diff options
author | Alok Menghrajani <alok@squareup.com> | 2015-04-13 09:48:06 -0700 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2015-05-03 08:52:11 -0400 |
commit | 5812e6f17571345d9e8449459572e540379002d5 (patch) | |
tree | a4a7e25e943126778ff4c8f693380ec516a3db0f /doc | |
parent | 4c583c36596cd86feebd983b0313733fe9870500 (diff) |
Fixes some typos in doc/ssl/
This is the last of Alok's PR260
Reviewed-by: Tim Hudson <tjh@openssl.org>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/ssl/SSL_CTX_set_cert_cb.pod | 2 | ||||
-rw-r--r-- | doc/ssl/SSL_CTX_set_security_level.pod | 2 | ||||
-rw-r--r-- | doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod | 26 |
3 files changed, 15 insertions, 15 deletions
diff --git a/doc/ssl/SSL_CTX_set_cert_cb.pod b/doc/ssl/SSL_CTX_set_cert_cb.pod index 141d828f5b..1677ff0724 100644 --- a/doc/ssl/SSL_CTX_set_cert_cb.pod +++ b/doc/ssl/SSL_CTX_set_cert_cb.pod @@ -43,7 +43,7 @@ SSL_add1_chain_cert(). It might also call SSL_certs_clear() to delete any certificates associated with the B<SSL> object. -The certificate callback functionality supercedes the (largely broken) +The certificate callback functionality supersedes the (largely broken) functionality provided by the old client certificate callback interface. It is B<always> called even is a certificate is already set so the callback can modify or delete the existing certificate. diff --git a/doc/ssl/SSL_CTX_set_security_level.pod b/doc/ssl/SSL_CTX_set_security_level.pod index d5d253920c..a8a7eccfdb 100644 --- a/doc/ssl/SSL_CTX_set_security_level.pod +++ b/doc/ssl/SSL_CTX_set_security_level.pod @@ -34,7 +34,7 @@ SSL_CTX_set_security_level, SSL_set_security_level, SSL_CTX_get_security_level, =head1 DESCRIPTION The functions SSL_CTX_set_security_level() and SSL_set_security_level() set -the security level to B<level>. If not set the libary default security level +the security level to B<level>. If not set the library default security level is used. The functions SSL_CTX_get_security_level() and SSL_get_security_level() diff --git a/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod b/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod index da0dd0f597..af203b81f0 100644 --- a/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod +++ b/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod @@ -15,7 +15,7 @@ SSL_CTX_set_tlsext_ticket_key_cb - set a callback for session ticket processing =head1 DESCRIPTION -SSL_CTX_set_tlsext_ticket_key_cb() sets a callback fuction I<cb> for handling +SSL_CTX_set_tlsext_ticket_key_cb() sets a callback function I<cb> for handling session tickets for the ssl context I<sslctx>. Session tickets, defined in RFC5077 provide an enhanced session resumption capability where the server implementation is not required to maintain per session state. It only applies @@ -40,13 +40,13 @@ The server, through the callback function, either agrees to reuse the session ticket information or it starts a full TLS handshake to create a new session ticket. -Before the callback function is started I<ctx> and I<hctx> have been +Before the callback function is started I<ctx> and I<hctx> have been initialised with EVP_CIPHER_CTX_init and HMAC_CTX_init respectively. For new sessions tickets, when the client doesn't present a session ticket, or -an attempted retreival of the ticket failed, or a renew option was indicated, +an attempted retrieval of the ticket failed, or a renew option was indicated, the callback function will be called with I<enc> equal to 1. The OpenSSL -library expects that the function will set an arbitary I<name>, initialize +library expects that the function will set an arbitrary I<name>, initialize I<iv>, and set the cipher context I<ctx> and the hash context I<hctx>. The I<name> is 16 characters long and is used as a key identifier. @@ -54,22 +54,22 @@ The I<name> is 16 characters long and is used as a key identifier. The I<iv> length is the length of the IV of the corresponding cipher. The maximum IV length is L<EVP_MAX_IV_LENGTH> bytes defined in B<evp.h>. -The initialization vector I<iv> should be a random value. The cipher context -I<ctx> should use the initialisation vector I<iv>. The cipher context can be +The initialization vector I<iv> should be a random value. The cipher context +I<ctx> should use the initialisation vector I<iv>. The cipher context can be set using L<EVP_EncryptInit_ex>. The hmac context can be set using L<HMAC_Init_ex>. When the client presents a session ticket, the callback function with be called -with I<enc> set to 0 indicating that the I<cb> function should retreive a set +with I<enc> set to 0 indicating that the I<cb> function should retrieve a set of parameters. In this case I<name> and I<iv> have already been parsed out of the session ticket. The OpenSSL library expects that the I<name> will be used to retrieve a cryptographic parameters and that the cryptographic context -I<ctx> will be set with the retreived parameters and the initialization vector +I<ctx> will be set with the retrieved parameters and the initialization vector I<iv>. using a function like L<EVP_DecryptInit_ex>. The I<hctx> needs to be set using L<HMAC_Init_ex>. If the I<name> is still valid but a renewal of the ticket is required the callback function should return 2. The library will call the callback again -with an arguement of enc equal to 1 to set the new ticket. +with an argument of enc equal to 1 to set the new ticket. The return value of the I<cb> function is used by OpenSSL to determine what further processing will occur. The following return values have meaning: @@ -92,7 +92,7 @@ continue on those parameters. =item Z<>0 This indicates that it was not possible to set/retrieve a session ticket and -the SSL/TLS session will continue by by negiotationing a set of cryptographic +the SSL/TLS session will continue by by negotiating a set of cryptographic parameters or using the alternate SSL/TLS resumption mechanism, session ids. If called with enc equal to 0 the library will call the I<cb> again to get @@ -107,10 +107,10 @@ This indicates an error. =head1 NOTES Session resumption shortcuts the TLS so that the client certificate -negiotation don't occur. It makes up for this by storing client certificate +negotiation don't occur. It makes up for this by storing client certificate an all other negotiated state information encrypted within the ticket. In a resumed session the applications will have all this state information available -exactly as if a full negiotation had occured. +exactly as if a full negotiation had occurred. If an attacker can obtain the key used to encrypt a session ticket, they can obtain the master secret for any ticket using that key and decrypt any traffic @@ -125,7 +125,7 @@ enable an attacker to obtain the session keys. =head1 EXAMPLES -Reference Implemention: +Reference Implementation: SSL_CTX_set_tlsext_ticket_key_cb(SSL,ssl_tlsext_ticket_key_cb); .... |