.freedesktop.org/p11-kit.html
*** https://p11-glue.freedesktop.org/p11-kit.html
*** ]])
fi
fi
......@@ -770,7 +770,7 @@ if test "x$with_default_trust_store_dir" != x; then
["$with_default_trust_store_dir"], [use the given directory as default trust store])
fi
dnl auto detect http://lists.gnu.org/archive/html/help-gnutls/2012-05/msg00004.html
dnl auto detect https://lists.gnu.org/archive/html/help-gnutls/2012-05/msg00004.html
AC_ARG_WITH([default-trust-store-file],
[AS_HELP_STRING([--with-default-trust-store-file=FILE],
[use the given file default trust store])], with_default_trust_store_file="$withval",
......
......@@ -4,48 +4,48 @@ People who have sent DCO for gnutls
Adam Sampson <ats||offog.org>
16 Jul 2013 (received by personal mail by nmav)
http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6857
https://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6857
Alessandro Ghedini <alessandro||ghedini.me>
1 Aug 2015
http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8266
https://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8266
Frank Morgner <morgner||informatik.hu-berlin.de>
30 Aug 2013
http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6960
https://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6960
Wolfgang Meyer zu Bergsten <w.bergsten||sirrix.com>
25 Oct 2013
http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7068
https://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7068
Jens Lechtenboerger <jens.lechtenboerger||fsfe.org>
22 Feb 2014
http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7337
https://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7337
Jason Spafford <nullprogrammer||gmail.com>
6 Mar 2014
http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7352
https://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7352
Simon Arlott <simon||arlott.org>
10 Jul 2014
http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7572
https://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7572
Alon Bar-Lev <alon.barlev||gmail.com>
25 Aug 2014
http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7615
https://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7615
Armin Burgmeier <armin||arbur.net>
16 Sep 2014
http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7657
https://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7657
Jaak Ristioja <jaak.ristioja||cyber.ee>
17 Dec 2014
http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7885
https://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7885
Luke Dashjr <luke-jr+git||utopios.org>
13 Jan 2015
http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7949
https://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7949
Tim Kosse <tim.kosse||filezilla-project.org>
30 May 2016
http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8559
https://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8559
GNU GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
......
......@@ -17,7 +17,7 @@ Public License version 3.0 (or later). The manual is distributed
under the GNU Free Documentation License version 1.3 (or later).
The project page of the library is available at:
http://www.gnutls.org/
https://www.gnutls.org/
What's New
==========
......@@ -278,12 +278,12 @@ Community
If you need help to use GnuTLS, or want to help others, you are invited
to join our help-gnutls mailing list, see:
http://lists.gnutls.org/mailman/listinfo/gnutls-help
https://lists.gnutls.org/mailman/listinfo/gnutls-help
If you wish to participate in the development of GnuTLS, you are invited
to join our gnutls-dev mailing list, see:
http://lists.gnutls.org/mailman/listinfo/gnutls-dev
https://lists.gnutls.org/mailman/listinfo/gnutls-dev
Internationalization
====================
......
......@@ -88,7 +88,7 @@ challenge_password = 123456
# An URL that has CRLs (certificate revocation lists)
# available. Needed in CA certificates.
#crl_dist_points = "http://www.getcrl.crl/getcrl/"
#crl_dist_points = "https://www.getcrl.crl/getcrl/"
# Whether this is a CA certificate or not
#ca
......@@ -145,10 +145,10 @@ encryption_key
#path_len = 2
# OCSP URI
# ocsp_uri = http://my.ocsp.server/ocsp
# ocsp_uri = https://my.ocsp.server/ocsp
# CA issuers URI
# ca_issuers_uri = http://my.ca.issuer
# ca_issuers_uri = https://my.ca.issuer
# Certificate policies
#policy1 = 1.3.6.1.4.1.5484.1.10.99.1.0
......
......@@ -6,16 +6,16 @@
@item @anchor{CBCATT}[CBCATT]
Bodo Moeller, "Security of CBC Ciphersuites in SSL/TLS: Problems and
Countermeasures", 2002, available from
@url{http://www.openssl.org/~bodo/tls-cbc.txt}.
@url{https://www.openssl.org/~bodo/tls-cbc.txt}.
@item @anchor{GPGH}[GPGH]
Mike Ashley, "The GNU Privacy Handbook", 2002, available from
@url{http://www.gnupg.org/gph/en/manual.pdf}.
@url{https://www.gnupg.org/gph/en/manual.pdf}.
@item @anchor{GUTPKI}[GUTPKI]
Peter Gutmann, "Everything you never wanted to know about PKI but were
forced to find out", Available from
@url{http://www.cs.auckland.ac.nz/~pgut001/}.
@url{https://www.cs.auckland.ac.nz/~pgut001/}.
@item @anchor{PRNGATTACKS}[PRNGATTACKS]
John Kelsey and Bruce Schneier, "Cryptanalytic Attacks on Pseudorandom Number Generators",
......@@ -23,7 +23,7 @@ Available from @url{https://www.schneier.com/academic/paperfiles/paper-prngs.pdf
@item @anchor{KEYPIN}[KEYPIN]
Chris Evans and Chris Palmer, "Public Key Pinning Extension for HTTP",
Available from @url{http://tools.ietf.org/html/draft-ietf-websec-key-pinning-01}.
Available from @url{https://tools.ietf.org/html/draft-ietf-websec-key-pinning-01}.
@item @anchor{NISTSP80057}[NISTSP80057]
NIST Special Publication 800-57, "Recommendation for Key Management -
......@@ -33,157 +33,157 @@ Part 1: General (Revised)", March 2007, available from
@item @anchor{RFC7413}[RFC7413]
Y. Cheng and J. Chu and S. Radhakrishnan and A. Jain, "TCP Fast Open",
December 2014, Available from
@url{http://www.ietf.org/rfc/rfc7413.txt}.
@url{https://www.ietf.org/rfc/rfc7413.txt}.
@item @anchor{RFC7918}[RFC7918]
A. Langley, N. Modadugu, B. Moeller, "Transport Layer Security (TLS) False Start",
August 2016, Available from
@url{http://www.ietf.org/rfc/rfc7918.txt}.
@url{https://www.ietf.org/rfc/rfc7918.txt}.
@item @anchor{RFC6125}[RFC6125]
Peter Saint-Andre and Jeff Hodges, "Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X.509 (PKIX) Certificates in the Context of Transport Layer Security (TLS)",
March 2011, Available from
@url{http://www.ietf.org/rfc/rfc6125.txt}.
@url{https://www.ietf.org/rfc/rfc6125.txt}.
@item @anchor{RFC7685}[RFC7685]
Adam Langley, "A Transport Layer Security (TLS) ClientHello Padding Extension",
October 2015, Available from
@url{http://www.ietf.org/rfc/rfc7685.txt}.
@url{https://www.ietf.org/rfc/rfc7685.txt}.
@item @anchor{RFC7613}[RFC7613]
Peter Saint-Andre and Alexey Melnikov, "Preparation, Enforcement, and Comparison of Internationalized Strings Representing Usernames and Passwords",
August 2015, Available from
@url{http://www.ietf.org/rfc/rfc7613.txt}.
@url{https://www.ietf.org/rfc/rfc7613.txt}.
@item @anchor{RFC2246}[RFC2246]
Tim Dierks and Christopher Allen, "The TLS Protocol Version 1.0",
January 1999, Available from
@url{http://www.ietf.org/rfc/rfc2246.txt}.
@url{https://www.ietf.org/rfc/rfc2246.txt}.
@item @anchor{RFC6083}[RFC6083]
M. Tuexen and R. Seggelmann and E. Rescorla, "Datagram Transport Layer Security (DTLS) for Stream Control Transmission Protocol (SCTP)",
January 2011, Available from
@url{http://www.ietf.org/rfc/rfc6083.txt}.
@url{https://www.ietf.org/rfc/rfc6083.txt}.
@item @anchor{RFC4418}[RFC4418]
Ted Krovetz, "UMAC: Message Authentication Code using Universal Hashing",
March 2006, Available from
@url{http://www.ietf.org/rfc/rfc4418.txt}.
@url{https://www.ietf.org/rfc/rfc4418.txt}.
@item @anchor{RFC4680}[RFC4680]
S. Santesson, "TLS Handshake Message for Supplemental Data",
September 2006, Available from
@url{http://www.ietf.org/rfc/rfc4680.txt}.
@url{https://www.ietf.org/rfc/rfc4680.txt}.
@item @anchor{RFC7633}[RFC7633]
P. Hallam-Baker, "X.509v3 Transport Layer Security (TLS) Feature Extension",
October 2015, Available from
@url{http://www.ietf.org/rfc/rfc7633.txt}.
@url{https://www.ietf.org/rfc/rfc7633.txt}.
@item @anchor{RFC7919}[RFC7919]
D. Gillmor, "Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security (TLS)",
August 2016, Available from
@url{http://www.ietf.org/rfc/rfc7919.txt}.
@url{https://www.ietf.org/rfc/rfc7919.txt}.
@item @anchor{RFC4514}[RFC4514]
Kurt D. Zeilenga, "Lightweight Directory Access Protocol (LDAP): String Representation of Distinguished Names",
June 2006, Available from
@url{http://www.ietf.org/rfc/rfc4513.txt}.
@url{https://www.ietf.org/rfc/rfc4513.txt}.
@item @anchor{RFC4346}[RFC4346]
Tim Dierks and Eric Rescorla, "The TLS Protocol Version 1.1", Match
2006, Available from @url{http://www.ietf.org/rfc/rfc4346.txt}.
2006, Available from @url{https://www.ietf.org/rfc/rfc4346.txt}.
@item @anchor{RFC4347}[RFC4347]
Eric Rescorla and Nagendra Modadugu, "Datagram Transport Layer Security", April
2006, Available from @url{http://www.ietf.org/rfc/rfc4347.txt}.
2006, Available from @url{https://www.ietf.org/rfc/rfc4347.txt}.
@item @anchor{RFC5246}[RFC5246]
Tim Dierks and Eric Rescorla, "The TLS Protocol Version 1.2", August
2008, Available from @url{http://www.ietf.org/rfc/rfc5246.txt}.
2008, Available from @url{https://www.ietf.org/rfc/rfc5246.txt}.
@item @anchor{RFC2440}[RFC2440]
Jon Callas, Lutz Donnerhacke, Hal Finney and Rodney Thayer, "OpenPGP
Message Format", November 1998, Available from
@url{http://www.ietf.org/rfc/rfc2440.txt}.
@url{https://www.ietf.org/rfc/rfc2440.txt}.
@item @anchor{RFC4880}[RFC4880]
Jon Callas, Lutz Donnerhacke, Hal Finney, David Shaw and Rodney
Thayer, "OpenPGP Message Format", November 2007, Available from
@url{http://www.ietf.org/rfc/rfc4880.txt}.
@url{https://www.ietf.org/rfc/rfc4880.txt}.
@item @anchor{RFC4211}[RFC4211]
J. Schaad, "Internet X.509 Public Key Infrastructure Certificate
Request Message Format (CRMF)", September 2005, Available from
@url{http://www.ietf.org/rfc/rfc4211.txt}.
@url{https://www.ietf.org/rfc/rfc4211.txt}.
@item @anchor{RFC2817}[RFC2817]
Rohit Khare and Scott Lawrence, "Upgrading to TLS Within HTTP/1.1",
May 2000, Available from @url{http://www.ietf.org/rfc/rfc2817.txt}
May 2000, Available from @url{https://www.ietf.org/rfc/rfc2817.txt}
@item @anchor{RFC2818}[RFC2818]
Eric Rescorla, "HTTP Over TLS", May 2000, Available from
@url{http://www.ietf/rfc/rfc2818.txt}.
@url{https://www.ietf/rfc/rfc2818.txt}.
@item @anchor{RFC2945}[RFC2945]
Tom Wu, "The SRP Authentication and Key Exchange System", September
2000, Available from @url{http://www.ietf.org/rfc/rfc2945.txt}.
2000, Available from @url{https://www.ietf.org/rfc/rfc2945.txt}.
@item @anchor{RFC7301}[RFC7301]
S. Friedl, A. Popov, A. Langley, E. Stephan, "Transport Layer Security (TLS) Application-Layer Protocol Negotiation Extension",
July 2014, Available from @url{http://www.ietf.org/rfc/rfc7301.txt}.
July 2014, Available from @url{https://www.ietf.org/rfc/rfc7301.txt}.
@item @anchor{RFC2986}[RFC2986]
Magnus Nystrom and Burt Kaliski, "PKCS 10 v1.7: Certification Request
Syntax Specification", November 2000, Available from
@url{http://www.ietf.org/rfc/rfc2986.txt}.
@url{https://www.ietf.org/rfc/rfc2986.txt}.
@item @anchor{PKIX}[PKIX]
D. Cooper, S. Santesson, S. Farrel, S. Boeyen, R. Housley, W. Polk,
"Internet X.509 Public Key Infrastructure Certificate and Certificate
Revocation List (CRL) Profile", May 2008, available from
@url{http://www.ietf.org/rfc/rfc5280.txt}.
@url{https://www.ietf.org/rfc/rfc5280.txt}.
@item @anchor{RFC3749}[RFC3749]
Scott Hollenbeck, "Transport Layer Security Protocol Compression
Methods", May 2004, available from
@url{http://www.ietf.org/rfc/rfc3749.txt}.
@url{https://www.ietf.org/rfc/rfc3749.txt}.
@item @anchor{RFC3820}[RFC3820]
Steven Tuecke, Von Welch, Doug Engert, Laura Pearlman, and Mary
Thompson, "Internet X.509 Public Key Infrastructure (PKI) Proxy
Certificate Profile", June 2004, available from
@url{http://www.ietf.org/rfc/rfc3820}.
@url{https://www.ietf.org/rfc/rfc3820}.
@item @anchor{RFC6520}[RFC6520]
R. Seggelmann, M. Tuexen, and M. Williams, "Transport Layer Security (TLS) and
Datagram Transport Layer Security (DTLS) Heartbeat Extension", February 2012, available from
@url{http://www.ietf.org/rfc/rfc6520}.
@url{https://www.ietf.org/rfc/rfc6520}.
@item @anchor{RFC5746}[RFC5746]
E. Rescorla, M. Ray, S. Dispensa, and N. Oskov, "Transport Layer
Security (TLS) Renegotiation Indication Extension", February 2010,
available from @url{http://www.ietf.org/rfc/rfc5746}.
available from @url{https://www.ietf.org/rfc/rfc5746}.
@item @anchor{RFC5280}[RFC5280]
D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, and
W. Polk, "Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile", May 2008, available from
@url{http://www.ietf.org/rfc/rfc5280}.
@url{https://www.ietf.org/rfc/rfc5280}.
@item @anchor{TLSTKT}[TLSTKT]
Joseph Salowey, Hao Zhou, Pasi Eronen, Hannes Tschofenig, "Transport
Layer Security (TLS) Session Resumption without Server-Side State",
January 2008, available from @url{http://www.ietf.org/rfc/rfc5077}.
January 2008, available from @url{https://www.ietf.org/rfc/rfc5077}.
@item @anchor{PKCS12}[PKCS12]
RSA Laboratories, "PKCS 12 v1.0: Personal Information Exchange
Syntax", June 1999, Available from @url{http://www.rsa.com}.
Syntax", June 1999, Available from @url{https://www.rsa.com}.
@item @anchor{PKCS11}[PKCS11]
RSA Laboratories, "PKCS #11 Base Functionality v2.30: Cryptoki – Draft 4",
July 2009, Available from @url{http://www.rsa.com}.
July 2009, Available from @url{https://www.rsa.com}.
@item @anchor{RESCORLA}[RESCORLA]
Eric Rescorla, "SSL and TLS: Designing and Building Secure Systems",
......@@ -191,11 +191,11 @@ Eric Rescorla, "SSL and TLS: Designing and Building Secure Systems",
@item @anchor{SELKEY}[SELKEY]
Arjen Lenstra and Eric Verheul, "Selecting Cryptographic Key Sizes",
2003, available from @url{http://www.win.tue.nl/~klenstra/key.pdf}.
2003, available from @url{https://www.win.tue.nl/~klenstra/key.pdf}.
@item @anchor{SSL3}[SSL3]
Alan Freier, Philip Karlton and Paul Kocher, "The Secure Sockets Layer (SSL) Protocol Version 3.0",
August 2011, Available from @url{http://www.ietf.org/rfc/rfc6101.txt}.
August 2011, Available from @url{https://www.ietf.org/rfc/rfc6101.txt}.
@item @anchor{STEVENS}[STEVENS]
Richard Stevens, "UNIX Network Programming, Volume 1", Prentice Hall
......@@ -204,56 +204,56 @@ PTR, January 1998
@item @anchor{TLSEXT}[TLSEXT]
Simon Blake-Wilson, Magnus Nystrom, David Hopwood, Jan Mikkelsen and
Tim Wright, "Transport Layer Security (TLS) Extensions", June 2003,
Available from @url{http://www.ietf.org/rfc/rfc3546.txt}.
Available from @url{https://www.ietf.org/rfc/rfc3546.txt}.
@item @anchor{TLSPGP}[TLSPGP]
Nikos Mavrogiannopoulos, "Using OpenPGP keys for TLS authentication",
January 2011. Available from
@url{http://www.ietf.org/rfc/rfc6091.txt}.
@url{https://www.ietf.org/rfc/rfc6091.txt}.
@item @anchor{TLSSRP}[TLSSRP]
David Taylor, Trevor Perrin, Tom Wu and Nikos Mavrogiannopoulos,
"Using SRP for TLS Authentication", November 2007. Available from
@url{http://www.ietf.org/rfc/rfc5054.txt}.
@url{https://www.ietf.org/rfc/rfc5054.txt}.
@item @anchor{TLSPSK}[TLSPSK]
Pasi Eronen and Hannes Tschofenig, "Pre-shared key Ciphersuites for
TLS", December 2005, Available from
@url{http://www.ietf.org/rfc/rfc4279.txt}.
@url{https://www.ietf.org/rfc/rfc4279.txt}.
@item @anchor{TOMSRP}[TOMSRP]
Tom Wu, "The Stanford SRP Authentication Project", Available at
@url{http://srp.stanford.edu/}.
@url{https://srp.stanford.edu/}.
@item @anchor{WEGER}[WEGER]
Arjen Lenstra and Xiaoyun Wang and Benne de Weger, "Colliding X.509
Certificates", Cryptology ePrint Archive, Report 2005/067, Available
at @url{http://eprint.iacr.org/}.
at @url{https://eprint.iacr.org/}.
@item @anchor{ECRYPT}[ECRYPT]
European Network of Excellence in Cryptology II, "ECRYPT II Yearly
Report on Algorithms and Keysizes (2009-2010)", Available
at @url{http://www.ecrypt.eu.org/documents/D.SPA.13.pdf}.
at @url{https://www.ecrypt.eu.org/documents/D.SPA.13.pdf}.
@item @anchor{RFC5056}[RFC5056]
N. Williams, "On the Use of Channel Bindings to Secure Channels",
November 2007, available from @url{http://www.ietf.org/rfc/rfc5056}.
November 2007, available from @url{https://www.ietf.org/rfc/rfc5056}.
@item @anchor{RFC5764}[RFC5764]
D. McGrew, E. Rescorla, "Datagram Transport Layer Security (DTLS) Extension to Establish Keys for the Secure Real-time Transport Protocol (SRTP)On the Use of Channel Bindings to Secure Channels",
May 2010, available from @url{http://www.ietf.org/rfc/rfc5764}.
May 2010, available from @url{https://www.ietf.org/rfc/rfc5764}.
@item @anchor{RFC5929}[RFC5929]
J. Altman, N. Williams, L. Zhu, "Channel Bindings for TLS", July 2010,
available from @url{http://www.ietf.org/rfc/rfc5929}.
available from @url{https://www.ietf.org/rfc/rfc5929}.
@item @anchor{PKCS11URI}[PKCS11URI]
J. Pechanec, D. Moffat, "The PKCS#11 URI Scheme", April 2015,
available from @url{http://www.ietf.org/rfc/rfc7512}.
available from @url{https://www.ietf.org/rfc/rfc7512}.
@item @anchor{TPMURI}[TPMURI]
C. Latze, N. Mavrogiannopoulos, "The TPMKEY URI Scheme", January 2013,
Work in progress, available from @url{http://tools.ietf.org/html/draft-mavrogiannopoulos-tpmuri-01}.
Work in progress, available from @url{https://tools.ietf.org/html/draft-mavrogiannopoulos-tpmuri-01}.
@item @anchor{ANDERSON}[ANDERSON]
R. J. Anderson, "Security Engineering: A Guide to Building Dependable Distributed Systems",
......@@ -261,18 +261,18 @@ John Wiley \& Sons, Inc., 2001.
@item @anchor{RFC4821}[RFC4821]
M. Mathis, J. Heffner, "Packetization Layer Path MTU Discovery", March 2007,
available from @url{http://www.ietf.org/rfc/rfc4821.txt}.
available from @url{https://www.ietf.org/rfc/rfc4821.txt}.
@item @anchor{RFC2560}[RFC2560]
M. Myers et al, "X.509 Internet Public Key Infrastructure Online
Certificate Status Protocol - OCSP", June 1999, Available from
@url{http://www.ietf.org/rfc/rfc2560.txt}.
@url{https://www.ietf.org/rfc/rfc2560.txt}.
@item @anchor{RIVESTCRL}[RIVESTCRL]
R. L. Rivest, "Can We Eliminate Certificate Revocation Lists?",
Proceedings of Financial Cryptography '98; Springer Lecture Notes in
Computer Science No. 1465 (Rafael Hirschfeld, ed.), February 1998),
pages 178--183, available from
@url{http://people.csail.mit.edu/rivest/Rivest-CanWeEliminateCertificateRevocationLists.pdf}.
@url{https://people.csail.mit.edu/rivest/Rivest-CanWeEliminateCertificateRevocationLists.pdf}.
@end table
......@@ -409,7 +409,7 @@ flags are part of the enumeration
Some systems provide a system wide trusted certificate storage accessible using
the PKCS #11 API. That is, the trusted certificates are queried and accessed using the
PKCS #11 API, and trusted certificate properties, such as purpose, are marked using
attached extensions. One example is the p11-kit trust module@footnote{see @url{http://p11-glue.freedesktop.org/trust-module.html}.}.
attached extensions. One example is the p11-kit trust module@footnote{see @url{https://p11-glue.freedesktop.org/trust-module.html}.}.
These special PKCS #11 modules can be used for GnuTLS certificate verification if marked as trust
policy modules, i.e., with @code{trust-policy: yes} in the p11-kit module file.
......
......@@ -6,7 +6,7 @@ it does not provide access to basic cryptographic primitives. However
it abstracts the internal cryptographic back-end (see @ref{Cryptographic Backend}),
providing symmetric crypto, hash and HMAC algorithms, as well access
to the random number generation. For a low-level crypto API the usage of nettle
@footnote{See @uref{http://www.lysator.liu.se/~nisse/nettle/}.} library is recommended.
@footnote{See @uref{https://www.lysator.liu.se/~nisse/nettle/}.} library is recommended.
@menu
* Symmetric algorithms::
......
......@@ -299,7 +299,7 @@ call the expected system call. For that it is recommended to test your