summaryrefslogtreecommitdiff
path: root/doc
Commit message (Collapse)AuthorAgeFilesLines
* Update copyright yearMatt Caswell2018-05-2924-24/+24
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6371)
* ECDSA_SIG: add simple getters for commonly used struct membersDr. Matthias St. Pierre2018-05-281-2/+12
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6290)
* RSA: add simple getters for commonly used struct membersDr. Matthias St. Pierre2018-05-281-1/+21
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6290)
* DSA: add simple getters for commonly used struct membersDr. Matthias St. Pierre2018-05-281-2/+14
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6290)
* DH: fix: add simple getters for commonly used struct membersDr. Matthias St. Pierre2018-05-281-1/+5
| | | | | | | amends 6db7fadf0975 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6290)
* Improve the example getpass() implementation to show an error returnNick Mathewson2018-05-261-6/+5
| | | | | | | | | Also, modernize the code, so that it isn't trying to store a size_t into an int, and then check the int's sign. :/ Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6271)
* Update documentation for PEM callback: error is now -1.Nick Mathewson2018-05-261-1/+1
| | | | | | | | | | | | | | | | In previous versions of OpenSSL, the documentation for PEM_read_* said: The callback B<must> return the number of characters in the passphrase or 0 if an error occurred. But since c82c3462267afdbbaa5, 0 is now treated as a non-error return value. Applications that want to indicate an error need to return -1 instead. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6271)
* Add a sanity check on the length of pkeyutl inputsMatt Caswell2018-05-241-21/+26
| | | | | | | | | | When signing or verifying a file using pkeyutl the input is supposed to be a hash. Some algorithms sanity check the length of the input, while others don't and silently truncate. To avoid accidents we check that the length of the input looks sane. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6284)
* Skip CN DNS name constraint checks when not neededViktor Dukhovni2018-05-233-6/+24
| | | | | | | | | | | | | Only check the CN against DNS name contraints if the `X509_CHECK_FLAG_NEVER_CHECK_SUBJECT` flag is not set, and either the certificate has no DNS subject alternative names or the `X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT` flag is set. Add pertinent documentation, and touch up some stale text about name checks and DANE. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
* Allow the ca application to use EdDSAMatt Caswell2018-05-181-1/+2
| | | | | | | | | | | Using the ca application to sign certificates with EdDSA failed because it is not possible to set the digest to "null". This adds the capability and updates the documentation accordingly. Fixes #6201 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6286)
* DH: add simple getters for commonly used DH struct membersDr. Matthias St. Pierre2018-05-181-3/+17
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6273)
* Add documentation for the ability to control the number of ticketsMatt Caswell2018-05-171-0/+68
| | | | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5227)
* Allow configuation of the number of TLSv1.3 session tickets via SSL_CONFMatt Caswell2018-05-171-0/+2
| | | | | | | | Also allows the apps to set it. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5227)
* Link in passphrase-encoding(7) in relevant documentationRichard Levitte2018-05-1411-10/+60
| | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6179)
* Docs: add general document on how pass phrases are handledRichard Levitte2018-05-141-0/+182
| | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6179)
* Fix typo: 'is an error occurred' in documentationDr. Matthias St. Pierre2018-05-114-4/+4
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6229)
* Rework the decrypt ticket callbackMatt Caswell2018-05-111-47/+84
| | | | | | | | | | | Don't call the decrypt ticket callback if we've already encountered a fatal error. Do call it if we have an empty ticket present. Change the return code to have 5 distinct returns codes and separate it from the input status value. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6198)
* Document when a new session ticket gets created on resumptionMatt Caswell2018-05-111-0/+6
| | | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6198)
* Provide documentation for the -psk_session optionMatt Caswell2018-05-112-0/+14
| | | | | | | The s_client/s_server docs were missing documentation for this option. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6215)
* Fix typos in x509 documentationDr. Matthias St. Pierre2018-05-092-2/+2
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6207)
* ECDSA: remove nonce padding (delegated to EC_POINT_mul)Billy Brumley2018-05-091-3/+5
| | | | | | | | | | | | | | | | | | | * EC_POINT_mul is now responsible for constant time point multiplication (for single fixed or variable point multiplication, when the scalar is in the range [0,group_order), so we need to strip the nonce padding from ECDSA. * Entry added to CHANGES * Updated EC_POINT_mul documentation - Integrate existing EC_POINT_mul and EC_POINTs_mul entries in the manpage to reflect the shift in constant-time expectations when performing a single fixed or variable point multiplication; - Add documentation to ec_method_st to reflect the updated "contract" between callers and implementations of ec_method_st.mul. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6070)
* docs: Fix typo EVP_PKEY_new_id -> EVP_PKEY_CTX_new_idRichard Levitte2018-05-042-2/+2
| | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6177)
* Make X509_VERIFY_PARAM_get_hostflags() take a const argMatt Caswell2018-05-021-1/+1
| | | | | | | | Commit 5b748dea5 added this function which should have taken a const argument. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6154)
* Add some documentation for SSL_get_shared_ciphers()Matt Caswell2018-05-022-4/+22
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6113)
* Add a note about Nagle's algorithm on the SSL_connect man pageMatt Caswell2018-05-021-0/+15
| | | | | | | | Fixes #4237 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/6143)
* Add getter for X509_VERIFY_PARAM_get_hostflagsMatt Caswell2018-05-011-1/+11
| | | | | | | Fixes #5061 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6139)
* Clarify BN_mod_exp docsMatt Caswell2018-05-011-1/+3
| | | | | | | | | | Specifically this is not supported with an even modulus and BN_FLG_CONSTTIME. Fixes #5082 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6137)
* Fix some errors and missing info in the CMS docsMatt Caswell2018-05-012-11/+10
| | | | | | | Fixes #5063 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6134)
* Update copyright yearMatt Caswell2018-05-014-4/+4
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6145)
* Update version docsMatt Caswell2018-04-271-7/+6
| | | | | | | | | | Make it clear that you should not attempt to get the version before the first handshake is complete. Fixes #2893 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6013)
* Update the *use_certificate* docsMatt Caswell2018-04-261-0/+7
| | | | | | | | | | Note that calling the *use_certificate* functions will replace any existing certificate of the same type. The same thing applies for private keys. Fixes #2147 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6092)
* Fix documentation for the -showcerts s_client optionMatt Caswell2018-04-251-3/+5
| | | | | | | | | | This option shows the certificates as sent by the server. It is not the full verified chain. Fixes #4933 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6067)
* Document when a session gets removed from cacheMatt Caswell2018-04-241-0/+5
| | | | | | | | | | | Document the fact that if a session is not closed down cleanly then the session gets removed from the cache and marked as non-resumable. Fixes #4720 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6053)
* Improve backwards compat with 1.0.2 for ECDHParametersMatt Caswell2018-04-241-4/+0
| | | | | | | | | | | | | | In 1.0.2 you could configure automatic ecdh params by using the ECDHParameters config directive and setting it to the value "+Automatic" or just "Automatic". This is no longer required in 1.1.0+ but we still recognise the "+Automatic" keyword for backwards compatibility. However we did not recognise just "Automatic" without the leading "+" which is equally valid. This commit fixes that omission. Fixes #4113 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6035)
* Ensure the thread keys are always allocated in the same orderBernd Edlinger2018-04-201-3/+3
| | | | | | | | Fixes: #5899 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5911)
* Document supported digest functionsKurt Roeckx2018-04-191-8/+44
| | | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6024)
* Reflect special `DEFAULT` behavior in ciphers(1)Alois Mahdal2018-04-191-7/+8
| | | | | | | | | | | | Actual behavior of DEFAULT is different than currently described. Rather than actinf as cipher string, DEFAULT cannot be combined using logical operators, etc. Fixes #5420. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5428)
* correct spelling errors detected by Debian lintianA. Schulze2018-04-193-3/+3
| | | | | | | | CLA: trivial Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5801)
* Correct an ommission in the EVP_DigestSignInit docsMatt Caswell2018-04-191-1/+1
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5996)
* Clarify the configuration module in config.podBeat Bolli2018-04-181-2/+2
| | | | | | | | | Similar to 0652e8a7 ("Clarify default section in config.pod", 2018-04-12), reword a sentence to make it easier to parse. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5794)
* Update EVP_DigestSignInit() docsMatt Caswell2018-04-181-1/+48
| | | | | | | | | Explicitly state which digests can be used with which algorithms. Fixes #5854 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5992)
* Update fingerprints.txtMatt Caswell2018-04-171-4/+1
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5987)
* Update the info callback documentation for TLSv1.3Matt Caswell2018-04-171-7/+21
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5874)
* SSL_CTX_set_tlsext_ticket_key_cb.pod: fix error check of RAND_bytes() callDr. Matthias St. Pierre2018-04-171-1/+1
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5977)
* Update copyright yearRichard Levitte2018-04-177-7/+7
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5990)
* Revert "Add OPENSSL_VERSION_AT_LEAST"Dr. Matthias St. Pierre2018-04-162-11/+0
| | | | | | | | | | | | | | Fixes #5961 This reverts commit 3c5a61dd0f9d9a9eac098419bcaf47d1c296ca81. The macros OPENSSL_MAKE_VERSION() and OPENSSL_VERSION_AT_LEAST() contain errors and don't work as designed. Apart from that, their introduction should be held back until a decision has been mad about the future versioning scheme. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5968)
* Split the scrypt and RSA-PSS into man3 and man7 pagesRichard Levitte2018-04-135-110/+267
| | | | | | | | | | | | | | | | | | The scrypt and RSA-PSS documents were a mixture of section 3 and section 7 material. With pre-1.1.1 OpenSSL, this is understandable, since we had a different directory layout. With 1.1.1, we've moved to the typical man-page directory layout, and the documents need to be updated accordingly. Also, the scrypt document contained a description of EVP_PKEY_CTX_set1_pbe_pass(), which is a generic function rather than an scrypt specific function, and therefore should be documented separately. Fixes #5802 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5942)
* Docs for OpenSSL_init_crypto: there is no way to specify another fileRichard Levitte2018-04-131-4/+4
| | | | | | | | | | The documentation erroneously stated that one can change the default configuration file name. Fixes #5939 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5941)
* openssl rehash: document -compatRichard Levitte2018-04-121-0/+6
| | | | | | | Fixes #5902 Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5937)
* Clarify default section in config.podDaniel Bevenius2018-04-121-1/+1
| | | | | | | | | This is a minor update which hopefully makes these particular lines read a little easier. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5938)
View Lorry Controller Status