diff options
author | Tomas Mraz <tomas@openssl.org> | 2023-12-14 18:04:58 +0100 |
---|---|---|
committer | Dmitry Belyavskiy <beldmit@gmail.com> | 2024-03-06 10:42:05 +0100 |
commit | cd2cdb6158086c4904d186c718c887cc693b906d (patch) | |
tree | e975186f0b881ec1e8d8d1efb0a191cd710a4baa /doc | |
parent | 2b4cea1edfc0db486b3824ffbf3e520752ce05d1 (diff) |
Document that unknown groups and sigalgs marked with ? are ignored
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/23050)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/man3/SSL_CTX_set1_curves.pod | 6 | ||||
-rw-r--r-- | doc/man3/SSL_CTX_set1_sigalgs.pod | 11 |
2 files changed, 15 insertions, 2 deletions
diff --git a/doc/man3/SSL_CTX_set1_curves.pod b/doc/man3/SSL_CTX_set1_curves.pod index c26ef00306..f0566e148e 100644 --- a/doc/man3/SSL_CTX_set1_curves.pod +++ b/doc/man3/SSL_CTX_set1_curves.pod @@ -58,7 +58,8 @@ string B<list>. The string is a colon separated list of group names, for example are B<P-256>, B<P-384>, B<P-521>, B<X25519>, B<X448>, B<brainpoolP256r1tls13>, B<brainpoolP384r1tls13>, B<brainpoolP512r1tls13>, B<ffdhe2048>, B<ffdhe3072>, B<ffdhe4096>, B<ffdhe6144> and B<ffdhe8192>. Support for other groups may be -added by external providers. +added by external providers. If a group name is preceded with the C<?> +character, it will be ignored if an implementation is missing. SSL_set1_groups() and SSL_set1_groups_list() are similar except they set supported groups for the SSL structure B<ssl>. @@ -142,6 +143,9 @@ The curve functions were added in OpenSSL 1.0.2. The equivalent group functions were added in OpenSSL 1.1.1. The SSL_get_negotiated_group() function was added in OpenSSL 3.0.0. +Support for ignoring unknown groups in SSL_CTX_set1_groups_list() and +SSL_set1_groups_list() was added in OpenSSL 3.3. + =head1 COPYRIGHT Copyright 2013-2022 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man3/SSL_CTX_set1_sigalgs.pod b/doc/man3/SSL_CTX_set1_sigalgs.pod index eb31006346..5b7de7d956 100644 --- a/doc/man3/SSL_CTX_set1_sigalgs.pod +++ b/doc/man3/SSL_CTX_set1_sigalgs.pod @@ -33,7 +33,9 @@ signature algorithms for B<ctx> or B<ssl>. The B<str> parameter must be a null terminated string consisting of a colon separated list of elements, where each element is either a combination of a public key algorithm and a digest separated by B<+>, or a TLS 1.3-style named -SignatureScheme such as rsa_pss_pss_sha256. +SignatureScheme such as rsa_pss_pss_sha256. If a list entry is preceded +with the C<?> character, it will be ignored if an implementation is missing. + SSL_CTX_set1_client_sigalgs(), SSL_set1_client_sigalgs(), SSL_CTX_set1_client_sigalgs_list() and SSL_set1_client_sigalgs_list() set @@ -106,6 +108,13 @@ using a string: L<ssl(7)>, L<SSL_get_shared_sigalgs(3)>, L<SSL_CONF_CTX_new(3)> +=head1 HISTORY + +Support for ignoring unknown signature algorithms in +SSL_CTX_set1_sigalgs_list(), SSL_set1_sigalgs_list(), +SSL_CTX_set1_client_sigalgs_list() and SSL_set1_client_sigalgs_list() +was added in OpenSSL 3.3. + =head1 COPYRIGHT Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. |