summaryrefslogtreecommitdiffstats
path: root/doc
AgeCommit message (Collapse)Author
2015-01-06Only allow ephemeral RSA keys in export ciphersuites.Dr. Stephen Henson
OpenSSL clients would tolerate temporary RSA keys in non-export ciphersuites. It also had an option SSL_OP_EPHEMERAL_RSA which enabled this server side. Remove both options as they are a protocol violation. Thanks to Karthikeyan Bhargavan for reporting this issue. (CVE-2015-0204) Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 4b4c1fcc88aec8c9e001b0a0077d3cd4de1ed0e6) Conflicts: CHANGES doc/ssl/SSL_CTX_set_options.pod ssl/d1_srvr.c ssl/s3_srvr.c
2014-10-21Fix and improve SSL_MODE_SEND_FALLBACK_SCSV documentation.Bodo Moeller
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-10-15Add TLS_FALLBACK_SCSV documentation, and move s_client -fallback_scsvBodo Moeller
handling out of #ifndef OPENSSL_NO_DTLS1 section. Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-07-21Minor documentation update removing "really" and aTim Hudson
statement of opinion rather than a fact. Reviewed-by: Dr. Stephen Henson <steve@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit c8d133e4b6f1ed1b7ad3c1a6d2c62f460e26c050)
2014-07-19Fix documentation for RSA_set_method(3)Dr. Stephen Henson
PR#1675 Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 197400c3f0d617d71ad8167b52fb73046d334320)
2014-07-17Fix typo, add reference.Jeffrey Walton
PR#3456 Reviewed-by: Stephen Henson <steve@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit d48e78f0cf22aaddb563f4bcfccf25b1a45ac8a4)
2014-07-15Add Matt Caswell's fingerprint, and general update on the fingerprints file ↵Matt Caswell
to bring it up to date Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 3bd548192a03142c80cf8bc68659d79dea20a738)
2014-07-15Clarify -Verify and PSK.Dr. Stephen Henson
PR#3452 (cherry picked from commit ca2015a617842fed3d36ed4dcbbf8d5e27bc5216)
2014-07-06Update ticket callback docs.Dr. Stephen Henson
(cherry picked from commit a23a6e85d8dcd5733a343754f434201f3c9aa6f0)
2014-07-06Fixes for newer versions of pod2manMatt Caswell
2014-07-06Fixed error in pod files with latest versions of pod2manMatt Caswell
(cherry picked from commit 07255f0a76d9d349d915e14f969b9ff2ee0d1953)
2014-07-03More doc fixes.Dr. Stephen Henson
2014-07-03More bugfixes from the doc-fix merge; errors found by DrH, thanks.Rich Salz
2014-07-03Fix errors with last cherry-pick; SSL_CONF_* and s_clientRich Salz
-verify_return_error aren't in this release.
2014-07-03Merge branch 'rsalz-docfixes'Rich Salz
(cherry picked from commit b5071dc2f67d7667ab3cbbe50a30342f999b896a) Conflicts: doc/apps/s_client.pod doc/apps/verify.pod doc/apps/x509v3_config.pod doc/crypto/ASN1_generate_nconf.pod doc/ssl/SSL_CONF_CTX_set_ssl_ctx.pod doc/ssl/SSL_CONF_cmd.pod doc/ssl/SSL_CONF_cmd_argv.pod doc/ssl/SSL_CTX_set_cert_cb.pod doc/ssl/SSL_CTX_set_security_level.pod
2014-07-02Fix doc typo.Matt Smart
ERR_get_error(3) references the non-existent ERR_get_last_error_line_data instead of the one that does exist, ERR_peek_last_error_line_data. PR#3283 (cherry picked from commit 5cc99c6cf5e908df6b00b04af7f08e99c0698c7b)
2014-06-29Typo.Ken Ballou
PR#3173 (cherry picked from commit 76ed5a42ea68dd08bba44e4003b7e638e5d8a4a3)
2014-06-27Clarify docs.Jeffrey Walton
Document that the certificate passed to SSL_CTX_add_extra_chain_cert() should not be freed by the application. PR#3409 Add restrictions section present in other branches. (cherry picked from commit 86cac6d3b25342ff17a2b6564f7592fd7c6829e8)
2014-06-02ecdsa.pod: typo.Andy Polyakov
PR: 2678 Submitted by: Annie Yousar (cherry picked from commit d572544a2cccc9dad7afcef24de11232e5506c99)
2014-05-25Fixed error in args for SSL_set_msg_callback and SSL_set_msg_callback_argMatt Caswell
2014-05-21Change default cipher in smime app to des3.Dr. Stephen Henson
PR#3357 (cherry picked from commit ca3ffd9670f2b589bf8cc04923f953e06d6fbc58) Conflicts: doc/apps/smime.pod
2014-05-15Removed note in BUGS section about AEAD ciphers - inadvertently added to ↵Matt Caswell
wrong branch
2014-05-14Fix grammar error in verify pod. PR#3355Jeffrey Walton
2014-05-14Add information to BUGS section of enc documentation. PR#3354Jeffrey Walton
2014-05-14Corrected POD syntax errors. PR#3353Michal Bozon
2014-04-11Add new key fingerprint.Dr. Stephen Henson
(cherry picked from commit 3143a332e8f2f5ca1a6f0262a1a1a66103f2adf7)
2014-01-29Clarify docs.Dr. Stephen Henson
Remove reference to ERR_TXT_MALLOCED in the error library as that is only used internally. Indicate that returned error data must not be freed. (cherry picked from commit f2d678e6e89b6508147086610e985d4e8416e867)
2013-10-04Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X.Rob Stradling
OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
2013-08-20Correct ECDSA example.Dr. Stephen Henson
(cherry picked from commit 3a918ea2bbf4175d9461f81be1403d3781b2c0dc)
2013-02-15Fix POD errors to stop make install_docs dying with pod2man 2.5.0+Nick Alcock
podlators 2.5.0 has switched to dying on POD syntax errors. This means that a bunch of long-standing erroneous POD in the openssl documentation now leads to fatal errors from pod2man, halting installation. Unfortunately POD constraints mean that you have to sort numeric lists in ascending order if they start with 1: you cannot do 1, 0, 2 even if you want 1 to appear first. I've reshuffled such (alas, I wish there were a better way but I don't know of one).
2012-11-19correct docsDr. Stephen Henson
2012-05-04Correct environment variable is OPENSSL_ALLOW_PROXY_CERTS.Richard Levitte
2011-10-13Clarify warningBodo Möller
2010-12-02fix for CVE-2010-4180Dr. Stephen Henson
2010-10-04Minor documentation fixes, PR#2345Dr. Stephen Henson
2010-10-04Minor documentation fixes, PR#2344Dr. Stephen Henson
2010-05-03PR: 2252Dr. Stephen Henson
Submitted By: Ger Hobbelt <ger@hobbelt.com> Update docs to BIO_f_buffer()
2010-04-07Add SHA2 algorithms to SSL_library_init(). Although these aren't usedDr. Stephen Henson
directly by SSL/TLS SHA2 certificates are becoming more common and applications that only call SSL_library_init() and not OpenSSL_add_all_alrgorithms() will fail when verifying certificates. Update docs.
2010-04-06Remove obsolete PRNG note. Add comment about use of SHA256 et al.Dr. Stephen Henson
2010-04-06PR: 2209Dr. Stephen Henson
Submitted Daniel Mentz <danielml@sent.com> Documentation typo.
2010-03-28PR: 2083Dr. Stephen Henson
Submitted by: Mike Frysinger <vapier@gentoo.org> Add includes in synopsis, fix some indents. For some reason this never got applied to the 0.9.8-stable branch.
2010-02-23The meaning of the X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY andDr. Stephen Henson
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT error codes were reversed in the verify application documentation.
2010-02-18clarify documentationDr. Stephen Henson
2010-02-17Allow renegotiation if SSL_OP_LEGACY_SERVER_CONNECT is set as well asDr. Stephen Henson
initial connection to unpatched servers. There are no additional security concerns in doing this as clients don't see renegotiation during an attack anyway.
2010-02-12update references to new RI RFCDr. Stephen Henson
2010-01-27reword RI descriptionDr. Stephen Henson
2010-01-27update documentation to reflect new renegotiation optionsDr. Stephen Henson
2010-01-05TypoDr. Stephen Henson
2009-12-09clarify docsDr. Stephen Henson
2009-12-09Document option clearning functions.Dr. Stephen Henson
Initial secure renegotiation documentation.
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-12 00:30:30 +0000