diff options
Diffstat (limited to 'doc')
-rw-r--r-- | doc/man3/BN_generate_prime.pod | 10 | ||||
-rw-r--r-- | doc/man3/SSL_get_error.pod | 14 | ||||
-rw-r--r-- | doc/man3/X509_get_extension_flags.pod | 13 |
3 files changed, 32 insertions, 5 deletions
diff --git a/doc/man3/BN_generate_prime.pod b/doc/man3/BN_generate_prime.pod index 31fbc1ffa174..f1e63f3b3c4a 100644 --- a/doc/man3/BN_generate_prime.pod +++ b/doc/man3/BN_generate_prime.pod @@ -52,7 +52,9 @@ Deprecated: BN_generate_prime_ex() generates a pseudo-random prime number of at least bit length B<bits>. The returned number is probably prime -with a negligible error. +with a negligible error. If B<add> is B<NULL> the returned prime +number will have exact bit length B<bits> with the top most two +bits set. If B<ret> is not B<NULL>, it will be used to store the number. @@ -89,7 +91,9 @@ If B<add> is not B<NULL>, the prime will fulfill the condition p % B<add> generator. If B<safe> is true, it will be a safe prime (i.e. a prime p so -that (p-1)/2 is also prime). +that (p-1)/2 is also prime). If B<safe> is true, and B<rem> == B<NULL> +the condition will be p % B<add> == 3. +It is recommended that B<add> is a multiple of 4. The random generator must be seeded prior to calling BN_generate_prime_ex(). If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to @@ -206,7 +210,7 @@ and BN_GENCB_get_arg() functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_get_error.pod b/doc/man3/SSL_get_error.pod index 97320a6c153f..5221ccfe1804 100644 --- a/doc/man3/SSL_get_error.pod +++ b/doc/man3/SSL_get_error.pod @@ -155,6 +155,18 @@ connection and SSL_shutdown() must not be called. =back +=head1 BUGS + +The B<SSL_ERROR_SYSCALL> with B<errno> value of 0 indicates unexpected EOF from +the peer. This will be properly reported as B<SSL_ERROR_SSL> with reason +code B<SSL_R_UNEXPECTED_EOF_WHILE_READING> in the OpenSSL 3.0 release because +it is truly a TLS protocol error to terminate the connection without +a SSL_shutdown(). + +The issue is kept unfixed in OpenSSL 1.1.1 releases because many applications +which choose to ignore this protocol error depend on the existing way of +reporting the error. + =head1 SEE ALSO L<ssl(7)> @@ -166,7 +178,7 @@ The SSL_ERROR_WANT_CLIENT_HELLO_CB error code was added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/X509_get_extension_flags.pod b/doc/man3/X509_get_extension_flags.pod index 2dfe2ef37275..43c9c952c6b7 100644 --- a/doc/man3/X509_get_extension_flags.pod +++ b/doc/man3/X509_get_extension_flags.pod @@ -80,6 +80,17 @@ The certificate contains an unhandled critical extension. Some certificate extension values are invalid or inconsistent. The certificate should be rejected. +This bit may also be raised after an out-of-memory error while +processing the X509 object, so it may not be related to the processed +ASN1 object itself. + +=item B<EXFLAG_INVALID_POLICY> + +The NID_certificate_policies certificate extension is invalid or +inconsistent. The certificate should be rejected. +This bit may also be raised after an out-of-memory error while +processing the X509 object, so it may not be related to the processed +ASN1 object itself. =item B<EXFLAG_KUSAGE> @@ -183,7 +194,7 @@ X509_get_proxy_pathlen() were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy |