diff options
author | Jung-uk Kim <jkim@FreeBSD.org> | 2021-09-01 02:23:22 +0000 |
---|---|---|
committer | Jung-uk Kim <jkim@FreeBSD.org> | 2021-09-01 02:23:22 +0000 |
commit | c1d1798abd60f12527b70443cb7d0b9cd78ef7b1 (patch) | |
tree | 1ac1ccb6b23135a8b57efdff5c4a84ad03202f7a /doc | |
parent | 94fa08a4bcdfbb3434b025d67d014af3b18e5380 (diff) | |
download | src-c1d1798abd60f12527b70443cb7d0b9cd78ef7b1.tar.gz src-c1d1798abd60f12527b70443cb7d0b9cd78ef7b1.zip |
Import OpenSSL 1.1.1lvendor/openssl/1.1.1l
Diffstat (limited to 'doc')
-rw-r--r-- | doc/man1/enc.pod | 4 | ||||
-rw-r--r-- | doc/man1/s_client.pod | 2 | ||||
-rw-r--r-- | doc/man1/s_server.pod | 2 | ||||
-rw-r--r-- | doc/man3/BIO_f_ssl.pod | 7 | ||||
-rw-r--r-- | doc/man3/BIO_push.pod | 6 | ||||
-rw-r--r-- | doc/man3/BN_cmp.pod | 41 | ||||
-rw-r--r-- | doc/man3/d2i_PrivateKey.pod | 6 | ||||
-rw-r--r-- | doc/man7/x509.pod | 6 |
8 files changed, 39 insertions, 35 deletions
diff --git a/doc/man1/enc.pod b/doc/man1/enc.pod index 3c7b6c42ea2c..9068282db543 100644 --- a/doc/man1/enc.pod +++ b/doc/man1/enc.pod @@ -180,8 +180,8 @@ Debug the BIOs used for I/O. =item B<-z> -Compress or decompress clear text using zlib before encryption or after -decryption. This option exists only if OpenSSL with compiled with zlib +Compress or decompress encrypted data using zlib after encryption or before +decryption. This option exists only if OpenSSL was compiled with the zlib or zlib-dynamic option. =item B<-none> diff --git a/doc/man1/s_client.pod b/doc/man1/s_client.pod index 743b2db2ba43..f1a2c4abdf53 100644 --- a/doc/man1/s_client.pod +++ b/doc/man1/s_client.pod @@ -797,7 +797,7 @@ server. The B<s_client> utility is a test tool and is designed to continue the handshake after any certificate verification errors. As a result it will -accept any certificate chain (trusted or not) sent by the peer. None test +accept any certificate chain (trusted or not) sent by the peer. Non-test applications should B<not> do this as it makes them vulnerable to a MITM attack. This behaviour can be changed by with the B<-verify_return_error> option: any verify errors are then returned aborting the handshake. diff --git a/doc/man1/s_server.pod b/doc/man1/s_server.pod index 9fdac4919038..aa6c19d31f9a 100644 --- a/doc/man1/s_server.pod +++ b/doc/man1/s_server.pod @@ -701,7 +701,7 @@ disabling the ephemeral DH cipher suites. =item B<-alpn val>, B<-nextprotoneg val> -These flags enable the Enable the Application-Layer Protocol Negotiation +These flags enable the Application-Layer Protocol Negotiation or Next Protocol Negotiation (NPN) extension, respectively. ALPN is the IETF standard and replaces NPN. The B<val> list is a comma-separated list of supported protocol diff --git a/doc/man3/BIO_f_ssl.pod b/doc/man3/BIO_f_ssl.pod index 59cccbd4e597..641ee2329efc 100644 --- a/doc/man3/BIO_f_ssl.pod +++ b/doc/man3/BIO_f_ssl.pod @@ -185,11 +185,6 @@ unencrypted example in L<BIO_s_connect(3)>. ERR_print_errors_fp(stderr); exit(1); } - if (BIO_do_handshake(sbio) <= 0) { - fprintf(stderr, "Error establishing SSL connection\n"); - ERR_print_errors_fp(stderr); - exit(1); - } /* XXX Could examine ssl here to get connection info */ @@ -298,7 +293,7 @@ be modified to handle this fix or they may free up an already freed BIO. =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BIO_push.pod b/doc/man3/BIO_push.pod index 93f2cc31fdae..8b98bee49885 100644 --- a/doc/man3/BIO_push.pod +++ b/doc/man3/BIO_push.pod @@ -61,8 +61,8 @@ the new chain is B<md1-md2-b64-f>. Data written to B<md1> will be digested by B<md1> and B<md2>, B<base64> encoded and written to B<f>. It should be noted that reading causes data to pass in the reverse -direction, that is data is read from B<f>, base64 B<decoded> and digested -by B<md1> and B<md2>. If the call: +direction, that is data is read from B<f>, B<base64> decoded and digested +by B<md2> and B<md1>. If the call: BIO_pop(md2); @@ -79,7 +79,7 @@ The BIO_set_next() function was added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BN_cmp.pod b/doc/man3/BN_cmp.pod index 95d162ff2957..261619c512ab 100644 --- a/doc/man3/BN_cmp.pod +++ b/doc/man3/BN_cmp.pod @@ -2,42 +2,47 @@ =head1 NAME -BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_is_odd - BIGNUM comparison and test functions +BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_abs_is_word, BN_is_odd - BIGNUM comparison and test functions =head1 SYNOPSIS #include <openssl/bn.h> - int BN_cmp(BIGNUM *a, BIGNUM *b); - int BN_ucmp(BIGNUM *a, BIGNUM *b); + int BN_cmp(const BIGNUM *a, const BIGNUM *b); + int BN_ucmp(const BIGNUM *a, const BIGNUM *b); - int BN_is_zero(BIGNUM *a); - int BN_is_one(BIGNUM *a); - int BN_is_word(BIGNUM *a, BN_ULONG w); - int BN_is_odd(BIGNUM *a); + int BN_is_zero(const BIGNUM *a); + int BN_is_one(const BIGNUM *a); + int BN_is_word(const BIGNUM *a, const BN_ULONG w); + int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w); + int BN_is_odd(const BIGNUM *a); =head1 DESCRIPTION -BN_cmp() compares the numbers B<a> and B<b>. BN_ucmp() compares their +BN_cmp() compares the numbers I<a> and I<b>. BN_ucmp() compares their absolute values. -BN_is_zero(), BN_is_one() and BN_is_word() test if B<a> equals 0, 1, -or B<w> respectively. BN_is_odd() tests if a is odd. - -BN_is_zero(), BN_is_one(), BN_is_word() and BN_is_odd() are macros. +BN_is_zero(), BN_is_one(), BN_is_word() and BN_abs_is_word() test if +I<a> equals 0, 1, I<w>, or E<verbar>I<w>E<verbar> respectively. +BN_is_odd() tests if I<a> is odd. =head1 RETURN VALUES -BN_cmp() returns -1 if B<a> E<lt> B<b>, 0 if B<a> == B<b> and 1 if -B<a> E<gt> B<b>. BN_ucmp() is the same using the absolute values -of B<a> and B<b>. +BN_cmp() returns -1 if I<a> E<lt> I<b>, 0 if I<a> == I<b> and 1 if +I<a> E<gt> I<b>. BN_ucmp() is the same using the absolute values +of I<a> and I<b>. + +BN_is_zero(), BN_is_one() BN_is_word(), BN_abs_is_word() and +BN_is_odd() return 1 if the condition is true, 0 otherwise. + +=head1 HISTORY -BN_is_zero(), BN_is_one() BN_is_word() and BN_is_odd() return 1 if -the condition is true, 0 otherwise. +Prior to OpenSSL 1.1.0, BN_is_zero(), BN_is_one(), BN_is_word(), +BN_abs_is_word() and BN_is_odd() were macros. =head1 COPYRIGHT -Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/d2i_PrivateKey.pod b/doc/man3/d2i_PrivateKey.pod index 4e3f20f8b324..e7272595bc40 100644 --- a/doc/man3/d2i_PrivateKey.pod +++ b/doc/man3/d2i_PrivateKey.pod @@ -42,6 +42,10 @@ These functions are similar to the d2i_X509() functions; see L<d2i_X509(3)>. =head1 NOTES +All the functions that operate on data in memory update the data pointer I<*pp> +after a successful operation, just like the other d2i and i2d functions; +see L<d2i_X509(3)>. + All these functions use DER format and unencrypted keys. Applications wishing to encrypt or decrypt private keys should use other functions such as d2i_PKCS8PrivateKey() instead. @@ -71,7 +75,7 @@ L<d2i_PKCS8PrivateKey_bio(3)> =head1 COPYRIGHT -Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/x509.pod b/doc/man7/x509.pod index 065dcb14fbeb..7274e5ce9552 100644 --- a/doc/man7/x509.pod +++ b/doc/man7/x509.pod @@ -11,7 +11,7 @@ x509 - X.509 certificate handling =head1 DESCRIPTION An X.509 certificate is a structured grouping of information about -an individual, a device, or anything one can imagine. A X.509 CRL +an individual, a device, or anything one can imagine. An X.509 CRL (certificate revocation list) is a tool to help determine if a certificate is still valid. The exact definition of those can be found in the X.509 document from ITU-T, or in RFC3280 from PKIX. @@ -24,7 +24,7 @@ X509_REQ is used to express such a certificate request. To handle some complex parts of a certificate, there are the types X509_NAME (to express a certificate name), X509_ATTRIBUTE (to express -a certificate attributes), X509_EXTENSION (to express a certificate +a certificate attribute), X509_EXTENSION (to express a certificate extension) and a few more. Finally, there's the supertype X509_INFO, which can contain a CRL, a @@ -63,7 +63,7 @@ L<crypto(7)> =head1 COPYRIGHT -Copyright 2003-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2003-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy |