wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
19591 commits 20 branches 302 tags 153 MiB
Commit graph

6 commits

Author SHA1 Message Date
Rich Salz
9e183d2271 Fix many doc L<> errors 
Add 2017 copyright year
Add missing typedef to NAME
Remove ec(7) and bn(7) doc links
Remove .pod link errors, bogus links, make a few typo corrections
Fix some typo's in links and some missing items.
Don't link to C runtime functions (See OPENSSL_malloc for example/precedent)
Document ASN1_tag2str(), add a few typedef's that were missing from NAME
Update doc-nits target; addresses
    https://github.com/openssl/openssl/pull/1900#issuecomment-259943891,
Merge check-doc-links into find-doc-nits; if run regularly, would have found
    https://github.com/openssl/openssl/pull/2825

    Reviewed-by: Richard Levitte <levitte@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/2862)
 2017-03-11 08:56:44 -05:00
Rich Salz
3adc41dd22 Rename "verify_cb" to SSL_verify_cb 
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2151)
 2017-01-09 16:09:50 -05:00
Rich Salz
121677b487 Doc nits: callback function typedefs 
Enhance find-doc-nits to be better about finding typedefs for
callback functions.  Fix all nits it now finds.  Added some new
typedef names to ssl.h some of which were documented but did not
exist

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2151)
 2017-01-09 16:09:50 -05:00
Richard Levitte
b97fdb57a2 Fix referenses in section 3 manuals 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1900)
 2016-11-11 13:06:43 +01:00
Matt Caswell
c8e2f98c97 Partial revert of "Fix client verify mode to check SSL_VERIFY_PEER" 
This partially reverts commit c636c1c47. It also tweaks the documentation
and comments in this area. On the client side the documented interface for
SSL_CTX_set_verify()/SSL_set_verify() is that setting the flag
SSL_VERIFY_PEER causes verfication of the server certificate to take place.
Previously what was implemented was that if *any* flag was set then
verification would take place. The above commit improved the semantics to
be as per the documented interface.

However, we have had a report of at least one application where an
application was incorrectly using the interface and used *only*
SSL_VERIFY_FAIL_IF_NO_PEER_CERT on the client side. In OpenSSL prior to
the above commit this still caused verification of the server certificate
to take place. After this commit the application silently failed to verify
the server certificate.

Ideally SSL_CTX_set_verify()/SSL_set_verify() could be modified to indicate
if invalid flags were being used. However these are void functions!

The simplest short term solution is to revert to the previous behaviour
which at least means we "fail closed" rather than "fail open".

Thanks to Cory Benfield for reporting this issue.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-11-07 16:02:50 +00:00
Rich Salz
99d63d4662 Move manpages to man[1357] structure. 
Move manpages to manX directories
Add Windows/VMS install fix from Richard Levitte
Update README
Fix typo's
Remove some duplicates

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-10-26 13:59:52 -04:00
Renamed from doc/ssl/SSL_CTX_set_verify.pod (Browse further)