[gnutls-devel] GnuTLS | Confusing documentation for service parameter in `gnutls_verify_stored_pubkey` (#1744)

[Read-only notification of GnuTLS library development activities]

Dariqq created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1744



Hello

## Description of problem:


I was looking into using ` gnutls_verify_stored_pubkey` and `gnutls_store_pubkey` for tofu verification.

The documentation I could find for the `service` parameter is a bit confusing whether it should be the service name or the port number

- The client example at https://www.gnutls.org/manual/html_node/Client-example-with-SSH_002dstyle-certificate-verification.html uses "https"
- The function reference in the manual at https://www.gnutls.org/manual/html_node/Certificate-verification.html says

```
> service: non-NULL if this key is specific to a service (e.g. http)
[...]
> The service field if non-NULL should be a port number
```
The first part suggests that it should be the service name while the second one advises one to use the port number.

Running `gnutls-cli --tofu gnutls.org` and saving the cert it got saved as "https" and not "443".

>From what I can see the default `verify_pubkey` and `parse_line` functions just use `strcmp` (special casing `"*"`) so it should not matter as long as I am consistent with always using either the port or service name.

Thanks.

## Version of gnutls used:

online manual is version 3.8.10
gnutls-cli version 3.8.10

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1744
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20251010/0b274673/attachment.html>