diff options
author | marha <marha@users.sourceforge.net> | 2013-02-13 09:48:21 +0100 |
---|---|---|
committer | marha <marha@users.sourceforge.net> | 2013-02-13 09:51:39 +0100 |
commit | aaf21968deb85b635cb6aa6544df233ea5981346 (patch) | |
tree | 450a73e83a174325e6a69ad69eb4011c2eb7df8c /openssl/doc | |
parent | 8add148a4cf71b8bdab05a6b7e14824b5062da5e (diff) | |
download | vcxsrv-aaf21968deb85b635cb6aa6544df233ea5981346.tar.gz vcxsrv-aaf21968deb85b635cb6aa6544df233ea5981346.tar.bz2 vcxsrv-aaf21968deb85b635cb6aa6544df233ea5981346.zip |
Update to following packages:
openssl-1.0.1e
freetype-2.4.11
Diffstat (limited to 'openssl/doc')
-rw-r--r-- | openssl/doc/apps/CA.pl.pod | 8 | ||||
-rw-r--r-- | openssl/doc/apps/verify.pod | 60 | ||||
-rw-r--r-- | openssl/doc/apps/x509.pod | 5 | ||||
-rw-r--r-- | openssl/doc/crypto/EVP_PKEY_CTX_ctrl.pod | 2 | ||||
-rw-r--r-- | openssl/doc/crypto/EVP_PKEY_decrypt.pod | 2 | ||||
-rw-r--r-- | openssl/doc/crypto/EVP_PKEY_derive.pod | 2 | ||||
-rw-r--r-- | openssl/doc/crypto/EVP_PKEY_encrypt.pod | 2 | ||||
-rw-r--r-- | openssl/doc/crypto/EVP_PKEY_get_default_digest.pod | 2 | ||||
-rw-r--r-- | openssl/doc/crypto/EVP_PKEY_keygen.pod | 2 | ||||
-rw-r--r-- | openssl/doc/crypto/EVP_PKEY_sign.pod | 2 | ||||
-rw-r--r-- | openssl/doc/crypto/EVP_PKEY_verify.pod | 2 | ||||
-rw-r--r-- | openssl/doc/crypto/EVP_PKEY_verify_recover.pod (renamed from openssl/doc/crypto/EVP_PKEY_verifyrecover.pod) | 22 |
12 files changed, 58 insertions, 53 deletions
diff --git a/openssl/doc/apps/CA.pl.pod b/openssl/doc/apps/CA.pl.pod index ed69952f3..d326101cd 100644 --- a/openssl/doc/apps/CA.pl.pod +++ b/openssl/doc/apps/CA.pl.pod @@ -39,13 +39,13 @@ prints a usage message. =item B<-newcert> -creates a new self signed certificate. The private key and certificate are -written to the file "newreq.pem". +creates a new self signed certificate. The private key is written to the file +"newkey.pem" and the request written to the file "newreq.pem". =item B<-newreq> -creates a new certificate request. The private key and request are -written to the file "newreq.pem". +creates a new certificate request. The private key is written to the file +"newkey.pem" and the request written to the file "newreq.pem". =item B<-newreq-nodes> diff --git a/openssl/doc/apps/verify.pod b/openssl/doc/apps/verify.pod index 336098f1e..da683004b 100644 --- a/openssl/doc/apps/verify.pod +++ b/openssl/doc/apps/verify.pod @@ -54,35 +54,37 @@ in PEM format concatenated together. =item B<-untrusted file> A file of untrusted certificates. The file should contain multiple certificates +in PEM format concatenated together. =item B<-purpose purpose> -the intended use for the certificate. Without this option no chain verification -will be done. Currently accepted uses are B<sslclient>, B<sslserver>, -B<nssslserver>, B<smimesign>, B<smimeencrypt>. See the B<VERIFY OPERATION> -section for more information. +The intended use for the certificate. If this option is not specified, +B<verify> will not consider certificate purpose during chain verification. +Currently accepted uses are B<sslclient>, B<sslserver>, B<nssslserver>, +B<smimesign>, B<smimeencrypt>. See the B<VERIFY OPERATION> section for more +information. =item B<-help> -prints out a usage message. +Print out a usage message. =item B<-verbose> -print extra information about the operations being performed. +Print extra information about the operations being performed. =item B<-issuer_checks> -print out diagnostics relating to searches for the issuer certificate -of the current certificate. This shows why each candidate issuer -certificate was rejected. However the presence of rejection messages -does not itself imply that anything is wrong: during the normal -verify process several rejections may take place. +Print out diagnostics relating to searches for the issuer certificate of the +current certificate. This shows why each candidate issuer certificate was +rejected. The presence of rejection messages does not itself imply that +anything is wrong; during the normal verification process, several +rejections may take place. =item B<-policy arg> -Enable policy processing and add B<arg> to the user-initial-policy-set -(see RFC3280 et al). The policy B<arg> can be an object name an OID in numeric -form. This argument can appear more than once. +Enable policy processing and add B<arg> to the user-initial-policy-set (see +RFC5280). The policy B<arg> can be an object name an OID in numeric form. +This argument can appear more than once. =item B<-policy_check> @@ -90,41 +92,40 @@ Enables certificate policy processing. =item B<-explicit_policy> -Set policy variable require-explicit-policy (see RFC3280 et al). +Set policy variable require-explicit-policy (see RFC5280). =item B<-inhibit_any> -Set policy variable inhibit-any-policy (see RFC3280 et al). +Set policy variable inhibit-any-policy (see RFC5280). =item B<-inhibit_map> -Set policy variable inhibit-policy-mapping (see RFC3280 et al). +Set policy variable inhibit-policy-mapping (see RFC5280). =item B<-policy_print> -Print out diagnostics, related to policy checking +Print out diagnostics related to policy processing. =item B<-crl_check> -Checks end entity certificate validity by attempting to lookup a valid CRL. +Checks end entity certificate validity by attempting to look up a valid CRL. If a valid CRL cannot be found an error occurs. =item B<-crl_check_all> Checks the validity of B<all> certificates in the chain by attempting -to lookup valid CRLs. +to look up valid CRLs. =item B<-ignore_critical> Normally if an unhandled critical extension is present which is not -supported by OpenSSL the certificate is rejected (as required by -RFC3280 et al). If this option is set critical extensions are -ignored. +supported by OpenSSL the certificate is rejected (as required by RFC5280). +If this option is set critical extensions are ignored. =item B<-x509_strict> -Disable workarounds for broken certificates which have to be disabled -for strict X.509 compliance. +For strict X.509 compliance, disable non-compliant workarounds for broken +certificates. =item B<-extended_crl> @@ -142,16 +143,15 @@ because it doesn't add any security. =item B<-> -marks the last option. All arguments following this are assumed to be +Indicates the last option. All arguments following this are assumed to be certificate files. This is useful if the first certificate filename begins with a B<->. =item B<certificates> -one or more certificates to verify. If no certificate filenames are included -then an attempt is made to read a certificate from standard input. They should -all be in PEM format. - +One or more certificates to verify. If no certificates are given, B<verify> +will attempt to read a certificate from standard input. Certificates must be +in PEM format. =back diff --git a/openssl/doc/apps/x509.pod b/openssl/doc/apps/x509.pod index 3002b0812..d2d9eb812 100644 --- a/openssl/doc/apps/x509.pod +++ b/openssl/doc/apps/x509.pod @@ -29,6 +29,7 @@ B<openssl> B<x509> [B<-purpose>] [B<-dates>] [B<-modulus>] +[B<-pubkey>] [B<-fingerprint>] [B<-alias>] [B<-noout>] @@ -135,6 +136,10 @@ section for more information. this option prevents output of the encoded version of the request. +=item B<-pubkey> + +outputs the the certificate's SubjectPublicKeyInfo block in PEM format. + =item B<-modulus> this option prints out the value of the modulus of the public key diff --git a/openssl/doc/crypto/EVP_PKEY_CTX_ctrl.pod b/openssl/doc/crypto/EVP_PKEY_CTX_ctrl.pod index f2f455990..13b91f1e6 100644 --- a/openssl/doc/crypto/EVP_PKEY_CTX_ctrl.pod +++ b/openssl/doc/crypto/EVP_PKEY_CTX_ctrl.pod @@ -117,7 +117,7 @@ L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>, L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, -L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>, +L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>, L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)> diff --git a/openssl/doc/crypto/EVP_PKEY_decrypt.pod b/openssl/doc/crypto/EVP_PKEY_decrypt.pod index 42b2a8c44..847983237 100644 --- a/openssl/doc/crypto/EVP_PKEY_decrypt.pod +++ b/openssl/doc/crypto/EVP_PKEY_decrypt.pod @@ -83,7 +83,7 @@ L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>, L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, -L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>, +L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>, L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> =head1 HISTORY diff --git a/openssl/doc/crypto/EVP_PKEY_derive.pod b/openssl/doc/crypto/EVP_PKEY_derive.pod index d9d6d76c7..27464be57 100644 --- a/openssl/doc/crypto/EVP_PKEY_derive.pod +++ b/openssl/doc/crypto/EVP_PKEY_derive.pod @@ -84,7 +84,7 @@ L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>, L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, -L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>, +L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>, =head1 HISTORY diff --git a/openssl/doc/crypto/EVP_PKEY_encrypt.pod b/openssl/doc/crypto/EVP_PKEY_encrypt.pod index 91c9c5d0a..e495a8124 100644 --- a/openssl/doc/crypto/EVP_PKEY_encrypt.pod +++ b/openssl/doc/crypto/EVP_PKEY_encrypt.pod @@ -83,7 +83,7 @@ L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, -L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>, +L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>, L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> =head1 HISTORY diff --git a/openssl/doc/crypto/EVP_PKEY_get_default_digest.pod b/openssl/doc/crypto/EVP_PKEY_get_default_digest.pod index 1a9c7954c..8ff597d44 100644 --- a/openssl/doc/crypto/EVP_PKEY_get_default_digest.pod +++ b/openssl/doc/crypto/EVP_PKEY_get_default_digest.pod @@ -32,7 +32,7 @@ public key algorithm. L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, -L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>, +L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>, =head1 HISTORY diff --git a/openssl/doc/crypto/EVP_PKEY_keygen.pod b/openssl/doc/crypto/EVP_PKEY_keygen.pod index 37c6fe950..fd431ace6 100644 --- a/openssl/doc/crypto/EVP_PKEY_keygen.pod +++ b/openssl/doc/crypto/EVP_PKEY_keygen.pod @@ -151,7 +151,7 @@ L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>, L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, -L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>, +L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>, L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> =head1 HISTORY diff --git a/openssl/doc/crypto/EVP_PKEY_sign.pod b/openssl/doc/crypto/EVP_PKEY_sign.pod index 2fb52c348..a044f2c13 100644 --- a/openssl/doc/crypto/EVP_PKEY_sign.pod +++ b/openssl/doc/crypto/EVP_PKEY_sign.pod @@ -86,7 +86,7 @@ L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>, L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, -L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>, +L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>, L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> =head1 HISTORY diff --git a/openssl/doc/crypto/EVP_PKEY_verify.pod b/openssl/doc/crypto/EVP_PKEY_verify.pod index f93e5fc6c..90612ba2f 100644 --- a/openssl/doc/crypto/EVP_PKEY_verify.pod +++ b/openssl/doc/crypto/EVP_PKEY_verify.pod @@ -81,7 +81,7 @@ L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>, L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, -L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>, +L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>, L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> =head1 HISTORY diff --git a/openssl/doc/crypto/EVP_PKEY_verifyrecover.pod b/openssl/doc/crypto/EVP_PKEY_verify_recover.pod index f3605eb82..23a28a9c4 100644 --- a/openssl/doc/crypto/EVP_PKEY_verifyrecover.pod +++ b/openssl/doc/crypto/EVP_PKEY_verify_recover.pod @@ -2,23 +2,23 @@ =head1 NAME -EVP_PKEY_verifyrecover_init, EVP_PKEY_verifyrecover - recover signature using a public key algorithm +EVP_PKEY_verify_recover_init, EVP_PKEY_verify_recover - recover signature using a public key algorithm =head1 SYNOPSIS #include <openssl/evp.h> - int EVP_PKEY_verifyrecover_init(EVP_PKEY_CTX *ctx); - int EVP_PKEY_verifyrecover(EVP_PKEY_CTX *ctx, + int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx); + int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, unsigned char *rout, size_t *routlen, const unsigned char *sig, size_t siglen); =head1 DESCRIPTION -The EVP_PKEY_verifyrecover_init() function initializes a public key algorithm +The EVP_PKEY_verify_recover_init() function initializes a public key algorithm context using key B<pkey> for a verify recover operation. -The EVP_PKEY_verifyrecover() function recovers signed data +The EVP_PKEY_verify_recover() function recovers signed data using B<ctx>. The signature is specified using the B<sig> and B<siglen> parameters. If B<rout> is B<NULL> then the maximum size of the output buffer is written to the B<routlen> parameter. If B<rout> is not B<NULL> then @@ -36,16 +36,16 @@ Sometimes however it is useful to obtain the data originally signed using a signing operation. Only certain public key algorithms can recover a signature in this way (for example RSA in PKCS padding mode). -After the call to EVP_PKEY_verifyrecover_init() algorithm specific control +After the call to EVP_PKEY_verify_recover_init() algorithm specific control operations can be performed to set any appropriate parameters for the operation. -The function EVP_PKEY_verifyrecover() can be called more than once on the same +The function EVP_PKEY_verify_recover() can be called more than once on the same context if several operations are performed using the same parameters. =head1 RETURN VALUES -EVP_PKEY_verifyrecover_init() and EVP_PKEY_verifyrecover() return 1 for success +EVP_PKEY_verify_recover_init() and EVP_PKEY_verify_recover() return 1 for success and 0 or a negative value for failure. In particular a return value of -2 indicates the operation is not supported by the public key algorithm. @@ -66,7 +66,7 @@ Recover digest originally signed using PKCS#1 and SHA256 digest: ctx = EVP_PKEY_CTX_new(verify_key); if (!ctx) /* Error occurred */ - if (EVP_PKEY_verifyrecover_init(ctx) <= 0) + if (EVP_PKEY_verify_recover_init(ctx) <= 0) /* Error */ if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) /* Error */ @@ -74,7 +74,7 @@ Recover digest originally signed using PKCS#1 and SHA256 digest: /* Error */ /* Determine buffer length */ - if (EVP_PKEY_verifyrecover(ctx, NULL, &routlen, sig, siglen) <= 0) + if (EVP_PKEY_verify_recover(ctx, NULL, &routlen, sig, siglen) <= 0) /* Error */ rout = OPENSSL_malloc(routlen); @@ -82,7 +82,7 @@ Recover digest originally signed using PKCS#1 and SHA256 digest: if (!rout) /* malloc failure */ - if (EVP_PKEY_verifyrecover(ctx, rout, &routlen, sig, siglen) <= 0) + if (EVP_PKEY_verify_recover(ctx, rout, &routlen, sig, siglen) <= 0) /* Error */ /* Recovered data is routlen bytes written to buffer rout */ |