Commit graph

316 commits

Author SHA1 Message Date
Bodo Moeller
98f1ac7df5 Fix and improve SSL_MODE_SEND_FALLBACK_SCSV documentation.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-10-21 22:43:08 +02:00
Bodo Moeller
fb0e87fb67 Add TLS_FALLBACK_SCSV documentation, and move s_client -fallback_scsv
handling out of #ifndef OPENSSL_NO_DTLS1 section.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-10-15 10:43:50 +02:00
Rich Salz
e9edfc4196 RT468: SSL_CTX_sess_set_cache_size wrong
The documentation is wrong about what happens when the
session cache fills up.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-09-08 11:26:03 -04:00
Scott Schaefer
fe7573042f RT2518: fix pod2man errors
pod2man now complains when item tags are not sequential.
Also complains about missing =back and other tags.
Silence the warnings; most were already done.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-09-08 11:18:30 -04:00
Dr. Stephen Henson
f3f56c2a87 Custom extension documentation.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-08-28 17:06:53 +01:00
David Gatwood
fa60b90950 RT1744: SSL_CTX_set_dump_dh() doc feedback
The description of when the server creates a DH key is
confusing.  This cleans it up.
(rsalz: also removed trailing whitespace.)

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2014-08-26 13:47:23 -04:00
Ingo Schwarze
bebbb11d13 RT3239: Extra comma in NAME lines of two manpages
In two OpenSSL manual pages, in the NAME section, the last word of the
name list is followed by a stray trailing comma. While this may seem
minor, it is worth fixing because it may confuse some makewhatis(8)
implementations.

While here, also add the missing word "size" to the one line
description in SSL_CTX_set_max_cert_list(3).

Reviewed by: Dr Stephen Henson <shenson@drh-consultancy.co.uk>
2014-08-12 15:59:18 -04:00
Dr. Stephen Henson
aa224e9719 Fix typo. 2014-07-14 18:31:55 +01:00
Matt Caswell
fd9e244370 Fixed error in pod files with latest versions of pod2man 2014-07-06 00:03:13 +01:00
Dr. Stephen Henson
a23a6e85d8 Update ticket callback docs. 2014-07-03 14:50:08 +01:00
Rich Salz
fc1d88f02f Close a whole bunch of documentation-related tickets:
298 424 656 882 939 1630 1807 2263 2294 2311 2424 2623
    2637 2686 2697 2921 2922 2940 3055 3112 3156 3177 3277
2014-07-02 22:42:40 -04:00
Rich Salz
762a44de59 RT 3245; it's "bitwise or" not "logical or" 2014-07-01 13:00:18 -04:00
Rich Salz
854dfcd859 Fix RT 3211; "and are" -->"are" 2014-07-01 12:55:32 -04:00
Rich Salz
d7003c4d7d Fix RT 3193 2014-07-01 12:44:32 -04:00
Dr. Stephen Henson
528b1f9a9f Clarify protocols supported.
Update protocols supported and note that SSLv2 is effectively disabled
by default.

PR#3184
2014-06-29 00:07:08 +01:00
Jeffrey Walton
0535c2d67c Clarify docs.
Document that the certificate passed to SSL_CTX_add_extra_chain_cert()
should not be freed by the application.

PR#3409
2014-06-27 16:39:11 +01:00
Dr. Stephen Henson
01f2f18f3c Option to disable padding extension.
Add TLS padding extension to SSL_OP_ALL so it is used with other
"bugs" options and can be turned off.

This replaces SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG which is an ancient
option referring to SSLv2 and SSLREF.

PR#3336
2014-06-01 18:15:21 +01:00
Matt Caswell
15658d0cbf Fixed error in args for SSL_set_msg_callback and SSL_set_msg_callback_arg 2014-05-25 23:45:12 +01:00
Jeff Trawick
e5676b8328 typo in SSL_get_peer_cert_chain docs
RT: 3304
2014-05-01 13:40:01 +02:00
Chris Rorvick
fa9d77dcd2 doc: Add missing =back directive.
Signed-off-by: Chris Rorvick <chris@rorvick.com>
2014-04-26 12:32:53 -05:00
Dr. Stephen Henson
b7e46a9bce Update security framework docs. 2014-04-05 13:29:41 +01:00
Dr. Stephen Henson
0f817d3b27 Add initial security framework docs. 2014-03-28 16:42:18 +00:00
Dr. Stephen Henson
f0ef019da2 Add -no_resumption_on_reneg to SSL_CONF.
(cherry picked from commit 1f44dac24d)
2014-03-27 16:12:40 +00:00
Dr. Stephen Henson
e970f63dc0 Update chain building function.
Don't clear verification errors from the error queue unless
SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR is set.

If errors occur during verification and SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR
is set return 2 so applications can issue warnings.
(cherry picked from commit 2dd6976f6d)
2014-03-27 14:24:40 +00:00
Dr. Stephen Henson
13dc3ce9ab New chain building flags.
New flags to build certificate chains. The can be used to rearrange
the chain so all an application needs to do is add all certificates
in arbitrary order and then build the chain to check and correct them.

Add verify error code when building chain.

Update docs.
2014-02-23 13:36:38 +00:00
Dr. Stephen Henson
daddd9a950 Option to set current cert to server certificate. 2014-02-21 19:44:09 +00:00
Kurt Roeckx
e547c45f1c Fix additional pod errors with numbered items. 2014-02-14 22:30:26 +00:00
Scott Schaefer
2b4ffc659e Fix various spelling errors 2014-02-14 22:29:12 +00:00
Dr. Stephen Henson
0f78819c8c New ctrl to set current certificate.
New ctrl sets current certificate based on certain criteria. Currently
two options: set the first valid certificate as current and set the
next valid certificate as current. Using these an application can
iterate over all certificates in an SSL_CTX or SSL structure.
2014-02-02 22:58:19 +00:00
Dr. Stephen Henson
46ab9bbd7f Certificate callback doc. 2014-01-26 16:29:43 +00:00
Jeff Trawick
4b64e0cbdb typo 2014-01-10 23:01:30 +00:00
Jeff Trawick
5edce5685f typo 2014-01-10 23:00:50 +00:00
Daniel Kahn Gillmor
0ecfd920e5 update remaining documentation to move from EDH to DHE
change documentation and comments to indicate that we prefer the
standard "DHE" naming scheme everywhere over the older "EDH"
2014-01-09 15:43:28 +00:00
Daniel Kahn Gillmor
0b30fc903f documentation should use "DHE" instead of "EDH" 2014-01-09 15:43:28 +00:00
Dr. Stephen Henson
5b7f36e857 Add ServerInfoFile to SSL_CONF, update docs. 2014-01-03 23:14:23 +00:00
Dr. Stephen Henson
a4339ea3ba Use algorithm specific chains for certificates.
Fix a limitation in SSL_CTX_use_certificate_chain_file(): use algorithm
specific chains instead of the shared chain.

Update docs.
2014-01-03 22:39:49 +00:00
Dr. Stephen Henson
a25f9adc77 New functions to retrieve certificate from SSL_CTX
New functions to retrieve current certificate or private key
from an SSL_CTX.

Constify SSL_get_private_key().
2013-11-18 18:56:48 +00:00
Rob Stradling
7b6b246fd3 Additional "chain_cert" functions.
PR#3169

This patch, which currently applies successfully against master and
1_0_2, adds the following functions:

SSL_[CTX_]select_current_cert() - set the current certificate without
disturbing the existing structure.

SSL_[CTX_]get0_chain_certs() - get the current certificate's chain.

SSL_[CTX_]clear_chain_certs() - clear the current certificate's chain.

The patch also adds these functions to, and fixes some existing errors
in, SSL_CTX_add1_chain_cert.pod.
2013-11-13 23:48:35 +00:00
Lubomir Rintel
ed77017b59 POD: Fix list termination
This fixes problems in POD list formatting: extra or missing =back
sequences.

doc/ssl/SSL_CTX_set1_curves.pod around line 90: =back without =over
doc/ssl/SSL_CTX_set1_verify_cert_store.pod around line 73: =back without =over
doc/ssl/SSL_CTX_add1_chain_cert.pod around line 82: =back without =over
doc/crypto/evp.pod around line 40: '=item' outside of any '=over'
crypto/des/des.pod around line 184: You forgot a '=back' before '=head1'

PR#3147
2013-10-22 07:38:25 +01:00
Lubomir Rintel
c8919dde09 POD: Fix item numbering
Newer pod2man considers =item [1-9] part of a numbered list, while =item
0 starts an unnumbered list. Add a zero effect formatting mark to override
this.

doc/apps/smime.pod around line 315: Expected text after =item, not a
number
...

PR#3146
2013-10-22 07:38:25 +01:00
Dr. Stephen Henson
c557f921dc Add SSL_CONF command to set DH Parameters. 2013-10-22 07:38:25 +01:00
Dr. Stephen Henson
ec2f7e568e Extend SSL_CONF
Extend SSL_CONF to return command value types.

Add certificate and key options.

Update documentation.
2013-10-20 22:07:36 +01:00
Trevor Perrin
deda5ea788 Update docs to mention "BEGIN SERVERINFO FOR ". 2013-09-13 19:48:09 -07:00
Rob Stradling
dece3209f2 Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X.
OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
2013-09-05 13:09:03 +01:00
Dr. Stephen Henson
c3eb33763b Document supported curve functions. 2013-09-03 15:43:01 +01:00
Dr. Stephen Henson
eeb15452a0 Add documentation.
Preliminary documentation for chain and verify stores and certificate chain
setting functions.
2013-08-17 17:41:14 +01:00
Trevor
9cd50f738f Cleanup of custom extension stuff.
serverinfo rejects non-empty extensions.

Omit extension if no relevant serverinfo data.

Improve error-handling in serverinfo callback.

Cosmetic cleanups.

s_client documentation.

s_server documentation.

SSL_CTX_serverinfo documentation.

Cleaup -1 and NULL callback handling for custom extensions, add tests.

Cleanup ssl_rsa.c serverinfo code.

Whitespace cleanup.

Improve comments in ssl.h for serverinfo.

Whitespace.

Cosmetic cleanup.

Reject non-zero-len serverinfo extensions.

Whitespace.

Make it build.
2013-06-18 16:13:08 +01:00
Matt Caswell
aafbe1ccd2 Document updates from wiki.
PR#3071

The primary changes made are:
- Updates to the "NAME" section of many pages to correctly reflect the
functions defined on those pages. This section is automatically parsed
by the util/extract-names.pl script, so if it is not correct then
running "man" will not correctly locate the right manual pages.
- Updates to take account of where functions are now deprecated
- Full documentation of the ec sub-library
- A number of other typo corrections and other minor tweaks
2013-06-12 23:42:08 +01:00
Dr. Stephen Henson
4365e4aad9 Update SSL_CONF docs.
Fix some typos and update version number first added: it has now been
backported to OpenSSL 1.0.2.
2013-02-26 15:29:11 +00:00
Nick Alcock
5cc2707742 Fix POD errors to stop make install_docs dying with pod2man 2.5.0+
podlators 2.5.0 has switched to dying on POD syntax errors. This means
that a bunch of long-standing erroneous POD in the openssl documentation
now leads to fatal errors from pod2man, halting installation.

Unfortunately POD constraints mean that you have to sort numeric lists
in ascending order if they start with 1: you cannot do 1, 0, 2 even if
you want 1 to appear first. I've reshuffled such (alas, I wish there
were a better way but I don't know of one).
2013-02-15 19:36:26 +01:00
Dr. Stephen Henson
65f2a56580 documentation fixes 2012-12-06 23:26:11 +00:00
Dr. Stephen Henson
13cfb04343 reorganise SSL_CONF_cmd manual page and update some links 2012-11-20 01:01:33 +00:00
Dr. Stephen Henson
821244cf67 clarify docs 2012-11-18 18:06:16 +00:00
Dr. Stephen Henson
edb128ce00 fix manual page file name 2012-11-18 17:58:45 +00:00
Dr. Stephen Henson
c7b7984ac9 fix typos in SSL_CONF documentation 2012-11-17 00:21:34 +00:00
Dr. Stephen Henson
3db935a9e5 add SSL_CONF functions and documentation 2012-11-16 19:12:24 +00:00
Dr. Stephen Henson
0c58d22ad9 PR: 1794
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve

Document unknown_psk_identify alert, remove pre-RFC 5054 string from
ssl_stat.c
2011-11-13 13:13:01 +00:00
Bodo Möller
9d74befd23 Clarify warning 2011-10-13 13:27:09 +00:00
Bodo Möller
735ebc2de7 Fix typo.
Submitted by: Jim Morrison
2011-07-11 12:13:55 +00:00
Bodo Möller
88f2a4cf9c CVE-2010-4180 fix (from OpenSSL_1_0_0-stable) 2011-02-03 10:43:00 +00:00
Dr. Stephen Henson
c0b8eb606f Add SHA2 algorithms to SSL_library_init(). Although these aren't used
directly by SSL/TLS SHA2 certificates are becoming more common and
applications that only call SSL_library_init() and not
OpenSSL_add_all_alrgorithms() will fail when verifying certificates.

Update docs.
2010-04-07 13:18:07 +00:00
Dr. Stephen Henson
d4a45bf31a Remove obsolete PRNG note. Add comment about use of SHA256 et al. 2010-04-06 15:03:27 +00:00
Dr. Stephen Henson
69582a592e clarify documentation 2010-02-18 12:41:33 +00:00
Dr. Stephen Henson
c2c49969e2 Allow renegotiation if SSL_OP_LEGACY_SERVER_CONNECT is set as well as
initial connection to unpatched servers. There are no additional security
concerns in doing this as clients don't see renegotiation during an
attack anyway.
2010-02-17 18:38:31 +00:00
Dr. Stephen Henson
f959598866 update references to new RI RFC 2010-02-12 21:59:31 +00:00
Dr. Stephen Henson
9fb6fd34f8 reword RI description 2010-01-27 18:53:33 +00:00
Dr. Stephen Henson
99b36a8c31 update documentation to reflect new renegotiation options 2010-01-27 17:46:24 +00:00
Dr. Stephen Henson
2a30fec786 Typo 2010-01-05 17:49:49 +00:00
Dr. Stephen Henson
b5c002d5a8 clarify docs 2009-12-09 18:16:50 +00:00
Dr. Stephen Henson
4db82571ba Document option clearning functions.
Initial secure renegotiation documentation.
2009-12-09 17:59:29 +00:00
Dr. Stephen Henson
7689ed34d3 PR: 2025
Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org

Constify SSL_CIPHER_description
2009-09-12 23:17:39 +00:00
Dr. Stephen Henson
477fd4596f PR: 1835
Submitted by: Damien Miller <djm@mindrot.org>
Approved by: steve@openssl.org

Fix various typos.
2009-02-14 21:49:38 +00:00
Lutz Jänicke
787287af40 Refer to SSL_pending from the man page for SSL_read 2008-08-01 15:03:20 +00:00
Ben Laurie
8671b89860 Memory saving patch. 2008-06-03 02:48:34 +00:00
Dr. Stephen Henson
f3fef74b09 Document ticket disabling option. 2007-08-23 22:49:13 +00:00
Nils Larsch
fec38ca4ed fix typos
PR: 1354, 1355, 1398, 1408
2006-12-21 21:13:27 +00:00
Nils Larsch
da736b31b2 fix documentation
PR: 1343
2006-12-06 09:10:59 +00:00
Nils Larsch
c2cd422ac6 note that SSL_library_init() is not reentrant 2006-03-12 00:37:55 +00:00
Nils Larsch
ddac197404 add initial support for RFC 4279 PSK SSL ciphersuites
PR: 1191
Submitted by: Mika Kousa and Pasi Eronen of Nokia Corporation
Reviewed by: Nils Larsch
2006-03-10 23:06:27 +00:00
Bodo Möller
72dce7685e Add fixes for CAN-2005-2969.
(This were in 0.9.7-stable and 0.9.8-stable, but not in HEAD so far.)
2005-10-26 19:40:45 +00:00
Nils Larsch
4ebb342fcd Let the TLSv1_method() etc. functions return a const SSL_METHOD
pointer and make the SSL_METHOD parameter in SSL_CTX_new,
SSL_CTX_set_ssl_version and SSL_set_ssl_method const.
2005-08-14 21:48:33 +00:00
Nils Larsch
e248596bac improve docu of SSL_CTX_use_PrivateKey() 2005-04-08 22:49:57 +00:00
Nils Larsch
c3e6402857 update docs (recent constification) 2005-03-30 11:50:14 +00:00
Dr. Stephen Henson
e27a259696 Doc fixes. 2005-03-22 17:55:33 +00:00
Dr. Stephen Henson
4a64f3d665 PR: 938
Typo.
2004-11-14 13:55:16 +00:00
Lutz Jänicke
9f6ea7163b More precise explanation of session id context requirements. 2004-06-14 13:27:28 +00:00
Richard Levitte
6859bb1a22 Make sure the documentation matches reality.
PR: 755
Notified by: Jakub Bogusz <qboosh@pld-linux.org>
2003-11-29 10:33:25 +00:00
Lutz Jänicke
9d19fbc4fc Clarify wording of verify_callback() behaviour. 2003-06-26 14:03:03 +00:00
Lutz Jänicke
db01746978 Clarify return value of SSL_connect() and SSL_accept() in case of the
WANT_READ and WANT_WRITE conditions.
2003-06-03 09:59:44 +00:00
Lutz Jänicke
02b95b7499 Clarify ordering of certificates when using certificate chains 2003-05-30 07:45:07 +00:00
Lutz Jänicke
423b1a840c Add warning about unwanted side effect when calling SSL_CTX_free():
sessions in the external session cache might be removed.
Submitted by: "Nadav Har'El" <nyh@math.technion.ac.il>

PR: 547
2003-03-27 22:04:05 +00:00
Richard Levitte
d177e6180d Spelling errors.
PR: 538
2003-03-20 11:41:59 +00:00
Lutz Jänicke
532215f2db Missing ")"
Submitted by: Christian Hohnstaedt <chohnstaedt@innominate.com>
Reviewed by:
PR:
2002-12-04 13:30:58 +00:00
Lutz Jänicke
84d828ab70 No such reference to link to (found running pod2latex).
Submitted by:
Reviewed by:
PR:
2002-11-14 21:41:54 +00:00
Geoff Thorpe
769fedc3ad Add a HISTORY section to the man page to mention the new flags. 2002-10-29 18:05:16 +00:00
Geoff Thorpe
d9ec9d990f The last character of inconsistency in my recent commits is hereby
squashed.
2002-10-29 17:51:32 +00:00
Geoff Thorpe
e0db2eed8d Correct and enhance the behaviour of "internal" session caching as it
relates to SSL_CTX flags and the use of "external" session caching. The
existing flag, "SSL_SESS_CACHE_NO_INTERNAL_LOOKUP" remains but is
supplemented with a complimentary flag, "SSL_SESS_CACHE_NO_INTERNAL_STORE".
The bitwise OR of the two flags is also defined as
"SSL_SESS_CACHE_NO_INTERNAL" and is the flag that should be used by most
applications wanting to implement session caching *entirely* by its own
provided callbacks. As the documented behaviour contradicted actual
behaviour up until recently, and since that point behaviour has itself been
inconsistent anyway, this change should not introduce any compatibility
problems. I've adjusted the relevant documentation to elaborate about how
this works.

Kudos to "Nadav Har'El" <nyh@math.technion.ac.il> for diagnosing these
anomalies and testing this patch for correctness.

PR: 311
2002-10-29 00:33:04 +00:00
Richard Levitte
37f5fcf85c Missing =back.
Part of PR 196
2002-08-15 10:59:55 +00:00
Bodo Möller
02750ff56f mention SSL_do_handshake() 2002-07-29 12:35:19 +00:00
Lutz Jänicke
20adcfa058 The behaviour is undefined when calling SSL_write() with num=0.
Submitted by:
Reviewed by:
PR: 141
2002-07-19 11:53:54 +00:00
Lutz Jänicke
02b7ec88bb Manual page for SSL_do_handshake().
Submitted by: Martin Sjögren <martin@strakt.com>
PR: 137
2002-07-19 11:05:50 +00:00
Lutz Jänicke
2edcb4ac71 Typos in links between manual pages
Submitted by: Richard.Koenning@fujitsu-siemens.com
Reviewed by:
PR: 129
2002-07-10 19:35:54 +00:00
Bodo Möller
c21506ba02 New option SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS for disabling CBC
vulnerability workaround (included in SSL_OP_ALL).

PR: #90
2002-06-14 12:21:11 +00:00
Lutz Jänicke
8586df1efb Correct wrong usage information.
PR: 95
2002-06-12 20:15:18 +00:00
Lutz Jänicke
a5200a1b8f Typo.
PR: 72
2002-06-04 20:43:10 +00:00
Bodo Möller
023ec151df Add 'void *' argument to app_verify_callback.
Submitted by: D. K. Smetters <smetters@parc.xerox.com>
Reviewed by: Bodo Moeller
2002-02-28 10:52:56 +00:00
Lutz Jänicke
ce4b274aa1 SSL_clear != SSL_free/SSL_new 2002-02-27 08:08:57 +00:00
Lutz Jänicke
f0d6ee6be8 Even though it is not really practical people should know about it. 2002-02-15 07:41:42 +00:00
Lutz Jänicke
a7ce69dbd7 Clarify reference count handling/removal of session
(shinagawa@star.zko.dec.com).
2001-11-19 11:11:23 +00:00
Bodo Möller
65123f8064 remove incorrect 'callback' prototype 2001-11-10 02:12:56 +00:00
Bodo Möller
1d8634b110 msg_callback documentation 2001-11-10 02:12:09 +00:00
Bodo Möller
a661b65357 New functions SSL[_CTX]_set_msg_callback().
New macros SSL[_CTX]_set_msg_callback_arg().

Message callback imlementation for SSL 3.0/TLS 1.0 (no SSL 2.0 yet).

New '-msg' option for 'openssl s_client' and 'openssl s_server'
that enable a message callback that displays all protocol messages.


In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if
client_version is smaller than the protocol version in use.
Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0
if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the
client will at least see that alert.

Fix SSL[_CTX]_ctrl prototype (void * instead of char * for generic
pointer).

Add/update some OpenSSL copyright notices.
2001-10-20 17:56:36 +00:00
Bodo Möller
51008ffce1 document SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 2001-10-17 11:56:26 +00:00
Lutz Jänicke
56fa8e69cf Update information as a partial response to the post
From: "Chris D. Peterson" <cpeterson@aventail.com>
  Subject: Implementation Issues with OpenSSL
  To: openssl-users@openssl.org
  Date: Wed, 22 Aug 2001 16:13:17 -0700
The patch included in the original post may improve the internal session
list handling (and is therefore worth a seperate investigation).
No change to the list handling will however solve the problems of incorrect
SSL_SESSION_free() calls. The session list is only one possible point of
failure, dangling pointers would also occur for SSL object currently
using the session. The correct solution is to only use SSL_SESSION_free()
when applicable!
2001-10-12 12:29:16 +00:00
Lutz Jänicke
d300bcca7f Typo. 2001-09-13 15:18:51 +00:00
Lutz Jänicke
d59c3e5046 One more manual page. 2001-09-13 15:05:42 +00:00
Lutz Jänicke
6d8566f2eb Rework section about return values another time (based on hints from
Bodo Moeller).
2001-09-13 13:21:38 +00:00
Lutz Jänicke
c0f5dd070b Make maximum certifcate chain size accepted from the peer application
settable (proposed by "Douglas E. Engert" <deengert@anl.gov>).
2001-09-11 13:08:51 +00:00
Ulf Möller
3b80e3aa9e ispell 2001-09-07 06:13:40 +00:00
Lutz Jänicke
f1b2807478 More docs. 2001-08-24 14:29:48 +00:00
Lutz Jänicke
bfd7bb3eb6 Typo. 2001-08-23 17:41:20 +00:00
Lutz Jänicke
11c8f0b79d More manual pages. Constify. 2001-08-23 17:22:43 +00:00
Lutz Jänicke
c4068186ac As discussed recently on openssl-users. 2001-08-23 15:00:11 +00:00
Lutz Jänicke
0a93a68020 Make clear, that using the compression layer is currently not recommended. 2001-08-23 09:42:12 +00:00
Ulf Möller
f2ab7d1392 typo. 2001-08-22 18:35:17 +00:00
Lutz Jänicke
141e584998 One more manual page... 2001-08-21 14:54:54 +00:00
Lutz Jänicke
336736ef35 Documentation on how to handle compression methods.
Hopefully it is clear enough, that it is currently not recommended.
2001-08-21 13:02:58 +00:00
Lutz Jänicke
d93eb21c7c More interdependencies with respect to shutdown behaviour. 2001-08-20 14:34:16 +00:00
Lutz Jänicke
a403188f92 Alert description strings for TLSv1 and documentation. 2001-08-19 16:20:42 +00:00
Lutz Jänicke
52129c0b0b More details about session timeout settings. 2001-08-17 16:36:51 +00:00
Lutz Jänicke
a52877a2f1 One more function documented. 2001-08-17 15:54:50 +00:00
Lutz Jänicke
cdd7c3ce92 SSL_shutdown() has even more properties... 2001-08-17 15:09:31 +00:00
Lutz Jänicke
c1497b4d19 One more step on the way for complete documentation... 2001-08-17 14:32:38 +00:00
Lutz Jänicke
b2ed462934 Unidirectional shutdown is allowed according to the RFC. 2001-08-17 09:08:32 +00:00
Lutz Jänicke
9e09eebf94 Better description of the behaviour of SSL_shutdown() as it is now, broken
or not.
2001-08-16 14:27:55 +00:00
Lutz Jänicke
06da6e4977 Don't disable rollback attack detection as a recommended bug workaround. 2001-08-03 08:45:13 +00:00
Lutz Jänicke
37f599bcec Reworked manual pages with a lot of input from Bodo Moeller. 2001-07-31 15:04:50 +00:00
Lutz Jänicke
7abe76e1bd Fix wrong information about SSL_set_connect_state()... 2001-07-25 12:12:51 +00:00
Lutz Jänicke
3e3dac9f97 Additional inline reference. 2001-07-23 12:57:37 +00:00
Lutz Jänicke
397ba0f08a Add missing reference. 2001-07-23 12:52:05 +00:00
Lutz Jänicke
4db48ec0bd Documentation about ephemeral key exchange 2001-07-21 11:02:17 +00:00
Lutz Jänicke
6d3dec92fb Updated explanation. 2001-07-20 19:23:43 +00:00
Lutz Jänicke
2d3b6a5be7 Some more documentation bits. 2001-07-20 18:57:15 +00:00
Lutz Jänicke
a1a63a4239 Clarify! (based on recent mailing-list discussions) 2001-07-11 15:10:28 +00:00
Lutz Jänicke
74daa124c2 Add missing item(s) SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT. 2001-05-16 09:43:51 +00:00
Lutz Jänicke
5892855c5f Typos. 2001-05-14 09:52:44 +00:00
Lutz Jänicke
a6e859e9ec One more point to clarify, pointed out by "Greg Stark" <ghstark@pobox.com> 2001-05-14 09:02:38 +00:00
Lutz Jänicke
33ab4699ba Clarify behaviour with respect to SSL/TLS records. 2001-05-12 09:49:02 +00:00
Lutz Jänicke
4b3270f78e Clarify behaviour of SSL_write() by mentioning SSL_MODE_ENABLE_PARTIAL_WRITE
flag as discussed on the mailing list.
2001-05-11 09:53:10 +00:00
Lutz Jänicke
197322455d Clarify request of client certificates. This is a FAQ. 2001-04-17 13:18:56 +00:00