wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
10981 commits 20 branches 302 tags 153 MiB
Commit graph

932 commits

Author SHA1 Message Date
Hubert Kario
87887a7a65 backport changes to ciphers(1) man page 
Backport of the patch:
add ECC strings to ciphers(1), point out difference between DH and ECDH
and few other changes applicable to the 1.0.1 code base.

 * Make a clear distinction between DH and ECDH key exchange.
 * Group all key exchange cipher suite identifiers, first DH then ECDH
 * add descriptions for all supported *DH* identifiers
 * add ECDSA authentication descriptions
 * add example showing how to disable all suites that offer no
   authentication or encryption
 * backport listing of elliptic curve cipher suites.
 * backport listing of TLS 1.2 cipher suites, add note that DH_RSA
   and DH_DSS is not implemented in this version
 * backport of description of PSK and listing of PSK cipher suites
 * backport description of AES128, AES256 and AESGCM options
 * backport description of CAMELLIA128, CAMELLIA256 options
 2014-06-10 20:56:39 +01:00
Matt Caswell
151399a944 Fixed minor duplication in docs 2014-06-07 12:32:00 +01:00
Dr. Stephen Henson
aaed77c55e Option to disable padding extension. 
Add TLS padding extension to SSL_OP_ALL so it is used with other
"bugs" options and can be turned off.

This replaces SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG which is an ancient
option referring to SSLv2 and SSLREF.

PR#3336
 2014-06-01 16:50:37 +01:00
Hubert Kario
427a37ca3f add description of -attime to man page 
the verify app man page didn't describe the usage of attime option
even though it was listed as a valid option in the -help message.

This patch fixes this omission.
 2014-05-30 23:33:10 +01:00
Hubert Kario
39ae3b338f add description of -no_ecdhe option to s_server man page 
While the -help message references this option, the man page
doesn't mention the -no_ecdhe option.
This patch fixes this omission.
 2014-05-30 23:32:54 +01:00
Matt Caswell
67b9c82ea2 Fixed error in args for SSL_set_msg_callback and SSL_set_msg_callback_arg 2014-05-25 23:48:15 +01:00
Matt Caswell
0a084f7b3a Fixed minor copy&paste error, and stray space causing rendering problem 2014-05-22 00:12:14 +01:00
Dr. Stephen Henson
599fe418a1 Change default cipher in smime app to des3. 
PR#3357
(cherry picked from commit ca3ffd9670f2b589bf8cc04923f953e06d6fbc58)
 2014-05-21 11:14:33 +01:00
Matt Caswell
d6934a02b5 Moved note about lack of support for AEAD modes out of BUGS section to SUPPORTED CIPHERS section (bug has been fixed, but still no support for AEAD) 2014-05-15 21:17:19 +01:00
Jeffrey Walton
1f5e321ec1 Fix grammar error in verify pod. PR#3355 2014-05-14 22:59:48 +01:00
Jeffrey Walton
b6adb6ef58 Add information to BUGS section of enc documentation. PR#3354 2014-05-14 22:59:48 +01:00
Michal Bozon
bfdaf45141 Corrected POD syntax errors. PR#3353 2014-05-14 22:59:48 +01:00
Jean-Paul Calderone
778f2b648c Correct the return type on the signature for X509_STORE_CTX_get_ex_data given in the pod file. 2014-05-12 22:48:34 +01:00
Jeff Trawick
7fa18a63cb typo in SSL_get_peer_cert_chain docs 
RT: 3304
 2014-05-02 00:27:37 +01:00
Lubomir Rintel
23f5908ac7 POD: Fix item numbering 
Newer pod2man considers =item [1-9] part of a numbered list, while =item
0 starts an unnumbered list. Add a zero effect formatting mark to override
this.

doc/apps/smime.pod around line 315: Expected text after =item, not a
number
...

PR#3146
 2014-04-30 23:47:29 +01:00
mancha
e622237d12 Fix version documentation. 
Specify -f is for compilation flags. Add -d to synopsis section.

(cherry picked from commit 006397ea62bbcae22c8664d53c2222b808c4bdd1)

Closes #79.
 2014-04-26 11:21:34 +01:00
Dr. Stephen Henson
e3899ababb Document -debug_decrypt option. 
(cherry picked from commit 0dd5b94aeb)
 2014-04-16 12:36:06 +01:00
Dr. Stephen Henson
602b2790ca Clarify CMS_decrypt behaviour. 
(cherry picked from commit 5f8e9a477a)
 2014-04-15 18:19:40 +01:00
Dr. Stephen Henson
b05a3ad765 Add new key fingerprint. 
(cherry picked from commit 3143a332e8)
 2014-04-11 02:51:48 +01:00
Dr. Stephen Henson
0d7717fc9c Document -verify_return_error option. 
(cherry picked from commit 4e6c12f308)
 2014-04-07 13:04:21 +01:00
Dr. Stephen Henson
6042582b62 Document new crl option. 
(cherry picked from commit dbb7654dc1)
 2014-04-03 13:37:11 +01:00
Kurt Roeckx
d8ec8a4a65 Fix additional pod errors with numbered items. 
(cherry picked from commit e547c45f1c)
 2014-02-14 22:35:39 +00:00
Scott Schaefer
040ed7b4d0 Fix various spelling errors 
(cherry picked from commit 2b4ffc659e)
 2014-02-14 22:35:39 +00:00
Scott Schaefer
c76e5b08a1 Document pkcs12 -password behavior 
apps/pkcs12.c accepts -password as an argument.  The document author
almost certainly meant to write "-password, -passin".

However, that is not correct, either.  Actually the code treats
-password as equivalent to -passin, EXCEPT when -export is also
specified, in which case -password as equivalent to -passout.
(cherry picked from commit 856c6dfb09)
 2014-02-14 22:35:39 +00:00
Dr. Stephen Henson
f21e6b6ecb Clarify docs. 
Remove reference to ERR_TXT_MALLOCED in the error library as that is
only used internally. Indicate that returned error data must not be
freed.
(cherry picked from commit f2d678e6e8)
 2014-01-29 01:02:12 +00:00
Dr. Stephen Henson
62c2b6d944 Document RSAPublicKey_{in,out} options. 
(cherry picked from commit 7040d73d22987532faa503630d6616cf2788c975)
 2013-11-09 15:09:21 +00:00
Rob Stradling
4b61f6d2a6 Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X. 
OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
 2013-09-16 15:07:51 +01:00
Dr. Stephen Henson
55856a7b74 Correct ECDSA example. 
(cherry picked from commit 3a918ea2bbf4175d9461f81be1403d3781b2c0dc)
 2013-08-20 17:30:38 +01:00
Nick Alcock
08f8933fa3 Fix POD errors to stop make install_docs dying with pod2man 2.5.0+ 
podlators 2.5.0 has switched to dying on POD syntax errors. This means
that a bunch of long-standing erroneous POD in the openssl documentation
now leads to fatal errors from pod2man, halting installation.

Unfortunately POD constraints mean that you have to sort numeric lists
in ascending order if they start with 1: you cannot do 1, 0, 2 even if
you want 1 to appear first. I've reshuffled such (alas, I wish there
were a better way but I don't know of one).
(cherry picked from commit 5cc2707742)
 2013-02-15 19:40:09 +01:00
Ben Laurie
9d75e765bc Correct EVP_PKEY_verifyrecover to EVP_PKEY_verify_recover (RT 2955). 2013-01-13 23:00:46 +00:00
Ben Laurie
bee0550397 Documentation improvements by Chris Palmer (Google). 2012-12-14 13:29:51 +00:00
Ben Laurie
fc57c58c81 Document -pubkey option. 2012-12-13 16:08:17 +00:00
Dr. Stephen Henson
d6342aab08 correct docs 2012-11-19 20:07:05 +00:00
Richard Levitte
7ad8e1fc4e Correct environment variable is OPENSSL_ALLOW_PROXY_CERTS. 2012-05-04 10:43:22 +00:00
Dr. Stephen Henson
6cbae10b5e update rather ancient EVP digest documentation 2012-04-10 22:28:22 +00:00
Andy Polyakov
1fb07a7de8 doc/apps: formatting fixes [from HEAD]. 
PR: 2683
Submitted by: Annie Yousar
 2012-01-11 21:58:42 +00:00
Andy Polyakov
c6706a6f6c ecdsa.pod: typo. 
PR: 2678
Submitted by: Annie Yousar
 2012-01-11 21:41:50 +00:00
Dr. Stephen Henson
efbb7ee432 PR: 1794 
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve

Document unknown_psk_identify alert, remove pre-RFC 5054 string from
ssl_stat.c
 2011-11-13 13:13:14 +00:00
Bodo Möller
79571bb1ca Clarify warning 2011-10-13 13:25:03 +00:00
Bodo Möller
1dc4c8c727 Fix typo. 
Submitted by: Jim Morrison
 2011-07-11 12:13:56 +00:00
Bodo Möller
346601bc32 CVE-2010-4180 fix (from OpenSSL_1_0_0-stable) 2011-02-03 10:42:00 +00:00
Dr. Stephen Henson
61c10d42f6 fix doc typos 2010-12-02 13:45:25 +00:00
Dr. Stephen Henson
0172ad2902 Minor documentation fixes, PR#2345 2010-10-04 13:28:27 +00:00
Dr. Stephen Henson
d9aa352ff0 Minor documentation fixes, PR#2344 2010-10-04 13:24:07 +00:00
Dr. Stephen Henson
ca91057d50 PR: 2252 
Submitted By: Ger Hobbelt <ger@hobbelt.com>

Update docs to BIO_f_buffer()
 2010-05-03 15:29:51 +00:00
Andy Polyakov
336d1ee733 bss_file.c: reserve for option to encode file name in UTF-8 on Windows 
[from HEAD].
 2010-04-28 20:04:37 +00:00
Dr. Stephen Henson
acc9938ba5 Add SHA2 algorithms to SSL_library_init(). Although these aren't used 
directly by SSL/TLS SHA2 certificates are becoming more common and
applications that only call SSL_library_init() and not
OpenSSL_add_all_alrgorithms() will fail when verifying certificates.

Update docs.
 2010-04-07 13:18:30 +00:00
Dr. Stephen Henson
f6d13ac8cf Remove obsolete PRNG note. Add comment about use of SHA256 et al. 2010-04-06 15:05:47 +00:00
Dr. Stephen Henson
24cb653c6b PR: 2209 
Submitted Daniel Mentz <danielml@sent.com>

Documentation typo.
 2010-04-06 14:45:31 +00:00
Dr. Stephen Henson
6507653e72 The meaning of the X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY and 
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT error codes were reversed in
the verify application documentation.
 2010-02-23 14:09:22 +00:00
Dr. Stephen Henson
4f3d52fedc clarify documentation 2010-02-18 12:41:50 +00:00
Dr. Stephen Henson
989238802a Allow renegotiation if SSL_OP_LEGACY_SERVER_CONNECT is set as well as 
initial connection to unpatched servers. There are no additional security
concerns in doing this as clients don't see renegotiation during an
attack anyway.
 2010-02-17 18:38:10 +00:00
Dr. Stephen Henson
81d87a2a28 update references to new RI RFC 2010-02-12 21:59:57 +00:00
Dr. Stephen Henson
5a6ae115f8 reword RI description 2010-01-27 18:53:49 +00:00
Dr. Stephen Henson
5e5df40b9b update documentation to reflect new renegotiation options 2010-01-27 17:50:20 +00:00
Dr. Stephen Henson
a758f61793 PR: 2157 
Submitted by: "Green, Paul" <Paul.Green@stratus.com>

Typo.
 2010-01-27 12:55:52 +00:00
Dr. Stephen Henson
1699389a46 Tolerate PKCS#8 DSA format with negative private key. 2010-01-22 20:17:30 +00:00
Dr. Stephen Henson
39f0a4d8e9 typo 2010-01-21 18:46:28 +00:00
Dr. Stephen Henson
93fac08ec3 PR: 2136 
Submitted by: Willy Weisz <weisz@vcpc.univie.ac.at>

Add options to output hash using older algorithm compatible with OpenSSL
versions before 1.0.0
 2010-01-12 17:27:11 +00:00
Dr. Stephen Henson
4359b88bbe Typo 2010-01-05 17:50:01 +00:00
Dr. Stephen Henson
6e94156199 Remove tabs on blank lines: they produce warnings in pod2man 2010-01-05 17:17:20 +00:00
Dr. Stephen Henson
730f5752ff clarify docs 2009-12-09 18:17:09 +00:00
Dr. Stephen Henson
a88c73b43a Document option clearning functions. 
Initial secure renegotiation documentation.
 2009-12-09 18:00:52 +00:00
Dr. Stephen Henson
e274c8fb72 typo 2009-11-29 13:45:18 +00:00
Dr. Stephen Henson
67bcde9ba8 PR: 2078 
Submitted by: Dale Anderson <dra@redevised.net>
Approved by: steve@openssl.org

Corrections to bn_internal documentation.
 2009-10-28 13:51:56 +00:00
Dr. Stephen Henson
5b2b60ae98 Document additions for X509 chain verification from HEAD 2009-10-18 15:28:59 +00:00
Dr. Stephen Henson
164c263b5c PR: 2074 
Submitted by: Bram Neijt <bneijt@gmail.com>
Approved by: steve@openssl.org

Typo: "contet".
 2009-10-16 15:29:34 +00:00
Dr. Stephen Henson
50425bc137 Change version from 0.9.9 to 1.0.0 in docs 2009-09-30 23:40:52 +00:00
Dr. Stephen Henson
3333428b44 PR: 2023 
Submitted by: James Beckett <jmb.openssl@nospam.hackery.net>, steve
Approved by: steve@openssl.org

Fix documentation errors in d2i_X509 manual pages.
 2009-09-12 23:34:56 +00:00
Dr. Stephen Henson
a131de9bb2 PR: 2025 
Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org

Constify SSL_CIPHER_description
 2009-09-12 23:18:09 +00:00
Dr. Stephen Henson
7483896e15 Correction: salt is now default 2009-09-04 12:27:01 +00:00
Dr. Stephen Henson
f1ad8fb627 Doc update from HEAD. 2009-07-24 13:02:55 +00:00
Dr. Stephen Henson
1546de87f0 Fix from 0.9.8-stable. 2009-07-11 22:36:27 +00:00
Dr. Stephen Henson
710c1c34d1 Allow checking of self-signed certifictes if a flag is set. 2009-06-26 11:28:52 +00:00
Dr. Stephen Henson
0cb76e79df PR: 1748 
Fix nasty SSL BIO pop bug. Since this changes the behaviour of SSL BIOs and
will break applications that worked around the bug only included in 1.0.0 and
later.
 2009-06-25 11:26:45 +00:00
Dr. Stephen Henson
bfd502f027 Updates from HEAD. 2009-06-16 16:39:20 +00:00
Dr. Stephen Henson
3e53c86001 Update from HEAD. 2009-06-02 11:06:28 +00:00
Dr. Stephen Henson
66b7e42790 PR: 1599 
Reformat PKCS12_parse manual page, document return values.
 2009-05-17 14:48:02 +00:00
Dr. Stephen Henson
9990cb75c1 PR: 1894 
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Approved by: steve@openssl.org

Fix various typos and stuff.
 2009-04-16 17:22:51 +00:00
Dr. Stephen Henson
6fda4d7e5d PR: 1887 
Submitted by: "Victor B. Wagner" <vitus@cryptocom.ru>
Approved by: steve@openssl.org

Document/clarify use of some options and include details of GOST algorihthm
usage.
 2009-04-10 16:42:28 +00:00
Dr. Stephen Henson
36a252ea46 Typo. 2009-04-10 11:35:31 +00:00
Dr. Stephen Henson
a31a195246 PR: 1887 (part, modified) 
Submitted by: "Victor B. Wagner" <vitus@cryptocom.ru>
Approved by: steve@openssl.org

Use correct command names in -engine description and fix typo.
 2009-04-10 11:25:54 +00:00
Dr. Stephen Henson
81be661ae2 PR: 1626 
Submitted by: Cerutti Pietro <pietro.cerutti@bfh.ch>

Fix manual page.
 2009-04-06 15:16:41 +00:00
Dr. Stephen Henson
fab4447179 PR: 1880 
Document -ocsp_uri command line switch to x509 utility.
 2009-04-01 15:06:28 +00:00
cvs2svn
3d11b8f896 This commit was manufactured by cvs2svn to create branch 
'OpenSSL_1_0_0-stable'.
 2009-03-31 19:54:52 +00:00
Dr. Stephen Henson
c28a9165f2 PR: 1862 
Typo.
 2009-03-12 17:13:15 +00:00
Dr. Stephen Henson
2a0ff7ad20 Typo. 2009-03-08 12:01:20 +00:00
Dr. Stephen Henson
477fd4596f PR: 1835 
Submitted by: Damien Miller <djm@mindrot.org>
Approved by: steve@openssl.org

Fix various typos.
 2009-02-14 21:49:38 +00:00
Bodo Möller
7ca1cfbac3 -hex option for openssl rand 
PR: 1831
Submitted by: Damien Miller
 2009-02-02 00:01:28 +00:00
Lutz Jänicke
706c5a4d35 Clarify (non-)blocking behavior of EGD socket interface used by RAND_egd(). 2008-11-10 11:26:44 +00:00
Dr. Stephen Henson
87d52468aa Update HMAC functions to return an error where relevant. 2008-11-02 16:00:39 +00:00
Geoff Thorpe
ab9c689ad3 Correct the FAQ and the threads man page re: CRYPTO_THREADID changes. 2008-08-06 16:41:50 +00:00
Geoff Thorpe
4c3296960d Remove the dual-callback scheme for numeric and pointer thread IDs, 
deprecate the original (numeric-only) scheme, and replace with the
CRYPTO_THREADID object. This hides the platform-specifics and should reduce
the possibility for programming errors (where failing to explicitly check
both thread ID forms could create subtle, platform-specific bugs).

Thanks to Bodo, for invaluable review and feedback.
 2008-08-06 15:54:15 +00:00
Lutz Jänicke
787287af40 Refer to SSL_pending from the man page for SSL_read 2008-08-01 15:03:20 +00:00
Dr. Stephen Henson
db50661fce X509 verification fixes. 
Ignore self issued certificates when checking path length constraints.

Duplicate OIDs in policy tree in case they are allocated.

Use anyPolicy from certificate cache and not current tree level.
 2008-07-13 14:25:36 +00:00
Geoff Thorpe
5f834ab123 Revert my earlier CRYPTO_THREADID commit, I will commit a reworked 
version some time soon.
 2008-07-03 19:59:25 +00:00
Ben Laurie
8671b89860 Memory saving patch. 2008-06-03 02:48:34 +00:00
Ben Laurie
3c1d6bbc92 LHASH revamp. make depend. 2008-05-26 11:24:29 +00:00
Lutz Jänicke
51e00db226 Document "openssl s_server" -crl_check* options 
Submitted by: Daniel Black <daniel.subs@internode.on.net>
 2008-05-19 07:52:15 +00:00
Lutz Jänicke
a92ebf2290 Provide information about "openssl dgst" -hmac option. 2008-05-19 07:43:34 +00:00