wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
13386 commits 20 branches 302 tags 153 MiB
Commit graph

295 commits

Author SHA1 Message Date
Alok Menghrajani
4c583c3659 Fixes some typos in doc/apps/ 
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-05-03 08:51:43 -04:00
Rich Salz
8332f91cc0 fix various typo's 
https://github.com/openssl/openssl/pull/176 (CHANGES)
 https://rt.openssl.org/Ticket/Display.html?id=3545 (objects.txt)
 https://rt.openssl.org/Ticket/Display.html?id=3796 (verify.pod)

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-05-03 08:50:34 -04:00
Rich Salz
46aa607867 apps-cleanup: the doc fixes 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-04-25 16:07:28 -04:00
Rich Salz
be739b0cc0 Drop CA.sh for CA.pl 
Remove CA.sh script and use CA.pl for testing, etc.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-04-08 14:07:39 -04:00
Dr. Stephen Henson
7b68c30da0 Configuration file examples. 
Reviewed-by: Matt Caswell <matt@openssl.org>
 2015-03-24 12:22:52 +00:00
Dr. Stephen Henson
3d764db7a2 additional configuration documentation 
Reviewed-by: Andy Polyakov <appro@openssl.org>
 2015-03-12 13:31:43 +00:00
Matt Caswell
7a4dadc3a6 Removed support for SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG. Also removed 
the "-hack" option from s_server that set this option.

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-02-26 23:22:46 +00:00
Matt Caswell
fa7b01115b Add documentation for the -no_alt_chains option for various apps, as well as 
the X509_V_FLAG_NO_ALT_CHAINS flag.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
 2015-02-25 09:15:10 +00:00
Dr. Stephen Henson
384dee5124 Document -no_explicit 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2015-02-24 15:27:33 +00:00
Dr. Stephen Henson
146ca72cca Add additional EC documentation. 
Reviewed-by: Matt Caswell <matt@openssl.org>
 2015-02-21 00:45:06 +00:00
Rich Salz
646e8c1d6b Dead code removal: Fortezza identifiers 
Not interested in helping the NSA in the slightest.
And anyway, it was never implemented, #if'd out.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-01-27 21:00:03 -05:00
Thorsten Glaser
5075e52e6f Document openssl dgst -hmac option 
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2014-12-30 16:46:46 +01:00
Kurt Roeckx
45f55f6a5b Remove SSLv2 support 
The only support for SSLv2 left is receiving a SSLv2 compatible client hello.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2014-12-04 11:55:03 +01:00
André Guerreiro
de87dd46c1 Add documentation on -timeout option in the ocsp utility 
PR#3612

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
 2014-11-27 14:07:50 +00:00
Kurt Roeckx
bfc973f46c Fix spelling of EECDH 
Reviewed-by: Matt Caswell <matt@openssl.org>
 2014-11-10 10:57:26 +01:00
Bodo Moeller
fb0e87fb67 Add TLS_FALLBACK_SCSV documentation, and move s_client -fallback_scsv 
handling out of #ifndef OPENSSL_NO_DTLS1 section.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2014-10-15 10:43:50 +02:00
Rich Salz
e8185aea87 RT3291: Add -crl and -revoke options to CA.pl 
Document the new features

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-09-18 21:45:41 -04:00
Matthias Andree
a787c2590e RT2272: Add old-style hash to c_rehash 
In addition to Matthias's change, I also added -n to
not remove links. And updated the manpage.

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-09-08 11:34:44 -04:00
Adam Williamson
3aba132d61 RT3511: doc fix; req default serial is random 
RT842, closed back in 2004, changed the default serial number
to be a random number rather than zero.  Finally time to update
the doc

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-08-31 23:40:56 -04:00
TANABE Hiroyasu
80ec8d4e3e RT1325,2973: Add more extensions to c_rehash 
Add .crt/.cer/.crl to the filenames parsed.

I also updated the podpage (since it didn't exist when
this ticket was first created, nor when it was re-created
seven years later).

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-08-31 00:36:09 -04:00
Rich Salz
d1bea969e8 RT2119,3407: Updated to dgst.pod 
Re-order algorithm list.
Be consistent in command synopsis.
Add content about signing.
Add EXAMPLE section
Add some missing options: -r, -fips-fingerprint -non-fips-allow
Various other fixes.

Reviewed-by: Andy Polyakov <appro@openssl.org>
 2014-08-30 10:03:22 -04:00
James Westby
cf2239b3b3 RT1941: c_rehash.pod is missing 
Add the file written by James Westby, graciously contributed
under the terms of the OpenSSL license.

Reviewed-by: Andy Polyakov <appro@openssl.org>
 2014-08-30 09:50:48 -04:00
Rich Salz
8d4193305b RT3102: Document -verify_error_return flag 
Also moved some options around so all the "verify" options.
are clumped together.

Reviewed-by: Matt Caswell <matt@openssl.org>
 2014-08-28 17:11:25 -04:00
Hubert Kario
750487899a Add support for Camellia HMAC-Based cipher suites from RFC6367 
While RFC6367 focuses on Camellia-GCM cipher suites, it also adds a few
cipher suites that use SHA-2 based HMAC that can be very easily
added.

Tested against gnutls 3.3.5

PR#3443

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-08-15 23:41:20 +01:00
Nick Lewis
9aaa7be8d4 PR 2580: dgst missing current SHA algorithms 
Update the dgst.pod page to include SHA224...512 algorithms.
Update apps/progs.pl to add them to the digest command table.

Reviewed-by: Tim Hudson <tjh@cryptosoft.com>
 2014-08-12 11:29:20 -04:00
Nick Urbanik
42ce91cc35 RT2609: Typo in EXAMPLE section of req.pod 
The x509_extensions should be req_extensions in the
config example in req.pod

Reviewed-by: tjh@cryptsoft.com
 2014-08-12 11:16:58 -04:00
Dr. Stephen Henson
ca2015a617 Clarify -Verify and PSK. 
PR#3452
 2014-07-15 20:22:39 +01:00
Hubert Kario
7efd0e777e document -nextprotoneg option in man pages 
Add description of the option to advertise support of
Next Protocol Negotiation extension (-nextprotoneg) to
man pages of s_client and s_server.

PR#3444
 2014-07-14 23:42:59 +01:00
Dr. Stephen Henson
cba3f1c739 Document certificate status request options. 2014-07-06 22:40:01 +01:00
Dr. Stephen Henson
a9661e45ac typo 
(cherry picked from commit 2cfbec1cae)
 2014-07-04 13:50:55 +01:00
Dr. Stephen Henson
b948ee27b0 Remove all RFC5878 code. 
Remove RFC5878 code. It is no longer needed for CT and has numerous bugs
 2014-07-04 13:26:35 +01:00
Rich Salz
fc1d88f02f Close a whole bunch of documentation-related tickets: 
298 424 656 882 939 1630 1807 2263 2294 2311 2424 2623
    2637 2686 2697 2921 2922 2940 3055 3112 3156 3177 3277
 2014-07-02 22:42:40 -04:00
Rich Salz
7b1d946051 Fix RT 2567; typo in pkeyutl page. 2014-07-01 12:49:20 -04:00
Rich Salz
42b91f28a6 Fix RT 2430; typo's in ca.pod 2014-07-01 12:47:52 -04:00
Matt Caswell
115e480924 Fix minor typos 2014-06-19 23:45:21 +01:00
Hubert Kario
e42d84be33 add references to verify(1) man page for args_verify() options 
cms, ocsp, s_client, s_server and smime tools also use args_verify()
for parsing options, that makes them most of the same options
verify tool does. Add those options to man pages and reference
their explanation in the verify man page.
 2014-06-19 23:09:21 +01:00
Hubert Kario
2866441a90 sort the options in verify man page alphabetically 
just making sure the options are listed in the alphabetical order
both in SYNOPSIS and DESCRIPTION, no text changes
 2014-06-19 23:09:21 +01:00
Hubert Kario
cd028c8e66 add description of missing options to verify man page 
The options related to policy used for verification, verification
of subject names in certificate and certificate chain handling
were missing in the verify(1) man page. This fixes this issue.
 2014-06-19 23:09:21 +01:00
Hubert Kario
ce21d108bd smime man page: add missing options in SYNOPSIS 
-CAfile and -CApath is documented in OPTIONS but is missing
in SYNOPSIS, add them there
 2014-06-19 23:09:21 +01:00
Hubert Kario
6d3d579367 Document -trusted_first option in man pages and help. 
Add -trusted_first description to help messages and man pages
of tools that deal with certificate verification.
 2014-06-19 23:09:21 +01:00
rfkrocktk
96fc4b7250 Added documentation for -iter for PKCS#8 2014-06-17 23:10:14 +01:00
Hubert Kario
343e5cf194 add ECC strings to ciphers(1), point out difference between DH and ECDH 
* Make a clear distinction between DH and ECDH key exchange.
 * Group all key exchange cipher suite identifiers, first DH then ECDH
 * add descriptions for all supported *DH* identifiers
 * add ECDSA authentication descriptions
 * add example showing how to disable all suites that offer no
   authentication or encryption
 2014-06-10 20:53:07 +01:00
Hubert Kario
9ed03faac4 add description of -attime to man page 
the verify app man page didn't describe the usage of attime option
even though it was listed as a valid option in the -help message.

This patch fixes this omission.
 2014-05-30 23:26:35 +01:00
Hubert Kario
08bef7be1e add description of -no_ecdhe option to s_server man page 
While the -help message references this option, the man page
doesn't mention the -no_ecdhe option.
This patch fixes this omission.
 2014-05-30 22:59:43 +01:00
Matt Caswell
3d9243f1b6 Changed -strictpem to use PEM_read_bio 2014-05-26 23:31:37 +01:00
Matt Caswell
6b5c1d940b Added -strictpem parameter to enable processing of PEM files with data prior to the BEGIN marker 2014-05-26 17:24:11 +01:00
Martin Kaiser
189ae368d9 Add an NSS output format to sess_id to export to export the session id and the master key in NSS keylog format. PR#3352 2014-05-24 00:02:24 +01:00
Matt Caswell
085ccc542a Fixed minor copy&paste error, and stray space causing rendering problem 2014-05-22 00:07:35 +01:00
Dr. Stephen Henson
6f719f063c Change default cipher in smime app to des3. 
PR#3357
 2014-05-21 11:28:57 +01:00
Matt Caswell
d4b47504de Moved note about lack of support for AEAD modes out of BUGS section to SUPPORTED CIPHERS section (bug has been fixed, but still no support for AEAD) 2014-05-15 21:13:38 +01:00