diff options
| author | Matt Caswell <matt@openssl.org> | 2018-04-30 12:05:42 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2018-05-01 14:20:31 +0100 |
| commit | b9f0d1832ce9224d437d5c0b537b4e4004adafb7 (patch) | |
| tree | 625d1e742e5ad598769a682d84bf30b67026a755 /doc | |
| parent | 85032506d6ac917130db3dfb7ecb76f4bfaa137e (diff) | |
Fix some errors and missing info in the CMS docs
Fixes #5063
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6136)
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/apps/cms.pod | 14 | ||||
| -rw-r--r-- | doc/crypto/CMS_encrypt.pod | 5 |
2 files changed, 9 insertions, 10 deletions
diff --git a/doc/apps/cms.pod b/doc/apps/cms.pod index 4a7783d47a..dd6ae6e11e 100644 --- a/doc/apps/cms.pod +++ b/doc/apps/cms.pod @@ -335,6 +335,9 @@ When encrypting a message this option may be used multiple times to specify each recipient. This form B<must> be used if customised parameters are required (for example to specify RSA-OAEP). +Only certificates carrying RSA, Diffie-Hellman or EC keys are supported by this +option. + =item B<-keyid> use subject key identifier to identify certificates instead of issuer name and @@ -648,17 +651,14 @@ No revocation checking is done on the signer's certificate. =head1 HISTORY The use of multiple B<-signer> options and the B<-resign> command were first -added in OpenSSL 1.0.0 - -The B<keyopt> option was first added in OpenSSL 1.1.0 +added in OpenSSL 1.0.0. -The use of B<-recip> to specify the recipient when encrypting mail was first -added to OpenSSL 1.1.0 +The B<keyopt> option was first added in OpenSSL 1.0.2. -Support for RSA-OAEP and RSA-PSS was first added to OpenSSL 1.1.0. +Support for RSA-OAEP and RSA-PSS was first added to OpenSSL 1.0.2. The use of non-RSA keys with B<-encrypt> and B<-decrypt> was first added -to OpenSSL 1.1.0. +to OpenSSL 1.0.2. The -no_alt_chains options was first added to OpenSSL 1.0.2b. diff --git a/doc/crypto/CMS_encrypt.pod b/doc/crypto/CMS_encrypt.pod index 1ee5b275ec..88e44d4453 100644 --- a/doc/crypto/CMS_encrypt.pod +++ b/doc/crypto/CMS_encrypt.pod @@ -18,9 +18,8 @@ B<cipher> is the symmetric cipher to use. B<flags> is an optional set of flags. =head1 NOTES -Only certificates carrying RSA keys are supported so the recipient certificates -supplied to this function must all contain RSA public keys, though they do not -have to be signed using the RSA algorithm. +Only certificates carrying RSA, Diffie-Hellman or EC keys are supported by this +function. EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use because most clients will support it. |