Tolerate PKCS#8 DSA format with negative private key.

author: Dr. Stephen Henson <steve@openssl.org> 2010-01-22 20:17:30 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2010-01-22 20:17:30 +0000
commit: 1699389a4691ea94455ac73fda58b8be9c1f7708 (patch)
tree: b5340c0a4d5f6af37a683899a03e49725b9d4b31 /doc
parent: ad8ee3d7d19691362de56a334a9b6f1961b8cde9 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod
index 9331e67153..72ebcadfe6 100644
--- a/doc/ssl/SSL_CTX_set_options.pod
+++ b/doc/ssl/SSL_CTX_set_options.pod
@@ -247,7 +247,9 @@ If an unpatched client attempts to connect to a patched OpenSSL server then
 the attempt will succeed but renegotiation is not permitted. As required
 by the standard a B<no_renegotiation> alert is sent back to the client if
 the TLS v1.0 protocol is used. If SSLv3.0 is used then renegotiation results
-in a fatal B<handshake_failed> alert.
+in a fatal B<handshake_failed> alert. If the patched server attempts to
+renegotiate (existing applications which renegotiate may well do this) then
+a fatal B<handshake_failed> alert is sent.
 
 If a patched OpenSSL client attempts to connect to an unpatched server
 then the connection will fail because it is not possible to determine
author	Dr. Stephen Henson <steve@openssl.org>	2010-01-22 20:17:30 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2010-01-22 20:17:30 +0000
commit	1699389a4691ea94455ac73fda58b8be9c1f7708 (patch)
tree	b5340c0a4d5f6af37a683899a03e49725b9d4b31 /doc
parent	ad8ee3d7d19691362de56a334a9b6f1961b8cde9 (diff)