Commit graph

1208 commits

Author SHA1 Message Date
Matt Caswell
5998e29035 Remove SSL_state and SSL_set_state
SSL_state has been replaced by SSL_get_state and SSL_set_state is no longer
supported.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-30 08:39:46 +00:00
Matt Caswell
35bf6e0537 Change HANDSHAKE_STATE to OSSL_HANDSHAKE_STATE
Rename the enum HANDSHAKE_STATE to OSSL_HANDSHAKE_STATE to ensure there are
no namespace clashes, and convert it into a typedef.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-30 08:39:46 +00:00
Matt Caswell
f3b9257f82 Minor documentation tweak
Update the return type for SSL_state in the documentation.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-30 08:39:46 +00:00
Rich Salz
a528d4f0a9 Remove SSLeay history, etc., from docs
If something was "present in all versions" of SSLeay, or if it was
added to a version of SSLeay (and therefore predates OpenSSL),
remove mention of it.  Documentation history now starts with OpenSSL.

Remove mention of all history before OpenSSL 0.9.8, inclusive.

Remove all AUTHOR sections.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-10-28 17:23:51 -04:00
Rich Salz
6f5c030320 Remove HAMC_cleanup
Old API for use with OpenSSL-0.9.6.  Remove it.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-10-27 16:07:56 -04:00
Alessandro Ghedini
d900a015b5 Fix typos
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-23 19:52:08 +02:00
Adam Eijdenberg
8cbb048c3e Clarify return values for EVP_DigestVerifyFinal.
Previous language was unclear.  New language isn't pretty but I believe
it is more accurate.

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Ben Laurie <ben@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-22 18:27:48 -04:00
Matt Caswell
21cd6e006c Don't use SSLv23_server_method in an example
The function SSLv23_server_method() is an old name. New code should use
TLS_server_method() instead. Therefore don't use SSLv23_server_method() in
an example in the docs.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-21 16:22:19 +01:00
Matt Caswell
8b7080b0b7 Remove Obsolete engines
There are a number of engines in the OpenSSL source code which are now
obsolete. The following engines have been removed: 4758cca, aep, atalla,
cswift, nuron, sureware.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-10-15 17:02:06 +01:00
Matt Caswell
c84f7f4a74 Change the DEFAULT ciphersuites to exclude DES, RC4 and RC2
This patch updates the "DEFAULT" cipherstring to be
"ALL:!COMPLEMENTOFDEFAULT:!eNULL". COMPLEMENTOFDEFAULT is now defined
internally by a flag on each ciphersuite indicating whether it should be
excluded from DEFAULT or not. This gives us control at an individual
ciphersuite level as to exactly what is in DEFAULT and what is not.

Finally all DES, RC4 and RC2 ciphersuites are added to COMPLEMENTOFDEFAULT
and hence removed from DEFAULT.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-30 19:15:06 +01:00
Matt Caswell
40e2d76bec Document -no-CApath and -no-CAfile
Add documentation to all the appropriate apps for the new -no-CApath and
-no-CAfile options.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-09-25 14:49:59 +01:00
Matt Caswell
631fb6af5f Document the default CA path functions
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-09-25 14:49:59 +01:00
Matt Caswell
468f043ece Clarify DTLSv1_listen documentation
Clarify that user code is required to allocate sufficient space for the
addressing scheme in use in the call to DTLSv1_listen.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-09-23 13:53:27 +01:00
Matt Caswell
ca7256fbd9 Add DTLSv1_listen documentation
Adds a new man page to cover the DTLSv1_listen() function.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-09-23 13:53:27 +01:00
Matt Caswell
35d15a3952 Add -listen documentation
This commit adds documentation for the new -listen option to s_server. Along
the way it also adds documentation for -dtls, -dtls1 and -dtls1_2 which was
missing.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-09-23 13:53:27 +01:00
Dr. Stephen Henson
69d492eac8 Document X509_get0_subject_key_id()
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-22 21:15:55 +01:00
Emilia Kasper
21b0fa9118 Document BUF_strnlen
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-22 19:52:41 +02:00
Emilia Kasper
58e3457a82 BUF_strdup and friends: update docs
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-22 19:51:53 +02:00
Dr. Stephen Henson
035014cd22 Update SEE ALSO sections.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-22 13:42:20 +01:00
Dr. Stephen Henson
dd332cea9f Document signature accessors.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-22 13:42:20 +01:00
Dr. Stephen Henson
047dd81efe Extension parsing and encoding docs.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-22 13:15:42 +01:00
Dr. Stephen Henson
d8db9a0df5 Document i2d_re_X509_REQ_tbs() and i2d_re_X509_CRL_tbs().
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-22 13:15:42 +01:00
Dr. Stephen Henson
73a7e8de17 Document X509_REVOKED functions.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-22 13:15:42 +01:00
Dr. Stephen Henson
94eae38011 Document X509 sign and verify functions.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-22 13:15:42 +01:00
Dr. Stephen Henson
e7fabc5ea5 Document X509 public key functions.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-22 13:15:42 +01:00
Dr. Stephen Henson
5571ea886f Document X509 name get and set functions.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-22 13:15:42 +01:00
Dr. Stephen Henson
5f74a40540 Document X509 version functions.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-22 13:15:42 +01:00
Dr. Stephen Henson
03706afa30 Use default field separator.
If the field separator isn't specified through -nameopt then use
XN_FLAG_SEP_CPLUS_SPC instead of printing nothing and returing an error.

PR#2397

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-11 20:50:48 +01:00
Rich Salz
ff2f6bb084 Fix rehash/c_rehash doc and behavior.
Both now warn once if directory isn't writeable.
Both now warn on file-write errors (multiple times).
Update manpage to describe both program and script correctly.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-09-08 15:13:57 -04:00
Richard Levitte
e51fb759a6 Adjust the general fill-column in doc/dir-locals.example.el
Having a general fill-column of 78 may look nice at first sight, but
if the edited text gets indented a bit afterward (such as with git
comments in 'git log'), it suddenly turns not so nice on a classic 80
columns terminal.  A fill-column of 70 will serve us better.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-08 00:59:50 +02:00
Timo Teras
8f6f1441a3 Add rehash command to openssl
On Unix/Linux platforms, merge c_rehash script into openssl as a
C program.

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-06 18:03:54 -04:00
David Woodhouse
d35ff2c0ad RT3951: Add X509_V_FLAG_NO_CHECK_TIME to suppress time check
In some environments, such as firmware, the current system time is entirely
meaningless. Provide a clean mechanism to suppress the checks against it.

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-05 16:17:15 -04:00
Dr. Stephen Henson
361136f4b3 Document extension functions
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-01 20:37:45 +01:00
Rich Salz
8db7878106 RT3767: openssl_button.gif should be PNG
No, we should just delete it.  And updated the README

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-01 11:56:14 -04:00
Dr. Stephen Henson
d8c054f2da Remove asn1-kludge option.
Remove asn1-kludge option from the req utility. It was a decade old
workaround for CAs and software which required an invalid encoding
of PKCS#10 certificate requests: omitting the attributes field even
though it is not OPTIONAL.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-08-31 20:58:33 +01:00
Ben Kaduk
36ac7bc8a9 GH367 follow-up, for more clarity
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-08-31 13:46:12 -04:00
Richard Levitte
6dc08048d9 Remove auto-fill-mode
Apparently, emacs sees changes to auto-fill-mode as insecure

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-08-31 18:15:33 +02:00
Richard Levitte
0927f0d822 Add an example .dir-locals.el
This file, when copied to .dir-locals.el in the OpenSSL source top,
will make sure that the CC mode style "OpenSSL-II" will be used for
all C files.

Additionally, I makes sure that tabs are never used as indentation
character, regardless of the emacs mode, and that the fill column is
78.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-08-31 18:15:32 +02:00
Richard Levitte
d9b3554b2d Add emacs CC mode style for OpenSSL
This hopefully conforms closely enough to the current code style.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-08-31 18:15:32 +02:00
Ismo Puustinen
f00a10b897 GH367: Fix dsa keygen for too-short seed
If the seed value for dsa key generation is too short (< qsize),
return an error. Also update the documentation.

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-08-27 22:57:00 -04:00
Rich Salz
c03726ca41 Various doc fixes.
Make all mention of digest algorithm use "any supported algorithm"

RT2071, some new manpages from Victor B. Wagner <vitus@cryptocom.ru>:
    X509_LOOKUP_hash_dir.pod
    X509_check_ca.pod
    X509_check_issued.pod

RT 1600:
    Remove references to non-existant objects(3)
    Add RETURN VALUES to BIO_do_accept page.

RT1818:
    RSA_sign Can return values other than 0 on failure.

RT3634:
    Fix AES CBC aliases (Steffen Nurpmeso <sdaoden@yandex.com>)

RT3678:
    Some clarifications to BIO_new_pair
    (Devchandra L Meetei <dlmeetei@gmail.com>)

RT3787:
    Fix some EVP_ function return values
    (Laetitia Baudoin <lbaudoin@google.com>)

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-08-27 14:27:28 -04:00
Viktor Dukhovni
208b2d541d GH correct organizationalUnitName
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-08-26 17:31:10 -04:00
Markus Rinne
fe50cd7ad4 RT4019: Duplicate -hmac flag in dgst.pod
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-08-25 12:15:53 -04:00
Rich Salz
32c5e0ba0f GH372: Remove duplicate flags
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-08-25 12:10:54 -04:00
Rich Salz
2c4969708c Small cleanup of crypto.pod
Came up on the mailing list, from Ken Goldman.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-08-24 18:21:54 -04:00
Rich Salz
9b86974e0c Fix L<> content in manpages
L<foo|foo> is sub-optimal  If the xref is the same as the title,
which is what we do, then you only need L<foo>.  This fixes all
1457 occurrences in 349 files.  Approximately.  (And pod used to
need both.)

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-08-21 15:11:50 -04:00
Dr. Stephen Henson
f8f5f8369d add CCM docs
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-08-14 06:57:32 +01:00
Dr. Stephen Henson
2fd7fb99db Update docs.
Clarify and update documention for extra chain certificates.

PR#3878.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-08-14 06:28:00 +01:00
Dr. Stephen Henson
6d5f8265ce Documentation for SSL_check_chain()
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-08-14 06:24:38 +01:00
Rich Salz
ade44dcb16 Remove Gost94 signature algorithm.
This was obsolete in 2001.  This is not the same as Gost94 digest.
Thanks to Dmitry Belyavsky <beldmit@gmail.com> for review and advice.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-08-11 18:23:29 -04:00