Age | Commit message (Collapse) | Author |
|
The only support for SSLv2 left is receiving a SSLv2 compatible client hello.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
amounts of spaces.
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
The current documentation contains a bunch of spelling and grammar mistakes. I also
found it hard to understand some paragraphs, so here is my attempt to improve its
readability.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
PR#3612
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
|
|
wiki
Minor changes made by Matt Caswell
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
|
|
wiki
Minor changes made by Matt Caswell.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
|
|
Minor changes made by Matt Caswell.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
|
|
Fix CONF_load_modules to CONF_modules_load.
Document that it calls exit.
Advise against using it now.
Add an error print to stderr.
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Out is the buffer which needs to contain at least inl + cipher_block_size - 1 bytes. Outl
is just an int*.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
handling out of #ifndef OPENSSL_NO_DTLS1 section.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
If data is NULL, return the size needed to hold the
derived key. No other API to do this, so document
the behavior.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Document the new features
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
In addition to Matthias's change, I also added -n to
not remove links. And updated the manpage.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
The documentation is wrong about what happens when the
session cache fills up.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
pod2man now complains when item tags are not sequential.
Also complains about missing =back and other tags.
Silence the warnings; most were already done.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
The original RT request included a patch. By the time
we got around to doing it, however, the callback scheme
had changed. So I wrote a new function RSA_check_key_ex()
that uses the BN_GENCB callback. But thanks very much
to Vinet Sharma <vineet.sharma@gmail.com> for the
initial implementation.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
|
|
The function returns 0 or 1, only.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
|
|
i2d_re_X509_tbs re-encodes the TBS portion of the certificate.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
|
|
RT842, closed back in 2004, changed the default serial number
to be a random number rather than zero. Finally time to update
the doc
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Add .crt/.cer/.crl to the filenames parsed.
I also updated the podpage (since it didn't exist when
this ticket was first created, nor when it was re-created
seven years later).
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Re-order algorithm list.
Be consistent in command synopsis.
Add content about signing.
Add EXAMPLE section
Add some missing options: -r, -fips-fingerprint -non-fips-allow
Various other fixes.
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
|
Andy found an additional typo "can be can be".
Now I have that silly "Que sera sera" song stuck in my head.
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
|
Add the file written by James Westby, graciously contributed
under the terms of the OpenSSL license.
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
|
The doc says that port can be "*" to mean any port.
That's wrong.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
|
|
RT1665: aes documentation.
Paul Green wrote a nice aes.pod file.
But we now encourage the EVP interface.
So I took his RT item and used it as impetus to add
the AES modes to EVP_EncryptInit.pod
I also noticed that rc4.pod has spurious references to some other
cipher pages, so I removed them.
RT2300: Clean up MD history (merged into RT1665)
Put HISTORY section only in EVP_DigestInit.pod. Also add words
to discourage use of older cipher-specific API, and remove SEE ALSO
links that point to them.
Make sure digest pages have a NOTE that says use EVP_DigestInit.
Review feedback:
More cleanup in EVP_EncryptInit.pod
Fixed SEE ALSO links in ripemd160.pod, sha.pod, mdc2.pod, blowfish.pod,
rc4.d, and des.pod. Re-order sections in des.pod for consistency
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Also moved some options around so all the "verify" options.
are clumped together.
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
|
When d2i_ECPrivateKey reads a private key with a missing (optional) public key,
generate one automatically from the group and private key.
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
|
|
I also removed some trailing whitespace and cleaned
up the "see also" list.
Reviewed-by: Emilia Kasper <emilia@openssl.org>
|
|
The description of when the server creates a DH key is
confusing. This cleans it up.
(rsalz: also removed trailing whitespace.)
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
|
|
The EXAMPLE that used FILE and RC2 doesn't compile due to a
few minor errors. Tweak to use IDEA and AES-128. Remove
examples about RC2 and RC5.
Reviewed-by: Emilia Kasper <emilia@openssl.org>
|
|
This patch was submitted by user "Kox" via the wiki
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Clarify the intended use of EVP_PKEY_sign. Make the code example compile.
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
|
|
I also found a couple of others (padlock and signinit)
and fixed them.
Reviewed-by: Emilia Kasper <emilia@openssl.org>
|
|
The file param is "const char*" not "char*"
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
|
|
While RFC6367 focuses on Camellia-GCM cipher suites, it also adds a few
cipher suites that use SHA-2 based HMAC that can be very easily
added.
Tested against gnutls 3.3.5
PR#3443
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
In two OpenSSL manual pages, in the NAME section, the last word of the
name list is followed by a stray trailing comma. While this may seem
minor, it is worth fixing because it may confuse some makewhatis(8)
implementations.
While here, also add the missing word "size" to the one line
description in SSL_CTX_set_max_cert_list(3).
Reviewed by: Dr Stephen Henson <shenson@drh-consultancy.co.uk>
|
|
Update the dgst.pod page to include SHA224...512 algorithms.
Update apps/progs.pl to add them to the digest command table.
Reviewed-by: Tim Hudson <tjh@cryptosoft.com>
|
|
The x509_extensions should be req_extensions in the
config example in req.pod
Reviewed-by: tjh@cryptsoft.com
|
|
Reviewed-by: Emilia Kasper
Many of these were already fixed, this catches the last
few that were missed.
|
|
statement of opinion rather than a fact.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
PR#1675
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
PR#3456
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
to bring it up to date
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
PR#3452
|
|
Add description of the option to advertise support of
Next Protocol Negotiation extension (-nextprotoneg) to
man pages of s_client and s_server.
PR#3444
|