aboutsummaryrefslogtreecommitdiff
path: root/doc
AgeCommit message (Collapse)AuthorFilesLines
2018-09-04Clarify the return value of SSL_client_version()Matt Caswell1-9/+13
The SSL_client_version() function returns the value held in the legacy_version field of the ClientHello. This is never greater than TLSv1.2, even if TLSv1.3 later gets negotiated. Fixes #7079 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7095)
2018-09-04Clarify the EVP_DigestSignInit docsMatt Caswell2-5/+10
They did not make it clear how the memory management works for the |pctx| parameter. Fixes #7037 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7042)
2018-09-04Fix example in crl(1) man pageJakub Wilk1-1/+1
The default input format is PEM, so explicit "-inform DER" is needed to read DER-encoded CRL. CLA: trivial Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7094)
2018-09-03Rename SSL[_CTX]_add1_CA_list -> SSL[_CTX]_add1_to_CA_listRichard Levitte1-6/+6
They add a single item, so the names give a false impression of what they do, making them hard to remember. Better to give them a somewhat better name. Fixes #6930 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6931)
2018-09-03add docs for OCSP_resp_get0_signaturePaul Kehrer1-0/+4
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7082)
2018-09-03add getter for tbsResponseData and signatureAlgorithm on OCSP_BASICRESPPaul Kehrer1-0/+8
fixes #7081 Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7082)
2018-09-01Add a note in the docs about sharing PSKs between TLSv1.2 and TLSv1.3Matt Caswell2-0/+18
Fixes #6490 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Yang <yang.yang@baishancloud.com> (Merged from https://github.com/openssl/openssl/pull/7044)
2018-09-01TLSv1.3 related changes to man pagesHubert Kario10-47/+78
Add or update the documentation of the different man pages in relation to TLSv1.3 behaviour. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Paul Yang <yang.yang@baishancloud.com> (Merged from https://github.com/openssl/openssl/pull/6939)
2018-08-24Add semicolon at the end of the function prototypesPaul Yang2-8/+8
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7041)
2018-08-22Fix typos in documentation.parasssh4-8/+8
CLA: trivial Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7038)
2018-08-22man3/OBJ_nid2obj.pod: mention failure code for OBJ_create.Andy Polyakov1-1/+2
Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6998)
2018-08-22Ignore the digest in req app if using EdDSAMatt Caswell1-5/+5
This follows on from the previous commit, and makes the same change to ignore the digest if we are using EdDSA. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6901)
2018-08-22Improve the usability of the ca app using EdDSAMatt Caswell2-5/+7
Previously you had to supply "null" as the digest to use EdDSA. This changes things so that any digest is ignored. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6901)
2018-08-22Fix typos in documentationJakub Wilk3-3/+3
CLA: trivial Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7021)
2018-08-20Add support for SSL_CTX_set_post_handshake_auth()Matt Caswell1-7/+9
We already have SSL_set_post_handshake_auth(). This just adds the SSL_CTX equivalent. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6938)
2018-08-20Change Post Handshake auth so that it is opt-inMatt Caswell2-12/+13
Having post handshake auth automatically switched on breaks some applications written for TLSv1.2. This changes things so that an explicit function call is required for a client to indicate support for post-handshake auth. Fixes #6933. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6938)
2018-08-20Fix typos and errors in Ed25519.pod documentationparasssh1-5/+5
CLA: trivial Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7005)
2018-08-17crypto/threads_*: remove CRYPTO_atomic_{read|write}.Andy Polyakov1-15/+2
CRYPTO_atomic_read was added with intention to read statistics counters, but readings are effectively indistinguishable from regular load (even in non-lock-free case). This is because you can get out-dated value in both cases. CRYPTO_atomic_write was added for symmetry and was never used. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/6883)
2018-08-15Update code for the final RFC version of TLSv1.3 (RFC8446)Matt Caswell1-2/+1
Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6741)
2018-08-07man3/OPENSSL_LH_COMPFUNC.pod: clarifications and updates.Andy Polyakov1-16/+9
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6786)
2018-07-31Some protocol versions are build-timeRich Salz4-25/+14
Clarify docs to list that some protocol flags might not be available depending on how OpenSSL was build. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6816)
2018-07-31Deprecate the EC curve type specific functions in 1.2.0Matt Caswell2-5/+10
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6815)
2018-07-31Add documentation for the new non-curve type specific EC functionsMatt Caswell2-30/+77
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6815)
2018-07-28doc/BN_generate_prime: update doc about other callback valuesBeat Bolli1-1/+7
This here page only documents the callback values 0 to 2, but the callers of BN_generate_prime_ex() call it with the value 3. The list of manual pages in the SEE ALSO section was extended with the output from git grep BN_GENCB_call.*[3-9] while in the doc/man3 directory. Signed-off-by: Beat Bolli <dev@drbeat.li> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6802)
2018-07-26Fix inconsisten use of bit vs bitsKurt Roeckx1-2/+2
Reviewed-by: Tim Hudson <tjh@openssl.org> GH: #6794
2018-07-26Make number of Miller-Rabin tests for a prime tests depend on the security ↵Kurt Roeckx1-1/+11
level of the prime The old numbers where all generated for an 80 bit security level. But the number should depend on security level you want to reach. For bigger primes we want a higher security level and so need to do more tests. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> GH: #6075 Fixes: #6012
2018-07-23Add a note about aborts encountered while sending early_dataMatt Caswell1-0/+13
In some circumstances it is possible for a client to have a session reporting a max early data value that is greater than the server will support. In such cases the client could encounter an aborted connection. Fixes #6735 Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/6740)
2018-07-20const-ify some input SSL * argumentsBenjamin Kaduk1-3/+3
These tiny functions only read from the input SSL, and we are about to use them from functions that only have a const SSL* available, so propagate const a bit further. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6378)
2018-07-17Improve documentation about reading and writingKurt Roeckx6-50/+127
Reviewed-by: Matt Caswell <matt@openssl.org> GH: #6240
2018-07-13Documentation typo fix in BN_bn2bin.podAlexandre Perrin1-2/+2
Change the description for BN_hex2bn() so that it uses the same BIGNUM argument name as its prototype. CLA: trivial Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6712)
2018-07-06Document SSL_CTX_set_recv_max_early_data() etcMatt Caswell1-3/+30
Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6655)
2018-07-05Add missing include file to docRich Salz1-0/+2
Reported by Ingo Schwarze Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/6656)
2018-07-04Document more EVP_MD_CTX functionsRichard Levitte1-2/+50
Fixes #6644 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6645)
2018-07-03Fix some issues found by Denian's lintian toolRich Salz14-93/+101
Also fix some L<> labels and =item entries found while doing this. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6630)
2018-07-02Add the ability to configure anti-replay via SSL_CONFMatt Caswell2-0/+32
This also adds the ability to control this through s_server Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6469)
2018-07-02Document the new early data callback and optionMatt Caswell2-1/+45
Document SSL_OP_NO_ANTI_REPLAY and SSL_CTX_set_allow_early_data_cb() Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6469)
2018-06-27Modify the DEVRANDOM source so that the files are kept open persistently.Pauli1-1/+13
This allows operation inside a chroot environment without having the random device present. A new call, RAND_keep_random_devices_open(), has been introduced that can be used to control file descriptor use by the random seed sources. Some seed sources maintain open file descriptors by default, which allows such sources to operate in a chroot(2) jail without the associated device nodes being available. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/6432)
2018-06-26Document changes to SSL_OP_NO_TICKET for TLSv1.3Matt Caswell2-13/+41
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6563)
2018-06-23Fix prototype of ASN1_INTEGER_get and ASN1_INTEGER_setKurt Roeckx1-2/+2
The parameters where switched Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #6578
2018-06-23OpenSSL-II style for emacs: don't indent because of extern blockRichard Levitte1-0/+1
We don't want an indentation step inside a 'extern "C" {' .. '}' block. Apparently, cc-mode has a c-offsets-alist keyword to allow exactly this. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/6557)
2018-06-21add documentation for OCSP_basic_verify()David von Oheimb1-1/+29
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6227)
2018-06-21Fix spelling errors in documentation.Pauli4-9/+9
Also fix some clumsy wording. [skip_ci] Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6545)
2018-06-20Update copyright yearMatt Caswell6-6/+6
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6538)
2018-06-19Fix & update documentation about RAND_priv_bytes()Nicola Tuveri3-23/+75
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/6514)
2018-06-19Add EVP_PKEY_set_alias_typeJack Lloyd1-1/+15
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6443)
2018-06-18add 'unsupported cipher mode' diagnostics to evp_lib.c and genpkey.cDavid von Oheimb2-2/+3
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6217)
2018-06-15Repair broken C syntax (missing close parens) in a manual page.Eric S. Raymond1-5/+5
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6491)
2018-06-13Fix manpage problemsEric S. Raymond2-3/+1
CLA: trivial Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> GH: #6472
2018-06-13doc/man7/passphrase-encoding.pod: Make consistentRichard Levitte1-4/+4
The man name didn't match the file name, and some places had 'password' instead of 'pass phrase'. Fixes #6474 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6476)
2018-06-12Document return value of X509_add_extViktor Dukhovni1-2/+4
and also X509_delete_ext() Reviewed-by: Matt Caswell <matt@openssl.org>
generated by cgit v1.1 at 2024-07-13 12:59:40 +0000