headers
Michal Suchanek | 24 May 2012 20:07
Picon

documentation incomplete?

Hello,

Debian ships a GNUTLS pdf book in the package gnutls-doc.

In the foreword it says it aims to be self-contained.

I tried to implement gnutls in a program based on the manual (as
opposed to ripping a working code from another program as suggested in
some places on the net).

This was a terrible experience.

There is not much in the way of explanation of most return values that
contain any complex information, and the examples are grossly
incomplete.

First off I tried the example with anonymous authentication which of
course does not work. A notice that even services that do not require
client authentication (such as most https servers) typically don't
support anonymous authentication either would be quite helpful in the
manual. That client example is kind of useless because you need to
build a matching server to run it which is not included.

Second comes x509 client which should work in normal environments.

This somewhat differs for version 2 and 3 of the docs.

The v2 docs have a client with authentication and no verification and
a client with verification only, the v3 a client with both and a
separate verification function.
(Continue reading)

Permalink | Reply |
headers
Nikos Mavrogiannopoulos | 25 May 2012 22:25

Re: documentation incomplete?

On 05/24/2012 08:07 PM, Michal Suchanek wrote:

Hello Michal,
 Thank you for the comments.

 
> There is not much in the way of explanation of most return values that
> contain any complex information,

Could you pinpoint those?

> and the examples are grossly incomplete.

Do your comments below show the parts of the examples you consider
incomplete or you had other issues as well?  Note, however, that
examples are just that and cannot be complete applications.

> First off I tried the example with anonymous authentication which of
> course does not work. 

> A notice that even services that do not require

> client authentication (such as most https servers) typically don't
> support anonymous authentication either would be quite helpful in the
> manual. That client example is kind of useless because you need to
> build a matching server to run it which is not included.

I've added some text in the Anonymous authentication chapter to make
this more clear.
(Continue reading)

Permalink | Reply |
headers
Michal Suchanek | 28 May 2012 13:58
Picon

Re: documentation incomplete?

Hello,

On 25 May 2012 22:25, Nikos Mavrogiannopoulos <nmav <at> gnutls.org> wrote:
> On 05/24/2012 08:07 PM, Michal Suchanek wrote:
>
> Hello Michal,
>  Thank you for the comments.

Thanks for updating the docs.

>
>
>> There is not much in the way of explanation of most return values that
>> contain any complex information,
>
>
> Could you pinpoint those?

Besides those mentioned earlier there is an issue with error values.

You can get E_FATAL_ALERT (and the non-fatal too) and this is happily
converted to a text string by gnutls_strerror but this is NOT what you
want to do.

There are applications out in the wild that return the "Fatal alert
received" string instead of the actual error. A notice in the
gnu_strerror description could maybe prevent this issue in the future.

>
>> and the examples are grossly incomplete.
(Continue reading)

Permalink | Reply |

Gmane