Commit graph

723 commits

Author SHA1 Message Date
Richard Levitte
27a9bf17c7 PKCS#1 has a new RFC, which we do implement 2003-02-06 19:30:06 +00:00
Richard Levitte
bfa3555081 Document -engine where missing.
PR: 424
2003-01-30 22:02:27 +00:00
Dr. Stephen Henson
da45180de4 Correct EVP_SealInit() documentation, iv is an output
parameter.
2003-01-26 13:38:56 +00:00
Richard Levitte
cdc5b4a41e Extend the HOWTO on creating certificates, and add a HOWTO in creating keys.
PR: 422
2003-01-14 15:42:16 +00:00
Richard Levitte
c653b56937 Correct an example that has a few typos.
PR: 458
2003-01-14 13:56:38 +00:00
Bodo Möller
bda2fa364d Typo.
NB: This and other manual pages should be updated for the new
BN_GENCB interface.
2003-01-13 13:18:22 +00:00
Richard Levitte
e68cb95d84 Add documentation on how to handle the shared libaries.
PR: 423
2003-01-10 16:14:32 +00:00
Richard Levitte
360e506710 Typos corrected.
PR: 445
2003-01-10 08:54:01 +00:00
Lutz Jänicke
44fcd3ef3e Add information about AES cipher suites to ciphers manual page.
If no authentication method is mentioned in the cipher suite name (e.g.
AES128-SHA), RSA authentication is used (PR #396).
2002-12-29 21:24:50 +00:00
Richard Levitte
b5beb13abb Add SPKM among the related stanrds. 2002-12-26 22:35:04 +00:00
Richard Levitte
59c0dd56ab Update our list of implemented and related standards. 2002-12-26 00:21:53 +00:00
Richard Levitte
dcf19c173c Update our list of implemented and related standards. 2002-12-26 00:17:46 +00:00
Richard Levitte
18be6c4116 BIO_new_bio_pair() was unnecessarily described in it's own page as well as in
BIO_s_bio.pod.  The most logical is to move everything needed from
BIO_new_bio_pair.pod to BIO_s_bio.pod (including the nice example)
and toss BIO_new_bio_pair.pod.  I hope I got all the info over properly.
PR: 370
2002-12-12 22:12:02 +00:00
Richard Levitte
dad1535f7a BIO_set_nbio() is enumerated, but not explained. Remove it from enumeration
since it's both enumerated and explained in BIO_s_connect.pod.
PR: 370
2002-12-12 22:08:49 +00:00
Lutz Jänicke
532215f2db Missing ")"
Submitted by: Christian Hohnstaedt <chohnstaedt@innominate.com>
Reviewed by:
PR:
2002-12-04 13:30:58 +00:00
Richard Levitte
5e4a75e79f Correct some names. 2002-11-29 14:21:54 +00:00
Lutz Jänicke
32d21c1ef6 Better workaround to the "=head1 NAME OPTIONS" pod2latex problem:
NAME OPTIONS are a subset of OPTIONS, so just make it =head2!
Submitted by:
Reviewed by:
PR: 333
2002-11-18 08:15:45 +00:00
Dr. Stephen Henson
d78254aa28 Add SETWRAP modifier to ASN1 generate. 2002-11-15 00:26:07 +00:00
Lutz Jänicke
56dc24d483 Use =back to finish =over (found using pod2latex).
Submitted by:
Reviewed by:
PR:
2002-11-14 21:50:30 +00:00
Lutz Jänicke
84d828ab70 No such reference to link to (found running pod2latex).
Submitted by:
Reviewed by:
PR:
2002-11-14 21:41:54 +00:00
Dr. Stephen Henson
cfae3d94e9 Fix documentation of i2d_X509_fp and i2d_X509_bio. 2002-11-14 18:15:52 +00:00
Lutz Jänicke
1f30946481 Don't declare 2 WARNINGS sections
Submitted by:
Reviewed by:
PR:
2002-11-14 11:13:01 +00:00
Lutz Jänicke
b1697f189b Opportunistic change to work around pod2latex bug: rename NAME OPTIONS
section to SUBJECT AND ISSUER NAME OPTIONS
Submitted by:
Reviewed by:
PR: 333
2002-11-14 11:09:07 +00:00
Lutz Jänicke
17a202add7 Correct reference to section name.
Submitted by:
Reviewed by:
PR:
2002-11-14 11:03:30 +00:00
Lutz Jänicke
eaad02a747 Missing =back
Submitted by:
Reviewed by:
PR:
2002-11-14 10:51:54 +00:00
Dr. Stephen Henson
2d780dfd81 Typo 2002-11-13 14:07:37 +00:00
Dr. Stephen Henson
04f0a6ba39 Update docs 2002-11-13 13:18:14 +00:00
Dr. Stephen Henson
d479dc1d02 Put NAME in right place, fix typo 2002-11-13 01:20:43 +00:00
Dr. Stephen Henson
137e7e3aa1 Update docs 2002-11-13 00:14:15 +00:00
Dr. Stephen Henson
ba36b61d3d Initial ASN1 generation documentation. 2002-11-12 18:20:28 +00:00
Lutz Jänicke
7d80b27949 Typo.
Submitted by: assar <assar@kth.se>
Reviewed by:
PR:
2002-11-11 11:19:15 +00:00
Dr. Stephen Henson
a8c125550c Typo 2002-11-09 18:05:33 +00:00
Richard Levitte
d6257073aa -CAcreateserial doesn't take a filename argument.
PR: 332
2002-11-08 21:51:09 +00:00
Dr. Stephen Henson
d618f703ec CRL reason code docs. 2002-11-06 01:28:55 +00:00
Geoff Thorpe
769fedc3ad Add a HISTORY section to the man page to mention the new flags. 2002-10-29 18:05:16 +00:00
Geoff Thorpe
d9ec9d990f The last character of inconsistency in my recent commits is hereby
squashed.
2002-10-29 17:51:32 +00:00
Richard Levitte
6aba658cd8 Revert, that was an incorrect change.
PR: 156
2002-10-29 04:34:43 +00:00
Richard Levitte
accb0c6edb A small detail: since 0.9.7, DH_new_method() and DSA_new_method()
don't take an ENGINE* as parameter any more.
PR: 156
2002-10-29 04:31:46 +00:00
Geoff Thorpe
e0db2eed8d Correct and enhance the behaviour of "internal" session caching as it
relates to SSL_CTX flags and the use of "external" session caching. The
existing flag, "SSL_SESS_CACHE_NO_INTERNAL_LOOKUP" remains but is
supplemented with a complimentary flag, "SSL_SESS_CACHE_NO_INTERNAL_STORE".
The bitwise OR of the two flags is also defined as
"SSL_SESS_CACHE_NO_INTERNAL" and is the flag that should be used by most
applications wanting to implement session caching *entirely* by its own
provided callbacks. As the documented behaviour contradicted actual
behaviour up until recently, and since that point behaviour has itself been
inconsistent anyway, this change should not introduce any compatibility
problems. I've adjusted the relevant documentation to elaborate about how
this works.

Kudos to "Nadav Har'El" <nyh@math.technion.ac.il> for diagnosing these
anomalies and testing this patch for correctness.

PR: 311
2002-10-29 00:33:04 +00:00
Bodo Möller
e1c191fe44 I don't like c-tab-always-indent ... 2002-10-23 13:09:19 +00:00
Dr. Stephen Henson
0711be1696 New docs. 2002-10-20 13:20:57 +00:00
Geoff Thorpe
7521ab3d0b Make pod2man happier. 2002-10-18 22:04:26 +00:00
Lutz Jänicke
284b216b3a Corrected exchanged parameters in example for EVP_EncryptInit_ex()
Submitted by: "Marcus Carey" <marcus.carey@verizon.net>
Reviewed by:
PR: 265
2002-10-18 09:47:14 +00:00
Bodo Möller
05dbe6ee1f change Emacs indentation style to make it easier to insert
tabs manually

Submitted by: Pierre Bacquet <pbacquet@delta.fr>
2002-10-17 09:16:02 +00:00
Dr. Stephen Henson
29e48c18b7 More docs. 2002-10-09 17:19:59 +00:00
Dr. Stephen Henson
982dfb7d10 Typo. 2002-10-09 17:15:35 +00:00
Dr. Stephen Henson
8c4b69d3ab Update docs. 2002-10-09 17:05:05 +00:00
Dr. Stephen Henson
ec8ad2bb96 PKCS12_parse manual page. 2002-10-09 13:10:23 +00:00
Dr. Stephen Henson
5fbb02fcb1 PKCS12_create manual page 2002-10-09 12:06:58 +00:00
Dr. Stephen Henson
4e1b50e219 More man pages. 2002-10-09 12:06:12 +00:00
Dr. Stephen Henson
7e9db7cefc PKCS7_verify() docs. 2002-10-08 00:40:58 +00:00
Dr. Stephen Henson
d30e4c5b0b More docs. 2002-10-07 17:31:00 +00:00
Dr. Stephen Henson
9de6bb8abc More d2i/i2d manual pages. 2002-10-07 13:07:00 +00:00
Dr. Stephen Henson
72e04bd13f Document "0" and "1" naming convention. 2002-10-06 12:59:25 +00:00
Dr. Stephen Henson
4ec0448122 Update docs. 2002-10-06 12:40:31 +00:00
Dr. Stephen Henson
842d8e209b Update docs. 2002-10-06 12:34:06 +00:00
Dr. Stephen Henson
292fcd5c7b Update DH parameter docs. 2002-10-06 12:24:09 +00:00
Dr. Stephen Henson
1e976bdc46 Update RSAPublicKey manual page... 2002-10-06 00:03:20 +00:00
Dr. Stephen Henson
9946fceb9d Some docs relating to X509 ASN1 functions.
Many other ASN1 functions are identical other
than the actual structure being handled.
2002-10-05 23:30:10 +00:00
Richard Levitte
70e96dcf59 Document should match reality :-).
PR: 255
2002-10-04 12:59:00 +00:00
Richard Levitte
6859cf7459 It makes more sense to refer to specific function manuals than the concept
manual when the specific function is refered to in the current manual text.
This correction was originally introduced in OpenBSD's tracking of OpenSSL.
2002-09-25 13:33:28 +00:00
Richard Levitte
2018681b33 Remove *all* references to RSA_PKCS1_RSAref, since it doesn't exist any more.
This correction was originally introduced in OpenBSD's tracking of OpenSSL.
2002-09-25 13:26:36 +00:00
Richard Levitte
e204516178 Remove reference to RSA_PKCS1_RSAref, since it doesn't exist any more.
This correction was originally introduced in OpenBSD's tracking of OpenSSL.
2002-09-25 13:25:44 +00:00
Richard Levitte
153aecf91a It makes more sense to refer to specific function manuals than the concept
manual when the specific function is refered to in the current manual text.
This correction was originally introduced in OpenBSD's tracking of OpenSSL.
2002-09-25 13:11:12 +00:00
Lutz Jänicke
3403caf3da Consequently use term URI instead of URL
Submitted by: TJ Saunders <tj@castaglia.org>
Reviewed by:
PR: 268
2002-09-05 07:52:05 +00:00
Bodo Möller
1fd0338b49 fix manpage 2002-08-15 14:23:23 +00:00
Richard Levitte
37f5fcf85c Missing =back.
Part of PR 196
2002-08-15 10:59:55 +00:00
Geoff Thorpe
5bf738737d These are updates/fixes to DH/DSA/RAND docs based on the fixes to the RSA
docs. There were a couple of other places (including RSA) where the docs
were not quite synchronised with the API that are now fixed. One or two
still remain to be fixed though ...
2002-08-05 16:27:01 +00:00
Geoff Thorpe
415e03aa6f typo fix 2002-08-05 02:54:57 +00:00
Geoff Thorpe
ac120e20e3 Various parts of the RSA documentation were inaccurate and out of date and
this fixes those that I'm currently aware of. In particular, the ENGINE
interference in the RSA API has hopefully been clarified. This still needs
to be done for other areas of the API ...
2002-08-04 21:08:36 +00:00
Geoff Thorpe
3f90e45079 A single monolithic man page for the ENGINE stuff. This is a rough
first-cut but provides better documentation than having nothing on the
ENGINE API.
2002-08-04 20:57:19 +00:00
Bodo Möller
02750ff56f mention SSL_do_handshake() 2002-07-29 12:35:19 +00:00
Bodo Möller
8be4e173e8 fix a typo and clarify 2002-07-22 09:04:36 +00:00
Lutz Jänicke
c6ccf055ba New cipher selection options COMPLEMENTOFALL and COMPLEMENTOFDEFAULT.
Submitted by:
Reviewed by:
PR: 127
2002-07-19 19:55:34 +00:00
Lutz Jänicke
20adcfa058 The behaviour is undefined when calling SSL_write() with num=0.
Submitted by:
Reviewed by:
PR: 141
2002-07-19 11:53:54 +00:00
Lutz Jänicke
02b7ec88bb Manual page for SSL_do_handshake().
Submitted by: Martin Sjögren <martin@strakt.com>
PR: 137
2002-07-19 11:05:50 +00:00
Geoff Thorpe
0af9a89cef This documentation change was being written at the same time as Richard's
changes. So I'm committing this version to overwrite his changes for now,
and he can always take his turn to overwrite my words if he wants :-)

PR: 86
2002-07-18 20:59:22 +00:00
Richard Levitte
db802c60e3 Explain why RSA_check_key() doesn't work with hard keys.
PR: 86
2002-07-18 19:10:57 +00:00
Richard Levitte
503f3b1a21 Add history for documented new functions.
PR: 59
2002-07-18 18:54:46 +00:00
Lutz Jänicke
2edcb4ac71 Typos in links between manual pages
Submitted by: Richard.Koenning@fujitsu-siemens.com
Reviewed by:
PR: 129
2002-07-10 19:35:54 +00:00
Bodo Möller
cd7562091d fix synopsis
Submitted by: Nils Larsch
2002-07-09 10:51:25 +00:00
Bodo Möller
c21506ba02 New option SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS for disabling CBC
vulnerability workaround (included in SSL_OP_ALL).

PR: #90
2002-06-14 12:21:11 +00:00
Lutz Jänicke
8586df1efb Correct wrong usage information.
PR: 95
2002-06-12 20:15:18 +00:00
Richard Levitte
b49053cae2 Documentation bug corrected.
PR: 70
2002-06-05 09:31:05 +00:00
Lutz Jänicke
a5200a1b8f Typo.
PR: 72
2002-06-04 20:43:10 +00:00
Richard Levitte
305a1afcf7 a B< that wasn't properly ended. 2002-05-30 16:55:15 +00:00
Lutz Jänicke
9a26adf598 Remove item listed twice <kromJx@crosswinds.net>. 2002-05-28 17:48:54 +00:00
Lutz Jänicke
72da660ddb Fix incorrect =over 4 location.
Submitted by: David Waitzman <djw@bbn.com>
Reviewed by: Lutz Jaenicke
PR: [openssl.org #38]
2002-05-16 17:45:37 +00:00
Richard Levitte
21d5ed98d5 Small documentation fix for EVP_CipherFinal or EVP_CipherFinal_ex.
Notified by Stella Power <snpower@maths.tcd.ie>.
PR: 24
2002-05-08 15:20:38 +00:00
Lutz Jänicke
c0455cbb18 Fix escaping when using the -subj option of "openssl req", document
'hidden' -nameopt support. (Robert Joop <joop@fokus.gmd.de>)
2002-04-30 12:08:18 +00:00
Ulf Möller
592c0e0273 another error discovered by Karsten Braaten. The number was not even
prime!
2002-04-13 09:58:50 +00:00
Ulf Möller
4e9ef338fc error reported by Karsten Braaten 2002-04-07 13:33:16 +00:00
Bodo Möller
2c17323e15 Rephrase statement on the security of two-key 3DES.
[Chosen plaintext attack: R. Merkle, M. Hellman: "On the Security of
  Multiple Encryption", CACM 24 (1981) pp. 465-467, p. 776.

  Known plaintext angriff: P.C. van Oorschot, M. Wiener: "A
  known-plaintext attack on two-key triple encryption", EUROCRYPT '90.]
2002-03-05 15:29:30 +00:00
Bodo Möller
023ec151df Add 'void *' argument to app_verify_callback.
Submitted by: D. K. Smetters <smetters@parc.xerox.com>
Reviewed by: Bodo Moeller
2002-02-28 10:52:56 +00:00
Lutz Jänicke
ce4b274aa1 SSL_clear != SSL_free/SSL_new 2002-02-27 08:08:57 +00:00
Lutz Jänicke
f0d6ee6be8 Even though it is not really practical people should know about it. 2002-02-15 07:41:42 +00:00
Bodo Möller
a14e2d9dfe New functions
ERR_peek_last_error
    ERR_peek_last_error_line
    ERR_peek_last_error_line_data
(supersedes ERR_peek_top_error).

Rename OPENSSL_NO_OLD_DES_SUPPORT into OPENSSL_DISABLE_OLD_DES_SUPPORT
because OPENSSL_NO_... indicates disabled algorithms (according to
mkdef.pl).
2002-01-24 16:16:43 +00:00
Lutz Jänicke
6ce46d69f5 Typos (jsyn <jsyn@openbsd.org>). 2002-01-21 18:01:46 +00:00
Bodo Möller
31cafe53c9 add a sentence previously deleted by accident 2002-01-04 15:22:40 +00:00
Bodo Möller
dc4ddcd2bb add documentation for SSLeay_version(SSLEAY_DIR) and
'openssl version -d'

use some descriptions from Lutz' redundant manual page
instead of the previous ones
2002-01-04 15:17:09 +00:00
Lutz Jänicke
5256b021f3 Tsss, SSLeay_version() was already documented, it just was not linked in. 2002-01-04 15:05:51 +00:00
Lutz Jänicke
4ab1e7ceaf Add information as provided by Richard Levitte on openssl-users :-) 2002-01-04 14:55:38 +00:00
Dr. Stephen Henson
06623ff028 Update PEM docs 2002-01-04 13:35:37 +00:00
Ben Laurie
ff3fa48fc7 Improve back compatibility. 2001-12-09 21:53:31 +00:00
Richard Levitte
8f0edcb3d2 I was recently informed that some people wrongly use ssleay.txt as
main documentation, so let's warn them a little more, so the word
"OBSOLETE" really gets understood.
2001-12-04 07:38:17 +00:00
Dr. Stephen Henson
55e42c93a8 EVP_BytesToKey documentation. 2001-12-03 03:07:37 +00:00
Dr. Stephen Henson
21a85f1977 Add -pubkey option to req command. 2001-12-01 23:03:30 +00:00
Bodo Möller
8a0a9392ab discuss -name and default_ca more correctly (I hope) 2001-11-26 12:13:50 +00:00
Lutz Jänicke
a7ce69dbd7 Clarify reference count handling/removal of session
(shinagawa@star.zko.dec.com).
2001-11-19 11:11:23 +00:00
Bodo Möller
65123f8064 remove incorrect 'callback' prototype 2001-11-10 02:12:56 +00:00
Bodo Möller
1d8634b110 msg_callback documentation 2001-11-10 02:12:09 +00:00
Bodo Möller
45582d1e2b clarify 2001-11-08 14:54:21 +00:00
Dr. Stephen Henson
1fc6d41bf6 New options to allow req to accept UTF8 strings as input. 2001-10-26 12:40:38 +00:00
Ulf Möller
a41477f92e remove compatibility notes that no longer apply 2001-10-25 17:45:25 +00:00
Richard Levitte
5f68c5feef Correct some links... 2001-10-25 16:56:06 +00:00
Richard Levitte
ee84a5a7fb Change the DES documentation to reflect the current status. Note that
some password reading functions are really part of the UI
compatibility library...
2001-10-25 16:55:17 +00:00
Bodo Möller
2a9aca32dc mention des_old.h 2001-10-25 08:44:10 +00:00
Bodo Möller
89da653fa6 Add '-noemailDN' option to 'openssl ca'. This prevents inclusion of
the e-mail address in the DN (i.e., it will go into a certificate
extension only).  The new configuration file option 'email_in_dn = no'
has the same effect.

Submitted by: Massimiliano Pala madwolf@openca.org
2001-10-25 08:25:19 +00:00
Richard Levitte
ce15d5a9dc Remove DES_random_seed() but retain des_random_seed() for now. Change
the docs to reflect this change and correct libeay.num.
2001-10-25 06:46:22 +00:00
Richard Levitte
c2e4f17c1a Due to an increasing number of clashes between modern OpenSSL and
libdes (which is still used out there) or other des implementations,
the OpenSSL DES functions are renamed to begin with DES_ instead of
des_.  Compatibility routines are provided and declared by including
openssl/des_old.h.  Those declarations are the same as were in des.h
when the OpenSSL project started, which is exactly how libdes looked
at that time, and hopefully still looks today.

The compatibility functions will be removed in some future release, at
the latest in version 1.0.
2001-10-24 21:21:12 +00:00
Bodo Möller
a661b65357 New functions SSL[_CTX]_set_msg_callback().
New macros SSL[_CTX]_set_msg_callback_arg().

Message callback imlementation for SSL 3.0/TLS 1.0 (no SSL 2.0 yet).

New '-msg' option for 'openssl s_client' and 'openssl s_server'
that enable a message callback that displays all protocol messages.


In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if
client_version is smaller than the protocol version in use.
Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0
if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the
client will at least see that alert.

Fix SSL[_CTX]_ctrl prototype (void * instead of char * for generic
pointer).

Add/update some OpenSSL copyright notices.
2001-10-20 17:56:36 +00:00
Bodo Möller
51008ffce1 document SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 2001-10-17 11:56:26 +00:00
Dr. Stephen Henson
3811eed8d5 Update docs. 2001-10-17 01:50:32 +00:00
Dr. Stephen Henson
e72d734d5f Update docs. 2001-10-16 02:22:59 +00:00
Lutz Jänicke
56fa8e69cf Update information as a partial response to the post
From: "Chris D. Peterson" <cpeterson@aventail.com>
  Subject: Implementation Issues with OpenSSL
  To: openssl-users@openssl.org
  Date: Wed, 22 Aug 2001 16:13:17 -0700
The patch included in the original post may improve the internal session
list handling (and is therefore worth a seperate investigation).
No change to the list handling will however solve the problems of incorrect
SSL_SESSION_free() calls. The session list is only one possible point of
failure, dangling pointers would also occur for SSL object currently
using the session. The correct solution is to only use SSL_SESSION_free()
when applicable!
2001-10-12 12:29:16 +00:00
Lutz Jänicke
e1c279b63d Small documentation fixes (Howard Lum <howard@pumpkin.canada.sun.com>) 2001-10-08 08:37:24 +00:00
Lutz Jänicke
d300bcca7f Typo. 2001-09-13 15:18:51 +00:00
Lutz Jänicke
d59c3e5046 One more manual page. 2001-09-13 15:05:42 +00:00
Lutz Jänicke
6d8566f2eb Rework section about return values another time (based on hints from
Bodo Moeller).
2001-09-13 13:21:38 +00:00
Lutz Jänicke
c0f5dd070b Make maximum certifcate chain size accepted from the peer application
settable (proposed by "Douglas E. Engert" <deengert@anl.gov>).
2001-09-11 13:08:51 +00:00
Ulf Möller
3b80e3aa9e ispell 2001-09-07 06:13:40 +00:00
Bodo Möller
983495c4b2 Use uniformly chosen witnesses for Miller-Rabin test
(by using new BN_pseudo_rand_range function)
2001-09-03 12:58:16 +00:00
Lutz Jänicke
f1b2807478 More docs. 2001-08-24 14:29:48 +00:00
Lutz Jänicke
bfd7bb3eb6 Typo. 2001-08-23 17:41:20 +00:00
Lutz Jänicke
11c8f0b79d More manual pages. Constify. 2001-08-23 17:22:43 +00:00
Lutz Jänicke
c4068186ac As discussed recently on openssl-users. 2001-08-23 15:00:11 +00:00
Lutz Jänicke
0a93a68020 Make clear, that using the compression layer is currently not recommended. 2001-08-23 09:42:12 +00:00
Ulf Möller
f2ab7d1392 typo. 2001-08-22 18:35:17 +00:00
Lutz Jänicke
141e584998 One more manual page... 2001-08-21 14:54:54 +00:00
Lutz Jänicke
336736ef35 Documentation on how to handle compression methods.
Hopefully it is clear enough, that it is currently not recommended.
2001-08-21 13:02:58 +00:00
Lutz Jänicke
d93eb21c7c More interdependencies with respect to shutdown behaviour. 2001-08-20 14:34:16 +00:00
Lutz Jänicke
a403188f92 Alert description strings for TLSv1 and documentation. 2001-08-19 16:20:42 +00:00
Lutz Jänicke
52129c0b0b More details about session timeout settings. 2001-08-17 16:36:51 +00:00
Lutz Jänicke
a52877a2f1 One more function documented. 2001-08-17 15:54:50 +00:00
Lutz Jänicke
cdd7c3ce92 SSL_shutdown() has even more properties... 2001-08-17 15:09:31 +00:00
Lutz Jänicke
c1497b4d19 One more step on the way for complete documentation... 2001-08-17 14:32:38 +00:00
Lutz Jänicke
b2ed462934 Unidirectional shutdown is allowed according to the RFC. 2001-08-17 09:08:32 +00:00
Lutz Jänicke
9e09eebf94 Better description of the behaviour of SSL_shutdown() as it is now, broken
or not.
2001-08-16 14:27:55 +00:00
Bodo Möller
3f1c4e49a3 add missing link 2001-08-08 15:09:06 +00:00
Lutz Jänicke
06da6e4977 Don't disable rollback attack detection as a recommended bug workaround. 2001-08-03 08:45:13 +00:00
Lutz Jänicke
37f599bcec Reworked manual pages with a lot of input from Bodo Moeller. 2001-07-31 15:04:50 +00:00
Ben Laurie
8408f4fbc7 Document DES changes better. 2001-07-31 13:33:58 +00:00
Bodo Möller
924875e53b Undo DH_generate_key() change: s3_srvr.c was using it correctly 2001-07-27 22:34:25 +00:00
Bodo Möller
6aecef815c Don't preserve existing keys in DH_generate_key. 2001-07-25 17:20:34 +00:00
Lutz Jänicke
7abe76e1bd Fix wrong information about SSL_set_connect_state()... 2001-07-25 12:12:51 +00:00
Lutz Jänicke
3e3dac9f97 Additional inline reference. 2001-07-23 12:57:37 +00:00
Lutz Jänicke
397ba0f08a Add missing reference. 2001-07-23 12:52:05 +00:00
Lutz Jänicke
4db48ec0bd Documentation about ephemeral key exchange 2001-07-21 11:02:17 +00:00
Lutz Jänicke
6d3dec92fb Updated explanation. 2001-07-20 19:23:43 +00:00
Lutz Jänicke
2d3b6a5be7 Some more documentation bits. 2001-07-20 18:57:15 +00:00
Dr. Stephen Henson
534a1ed0cb Allow OCSP server to handle multiple requests.
Document new OCSP options.
2001-07-13 13:13:44 +00:00
Lutz Jänicke
a1a63a4239 Clarify! (based on recent mailing-list discussions) 2001-07-11 15:10:28 +00:00
Bodo Möller
e9ad0d2c31 Fix PRNG. 2001-07-10 10:49:34 +00:00
Lutz Jänicke
43f9391bcc When only the key is given to "enc", the IV is undefined
(found by Andy Brown <logic@warthog.com>).
2001-07-03 10:31:11 +00:00
Dr. Stephen Henson
181355616e Add examples to EVP_EncryptInit manual page. 2001-05-17 13:03:20 +00:00
Lutz Jänicke
74daa124c2 Add missing item(s) SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT. 2001-05-16 09:43:51 +00:00
Lutz Jänicke
5892855c5f Typos. 2001-05-14 09:52:44 +00:00
Lutz Jänicke
a6e859e9ec One more point to clarify, pointed out by "Greg Stark" <ghstark@pobox.com> 2001-05-14 09:02:38 +00:00
Lutz Jänicke
33ab4699ba Clarify behaviour with respect to SSL/TLS records. 2001-05-12 09:49:02 +00:00
Lutz Jänicke
4b3270f78e Clarify behaviour of SSL_write() by mentioning SSL_MODE_ENABLE_PARTIAL_WRITE
flag as discussed on the mailing list.
2001-05-11 09:53:10 +00:00
Lutz Jänicke
0ea659475c Typo (reported by Petr Lancaric <Petr.Lancaric@ips-ag.cz>) 2001-04-25 15:24:47 +00:00
Lutz Jänicke
197322455d Clarify request of client certificates. This is a FAQ. 2001-04-17 13:18:56 +00:00
Lutz Jänicke
cb2a0e1319 Missing link ("Greg Stark" <gstark@ethentica.com>) 2001-04-12 21:11:31 +00:00
Lutz Jänicke
638b0d4277 Fix wrong information with respect to CAs listed to the client
(follows from technical discussion with Amit Chopra <amitc@pspl.co.in>).
2001-04-12 16:02:34 +00:00
Lutz Jänicke
f7181a9179 Typo (Jun-ichiro itojun Hagino <itojun@iijlab.net>) 2001-04-12 11:45:42 +00:00
Bodo Möller
fba9046490 Update docs. 2001-03-21 15:25:56 +00:00
Dr. Stephen Henson
02ee8626fb Fix PKCS#12 key generation bug. 2001-03-18 02:11:42 +00:00
Dr. Stephen Henson
791bd0cd2b Add copy_extensions option to 'ca' utility. 2001-03-16 02:04:17 +00:00
Dr. Stephen Henson
e890dcdb19 Add 'align' option to nameopt.
Add default values for display by the 'ca' utility
to openssl.cnf

Update docs.
2001-03-15 22:45:20 +00:00
Lutz Jänicke
eb272ac0b0 Forgot "cvs add", so only the surrounding changes made it... sigh. 2001-03-15 12:42:04 +00:00
Dr. Stephen Henson
0a3ea5d34a Document the -certopt option to the x509 utility.
Add no_issuer option.

Fix X509_print_ex() so it prints out newlines when
certain fields are omitted.
2001-03-15 01:15:54 +00:00
Dr. Stephen Henson
a29d78e90b Initial docs for PEM routines. 2001-03-11 20:29:28 +00:00
Richard Levitte
7b8250053b Document the change. 2001-03-10 16:28:49 +00:00
Dr. Stephen Henson
cc5ba6a7b6 Update docs. 2001-03-09 13:57:14 +00:00
Bodo Möller
e34cfcf7e1 Consistently use 'void *' for SSL read, peek and write functions. 2001-03-09 10:09:20 +00:00
Dr. Stephen Henson
1358835050 Change the EVP_somecipher() and EVP_somedigest()
functions to return constant EVP_MD and EVP_CIPHER
pointers.

Update docs.
2001-03-09 02:51:02 +00:00
Lutz Jänicke
b72ff47037 Add newly learned knowledge from yesterday's discussion. 2001-03-08 17:24:02 +00:00
Bodo Möller
98499135d7 Constify BN_value_one. 2001-03-08 13:58:09 +00:00
Bodo Möller
bad4058574 New option '-subj arg' for 'openssl req' and 'openssl ca'. This
sets the subject name for a new request or supersedes the
subject name in a given request.

Add options '-batch' and '-verbose' to 'openssl req'.

Submitted by: Massimiliano Pala <madwolf@hackmasters.net>
Reviewed by: Bodo Moeller
2001-03-05 11:09:43 +00:00
Lutz Jänicke
45ecfb1973 Typo, spotted by "Greg Stark" <gstark@ethentica.com>. 2001-03-01 16:50:11 +00:00
Lutz Jänicke
3cdc8ad07a Describe new callback for session id generation. 2001-02-23 21:38:42 +00:00
Lutz Jänicke
2c1571b4ff SSL_get_version() was an easy one :-) 2001-02-23 21:05:56 +00:00
Ulf Möller
335c4f0966 BN_rand_range() needs a BN_rand() variant that doesn't set the MSB. 2001-02-20 00:23:07 +00:00
Richard Levitte
cf1b7d9664 Make all configuration macros available for application by making
sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.

I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.
2001-02-19 16:06:34 +00:00
Ulf Möller
52d160d85d ispell 2001-02-16 02:09:53 +00:00
Ulf Möller
54ff1e6ae5 pod format error 2001-02-16 01:44:24 +00:00
Lutz Jänicke
52b621db88 Add "-rand" option to s_client and s_server. 2001-02-15 10:22:07 +00:00
Dr. Stephen Henson
f2e5ca84d4 Option to disable standard block padding with EVP API.
Add -nopad option to enc command.

Update docs.
2001-02-14 02:11:52 +00:00
Lutz Jänicke
8e495e4ac7 Finish first round of session cache documentation. 2001-02-13 14:00:09 +00:00
Lutz Jänicke
f282ca7413 New manual page: SSL_CTX_set_mode. 2001-02-13 11:43:11 +00:00