Commit graph

921 commits

Author SHA1 Message Date
Kurt Roeckx
e547c45f1c Fix additional pod errors with numbered items. 2014-02-14 22:30:26 +00:00
Scott Schaefer
2b4ffc659e Fix various spelling errors 2014-02-14 22:29:12 +00:00
Scott Schaefer
856c6dfb09 Document pkcs12 -password behavior
apps/pkcs12.c accepts -password as an argument.  The document author
almost certainly meant to write "-password, -passin".

However, that is not correct, either.  Actually the code treats
-password as equivalent to -passin, EXCEPT when -export is also
specified, in which case -password as equivalent to -passout.
2014-02-14 22:28:37 +00:00
Dr. Stephen Henson
847865d0f9 Add suppot for ASCII with CRLF canonicalisation. 2014-02-13 14:35:56 +00:00
Dr. Stephen Henson
0f78819c8c New ctrl to set current certificate.
New ctrl sets current certificate based on certain criteria. Currently
two options: set the first valid certificate as current and set the
next valid certificate as current. Using these an application can
iterate over all certificates in an SSL_CTX or SSL structure.
2014-02-02 22:58:19 +00:00
Dr. Stephen Henson
30ea570f0f Clarify docs.
Remove reference to ERR_TXT_MALLOCED in the error library as that is
only used internally. Indicate that returned error data must not be
freed.
(cherry picked from commit f2d678e6e8)
2014-01-29 01:01:52 +00:00
Dr. Stephen Henson
46ab9bbd7f Certificate callback doc. 2014-01-26 16:29:43 +00:00
Jeff Trawick
4b64e0cbdb typo 2014-01-10 23:01:30 +00:00
Jeff Trawick
5edce5685f typo 2014-01-10 23:00:50 +00:00
Daniel Kahn Gillmor
0ecfd920e5 update remaining documentation to move from EDH to DHE
change documentation and comments to indicate that we prefer the
standard "DHE" naming scheme everywhere over the older "EDH"
2014-01-09 15:43:28 +00:00
Daniel Kahn Gillmor
0b30fc903f documentation should use "DHE" instead of "EDH" 2014-01-09 15:43:28 +00:00
Daniel Kahn Gillmor
5a21cadbeb use SSL_kDHE throughout instead of SSL_kEDH
DHE is the standard term used by the RFCs and by other TLS
implementations.  It's useful to have the internal variables use the
standard terminology.

This patch leaves a synonym SSL_kEDH in place, though, so that older
code can still be built against it, since that has been the
traditional API.  SSL_kEDH should probably be deprecated at some
point, though.
2014-01-09 15:43:28 +00:00
Dr. Stephen Henson
5b7f36e857 Add ServerInfoFile to SSL_CONF, update docs. 2014-01-03 23:14:23 +00:00
Dr. Stephen Henson
a4339ea3ba Use algorithm specific chains for certificates.
Fix a limitation in SSL_CTX_use_certificate_chain_file(): use algorithm
specific chains instead of the shared chain.

Update docs.
2014-01-03 22:39:49 +00:00
Dr. Stephen Henson
a25f9adc77 New functions to retrieve certificate from SSL_CTX
New functions to retrieve current certificate or private key
from an SSL_CTX.

Constify SSL_get_private_key().
2013-11-18 18:56:48 +00:00
Dr. Stephen Henson
0f7fa1b190 Constify.
(cherry picked from commit 1abfa78a8b)
2013-11-14 21:05:36 +00:00
Rob Stradling
7b6b246fd3 Additional "chain_cert" functions.
PR#3169

This patch, which currently applies successfully against master and
1_0_2, adds the following functions:

SSL_[CTX_]select_current_cert() - set the current certificate without
disturbing the existing structure.

SSL_[CTX_]get0_chain_certs() - get the current certificate's chain.

SSL_[CTX_]clear_chain_certs() - clear the current certificate's chain.

The patch also adds these functions to, and fixes some existing errors
in, SSL_CTX_add1_chain_cert.pod.
2013-11-13 23:48:35 +00:00
Dr. Stephen Henson
9c75461bef Document RSAPublicKey_{in,out} options. 2013-11-09 15:09:23 +00:00
Dr. Stephen Henson
da15c61608 Add CMS_SignerInfo_get0_signature function.
Add function to retrieve the signature from a CMS_SignerInfo structure:
applications can then read or modify it.
2013-11-09 15:09:23 +00:00
Lubomir Rintel
ed77017b59 POD: Fix list termination
This fixes problems in POD list formatting: extra or missing =back
sequences.

doc/ssl/SSL_CTX_set1_curves.pod around line 90: =back without =over
doc/ssl/SSL_CTX_set1_verify_cert_store.pod around line 73: =back without =over
doc/ssl/SSL_CTX_add1_chain_cert.pod around line 82: =back without =over
doc/crypto/evp.pod around line 40: '=item' outside of any '=over'
crypto/des/des.pod around line 184: You forgot a '=back' before '=head1'

PR#3147
2013-10-22 07:38:25 +01:00
Lubomir Rintel
c8919dde09 POD: Fix item numbering
Newer pod2man considers =item [1-9] part of a numbered list, while =item
0 starts an unnumbered list. Add a zero effect formatting mark to override
this.

doc/apps/smime.pod around line 315: Expected text after =item, not a
number
...

PR#3146
2013-10-22 07:38:25 +01:00
Dr. Stephen Henson
c557f921dc Add SSL_CONF command to set DH Parameters. 2013-10-22 07:38:25 +01:00
Dr. Stephen Henson
ec2f7e568e Extend SSL_CONF
Extend SSL_CONF to return command value types.

Add certificate and key options.

Update documentation.
2013-10-20 22:07:36 +01:00
Trevor Perrin
deda5ea788 Update docs to mention "BEGIN SERVERINFO FOR ". 2013-09-13 19:48:09 -07:00
Scott Deboy
36086186a9 Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions)
Removed prior audit proof logic - audit proof support was implemented using the generic TLS extension API
Tests exercising the new supplemental data registration and callback api can be found in ssltest.c.
Implemented changes to s_server and s_client to exercise supplemental data callbacks via the -auth argument, as well as additional flags to exercise supplemental data being sent only during renegotiation.
2013-09-06 13:59:13 +01:00
Ben Laurie
cda01d55ba s/recommend/recommended/ 2013-09-05 21:43:50 +01:00
Veres Lajos
478b50cf67 misspellings fixes by https://github.com/vlajos/misspell_fixer 2013-09-05 21:39:42 +01:00
Carlos Alberto Lopez Perez
b98af49d97 Add an "-xmpphost" option to s_client
* Many XMPP servers are configured with multiple domains (virtual hosts)
 * In order to establish successfully the TLS connection you have to specify
   which virtual host you are trying to connect.
 * Test this, for example with ::
   * Fail:
       openssl s_client -connect talk.google.com:5222 -starttls xmpp
   * Works:
       openssl s_client -connect talk.google.com:5222 -starttls xmpp -xmpphost gmail.com
2013-09-05 17:24:56 +01:00
Carlos Alberto Lopez Perez
50f307a98f Add "xmpp" to the list of supported starttls protocols on s_client manpage 2013-09-05 17:24:56 +01:00
Rob Stradling
dece3209f2 Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X.
OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
2013-09-05 13:09:03 +01:00
Dr. Stephen Henson
c3eb33763b Document supported curve functions. 2013-09-03 15:43:01 +01:00
Dr. Stephen Henson
902efde1cc Document -force_pubkey option. 2013-08-21 13:43:00 +01:00
Dr. Stephen Henson
36019f70e8 Correct ECDSA example. 2013-08-21 13:43:00 +01:00
Dr. Stephen Henson
eeb15452a0 Add documentation.
Preliminary documentation for chain and verify stores and certificate chain
setting functions.
2013-08-17 17:41:14 +01:00
Dr. Stephen Henson
dfcb42c68e Update cms docs. 2013-08-05 16:23:22 +01:00
Dr. Stephen Henson
4bf4a6501c Update cms docs.
Document use of -keyopt to use RSA-PSS and RSA-OAEP modes.
2013-06-21 23:43:06 +01:00
Trevor
9cd50f738f Cleanup of custom extension stuff.
serverinfo rejects non-empty extensions.

Omit extension if no relevant serverinfo data.

Improve error-handling in serverinfo callback.

Cosmetic cleanups.

s_client documentation.

s_server documentation.

SSL_CTX_serverinfo documentation.

Cleaup -1 and NULL callback handling for custom extensions, add tests.

Cleanup ssl_rsa.c serverinfo code.

Whitespace cleanup.

Improve comments in ssl.h for serverinfo.

Whitespace.

Cosmetic cleanup.

Reject non-zero-len serverinfo extensions.

Whitespace.

Make it build.
2013-06-18 16:13:08 +01:00
Matt Caswell
aafbe1ccd2 Document updates from wiki.
PR#3071

The primary changes made are:
- Updates to the "NAME" section of many pages to correctly reflect the
functions defined on those pages. This section is automatically parsed
by the util/extract-names.pl script, so if it is not correct then
running "man" will not correctly locate the right manual pages.
- Updates to take account of where functions are now deprecated
- Full documentation of the ec sub-library
- A number of other typo corrections and other minor tweaks
2013-06-12 23:42:08 +01:00
Dr. Stephen Henson
e1f1d28f34 Add function CMS_RecipientInfo_encrypt
Add CMS_RecipientInfo_encrypt: this function encrypts an existing content
encryption key to match the key in the RecipientInfo structure: this is
useful if a new recpient is added to and existing enveloped data structure.

Add documentation.
2013-02-26 16:59:56 +00:00
Dr. Stephen Henson
4365e4aad9 Update SSL_CONF docs.
Fix some typos and update version number first added: it has now been
backported to OpenSSL 1.0.2.
2013-02-26 15:29:11 +00:00
Nick Alcock
5cc2707742 Fix POD errors to stop make install_docs dying with pod2man 2.5.0+
podlators 2.5.0 has switched to dying on POD syntax errors. This means
that a bunch of long-standing erroneous POD in the openssl documentation
now leads to fatal errors from pod2man, halting installation.

Unfortunately POD constraints mean that you have to sort numeric lists
in ascending order if they start with 1: you cannot do 1, 0, 2 even if
you want 1 to appear first. I've reshuffled such (alas, I wish there
were a better way but I don't know of one).
2013-02-15 19:36:26 +01:00
Ben Laurie
e54e123549 Correct EVP_PKEY_verifyrecover to EVP_PKEY_verify_recover (RT 2955). 2013-01-12 12:25:30 +00:00
Ben Laurie
3a778a2913 Documentation improvements by Chris Palmer (Google). 2012-12-14 13:28:49 +00:00
Ben Laurie
74cc3b583d Document -pubkey. 2012-12-13 16:17:55 +00:00
Dr. Stephen Henson
65f2a56580 documentation fixes 2012-12-06 23:26:11 +00:00
Dr. Stephen Henson
13cfb04343 reorganise SSL_CONF_cmd manual page and update some links 2012-11-20 01:01:33 +00:00
Dr. Stephen Henson
095db6bdb8 correct docs 2012-11-19 20:06:44 +00:00
Dr. Stephen Henson
8dbeb110fb document -trace and -msgfile options 2012-11-19 16:37:18 +00:00
Dr. Stephen Henson
765b413794 update docs for s_server/s_client 2012-11-19 16:07:53 +00:00
Dr. Stephen Henson
821244cf67 clarify docs 2012-11-18 18:06:16 +00:00