Age | Commit message (Collapse) | Author |
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1189)
|
|
Update script to look for period or POD markup in NAME section, and
fix them.
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Fix some code examples, trailing whitespace
Fix TBA sections in verify, remove others.
Remove empty sections
Use Mixed Case not ALL CAPS in head2
Enhance doc-nits script.
Remove extra =cut line
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Add doc-nit-check to help find future issues.
Make podchecker be almost clean.
Remove trailing whitespace.
Tab expansion
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Date: Tue Mar 15 15:19:44 2016 +0100
This commit updates the documentation of cms, ocsp, s_client,
s_server, and verify to reflect the new "-no_check_time"
option introduced in commit d35ff2c0ade0a12e84aaa2e9841b4983a2f3cf45
on 2015-07-31.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
A new X509_VERIFY_PARAM_set_auth_level() function sets the
authentication security level. For verification of SSL peers, this
is automatically set from the SSL security level. Otherwise, for
now, the authentication security level remains at (effectively) 0
by default.
The new "-auth_level" verify(1) option is available in all the
command-line tools that support the standard verify(1) options.
New verify(1) tests added to check enforcement of chain signature
and public key security levels. Also added new tests of enforcement
of the verify_depth limit.
Updated documentation.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
This was a developer debugging feature and was never a useful public
interface.
Added all missing X509 error codes to the verify(1) manpage, but
many still need a description beyond the associated text string.
Sorted the errors in x509_txt.c by error number.
Reviewed-by: Stephen Henson <steve@openssl.org>
|
|
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
This includes basic constraints, key usages, issuer EKUs and auxiliary
trust OIDs (given a trust suitably related to the intended purpose).
Added tests and updated documentation.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
|
|
It is sometimes useful (especially in automated tests) to supply
multiple trusted or untrusted certificates via separate files rather
than have to prepare a single file containing them all.
To that end, change verify(1) to accept these options zero or more
times. Also automatically set -no-CAfile and -no-CApath when
-trusted is specified.
Improve verify(1) documentation, which could still use some work.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
All instances of SSLeay (any combination of case) were replaced with
the case-equivalent OpenSSL.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
If something was "present in all versions" of SSLeay, or if it was
added to a version of SSLeay (and therefore predates OpenSSL),
remove mention of it. Documentation history now starts with OpenSSL.
Remove mention of all history before OpenSSL 0.9.8, inclusive.
Remove all AUTHOR sections.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Add documentation to all the appropriate apps for the new -no-CApath and
-no-CAfile options.
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
|
L<foo|foo> is sub-optimal If the xref is the same as the title,
which is what we do, then you only need L<foo>. This fixes all
1457 occurrences in 349 files. Approximately. (And pod used to
need both.)
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
|
|
The -show_chain flag to the verify command line app shows information about
the chain that has been built. This commit adds the text "untrusted" against
those certificates that have been used from the untrusted list.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Fills in a couple of verify options that were lacking documentation.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
https://github.com/openssl/openssl/pull/176 (CHANGES)
https://rt.openssl.org/Ticket/Display.html?id=3545 (objects.txt)
https://rt.openssl.org/Ticket/Display.html?id=3796 (verify.pod)
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
the X509_V_FLAG_NO_ALT_CHAINS flag.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
|
|
298 424 656 882 939 1630 1807 2263 2294 2311 2424 2623
2637 2686 2697 2921 2922 2940 3055 3112 3156 3177 3277
|
|
|
|
just making sure the options are listed in the alphabetical order
both in SYNOPSIS and DESCRIPTION, no text changes
|
|
The options related to policy used for verification, verification
of subject names in certificate and certificate chain handling
were missing in the verify(1) man page. This fixes this issue.
|
|
Add -trusted_first description to help messages and man pages
of tools that deal with certificate verification.
|
|
the verify app man page didn't describe the usage of attime option
even though it was listed as a valid option in the -help message.
This patch fixes this omission.
|
|
|
|
|
|
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT error codes were reversed in
the verify application documentation.
|
|
|
|
|
|
Ignore self issued certificates when checking path length constraints.
Duplicate OIDs in policy tree in case they are allocated.
Use anyPolicy from certificate cache and not current tree level.
|
|
Submitted by: Richard Hartmann <richih.mailinglist@gmail.com>
|
|
|
|
New option to verify program to print out diagnostics.
|
|
that this was actually the pkcs7 document...
|
|
|
|
could rename too :-(
|