mirrors/openssl
0
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-25 11:03:37 +08:00
Code Issues Packages Projects Releases Wiki Activity
12,177 Commits 33 Branches 385 Tags 435 MiB
8b5dd34091
Commit Graph

992 Commits

Author SHA1 Message Date
Viktor Dukhovni
b73ac02735 Improve X509_check_host() documentation. 
Based on feedback from Jeffrey Walton.
 2014-07-07 20:34:06 +10:00
Viktor Dukhovni
297c67fcd8 Update API to use (char *) for email addresses and hostnames 
Reduces number of silly casts in OpenSSL code and likely most
applications.  Consistent with (char *) for "peername" value from
X509_check_host() and X509_VERIFY_PARAM_get0_peername().
 2014-07-07 19:11:38 +10:00
Dr. Stephen Henson
cba3f1c739 Document certificate status request options. 2014-07-06 22:40:01 +01:00
Jeffrey Walton
75b7606881 Added reference to platform specific cryptographic acceleration such as AES-NI 2014-07-06 00:03:13 +01:00
Matt Caswell
fd9e244370 Fixed error in pod files with latest versions of pod2man 2014-07-06 00:03:13 +01:00
Viktor Dukhovni
ced3d9158a Set optional peername when X509_check_host() succeeds. 
Pass address of X509_VERIFY_PARAM_ID peername to X509_check_host().
Document modified interface.
 2014-07-06 01:50:50 +10:00
Viktor Dukhovni
6e661d458f New peername element in X509_VERIFY_PARAM_ID 
Declaration, memory management, accessor and documentation.
 2014-07-06 01:50:50 +10:00
Dr. Stephen Henson
a9661e45ac typo 
(cherry picked from commit 2cfbec1cae)
 2014-07-04 13:50:55 +01:00
Dr. Stephen Henson
b948ee27b0 Remove all RFC5878 code. 
Remove RFC5878 code. It is no longer needed for CT and has numerous bugs
 2014-07-04 13:26:35 +01:00
Dr. Stephen Henson
a23a6e85d8 Update ticket callback docs. 2014-07-03 14:50:08 +01:00
Rich Salz
538860a3ce RT 1638; EVP_*Final() should mention they no longer cleanup the ctx. 2014-07-02 23:38:34 -04:00
Rich Salz
fc1d88f02f Close a whole bunch of documentation-related tickets: 
298 424 656 882 939 1630 1807 2263 2294 2311 2424 2623
    2637 2686 2697 2921 2922 2940 3055 3112 3156 3177 3277
 2014-07-02 22:42:40 -04:00
Matt Smart
5cc99c6cf5 Fix doc typo. 
ERR_get_error(3) references the non-existent
ERR_get_last_error_line_data instead of the one that does exist,
ERR_peek_last_error_line_data.

PR#3283
 2014-07-02 03:43:42 +01:00
Rich Salz
762a44de59 RT 3245; it's "bitwise or" not "logical or" 2014-07-01 13:00:18 -04:00
Rich Salz
854dfcd859 Fix RT 3211; "and are" -->"are" 2014-07-01 12:55:32 -04:00
Rich Salz
7b1d946051 Fix RT 2567; typo in pkeyutl page. 2014-07-01 12:49:20 -04:00
Rich Salz
42b91f28a6 Fix RT 2430; typo's in ca.pod 2014-07-01 12:47:52 -04:00
Rich Salz
d7003c4d7d Fix RT 3193 2014-07-01 12:44:32 -04:00
Jeffrey Walton
6e6ba36d98 Clarified that the signature's buffer size, s, is not used as an 
IN parameter.

Under the old docs, the only thing stated was "at most
EVP_PKEY_size(pkey) bytes will be written". It was kind of misleading
since it appears EVP_PKEY_size(pkey) WILL be written regardless of the
signature's buffer size.
 2014-06-29 23:34:21 +01:00
Ken Ballou
76ed5a42ea Typo. 
PR#3173
 2014-06-29 13:38:55 +01:00
Dr. Stephen Henson
528b1f9a9f Clarify protocols supported. 
Update protocols supported and note that SSLv2 is effectively disabled
by default.

PR#3184
 2014-06-29 00:07:08 +01:00
Rich Salz
a0490e02c7 RT 487. Mention that generated primes are "at least" B<bits> long. 2014-06-27 15:59:08 -04:00
Jeffrey Walton
0535c2d67c Clarify docs. 
Document that the certificate passed to SSL_CTX_add_extra_chain_cert()
should not be freed by the application.

PR#3409
 2014-06-27 16:39:11 +01:00
Viktor Dukhovni
8abffa4a73 Multiple verifier reference identities. 
Implemented as STACK_OF(OPENSSL_STRING).
 2014-06-22 20:32:35 -04:00
Viktor Dukhovni
d241b80409 More complete X509_check_host documentation. 2014-06-22 19:50:02 -04:00
Matt Caswell
115e480924 Fix minor typos 2014-06-19 23:45:21 +01:00
Hubert Kario
e42d84be33 add references to verify(1) man page for args_verify() options 
cms, ocsp, s_client, s_server and smime tools also use args_verify()
for parsing options, that makes them most of the same options
verify tool does. Add those options to man pages and reference
their explanation in the verify man page.
 2014-06-19 23:09:21 +01:00
Hubert Kario
2866441a90 sort the options in verify man page alphabetically 
just making sure the options are listed in the alphabetical order
both in SYNOPSIS and DESCRIPTION, no text changes
 2014-06-19 23:09:21 +01:00
Hubert Kario
cd028c8e66 add description of missing options to verify man page 
The options related to policy used for verification, verification
of subject names in certificate and certificate chain handling
were missing in the verify(1) man page. This fixes this issue.
 2014-06-19 23:09:21 +01:00
Hubert Kario
ce21d108bd smime man page: add missing options in SYNOPSIS 
-CAfile and -CApath is documented in OPTIONS but is missing
in SYNOPSIS, add them there
 2014-06-19 23:09:21 +01:00
Hubert Kario
6d3d579367 Document -trusted_first option in man pages and help. 
Add -trusted_first description to help messages and man pages
of tools that deal with certificate verification.
 2014-06-19 23:09:21 +01:00
rfkrocktk
96fc4b7250 Added documentation for -iter for PKCS#8 2014-06-17 23:10:14 +01:00
Viktor Dukhovni
a09e4d24ad Client-side namecheck wildcards. 
A client reference identity of ".example.com" matches a server
certificate presented identity that is any sub-domain of "example.com"
(e.g. "www.sub.example.com).

With the X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS flag, it matches
only direct child sub-domains (e.g. "www.sub.example.com").
 2014-06-12 23:19:25 +01:00
Hubert Kario
343e5cf194 add ECC strings to ciphers(1), point out difference between DH and ECDH 
* Make a clear distinction between DH and ECDH key exchange.
 * Group all key exchange cipher suite identifiers, first DH then ECDH
 * add descriptions for all supported *DH* identifiers
 * add ECDSA authentication descriptions
 * add example showing how to disable all suites that offer no
   authentication or encryption
 2014-06-10 20:53:07 +01:00
Matt Caswell
fa6bb85ae0 Fixed minor duplication in docs 2014-06-07 12:30:18 +01:00
Dr. Stephen Henson
01f2f18f3c Option to disable padding extension. 
Add TLS padding extension to SSL_OP_ALL so it is used with other
"bugs" options and can be turned off.

This replaces SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG which is an ancient
option referring to SSLv2 and SSLREF.

PR#3336
 2014-06-01 18:15:21 +01:00
Hubert Kario
9ed03faac4 add description of -attime to man page 
the verify app man page didn't describe the usage of attime option
even though it was listed as a valid option in the -help message.

This patch fixes this omission.
 2014-05-30 23:26:35 +01:00
Hubert Kario
08bef7be1e add description of -no_ecdhe option to s_server man page 
While the -help message references this option, the man page
doesn't mention the -no_ecdhe option.
This patch fixes this omission.
 2014-05-30 22:59:43 +01:00
Matt Caswell
3d9243f1b6 Changed -strictpem to use PEM_read_bio 2014-05-26 23:31:37 +01:00
Matt Caswell
6b5c1d940b Added -strictpem parameter to enable processing of PEM files with data prior to the BEGIN marker 2014-05-26 17:24:11 +01:00
Matt Caswell
15658d0cbf Fixed error in args for SSL_set_msg_callback and SSL_set_msg_callback_arg 2014-05-25 23:45:12 +01:00
Martin Kaiser
189ae368d9 Add an NSS output format to sess_id to export to export the session id and the master key in NSS keylog format. PR#3352 2014-05-24 00:02:24 +01:00
Matt Caswell
085ccc542a Fixed minor copy&paste error, and stray space causing rendering problem 2014-05-22 00:07:35 +01:00
Matt Caswell
df24f29ae6 Fixed unterminated B tag, causing build to fail with newer pod2man versions 2014-05-22 00:00:23 +01:00
Viktor Dukhovni
397a8e747d Fixes to host checking. 
Fixes to host checking wild card support and add support for
setting host checking flags when verifying a certificate
chain.
 2014-05-21 11:31:28 +01:00
Dr. Stephen Henson
6f719f063c Change default cipher in smime app to des3. 
PR#3357
 2014-05-21 11:28:57 +01:00
Matt Caswell
d4b47504de Moved note about lack of support for AEAD modes out of BUGS section to SUPPORTED CIPHERS section (bug has been fixed, but still no support for AEAD) 2014-05-15 21:13:38 +01:00
Jeffrey Walton
2af071c0bc Fix grammar error in verify pod. PR#3355 2014-05-14 22:49:30 +01:00
Jeffrey Walton
18c4f522f4 Add information to BUGS section of enc documentation. PR#3354 2014-05-14 22:48:26 +01:00
Michal Bozon
ab6577a46e Corrected POD syntax errors. PR#3353 2014-05-14 21:07:51 +01:00