aboutsummaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorJung-uk Kim <jkim@FreeBSD.org>2021-09-01 02:23:22 +0000
committerJung-uk Kim <jkim@FreeBSD.org>2021-09-01 02:23:22 +0000
commitc1d1798abd60f12527b70443cb7d0b9cd78ef7b1 (patch)
tree1ac1ccb6b23135a8b57efdff5c4a84ad03202f7a /doc
parent94fa08a4bcdfbb3434b025d67d014af3b18e5380 (diff)
downloadsrc-vendor/openssl.tar.gz
src-vendor/openssl.zip
Diffstat (limited to 'doc')
-rw-r--r--doc/man1/enc.pod4
-rw-r--r--doc/man1/s_client.pod2
-rw-r--r--doc/man1/s_server.pod2
-rw-r--r--doc/man3/BIO_f_ssl.pod7
-rw-r--r--doc/man3/BIO_push.pod6
-rw-r--r--doc/man3/BN_cmp.pod41
-rw-r--r--doc/man3/d2i_PrivateKey.pod6
-rw-r--r--doc/man7/x509.pod6
8 files changed, 39 insertions, 35 deletions
diff --git a/doc/man1/enc.pod b/doc/man1/enc.pod
index 3c7b6c42ea2c..9068282db543 100644
--- a/doc/man1/enc.pod
+++ b/doc/man1/enc.pod
@@ -180,8 +180,8 @@ Debug the BIOs used for I/O.
=item B<-z>
-Compress or decompress clear text using zlib before encryption or after
-decryption. This option exists only if OpenSSL with compiled with zlib
+Compress or decompress encrypted data using zlib after encryption or before
+decryption. This option exists only if OpenSSL was compiled with the zlib
or zlib-dynamic option.
=item B<-none>
diff --git a/doc/man1/s_client.pod b/doc/man1/s_client.pod
index 743b2db2ba43..f1a2c4abdf53 100644
--- a/doc/man1/s_client.pod
+++ b/doc/man1/s_client.pod
@@ -797,7 +797,7 @@ server.
The B<s_client> utility is a test tool and is designed to continue the
handshake after any certificate verification errors. As a result it will
-accept any certificate chain (trusted or not) sent by the peer. None test
+accept any certificate chain (trusted or not) sent by the peer. Non-test
applications should B<not> do this as it makes them vulnerable to a MITM
attack. This behaviour can be changed by with the B<-verify_return_error>
option: any verify errors are then returned aborting the handshake.
diff --git a/doc/man1/s_server.pod b/doc/man1/s_server.pod
index 9fdac4919038..aa6c19d31f9a 100644
--- a/doc/man1/s_server.pod
+++ b/doc/man1/s_server.pod
@@ -701,7 +701,7 @@ disabling the ephemeral DH cipher suites.
=item B<-alpn val>, B<-nextprotoneg val>
-These flags enable the Enable the Application-Layer Protocol Negotiation
+These flags enable the Application-Layer Protocol Negotiation
or Next Protocol Negotiation (NPN) extension, respectively. ALPN is the
IETF standard and replaces NPN.
The B<val> list is a comma-separated list of supported protocol
diff --git a/doc/man3/BIO_f_ssl.pod b/doc/man3/BIO_f_ssl.pod
index 59cccbd4e597..641ee2329efc 100644
--- a/doc/man3/BIO_f_ssl.pod
+++ b/doc/man3/BIO_f_ssl.pod
@@ -185,11 +185,6 @@ unencrypted example in L<BIO_s_connect(3)>.
ERR_print_errors_fp(stderr);
exit(1);
}
- if (BIO_do_handshake(sbio) <= 0) {
- fprintf(stderr, "Error establishing SSL connection\n");
- ERR_print_errors_fp(stderr);
- exit(1);
- }
/* XXX Could examine ssl here to get connection info */
@@ -298,7 +293,7 @@ be modified to handle this fix or they may free up an already freed BIO.
=head1 COPYRIGHT
-Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man3/BIO_push.pod b/doc/man3/BIO_push.pod
index 93f2cc31fdae..8b98bee49885 100644
--- a/doc/man3/BIO_push.pod
+++ b/doc/man3/BIO_push.pod
@@ -61,8 +61,8 @@ the new chain is B<md1-md2-b64-f>. Data written to B<md1> will be digested
by B<md1> and B<md2>, B<base64> encoded and written to B<f>.
It should be noted that reading causes data to pass in the reverse
-direction, that is data is read from B<f>, base64 B<decoded> and digested
-by B<md1> and B<md2>. If the call:
+direction, that is data is read from B<f>, B<base64> decoded and digested
+by B<md2> and B<md1>. If the call:
BIO_pop(md2);
@@ -79,7 +79,7 @@ The BIO_set_next() function was added in OpenSSL 1.1.0.
=head1 COPYRIGHT
-Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man3/BN_cmp.pod b/doc/man3/BN_cmp.pod
index 95d162ff2957..261619c512ab 100644
--- a/doc/man3/BN_cmp.pod
+++ b/doc/man3/BN_cmp.pod
@@ -2,42 +2,47 @@
=head1 NAME
-BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_is_odd - BIGNUM comparison and test functions
+BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_abs_is_word, BN_is_odd - BIGNUM comparison and test functions
=head1 SYNOPSIS
#include <openssl/bn.h>
- int BN_cmp(BIGNUM *a, BIGNUM *b);
- int BN_ucmp(BIGNUM *a, BIGNUM *b);
+ int BN_cmp(const BIGNUM *a, const BIGNUM *b);
+ int BN_ucmp(const BIGNUM *a, const BIGNUM *b);
- int BN_is_zero(BIGNUM *a);
- int BN_is_one(BIGNUM *a);
- int BN_is_word(BIGNUM *a, BN_ULONG w);
- int BN_is_odd(BIGNUM *a);
+ int BN_is_zero(const BIGNUM *a);
+ int BN_is_one(const BIGNUM *a);
+ int BN_is_word(const BIGNUM *a, const BN_ULONG w);
+ int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w);
+ int BN_is_odd(const BIGNUM *a);
=head1 DESCRIPTION
-BN_cmp() compares the numbers B<a> and B<b>. BN_ucmp() compares their
+BN_cmp() compares the numbers I<a> and I<b>. BN_ucmp() compares their
absolute values.
-BN_is_zero(), BN_is_one() and BN_is_word() test if B<a> equals 0, 1,
-or B<w> respectively. BN_is_odd() tests if a is odd.
-
-BN_is_zero(), BN_is_one(), BN_is_word() and BN_is_odd() are macros.
+BN_is_zero(), BN_is_one(), BN_is_word() and BN_abs_is_word() test if
+I<a> equals 0, 1, I<w>, or E<verbar>I<w>E<verbar> respectively.
+BN_is_odd() tests if I<a> is odd.
=head1 RETURN VALUES
-BN_cmp() returns -1 if B<a> E<lt> B<b>, 0 if B<a> == B<b> and 1 if
-B<a> E<gt> B<b>. BN_ucmp() is the same using the absolute values
-of B<a> and B<b>.
+BN_cmp() returns -1 if I<a> E<lt> I<b>, 0 if I<a> == I<b> and 1 if
+I<a> E<gt> I<b>. BN_ucmp() is the same using the absolute values
+of I<a> and I<b>.
+
+BN_is_zero(), BN_is_one() BN_is_word(), BN_abs_is_word() and
+BN_is_odd() return 1 if the condition is true, 0 otherwise.
+
+=head1 HISTORY
-BN_is_zero(), BN_is_one() BN_is_word() and BN_is_odd() return 1 if
-the condition is true, 0 otherwise.
+Prior to OpenSSL 1.1.0, BN_is_zero(), BN_is_one(), BN_is_word(),
+BN_abs_is_word() and BN_is_odd() were macros.
=head1 COPYRIGHT
-Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man3/d2i_PrivateKey.pod b/doc/man3/d2i_PrivateKey.pod
index 4e3f20f8b324..e7272595bc40 100644
--- a/doc/man3/d2i_PrivateKey.pod
+++ b/doc/man3/d2i_PrivateKey.pod
@@ -42,6 +42,10 @@ These functions are similar to the d2i_X509() functions; see L<d2i_X509(3)>.
=head1 NOTES
+All the functions that operate on data in memory update the data pointer I<*pp>
+after a successful operation, just like the other d2i and i2d functions;
+see L<d2i_X509(3)>.
+
All these functions use DER format and unencrypted keys. Applications wishing
to encrypt or decrypt private keys should use other functions such as
d2i_PKCS8PrivateKey() instead.
@@ -71,7 +75,7 @@ L<d2i_PKCS8PrivateKey_bio(3)>
=head1 COPYRIGHT
-Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man7/x509.pod b/doc/man7/x509.pod
index 065dcb14fbeb..7274e5ce9552 100644
--- a/doc/man7/x509.pod
+++ b/doc/man7/x509.pod
@@ -11,7 +11,7 @@ x509 - X.509 certificate handling
=head1 DESCRIPTION
An X.509 certificate is a structured grouping of information about
-an individual, a device, or anything one can imagine. A X.509 CRL
+an individual, a device, or anything one can imagine. An X.509 CRL
(certificate revocation list) is a tool to help determine if a
certificate is still valid. The exact definition of those can be
found in the X.509 document from ITU-T, or in RFC3280 from PKIX.
@@ -24,7 +24,7 @@ X509_REQ is used to express such a certificate request.
To handle some complex parts of a certificate, there are the types
X509_NAME (to express a certificate name), X509_ATTRIBUTE (to express
-a certificate attributes), X509_EXTENSION (to express a certificate
+a certificate attribute), X509_EXTENSION (to express a certificate
extension) and a few more.
Finally, there's the supertype X509_INFO, which can contain a CRL, a
@@ -63,7 +63,7 @@ L<crypto(7)>
=head1 COPYRIGHT
-Copyright 2003-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2003-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy