diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2012-11-17 00:21:34 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2012-11-17 00:21:34 +0000 |
commit | c7b7984ac914d33590dfe9e46e35336f5e4f723f (patch) | |
tree | 020e34767868fb626bd819c3dac213354729cc7d | |
parent | 3db935a9e5e62fcbde719b2a03ce8941bb13514a (diff) |
fix typos in SSL_CONF documentation
-rw-r--r-- | doc/ssl/SSL_CONF_CTX_new.pod | 3 | ||||
-rw-r--r-- | doc/ssl/SSL_CONF_CTX_set1_prefix.pod | 5 | ||||
-rw-r--r-- | doc/ssl/SSL_CONF_CTX_set_flags.pod | 7 | ||||
-rw-r--r-- | doc/ssl/SSL_CONF_argv.pod | 7 | ||||
-rw-r--r-- | doc/ssl/SSL_CONF_cmd.pod | 32 |
5 files changed, 30 insertions, 24 deletions
diff --git a/doc/ssl/SSL_CONF_CTX_new.pod b/doc/ssl/SSL_CONF_CTX_new.pod index 63fa8cf706..1ae4ac627e 100644 --- a/doc/ssl/SSL_CONF_CTX_new.pod +++ b/doc/ssl/SSL_CONF_CTX_new.pod @@ -13,7 +13,7 @@ SSL_CONF_CTX_new, SSL_CONF_CTX_free - SSL configuration allocation functions =head1 DESCRIPTION -The function SSL_CONF_CTX_new() allocates and initialised an B<SSL_CONF_CTX> +The function SSL_CONF_CTX_new() allocates and initialises an B<SSL_CONF_CTX> structure for use with the SSL_CONF functions. The function SSL_CONF_CTX_free() frees up the context B<cctx>. @@ -29,6 +29,7 @@ SSL_CONF_CTX_free() does not return a value. L<SSL_CONF_CTX_set_flags(3)|SSL_CONF_CTX_set_flags(3)>, L<SSL_CONF_CTX_set_ssl_ctx(3)|SSL_CONF_CTX_set_ssl_ctx(3)>, +L<SSL_CONF_CTX_set1_prefix(3)|SSL_CONF_CTX_set1_prefix(3)>, L<SSL_CONF_cmd(3)|SSL_CONF_cmd(3)>, L<SSL_CONF_cmd_argv(3)|SSL_CONF_cmd_argv(3)> diff --git a/doc/ssl/SSL_CONF_CTX_set1_prefix.pod b/doc/ssl/SSL_CONF_CTX_set1_prefix.pod index 92aed5e71f..3b165db89b 100644 --- a/doc/ssl/SSL_CONF_CTX_set1_prefix.pod +++ b/doc/ssl/SSL_CONF_CTX_set1_prefix.pod @@ -18,8 +18,8 @@ to B<prefix>. If B<prefix> is B<NULL> it is restored to the default value. =head1 NOTES Command prefixes alter the commands recognised by subsequent SSL_CTX_cmd() -calls. For example for files if the prefix "SSL" is set then command names -such as "SSLProtocol", "SSLOptions" etc are recognised instead of "Protocol" +calls. For example for files, if the prefix "SSL" is set then command names +such as "SSLProtocol", "SSLOptions" etc. are recognised instead of "Protocol" and "Options". Similarly for command lines if the prefix is "--ssl-" then "--ssl-no_tls1_2" is recognised instead of "-no_tls1_2". @@ -37,6 +37,7 @@ SSL_CONF_CTX_set1_prefix() returns 1 for success and 0 for failure. =head1 SEE ALSO L<SSL_CONF_CTX_new(3)|SSL_CONF_CTX_new(3)>, +L<SSL_CONF_CTX_set_flags(3)|SSL_CONF_CTX_set_flags(3)>, L<SSL_CONF_CTX_set_ssl_ctx(3)|SSL_CONF_CTX_set_ssl_ctx(3)>, L<SSL_CONF_cmd(3)|SSL_CONF_cmd(3)>, L<SSL_CONF_cmd_argv(3)|SSL_CONF_cmd_argv(3)> diff --git a/doc/ssl/SSL_CONF_CTX_set_flags.pod b/doc/ssl/SSL_CONF_CTX_set_flags.pod index ae0850f2ae..6f7bf11a8b 100644 --- a/doc/ssl/SSL_CONF_CTX_set_flags.pod +++ b/doc/ssl/SSL_CONF_CTX_set_flags.pod @@ -19,8 +19,8 @@ The function SSL_CONF_CTX_clear_flags() clears B<flags> in the context B<cctx>. =head1 NOTES -The flags how subsequent calls to SSL_CONF_set_cmd() or SSL_CONF_set_argv() -behave. +The flags set affect how subsequent calls to SSL_CONF_cmd() or +SSL_CONF_argv() behave. Currently the following B<flags> values are recognised: @@ -42,6 +42,8 @@ indicate errors relating to unrecognised options or missing arguments in the error queue. If this option isn't set such errors are only reflected in the return values of SSL_CONF_set_cmd() or SSL_CONF_set_argv() +=back + =head1 RETURN VALUES SSL_CONF_CTX_set_flags() and SSL_CONF_CTX_clear_flags() returns the new flags @@ -51,6 +53,7 @@ value after setting or clearing flags. L<SSL_CONF_CTX_new(3)|SSL_CONF_CTX_new(3)>, L<SSL_CONF_CTX_set_ssl_ctx(3)|SSL_CONF_CTX_set_ssl_ctx(3)>, +L<SSL_CONF_CTX_set1_prefix(3)|SSL_CONF_CTX_set1_prefix(3)>, L<SSL_CONF_cmd(3)|SSL_CONF_cmd(3)>, L<SSL_CONF_cmd_argv(3)|SSL_CONF_cmd_argv(3)> diff --git a/doc/ssl/SSL_CONF_argv.pod b/doc/ssl/SSL_CONF_argv.pod index 0796d4d477..1d4920610f 100644 --- a/doc/ssl/SSL_CONF_argv.pod +++ b/doc/ssl/SSL_CONF_argv.pod @@ -14,12 +14,13 @@ SSL_CONF_argv - SSL configuration command line processing. The function SSL_CONF_cmd_argv() processes at most two command line arguments from B<pargv> and B<pargc>. The values of B<pargv> and B<pargc> -are updated to reflect the number of command options procesed. +are updated to reflect the number of command options procesed. The B<pargc> +argument can be set to B<NULL> is it is not used. =head1 RETURN VALUES -SSL_CONF_cmd_argv() returns the number of command arguments processed: 0, 1 -or 2 or a negative error code. +SSL_CONF_cmd_argv() returns the number of command arguments processed: 0, 1, 2 +2 or a negative error code. If -2 is returned then an argument for a command is missing. diff --git a/doc/ssl/SSL_CONF_cmd.pod b/doc/ssl/SSL_CONF_cmd.pod index 874bd006c6..f853d12e8f 100644 --- a/doc/ssl/SSL_CONF_cmd.pod +++ b/doc/ssl/SSL_CONF_cmd.pod @@ -22,7 +22,7 @@ framework for configuration files or command line options. Currently supported B<cmd> names for configuration files (i.e. when the flag B<SSL_CONF_FLAG_FILE> is set) are listed below. All configuration file B<cmd> names and are case insensitive so B<signaturealgorithms> is recognised -as well as B<SignatureAlgorithms>. Unless otherwise states the B<value> names +as well as B<SignatureAlgorithms>. Unless otherwise stated the B<value> names are also case insensitive. Note: the command prefix (if set) alters the recognised B<cmd> values. @@ -32,7 +32,7 @@ Note: the command prefix (if set) alters the recognised B<cmd> values. =item B<CipherSuite> Sets the cipher suite list to B<value>. Note: syntax checking of B<value> is -currently not performed unless a B<SSL> or B<SSL_CTX> structure is +currently not performed unless an B<SSL> or B<SSL_CTX> structure is associated with B<cctx>. =item B<SignatureAlgorithms> @@ -55,7 +55,7 @@ OpenSSL library are permissible. This sets the supported signature algorithms associated with client authentication for TLS v1.2. For servers the value is used in the supported signature algorithms field of a certificate request. For clients it is -used to determine which signature algorithm to use for the client certificate. +used to determine which signature algorithm to with the client certificate. The syntax of B<value> is identical to B<SignatureAlgorithms>. If not set then the value set for B<SignatureAlgorithms> will be used instead. @@ -63,9 +63,9 @@ the value set for B<SignatureAlgorithms> will be used instead. =item B<Curves> This sets the supported elliptic curves. For servers the curves are -sent using the supported curves extension to TLS. For clients the it is used -to determine which curve to use. This affects curves used for both signatures -and key exchange. +sent using the supported curves extension for TLS v1.2. For clients it is used +to determine which curve to use. This setting affects curves used for both +signatures and key exchange, if applicable. The B<value> argument is a colon separated list of curves. The curve can be either the B<NIST> name (e.g. B<P-256>) or an OpenSSL OID name (e.g @@ -76,9 +76,9 @@ B<prime256v1>). Curve names are case sensitive. This sets the temporary curve used for ephemeral ECDH modes. The B<value> argument is a curve name or the special value B<Automatic> which -automatically picks an appropriate curve based on client and server -preferences. The curve can be either the B<NIST> name (e.g. B<P-256>) or an -OpenSSL OID name (e.g B<prime256v1>). Curve names are case sensitive. +picks an appropriate curve based on client and server preferences. The curve +can be either the B<NIST> name (e.g. B<P-256>) or an OpenSSL OID name +(e.g B<prime256v1>). Curve names are case sensitive. =item B<Protocol> @@ -87,9 +87,9 @@ The supported versions of the SSL or TLS protocol. The B<value> argument is a comma separated list of supported protocols to enable or disable. If an protocol is preceded by B<-> that version is disabled. All versions are enabled by default, though applications may choose to -explicitly disable some version. Currently supported protocol -values are B<SSLv2>, B<SSLv3>, B<TLSv1>, B<TLSv1.1> and B<TLSv1.2>. The -special value B<ALL> refers to all supported versions. +explicitly disable some. Currently supported protocol values are B<SSLv2>, +B<SSLv3>, B<TLSv1>, B<TLSv1.1> and B<TLSv1.2>. The special value B<ALL> refers +to all supported versions. =item B<Options> @@ -111,9 +111,9 @@ B<EmptyFragments>: use empty fragments as a countermeasure against a SSL 3.0/TLS 1.0 protocol vulnerability affecting CBC ciphers. It is set by default. Inverse of B<SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS>. -B<Bugs> enable various bug workarounds. Same as B<SSL_OP_ALL>. +B<Bugs>: enable various bug workarounds. Same as B<SSL_OP_ALL>. -B<DHSingle> enable single use DH keys, set by default. Inverse of +B<DHSingle>: enable single use DH keys, set by default. Inverse of B<SSL_OP_DH_SINGLE>. Only used by servers. B<ECDHSingle> enable single use ECDH keys, set by default. Inverse of @@ -138,7 +138,7 @@ Set by default. Currently supported B<cmd> names for command lines (i.e. when the flag B<SSL_CONF_CMDLINE> is set) are listed below. Note: all B<cmd> names and are case sensitive. Unless otherwise stated the B<value> parameter is -noh used. The default prefix for command line commands is B<-> and that is +not used. The default prefix for command line commands is B<-> and that is reflected below. =over 4 @@ -174,7 +174,7 @@ associated with B<cctx>. Disables protocol support for SSLv2, SSLv3, TLS 1.0, TLS 1.1 or TLS 1.2 by setting the corresponding options B<SSL_OP_NO_SSL2>, B<SSL_OP_NO_SSL3>, -B<SSL_OP_NO_TLS1> B<SSL_OP_NO_TLS1_1> and B<SSL_OP_NO_TLS1_2> respectively. +B<SSL_OP_NO_TLS1>, B<SSL_OP_NO_TLS1_1> and B<SSL_OP_NO_TLS1_2> respectively. =item B<-bugs> |