documentation incomplete?

Michal Suchanek hramrach at
Mon May 28 13:58:51 CEST 2012


On 25 May 2012 22:25, Nikos Mavrogiannopoulos <nmav at> wrote:
> On 05/24/2012 08:07 PM, Michal Suchanek wrote:
> Hello Michal,
>  Thank you for the comments.

Thanks for updating the docs.

>> There is not much in the way of explanation of most return values that
>> contain any complex information,
> Could you pinpoint those?

Besides those mentioned earlier there is an issue with error values.

You can get E_FATAL_ALERT (and the non-fatal too) and this is happily
converted to a text string by gnutls_strerror but this is NOT what you
want to do.

There are applications out in the wild that return the "Fatal alert
received" string instead of the actual error. A notice in the
gnu_strerror description could maybe prevent this issue in the future.

>> and the examples are grossly incomplete.
> Do your comments below show the parts of the examples you consider
> incomplete or you had other issues as well?  Note, however, that
> examples are just that and cannot be complete applications.

Of course, examples aren't complete applications.

In my view the purpose of examples is  to show how is the thing they
do done correctly, and that is not always the case here.

Also when the documentation is not complete it rests on the examples
to complete it in which case they should be more verbose and

>> Final problem is that I have a CA cert, not cert list. All the
>> examples deal with cert lists because it is easy, a function imports
>> all of it but fails to import a single cert. To import a single cert
>> it has to be loaded into memory, converted, and then loaded into the
>> credentials.
> I don't understand the issue. Could you explain further?
> If you are referring to gnutls_certificate_set_x509_trust_file(), it
> can read PEM or DER formatted files.

Indeed, it does work as described.

The problem was in my code.



More information about the Gnutls-help mailing list