Backport of the patch:
add ECC strings to ciphers(1), point out difference between DH and ECDH
and few other changes applicable to the 1.0.1 code base.
* Make a clear distinction between DH and ECDH key exchange.
* Group all key exchange cipher suite identifiers, first DH then ECDH
* add descriptions for all supported *DH* identifiers
* add ECDSA authentication descriptions
* add example showing how to disable all suites that offer no
authentication or encryption
* backport listing of elliptic curve cipher suites.
* backport listing of TLS 1.2 cipher suites, add note that DH_RSA
and DH_DSS is not implemented in this version
* backport of description of PSK and listing of PSK cipher suites
* backport description of AES128, AES256 and AESGCM options
* backport description of CAMELLIA128, CAMELLIA256 options
the verify app man page didn't describe the usage of attime option
even though it was listed as a valid option in the -help message.
This patch fixes this omission.
Newer pod2man considers =item [1-9] part of a numbered list, while =item
0 starts an unnumbered list. Add a zero effect formatting mark to override
this.
doc/apps/smime.pod around line 315: Expected text after =item, not a
number
...
PR#3146
apps/pkcs12.c accepts -password as an argument. The document author
almost certainly meant to write "-password, -passin".
However, that is not correct, either. Actually the code treats
-password as equivalent to -passin, EXCEPT when -export is also
specified, in which case -password as equivalent to -passout.
(cherry picked from commit 856c6dfb09)
Submitted by: "Victor B. Wagner" <vitus@cryptocom.ru>
Approved by: steve@openssl.org
Document/clarify use of some options and include details of GOST algorihthm
usage.
Ignore self issued certificates when checking path length constraints.
Duplicate OIDs in policy tree in case they are allocated.
Use anyPolicy from certificate cache and not current tree level.
I just compiled the 9.9-dev version from the 12022007 tarball under
DJGPP. There were only 2 changes needed, one for b_sock.c, since
DJGPP with WATT32 doesn't define socklen_t and one for testtsa to
handle DOS style path separators. I also noted what seems to be a
typographical error in ts.pod. The test suite passes. The patch is
attached.
Since I am in the US, I have sent notifications to the Bureau of
Industry and Security and to the NSA.
