diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/apps/asn1parse.pod | 2 | ||||
| -rw-r--r-- | doc/apps/ca.pod | 9 | ||||
| -rw-r--r-- | doc/apps/config.pod | 2 | ||||
| -rw-r--r-- | doc/apps/dgst.pod | 6 | ||||
| -rw-r--r-- | doc/apps/ecparam.pod | 12 | ||||
| -rw-r--r-- | doc/apps/enc.pod | 2 | ||||
| -rw-r--r-- | doc/apps/s_client.pod | 16 | ||||
| -rw-r--r-- | doc/apps/s_server.pod | 23 | ||||
| -rw-r--r-- | doc/crypto/ASN1_STRING_print_ex.pod | 6 | ||||
| -rw-r--r-- | doc/crypto/ERR_error_string.pod | 2 | ||||
| -rw-r--r-- | doc/crypto/EVP_BytesToKey.pod | 2 | ||||
| -rw-r--r-- | doc/crypto/SSLeay_version.pod | 74 | ||||
| -rw-r--r-- | doc/crypto/X509_NAME_print_ex.pod | 4 | ||||
| -rw-r--r-- | doc/crypto/des_modes.pod | 2 | ||||
| -rw-r--r-- | doc/ssl/SSL_shutdown.pod | 2 |
15 files changed, 24 insertions, 140 deletions
diff --git a/doc/apps/asn1parse.pod b/doc/apps/asn1parse.pod index 542d969066..e3462aabf1 100644 --- a/doc/apps/asn1parse.pod +++ b/doc/apps/asn1parse.pod @@ -165,7 +165,7 @@ Example config file: =head1 BUGS -There should be options to change the format of output lines. The output of some +There should be options to change the format of input lines. The output of some ASN.1 types is not well handled (if at all). =cut diff --git a/doc/apps/ca.pod b/doc/apps/ca.pod index 5db7d9441c..d0a7703e61 100644 --- a/doc/apps/ca.pod +++ b/doc/apps/ca.pod @@ -585,7 +585,8 @@ if corrupted it can be difficult to fix. It is theoretically possible to rebuild the index file from all the issued certificates and a current CRL: however there is no option to do this. -V2 CRL features like delta CRLs are not currently supported. +V2 CRL features like delta CRL support and CRL numbers are not currently +supported. Although several requests can be input and handled at once it is only possible to include one SPKAC or self signed certificate. @@ -596,6 +597,12 @@ The use of an in memory text database can cause problems when large numbers of certificates are present because, as the name implies the database has to be kept in memory. +It is not possible to certify two certificates with the same DN: this +is a side effect of how the text database is indexed and it cannot easily +be fixed without introducing other problems. Some S/MIME clients can use +two certificates with the same DN for separate signing and encryption +keys. + The B<ca> command really needs rewriting or the required functionality exposed at either a command or interface level so a more friendly utility (perl script or GUI) can handle things properly. The scripts B<CA.sh> and diff --git a/doc/apps/config.pod b/doc/apps/config.pod index ace34b62bd..2158cf4253 100644 --- a/doc/apps/config.pod +++ b/doc/apps/config.pod @@ -1,8 +1,6 @@ =pod -=for comment openssl_manual_section:5 - =head1 NAME config - OpenSSL CONF library configuration files diff --git a/doc/apps/dgst.pod b/doc/apps/dgst.pod index b0d198724c..1648742bcf 100644 --- a/doc/apps/dgst.pod +++ b/doc/apps/dgst.pod @@ -14,7 +14,6 @@ B<openssl> B<dgst> [B<-binary>] [B<-out filename>] [B<-sign filename>] -[B<-passin arg>] [B<-verify filename>] [B<-prverify filename>] [B<-signature filename>] @@ -60,11 +59,6 @@ filename to output to, or standard output by default. digitally sign the digest using the private key in "filename". -=item B<-passin arg> - -the private key password source. For more information about the format of B<arg> -see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. - =item B<-verify filename> verify the signature using the the public key in "filename". diff --git a/doc/apps/ecparam.pod b/doc/apps/ecparam.pod index 1a12105da7..2523a9b103 100644 --- a/doc/apps/ecparam.pod +++ b/doc/apps/ecparam.pod @@ -142,27 +142,27 @@ B<ecparam> can only create EC parameters from known (named) curves. To create EC parameters with the group 'prime192v1': - openssl ecparam -out ec_param.pem -name prime192v1 + openssl ec -out ec_param.pem -name prime192v1 To create EC parameters with explicit parameters: - openssl ecparam -out ec_param.pem -name prime192v1 -param_enc explicit + openssl ec -out ec_param.pem -name prime192v1 -param_enc explicit To validate given EC parameters: - openssl ecparam -in ec_param.pem -check + openssl ec -in ec_param.pem -check To create EC parameters and a private key: - openssl ecparam -out ec_key.pem -name prime192v1 -genkey + openssl ec -out ec_key.pem -name prime192v1 -genkey To change the point encoding to 'compressed': - openssl ecparam -in ec_in.pem -out ec_out.pem -conv_form compressed + openssl ec -in ec_in.pem -out ec_out.pem -conv_form compressed To print out the EC parameters to standard output: - openssl ecparam -in ec_param.pem -noout -text + openssl ec -in ec_param.pem -noout -text =head1 SEE ALSO diff --git a/doc/apps/enc.pod b/doc/apps/enc.pod index 18fe7c81c7..ddf081617f 100644 --- a/doc/apps/enc.pod +++ b/doc/apps/enc.pod @@ -86,7 +86,7 @@ versions of OpenSSL. Superseded by the B<-pass> argument. =item B<-kfile filename> read the password to derive the key from the first line of B<filename>. -This is for compatibility with previous versions of OpenSSL. Superseded by +This is for computability with previous versions of OpenSSL. Superseded by the B<-pass> argument. =item B<-S salt> diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod index e1e1ba9865..8d19079973 100644 --- a/doc/apps/s_client.pod +++ b/doc/apps/s_client.pod @@ -11,10 +11,7 @@ B<openssl> B<s_client> [B<-connect host:port>] [B<-verify depth>] [B<-cert filename>] -[B<-certform DER|PEM>] [B<-key filename>] -[B<-keyform DER|PEM>] -[B<-pass arg>] [B<-CApath directory>] [B<-CAfile filename>] [B<-reconnect>] @@ -60,24 +57,11 @@ then an attempt is made to connect to the local host on port 4433. The certificate to use, if one is requested by the server. The default is not to use a certificate. -=item B<-certform format> - -The certificate format to use: DER or PEM. PEM is the default. - =item B<-key keyfile> The private key to use. If not specified then the certificate file will be used. -=item B<-keyform format> - -The private format to use: DER or PEM. PEM is the default. - -=item B<-pass arg> - -the private key password source. For more information about the format of B<arg> -see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. - =item B<-verify depth> The verify depth to use. This specifies the maximum length of the diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod index 7c1a9581d9..1d21921e47 100644 --- a/doc/apps/s_server.pod +++ b/doc/apps/s_server.pod @@ -13,15 +13,9 @@ B<openssl> B<s_server> [B<-verify depth>] [B<-Verify depth>] [B<-cert filename>] -[B<-certform DER|PEM>] [B<-key keyfile>] -[B<-keyform DER|PEM>] -[B<-pass arg>] [B<-dcert filename>] -[B<-dcertform DER|PEM>] [B<-dkey keyfile>] -[B<-dkeyform DER|PEM>] -[B<-dpass arg>] [B<-dhparam filename>] [B<-nbio>] [B<-nbio_test>] @@ -76,24 +70,11 @@ certificate and some require a certificate with a certain public key type: for example the DSS cipher suites require a certificate containing a DSS (DSA) key. If not specified then the filename "server.pem" will be used. -=item B<-certform format> - -The certificate format to use: DER or PEM. PEM is the default. - =item B<-key keyfile> The private key to use. If not specified then the certificate file will be used. -=item B<-keyform format> - -The private format to use: DER or PEM. PEM is the default. - -=item B<-pass arg> - -the private key password source. For more information about the format of B<arg> -see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. - =item B<-dcert filename>, B<-dkey keyname> specify an additional certificate and private key, these behave in the @@ -105,10 +86,6 @@ and some a DSS (DSA) key. By using RSA and DSS certificates and keys a server can support clients which only support RSA or DSS cipher suites by using an appropriate certificate. -=item B<-dcertform format>, B<-dkeyform format>, B<-dpass arg> - -addtional certificate and private key format and passphrase respectively. - =item B<-nocert> if this option is set then no certificate is used. This restricts the diff --git a/doc/crypto/ASN1_STRING_print_ex.pod b/doc/crypto/ASN1_STRING_print_ex.pod index d662225b87..fbf9a1f141 100644 --- a/doc/crypto/ASN1_STRING_print_ex.pod +++ b/doc/crypto/ASN1_STRING_print_ex.pod @@ -30,8 +30,8 @@ with '.'. ASN1_STRING_print() is a legacy function which should be avoided in new applications. -Although there are a large number of options frequently B<ASN1_STRFLGS_RFC2253> is -suitable, or on UTF8 terminals B<ASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB>. +Although there are a large number of options frequently B<ASN1_STRFLAGS_RFC2253> is +suitable, or on UTF8 terminals B<ASN1_STRFLAGS_RFC2253 & ~ASN1_STRFLAGS_ESC_MSB>. The complete set of supported options for B<flags> is listed below. @@ -72,7 +72,7 @@ octet. If B<ASN1_STRFLGS_DUMP_ALL> is set then any type is dumped. Normally non character string types (such as OCTET STRING) are assumed to be -one byte per character, if B<ASN1_STRFLGS_DUMP_UNKNOWN> is set then they will +one byte per character, if B<ASN1_STRFLAGS_DUMP_UNKNOWN> is set then they will be dumped instead. When a type is dumped normally just the content octets are printed, if diff --git a/doc/crypto/ERR_error_string.pod b/doc/crypto/ERR_error_string.pod index cdfa7fe1fe..e01beb817a 100644 --- a/doc/crypto/ERR_error_string.pod +++ b/doc/crypto/ERR_error_string.pod @@ -11,7 +11,7 @@ error message #include <openssl/err.h> char *ERR_error_string(unsigned long e, char *buf); - void ERR_error_string_n(unsigned long e, char *buf, size_t len); + char *ERR_error_string_n(unsigned long e, char *buf, size_t len); const char *ERR_lib_error_string(unsigned long e); const char *ERR_func_error_string(unsigned long e); diff --git a/doc/crypto/EVP_BytesToKey.pod b/doc/crypto/EVP_BytesToKey.pod index d375c46e03..016381f3e9 100644 --- a/doc/crypto/EVP_BytesToKey.pod +++ b/doc/crypto/EVP_BytesToKey.pod @@ -60,7 +60,7 @@ EVP_BytesToKey() returns the size of the derived key in bytes. =head1 SEE ALSO L<evp(3)|evp(3)>, L<rand(3)|rand(3)>, -L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> +L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>, =head1 HISTORY diff --git a/doc/crypto/SSLeay_version.pod b/doc/crypto/SSLeay_version.pod deleted file mode 100644 index 1500c2af91..0000000000 --- a/doc/crypto/SSLeay_version.pod +++ /dev/null @@ -1,74 +0,0 @@ -=pod - -=head1 NAME - -SSLeay_version - retrieve version/build information about OpenSSL library - -=head1 SYNOPSIS - - #include <openssl/crypto.h> - - const char *SSLeay_version(int type); - -=head1 DESCRIPTION - -SSLeay_version() returns a pointer to a constant string describing the -version of the OpenSSL library or giving information about the library -build. - -The following B<type> values are supported: - -=over 4 - -=item SSLEAY_VERSION - -The version of the OpenSSL library including the release date. - -=item SSLEAY_CFLAGS - -The compiler flags set for the compilation process in the form -"compiler: ..." if available or "compiler: information not available" -otherwise. - -=item SSLEAY_BUILT_ON - -The date of the build process in the form "built on: ..." if available -or "built on: date not available" otherwise. - -=item SSLEAY_PLATFORM - -The "Configure" target of the library build in the form "platform: ..." -if available or "platform: information not available" otherwise. - -=item SSLEAY_DIR - -The "OPENSSLDIR" setting of the library build in the form "OPENSSLDIR: "..."" -if available or "OPENSSLDIR: N/A" otherwise. - -=back - -=head1 RETURN VALUES - -The following return values can occur: - -=over 4 - -=item "not available" - -An invalid value for B<type> was given. - -=item Pointer to constant string - -Textual description. - -=back - -=head1 SEE ALSO - -L<crypto(3)|crypto(3)> - -=head1 HISTORY - -B<SSLEAY_DIR> was added in OpenSSL 0.9.7. - -=cut diff --git a/doc/crypto/X509_NAME_print_ex.pod b/doc/crypto/X509_NAME_print_ex.pod index 919b908919..907c04f684 100644 --- a/doc/crypto/X509_NAME_print_ex.pod +++ b/doc/crypto/X509_NAME_print_ex.pod @@ -41,8 +41,8 @@ applications. Although there are a large number of possible flags for most purposes B<XN_FLAG_ONELINE>, B<XN_FLAG_MULTILINE> or B<XN_FLAG_RFC2253> will suffice. As noted on the L<ASN1_STRING_print_ex(3)|ASN1_STRING_print_ex(3)> manual page -for UTF8 terminals the B<ASN1_STRFLGS_ESC_MSB> should be unset: so for example -B<XN_FLAG_ONELINE & ~ASN1_STRFLGS_ESC_MSB> would be used. +for UTF8 terminals the B<ASN1_STRFLAGS_ESC_MSB> should be unset: so for example +B<XN_FLAG_ONELINE & ~ASN1_STRFLAGS_ESC_MSB> would be used. The complete set of the flags supported by X509_NAME_print_ex() is listed below. diff --git a/doc/crypto/des_modes.pod b/doc/crypto/des_modes.pod index 02664036fc..da75e8007d 100644 --- a/doc/crypto/des_modes.pod +++ b/doc/crypto/des_modes.pod @@ -1,7 +1,5 @@ =pod -=for comment openssl_manual_section:7 - =head1 NAME Modes of DES - the variants of DES and other crypto algorithms of OpenSSL diff --git a/doc/ssl/SSL_shutdown.pod b/doc/ssl/SSL_shutdown.pod index 89911acbca..6b5012be7a 100644 --- a/doc/ssl/SSL_shutdown.pod +++ b/doc/ssl/SSL_shutdown.pod @@ -38,7 +38,7 @@ behaviour. =over 4 =item When the application is the first party to send the "close notify" -alert, SSL_shutdown() will only send the alert and then set the +alert, SSL_shutdown() will only send the alert and the set the SSL_SENT_SHUTDOWN flag (so that the session is considered good and will be kept in cache). SSL_shutdown() will then return with 0. If a unidirectional shutdown is enough (the underlying connection shall be closed anyway), this |