aboutsummaryrefslogtreecommitdiff
path: root/openssl/doc
diff options
context:
space:
mode:
Diffstat (limited to 'openssl/doc')
-rw-r--r--openssl/doc/apps/cms.pod27
-rw-r--r--openssl/doc/apps/enc.pod4
-rw-r--r--openssl/doc/apps/s_server.pod6
-rw-r--r--openssl/doc/apps/smime.pod14
-rw-r--r--openssl/doc/apps/verify.pod9
-rw-r--r--openssl/doc/apps/version.pod3
-rw-r--r--openssl/doc/apps/x509v3_config.pod4
-rw-r--r--openssl/doc/crypto/CMS_decrypt.pod16
-rw-r--r--openssl/doc/crypto/CONF_modules_free.pod2
-rw-r--r--openssl/doc/crypto/CONF_modules_load_file.pod2
-rw-r--r--openssl/doc/crypto/OPENSSL_config.pod2
-rw-r--r--openssl/doc/crypto/X509_NAME_ENTRY_get_object.pod2
-rw-r--r--openssl/doc/crypto/X509_STORE_CTX_get_ex_new_index.pod2
-rw-r--r--openssl/doc/fingerprints.txt7
-rw-r--r--openssl/doc/ssl/SSL_COMP_add_compression_method.pod4
-rw-r--r--openssl/doc/ssl/SSL_CTX_add_session.pod4
-rw-r--r--openssl/doc/ssl/SSL_CTX_load_verify_locations.pod4
-rw-r--r--openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod4
-rw-r--r--openssl/doc/ssl/SSL_CTX_set_msg_callback.pod4
-rw-r--r--openssl/doc/ssl/SSL_CTX_set_options.pod6
-rw-r--r--openssl/doc/ssl/SSL_CTX_set_session_id_context.pod4
-rw-r--r--openssl/doc/ssl/SSL_CTX_set_ssl_version.pod4
-rw-r--r--openssl/doc/ssl/SSL_CTX_use_psk_identity_hint.pod2
-rw-r--r--openssl/doc/ssl/SSL_accept.pod4
-rw-r--r--openssl/doc/ssl/SSL_clear.pod4
-rw-r--r--openssl/doc/ssl/SSL_connect.pod4
-rw-r--r--openssl/doc/ssl/SSL_do_handshake.pod4
-rw-r--r--openssl/doc/ssl/SSL_get_peer_cert_chain.pod8
-rw-r--r--openssl/doc/ssl/SSL_read.pod2
-rw-r--r--openssl/doc/ssl/SSL_session_reused.pod4
-rw-r--r--openssl/doc/ssl/SSL_set_fd.pod4
-rw-r--r--openssl/doc/ssl/SSL_set_session.pod4
-rw-r--r--openssl/doc/ssl/SSL_shutdown.pod4
-rw-r--r--openssl/doc/ssl/SSL_write.pod2
34 files changed, 120 insertions, 60 deletions
diff --git a/openssl/doc/apps/cms.pod b/openssl/doc/apps/cms.pod
index a09588a18..a76b3e0fd 100644
--- a/openssl/doc/apps/cms.pod
+++ b/openssl/doc/apps/cms.pod
@@ -90,6 +90,11 @@ decrypt mail using the supplied certificate and private key. Expects an
encrypted mail message in MIME format for the input file. The decrypted mail
is written to the output file.
+=item B<-debug_decrypt>
+
+this option sets the B<CMS_DEBUG_DECRYPT> flag. This option should be used
+with caution: see the notes section below.
+
=item B<-sign>
sign mail using the supplied certificate and private key. Input file is
@@ -446,32 +451,42 @@ Streaming is always used for the B<-sign> operation with detached data but
since the content is no longer part of the CMS structure the encoding
remains DER.
+If the B<-decrypt> option is used without a recipient certificate then an
+attempt is made to locate the recipient by trying each potential recipient
+in turn using the supplied private key. To thwart the MMA attack
+(Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) all recipients are
+tried whether they succeed or not and if no recipients match the message
+is "decrypted" using a random key which will typically output garbage.
+The B<-debug_decrypt> option can be used to disable the MMA attack protection
+and return an error if no recipient can be found: this option should be used
+with caution. For a fuller description see L<CMS_decrypt(3)|CMS_decrypt(3)>).
+
=head1 EXIT CODES
=over 4
-=item 0
+=item Z<>0
the operation was completely successfully.
-=item 1
+=item Z<>1
an error occurred parsing the command options.
-=item 2
+=item Z<>2
one of the input files could not be read.
-=item 3
+=item Z<>3
an error occurred creating the CMS file or when reading the MIME
message.
-=item 4
+=item Z<>4
an error occurred decrypting or verifying the message.
-=item 5
+=item Z<>5
the message was verified correctly but an error occurred writing out
the signers certificates.
diff --git a/openssl/doc/apps/enc.pod b/openssl/doc/apps/enc.pod
index 3dee4ed99..41791ad67 100644
--- a/openssl/doc/apps/enc.pod
+++ b/openssl/doc/apps/enc.pod
@@ -215,6 +215,10 @@ unsupported options (for example B<openssl enc -help>) includes a
list of ciphers, supported by your versesion of OpenSSL, including
ones provided by configured engines.
+The B<enc> program does not support authenticated encryption modes
+like CCM and GCM. The utility does not store or retrieve the
+authentication tag.
+
base64 Base 64
diff --git a/openssl/doc/apps/s_server.pod b/openssl/doc/apps/s_server.pod
index 6758ba308..f9b9ca532 100644
--- a/openssl/doc/apps/s_server.pod
+++ b/openssl/doc/apps/s_server.pod
@@ -44,6 +44,7 @@ B<openssl> B<s_server>
[B<-no_ssl3>]
[B<-no_tls1>]
[B<-no_dhe>]
+[B<-no_ecdhe>]
[B<-bugs>]
[B<-hack>]
[B<-www>]
@@ -131,6 +132,11 @@ a static set of parameters hard coded into the s_server program will be used.
if this option is set then no DH parameters will be loaded effectively
disabling the ephemeral DH cipher suites.
+=item B<-no_ecdhe>
+
+if this option is set then no ECDH parameters will be loaded effectively
+disabling the ephemeral ECDH cipher suites.
+
=item B<-no_tmp_rsa>
certain export cipher suites sometimes use a temporary RSA key, this option
diff --git a/openssl/doc/apps/smime.pod b/openssl/doc/apps/smime.pod
index e4e89af84..d39a59a90 100644
--- a/openssl/doc/apps/smime.pod
+++ b/openssl/doc/apps/smime.pod
@@ -159,7 +159,7 @@ EVP_get_cipherbyname() function) can also be used preceded by a dash, for
example B<-aes_128_cbc>. See L<B<enc>|enc(1)> for list of ciphers
supported by your version of OpenSSL.
-If not specified 40 bit RC2 is used. Only used with B<-encrypt>.
+If not specified triple DES is used. Only used with B<-encrypt>.
=item B<-nointern>
@@ -308,28 +308,28 @@ remains DER.
=over 4
-=item 0
+=item Z<>0
the operation was completely successfully.
-=item 1
+=item Z<>1
an error occurred parsing the command options.
-=item 2
+=item Z<>2
one of the input files could not be read.
-=item 3
+=item Z<>3
an error occurred creating the PKCS#7 file or when reading the MIME
message.
-=item 4
+=item Z<>4
an error occurred decrypting or verifying the message.
-=item 5
+=item Z<>5
the message was verified correctly but an error occurred writing out
the signers certificates.
diff --git a/openssl/doc/apps/verify.pod b/openssl/doc/apps/verify.pod
index da683004b..f35d40295 100644
--- a/openssl/doc/apps/verify.pod
+++ b/openssl/doc/apps/verify.pod
@@ -25,6 +25,7 @@ B<openssl> B<verify>
[B<-untrusted file>]
[B<-help>]
[B<-issuer_checks>]
+[B<-attime timestamp>]
[B<-verbose>]
[B<->]
[certificates]
@@ -80,6 +81,12 @@ rejected. The presence of rejection messages does not itself imply that
anything is wrong; during the normal verification process, several
rejections may take place.
+=item B<-attime timestamp>
+
+Perform validation checks using time specified by B<timestamp> and not
+current system time. B<timestamp> is the number of seconds since
+01.01.1970 (UNIX time).
+
=item B<-policy arg>
Enable policy processing and add B<arg> to the user-initial-policy-set (see
@@ -386,7 +393,7 @@ an application specific error. Unused.
=head1 BUGS
-Although the issuer checks are a considerably improvement over the old technique they still
+Although the issuer checks are a considerable improvement over the old technique they still
suffer from limitations in the underlying X509_LOOKUP API. One consequence of this is that
trusted certificates with matching subject name must either appear in a file (as specified by the
B<-CAfile> option) or a directory (as specified by B<-CApath>. If they occur in both then only
diff --git a/openssl/doc/apps/version.pod b/openssl/doc/apps/version.pod
index e00324c44..58f543bc3 100644
--- a/openssl/doc/apps/version.pod
+++ b/openssl/doc/apps/version.pod
@@ -13,6 +13,7 @@ B<openssl version>
[B<-o>]
[B<-f>]
[B<-p>]
+[B<-d>]
=head1 DESCRIPTION
@@ -38,7 +39,7 @@ the date the current version of OpenSSL was built.
option information: various options set when the library was built.
-=item B<-c>
+=item B<-f>
compilation flags.
diff --git a/openssl/doc/apps/x509v3_config.pod b/openssl/doc/apps/x509v3_config.pod
index 0450067cf..13ff85b17 100644
--- a/openssl/doc/apps/x509v3_config.pod
+++ b/openssl/doc/apps/x509v3_config.pod
@@ -301,7 +301,7 @@ Example:
O=Organisation
CN=Some Name
-
+
=head2 Certificate Policies.
This is a I<raw> extension. All the fields of this extension can be set by
@@ -390,7 +390,7 @@ Examples:
nameConstraints=permitted;email:.somedomain.com
nameConstraints=excluded;email:.com
-issuingDistributionPoint = idp_section
+
=head2 OCSP No Check
diff --git a/openssl/doc/crypto/CMS_decrypt.pod b/openssl/doc/crypto/CMS_decrypt.pod
index d857e4f93..3fa9212af 100644
--- a/openssl/doc/crypto/CMS_decrypt.pod
+++ b/openssl/doc/crypto/CMS_decrypt.pod
@@ -27,7 +27,21 @@ function or errors about unknown algorithms will occur.
Although the recipients certificate is not needed to decrypt the data it is
needed to locate the appropriate (of possible several) recipients in the CMS
-structure. If B<cert> is set to NULL all possible recipients are tried.
+structure.
+
+If B<cert> is set to NULL all possible recipients are tried. This case however
+is problematic. To thwart the MMA attack (Bleichenbacher's attack on
+PKCS #1 v1.5 RSA padding) all recipients are tried whether they succeed or
+not. If no recipient succeeds then a random symmetric key is used to decrypt
+the content: this will typically output garbage and may (but is not guaranteed
+to) ultimately return a padding error only. If CMS_decrypt() just returned an
+error when all recipient encrypted keys failed to decrypt an attacker could
+use this in a timing attack. If the special flag B<CMS_DEBUG_DECRYPT> is set
+then the above behaviour is modified and an error B<is> returned if no
+recipient encrypted key can be decrypted B<without> generating a random
+content encryption key. Applications should use this flag with
+B<extreme caution> especially in automated gateways as it can leave them
+open to attack.
It is possible to determine the correct recipient key by other means (for
example looking them up in a database) and setting them in the CMS structure
diff --git a/openssl/doc/crypto/CONF_modules_free.pod b/openssl/doc/crypto/CONF_modules_free.pod
index 87bc7b783..347020c5f 100644
--- a/openssl/doc/crypto/CONF_modules_free.pod
+++ b/openssl/doc/crypto/CONF_modules_free.pod
@@ -37,7 +37,7 @@ None of the functions return a value.
=head1 SEE ALSO
L<conf(5)|conf(5)>, L<OPENSSL_config(3)|OPENSSL_config(3)>,
-L<CONF_modules_load_file(3), CONF_modules_load_file(3)>
+L<CONF_modules_load_file(3)|CONF_modules_load_file(3)>
=head1 HISTORY
diff --git a/openssl/doc/crypto/CONF_modules_load_file.pod b/openssl/doc/crypto/CONF_modules_load_file.pod
index 9965d69bf..0c4d92685 100644
--- a/openssl/doc/crypto/CONF_modules_load_file.pod
+++ b/openssl/doc/crypto/CONF_modules_load_file.pod
@@ -51,7 +51,7 @@ return value of the failing module (this will always be zero or negative).
=head1 SEE ALSO
L<conf(5)|conf(5)>, L<OPENSSL_config(3)|OPENSSL_config(3)>,
-L<CONF_free(3), CONF_free(3)>, L<err(3),err(3)>
+L<CONF_free(3)|CONF_free(3)>, L<err(3)|err(3)>
=head1 HISTORY
diff --git a/openssl/doc/crypto/OPENSSL_config.pod b/openssl/doc/crypto/OPENSSL_config.pod
index e7bba2aac..888de88f6 100644
--- a/openssl/doc/crypto/OPENSSL_config.pod
+++ b/openssl/doc/crypto/OPENSSL_config.pod
@@ -73,7 +73,7 @@ Neither OPENSSL_config() nor OPENSSL_no_config() return a value.
=head1 SEE ALSO
L<conf(5)|conf(5)>, L<CONF_load_modules_file(3)|CONF_load_modules_file(3)>,
-L<CONF_modules_free(3),CONF_modules_free(3)>
+L<CONF_modules_free(3)|CONF_modules_free(3)>
=head1 HISTORY
diff --git a/openssl/doc/crypto/X509_NAME_ENTRY_get_object.pod b/openssl/doc/crypto/X509_NAME_ENTRY_get_object.pod
index 41902c0d4..4716e7ee7 100644
--- a/openssl/doc/crypto/X509_NAME_ENTRY_get_object.pod
+++ b/openssl/doc/crypto/X509_NAME_ENTRY_get_object.pod
@@ -65,7 +65,7 @@ set first so the relevant field information can be looked up internally.
=head1 SEE ALSO
L<ERR_get_error(3)|ERR_get_error(3)>, L<d2i_X509_NAME(3)|d2i_X509_NAME(3)>,
-L<OBJ_nid2obj(3),OBJ_nid2obj(3)>
+L<OBJ_nid2obj(3)|OBJ_nid2obj(3)>
=head1 HISTORY
diff --git a/openssl/doc/crypto/X509_STORE_CTX_get_ex_new_index.pod b/openssl/doc/crypto/X509_STORE_CTX_get_ex_new_index.pod
index 8d6b9dda4..8a9243d75 100644
--- a/openssl/doc/crypto/X509_STORE_CTX_get_ex_new_index.pod
+++ b/openssl/doc/crypto/X509_STORE_CTX_get_ex_new_index.pod
@@ -15,7 +15,7 @@ X509_STORE_CTX_get_ex_new_index, X509_STORE_CTX_set_ex_data, X509_STORE_CTX_get_
int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *d, int idx, void *arg);
- char *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *d, int idx);
+ void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *d, int idx);
=head1 DESCRIPTION
diff --git a/openssl/doc/fingerprints.txt b/openssl/doc/fingerprints.txt
index 7d05a8559..4030c81fa 100644
--- a/openssl/doc/fingerprints.txt
+++ b/openssl/doc/fingerprints.txt
@@ -21,6 +21,13 @@ pub 2048R/F295C759 1998-12-13
Key fingerprint = D0 5D 8C 61 6E 27 E6 60 41 EC B1 B8 D5 7E E5 97
uid Dr S N Henson <shenson@drh-consultancy.demon.co.uk>
+pub 4096R/FA40E9E2 2005-03-19
+ Key fingerprint = 6260 5AA4 334A F9F0 DDE5 D349 D357 7507 FA40 E9E2
+uid Dr Stephen Henson <shenson@opensslfoundation.com>
+uid Dr Stephen Henson <shenson@drh-consultancy.co.uk>
+uid Dr Stephen N Henson <steve@openssl.org>
+sub 4096R/8811F530 2005-03-19
+
pub 1024R/49A563D9 1997-02-24
Key fingerprint = 7B 79 19 FA 71 6B 87 25 0E 77 21 E5 52 D9 83 BF
uid Mark Cox <mjc@redhat.com>
diff --git a/openssl/doc/ssl/SSL_COMP_add_compression_method.pod b/openssl/doc/ssl/SSL_COMP_add_compression_method.pod
index 42fa66b19..f4d191c9b 100644
--- a/openssl/doc/ssl/SSL_COMP_add_compression_method.pod
+++ b/openssl/doc/ssl/SSL_COMP_add_compression_method.pod
@@ -53,11 +53,11 @@ SSL_COMP_add_compression_method() may return the following values:
=over 4
-=item 0
+=item Z<>0
The operation succeeded.
-=item 1
+=item Z<>1
The operation failed. Check the error queue to find out the reason.
diff --git a/openssl/doc/ssl/SSL_CTX_add_session.pod b/openssl/doc/ssl/SSL_CTX_add_session.pod
index 82676b26b..8e0abd36c 100644
--- a/openssl/doc/ssl/SSL_CTX_add_session.pod
+++ b/openssl/doc/ssl/SSL_CTX_add_session.pod
@@ -52,13 +52,13 @@ The following values are returned by all functions:
=over 4
-=item 0
+=item Z<>0
The operation failed. In case of the add operation, it was tried to add
the same (identical) session twice. In case of the remove operation, the
session was not found in the cache.
-=item 1
+=item Z<>1
The operation succeeded.
diff --git a/openssl/doc/ssl/SSL_CTX_load_verify_locations.pod b/openssl/doc/ssl/SSL_CTX_load_verify_locations.pod
index 84a799fc7..d1d897719 100644
--- a/openssl/doc/ssl/SSL_CTX_load_verify_locations.pod
+++ b/openssl/doc/ssl/SSL_CTX_load_verify_locations.pod
@@ -100,13 +100,13 @@ The following return values can occur:
=over 4
-=item 0
+=item Z<>0
The operation failed because B<CAfile> and B<CApath> are NULL or the
processing at one of the locations specified failed. Check the error
stack to find out the reason.
-=item 1
+=item Z<>1
The operation succeeded.
diff --git a/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod b/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod
index 5e6613335..5e9739266 100644
--- a/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod
+++ b/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod
@@ -66,13 +66,13 @@ values:
=over 4
-=item 0
+=item Z<>0
A failure while manipulating the STACK_OF(X509_NAME) object occurred or
the X509_NAME could not be extracted from B<cacert>. Check the error stack
to find out the reason.
-=item 1
+=item Z<>1
The operation succeeded.
diff --git a/openssl/doc/ssl/SSL_CTX_set_msg_callback.pod b/openssl/doc/ssl/SSL_CTX_set_msg_callback.pod
index 0015e6ea7..8b82d94a3 100644
--- a/openssl/doc/ssl/SSL_CTX_set_msg_callback.pod
+++ b/openssl/doc/ssl/SSL_CTX_set_msg_callback.pod
@@ -11,8 +11,8 @@ SSL_CTX_set_msg_callback, SSL_CTX_set_msg_callback_arg, SSL_set_msg_callback, SS
void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg);
- void SSL_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
- void SSL_set_msg_callback_arg(SSL_CTX *ctx, void *arg);
+ void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
+ void SSL_set_msg_callback_arg(SSL *ssl, void *arg);
=head1 DESCRIPTION
diff --git a/openssl/doc/ssl/SSL_CTX_set_options.pod b/openssl/doc/ssl/SSL_CTX_set_options.pod
index fded0601b..d8866927a 100644
--- a/openssl/doc/ssl/SSL_CTX_set_options.pod
+++ b/openssl/doc/ssl/SSL_CTX_set_options.pod
@@ -112,6 +112,12 @@ vulnerability affecting CBC ciphers, which cannot be handled by some
broken SSL implementations. This option has no effect for connections
using other ciphers.
+=item SSL_OP_TLSEXT_PADDING
+
+Adds a padding extension to ensure the ClientHello size is never between
+256 and 511 bytes in length. This is needed as a workaround for some
+implementations.
+
=item SSL_OP_ALL
All of the above bug workarounds.
diff --git a/openssl/doc/ssl/SSL_CTX_set_session_id_context.pod b/openssl/doc/ssl/SSL_CTX_set_session_id_context.pod
index 58fc68550..7c9e51533 100644
--- a/openssl/doc/ssl/SSL_CTX_set_session_id_context.pod
+++ b/openssl/doc/ssl/SSL_CTX_set_session_id_context.pod
@@ -64,13 +64,13 @@ return the following values:
=over 4
-=item 0
+=item Z<>0
The length B<sid_ctx_len> of the session id context B<sid_ctx> exceeded
the maximum allowed length of B<SSL_MAX_SSL_SESSION_ID_LENGTH>. The error
is logged to the error stack.
-=item 1
+=item Z<>1
The operation succeeded.
diff --git a/openssl/doc/ssl/SSL_CTX_set_ssl_version.pod b/openssl/doc/ssl/SSL_CTX_set_ssl_version.pod
index 254f2b439..e254f9657 100644
--- a/openssl/doc/ssl/SSL_CTX_set_ssl_version.pod
+++ b/openssl/doc/ssl/SSL_CTX_set_ssl_version.pod
@@ -42,11 +42,11 @@ and SSL_set_ssl_method():
=over 4
-=item 0
+=item Z<>0
The new choice failed, check the error stack to find out the reason.
-=item 1
+=item Z<>1
The operation succeeded.
diff --git a/openssl/doc/ssl/SSL_CTX_use_psk_identity_hint.pod b/openssl/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
index 7e60df5ba..9da7201a9 100644
--- a/openssl/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
+++ b/openssl/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
@@ -96,7 +96,7 @@ data to B<psk> and return the length of the random data, so the
connection will fail with decryption_error before it will be finished
completely.
-=item 0
+=item Z<>0
PSK identity was not found. An "unknown_psk_identity" alert message
will be sent and the connection setup fails.
diff --git a/openssl/doc/ssl/SSL_accept.pod b/openssl/doc/ssl/SSL_accept.pod
index b1c34d15b..223944417 100644
--- a/openssl/doc/ssl/SSL_accept.pod
+++ b/openssl/doc/ssl/SSL_accept.pod
@@ -44,13 +44,13 @@ The following return values can occur:
=over 4
-=item 0
+=item Z<>0
The TLS/SSL handshake was not successful but was shut down controlled and
by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
return value B<ret> to find out the reason.
-=item 1
+=item Z<>1
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
established.
diff --git a/openssl/doc/ssl/SSL_clear.pod b/openssl/doc/ssl/SSL_clear.pod
index d4df1bfac..ba192bd51 100644
--- a/openssl/doc/ssl/SSL_clear.pod
+++ b/openssl/doc/ssl/SSL_clear.pod
@@ -56,12 +56,12 @@ The following return values can occur:
=over 4
-=item 0
+=item Z<>0
The SSL_clear() operation could not be performed. Check the error stack to
find out the reason.
-=item 1
+=item Z<>1
The SSL_clear() operation was successful.
diff --git a/openssl/doc/ssl/SSL_connect.pod b/openssl/doc/ssl/SSL_connect.pod
index 946ca89d7..68e2b82b8 100644
--- a/openssl/doc/ssl/SSL_connect.pod
+++ b/openssl/doc/ssl/SSL_connect.pod
@@ -41,13 +41,13 @@ The following return values can occur:
=over 4
-=item 0
+=item Z<>0
The TLS/SSL handshake was not successful but was shut down controlled and
by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
return value B<ret> to find out the reason.
-=item 1
+=item Z<>1
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
established.
diff --git a/openssl/doc/ssl/SSL_do_handshake.pod b/openssl/doc/ssl/SSL_do_handshake.pod
index 7f8cf249e..b35ddf5f1 100644
--- a/openssl/doc/ssl/SSL_do_handshake.pod
+++ b/openssl/doc/ssl/SSL_do_handshake.pod
@@ -45,13 +45,13 @@ The following return values can occur:
=over 4
-=item 0
+=item Z<>0
The TLS/SSL handshake was not successful but was shut down controlled and
by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
return value B<ret> to find out the reason.
-=item 1
+=item Z<>1
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
established.
diff --git a/openssl/doc/ssl/SSL_get_peer_cert_chain.pod b/openssl/doc/ssl/SSL_get_peer_cert_chain.pod
index 49fb88f86..059376c76 100644
--- a/openssl/doc/ssl/SSL_get_peer_cert_chain.pod
+++ b/openssl/doc/ssl/SSL_get_peer_cert_chain.pod
@@ -8,11 +8,11 @@ SSL_get_peer_cert_chain - get the X509 certificate chain of the peer
#include <openssl/ssl.h>
- STACKOF(X509) *SSL_get_peer_cert_chain(const SSL *ssl);
+ STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *ssl);
=head1 DESCRIPTION
-SSL_get_peer_cert_chain() returns a pointer to STACKOF(X509) certificates
+SSL_get_peer_cert_chain() returns a pointer to STACK_OF(X509) certificates
forming the certificate chain of the peer. If called on the client side,
the stack also contains the peer's certificate; if called on the server
side, the peer's certificate must be obtained separately using
@@ -24,7 +24,7 @@ If the peer did not present a certificate, NULL is returned.
The peer certificate chain is not necessarily available after reusing
a session, in which case a NULL pointer is returned.
-The reference count of the STACKOF(X509) object is not incremented.
+The reference count of the STACK_OF(X509) object is not incremented.
If the corresponding session is freed, the pointer must not be used
any longer.
@@ -39,7 +39,7 @@ The following return values can occur:
No certificate was presented by the peer or no connection was established
or the certificate chain is no longer available when a session is reused.
-=item Pointer to a STACKOF(X509)
+=item Pointer to a STACK_OF(X509)
The return value points to the certificate chain presented by the peer.
diff --git a/openssl/doc/ssl/SSL_read.pod b/openssl/doc/ssl/SSL_read.pod
index 7038cd2d7..8ca0ce505 100644
--- a/openssl/doc/ssl/SSL_read.pod
+++ b/openssl/doc/ssl/SSL_read.pod
@@ -86,7 +86,7 @@ The following return values can occur:
The read operation was successful; the return value is the number of
bytes actually read from the TLS/SSL connection.
-=item 0
+=item Z<>0
The read operation was not successful. The reason may either be a clean
shutdown due to a "close notify" alert sent by the peer (in which case
diff --git a/openssl/doc/ssl/SSL_session_reused.pod b/openssl/doc/ssl/SSL_session_reused.pod
index da7d06264..b09d8a71b 100644
--- a/openssl/doc/ssl/SSL_session_reused.pod
+++ b/openssl/doc/ssl/SSL_session_reused.pod
@@ -27,11 +27,11 @@ The following return values can occur:
=over 4
-=item 0
+=item Z<>0
A new session was negotiated.
-=item 1
+=item Z<>1
A session was reused.
diff --git a/openssl/doc/ssl/SSL_set_fd.pod b/openssl/doc/ssl/SSL_set_fd.pod
index 70291128f..148087160 100644
--- a/openssl/doc/ssl/SSL_set_fd.pod
+++ b/openssl/doc/ssl/SSL_set_fd.pod
@@ -35,11 +35,11 @@ The following return values can occur:
=over 4
-=item 0
+=item Z<>0
The operation failed. Check the error stack to find out why.
-=item 1
+=item Z<>1
The operation succeeded.
diff --git a/openssl/doc/ssl/SSL_set_session.pod b/openssl/doc/ssl/SSL_set_session.pod
index 5f54714ad..197b52183 100644
--- a/openssl/doc/ssl/SSL_set_session.pod
+++ b/openssl/doc/ssl/SSL_set_session.pod
@@ -37,11 +37,11 @@ The following return values can occur:
=over 4
-=item 0
+=item Z<>0
The operation failed; check the error stack to find out the reason.
-=item 1
+=item Z<>1
The operation succeeded.
diff --git a/openssl/doc/ssl/SSL_shutdown.pod b/openssl/doc/ssl/SSL_shutdown.pod
index 42a89b7c6..85d4a64b0 100644
--- a/openssl/doc/ssl/SSL_shutdown.pod
+++ b/openssl/doc/ssl/SSL_shutdown.pod
@@ -92,14 +92,14 @@ The following return values can occur:
=over 4
-=item 0
+=item Z<>0
The shutdown is not yet finished. Call SSL_shutdown() for a second time,
if a bidirectional shutdown shall be performed.
The output of L<SSL_get_error(3)|SSL_get_error(3)> may be misleading, as an
erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred.
-=item 1
+=item Z<>1
The shutdown was successfully completed. The "close notify" alert was sent
and the peer's "close notify" alert was received.
diff --git a/openssl/doc/ssl/SSL_write.pod b/openssl/doc/ssl/SSL_write.pod
index e013c12d5..a57617f3e 100644
--- a/openssl/doc/ssl/SSL_write.pod
+++ b/openssl/doc/ssl/SSL_write.pod
@@ -79,7 +79,7 @@ The following return values can occur:
The write operation was successful, the return value is the number of
bytes actually written to the TLS/SSL connection.
-=item 0
+=item Z<>0
The write operation was not successful. Probably the underlying connection
was closed. Call SSL_get_error() with the return value B<ret> to find out,