summaryrefslogtreecommitdiff
path: root/doc
Commit message (Collapse)AuthorAgeFilesLines
...
* Minor corrections for the RAND_DRBG API documentationDr. Matthias St. Pierre2018-04-113-11/+12
| | | | | | | | | - added some explaining text to a sentence that lost its context. - removed mention of per-ssl drbg - fix whitespace errors Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5804)
* Add a note and better error if using Ed25519/Ed448 in dgstMatt Caswell2018-04-061-1/+3
| | | | | | | Fixes #5873 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5880)
* Update the genpkey documentationMatt Caswell2018-04-051-81/+90
| | | | | | | Fixes #5739 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5800)
* Document the change in the previous commit about loading the config fileMatt Caswell2018-04-051-2/+4
| | | | | | | | | When libssl is initialised it will attempt to load any config file. This ensures any system_default configuration (as per https://github.com/openssl/openssl/pull/4848) is used. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5818)
* Don't use getenv for critical functions when run as setuid/setgidBernd Edlinger2018-04-043-0/+28
| | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5856)
* Fix some errors in the mem leaks docsMatt Caswell2018-04-031-6/+6
| | | | | | Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5794)
* Update copyright yearMatt Caswell2018-04-0311-11/+11
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5851)
* Documentation typo fix in EVP_EncryptInit.podAlexandre Perrin2018-04-021-1/+0
| | | | | | | | | | Remove duplicate declaration of `EVP_CIPHER_key_length` in the synopsis. CLA: trivial Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5792)
* fix typo in x509 documentationIllya Gerasymchuk2018-04-021-1/+1
| | | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5829)
* Update documentation on how to close a connectionKurt Roeckx2018-04-012-28/+46
| | | | | Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> GH: #5823
* Add documentation for the RAND_DRBG APIDr. Matthias St. Pierre2018-03-3015-115/+1062
| | | | | | | | | The RAND_DRBG API was added in PR #5462 and modified by PR #5547. This commit adds the corresponding documention. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5461)
* BIO_s_accept.pod: add documentation for the new macrosVitezslav Cizek2018-03-291-3/+15
| | | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/5007)
* Document BIO_{get,set}_conn_ip_family macros.Vitezslav Cizek2018-03-291-3/+13
| | | | | | | | | Add BIO_get_conn_ip_family and BIO_set_conn_ip_family macros to util/private.num and document them in BIO_s_connect.pod. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/5007)
* Update the BIO_s_connect documentation after the BIO refactoring.Vitezslav Cizek2018-03-291-17/+20
| | | | | | | | | The BIO was refactored in 417be660e1cd21a2ee085569ff98b0c4249b5416, but the manual wasn't fully updated to reflect some of the changes. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/5007)
* doc/man1/x509.pod: corrected "S/MIME signing" requirementsKonstantin Shemyak2018-03-271-2/+2
| | | | | | | | | | | | | When the "certificate purpose" is checked and KeyUsage extension is present, either 'digitalSignature' or 'nonRepudiation' is accepted. Manual page corrected to reflect the above. Signed-off-by: Konstantin Shemyak <konstantin@shemyak.com> Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5727)
* rand/randfile.c: permit non-regular files in RAND_load_file.Andy Polyakov2018-03-271-7/+3
| | | | | | | | | | | | Apparently applications rely on RAND_load_file's ability to work with non-regular files, customarily with /dev/urandom, so that the ban was not exactly appropriate. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5737)
* man3/OPENSSL_ia32cap.pod: update assembler version requirements.Andy Polyakov2018-03-221-2/+2
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* The default conv_form is uncompressedMatt Caswell2018-03-211-2/+2
| | | | | | | Fixes #5711 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5712)
* Document EC_POINT_get_affine_coordinates_*.David Benjamin2018-03-211-1/+4
| | | | | | | | | In particular, x and y may be NULL, as used in ecdsa_ossl.c. Make use of this in ecdh_ossl.c as well, to save an otherwise unnecessary temporary. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5532)
* Convert _meth_get_ functions to const gettersJack Bates2018-03-215-30/+30
| | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2181)
* Remove mention of link between message digests and public key algorithms.Pauli2018-03-212-10/+0
| | | | | | | | | | | | | | | The comment in EVP_DigestInit.pod is: > Returns the NID of the public key signing algorithm associated with this digest. For example EVP_sha1() is associated with RSA so this will return B<NID_sha1WithRSAEncryption>. Since digests and signature algorithms are no longer linked this function is only retained for compatibility reasons. I.e. there is no link anymore. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5682)
* Update copyright yearMatt Caswell2018-03-2027-27/+27
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5689)
* Apply system_default configuration on SSL_CTX_new().Tomas Mraz2018-03-192-1/+17
| | | | | | | | | When SSL_CTX is created preinitialize it with system default configuration from system_default section. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4848)
* Don't use a ssl specific DRBG anymoreKurt Roeckx2018-03-191-14/+0
| | | | | | | | | | | | Since the public and private DRBG are per thread we don't need one per ssl object anymore. It could also try to get entropy from a DRBG that's really from an other thread because the SSL object moved to an other thread. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5547)
* Fix bio callback backward compatibilityBernd Edlinger2018-03-191-7/+11
| | | | | | | | | | Don't pass a pointer to uninitialized processed value for BIO_CB_READ and BIO_CB_WRITE Check the correct cmd code in BIO_callback_ctrl Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5516)
* Document the replay protection capabilitiesMatt Caswell2018-03-191-8/+49
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5644)
* Fix miscellaneous typos in docs and sourceDr. Matthias St. Pierre2018-03-172-3/+3
| | | | | | | | | | - d2i_PKC8PrivateKey -> d2i_PKCS8PrivateKey - bechmark -> benchmark - ciperhsuite -> ciphersuite - EncyptedPreMasterSecret -> EncryptedPreMasterSecret Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5570)
* Allow multiple entries without a Subject even if unique_subject == yesMatt Caswell2018-03-151-0/+4
| | | | | | | | | | It is quite likely for there to be multiple certificates with empty subjects, which are still distinct because of subjectAltName. Therefore we allow multiple certificates with an empty Subject even if unique_subject is set to yes. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5444)
* Rename EVP_PKEY_new_private_key()/EVP_PKEY_new_public_key()Matt Caswell2018-03-155-38/+38
| | | | | | | | Renamed to EVP_PKEY_new_raw_private_key()/EVP_new_raw_public_key() as per feedback. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5520)
* Add functions for setting the new EVP_PKEY_ASN1_METHOD functionsMatt Caswell2018-03-151-2/+24
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5520)
* Expand the 25519/448 overview man pagesMatt Caswell2018-03-152-0/+20
| | | | | | | Include more information about how to create keys for these algorithms. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5520)
* Add documentation for the newly added EVP_PKEY_new*() functionsMatt Caswell2018-03-152-13/+79
| | | | | | | Also adds some documentation for related existing functions/macros Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5520)
* Add documentation for TLSv1.3 ciphersuite configurationMatt Caswell2018-03-146-30/+129
| | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5392)
* Introduce SSL_CTX_set_stateless_cookie_{generate,verify}_cbBenjamin Saunders2018-03-122-2/+61
| | | | | | | | | | These functions are similar to SSL_CTX_set_cookie_{generate,verify}_cb, but used for the application-controlled portion of TLS1.3 stateless handshake cookies rather than entire DTLSv1 cookies. Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5463)
* Session Ticket app dataTodd Short2018-03-121-0/+149
| | | | | | | | Adds application data into the encrypted session ticket Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3802)
* Fix propotype to include the const qualifierKurt Roeckx2018-03-111-7/+7
| | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> GH: #5582
* Fixed a handful of typosAlex Gaynor2018-03-107-10/+10
| | | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5583)
* Document more X509_STORE functionsBenjamin Kaduk2018-03-091-0/+100
| | | | | | | | | | | | | | X509_STORE_set_verify_cb_func.pod has documentation for various callbacks and function pointers that can be set and retrieved, but neither it nor X509_STORE_new has much documentation for the actual purpose and usage of X509_STORE objects. Remedy this disparity with new documentation for adding certificates and CRLs, expected usage, and for modifying the default verifification behavior. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3958)
* Fix doc-nitsBen Kaduk2018-03-091-1/+1
| | | | | | | | Remove a space from a whitespace-only line. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5575)
* Add SSL/SSL_CTX_use_cert_and_key()Todd Short2018-03-092-2/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add functions that will do the work of assigning certificate, privatekey and chain certs to an SSL or SSL_CTX. If no privatekey is given, use the publickey. This will permit the keys to pass validation for both ECDSA and RSA. If a private key has already been set for the certificate, it is discarded. A real private key can be set later. This is an all-or-nothing setting of these parameters. Unlike the SSL/SSL_CTX_use_certificate() and SSL/SSL_CTX_use_PrivateKey() functions, the existing cert or privatekey is not modified (i.e. parameters copied). This permits the existing cert/privatekey to be replaced. It replaces the sequence of: * SSL_use_certificate() * SSL_use_privatekey() * SSL_set1_chain() And may actually be faster, as multiple checks are consolidated. The private key can be NULL, if so an ENGINE module needs to contain the actual private key that is to be used. Note that ECDH (using the certificate's ECDSA key) ciphers do not work without the private key being present, based on how the private key is used in ECDH. ECDH does not offer PFS; ECDHE ciphers should be used instead. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/1130)
* Fixed a spelling mistake in ASN1_TIME_set.podAlex Gaynor2018-03-091-1/+1
| | | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5569)
* Give more information in the SSL_stateless return codeMatt Caswell2018-03-091-2/+3
| | | | | | | | | | Allow users to distinguish between an error occurring and an HRR being issued. Fixes #5549 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5562)
* Update documentation for the new PSK behaviourMatt Caswell2018-03-092-58/+78
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5554)
* Fixed several readability issues in DH_generate_parameters.podAlex Gaynor2018-03-081-4/+4
| | | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5553)
* Corrected two typos in a man pageAlex Gaynor2018-03-071-2/+2
| | | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5542)
* Implement multi-process OCSP responder.Viktor Dukhovni2018-03-071-1/+17
| | | | | | | | | | With "-multi" the OCSP responder forks multiple child processes, and respawns them as needed. This can be used as a long-running service, not just a demo program. Therefore the index file is automatically re-read when changed. The responder also now optionally times out client requests. Reviewed-by: Matt Caswell <matt@openssl.org>
* BIO_s_mem.pod: fix indirection for out parameter **ppDr. Matthias St. Pierre2018-03-071-2/+2
| | | | | | | BIO_get_mem_data() and BIO_get_mem_ptr() assign to *pp, not pp Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5544)
* Fix a typo in the s_client man pageAlex Gaynor2018-03-061-2/+2
| | | | | | Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5525)
* Add support for .include directive in config filesTomas Mraz2018-03-051-0/+18
| | | | | | | | | | Either files or directories of *.cnf or *.conf files can be included. Recursive inclusion of directories is not supported. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5351)
* Fixed a typo in a man pageAlex Gaynor2018-03-041-1/+1
| | | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5508)
View Lorry Controller Status