wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
13359 commits 20 branches 302 tags 153 MiB
Commit graph

1107 commits

Author SHA1 Message Date
Dr. Stephen Henson
a25f9adc77 New functions to retrieve certificate from SSL_CTX 
New functions to retrieve current certificate or private key
from an SSL_CTX.

Constify SSL_get_private_key().
 2013-11-18 18:56:48 +00:00
Dr. Stephen Henson
0f7fa1b190 Constify. 
(cherry picked from commit 1abfa78a8b)
 2013-11-14 21:05:36 +00:00
Rob Stradling
7b6b246fd3 Additional "chain_cert" functions. 
PR#3169

This patch, which currently applies successfully against master and
1_0_2, adds the following functions:

SSL_[CTX_]select_current_cert() - set the current certificate without
disturbing the existing structure.

SSL_[CTX_]get0_chain_certs() - get the current certificate's chain.

SSL_[CTX_]clear_chain_certs() - clear the current certificate's chain.

The patch also adds these functions to, and fixes some existing errors
in, SSL_CTX_add1_chain_cert.pod.
 2013-11-13 23:48:35 +00:00
Dr. Stephen Henson
9c75461bef Document RSAPublicKey_{in,out} options. 2013-11-09 15:09:23 +00:00
Dr. Stephen Henson
da15c61608 Add CMS_SignerInfo_get0_signature function. 
Add function to retrieve the signature from a CMS_SignerInfo structure:
applications can then read or modify it.
 2013-11-09 15:09:23 +00:00
Lubomir Rintel
ed77017b59 POD: Fix list termination 
This fixes problems in POD list formatting: extra or missing =back
sequences.

doc/ssl/SSL_CTX_set1_curves.pod around line 90: =back without =over
doc/ssl/SSL_CTX_set1_verify_cert_store.pod around line 73: =back without =over
doc/ssl/SSL_CTX_add1_chain_cert.pod around line 82: =back without =over
doc/crypto/evp.pod around line 40: '=item' outside of any '=over'
crypto/des/des.pod around line 184: You forgot a '=back' before '=head1'

PR#3147
 2013-10-22 07:38:25 +01:00
Lubomir Rintel
c8919dde09 POD: Fix item numbering 
Newer pod2man considers =item [1-9] part of a numbered list, while =item
0 starts an unnumbered list. Add a zero effect formatting mark to override
this.

doc/apps/smime.pod around line 315: Expected text after =item, not a
number
...

PR#3146
 2013-10-22 07:38:25 +01:00
Dr. Stephen Henson
c557f921dc Add SSL_CONF command to set DH Parameters. 2013-10-22 07:38:25 +01:00
Dr. Stephen Henson
ec2f7e568e Extend SSL_CONF 
Extend SSL_CONF to return command value types.

Add certificate and key options.

Update documentation.
 2013-10-20 22:07:36 +01:00
Trevor Perrin
deda5ea788 Update docs to mention "BEGIN SERVERINFO FOR ". 2013-09-13 19:48:09 -07:00
Scott Deboy
36086186a9 Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions) 
Removed prior audit proof logic - audit proof support was implemented using the generic TLS extension API
Tests exercising the new supplemental data registration and callback api can be found in ssltest.c.
Implemented changes to s_server and s_client to exercise supplemental data callbacks via the -auth argument, as well as additional flags to exercise supplemental data being sent only during renegotiation.
 2013-09-06 13:59:13 +01:00
Ben Laurie
cda01d55ba s/recommend/recommended/ 2013-09-05 21:43:50 +01:00
Veres Lajos
478b50cf67 misspellings fixes by https://github.com/vlajos/misspell_fixer 2013-09-05 21:39:42 +01:00
Carlos Alberto Lopez Perez
b98af49d97 Add an "-xmpphost" option to s_client 
* Many XMPP servers are configured with multiple domains (virtual hosts)
 * In order to establish successfully the TLS connection you have to specify
   which virtual host you are trying to connect.
 * Test this, for example with ::
   * Fail:
       openssl s_client -connect talk.google.com:5222 -starttls xmpp
   * Works:
       openssl s_client -connect talk.google.com:5222 -starttls xmpp -xmpphost gmail.com
 2013-09-05 17:24:56 +01:00
Carlos Alberto Lopez Perez
50f307a98f Add "xmpp" to the list of supported starttls protocols on s_client manpage 2013-09-05 17:24:56 +01:00
Rob Stradling
dece3209f2 Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X. 
OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
 2013-09-05 13:09:03 +01:00
Dr. Stephen Henson
c3eb33763b Document supported curve functions. 2013-09-03 15:43:01 +01:00
Dr. Stephen Henson
902efde1cc Document -force_pubkey option. 2013-08-21 13:43:00 +01:00
Dr. Stephen Henson
36019f70e8 Correct ECDSA example. 2013-08-21 13:43:00 +01:00
Dr. Stephen Henson
eeb15452a0 Add documentation. 
Preliminary documentation for chain and verify stores and certificate chain
setting functions.
 2013-08-17 17:41:14 +01:00
Dr. Stephen Henson
dfcb42c68e Update cms docs. 2013-08-05 16:23:22 +01:00
Dr. Stephen Henson
4bf4a6501c Update cms docs. 
Document use of -keyopt to use RSA-PSS and RSA-OAEP modes.
 2013-06-21 23:43:06 +01:00
Trevor
9cd50f738f Cleanup of custom extension stuff. 
serverinfo rejects non-empty extensions.

Omit extension if no relevant serverinfo data.

Improve error-handling in serverinfo callback.

Cosmetic cleanups.

s_client documentation.

s_server documentation.

SSL_CTX_serverinfo documentation.

Cleaup -1 and NULL callback handling for custom extensions, add tests.

Cleanup ssl_rsa.c serverinfo code.

Whitespace cleanup.

Improve comments in ssl.h for serverinfo.

Whitespace.

Cosmetic cleanup.

Reject non-zero-len serverinfo extensions.

Whitespace.

Make it build.
 2013-06-18 16:13:08 +01:00
Matt Caswell
aafbe1ccd2 Document updates from wiki. 
PR#3071

The primary changes made are:
- Updates to the "NAME" section of many pages to correctly reflect the
functions defined on those pages. This section is automatically parsed
by the util/extract-names.pl script, so if it is not correct then
running "man" will not correctly locate the right manual pages.
- Updates to take account of where functions are now deprecated
- Full documentation of the ec sub-library
- A number of other typo corrections and other minor tweaks
 2013-06-12 23:42:08 +01:00
Dr. Stephen Henson
e1f1d28f34 Add function CMS_RecipientInfo_encrypt 
Add CMS_RecipientInfo_encrypt: this function encrypts an existing content
encryption key to match the key in the RecipientInfo structure: this is
useful if a new recpient is added to and existing enveloped data structure.

Add documentation.
 2013-02-26 16:59:56 +00:00
Dr. Stephen Henson
4365e4aad9 Update SSL_CONF docs. 
Fix some typos and update version number first added: it has now been
backported to OpenSSL 1.0.2.
 2013-02-26 15:29:11 +00:00
Nick Alcock
5cc2707742 Fix POD errors to stop make install_docs dying with pod2man 2.5.0+ 
podlators 2.5.0 has switched to dying on POD syntax errors. This means
that a bunch of long-standing erroneous POD in the openssl documentation
now leads to fatal errors from pod2man, halting installation.

Unfortunately POD constraints mean that you have to sort numeric lists
in ascending order if they start with 1: you cannot do 1, 0, 2 even if
you want 1 to appear first. I've reshuffled such (alas, I wish there
were a better way but I don't know of one).
 2013-02-15 19:36:26 +01:00
Ben Laurie
e54e123549 Correct EVP_PKEY_verifyrecover to EVP_PKEY_verify_recover (RT 2955). 2013-01-12 12:25:30 +00:00
Ben Laurie
3a778a2913 Documentation improvements by Chris Palmer (Google). 2012-12-14 13:28:49 +00:00
Ben Laurie
74cc3b583d Document -pubkey. 2012-12-13 16:17:55 +00:00
Dr. Stephen Henson
65f2a56580 documentation fixes 2012-12-06 23:26:11 +00:00
Dr. Stephen Henson
13cfb04343 reorganise SSL_CONF_cmd manual page and update some links 2012-11-20 01:01:33 +00:00
Dr. Stephen Henson
095db6bdb8 correct docs 2012-11-19 20:06:44 +00:00
Dr. Stephen Henson
8dbeb110fb document -trace and -msgfile options 2012-11-19 16:37:18 +00:00
Dr. Stephen Henson
765b413794 update docs for s_server/s_client 2012-11-19 16:07:53 +00:00
Dr. Stephen Henson
821244cf67 clarify docs 2012-11-18 18:06:16 +00:00
Dr. Stephen Henson
edb128ce00 fix manual page file name 2012-11-18 17:58:45 +00:00
Dr. Stephen Henson
642aa226db document -naccept option 2012-11-18 15:51:26 +00:00
Dr. Stephen Henson
d88926f181 PR: 2909 
Contributed by: Florian Weimer <fweimer@redhat.com>

Fixes to X509 hostname and email address checking. Wildcard matching support.
New test program and manual page.
 2012-11-18 15:13:55 +00:00
Andy Polyakov
c5cd28bd64 Extend OPENSSL_ia32cap_P with extra word to accomodate AVX2 capability. 2012-11-17 19:04:15 +00:00
Dr. Stephen Henson
aa714f3af4 initial decription of GCM/CCM usage via EVP 2012-11-17 14:38:20 +00:00
Dr. Stephen Henson
c7b7984ac9 fix typos in SSL_CONF documentation 2012-11-17 00:21:34 +00:00
Dr. Stephen Henson
3db935a9e5 add SSL_CONF functions and documentation 2012-11-16 19:12:24 +00:00
Dr. Stephen Henson
63d103ea48 typo 2012-11-16 12:49:14 +00:00
Dr. Stephen Henson
999ffeca6c update ciphers documentation to indicate implemented fixed DH ciphersuites 2012-11-16 01:15:15 +00:00
Dr. Stephen Henson
ffa4579679 initial update of ciphers doc 2012-11-16 00:42:38 +00:00
Richard Levitte
e0311481b8 Correct environment variable is OPENSSL_ALLOW_PROXY_CERTS. 2012-05-04 10:43:15 +00:00
Dr. Stephen Henson
5a34fcd76e update rather ancient EVP digest documentation 2012-04-10 22:28:01 +00:00
Andy Polyakov
677741f87a doc/apps: formatting fixes. 
PR: 2683
Submitted by: Annie Yousar
 2012-01-11 21:58:19 +00:00
Andy Polyakov
62d7dd5ffd ecdsa.pod: typo. 
PR: 2678
Submitted by: Annie Yousar
 2012-01-11 21:41:32 +00:00
Dr. Stephen Henson
618eb125f0 Document RFC5114 "generation" options. 2011-12-07 00:42:22 +00:00
Ben Laurie
ae55176091 Fix some warnings caused by __owur. Temporarily (I hope) remove the more 
aspirational __owur annotations.
 2011-11-14 00:36:10 +00:00
Dr. Stephen Henson
0c58d22ad9 PR: 1794 
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve

Document unknown_psk_identify alert, remove pre-RFC 5054 string from
ssl_stat.c
 2011-11-13 13:13:01 +00:00
Bodo Möller
9d74befd23 Clarify warning 2011-10-13 13:27:09 +00:00
Andy Polyakov
2667162d33 cryptlib.c: OPENSSL_ia32cap environment variable to interpret ~ as cpuid mask. 2011-07-23 12:10:26 +00:00
Bodo Möller
735ebc2de7 Fix typo. 
Submitted by: Jim Morrison
 2011-07-11 12:13:55 +00:00
Andy Polyakov
301799b803 x86[_64]cpuid.pl: add function accessing rdrand instruction. 2011-06-04 12:20:45 +00:00
Andy Polyakov
4bb90087d7 x86[_64]cpuid.pl: harmonize usage of reserved bits #20 and #30. 2011-05-27 15:32:43 +00:00
Andy Polyakov
b906422149 x86[_64]cpuid.pl: handle new extensions. 2011-05-16 20:35:11 +00:00
Andy Polyakov
5fabb88a78 Multiple assembler packs: add experimental memory bus instrumentation. 2011-04-17 12:46:00 +00:00
Bodo Möller
88f2a4cf9c CVE-2010-4180 fix (from OpenSSL_1_0_0-stable) 2011-02-03 10:43:00 +00:00
Dr. Stephen Henson
6f413ef406 fix doc typos 2010-12-02 13:44:53 +00:00
Dr. Stephen Henson
7e0de9e8a6 Minor documentation fixes, PR#2345 2010-10-04 13:28:46 +00:00
Dr. Stephen Henson
0d638dc1f6 Minor documentation fixes, PR#2344 2010-10-04 13:23:53 +00:00
Dr. Stephen Henson
827f3d5f39 PR: 2252 
Submitted By: Ger Hobbelt <ger@hobbelt.com>

Update docs to BIO_f_buffer()
 2010-05-03 15:30:07 +00:00
Andy Polyakov
bb92e2c89b bss_file.c: refine UTF-8 logic on Windows. 2010-04-28 20:02:28 +00:00
Dr. Stephen Henson
c0b8eb606f Add SHA2 algorithms to SSL_library_init(). Although these aren't used 
directly by SSL/TLS SHA2 certificates are becoming more common and
applications that only call SSL_library_init() and not
OpenSSL_add_all_alrgorithms() will fail when verifying certificates.

Update docs.
 2010-04-07 13:18:07 +00:00
Dr. Stephen Henson
d4a45bf31a Remove obsolete PRNG note. Add comment about use of SHA256 et al. 2010-04-06 15:03:27 +00:00
Dr. Stephen Henson
60e24554bb PR: 2209 
Submitted Daniel Mentz <danielml@sent.com>

Documentation typo.
 2010-04-06 14:45:18 +00:00
Dr. Stephen Henson
7d3d1788a5 The meaning of the X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY and 
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT error codes were reversed in
the verify application documentation.
 2010-02-23 14:09:09 +00:00
Dr. Stephen Henson
69582a592e clarify documentation 2010-02-18 12:41:33 +00:00
Dr. Stephen Henson
c2c49969e2 Allow renegotiation if SSL_OP_LEGACY_SERVER_CONNECT is set as well as 
initial connection to unpatched servers. There are no additional security
concerns in doing this as clients don't see renegotiation during an
attack anyway.
 2010-02-17 18:38:31 +00:00
Dr. Stephen Henson
f959598866 update references to new RI RFC 2010-02-12 21:59:31 +00:00
Dr. Stephen Henson
9fb6fd34f8 reword RI description 2010-01-27 18:53:33 +00:00
Dr. Stephen Henson
99b36a8c31 update documentation to reflect new renegotiation options 2010-01-27 17:46:24 +00:00
Dr. Stephen Henson
1e27847d4e PR: 2157 
Submitted by: "Green, Paul" <Paul.Green@stratus.com>

Typo.
 2010-01-27 12:54:58 +00:00
Dr. Stephen Henson
3243698f1d typo 2010-01-21 18:46:15 +00:00
Dr. Stephen Henson
0e0c6821fa PR: 2136 
Submitted by: Willy Weisz <weisz@vcpc.univie.ac.at>

Add options to output hash using older algorithm compatible with OpenSSL
versions before 1.0.0
 2010-01-12 17:29:34 +00:00
Dr. Stephen Henson
2a30fec786 Typo 2010-01-05 17:49:49 +00:00
Dr. Stephen Henson
6084c797a8 Remove tabs on blank lines: they produce warnings in pod2man 2010-01-05 17:16:54 +00:00
Dr. Stephen Henson
b5c002d5a8 clarify docs 2009-12-09 18:16:50 +00:00
Dr. Stephen Henson
4db82571ba Document option clearning functions. 
Initial secure renegotiation documentation.
 2009-12-09 17:59:29 +00:00
Dr. Stephen Henson
c2f0203da0 typo 2009-11-29 13:45:42 +00:00
Andy Polyakov
cca3ea1e71 OPENSSL_ia32cap.pod update. 2009-11-15 17:34:24 +00:00
Dr. Stephen Henson
d6245b8952 PR: 2078 
Submitted by: Dale Anderson <dra@redevised.net>
Approved by: steve@openssl.org

Corrections to bn_internal documentation.
 2009-10-28 13:52:07 +00:00
Dr. Stephen Henson
1e6b8d39f1 Document more error codes. 2009-10-18 14:01:17 +00:00
Dr. Stephen Henson
e05d6c7d3c Verification callback functions. 2009-10-18 13:26:08 +00:00
Dr. Stephen Henson
9074df8684 Clarification. 2009-10-17 23:08:32 +00:00
Dr. Stephen Henson
6c17629f91 Preliminary documentation for X509_VERIFY_PARAM. 2009-10-17 23:00:18 +00:00
Dr. Stephen Henson
db57663241 Add docs for X509_STORE_CTX_new() and related functions. 2009-10-17 18:05:53 +00:00
Dr. Stephen Henson
53246488bd More X509 verification docs. 2009-10-17 17:07:17 +00:00
Dr. Stephen Henson
1f164f5ed9 Typo. 2009-10-17 17:06:19 +00:00
Dr. Stephen Henson
b8c182a499 Manual page for X509_verify_cert() 2009-10-17 12:46:52 +00:00
Dr. Stephen Henson
11c4c02ce3 PR: 2074 
Submitted by: Bram Neijt <bneijt@gmail.com>
Approved by: steve@openssl.org

Typo: "contet".
 2009-10-16 15:30:13 +00:00
Dr. Stephen Henson
fb552ac616 Change version from 0.9.9 to 1.0.0 in docs 2009-09-30 23:43:01 +00:00
Dr. Stephen Henson
94480b57db PR: 2023 
Submitted by: James Beckett <jmb.openssl@nospam.hackery.net>, steve
Approved by: steve@openssl.org

Fix documentation errors in d2i_X509 manual pages.
 2009-09-12 23:34:41 +00:00
Dr. Stephen Henson
7689ed34d3 PR: 2025 
Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org

Constify SSL_CIPHER_description
 2009-09-12 23:17:39 +00:00
Dr. Stephen Henson
88a3dd7896 Correction: salt is now default 2009-09-04 12:27:12 +00:00
Dr. Stephen Henson
3fa39ed723 Document removal of digest+signature algorithm link. 2009-07-24 13:01:40 +00:00
Dr. Stephen Henson
55a4a77a52 Update from 0.9.8-stable 2009-07-11 22:36:59 +00:00
Dr. Stephen Henson
f3be6c7b7d Update from 1.0.0-stable. 2009-06-26 11:29:26 +00:00
Dr. Stephen Henson
e30dd20c0e Update from 1.0.0-stable 2009-06-25 11:29:30 +00:00
Dr. Stephen Henson
f0288f05b9 Submitted by: Artem Chuprina <ran@cryptocom.ru> 
Reviewed by: steve@openssl.org

Various GOST ciphersuite and ENGINE fixes. Including...

Allow EVP_PKEY_set_derive_peerkey() in encryption operations.

New flag when certificate verify should be omitted in client key exchange.
 2009-06-16 16:38:47 +00:00
Dr. Stephen Henson
ff6e530359 PR: 1938 
Submitted by: Mark Phalan <Mark.Phalan@Sun.COM>
Reviewed by: steve@openssl.org

Patch to pem and hmac manual pages NAME sections.
 2009-06-02 11:05:33 +00:00
Dr. Stephen Henson
16cd15e688 Update from 1.0.0-stable. 2009-05-17 14:48:31 +00:00
Andy Polyakov
e303f55fc7 Expand OPENSS_ia32cap to 64 bits. 2009-04-26 17:49:41 +00:00
Dr. Stephen Henson
8711efb498 Updates from 1.0.0-stable branch. 2009-04-20 11:33:12 +00:00
Dr. Stephen Henson
e5fa864f62 Updates from 1.0.0-stable. 2009-04-15 15:27:03 +00:00
Dr. Stephen Henson
cc7399e79c Changes from 1.0.0-stable. 2009-04-07 16:33:26 +00:00
Dr. Stephen Henson
14023fe352 Merge from 1.0.0-stable branch. 2009-04-03 11:45:19 +00:00
Dr. Stephen Henson
c28a9165f2 PR: 1862 
Typo.
 2009-03-12 17:13:15 +00:00
Dr. Stephen Henson
2a0ff7ad20 Typo. 2009-03-08 12:01:20 +00:00
Dr. Stephen Henson
477fd4596f PR: 1835 
Submitted by: Damien Miller <djm@mindrot.org>
Approved by: steve@openssl.org

Fix various typos.
 2009-02-14 21:49:38 +00:00
Bodo Möller
7ca1cfbac3 -hex option for openssl rand 
PR: 1831
Submitted by: Damien Miller
 2009-02-02 00:01:28 +00:00
Lutz Jänicke
706c5a4d35 Clarify (non-)blocking behavior of EGD socket interface used by RAND_egd(). 2008-11-10 11:26:44 +00:00
Dr. Stephen Henson
87d52468aa Update HMAC functions to return an error where relevant. 2008-11-02 16:00:39 +00:00
Geoff Thorpe
ab9c689ad3 Correct the FAQ and the threads man page re: CRYPTO_THREADID changes. 2008-08-06 16:41:50 +00:00
Geoff Thorpe
4c3296960d Remove the dual-callback scheme for numeric and pointer thread IDs, 
deprecate the original (numeric-only) scheme, and replace with the
CRYPTO_THREADID object. This hides the platform-specifics and should reduce
the possibility for programming errors (where failing to explicitly check
both thread ID forms could create subtle, platform-specific bugs).

Thanks to Bodo, for invaluable review and feedback.
 2008-08-06 15:54:15 +00:00
Lutz Jänicke
787287af40 Refer to SSL_pending from the man page for SSL_read 2008-08-01 15:03:20 +00:00
Dr. Stephen Henson
db50661fce X509 verification fixes. 
Ignore self issued certificates when checking path length constraints.

Duplicate OIDs in policy tree in case they are allocated.

Use anyPolicy from certificate cache and not current tree level.
 2008-07-13 14:25:36 +00:00
Geoff Thorpe
5f834ab123 Revert my earlier CRYPTO_THREADID commit, I will commit a reworked 
version some time soon.
 2008-07-03 19:59:25 +00:00
Ben Laurie
8671b89860 Memory saving patch. 2008-06-03 02:48:34 +00:00
Ben Laurie
3c1d6bbc92 LHASH revamp. make depend. 2008-05-26 11:24:29 +00:00
Lutz Jänicke
51e00db226 Document "openssl s_server" -crl_check* options 
Submitted by: Daniel Black <daniel.subs@internode.on.net>
 2008-05-19 07:52:15 +00:00
Lutz Jänicke
a92ebf2290 Provide information about "openssl dgst" -hmac option. 2008-05-19 07:43:34 +00:00
Dr. Stephen Henson
19048b5c8d New function CMS_add1_crl(). 2008-05-02 17:27:01 +00:00
Dr. Stephen Henson
c386f8ac38 Typo. 2008-05-01 23:35:36 +00:00
Dr. Stephen Henson
4a954b56c9 Use "cont" consistently in cms-examples.pl 
Add a -certsout option to output any certificates in a message.

Add test for example 4.11
 2008-05-01 23:30:06 +00:00
Dr. Stephen Henson
a12a6b9962 Correct argument order for CMS_decrypt() in docs. 2008-04-11 23:49:03 +00:00
Dr. Stephen Henson
a5db50d005 Revert argument swap change... oops CMS_uncompress() was consistent... 2008-04-11 23:23:18 +00:00
Dr. Stephen Henson
529d329ce1 Make CMS_uncompress() argument order consistent with other functions. 2008-04-11 17:34:13 +00:00
Dr. Stephen Henson
38d3a73808 Reformat, fix typos and clarify CMS API docs. 2008-04-10 23:28:25 +00:00
Dr. Stephen Henson
73b3c2d861 Correct HISTORY reference. 2008-04-10 15:59:40 +00:00
Dr. Stephen Henson
4670e00ff5 Typo. 2008-04-10 15:56:27 +00:00
Dr. Stephen Henson
287df2fe49 Add docs for CMS_final() and BIO_new_CMS(). 2008-04-10 11:55:57 +00:00
Dr. Stephen Henson
43d9e9d07f Add CMS signed receipt genration and verification docs. 2008-04-10 11:00:47 +00:00
Dr. Stephen Henson
c420fab52b Spellcheck CMS docs. 2008-04-10 10:46:11 +00:00
Dr. Stephen Henson
6469a1fda3 Signed receipt request function documentation. 2008-04-09 23:13:49 +00:00
Dr. Stephen Henson
da6ea110b5 Update docs. 2008-04-09 20:59:45 +00:00
Dr. Stephen Henson
fb777e1f79 Add CMS_uncompress manual page. 2008-04-09 20:55:55 +00:00
Dr. Stephen Henson
360bb61d86 Add CMS_compress() docs. 2008-04-09 17:04:36 +00:00
Dr. Stephen Henson
847e551f39 More CMS API documentation. 2008-04-09 16:08:16 +00:00
Dr. Stephen Henson
86173db853 Fix various typos, update SMIMECapabilities description. 2008-04-08 22:44:56 +00:00
Dr. Stephen Henson
9034c56c6c Correct d2i/i2d typos. 2008-04-08 22:35:32 +00:00
Dr. Stephen Henson
e33ffaca12 Initial CMS API documentation. 2008-04-08 22:27:10 +00:00
Dr. Stephen Henson
41f81a0143 Update docs. 2008-03-29 00:54:24 +00:00
Geoff Thorpe
f7ccba3edf There was a need to support thread ID types that couldn't be reliably cast 
to 'unsigned long' (ie. odd platforms/compilers), so a pointer-typed
version was added but it required portable code to check *both* modes to
determine equality. This commit maintains the availability of both thread
ID types, but deprecates the type-specific accessor APIs that invoke the
callbacks - instead a single type-independent API is used.  This simplifies
software that calls into this interface, and should also make it less
error-prone - as forgetting to call and compare *both* thread ID accessors
could have led to hard-to-debug/infrequent bugs (that might only affect
certain platforms or thread implementations). As the CHANGES note says,
there were corresponding deprecations and replacements in the
thread-related functions for BN_BLINDING and ERR too.
 2008-03-28 02:49:43 +00:00
Dr. Stephen Henson
7122aafce5 Preliminary documentation for CMS utility. 2008-03-21 13:09:26 +00:00
Dr. Stephen Henson
0d7f6fc76a Clarification and fix typo. 2008-02-25 18:11:47 +00:00
Bodo Möller
d9e427f09c Make sure to set indent-tabs-mode so that we get tabs, not spaces. 2008-02-21 07:24:12 +00:00
Lutz Jänicke
7c1722c60d Add missing colon in manpage 
Submitted by: Richard Hartmann <richih.mailinglist@gmail.com>
 2008-01-30 08:26:59 +00:00
Dr. Stephen Henson
3b979c5450 Clarify BITLIST format and include an example. 2008-01-23 19:10:53 +00:00
Dr. Stephen Henson
cec2538ca9 Submitted by: Victor B. Wagner <vitus@cryptocom.ru>, steve 
Use default algorithms for OCSP request and response signing. New command
line option to support other digest use for OCSP certificate IDs.
 2007-12-04 12:41:28 +00:00
Richard Levitte
28f7e60d47 Change submitted by Doug Kaufman. He writes: 
I just compiled the 9.9-dev version from the 12022007 tarball under
  DJGPP. There were only 2 changes needed, one for b_sock.c, since
  DJGPP with WATT32 doesn't define socklen_t and one for testtsa to
  handle DOS style path separators. I also noted what seems to be a
  typographical error in ts.pod. The test suite passes. The patch is
  attached.

  Since I am in the US, I have sent notifications to the Bureau of
  Industry and Security and to the NSA.
 2007-12-03 09:02:29 +00:00
Lutz Jänicke
b6a338cb29 Typos in man pages: dependant->dependent 
Submitted by: Tobias Stoeckmann <tobias@bugol.de>
 2007-11-19 09:18:03 +00:00
Bodo Möller
15bd07e923 fix typos 
Submitted by: Ernst G. Giessmann
 2007-11-19 07:24:08 +00:00
Lutz Jänicke
5f0477f47b Typos 
PR: 1578
Submitted by: Charles Longeau <chl@tuxfamily.org>
 2007-09-24 11:22:58 +00:00
Lutz Jänicke
7bbce69721 Port from 0.9.8-stable 2007-09-24 11:01:18 +00:00
Dr. Stephen Henson
a529a80108 Update from stable branch. 2007-09-17 17:54:31 +00:00
Andy Polyakov
330591fdfc Mention aes in enc.pod. 
PR: 1529
 2007-09-17 16:42:35 +00:00
Andy Polyakov
c7503f5240 Mention SHA2 in openssl.pod. 
PR: 1575
 2007-09-17 15:56:55 +00:00
Dr. Stephen Henson
f3fef74b09 Document ticket disabling option. 2007-08-23 22:49:13 +00:00
Dr. Stephen Henson
d24a9c8f5a Docs and usage messages for RFC4507bis support. 2007-08-23 11:34:48 +00:00
Dr. Stephen Henson
76b46e7707 Document streaming options. 2007-05-11 12:08:38 +00:00
Bodo Möller
96afc1cfd5 Add SEED encryption algorithm. 
PR: 1503
Submitted by: KISA
Reviewed by: Bodo Moeller
 2007-04-23 23:48:59 +00:00
Dr. Stephen Henson
0efb7b1eea PKCS7_sign_add_signer() docs. 2007-04-13 16:31:08 +00:00
Dr. Stephen Henson
f000f705ea More docs for streaming functions. 2007-04-13 15:43:15 +00:00
Dr. Stephen Henson
2749cc1ede Typo. 2007-04-13 13:23:31 +00:00
Dr. Stephen Henson
a44e4f2cf8 d2i_PKCS7_bio_stream() docs. 2007-04-13 13:22:15 +00:00
Dr. Stephen Henson
30b10f947a Oops... 2007-04-13 13:20:46 +00:00
Dr. Stephen Henson
731c6802d7 Update docs. 2007-04-13 13:13:14 +00:00
Dr. Stephen Henson
4cfb986f27 Update docs. 2007-04-13 12:57:48 +00:00
Andy Polyakov
162f677def Update x86cpuid.pl to correctly detect shared cache and to support new 
RC4_set_key.
 2007-04-01 17:28:08 +00:00
Ralf S. Engelschall
954b274789 small cosmetics: align title with the other similar manual page 2007-02-27 07:41:54 +00:00
Richard Levitte
85c6749216 Add STARTTLS support for IMAP and FTP. 
Submitted by Kees Cook <kees@outflux.net>
 2007-02-16 18:12:16 +00:00
Nils Larsch
bcb38217c4 add note about 56 bit ciphers 
PR: 1461
 2007-02-06 19:41:01 +00:00
Nils Larsch
0501f02b06 fix documentation 
PR: 1466
 2007-02-03 10:28:08 +00:00
Lutz Jänicke
8ac40b4dea Update to new home page 2007-01-12 18:47:13 +00:00
Nils Larsch
fec38ca4ed fix typos 
PR: 1354, 1355, 1398, 1408
 2006-12-21 21:13:27 +00:00
Nils Larsch
ec1edeb5fa update pkcs12 help message + manpage 
PR: 1443
Submitted by: Artem Chuprina <ran@cryptocom.ru>
 2006-12-21 20:36:15 +00:00
Nils Larsch
da736b31b2 fix documentation 
PR: 1343
 2006-12-06 09:10:59 +00:00
Dr. Stephen Henson
f1845cbee8 Typo. 2006-11-07 13:46:37 +00:00
Dr. Stephen Henson
51cc37b69d Fix link for ASN1_generate_nconf 2006-11-07 13:44:03 +00:00
Dr. Stephen Henson
ff1b10dca1 Typo. 2006-11-07 13:17:02 +00:00
Dr. Stephen Henson
ebeb17e2e0 Add v3 ref to see also sections. 2006-11-07 13:13:14 +00:00
Dr. Stephen Henson
137de5b157 Add documentetion for noCheck extension and add a few cross references to 
the extension documentation.
 2006-11-07 12:51:27 +00:00
Nils Larsch
8a4af56fc6 update md docs 2006-10-27 21:58:09 +00:00
Andy Polyakov
544d845585 OPENSSL_ia32cap.pod update. 2006-10-23 07:44:51 +00:00
Dr. Stephen Henson
83357f047d Update docs. 2006-09-13 03:28:42 +00:00
Ulf Möller
6264c9b2a9 Correct punctuation. 
PR: 1367
 2006-08-05 20:45:06 +00:00
Bodo Möller
8e4560c42f Camellia information 2006-07-19 13:36:40 +00:00
Dr. Stephen Henson
f489ab3147 Typo. 2006-07-12 13:28:44 +00:00
Dr. Stephen Henson
29cf84c692 New docs for EVP_Digest{Sign,Verify}*() function. Update existing docs. 2006-07-12 12:31:30 +00:00
Dr. Stephen Henson
e454929558 Add docs for pkeyparam. Update some existing docs. 2006-07-10 23:10:26 +00:00
Dr. Stephen Henson
0ee2166cc5 New functions to add and free up application defined signature OIDs. 2006-07-09 16:05:43 +00:00
Dr. Stephen Henson
8211a33c7f Public key comparison and printing routine functions. 2006-07-09 11:26:13 +00:00
Dr. Stephen Henson
7441052be6 EVP_PKEY_get_default_digest() manual page. 2006-07-09 11:01:49 +00:00
Dr. Stephen Henson
90ccf05f82 EVP_PKEY_CTX_ctrl() docs. 2006-07-09 10:51:03 +00:00
Dr. Stephen Henson
112161bd33 Update docs. 2006-07-09 01:59:30 +00:00
Dr. Stephen Henson
aa93b18c2c Keygen docs. 2006-07-08 21:42:49 +00:00
Dr. Stephen Henson
ba702545fc EVP_PKEY_derive() docs. 2006-07-08 12:47:52 +00:00
Dr. Stephen Henson
436369100d Add some examples. 2006-07-08 12:46:51 +00:00
Dr. Stephen Henson
6535bd42e6 EVP_PKEY_verify() docs. 2006-07-08 11:22:23 +00:00
Dr. Stephen Henson
64cee65ebc New docs. 2006-07-08 11:13:01 +00:00
Dr. Stephen Henson
ba544377fb Update docs. 2006-07-08 10:55:03 +00:00
Dr. Stephen Henson
5165148f72 Add some EVP_PKEY_METHOD docs. 2006-07-08 10:45:08 +00:00
Dr. Stephen Henson
8d970ca70b Update docs with algorithm options. 2006-07-08 10:01:33 +00:00
Dr. Stephen Henson
383b8b8ca9 Typo. 2006-07-08 00:50:25 +00:00
Dr. Stephen Henson
5ce60a20f2 Initial docs for pkeyutl. 2006-07-08 00:47:04 +00:00
Dr. Stephen Henson
49131a7d94 Docs for new utilities. 2006-07-08 00:24:47 +00:00
Dr. Stephen Henson
d884c5bad1 Add documentation for new smime options. 2006-07-07 21:44:23 +00:00
Bodo Möller
75d61b33bc documentation for "HIGH" vs. "MEDIUM" was not up-to-date 2006-06-30 22:00:13 +00:00
Bodo Möller
48fc582f66 New functions CRYPTO_set_idptr_callback(), 
CRYPTO_get_idptr_callback(), CRYPTO_thread_idptr() for a 'void *' type
thread ID, since the 'unsigned long' type of the existing thread ID
does not always work well.
 2006-06-23 15:21:36 +00:00
Bodo Möller
f3dea9a595 Camellia cipher, contributed by NTT 
Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller
 2006-06-09 15:44:59 +00:00
Ulf Möller
c264592d69 Add includes in synopsis. 
Submitted by: Mike Frysinger <vapier@gentoo.org>
 2006-05-14 11:28:00 +00:00
Nils Larsch
c2cd422ac6 note that SSL_library_init() is not reentrant 2006-03-12 00:37:55 +00:00
Nils Larsch
ddac197404 add initial support for RFC 4279 PSK SSL ciphersuites 
PR: 1191
Submitted by: Mika Kousa and Pasi Eronen of Nokia Corporation
Reviewed by: Nils Larsch
 2006-03-10 23:06:27 +00:00
Dr. Stephen Henson
2932ad5677 Typo. 2006-03-05 01:19:48 +00:00
Ulf Möller
11503177d1 TS bugfixes: Do not hardcode message digest algorithms; fix ASN1 decoding. 
Submitted by: Zoltan Glozik <zglozik@opentsa.org>
 2006-02-26 23:34:53 +00:00
Nils Larsch
90076b96df fix typos 
PR: 1280
 2006-02-15 19:42:22 +00:00
Ulf Möller
21e8bbf290 *** empty log message *** 2006-02-12 23:36:58 +00:00
Ulf Möller
c7235be6e3 RFC 3161 compliant time stamp request creation, response generation 
and response verification.

Submitted by: Zoltan Glozik <zglozik@opentsa.org>
Reviewed by: Ulf Moeller
 2006-02-12 23:11:56 +00:00
Lutz Jänicke
826b52d26f Typo 
Submitted by: Girish Venkatachalam <girish1729@gmail.com>
 2006-01-30 17:06:00 +00:00
Dr. Stephen Henson
90890074b0 Typo. 2006-01-15 13:55:31 +00:00
Nils Larsch
802d7fa6d5 support numeric strings in ASN1_generate_nconf 2006-01-14 09:21:33 +00:00
Nils Larsch
29afd31dd1 fix typo, pointed out by Patrick Guio 2005-11-02 22:19:32 +00:00
Bodo Möller
72dce7685e Add fixes for CAN-2005-2969. 
(This were in 0.9.7-stable and 0.9.8-stable, but not in HEAD so far.)
 2005-10-26 19:40:45 +00:00
Bodo Möller
13e4670c29 new option "openssl ciphers -V" 2005-10-01 04:08:48 +00:00
Nils Larsch
701d35d12f fix typos 
PR: 1201
 2005-09-15 19:00:55 +00:00
Nils Larsch
4ebb342fcd Let the TLSv1_method() etc. functions return a const SSL_METHOD 
pointer and make the SSL_METHOD parameter in SSL_CTX_new,
SSL_CTX_set_ssl_version and SSL_set_ssl_method const.
 2005-08-14 21:48:33 +00:00
Nils Larsch
0260405c68 fix BN_mod_word and give a more reasonable return value if an error occurred 2005-07-25 22:57:54 +00:00
Nils Larsch
57eb1d3250 add missing entries for "-multivalue-rdn" and "-utf8" in ca.pod and req.pod 
PR: 1158
Submitted by: Michael Bell <michael.bell@cms.hu-berlin.de>
 2005-07-15 09:49:03 +00:00
Nils Larsch
0d2848b3ba the second argument of d2i_X509, d2i_X509_CRL and d2i_X509_REQ is const 
PR: 1156
Submitted by: Michael Bell <michael.bell@cms.hu-berlin.de>
 2005-07-13 22:01:33 +00:00
Richard Levitte
60021d9165 Someone did some cutting and pasting and didn't quite finish the job :-). 
Notified by Steffen Pankratz <kratz00@gmx.de>
 2005-06-24 05:13:08 +00:00
Richard Levitte
ec14c80c7c The NAME section of a man page is required to have a dash followed by a 
short description, at least according to pod2man.

PR: 1127
 2005-06-23 21:45:37 +00:00
Dr. Stephen Henson
bbada33271 Typo. 2005-06-22 18:54:54 +00:00
Richard Levitte
eef468e330 Add better documentation on how id_function() should be defined and what 
issues there are.

PR: 1096
 2005-06-18 05:52:16 +00:00
Richard Levitte
a7c924c041 0.9.8-beta5 works on VMS/Alpha 2005-06-13 04:17:12 +00:00
Richard Levitte
19ac190252 The macro THREADS was changed to OPENSSL_THREADS a long time ago. 
PR: 1096
 2005-06-04 08:44:02 +00:00
Dr. Stephen Henson
1aaeaf8a3d Use correct name for config file env variable. 2005-06-02 23:19:56 +00:00
Richard Levitte
b325518f45 Typo correction 2005-05-24 03:27:15 +00:00
Nils Larsch
b67d988915 update ecdsa doc 2005-05-19 20:54:30 +00:00
Richard Levitte
831721ef49 A few more fingerprints... 2005-05-05 06:38:55 +00:00
Nils Larsch
9b62318311 fix typo 
PR: 1054
 2005-05-03 18:34:01 +00:00
Nils Larsch
d753c3f582 add reference to BN_BLINDING_new.pod 2005-04-29 15:07:34 +00:00
Nils Larsch
9ca46ff609 add docu for BN_BLINDING functions 2005-04-26 22:33:36 +00:00
Nils Larsch
0b3fc6e63b update 2005-04-24 09:17:48 +00:00
Nils Larsch
ff22e913a3 - use BN_set_negative and BN_is_negative instead of BN_set_sign 
and BN_get_sign
- implement BN_set_negative as a function
- always use "#define BN_is_zero(a) ((a)->top == 0)"
 2005-04-22 20:02:44 +00:00
Nils Larsch
00df894701 the pointer to the message digest is const 2005-04-21 09:43:09 +00:00
Nils Larsch
0e304b7f41 EVP_CIPHER_CTX_init is a void function + fix typo 
PR: 1044 + 1045
 2005-04-15 16:01:35 +00:00