diff options
Diffstat (limited to 'openssl/doc')
| -rw-r--r-- | openssl/doc/apps/rsa.pod | 15 | ||||
| -rw-r--r-- | openssl/doc/crypto/X509_STORE_CTX_get_error.pod | 2 | ||||
| -rw-r--r-- | openssl/doc/crypto/ecdsa.pod | 10 | ||||
| -rw-r--r-- | openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod | 8 | ||||
| -rw-r--r-- | openssl/doc/ssl/SSL_CTX_set_options.pod | 5 | ||||
| -rw-r--r-- | openssl/doc/ssl/SSL_CTX_use_psk_identity_hint.pod | 4 | ||||
| -rw-r--r-- | openssl/doc/ssl/SSL_accept.pod | 10 | ||||
| -rw-r--r-- | openssl/doc/ssl/SSL_connect.pod | 10 | ||||
| -rw-r--r-- | openssl/doc/ssl/SSL_do_handshake.pod | 10 | ||||
| -rw-r--r-- | openssl/doc/ssl/SSL_shutdown.pod | 10 |
10 files changed, 51 insertions, 33 deletions
diff --git a/openssl/doc/apps/rsa.pod b/openssl/doc/apps/rsa.pod index 69b2bef82..d7d784d52 100644 --- a/openssl/doc/apps/rsa.pod +++ b/openssl/doc/apps/rsa.pod @@ -24,6 +24,8 @@ B<openssl> B<rsa> [B<-check>] [B<-pubin>] [B<-pubout>] +[B<-RSAPublicKey_in>] +[B<-RSAPublicKey_out>] [B<-engine id>] =head1 DESCRIPTION @@ -118,6 +120,10 @@ by default a private key is output: with this option a public key will be output instead. This option is automatically set if the input is a public key. +=item B<-RSAPublicKey_in>, B<-RSAPublicKey_out> + +like B<-pubin> and B<-pubout> except B<RSAPublicKey> format is used instead. + =item B<-engine id> specifying an engine (by its unique B<id> string) will cause B<rsa> @@ -139,6 +145,11 @@ The PEM public key format uses the header and footer lines: -----BEGIN PUBLIC KEY----- -----END PUBLIC KEY----- +The PEM B<RSAPublicKey> format uses the header and footer lines: + + -----BEGIN RSA PUBLIC KEY----- + -----END RSA PUBLIC KEY----- + The B<NET> form is a format compatible with older Netscape servers and Microsoft IIS .key files, this uses unsalted RC4 for its encryption. It is not very secure and so should only be used when necessary. @@ -173,6 +184,10 @@ To just output the public part of a private key: openssl rsa -in key.pem -pubout -out pubkey.pem +Output the public part of a private key in B<RSAPublicKey> format: + + openssl rsa -in key.pem -RSAPublicKey_out -out pubkey.pem + =head1 BUGS The command line password arguments don't currently work with diff --git a/openssl/doc/crypto/X509_STORE_CTX_get_error.pod b/openssl/doc/crypto/X509_STORE_CTX_get_error.pod index a883f6c09..60e8332ae 100644 --- a/openssl/doc/crypto/X509_STORE_CTX_get_error.pod +++ b/openssl/doc/crypto/X509_STORE_CTX_get_error.pod @@ -278,6 +278,8 @@ happen if extended CRL checking is enabled. an application specific error. This will never be returned unless explicitly set by an application. +=back + =head1 NOTES The above functions should be used instead of directly referencing the fields diff --git a/openssl/doc/crypto/ecdsa.pod b/openssl/doc/crypto/ecdsa.pod index 20edff97f..59a5916de 100644 --- a/openssl/doc/crypto/ecdsa.pod +++ b/openssl/doc/crypto/ecdsa.pod @@ -95,7 +95,7 @@ is ignored. ECDSA_verify() verifies that the signature in B<sig> of size B<siglen> is a valid ECDSA signature of the hash value -value B<dgst> of size B<dgstlen> using the public key B<eckey>. +B<dgst> of size B<dgstlen> using the public key B<eckey>. The parameter B<type> is ignored. ECDSA_do_sign() is wrapper function for ECDSA_do_sign_ex with B<kinv> @@ -131,16 +131,12 @@ specific) int ret; ECDSA_SIG *sig; - EC_KEY *eckey = EC_KEY_new(); + EC_KEY *eckey; + eckey = EC_KEY_new_by_curve_name(NID_secp192k1); if (eckey == NULL) { /* error */ } - key->group = EC_GROUP_new_by_nid(NID_secp192k1); - if (key->group == NULL) - { - /* error */ - } if (!EC_KEY_generate_key(eckey)) { /* error */ diff --git a/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod b/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod index 632b556d1..5e6613335 100644 --- a/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod +++ b/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod @@ -66,16 +66,16 @@ values: =over 4 -=item 1 - -The operation succeeded. - =item 0 A failure while manipulating the STACK_OF(X509_NAME) object occurred or the X509_NAME could not be extracted from B<cacert>. Check the error stack to find out the reason. +=item 1 + +The operation succeeded. + =back =head1 EXAMPLES diff --git a/openssl/doc/ssl/SSL_CTX_set_options.pod b/openssl/doc/ssl/SSL_CTX_set_options.pod index cc588f3a7..fded0601b 100644 --- a/openssl/doc/ssl/SSL_CTX_set_options.pod +++ b/openssl/doc/ssl/SSL_CTX_set_options.pod @@ -88,9 +88,10 @@ As of OpenSSL 0.9.8q and 1.0.0c, this option has no effect. ... -=item SSL_OP_MSIE_SSLV2_RSA_PADDING +=item SSL_OP_SAFARI_ECDHE_ECDSA_BUG -As of OpenSSL 0.9.7h and 0.9.8a, this option has no effect. +Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X. +OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers. =item SSL_OP_SSLEAY_080_CLIENT_DH_BUG diff --git a/openssl/doc/ssl/SSL_CTX_use_psk_identity_hint.pod b/openssl/doc/ssl/SSL_CTX_use_psk_identity_hint.pod index b80e25be7..7e60df5ba 100644 --- a/openssl/doc/ssl/SSL_CTX_use_psk_identity_hint.pod +++ b/openssl/doc/ssl/SSL_CTX_use_psk_identity_hint.pod @@ -81,6 +81,8 @@ SSL_CTX_use_psk_identity_hint() and SSL_use_psk_identity_hint() return Return values from the server callback are interpreted as follows: +=over 4 + =item > 0 PSK identity was found and the server callback has provided the PSK @@ -99,4 +101,6 @@ completely. PSK identity was not found. An "unknown_psk_identity" alert message will be sent and the connection setup fails. +=back + =cut diff --git a/openssl/doc/ssl/SSL_accept.pod b/openssl/doc/ssl/SSL_accept.pod index cc724c0d5..b1c34d15b 100644 --- a/openssl/doc/ssl/SSL_accept.pod +++ b/openssl/doc/ssl/SSL_accept.pod @@ -44,17 +44,17 @@ The following return values can occur: =over 4 -=item 1 - -The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been -established. - =item 0 The TLS/SSL handshake was not successful but was shut down controlled and by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the return value B<ret> to find out the reason. +=item 1 + +The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been +established. + =item E<lt>0 The TLS/SSL handshake was not successful because a fatal error occurred either diff --git a/openssl/doc/ssl/SSL_connect.pod b/openssl/doc/ssl/SSL_connect.pod index cc56ebb75..946ca89d7 100644 --- a/openssl/doc/ssl/SSL_connect.pod +++ b/openssl/doc/ssl/SSL_connect.pod @@ -41,17 +41,17 @@ The following return values can occur: =over 4 -=item 1 - -The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been -established. - =item 0 The TLS/SSL handshake was not successful but was shut down controlled and by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the return value B<ret> to find out the reason. +=item 1 + +The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been +established. + =item E<lt>0 The TLS/SSL handshake was not successful, because a fatal error occurred either diff --git a/openssl/doc/ssl/SSL_do_handshake.pod b/openssl/doc/ssl/SSL_do_handshake.pod index 243576451..7f8cf249e 100644 --- a/openssl/doc/ssl/SSL_do_handshake.pod +++ b/openssl/doc/ssl/SSL_do_handshake.pod @@ -45,17 +45,17 @@ The following return values can occur: =over 4 -=item 1 - -The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been -established. - =item 0 The TLS/SSL handshake was not successful but was shut down controlled and by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the return value B<ret> to find out the reason. +=item 1 + +The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been +established. + =item E<lt>0 The TLS/SSL handshake was not successful because a fatal error occurred either diff --git a/openssl/doc/ssl/SSL_shutdown.pod b/openssl/doc/ssl/SSL_shutdown.pod index 89911acbc..42a89b7c6 100644 --- a/openssl/doc/ssl/SSL_shutdown.pod +++ b/openssl/doc/ssl/SSL_shutdown.pod @@ -92,11 +92,6 @@ The following return values can occur: =over 4 -=item 1 - -The shutdown was successfully completed. The "close notify" alert was sent -and the peer's "close notify" alert was received. - =item 0 The shutdown is not yet finished. Call SSL_shutdown() for a second time, @@ -104,6 +99,11 @@ if a bidirectional shutdown shall be performed. The output of L<SSL_get_error(3)|SSL_get_error(3)> may be misleading, as an erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred. +=item 1 + +The shutdown was successfully completed. The "close notify" alert was sent +and the peer's "close notify" alert was received. + =item -1 The shutdown was not successful because a fatal error occurred either |