mirror of
https://github.com/openssl/openssl.git
synced 2024-12-15 04:53:52 +08:00
DANE documentation typos
Reported-by: Claus Assmann Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
parent
700b4a4ae7
commit
63b658341e
@ -41,7 +41,7 @@ to adjust the supported digest algorithms. This must be done before
|
|||||||
any SSL handles are created for the context.
|
any SSL handles are created for the context.
|
||||||
|
|
||||||
The B<mtype> argument specifies a DANE TLSA matching type and the
|
The B<mtype> argument specifies a DANE TLSA matching type and the
|
||||||
the B<md> argument specifies the associated digest algorithm handle.
|
B<md> argument specifies the associated digest algorithm handle.
|
||||||
The B<ord> argument specifies a strength ordinal. Algorithms with
|
The B<ord> argument specifies a strength ordinal. Algorithms with
|
||||||
a larger strength ordinal are considered more secure. Strength
|
a larger strength ordinal are considered more secure. Strength
|
||||||
ordinals are used to implement RFC7671 digest algorithm agility.
|
ordinals are used to implement RFC7671 digest algorithm agility.
|
||||||
@ -181,7 +181,7 @@ the lifetime of the SSL connection.
|
|||||||
}
|
}
|
||||||
|
|
||||||
ret = SSL_dane_tlsa_add(ssl, usage, selector, mtype, data, len);
|
ret = SSL_dane_tlsa_add(ssl, usage, selector, mtype, data, len);
|
||||||
/* free data as approriate */
|
/* free data as appropriate */
|
||||||
|
|
||||||
if (ret < 0)
|
if (ret < 0)
|
||||||
/* handle SSL library internal error */
|
/* handle SSL library internal error */
|
||||||
|
@ -35,7 +35,7 @@ that can match the peer's certificate. Any previous names set via
|
|||||||
SSL_set1_host() or SSL_add1_host() are retained, no change is made
|
SSL_set1_host() or SSL_add1_host() are retained, no change is made
|
||||||
if B<name> is NULL or empty. When multiple names are configured,
|
if B<name> is NULL or empty. When multiple names are configured,
|
||||||
the peer is considered verified when any name matches. This function
|
the peer is considered verified when any name matches. This function
|
||||||
is required for DANE TLA in the presence of service name indirection
|
is required for DANE TLSA in the presence of service name indirection
|
||||||
via CNAME, MX or SRV records as specified in RFC7671, RFC7672 or
|
via CNAME, MX or SRV records as specified in RFC7671, RFC7672 or
|
||||||
RFC7673.
|
RFC7673.
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user