Minor changes made by Matt Caswell
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 648495864513da788246f9b75dbbbce0614ed5e8)
Minor changes made by Matt Caswell.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit f281b8df704ce0123fa2193f2890a25da1756528)
Minor changes made by Matt Caswell.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 34890ac18eb5ee7bffe9d460480164e1546b491e)
Out is the buffer which needs to contain at least inl + cipher_block_size - 1 bytes. Outl
is just an int*.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit 5211e094dec9486a540ac480f345df1a8d2b2862)
see RT #3203
Future versions of OpenSSL use the canonical terms "ECDHE" and "DHE"
as configuration strings and compilation constants. This patch
introduces aliases so that the stable 1.0.2 branch can be
forward-compatible with code and configuration scripts that use the
normalized terms, while avoiding changing any library output for
stable users.
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
If data is NULL, return the size needed to hold the
derived key. No other API to do this, so document
the behavior.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 5aed169305941fb1eba15fd4bacc0f998b0e43f7)
i2d_re_X509_tbs re-encodes the TBS portion of the certificate.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
(cherry picked from commit 95b1752cc7531e4b609aea166f2db1c155ab5bdd)
In addition to Matthias's change, I also added -n to
not remove links. And updated the manpage.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit a787c2590e468585a1a19738e0c7f481ec91b762)
The documentation is wrong about what happens when the
session cache fills up.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit e9edfc419674f20b482a9beff9c246519f9c503e)
pod2man now complains when item tags are not sequential.
Also complains about missing =back and other tags.
Silence the warnings; most were already done.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit fe7573042fa7f406fedb78d959659b39a7a1dcfb)
The function returns 0 or 1, only.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit b0e659cfaca9ff4a481cc63b7f6b6e97303ad8fe)
RT842, closed back in 2004, changed the default serial number
to be a random number rather than zero. Finally time to update
the doc
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 3aba132d61baeecffb9a6f8da7d0809352cbfb2d)
Add .crt/.cer/.crl to the filenames parsed.
I also updated the podpage (since it didn't exist when
this ticket was first created, nor when it was re-created
seven years later).
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 80ec8d4e3ee212786dc3092b1c97305b871827f0)
Re-order algorithm list.
Be consistent in command synopsis.
Add content about signing.
Add EXAMPLE section
Add some missing options: -r, -fips-fingerprint -non-fips-allow
Various other fixes.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Add the file written by James Westby, graciously contributed
under the terms of the OpenSSL license.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit cf2239b3b397174a8a6b1cc84ff68aba34ed5941)
The doc says that port can be "*" to mean any port.
That's wrong.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 07e3b31fae98b985d3d2aad7066144b11833f688)
When d2i_ECPrivateKey reads a private key with a missing (optional) public key,
generate one automatically from the group and private key.
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
(cherry picked from commit ed383f847156940e93f256fed78599873a4a9b28)
I also removed some trailing whitespace and cleaned
up the "see also" list.
Reviewed-by: Emilia Kasper <emilia@openssl.org>
(cherry picked from commit 7b3e11c54466f1da8b707c932e308d345fd61101)
The description of when the server creates a DH key is
confusing. This cleans it up.
(rsalz: also removed trailing whitespace.)
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
The EXAMPLE that used FILE and RC2 doesn't compile due to a
few minor errors. Tweak to use IDEA and AES-128. Remove
examples about RC2 and RC5.
Reviewed-by: Emilia Kasper <emilia@openssl.org>
This patch was submitted by user "Kox" via the wiki
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 2dd8cb3b9593f528d9537aa6a003d5c93df1e3c5)
Clarify the intended use of EVP_PKEY_sign. Make the code example compile.
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
(cherry picked from commit d64c533a207f7b6d86c3bc8ffb053e5f4d0c1ca0)
statement of opinion rather than a fact.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit c8d133e4b6f1ed1b7ad3c1a6d2c62f460e26c050)
PR#3456
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit d48e78f0cf22aaddb563f4bcfccf25b1a45ac8a4)
Add description of the option to advertise support of
Next Protocol Negotiation extension (-nextprotoneg) to
man pages of s_client and s_server.
PR#3444
(cherry picked from commit 7efd0e777e65eaa6c60d85b1cc5c889f872f8fc4)
Reduces number of silly casts in OpenSSL code and likely most
applications. Consistent with (char *) for "peername" value from
X509_check_host() and X509_VERIFY_PARAM_get0_peername().
(cherry picked from commit 297c67fcd817ea643de2fdeff4e434b050d571e2)
Pass address of X509_VERIFY_PARAM_ID peername to X509_check_host().
Document modified interface.
(cherry picked from commit ced3d9158a7a8c676be504bb6cd3b5ffb7cc7f13)
ERR_get_error(3) references the non-existent
ERR_get_last_error_line_data instead of the one that does exist,
ERR_peek_last_error_line_data.
PR#3283
(cherry picked from commit 5cc99c6cf5e908df6b00b04af7f08e99c0698c7b)
IN parameter.
Under the old docs, the only thing stated was "at most
EVP_PKEY_size(pkey) bytes will be written". It was kind of misleading
since it appears EVP_PKEY_size(pkey) WILL be written regardless of the
signature's buffer size.
(cherry picked from commit 6e6ba36d980f67b6e5c7b139f78da7acbbf8ec76)
Update protocols supported and note that SSLv2 is effectively disabled
by default.
PR#3184
(cherry picked from commit 1b13a4f38dfc385d5e776f6b3e06c5795874cf9b)
Document that the certificate passed to SSL_CTX_add_extra_chain_cert()
should not be freed by the application.
PR#3409
(cherry picked from commit 0535c2d67ca2d684087ef90be35d5fb207aab227)
