Commit graph

997 commits

Author SHA1 Message Date
Andy Polyakov
c7503f5240 Mention SHA2 in openssl.pod.
PR: 1575
2007-09-17 15:56:55 +00:00
Dr. Stephen Henson
f3fef74b09 Document ticket disabling option. 2007-08-23 22:49:13 +00:00
Dr. Stephen Henson
d24a9c8f5a Docs and usage messages for RFC4507bis support. 2007-08-23 11:34:48 +00:00
Dr. Stephen Henson
76b46e7707 Document streaming options. 2007-05-11 12:08:38 +00:00
Bodo Möller
96afc1cfd5 Add SEED encryption algorithm.
PR: 1503
Submitted by: KISA
Reviewed by: Bodo Moeller
2007-04-23 23:48:59 +00:00
Dr. Stephen Henson
0efb7b1eea PKCS7_sign_add_signer() docs. 2007-04-13 16:31:08 +00:00
Dr. Stephen Henson
f000f705ea More docs for streaming functions. 2007-04-13 15:43:15 +00:00
Dr. Stephen Henson
2749cc1ede Typo. 2007-04-13 13:23:31 +00:00
Dr. Stephen Henson
a44e4f2cf8 d2i_PKCS7_bio_stream() docs. 2007-04-13 13:22:15 +00:00
Dr. Stephen Henson
30b10f947a Oops... 2007-04-13 13:20:46 +00:00
Dr. Stephen Henson
731c6802d7 Update docs. 2007-04-13 13:13:14 +00:00
Dr. Stephen Henson
4cfb986f27 Update docs. 2007-04-13 12:57:48 +00:00
Andy Polyakov
162f677def Update x86cpuid.pl to correctly detect shared cache and to support new
RC4_set_key.
2007-04-01 17:28:08 +00:00
Ralf S. Engelschall
954b274789 small cosmetics: align title with the other similar manual page 2007-02-27 07:41:54 +00:00
Richard Levitte
85c6749216 Add STARTTLS support for IMAP and FTP.
Submitted by Kees Cook <kees@outflux.net>
2007-02-16 18:12:16 +00:00
Nils Larsch
bcb38217c4 add note about 56 bit ciphers
PR: 1461
2007-02-06 19:41:01 +00:00
Nils Larsch
0501f02b06 fix documentation
PR: 1466
2007-02-03 10:28:08 +00:00
Lutz Jänicke
8ac40b4dea Update to new home page 2007-01-12 18:47:13 +00:00
Nils Larsch
fec38ca4ed fix typos
PR: 1354, 1355, 1398, 1408
2006-12-21 21:13:27 +00:00
Nils Larsch
ec1edeb5fa update pkcs12 help message + manpage
PR: 1443
Submitted by: Artem Chuprina <ran@cryptocom.ru>
2006-12-21 20:36:15 +00:00
Nils Larsch
da736b31b2 fix documentation
PR: 1343
2006-12-06 09:10:59 +00:00
Dr. Stephen Henson
f1845cbee8 Typo. 2006-11-07 13:46:37 +00:00
Dr. Stephen Henson
51cc37b69d Fix link for ASN1_generate_nconf 2006-11-07 13:44:03 +00:00
Dr. Stephen Henson
ff1b10dca1 Typo. 2006-11-07 13:17:02 +00:00
Dr. Stephen Henson
ebeb17e2e0 Add v3 ref to see also sections. 2006-11-07 13:13:14 +00:00
Dr. Stephen Henson
137de5b157 Add documentetion for noCheck extension and add a few cross references to
the extension documentation.
2006-11-07 12:51:27 +00:00
Nils Larsch
8a4af56fc6 update md docs 2006-10-27 21:58:09 +00:00
Andy Polyakov
544d845585 OPENSSL_ia32cap.pod update. 2006-10-23 07:44:51 +00:00
Dr. Stephen Henson
83357f047d Update docs. 2006-09-13 03:28:42 +00:00
Ulf Möller
6264c9b2a9 Correct punctuation.
PR: 1367
2006-08-05 20:45:06 +00:00
Bodo Möller
8e4560c42f Camellia information 2006-07-19 13:36:40 +00:00
Dr. Stephen Henson
f489ab3147 Typo. 2006-07-12 13:28:44 +00:00
Dr. Stephen Henson
29cf84c692 New docs for EVP_Digest{Sign,Verify}*() function. Update existing docs. 2006-07-12 12:31:30 +00:00
Dr. Stephen Henson
e454929558 Add docs for pkeyparam. Update some existing docs. 2006-07-10 23:10:26 +00:00
Dr. Stephen Henson
0ee2166cc5 New functions to add and free up application defined signature OIDs. 2006-07-09 16:05:43 +00:00
Dr. Stephen Henson
8211a33c7f Public key comparison and printing routine functions. 2006-07-09 11:26:13 +00:00
Dr. Stephen Henson
7441052be6 EVP_PKEY_get_default_digest() manual page. 2006-07-09 11:01:49 +00:00
Dr. Stephen Henson
90ccf05f82 EVP_PKEY_CTX_ctrl() docs. 2006-07-09 10:51:03 +00:00
Dr. Stephen Henson
112161bd33 Update docs. 2006-07-09 01:59:30 +00:00
Dr. Stephen Henson
aa93b18c2c Keygen docs. 2006-07-08 21:42:49 +00:00
Dr. Stephen Henson
ba702545fc EVP_PKEY_derive() docs. 2006-07-08 12:47:52 +00:00
Dr. Stephen Henson
436369100d Add some examples. 2006-07-08 12:46:51 +00:00
Dr. Stephen Henson
6535bd42e6 EVP_PKEY_verify() docs. 2006-07-08 11:22:23 +00:00
Dr. Stephen Henson
64cee65ebc New docs. 2006-07-08 11:13:01 +00:00
Dr. Stephen Henson
ba544377fb Update docs. 2006-07-08 10:55:03 +00:00
Dr. Stephen Henson
5165148f72 Add some EVP_PKEY_METHOD docs. 2006-07-08 10:45:08 +00:00
Dr. Stephen Henson
8d970ca70b Update docs with algorithm options. 2006-07-08 10:01:33 +00:00
Dr. Stephen Henson
383b8b8ca9 Typo. 2006-07-08 00:50:25 +00:00
Dr. Stephen Henson
5ce60a20f2 Initial docs for pkeyutl. 2006-07-08 00:47:04 +00:00
Dr. Stephen Henson
49131a7d94 Docs for new utilities. 2006-07-08 00:24:47 +00:00
Dr. Stephen Henson
d884c5bad1 Add documentation for new smime options. 2006-07-07 21:44:23 +00:00
Bodo Möller
75d61b33bc documentation for "HIGH" vs. "MEDIUM" was not up-to-date 2006-06-30 22:00:13 +00:00
Bodo Möller
48fc582f66 New functions CRYPTO_set_idptr_callback(),
CRYPTO_get_idptr_callback(), CRYPTO_thread_idptr() for a 'void *' type
thread ID, since the 'unsigned long' type of the existing thread ID
does not always work well.
2006-06-23 15:21:36 +00:00
Bodo Möller
f3dea9a595 Camellia cipher, contributed by NTT
Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller
2006-06-09 15:44:59 +00:00
Ulf Möller
c264592d69 Add includes in synopsis.
Submitted by: Mike Frysinger <vapier@gentoo.org>
2006-05-14 11:28:00 +00:00
Nils Larsch
c2cd422ac6 note that SSL_library_init() is not reentrant 2006-03-12 00:37:55 +00:00
Nils Larsch
ddac197404 add initial support for RFC 4279 PSK SSL ciphersuites
PR: 1191
Submitted by: Mika Kousa and Pasi Eronen of Nokia Corporation
Reviewed by: Nils Larsch
2006-03-10 23:06:27 +00:00
Dr. Stephen Henson
2932ad5677 Typo. 2006-03-05 01:19:48 +00:00
Ulf Möller
11503177d1 TS bugfixes: Do not hardcode message digest algorithms; fix ASN1 decoding.
Submitted by: Zoltan Glozik <zglozik@opentsa.org>
2006-02-26 23:34:53 +00:00
Nils Larsch
90076b96df fix typos
PR: 1280
2006-02-15 19:42:22 +00:00
Ulf Möller
21e8bbf290 *** empty log message *** 2006-02-12 23:36:58 +00:00
Ulf Möller
c7235be6e3 RFC 3161 compliant time stamp request creation, response generation
and response verification.

Submitted by: Zoltan Glozik <zglozik@opentsa.org>
Reviewed by: Ulf Moeller
2006-02-12 23:11:56 +00:00
Lutz Jänicke
826b52d26f Typo
Submitted by: Girish Venkatachalam <girish1729@gmail.com>
2006-01-30 17:06:00 +00:00
Dr. Stephen Henson
90890074b0 Typo. 2006-01-15 13:55:31 +00:00
Nils Larsch
802d7fa6d5 support numeric strings in ASN1_generate_nconf 2006-01-14 09:21:33 +00:00
Nils Larsch
29afd31dd1 fix typo, pointed out by Patrick Guio 2005-11-02 22:19:32 +00:00
Bodo Möller
72dce7685e Add fixes for CAN-2005-2969.
(This were in 0.9.7-stable and 0.9.8-stable, but not in HEAD so far.)
2005-10-26 19:40:45 +00:00
Bodo Möller
13e4670c29 new option "openssl ciphers -V" 2005-10-01 04:08:48 +00:00
Nils Larsch
701d35d12f fix typos
PR: 1201
2005-09-15 19:00:55 +00:00
Nils Larsch
4ebb342fcd Let the TLSv1_method() etc. functions return a const SSL_METHOD
pointer and make the SSL_METHOD parameter in SSL_CTX_new,
SSL_CTX_set_ssl_version and SSL_set_ssl_method const.
2005-08-14 21:48:33 +00:00
Nils Larsch
0260405c68 fix BN_mod_word and give a more reasonable return value if an error occurred 2005-07-25 22:57:54 +00:00
Nils Larsch
57eb1d3250 add missing entries for "-multivalue-rdn" and "-utf8" in ca.pod and req.pod
PR: 1158
Submitted by: Michael Bell <michael.bell@cms.hu-berlin.de>
2005-07-15 09:49:03 +00:00
Nils Larsch
0d2848b3ba the second argument of d2i_X509, d2i_X509_CRL and d2i_X509_REQ is const
PR: 1156
Submitted by: Michael Bell <michael.bell@cms.hu-berlin.de>
2005-07-13 22:01:33 +00:00
Richard Levitte
60021d9165 Someone did some cutting and pasting and didn't quite finish the job :-).
Notified by Steffen Pankratz <kratz00@gmx.de>
2005-06-24 05:13:08 +00:00
Richard Levitte
ec14c80c7c The NAME section of a man page is required to have a dash followed by a
short description, at least according to pod2man.

PR: 1127
2005-06-23 21:45:37 +00:00
Dr. Stephen Henson
bbada33271 Typo. 2005-06-22 18:54:54 +00:00
Richard Levitte
eef468e330 Add better documentation on how id_function() should be defined and what
issues there are.

PR: 1096
2005-06-18 05:52:16 +00:00
Richard Levitte
a7c924c041 0.9.8-beta5 works on VMS/Alpha 2005-06-13 04:17:12 +00:00
Richard Levitte
19ac190252 The macro THREADS was changed to OPENSSL_THREADS a long time ago.
PR: 1096
2005-06-04 08:44:02 +00:00
Dr. Stephen Henson
1aaeaf8a3d Use correct name for config file env variable. 2005-06-02 23:19:56 +00:00
Richard Levitte
b325518f45 Typo correction 2005-05-24 03:27:15 +00:00
Nils Larsch
b67d988915 update ecdsa doc 2005-05-19 20:54:30 +00:00
Richard Levitte
831721ef49 A few more fingerprints... 2005-05-05 06:38:55 +00:00
Nils Larsch
9b62318311 fix typo
PR: 1054
2005-05-03 18:34:01 +00:00
Nils Larsch
d753c3f582 add reference to BN_BLINDING_new.pod 2005-04-29 15:07:34 +00:00
Nils Larsch
9ca46ff609 add docu for BN_BLINDING functions 2005-04-26 22:33:36 +00:00
Nils Larsch
0b3fc6e63b update 2005-04-24 09:17:48 +00:00
Nils Larsch
ff22e913a3 - use BN_set_negative and BN_is_negative instead of BN_set_sign
and BN_get_sign
- implement BN_set_negative as a function
- always use "#define BN_is_zero(a) ((a)->top == 0)"
2005-04-22 20:02:44 +00:00
Nils Larsch
00df894701 the pointer to the message digest is const 2005-04-21 09:43:09 +00:00
Nils Larsch
0e304b7f41 EVP_CIPHER_CTX_init is a void function + fix typo
PR: 1044 + 1045
2005-04-15 16:01:35 +00:00
Richard Levitte
d9bfe4f97c Added restrictions on the use of proxy certificates, as they may pose
a security threat on unexpecting applications.  Document and test.
2005-04-09 16:07:12 +00:00
Nils Larsch
e248596bac improve docu of SSL_CTX_use_PrivateKey() 2005-04-08 22:49:57 +00:00
Nils Larsch
119d1a1dd4 fix example in docu
PR: 800
2005-04-05 11:17:03 +00:00
Bodo Möller
c393222280 HISTORY section: point out change of default digest 2005-04-03 23:53:48 +00:00
Nils Larsch
12bdb64375 use SHA-1 as the default digest for the apps/openssl commands 2005-04-02 09:29:15 +00:00
Richard Levitte
5d1430f390 Add a file with fingerprints that have recently been used to sign
OpenSSL distributions, or are about to.  This has been requested a
little now and then by users, for years :-/...
2005-03-31 11:51:47 +00:00
Nils Larsch
c3e6402857 update docs (recent constification) 2005-03-30 11:50:14 +00:00
Nils Larsch
4a6a2032ed the second argument of EVP_SealInit is const 2005-03-29 17:50:08 +00:00
Dr. Stephen Henson
e27a259696 Doc fixes. 2005-03-22 17:55:33 +00:00
Richard Levitte
d18685d959 Added HOWTO about proxy certificates. 2005-03-14 15:39:25 +00:00
Lutz Jänicke
5286db697f Fix typo on blowfish manual page
PR: 1010
Submitted by: Marc Balmer <mbalmer@openbsd.org>
2005-02-19 10:26:18 +00:00
Geoff Thorpe
627bd6709c Fix typos in the ecparam doc.
Submitted by: Nils Larsch
2004-12-17 05:42:00 +00:00
Dr. Stephen Henson
5b40d7dd97 Add -passin argument to dgst command. 2004-12-03 12:26:56 +00:00
Dr. Stephen Henson
59c7029862 Typo. 2004-11-26 01:04:55 +00:00
Dr. Stephen Henson
1582a4073e Add errstr manual page 2004-11-25 18:21:26 +00:00
Dr. Stephen Henson
401ee37a3e Allow alternative manual sections to be embedded in .pod file comments. 2004-11-25 17:47:31 +00:00
Dr. Stephen Henson
cb26a20cb1 Update docs 2004-11-25 14:14:25 +00:00
Dr. Stephen Henson
82c4674e47 Update docs. 2004-11-25 14:11:25 +00:00
Andy Polyakov
376729e130 RC4 tune-up for Intel P4 core, both 32- and 64-bit ones. As it's
apparently impossible to compose blended code with would perform
satisfactory on all x86 and x86_64 cores, an extra RC4_CHAR
code-path is introduced and P4 core is detected at run-time. This
way we keep original performance on non-P4 implementations and
turbo-charge P4 performance by factor of 2.8x (on 32-bit core).
2004-11-21 10:36:25 +00:00
Dr. Stephen Henson
5dd87981bf Update X509v3 doc. 2004-11-17 00:55:43 +00:00
Dr. Stephen Henson
37dccd8ff2 Update X509v3 docs. 2004-11-16 17:45:13 +00:00
Dr. Stephen Henson
826a42a088 PR: 910
Add command line options -certform, -keyform and -pass to s_client and
s_server. This supports the use of alternative passphrase sources, key formats
and keys handled by an ENGINE.

Update docs.
2004-11-16 17:30:59 +00:00
Dr. Stephen Henson
19f39703f7 Initial pod documentation of X509V3 config file format. 2004-11-16 14:09:12 +00:00
Dr. Stephen Henson
4451c2558e PR: 923
Typo.
2004-11-14 15:11:37 +00:00
Dr. Stephen Henson
4a64f3d665 PR: 938
Typo.
2004-11-14 13:55:16 +00:00
Dr. Stephen Henson
521aaafc6a PR: 969
Submitted by: David Holmes <davidh@3blackdogs.com>
2004-11-13 13:38:34 +00:00
Andy Polyakov
2b247cf81f OPENSSL_ia32cap final touches. Note that OPENSSL_ia32cap is no longer a
symbol, but a macro expanded as (*(OPENSSL_ia32cap_loc())). The latter
is the only one to be exported to application.
2004-08-29 16:36:05 +00:00
Richard Levitte
e544b0dc2a 'compatibility', not 'computability' :-)... 2004-08-18 15:48:33 +00:00
Andy Polyakov
14e21f863a Add framework for yet another assembler module dubbed "cpuid." Idea
is to have a placeholder to small routines, which can be written only
in assembler. In IA-32 case this includes processor capability
identification and access to Time-Stamp Counter. As discussed earlier
OPENSSL_ia32cap is introduced to control recently added SSE2 code
pathes (see docs/crypto/OPENSSL_ia32cap.pod). For the moment the
code is operational on ELF platforms only. I haven't checked it yet,
but I have all reasons to believe that Windows build should fail to
link too. I'll be looking into it shortly...
2004-07-26 20:18:55 +00:00
Richard Levitte
70696f4525 Explain a little better what BN_num_bits() and BN_num_bits_word() do.
Add a note as to how these functions do not always return the key size, and
how one can deal with that.

PR: 907
2004-07-01 12:33:39 +00:00
Geoff Thorpe
6a6592962c Attempt to bring the 'engine' documentation up to date w.r.t missing
prototypes, etc. Also, some fairly significant edits were made to the text
(who wrote this crap anyway? oh wait ...), removing stuff which is
overkill, rewriting stuff that was opaque, correcting things that were just
downright false, etc.
2004-06-17 23:40:14 +00:00
Lutz Jänicke
9f6ea7163b More precise explanation of session id context requirements. 2004-06-14 13:27:28 +00:00
Andy Polyakov
6577e16920 Documentation note for Win32 glue between BIO layer and compiler run-time. 2004-05-25 20:32:17 +00:00
Andy Polyakov
109d3123c3 While size_t-fying let's not forget to update documentation:-) 2004-05-20 21:39:50 +00:00
Dr. Stephen Henson
6446e0c3c8 Extend OID config module format. 2004-03-27 13:30:14 +00:00
Richard Levitte
f46e76ef50 Make it clear that for RSA_NO_PADDING, flen must be RSA_size(rsa) 2004-03-23 21:01:34 +00:00
Richard Levitte
9449e38504 Correct minor spelling error.
PR: 845
2004-03-21 23:03:52 +00:00
Ulf Möller
2457c19df1 typo 2004-03-06 08:43:36 +00:00
Dr. Stephen Henson
f82bb9cb9c Config docs. 2004-03-02 13:31:32 +00:00
Dr. Stephen Henson
5a8922aed5 Documentation of the KISS autoconfig functions. 2004-03-02 01:01:11 +00:00
Dr. Stephen Henson
f2c1812560 More autoconfig docs. 2004-03-01 19:15:24 +00:00
Dr. Stephen Henson
a30af36c77 Initial docs for the OpenSSL library configuration via openssl.cnf 2004-03-01 01:04:40 +00:00
Geoff Thorpe
5075521e75 Add ECDSA documentation.
Submitted by: Nils Larsch
2004-02-27 23:03:23 +00:00
Richard Levitte
ee3a47a994 AES is spelled AES, not ASE. Oops... 2004-02-27 02:24:49 +00:00
Richard Levitte
8bb0c8522a Document the AES options for 'openssl smime'.
PR: 834
2004-02-26 21:44:41 +00:00
Lutz Jänicke
fc56b52924 Updates to s_time manual page
PR: #570
Submitted by: Martin Witzel <MWITZEL@de.ibm.com>
2004-01-08 07:38:15 +00:00
Lutz Jänicke
a32fc687de Add s_time manual page
Submitted by: "Martin Witzel" <MWITZEL@de.ibm.com>

PR: #570
2004-01-04 18:59:14 +00:00
Richard Levitte
112341031b Correct documentation typos.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 15:04:54 +00:00
Dr. Stephen Henson
e88c577738 Typos. 2003-12-20 22:48:21 +00:00
Richard Levitte
4775944f81 Document that you need to include x509.h (to get [i2d|d2i]_RSA_PUBKEY()).
Correct the typo PUKEY...
2003-12-10 14:31:55 +00:00
Richard Levitte
2abd5b7aa0 Document that you need to include x509.h (to get [i2d|d2i]_DSA_PUBKEY()).
Correct the typo PUKEY...
2003-12-10 13:57:51 +00:00
Richard Levitte
6859bb1a22 Make sure the documentation matches reality.
PR: 755
Notified by: Jakub Bogusz <qboosh@pld-linux.org>
2003-11-29 10:33:25 +00:00
Richard Levitte
5ebdb39084 Let's use text/plain in the example instead of crapy HTML.
PR: 777
Submitted by: Michael Shields <mshields@sunblocksystems.com>
2003-11-28 14:32:31 +00:00
Ulf Möller
d18b993c43 Geoff suggested a more succinct description for "top". 2003-11-07 01:33:00 +00:00
Ulf Möller
e6e81c5894 oops... the description of ->top was inaccurate (the example is correct though) 2003-11-07 00:07:28 +00:00
Richard Levitte
9ad82c123a Use correct case for manual page references 2003-10-01 15:02:45 +00:00
Richard Levitte
d90e74c50c Correct buggy PODs (missing commas and a prepended space). 2003-09-30 17:22:19 +00:00
Bodo Möller
2c789c82be manpages for 'openssl ec' and 'openssl ecparam'
Submitted by: Nils Larsch
2003-07-21 13:40:02 +00:00
Richard Levitte
d143dce03c A document that has a very rough description of the X509
functionality.  This is mostly so there's a way to get from the
crypto.html page to the function descriptions.
2003-07-10 08:49:03 +00:00
Richard Levitte
94805c84d1 Add -issuer_hash and make -subject_hash the default way to get the
subject hash, with -hash a synonym kept around for backward
compatibility reasons.
PR: 650
2003-07-03 20:45:09 +00:00
Richard Levitte
6f2f534b58 The convenience argumetn for -nameopt and -certopt is ca_default, not
default_ca.
PR: 653
2003-07-03 07:46:52 +00:00
Lutz Jänicke
9d19fbc4fc Clarify wording of verify_callback() behaviour. 2003-06-26 14:03:03 +00:00
Richard Levitte
8fbb2af392 Add documentation for the new crlnumber configuration option. 2003-06-19 17:52:57 +00:00
Richard Levitte
c5aba56c5b Typo. 2003-06-19 17:50:37 +00:00
Richard Levitte
36bad5cdfd Add documentation for ERR_set_mark() and ERR_pop_to_mark(). 2003-06-11 20:51:49 +00:00
Richard Levitte
40e5b9abeb Typo 2003-06-09 07:56:18 +00:00
Lutz Jänicke
db01746978 Clarify return value of SSL_connect() and SSL_accept() in case of the
WANT_READ and WANT_WRITE conditions.
2003-06-03 09:59:44 +00:00
Lutz Jänicke
02b95b7499 Clarify ordering of certificates when using certificate chains 2003-05-30 07:45:07 +00:00
Lutz Jänicke
4f17dfcd75 Add minimum POP3 STLS hack to s_client.c (as was provided for STARTTLS before)
Submitted by: dg@sunet.ru (Daniel Ginsburg)

PR: #613
2003-05-28 20:24:57 +00:00
Richard Levitte
edd55d08f5 Brackets are now allowed, after a small hack in the processing of the
docs-on-web.
2003-05-23 09:08:59 +00:00
Dr. Stephen Henson
93c929e411 The square brackets in BIO_s_bio.pod for some
reason cause wml to bomb out with the error
message:

** Slice:Error: Some slices were not closed:
** WML:Break: Error in Pass 9 (rc=1).
** WMK:Error: Error in WML (rc=256)

As a workaround delete them for now.
2003-05-19 21:28:49 +00:00
Dr. Stephen Henson
c2dac35a02 Fix docs. 2003-05-18 23:10:46 +00:00
Richard Levitte
d6df2b281f Add documentation on the added functionality in 'openssl ca'. 2003-04-04 14:39:44 +00:00
Richard Levitte
16b1b03543 Implement self-signing in 'openssl ca'. This makes it easier to have
the CA certificate part of the CA database, and combined with
'unique_subject=no', it should make operations like CA certificate
roll-over easier.
2003-04-03 22:33:59 +00:00
Richard Levitte
8152d88799 It's recommended to use req rather than x509 to create self-signed certificates 2003-04-03 22:12:48 +00:00
Richard Levitte
4ce4884a5b Typo correction 2003-04-03 21:55:55 +00:00
Dr. Stephen Henson
4390d66179 Update from stable branch. 2003-03-31 22:29:25 +00:00
Lutz Jänicke
423b1a840c Add warning about unwanted side effect when calling SSL_CTX_free():
sessions in the external session cache might be removed.
Submitted by: "Nadav Har'El" <nyh@math.technion.ac.il>

PR: 547
2003-03-27 22:04:05 +00:00
Dr. Stephen Henson
e5b0508a14 Update ocsp usage message and docs. 2003-03-26 00:46:47 +00:00
Richard Levitte
e986704d24 Add documentation for -starttls (s_client) and -id_prefix (s_server).
PR: 542
2003-03-20 16:34:27 +00:00
Richard Levitte
d177e6180d Spelling errors.
PR: 538
2003-03-20 11:41:59 +00:00
Dr. Stephen Henson
6ac26a5ce5 Typo. 2003-02-27 13:02:46 +00:00
Dr. Stephen Henson
4cadedef57 Update docs. 2003-02-15 01:09:55 +00:00
Dr. Stephen Henson
a8f5b2ed50 GeneralString support in mini-ASN1 compiler 2003-02-11 14:06:27 +00:00
Richard Levitte
27a9bf17c7 PKCS#1 has a new RFC, which we do implement 2003-02-06 19:30:06 +00:00
Richard Levitte
bfa3555081 Document -engine where missing.
PR: 424
2003-01-30 22:02:27 +00:00
Dr. Stephen Henson
da45180de4 Correct EVP_SealInit() documentation, iv is an output
parameter.
2003-01-26 13:38:56 +00:00
Richard Levitte
cdc5b4a41e Extend the HOWTO on creating certificates, and add a HOWTO in creating keys.
PR: 422
2003-01-14 15:42:16 +00:00
Richard Levitte
c653b56937 Correct an example that has a few typos.
PR: 458
2003-01-14 13:56:38 +00:00
Bodo Möller
bda2fa364d Typo.
NB: This and other manual pages should be updated for the new
BN_GENCB interface.
2003-01-13 13:18:22 +00:00
Richard Levitte
e68cb95d84 Add documentation on how to handle the shared libaries.
PR: 423
2003-01-10 16:14:32 +00:00
Richard Levitte
360e506710 Typos corrected.
PR: 445
2003-01-10 08:54:01 +00:00
Lutz Jänicke
44fcd3ef3e Add information about AES cipher suites to ciphers manual page.
If no authentication method is mentioned in the cipher suite name (e.g.
AES128-SHA), RSA authentication is used (PR #396).
2002-12-29 21:24:50 +00:00
Richard Levitte
b5beb13abb Add SPKM among the related stanrds. 2002-12-26 22:35:04 +00:00
Richard Levitte
59c0dd56ab Update our list of implemented and related standards. 2002-12-26 00:21:53 +00:00
Richard Levitte
dcf19c173c Update our list of implemented and related standards. 2002-12-26 00:17:46 +00:00
Richard Levitte
18be6c4116 BIO_new_bio_pair() was unnecessarily described in it's own page as well as in
BIO_s_bio.pod.  The most logical is to move everything needed from
BIO_new_bio_pair.pod to BIO_s_bio.pod (including the nice example)
and toss BIO_new_bio_pair.pod.  I hope I got all the info over properly.
PR: 370
2002-12-12 22:12:02 +00:00
Richard Levitte
dad1535f7a BIO_set_nbio() is enumerated, but not explained. Remove it from enumeration
since it's both enumerated and explained in BIO_s_connect.pod.
PR: 370
2002-12-12 22:08:49 +00:00
Lutz Jänicke
532215f2db Missing ")"
Submitted by: Christian Hohnstaedt <chohnstaedt@innominate.com>
Reviewed by:
PR:
2002-12-04 13:30:58 +00:00
Richard Levitte
5e4a75e79f Correct some names. 2002-11-29 14:21:54 +00:00
Lutz Jänicke
32d21c1ef6 Better workaround to the "=head1 NAME OPTIONS" pod2latex problem:
NAME OPTIONS are a subset of OPTIONS, so just make it =head2!
Submitted by:
Reviewed by:
PR: 333
2002-11-18 08:15:45 +00:00
Dr. Stephen Henson
d78254aa28 Add SETWRAP modifier to ASN1 generate. 2002-11-15 00:26:07 +00:00
Lutz Jänicke
56dc24d483 Use =back to finish =over (found using pod2latex).
Submitted by:
Reviewed by:
PR:
2002-11-14 21:50:30 +00:00
Lutz Jänicke
84d828ab70 No such reference to link to (found running pod2latex).
Submitted by:
Reviewed by:
PR:
2002-11-14 21:41:54 +00:00
Dr. Stephen Henson
cfae3d94e9 Fix documentation of i2d_X509_fp and i2d_X509_bio. 2002-11-14 18:15:52 +00:00
Lutz Jänicke
1f30946481 Don't declare 2 WARNINGS sections
Submitted by:
Reviewed by:
PR:
2002-11-14 11:13:01 +00:00
Lutz Jänicke
b1697f189b Opportunistic change to work around pod2latex bug: rename NAME OPTIONS
section to SUBJECT AND ISSUER NAME OPTIONS
Submitted by:
Reviewed by:
PR: 333
2002-11-14 11:09:07 +00:00
Lutz Jänicke
17a202add7 Correct reference to section name.
Submitted by:
Reviewed by:
PR:
2002-11-14 11:03:30 +00:00
Lutz Jänicke
eaad02a747 Missing =back
Submitted by:
Reviewed by:
PR:
2002-11-14 10:51:54 +00:00
Dr. Stephen Henson
2d780dfd81 Typo 2002-11-13 14:07:37 +00:00
Dr. Stephen Henson
04f0a6ba39 Update docs 2002-11-13 13:18:14 +00:00
Dr. Stephen Henson
d479dc1d02 Put NAME in right place, fix typo 2002-11-13 01:20:43 +00:00
Dr. Stephen Henson
137e7e3aa1 Update docs 2002-11-13 00:14:15 +00:00
Dr. Stephen Henson
ba36b61d3d Initial ASN1 generation documentation. 2002-11-12 18:20:28 +00:00
Lutz Jänicke
7d80b27949 Typo.
Submitted by: assar <assar@kth.se>
Reviewed by:
PR:
2002-11-11 11:19:15 +00:00
Dr. Stephen Henson
a8c125550c Typo 2002-11-09 18:05:33 +00:00
Richard Levitte
d6257073aa -CAcreateserial doesn't take a filename argument.
PR: 332
2002-11-08 21:51:09 +00:00
Dr. Stephen Henson
d618f703ec CRL reason code docs. 2002-11-06 01:28:55 +00:00
Geoff Thorpe
769fedc3ad Add a HISTORY section to the man page to mention the new flags. 2002-10-29 18:05:16 +00:00
Geoff Thorpe
d9ec9d990f The last character of inconsistency in my recent commits is hereby
squashed.
2002-10-29 17:51:32 +00:00
Richard Levitte
6aba658cd8 Revert, that was an incorrect change.
PR: 156
2002-10-29 04:34:43 +00:00
Richard Levitte
accb0c6edb A small detail: since 0.9.7, DH_new_method() and DSA_new_method()
don't take an ENGINE* as parameter any more.
PR: 156
2002-10-29 04:31:46 +00:00
Geoff Thorpe
e0db2eed8d Correct and enhance the behaviour of "internal" session caching as it
relates to SSL_CTX flags and the use of "external" session caching. The
existing flag, "SSL_SESS_CACHE_NO_INTERNAL_LOOKUP" remains but is
supplemented with a complimentary flag, "SSL_SESS_CACHE_NO_INTERNAL_STORE".
The bitwise OR of the two flags is also defined as
"SSL_SESS_CACHE_NO_INTERNAL" and is the flag that should be used by most
applications wanting to implement session caching *entirely* by its own
provided callbacks. As the documented behaviour contradicted actual
behaviour up until recently, and since that point behaviour has itself been
inconsistent anyway, this change should not introduce any compatibility
problems. I've adjusted the relevant documentation to elaborate about how
this works.

Kudos to "Nadav Har'El" <nyh@math.technion.ac.il> for diagnosing these
anomalies and testing this patch for correctness.

PR: 311
2002-10-29 00:33:04 +00:00
Bodo Möller
e1c191fe44 I don't like c-tab-always-indent ... 2002-10-23 13:09:19 +00:00
Dr. Stephen Henson
0711be1696 New docs. 2002-10-20 13:20:57 +00:00
Geoff Thorpe
7521ab3d0b Make pod2man happier. 2002-10-18 22:04:26 +00:00
Lutz Jänicke
284b216b3a Corrected exchanged parameters in example for EVP_EncryptInit_ex()
Submitted by: "Marcus Carey" <marcus.carey@verizon.net>
Reviewed by:
PR: 265
2002-10-18 09:47:14 +00:00
Bodo Möller
05dbe6ee1f change Emacs indentation style to make it easier to insert
tabs manually

Submitted by: Pierre Bacquet <pbacquet@delta.fr>
2002-10-17 09:16:02 +00:00
Dr. Stephen Henson
29e48c18b7 More docs. 2002-10-09 17:19:59 +00:00
Dr. Stephen Henson
982dfb7d10 Typo. 2002-10-09 17:15:35 +00:00
Dr. Stephen Henson
8c4b69d3ab Update docs. 2002-10-09 17:05:05 +00:00
Dr. Stephen Henson
ec8ad2bb96 PKCS12_parse manual page. 2002-10-09 13:10:23 +00:00
Dr. Stephen Henson
5fbb02fcb1 PKCS12_create manual page 2002-10-09 12:06:58 +00:00
Dr. Stephen Henson
4e1b50e219 More man pages. 2002-10-09 12:06:12 +00:00
Dr. Stephen Henson
7e9db7cefc PKCS7_verify() docs. 2002-10-08 00:40:58 +00:00
Dr. Stephen Henson
d30e4c5b0b More docs. 2002-10-07 17:31:00 +00:00
Dr. Stephen Henson
9de6bb8abc More d2i/i2d manual pages. 2002-10-07 13:07:00 +00:00
Dr. Stephen Henson
72e04bd13f Document "0" and "1" naming convention. 2002-10-06 12:59:25 +00:00
Dr. Stephen Henson
4ec0448122 Update docs. 2002-10-06 12:40:31 +00:00
Dr. Stephen Henson
842d8e209b Update docs. 2002-10-06 12:34:06 +00:00
Dr. Stephen Henson
292fcd5c7b Update DH parameter docs. 2002-10-06 12:24:09 +00:00
Dr. Stephen Henson
1e976bdc46 Update RSAPublicKey manual page... 2002-10-06 00:03:20 +00:00
Dr. Stephen Henson
9946fceb9d Some docs relating to X509 ASN1 functions.
Many other ASN1 functions are identical other
than the actual structure being handled.
2002-10-05 23:30:10 +00:00
Richard Levitte
70e96dcf59 Document should match reality :-).
PR: 255
2002-10-04 12:59:00 +00:00
Richard Levitte
6859cf7459 It makes more sense to refer to specific function manuals than the concept
manual when the specific function is refered to in the current manual text.
This correction was originally introduced in OpenBSD's tracking of OpenSSL.
2002-09-25 13:33:28 +00:00
Richard Levitte
2018681b33 Remove *all* references to RSA_PKCS1_RSAref, since it doesn't exist any more.
This correction was originally introduced in OpenBSD's tracking of OpenSSL.
2002-09-25 13:26:36 +00:00
Richard Levitte
e204516178 Remove reference to RSA_PKCS1_RSAref, since it doesn't exist any more.
This correction was originally introduced in OpenBSD's tracking of OpenSSL.
2002-09-25 13:25:44 +00:00
Richard Levitte
153aecf91a It makes more sense to refer to specific function manuals than the concept
manual when the specific function is refered to in the current manual text.
This correction was originally introduced in OpenBSD's tracking of OpenSSL.
2002-09-25 13:11:12 +00:00
Lutz Jänicke
3403caf3da Consequently use term URI instead of URL
Submitted by: TJ Saunders <tj@castaglia.org>
Reviewed by:
PR: 268
2002-09-05 07:52:05 +00:00
Bodo Möller
1fd0338b49 fix manpage 2002-08-15 14:23:23 +00:00
Richard Levitte
37f5fcf85c Missing =back.
Part of PR 196
2002-08-15 10:59:55 +00:00
Geoff Thorpe
5bf738737d These are updates/fixes to DH/DSA/RAND docs based on the fixes to the RSA
docs. There were a couple of other places (including RSA) where the docs
were not quite synchronised with the API that are now fixed. One or two
still remain to be fixed though ...
2002-08-05 16:27:01 +00:00
Geoff Thorpe
415e03aa6f typo fix 2002-08-05 02:54:57 +00:00
Geoff Thorpe
ac120e20e3 Various parts of the RSA documentation were inaccurate and out of date and
this fixes those that I'm currently aware of. In particular, the ENGINE
interference in the RSA API has hopefully been clarified. This still needs
to be done for other areas of the API ...
2002-08-04 21:08:36 +00:00
Geoff Thorpe
3f90e45079 A single monolithic man page for the ENGINE stuff. This is a rough
first-cut but provides better documentation than having nothing on the
ENGINE API.
2002-08-04 20:57:19 +00:00
Bodo Möller
02750ff56f mention SSL_do_handshake() 2002-07-29 12:35:19 +00:00
Bodo Möller
8be4e173e8 fix a typo and clarify 2002-07-22 09:04:36 +00:00
Lutz Jänicke
c6ccf055ba New cipher selection options COMPLEMENTOFALL and COMPLEMENTOFDEFAULT.
Submitted by:
Reviewed by:
PR: 127
2002-07-19 19:55:34 +00:00
Lutz Jänicke
20adcfa058 The behaviour is undefined when calling SSL_write() with num=0.
Submitted by:
Reviewed by:
PR: 141
2002-07-19 11:53:54 +00:00
Lutz Jänicke
02b7ec88bb Manual page for SSL_do_handshake().
Submitted by: Martin Sjögren <martin@strakt.com>
PR: 137
2002-07-19 11:05:50 +00:00
Geoff Thorpe
0af9a89cef This documentation change was being written at the same time as Richard's
changes. So I'm committing this version to overwrite his changes for now,
and he can always take his turn to overwrite my words if he wants :-)

PR: 86
2002-07-18 20:59:22 +00:00
Richard Levitte
db802c60e3 Explain why RSA_check_key() doesn't work with hard keys.
PR: 86
2002-07-18 19:10:57 +00:00
Richard Levitte
503f3b1a21 Add history for documented new functions.
PR: 59
2002-07-18 18:54:46 +00:00
Lutz Jänicke
2edcb4ac71 Typos in links between manual pages
Submitted by: Richard.Koenning@fujitsu-siemens.com
Reviewed by:
PR: 129
2002-07-10 19:35:54 +00:00
Bodo Möller
cd7562091d fix synopsis
Submitted by: Nils Larsch
2002-07-09 10:51:25 +00:00
Bodo Möller
c21506ba02 New option SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS for disabling CBC
vulnerability workaround (included in SSL_OP_ALL).

PR: #90
2002-06-14 12:21:11 +00:00
Lutz Jänicke
8586df1efb Correct wrong usage information.
PR: 95
2002-06-12 20:15:18 +00:00
Richard Levitte
b49053cae2 Documentation bug corrected.
PR: 70
2002-06-05 09:31:05 +00:00
Lutz Jänicke
a5200a1b8f Typo.
PR: 72
2002-06-04 20:43:10 +00:00
Richard Levitte
305a1afcf7 a B< that wasn't properly ended. 2002-05-30 16:55:15 +00:00
Lutz Jänicke
9a26adf598 Remove item listed twice <kromJx@crosswinds.net>. 2002-05-28 17:48:54 +00:00
Lutz Jänicke
72da660ddb Fix incorrect =over 4 location.
Submitted by: David Waitzman <djw@bbn.com>
Reviewed by: Lutz Jaenicke
PR: [openssl.org #38]
2002-05-16 17:45:37 +00:00
Richard Levitte
21d5ed98d5 Small documentation fix for EVP_CipherFinal or EVP_CipherFinal_ex.
Notified by Stella Power <snpower@maths.tcd.ie>.
PR: 24
2002-05-08 15:20:38 +00:00
Lutz Jänicke
c0455cbb18 Fix escaping when using the -subj option of "openssl req", document
'hidden' -nameopt support. (Robert Joop <joop@fokus.gmd.de>)
2002-04-30 12:08:18 +00:00
Ulf Möller
592c0e0273 another error discovered by Karsten Braaten. The number was not even
prime!
2002-04-13 09:58:50 +00:00
Ulf Möller
4e9ef338fc error reported by Karsten Braaten 2002-04-07 13:33:16 +00:00
Bodo Möller
2c17323e15 Rephrase statement on the security of two-key 3DES.
[Chosen plaintext attack: R. Merkle, M. Hellman: "On the Security of
  Multiple Encryption", CACM 24 (1981) pp. 465-467, p. 776.

  Known plaintext angriff: P.C. van Oorschot, M. Wiener: "A
  known-plaintext attack on two-key triple encryption", EUROCRYPT '90.]
2002-03-05 15:29:30 +00:00
Bodo Möller
023ec151df Add 'void *' argument to app_verify_callback.
Submitted by: D. K. Smetters <smetters@parc.xerox.com>
Reviewed by: Bodo Moeller
2002-02-28 10:52:56 +00:00
Lutz Jänicke
ce4b274aa1 SSL_clear != SSL_free/SSL_new 2002-02-27 08:08:57 +00:00
Lutz Jänicke
f0d6ee6be8 Even though it is not really practical people should know about it. 2002-02-15 07:41:42 +00:00
Bodo Möller
a14e2d9dfe New functions
ERR_peek_last_error
    ERR_peek_last_error_line
    ERR_peek_last_error_line_data
(supersedes ERR_peek_top_error).

Rename OPENSSL_NO_OLD_DES_SUPPORT into OPENSSL_DISABLE_OLD_DES_SUPPORT
because OPENSSL_NO_... indicates disabled algorithms (according to
mkdef.pl).
2002-01-24 16:16:43 +00:00
Lutz Jänicke
6ce46d69f5 Typos (jsyn <jsyn@openbsd.org>). 2002-01-21 18:01:46 +00:00
Bodo Möller
31cafe53c9 add a sentence previously deleted by accident 2002-01-04 15:22:40 +00:00
Bodo Möller
dc4ddcd2bb add documentation for SSLeay_version(SSLEAY_DIR) and
'openssl version -d'

use some descriptions from Lutz' redundant manual page
instead of the previous ones
2002-01-04 15:17:09 +00:00
Lutz Jänicke
5256b021f3 Tsss, SSLeay_version() was already documented, it just was not linked in. 2002-01-04 15:05:51 +00:00
Lutz Jänicke
4ab1e7ceaf Add information as provided by Richard Levitte on openssl-users :-) 2002-01-04 14:55:38 +00:00
Dr. Stephen Henson
06623ff028 Update PEM docs 2002-01-04 13:35:37 +00:00
Ben Laurie
ff3fa48fc7 Improve back compatibility. 2001-12-09 21:53:31 +00:00
Richard Levitte
8f0edcb3d2 I was recently informed that some people wrongly use ssleay.txt as
main documentation, so let's warn them a little more, so the word
"OBSOLETE" really gets understood.
2001-12-04 07:38:17 +00:00
Dr. Stephen Henson
55e42c93a8 EVP_BytesToKey documentation. 2001-12-03 03:07:37 +00:00
Dr. Stephen Henson
21a85f1977 Add -pubkey option to req command. 2001-12-01 23:03:30 +00:00
Bodo Möller
8a0a9392ab discuss -name and default_ca more correctly (I hope) 2001-11-26 12:13:50 +00:00
Lutz Jänicke
a7ce69dbd7 Clarify reference count handling/removal of session
(shinagawa@star.zko.dec.com).
2001-11-19 11:11:23 +00:00
Bodo Möller
65123f8064 remove incorrect 'callback' prototype 2001-11-10 02:12:56 +00:00
Bodo Möller
1d8634b110 msg_callback documentation 2001-11-10 02:12:09 +00:00
Bodo Möller
45582d1e2b clarify 2001-11-08 14:54:21 +00:00
Dr. Stephen Henson
1fc6d41bf6 New options to allow req to accept UTF8 strings as input. 2001-10-26 12:40:38 +00:00
Ulf Möller
a41477f92e remove compatibility notes that no longer apply 2001-10-25 17:45:25 +00:00
Richard Levitte
5f68c5feef Correct some links... 2001-10-25 16:56:06 +00:00
Richard Levitte
ee84a5a7fb Change the DES documentation to reflect the current status. Note that
some password reading functions are really part of the UI
compatibility library...
2001-10-25 16:55:17 +00:00
Bodo Möller
2a9aca32dc mention des_old.h 2001-10-25 08:44:10 +00:00
Bodo Möller
89da653fa6 Add '-noemailDN' option to 'openssl ca'. This prevents inclusion of
the e-mail address in the DN (i.e., it will go into a certificate
extension only).  The new configuration file option 'email_in_dn = no'
has the same effect.

Submitted by: Massimiliano Pala madwolf@openca.org
2001-10-25 08:25:19 +00:00
Richard Levitte
ce15d5a9dc Remove DES_random_seed() but retain des_random_seed() for now. Change
the docs to reflect this change and correct libeay.num.
2001-10-25 06:46:22 +00:00
Richard Levitte
c2e4f17c1a Due to an increasing number of clashes between modern OpenSSL and
libdes (which is still used out there) or other des implementations,
the OpenSSL DES functions are renamed to begin with DES_ instead of
des_.  Compatibility routines are provided and declared by including
openssl/des_old.h.  Those declarations are the same as were in des.h
when the OpenSSL project started, which is exactly how libdes looked
at that time, and hopefully still looks today.

The compatibility functions will be removed in some future release, at
the latest in version 1.0.
2001-10-24 21:21:12 +00:00
Bodo Möller
a661b65357 New functions SSL[_CTX]_set_msg_callback().
New macros SSL[_CTX]_set_msg_callback_arg().

Message callback imlementation for SSL 3.0/TLS 1.0 (no SSL 2.0 yet).

New '-msg' option for 'openssl s_client' and 'openssl s_server'
that enable a message callback that displays all protocol messages.


In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if
client_version is smaller than the protocol version in use.
Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0
if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the
client will at least see that alert.

Fix SSL[_CTX]_ctrl prototype (void * instead of char * for generic
pointer).

Add/update some OpenSSL copyright notices.
2001-10-20 17:56:36 +00:00
Bodo Möller
51008ffce1 document SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 2001-10-17 11:56:26 +00:00
Dr. Stephen Henson
3811eed8d5 Update docs. 2001-10-17 01:50:32 +00:00
Dr. Stephen Henson
e72d734d5f Update docs. 2001-10-16 02:22:59 +00:00
Lutz Jänicke
56fa8e69cf Update information as a partial response to the post
From: "Chris D. Peterson" <cpeterson@aventail.com>
  Subject: Implementation Issues with OpenSSL
  To: openssl-users@openssl.org
  Date: Wed, 22 Aug 2001 16:13:17 -0700
The patch included in the original post may improve the internal session
list handling (and is therefore worth a seperate investigation).
No change to the list handling will however solve the problems of incorrect
SSL_SESSION_free() calls. The session list is only one possible point of
failure, dangling pointers would also occur for SSL object currently
using the session. The correct solution is to only use SSL_SESSION_free()
when applicable!
2001-10-12 12:29:16 +00:00
Lutz Jänicke
e1c279b63d Small documentation fixes (Howard Lum <howard@pumpkin.canada.sun.com>) 2001-10-08 08:37:24 +00:00