generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
12,959 Commits 16 Branches 258 Tags
Commit Graph

1075 Commits

Author SHA1 Message Date
Rich Salz
d7003c4d7d Fix RT 3193 2014-07-01 12:44:32 -04:00
Jeffrey Walton
6e6ba36d98 Clarified that the signature's buffer size, s, is not used as an 
IN parameter.

Under the old docs, the only thing stated was "at most
EVP_PKEY_size(pkey) bytes will be written". It was kind of misleading
since it appears EVP_PKEY_size(pkey) WILL be written regardless of the
signature's buffer size.
 2014-06-29 23:34:21 +01:00
Ken Ballou
76ed5a42ea Typo. 
PR#3173
 2014-06-29 13:38:55 +01:00
Dr. Stephen Henson
528b1f9a9f Clarify protocols supported. 
Update protocols supported and note that SSLv2 is effectively disabled
by default.

PR#3184
 2014-06-29 00:07:08 +01:00
Rich Salz
a0490e02c7 RT 487. Mention that generated primes are "at least" B<bits> long. 2014-06-27 15:59:08 -04:00
Jeffrey Walton
0535c2d67c Clarify docs. 
Document that the certificate passed to SSL_CTX_add_extra_chain_cert()
should not be freed by the application.

PR#3409
 2014-06-27 16:39:11 +01:00
Viktor Dukhovni
8abffa4a73 Multiple verifier reference identities. 
Implemented as STACK_OF(OPENSSL_STRING).
 2014-06-22 20:32:35 -04:00
Viktor Dukhovni
d241b80409 More complete X509_check_host documentation. 2014-06-22 19:50:02 -04:00
Matt Caswell
115e480924 Fix minor typos 2014-06-19 23:45:21 +01:00
Hubert Kario
e42d84be33 add references to verify(1) man page for args_verify() options 
cms, ocsp, s_client, s_server and smime tools also use args_verify()
for parsing options, that makes them most of the same options
verify tool does. Add those options to man pages and reference
their explanation in the verify man page.
 2014-06-19 23:09:21 +01:00
Hubert Kario
2866441a90 sort the options in verify man page alphabetically 
just making sure the options are listed in the alphabetical order
both in SYNOPSIS and DESCRIPTION, no text changes
 2014-06-19 23:09:21 +01:00
Hubert Kario
cd028c8e66 add description of missing options to verify man page 
The options related to policy used for verification, verification
of subject names in certificate and certificate chain handling
were missing in the verify(1) man page. This fixes this issue.
 2014-06-19 23:09:21 +01:00
Hubert Kario
ce21d108bd smime man page: add missing options in SYNOPSIS 
-CAfile and -CApath is documented in OPTIONS but is missing
in SYNOPSIS, add them there
 2014-06-19 23:09:21 +01:00
Hubert Kario
6d3d579367 Document -trusted_first option in man pages and help. 
Add -trusted_first description to help messages and man pages
of tools that deal with certificate verification.
 2014-06-19 23:09:21 +01:00
rfkrocktk
96fc4b7250 Added documentation for -iter for PKCS#8 2014-06-17 23:10:14 +01:00
Viktor Dukhovni
a09e4d24ad Client-side namecheck wildcards. 
A client reference identity of ".example.com" matches a server
certificate presented identity that is any sub-domain of "example.com"
(e.g. "www.sub.example.com).

With the X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS flag, it matches
only direct child sub-domains (e.g. "www.sub.example.com").
 2014-06-12 23:19:25 +01:00
Hubert Kario
343e5cf194 add ECC strings to ciphers(1), point out difference between DH and ECDH 
* Make a clear distinction between DH and ECDH key exchange.
 * Group all key exchange cipher suite identifiers, first DH then ECDH
 * add descriptions for all supported *DH* identifiers
 * add ECDSA authentication descriptions
 * add example showing how to disable all suites that offer no
   authentication or encryption
 2014-06-10 20:53:07 +01:00
Matt Caswell
fa6bb85ae0 Fixed minor duplication in docs 2014-06-07 12:30:18 +01:00
Dr. Stephen Henson
01f2f18f3c Option to disable padding extension. 
Add TLS padding extension to SSL_OP_ALL so it is used with other
"bugs" options and can be turned off.

This replaces SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG which is an ancient
option referring to SSLv2 and SSLREF.

PR#3336
 2014-06-01 18:15:21 +01:00
Hubert Kario
9ed03faac4 add description of -attime to man page 
the verify app man page didn't describe the usage of attime option
even though it was listed as a valid option in the -help message.

This patch fixes this omission.
 2014-05-30 23:26:35 +01:00
Hubert Kario
08bef7be1e add description of -no_ecdhe option to s_server man page 
While the -help message references this option, the man page
doesn't mention the -no_ecdhe option.
This patch fixes this omission.
 2014-05-30 22:59:43 +01:00
Matt Caswell
3d9243f1b6 Changed -strictpem to use PEM_read_bio 2014-05-26 23:31:37 +01:00
Matt Caswell
6b5c1d940b Added -strictpem parameter to enable processing of PEM files with data prior to the BEGIN marker 2014-05-26 17:24:11 +01:00
Matt Caswell
15658d0cbf Fixed error in args for SSL_set_msg_callback and SSL_set_msg_callback_arg 2014-05-25 23:45:12 +01:00
Martin Kaiser
189ae368d9 Add an NSS output format to sess_id to export to export the session id and the master key in NSS keylog format. PR#3352 2014-05-24 00:02:24 +01:00
Matt Caswell
085ccc542a Fixed minor copy&paste error, and stray space causing rendering problem 2014-05-22 00:07:35 +01:00
Matt Caswell
df24f29ae6 Fixed unterminated B tag, causing build to fail with newer pod2man versions 2014-05-22 00:00:23 +01:00
Viktor Dukhovni
397a8e747d Fixes to host checking. 
Fixes to host checking wild card support and add support for
setting host checking flags when verifying a certificate
chain.
 2014-05-21 11:31:28 +01:00
Dr. Stephen Henson
6f719f063c Change default cipher in smime app to des3. 
PR#3357
 2014-05-21 11:28:57 +01:00
Matt Caswell
d4b47504de Moved note about lack of support for AEAD modes out of BUGS section to SUPPORTED CIPHERS section (bug has been fixed, but still no support for AEAD) 2014-05-15 21:13:38 +01:00
Jeffrey Walton
2af071c0bc Fix grammar error in verify pod. PR#3355 2014-05-14 22:49:30 +01:00
Jeffrey Walton
18c4f522f4 Add information to BUGS section of enc documentation. PR#3354 2014-05-14 22:48:26 +01:00
Michal Bozon
ab6577a46e Corrected POD syntax errors. PR#3353 2014-05-14 21:07:51 +01:00
Jean-Paul Calderone
a4a442cccf Correct the return type on the signature for X509_STORE_CTX_get_ex_data given in the pod file. 2014-05-12 22:41:13 +01:00
Dr. Stephen Henson
89e674744d Correct example. 2014-05-12 18:41:52 +01:00
Matt Caswell
c4afc40a9b Fixed CRLF in file 2014-05-10 01:19:50 +01:00
Jeff Trawick
e5676b8328 typo in SSL_get_peer_cert_chain docs 
RT: 3304
 2014-05-01 13:40:01 +02:00
Matt Caswell
ba1cb9a553 Fix SSL_CONF_cmd missing =back 2014-04-27 18:57:34 +01:00
Matt Caswell
b5450d6349 Fixed minor errors in docs 2014-04-26 21:56:36 +01:00
Matt Caswell
6bcc4475fc PKCS5_PBKDF2_HMAC documentation submitted by Jeffrey Walton 2014-04-26 21:44:26 +01:00
Chris Rorvick
fa9d77dcd2 doc: Add missing =back directive. 
Signed-off-by: Chris Rorvick <chris@rorvick.com>
 2014-04-26 12:32:53 -05:00
mancha
8acb953880 Fix version documentation. 
Specify -f is for compilation flags. Add -d to synopsis section.

Closes #77.
 2014-04-26 08:09:53 +01:00
Dr. Stephen Henson
0dd5b94aeb Document -debug_decrypt option. 2014-04-16 12:15:43 +01:00
Dr. Stephen Henson
5f8e9a477a Clarify CMS_decrypt behaviour. 2014-04-15 18:17:12 +01:00
Dr. Stephen Henson
3143a332e8 Add new key fingerprint. 2014-04-11 02:50:51 +01:00
Dr. Stephen Henson
4e6c12f308 Document -verify_return_error option. 2014-04-07 13:02:39 +01:00
Dr. Stephen Henson
b7e46a9bce Update security framework docs. 2014-04-05 13:29:41 +01:00
Dr. Stephen Henson
dbb7654dc1 Document new crl option. 2014-04-03 13:33:50 +01:00
Dr. Stephen Henson
0f817d3b27 Add initial security framework docs. 2014-03-28 16:42:18 +00:00
Dr. Stephen Henson
f0ef019da2 Add -no_resumption_on_reneg to SSL_CONF. 
(cherry picked from commit 1f44dac24d1cb752b1a06be9091bb03a88a8598e)
 2014-03-27 16:12:40 +00:00