Commit graph

139 commits

Author SHA1 Message Date
Lutz Jänicke
ec28f9c12c Clarify wording of verify_callback() behaviour. 2003-06-26 14:03:33 +00:00
Lutz Jänicke
fe0444b17e Clarify return value of SSL_connect() and SSL_accept() in case of the
WANT_READ and WANT_WRITE conditions.
2003-06-03 09:59:10 +00:00
Lutz Jänicke
f50b911a3f Clarify ordering of certificates when using certificate chains 2003-05-30 07:45:50 +00:00
Lutz Jänicke
931756b833 Add warning about unwanted side effect when calling SSL_CTX_free():
sessions in the external session cache might be removed.
Submitted by: "Nadav Har'El" <nyh@math.technion.ac.il>

PR: 547
2003-03-27 22:03:11 +00:00
Richard Levitte
1296e72d1d Spelling errors.
PR: 538
2003-03-20 11:42:01 +00:00
Lutz Jänicke
2e70cb6506 Missing "("
Submitted by: Christian Hohnstaedt <chohnstaedt@innominate.com>
Reviewed by:
PR:
2002-12-04 13:29:14 +00:00
Lutz Jänicke
259b33d5a3 No such reference to link to (found running pod2latex).
Submitted by:
Reviewed by:
PR:
2002-11-14 21:40:12 +00:00
Geoff Thorpe
0bf707e346 Add a HISTORY section to the man page to mention the new flags. 2002-10-29 18:06:09 +00:00
Geoff Thorpe
f9fde13590 Correct another inconsistency in my recent commits. 2002-10-29 17:47:43 +00:00
Geoff Thorpe
6f7ba4be1f Correct and enhance the behaviour of "internal" session caching as it
relates to SSL_CTX flags and the use of "external" session caching. The
existing flag, "SSL_SESS_CACHE_NO_INTERNAL_LOOKUP" remains but is
supplemented with a complimentary flag, "SSL_SESS_CACHE_NO_INTERNAL_STORE".
The bitwise OR of the two flags is also defined as
"SSL_SESS_CACHE_NO_INTERNAL" and is the flag that should be used by most
applications wanting to implement session caching *entirely* by its own
provided callbacks. As the documented behaviour contradicted actual
behaviour up until recently, and since that point behaviour has itself been
inconsistent anyway, this change should not introduce any compatibility
problems. I've adjusted the relevant documentation to elaborate about how
this works.

Kudos to "Nadav Har'El" <nyh@math.technion.ac.il> for diagnosing these
anomalies and testing this patch for correctness.

PR: 311
2002-10-29 00:31:14 +00:00
Richard Levitte
52ccf9e1c1 Missing =back.
Part of PR 196
2002-08-15 10:59:59 +00:00
Bodo Möller
93d1969c78 mention SSL_do_handshake() 2002-07-29 12:34:14 +00:00
Lutz Jänicke
4408572079 The behaviour is undefined when calling SSL_write() with num=0.
Submitted by:
Reviewed by:
PR: 141
2002-07-19 11:53:11 +00:00
Lutz Jänicke
31b5b999c7 Manual page for SSL_do_handshake().
Submitted by: Martin Sjögren <martin@strakt.com>
PR: 137
2002-07-19 11:06:53 +00:00
cvs2svn
f8bcfb5d5a This commit was manufactured by cvs2svn to create branch
'OpenSSL_0_9_7-stable'.
2002-07-19 11:05:53 +00:00
Lutz Jänicke
02b7ec88bb Manual page for SSL_do_handshake().
Submitted by: Martin Sjögren <martin@strakt.com>
PR: 137
2002-07-19 11:05:50 +00:00
Lutz Jänicke
2edcb4ac71 Typos in links between manual pages
Submitted by: Richard.Koenning@fujitsu-siemens.com
Reviewed by:
PR: 129
2002-07-10 19:35:54 +00:00
Lutz Jänicke
150f2d8d24 Typos in links between manual pages
Submitted by: Richard.Koenning@fujitsu-siemens.com
Reviewed by:
PR: 129
2002-07-10 19:34:47 +00:00
Bodo Möller
c21506ba02 New option SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS for disabling CBC
vulnerability workaround (included in SSL_OP_ALL).

PR: #90
2002-06-14 12:21:11 +00:00
Bodo Möller
2f8275c52d New option SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS for disabling CBC
vulnerability workaround (included in SSL_OP_ALL).

PR: #90
2002-06-14 12:20:27 +00:00
Lutz Jänicke
8586df1efb Correct wrong usage information.
PR: 95
2002-06-12 20:15:18 +00:00
Lutz Jänicke
78af3b274f Correct wrong usage information.
Submitted by:
Reviewed by:
PR: 95
2002-06-12 20:14:04 +00:00
Lutz Jänicke
5dd352c916 Typo.
Submitted by:
Reviewed by:
PR: 72
2002-06-04 20:44:10 +00:00
Lutz Jänicke
a5200a1b8f Typo.
PR: 72
2002-06-04 20:43:10 +00:00
Bodo Möller
48781ef7f7 Add 'void *' argument to app_verify_callback.
Submitted by: D. K. Smetters <smetters@parc.xerox.com>
Reviewed by: Bodo Moeller
2002-02-28 10:55:52 +00:00
Bodo Möller
023ec151df Add 'void *' argument to app_verify_callback.
Submitted by: D. K. Smetters <smetters@parc.xerox.com>
Reviewed by: Bodo Moeller
2002-02-28 10:52:56 +00:00
Lutz Jänicke
291ae60b52 SSL_clear != SSL_free/SSL_new
Submitted by:
Reviewed by:
PR:
2002-02-27 08:10:12 +00:00
Lutz Jänicke
ce4b274aa1 SSL_clear != SSL_free/SSL_new 2002-02-27 08:08:57 +00:00
Lutz Jänicke
f38f8d94a9 Even though it is not really practical people should know about it.
Submitted by:
Reviewed by:
PR:
2002-02-15 07:44:44 +00:00
cvs2svn
679eb352e0 This commit was manufactured by cvs2svn to create branch
'OpenSSL_0_9_7-stable'.
2002-02-15 07:41:46 +00:00
Lutz Jänicke
f0d6ee6be8 Even though it is not really practical people should know about it. 2002-02-15 07:41:42 +00:00
Lutz Jänicke
a7ce69dbd7 Clarify reference count handling/removal of session
(shinagawa@star.zko.dec.com).
2001-11-19 11:11:23 +00:00
Bodo Möller
65123f8064 remove incorrect 'callback' prototype 2001-11-10 02:12:56 +00:00
Bodo Möller
1d8634b110 msg_callback documentation 2001-11-10 02:12:09 +00:00
Bodo Möller
a661b65357 New functions SSL[_CTX]_set_msg_callback().
New macros SSL[_CTX]_set_msg_callback_arg().

Message callback imlementation for SSL 3.0/TLS 1.0 (no SSL 2.0 yet).

New '-msg' option for 'openssl s_client' and 'openssl s_server'
that enable a message callback that displays all protocol messages.


In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if
client_version is smaller than the protocol version in use.
Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0
if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the
client will at least see that alert.

Fix SSL[_CTX]_ctrl prototype (void * instead of char * for generic
pointer).

Add/update some OpenSSL copyright notices.
2001-10-20 17:56:36 +00:00
Bodo Möller
51008ffce1 document SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 2001-10-17 11:56:26 +00:00
Lutz Jänicke
56fa8e69cf Update information as a partial response to the post
From: "Chris D. Peterson" <cpeterson@aventail.com>
  Subject: Implementation Issues with OpenSSL
  To: openssl-users@openssl.org
  Date: Wed, 22 Aug 2001 16:13:17 -0700
The patch included in the original post may improve the internal session
list handling (and is therefore worth a seperate investigation).
No change to the list handling will however solve the problems of incorrect
SSL_SESSION_free() calls. The session list is only one possible point of
failure, dangling pointers would also occur for SSL object currently
using the session. The correct solution is to only use SSL_SESSION_free()
when applicable!
2001-10-12 12:29:16 +00:00
Lutz Jänicke
d300bcca7f Typo. 2001-09-13 15:18:51 +00:00
Lutz Jänicke
d59c3e5046 One more manual page. 2001-09-13 15:05:42 +00:00
Lutz Jänicke
6d8566f2eb Rework section about return values another time (based on hints from
Bodo Moeller).
2001-09-13 13:21:38 +00:00
Lutz Jänicke
c0f5dd070b Make maximum certifcate chain size accepted from the peer application
settable (proposed by "Douglas E. Engert" <deengert@anl.gov>).
2001-09-11 13:08:51 +00:00
Ulf Möller
3b80e3aa9e ispell 2001-09-07 06:13:40 +00:00
Lutz Jänicke
f1b2807478 More docs. 2001-08-24 14:29:48 +00:00
Lutz Jänicke
bfd7bb3eb6 Typo. 2001-08-23 17:41:20 +00:00
Lutz Jänicke
11c8f0b79d More manual pages. Constify. 2001-08-23 17:22:43 +00:00
Lutz Jänicke
c4068186ac As discussed recently on openssl-users. 2001-08-23 15:00:11 +00:00
Lutz Jänicke
0a93a68020 Make clear, that using the compression layer is currently not recommended. 2001-08-23 09:42:12 +00:00
Ulf Möller
f2ab7d1392 typo. 2001-08-22 18:35:17 +00:00
Lutz Jänicke
141e584998 One more manual page... 2001-08-21 14:54:54 +00:00
Lutz Jänicke
336736ef35 Documentation on how to handle compression methods.
Hopefully it is clear enough, that it is currently not recommended.
2001-08-21 13:02:58 +00:00