PR#3612
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit de87dd46c1283f899a9ecf4ccc72db74f36afbf2)
(cherry picked from commit 4d3df37bc7fd33d0bec5da04d2572caa0cdbab75)
Re-order algorithm list.
Be consistent in command synopsis.
Add content about signing.
Add EXAMPLE section
Add some missing options: -r, -fips-fingerprint -non-fips-allow
Various other fixes.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 6aa9dbab0f9b90060b7ee609b8c3c726ce4faf21)
Add the file written by James Westby, graciously contributed
under the terms of the OpenSSL license.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit cf2239b3b397174a8a6b1cc84ff68aba34ed5941)
Add description of the option to advertise support of
Next Protocol Negotiation extension (-nextprotoneg) to
man pages of s_client and s_server.
PR#3444
(cherry picked from commit 7efd0e777e65eaa6c60d85b1cc5c889f872f8fc4)
Conflicts:
doc/apps/s_server.pod
Backport of the patch:
add ECC strings to ciphers(1), point out difference between DH and ECDH
and few other changes applicable to the 1.0.1 code base.
* Make a clear distinction between DH and ECDH key exchange.
* Group all key exchange cipher suite identifiers, first DH then ECDH
* add descriptions for all supported *DH* identifiers
* add ECDSA authentication descriptions
* add example showing how to disable all suites that offer no
authentication or encryption
* backport listing of elliptic curve cipher suites.
* backport listing of TLS 1.2 cipher suites, add note that DH_RSA
and DH_DSS is not implemented in this version
* backport of description of PSK and listing of PSK cipher suites
* backport description of AES128, AES256 and AESGCM options
* backport description of CAMELLIA128, CAMELLIA256 options
the verify app man page didn't describe the usage of attime option
even though it was listed as a valid option in the -help message.
This patch fixes this omission.
Newer pod2man considers =item [1-9] part of a numbered list, while =item
0 starts an unnumbered list. Add a zero effect formatting mark to override
this.
doc/apps/smime.pod around line 315: Expected text after =item, not a
number
...
PR#3146
apps/pkcs12.c accepts -password as an argument. The document author
almost certainly meant to write "-password, -passin".
However, that is not correct, either. Actually the code treats
-password as equivalent to -passin, EXCEPT when -export is also
specified, in which case -password as equivalent to -passout.
(cherry picked from commit 856c6dfb09d69fc82ada2611c6cd792dfc60e355)
Submitted by: "Victor B. Wagner" <vitus@cryptocom.ru>
Approved by: steve@openssl.org
Document/clarify use of some options and include details of GOST algorihthm
usage.
Ignore self issued certificates when checking path length constraints.
Duplicate OIDs in policy tree in case they are allocated.
Use anyPolicy from certificate cache and not current tree level.
