Claus Assmann
8b5fffc819
Fix grammar error in SSL_CTX_set_min_proto_version
...
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1762 )
2016-10-21 06:42:20 -04:00
Andrea Grandi
50c3fc00cc
Fix broken link to ASYNC_get_wait_ctx and rewrap the paragraph
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1745 )
2016-10-19 08:45:02 +01:00
Andrea Grandi
efba60ca7a
Add missing .pod extension to EVP_PKEY_CTX_set_tls1_prf_md
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-10-19 10:28:31 +01:00
David Woodhouse
cde6145ba1
Add SSL_OP_NO_ENCRYPT_THEN_MAC
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-10-17 23:17:39 +01:00
Valentin Vidic
b2e54eb834
Add Postgres support to -starttls
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-10-17 23:05:36 +01:00
choury
ba6017a193
fix invalid use of incomplete type X509_STORE_CTX
...
CLA: trivial
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-17 14:39:00 +02:00
Steven Fackler
8bdce8d160
Fix signatures of EVP_Digest{Sign,Verify}Update
...
These are implemented as macros delegating to `EVP_DigestUpdate`, which
takes a `size_t` as its third argument, not an `unsigned int`.
CLA: trivial
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-10-15 23:34:33 +01:00
Andy Polyakov
bf78883d45
doc/crypto/OPENSSL_ia32cap.pod: update assembler requirements.
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-11 09:20:42 +02:00
Dr. Stephen Henson
5fb1005987
Add -item option to asn1parse
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-29 16:21:46 +01:00
Dr. Stephen Henson
56501ebd09
Add ASN1_ITEM lookup and enumerate functions.
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-29 16:21:45 +01:00
Matt Caswell
a671b3e64a
Add OCSP_RESPID_match()
...
Add a function for testing whether a given OCSP_RESPID matches with a
certificate.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-22 09:27:45 +01:00
Matt Caswell
e12c0beb5a
Add the ability to set OCSP_RESPID fields
...
OCSP_RESPID was made opaque in 1.1.0, but no accessors were provided for
setting the name/key value for the OCSP_RESPID.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-22 09:27:45 +01:00
Rich Salz
776e15f939
Dcoument -alpn flag
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-09-21 11:23:12 -04:00
Rich Salz
4588cb4443
Revert "Constify code about X509_VERIFY_PARAM"
...
This reverts commit 81f9ce1e19
.
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-09-21 10:37:03 -04:00
Richard Levitte
6e836806ad
Documentation fixup; no more ECDHParameters
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-20 18:24:24 +02:00
FdaSilvaYY
81f9ce1e19
Constify code about X509_VERIFY_PARAM
...
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1594 )
2016-09-18 00:22:00 -04:00
Rich Salz
6f0ac0e2f2
Make reference to other manpage more explicit
...
Where -curves, etc., are defined: SSL_CONF_cmd
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-09-14 18:25:40 -04:00
Richard Levitte
2e04d6cc9d
Document the new SHA256 and SHA512 password generation options
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-14 18:02:29 +02:00
Rich Salz
7d959c358a
Add -h and -help for c_rehash script and app
...
Resolves GH1515 and GH1509.
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-09-14 08:59:48 -04:00
Rich Salz
01c09f9fde
Misc BN fixes
...
Never output -0; make "negative zero" an impossibility.
Do better checking on BN_rand top/bottom requirements and #bits.
Update doc.
Ignoring trailing garbage in BN_asc2bn.
Port this commit from boringSSL: https://boringssl.googlesource.com/boringssl/+/899b9b19a4cd3fe526aaf5047ab9234cdca19f7d%5E!/
Ensure |BN_div| never gives negative zero in the no_branch code.
Have |bn_correct_top| fix |bn->neg| if the input is zero so that we
don't have negative zeros lying around.
Thanks to Brian Smith for noticing.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-09-06 10:42:01 -04:00
Viktor Dukhovni
4a7b3a7b4d
Un-delete still documented X509_STORE_CTX_set_verify
...
It should not have been removed.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-24 20:30:45 +01:00
Rob Percival
cfd20f64cc
Typo fixes
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-24 13:58:19 +01:00
Rob Percival
ea4b7ded52
Updates the CT_POLICY_EVAL_CTX POD
...
Ownership semantics and function names have changed.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-24 13:58:19 +01:00
Rob Percival
513a3cb16b
Correct documentation about SCT setters resetting validation status
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-24 13:58:19 +01:00
Rob Percival
e12981019a
Removes the SCT_verify* POD
...
SCT_verify_v1 has been removed and SCT_verify is no longer part of the
public API.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-24 13:58:19 +01:00
Rob Percival
a0a9f36ebf
Documents the SCT validation functions
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-24 13:58:19 +01:00
Rob Percival
76bfd2ccc3
Removes {o2i,i2o}_SCT_signature from PODs
...
These functions have been removed from the public API.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-24 13:58:19 +01:00
Rob Percival
5edcadb127
Documents the CTLOG functions
...
CTLOG_new_null() has been removed from the code, so it has also been
removed from this POD.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-24 13:58:19 +01:00
Rob Percival
0e74d7ca44
Document the i2o and o2i SCT functions
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-24 13:58:19 +01:00
Rob Percival
a8d5d13a5f
Removes d2i_SCT_LIST.pod
...
This is covered by d2i_X509.pod.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-24 13:58:19 +01:00
Rob Percival
4cfdabbb09
Document that SCT_set_source returns 0 on failure.
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-24 13:58:19 +01:00
Rob Percival
882babda46
Clarifies the format of a log's public key in the CONF file
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-24 13:58:19 +01:00
Rob Percival
4a388d1e05
Refer to OPENSSLDIR rather than "the OpenSSL install directory"
...
The prior wording was less accurate.
See https://github.com/openssl/openssl/pull/1372#discussion_r73127000 .
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-24 13:58:19 +01:00
Rob Percival
32fa3da8b1
Adds history section to CT PODs
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-24 13:58:19 +01:00
Rob Percival
e469945f2c
Fixes final issue in CT PODs highlighted by util/find-doc-nits.pl
...
Fixes complaint "ct missing from SYNOPSIS".
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-24 13:58:19 +01:00
Rob Percival
4eabbe9d59
Renames CT_POLICY_EVAL_CTX.pod to CT_POLICY_EVAL_CTX_new.pod
...
util/fix-doc-nits.pl complains that
"CT_POLICY_EVAL_CTX (filename) missing from NAME section".
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-24 13:58:19 +01:00
Rob Percival
7a2c739c00
Adds copyright section to ct.pod
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-24 13:58:19 +01:00
Rob Percival
6c3e9a71ab
Adds newline after =cut in PODs
...
util/find-doc-nits.pl complains that the file "doesn't end with =cut".
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-24 13:58:19 +01:00
Rob Percival
cb8145ff4a
Adds missing function names to NAME section of PODs
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-24 13:58:19 +01:00
Rob Percival
ae97a654ca
Add enum definitions to CT pods
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-24 13:58:19 +01:00
Rob Percival
8b12a3e75b
Remove unnecessary bold tags in CT pods
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-24 13:58:19 +01:00
Rob Percival
0620ecdcd2
Add SSL_get0_peer_scts to ssl.pod
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-24 13:58:19 +01:00
Rob Percival
56f3f714ef
First draft of CT documentation
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-24 13:58:19 +01:00
FdaSilvaYY
0fe9123687
Constify a bit X509_NAME_get_entry
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-23 11:47:22 +02:00
FdaSilvaYY
9f5466b9b8
Constify some X509_NAME, ASN1 printing code
...
ASN1_buf_print, asn1_print_*, X509_NAME_oneline, X509_NAME_print
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-23 11:47:22 +02:00
Kazuki Yamaguchi
9ba6f347fe
Expose alloc functions for EC{PK,}PARAMETERS
...
Declare EC{PK,}PARAMETERS_{new,free} functions in public headers. The
free functions are necessary because EC_GROUP_get_ec{pk,}parameters()
was made public by commit 60b350a3ef
("RT3676: Expose ECgroup i2d
functions").
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-22 15:10:02 +01:00
Andy Polyakov
1194ea8dc3
crypto/pkcs12: facilitate accessing data with non-interoperable password.
...
Originally PKCS#12 subroutines treated password strings as ASCII.
It worked as long as they were pure ASCII, but if there were some
none-ASCII characters result was non-interoperable. But fixing it
poses problem accessing data protected with broken password. In
order to make asscess to old data possible add retry with old-style
password.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-22 13:52:59 +02:00
Dr. Stephen Henson
0b7347effe
Add X509_getm_notBefore, X509_getm_notAfter
...
Add mutable versions of X509_get0_notBefore and X509_get0_notAfter.
Rename X509_SIG_get0_mutable to X509_SIG_getm.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-08-21 18:25:23 +01:00
Rich Salz
8b8d963db5
Add BIO_get_new_index()
...
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-08-19 21:04:41 -04:00
Dr. Stephen Henson
568ce3a583
Constify certificate and CRL time routines.
...
Update certificate and CRL time routines to match new standard.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-19 18:40:55 +01:00