wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
12317 commits 20 branches 302 tags 153 MiB
Commit graph

1009 commits

Author SHA1 Message Date
Jan Schaumann
fd4592be3a RT1804: fix EXAMPLE in EVP_EncryptInit.pod 
The EXAMPLE that used FILE and RC2 doesn't compile due to a
few minor errors.  Tweak to use IDEA and AES-128. Remove
examples about RC2 and RC5.

Reviewed-by: Emilia Kasper <emilia@openssl.org>
 2014-08-25 10:25:02 -04:00
Matt Caswell
2dd8cb3b95 Typo fixes to evp documentation. 
This patch was submitted by user "Kox" via the wiki

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-08-24 21:24:28 +01:00
Emilia Kasper
d64c533a20 Improve EVP_PKEY_sign documentation 
Clarify the intended use of EVP_PKEY_sign. Make the code example compile.

Reviewed-by: Dr Stephen Henson <steve@openssl.org>
 2014-08-22 15:00:11 +02:00
Martin Olsson
1afd7fa97c RT2513: Fix typo's paramter-->parameter 
I also found a couple of others (padlock and signinit)
and fixed them.

Reviewed-by: Emilia Kasper <emilia@openssl.org>
 2014-08-19 11:09:33 -04:00
John Gardiner Myers
fc979b93ee RT2942: CRYPTO_set_dynlock_create_callback doc fix 
The file param is "const char*" not "char*"

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
 2014-08-18 16:04:33 -04:00
Hubert Kario
750487899a Add support for Camellia HMAC-Based cipher suites from RFC6367 
While RFC6367 focuses on Camellia-GCM cipher suites, it also adds a few
cipher suites that use SHA-2 based HMAC that can be very easily
added.

Tested against gnutls 3.3.5

PR#3443

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-08-15 23:41:20 +01:00
Ingo Schwarze
bebbb11d13 RT3239: Extra comma in NAME lines of two manpages 
In two OpenSSL manual pages, in the NAME section, the last word of the
name list is followed by a stray trailing comma. While this may seem
minor, it is worth fixing because it may confuse some makewhatis(8)
implementations.

While here, also add the missing word "size" to the one line
description in SSL_CTX_set_max_cert_list(3).

Reviewed by: Dr Stephen Henson <shenson@drh-consultancy.co.uk>
 2014-08-12 15:59:18 -04:00
Nick Lewis
9aaa7be8d4 PR 2580: dgst missing current SHA algorithms 
Update the dgst.pod page to include SHA224...512 algorithms.
Update apps/progs.pl to add them to the digest command table.

Reviewed-by: Tim Hudson <tjh@cryptosoft.com>
 2014-08-12 11:29:20 -04:00
Nick Urbanik
42ce91cc35 RT2609: Typo in EXAMPLE section of req.pod 
The x509_extensions should be req_extensions in the
config example in req.pod

Reviewed-by: tjh@cryptsoft.com
 2014-08-12 11:16:58 -04:00
Scott Schaefer
d4a4370050 RT 2517: Various typo's. 
Reviewed-by: Emilia Kasper

Many of these were already fixed, this catches the last
few that were missed.
 2014-08-11 13:43:31 -04:00
Tim Hudson
c8d133e4b6 Minor documentation update removing "really" and a 
statement of opinion rather than a fact.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2014-07-21 20:03:50 +10:00
Dr. Stephen Henson
f8c03d4dbf Fix documentation for RSA_set_method(3) 
PR#1675
Reviewed-by: Matt Caswell <matt@openssl.org>
 2014-07-19 22:57:37 +01:00
Jeffrey Walton
d48e78f0cf Fix typo, add reference. 
PR#3456
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2014-07-17 12:07:37 +01:00
Matt Caswell
3bd548192a Add Matt Caswell's fingerprint, and general update on the fingerprints file to bring it up to date 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-07-15 23:13:37 +01:00
Dr. Stephen Henson
ca2015a617 Clarify -Verify and PSK. 
PR#3452
 2014-07-15 20:22:39 +01:00
Hubert Kario
7efd0e777e document -nextprotoneg option in man pages 
Add description of the option to advertise support of
Next Protocol Negotiation extension (-nextprotoneg) to
man pages of s_client and s_server.

PR#3444
 2014-07-14 23:42:59 +01:00
Dr. Stephen Henson
aa224e9719 Fix typo. 2014-07-14 18:31:55 +01:00
Viktor Dukhovni
b73ac02735 Improve X509_check_host() documentation. 
Based on feedback from Jeffrey Walton.
 2014-07-07 20:34:06 +10:00
Viktor Dukhovni
297c67fcd8 Update API to use (char *) for email addresses and hostnames 
Reduces number of silly casts in OpenSSL code and likely most
applications.  Consistent with (char *) for "peername" value from
X509_check_host() and X509_VERIFY_PARAM_get0_peername().
 2014-07-07 19:11:38 +10:00
Dr. Stephen Henson
cba3f1c739 Document certificate status request options. 2014-07-06 22:40:01 +01:00
Jeffrey Walton
75b7606881 Added reference to platform specific cryptographic acceleration such as AES-NI 2014-07-06 00:03:13 +01:00
Matt Caswell
fd9e244370 Fixed error in pod files with latest versions of pod2man 2014-07-06 00:03:13 +01:00
Viktor Dukhovni
ced3d9158a Set optional peername when X509_check_host() succeeds. 
Pass address of X509_VERIFY_PARAM_ID peername to X509_check_host().
Document modified interface.
 2014-07-06 01:50:50 +10:00
Viktor Dukhovni
6e661d458f New peername element in X509_VERIFY_PARAM_ID 
Declaration, memory management, accessor and documentation.
 2014-07-06 01:50:50 +10:00
Dr. Stephen Henson
a9661e45ac typo 
(cherry picked from commit 2cfbec1cae)
 2014-07-04 13:50:55 +01:00
Dr. Stephen Henson
b948ee27b0 Remove all RFC5878 code. 
Remove RFC5878 code. It is no longer needed for CT and has numerous bugs
 2014-07-04 13:26:35 +01:00
Dr. Stephen Henson
a23a6e85d8 Update ticket callback docs. 2014-07-03 14:50:08 +01:00
Rich Salz
538860a3ce RT 1638; EVP_*Final() should mention they no longer cleanup the ctx. 2014-07-02 23:38:34 -04:00
Rich Salz
fc1d88f02f Close a whole bunch of documentation-related tickets: 
298 424 656 882 939 1630 1807 2263 2294 2311 2424 2623
    2637 2686 2697 2921 2922 2940 3055 3112 3156 3177 3277
 2014-07-02 22:42:40 -04:00
Matt Smart
5cc99c6cf5 Fix doc typo. 
ERR_get_error(3) references the non-existent
ERR_get_last_error_line_data instead of the one that does exist,
ERR_peek_last_error_line_data.

PR#3283
 2014-07-02 03:43:42 +01:00
Rich Salz
762a44de59 RT 3245; it's "bitwise or" not "logical or" 2014-07-01 13:00:18 -04:00
Rich Salz
854dfcd859 Fix RT 3211; "and are" -->"are" 2014-07-01 12:55:32 -04:00
Rich Salz
7b1d946051 Fix RT 2567; typo in pkeyutl page. 2014-07-01 12:49:20 -04:00
Rich Salz
42b91f28a6 Fix RT 2430; typo's in ca.pod 2014-07-01 12:47:52 -04:00
Rich Salz
d7003c4d7d Fix RT 3193 2014-07-01 12:44:32 -04:00
Jeffrey Walton
6e6ba36d98 Clarified that the signature's buffer size, s, is not used as an 
IN parameter.

Under the old docs, the only thing stated was "at most
EVP_PKEY_size(pkey) bytes will be written". It was kind of misleading
since it appears EVP_PKEY_size(pkey) WILL be written regardless of the
signature's buffer size.
 2014-06-29 23:34:21 +01:00
Ken Ballou
76ed5a42ea Typo. 
PR#3173
 2014-06-29 13:38:55 +01:00
Dr. Stephen Henson
528b1f9a9f Clarify protocols supported. 
Update protocols supported and note that SSLv2 is effectively disabled
by default.

PR#3184
 2014-06-29 00:07:08 +01:00
Rich Salz
a0490e02c7 RT 487. Mention that generated primes are "at least" B<bits> long. 2014-06-27 15:59:08 -04:00
Jeffrey Walton
0535c2d67c Clarify docs. 
Document that the certificate passed to SSL_CTX_add_extra_chain_cert()
should not be freed by the application.

PR#3409
 2014-06-27 16:39:11 +01:00
Viktor Dukhovni
8abffa4a73 Multiple verifier reference identities. 
Implemented as STACK_OF(OPENSSL_STRING).
 2014-06-22 20:32:35 -04:00
Viktor Dukhovni
d241b80409 More complete X509_check_host documentation. 2014-06-22 19:50:02 -04:00
Matt Caswell
115e480924 Fix minor typos 2014-06-19 23:45:21 +01:00
Hubert Kario
e42d84be33 add references to verify(1) man page for args_verify() options 
cms, ocsp, s_client, s_server and smime tools also use args_verify()
for parsing options, that makes them most of the same options
verify tool does. Add those options to man pages and reference
their explanation in the verify man page.
 2014-06-19 23:09:21 +01:00
Hubert Kario
2866441a90 sort the options in verify man page alphabetically 
just making sure the options are listed in the alphabetical order
both in SYNOPSIS and DESCRIPTION, no text changes
 2014-06-19 23:09:21 +01:00
Hubert Kario
cd028c8e66 add description of missing options to verify man page 
The options related to policy used for verification, verification
of subject names in certificate and certificate chain handling
were missing in the verify(1) man page. This fixes this issue.
 2014-06-19 23:09:21 +01:00
Hubert Kario
ce21d108bd smime man page: add missing options in SYNOPSIS 
-CAfile and -CApath is documented in OPTIONS but is missing
in SYNOPSIS, add them there
 2014-06-19 23:09:21 +01:00
Hubert Kario
6d3d579367 Document -trusted_first option in man pages and help. 
Add -trusted_first description to help messages and man pages
of tools that deal with certificate verification.
 2014-06-19 23:09:21 +01:00
rfkrocktk
96fc4b7250 Added documentation for -iter for PKCS#8 2014-06-17 23:10:14 +01:00
Viktor Dukhovni
a09e4d24ad Client-side namecheck wildcards. 
A client reference identity of ".example.com" matches a server
certificate presented identity that is any sub-domain of "example.com"
(e.g. "www.sub.example.com).

With the X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS flag, it matches
only direct child sub-domains (e.g. "www.sub.example.com").
 2014-06-12 23:19:25 +01:00