QuasarApp/openssl
4
0
Fork 0
mirror of https://github.com/QuasarApp/openssl.git synced 2025-05-02 12:39:38 +00:00
Code Issues Projects Releases Wiki Activity
22,349 Commits 22 Branches 310 Tags
Commit Graph

448 Commits

Author SHA1 Message Date
Matt Caswell
47f7cf051b Update the documentation for "Groups" and "Curves" 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3375)
 2017-05-03 16:57:54 +01:00
Matt Caswell
6d9d8019bb Update serverinfo documentation based on feedback received 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3298)
 2017-05-03 14:42:52 +01:00
Matt Caswell
f233a9d181 Clarify serverinfo usage with Certificate messages 
Ensure that serverinfo only gets added for the first Certificate in a list.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3298)
 2017-05-03 14:37:42 +01:00
Matt Caswell
fb29c0f070 Document the new SSL_CTX_use_serverinfo_ex() function 
Also document other releated changes to the serverinfo capability.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3298)
 2017-05-03 14:37:42 +01:00
Rich Salz
e5db7fcf93 Add some man page cross-references 
The old/deprecated servername callback should refer back to the
new/preferred early callback mechanism, as well as indicate that
it is superseded by the early callback.

The early callback should also mention the API for turning the
raw cipherlist octets from the client into usable data structures.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3338)
 2017-05-02 09:08:08 -04:00
Todd Short
c649d10d3f TLS1.3 Padding 
Add padding callback for application control
Standard block_size callback
Documentation and tests included
Configuration file/s_client/s_srver option

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3130)
 2017-05-02 09:44:43 +01:00
Matt Caswell
b89646684d Clarify that SSL_CTX_remove_session() marks a session as non-resumable 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3008)
 2017-04-26 16:46:47 +01:00
Matt Caswell
5b3e5f00a6 More SSL_SESSION documentation tweaks based on feedback 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3008)
 2017-04-26 16:46:47 +01:00
Matt Caswell
35ea9edfb2 Tweak SSL_get_session.pod wording 
Based on feedback received.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3008)
 2017-04-26 16:46:46 +01:00
Matt Caswell
6ff7149468 Documentation updates for TLSv1.3 sessions 
Add documentation for SSL_SESSION_is_resumable(). Also describe the interaction
of the various session functions and TLSv1.3 post-handshake sessions.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3008)
 2017-04-26 16:42:29 +01:00
Dr. Stephen Henson
2f7a252057 Update documentation 
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3301)
 2017-04-25 22:12:35 +01:00
Matt Caswell
f7b3cb2ad0 Fix doc-nits issue 
BIO_lookup_ex() should be in the NAME section

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3286)
 2017-04-25 11:13:39 +01:00
Matt Caswell
561f6f1ed2 Address review feedback for the SCTP changes 
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3286)
 2017-04-25 11:13:39 +01:00
Matt Caswell
e829142846 Document BIO_lookup_ex() 
We also change the enum type to an int.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3286)
 2017-04-25 11:13:39 +01:00
Richard Levitte
20626cfd58 Add CRYPTO_mem_leaks_cb 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3243)
 2017-04-24 18:09:01 +02:00
Camille Guérin
7643a1723e Fixed typo in X509_STORE_CTX_new description 
'X509_XTORE_CTX_cleanup' ->  'X509_STORE_CTX_cleanup'
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3271)
 2017-04-22 18:26:38 -04:00
Rich Salz
87b81496fe Document Next Protocol Negotiation APIs 
Add callback function prototypes, fix description

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3084)
 2017-04-19 12:38:27 -04:00
Thiago Arrais
800b5dac00 update docs because depth refers only to intermediate certs 
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3132)
 2017-04-18 11:06:27 -04:00
Benjamin Kaduk
8313a787d7 Allow an ALPN callback to pretend to not exist 
RFC 7301 mandates that the server SHALL respond with a fatal
"no_application_protocol" alert when there is no overlap between
the client's supplied list and the server's list of supported protocols.
In commit 062178678f5374b09f00d70796f6e692e8775aca we changed from
ignoring non-success returns from the supplied alpn_select_cb() to
treating such non-success returns as indicative of non-overlap and
sending the fatal alert.

In effect, this is using the presence of an alpn_select_cb() as a proxy
to attempt to determine whether the application has configured a list
of supported protocols.  However, there may be cases in which an
application's architecture leads it to supply an alpn_select_cb() but
have that callback be configured to take no action on connections that
do not have ALPN configured; returning SSL_TLSEXT_ERR_NOACK from
the callback would be the natural way to do so.  Unfortunately, the
aforementioned behavior change also treated SSL_TLSEXT_ERR_NOACK as
indicative of no overlap and terminated the connection; this change
supplies special handling for SSL_TLSEXT_ERR_NOACK returns from the
callback.  In effect, it provides a way for a callback to obtain the
behavior that would have occurred if no callback was registered at
all, which was not possible prior to this change.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2570)
 2017-04-10 11:57:37 -04:00
Rich Salz
2f61bc2ea3 Use 'over 2' for bullet lists. 
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3117)
 2017-04-07 13:48:19 -04:00
Rich Salz
e1271ac221 Standardize on =over 4 and check for it. 
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3117)
 2017-04-07 13:30:04 -04:00
Rich Salz
8c32663cdd Add missing =back 
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3117)
 2017-04-07 13:30:04 -04:00
Rich Salz
076fc55527 Make default_method mostly compile-time 
Document thread-safety issues
Have RSA_null return NULL (always fails)

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2244)
 2017-04-07 12:19:46 -04:00
Matt Caswell
cd17bb190c Prefix custom extension API callback types with SSL_ 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3139)
 2017-04-07 13:41:04 +01:00
Matt Caswell
64350ab587 Various style tweaks based on feedback 
Style updates for the new custom extensions API

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3139)
 2017-04-07 13:41:04 +01:00
Matt Caswell
314aec07ef Add documentation for the new custom extensions API 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3139)
 2017-04-07 13:41:04 +01:00
Dr. Stephen Henson
5a185729a3 Document new ssl(3) functions and options. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3015)
 2017-04-03 23:47:22 +01:00
Matt Caswell
508fafd8ef Add documentation for SSL_get_server_tmp_key() 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3114)
 2017-04-03 19:18:47 +01:00
Kazuki Yamaguchi
a8e75d5680 Fix a typo in the SSL_get_max_early_data() declarations 
SSL_get_max_early_data() recently added by 3fc8d856105e ("Construct the
ticket_early_data_info extension", 2017-02-17) is supposed to take an
SSL, but it doesn't.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3113)
 2017-04-03 13:45:39 +01:00
Jon Spillett
1c7ae3dd9e Add SSL_dup description 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3085)
 2017-03-30 14:18:11 +02:00
Pauli
c4de074e63 Documentation updates 
Fix capitilistion of list items.
Wrap long lines.
Add full stops to the ends of sentances.
Change ciphersuite to cipher suite in all of doc.

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3082)
 2017-03-30 14:16:41 +02:00
Steven Collison
209fac9f8a doc: Add stitched ciphers to EVP_EncryptInit.pod 
These ciphers don't appear to be documented anywhere. Given the
performance[1] benefits I think it makes sense to expose them.

[1] https://software.intel.com/sites/default/files/open-ssl-performance-paper.pdf

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3067)
 2017-03-29 09:31:39 +01:00
Jon Spillett
8c55c46147 Add documentation for SNI APIs 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3071)
 2017-03-29 07:26:41 +02:00
Rich Salz
a01dbac232 Remove duplicate doc 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3068)
 2017-03-29 07:18:57 +02:00
FdaSilvaYY
69687aa829 More typo fixes 
Fix some comments too
[skip ci]

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3069)
 2017-03-29 07:14:29 +02:00
Jon Spillett
7bd278957d Typo in SSL_CTX_sess_number.pod - started 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3070)
 2017-03-29 07:10:18 +02:00
Jon Spillett
edb79c3a34 Tidy up the SSL options in SSL_CTX_set_options.pod 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3070)
 2017-03-29 07:10:18 +02:00
Jon Spillett
3aaa1bd076 SSL_CTX_use_PrivateKey_file uses private key, not certificate 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3070)
 2017-03-29 07:10:18 +02:00
Jon Spillett
d5d5b5fc77 Typo in SSL_CONF_cmd_argv.pod 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3070)
 2017-03-29 07:10:18 +02:00
Jon Spillett
f5f85f755d Typo in SSL_CONF_CTX_set1_prefix.pod - change SSL_CTX_cmd to SSL_CONF_cmd 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3070)
 2017-03-29 07:10:18 +02:00
Jon Spillett
818f861756 Typo in SSL_CONF_CTX_set_flags.pod 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3070)
 2017-03-29 07:10:18 +02:00
Jon Spillett
09fdfa4b2f Add documentation for SSL_*_ex_data() functions 
[skip ci]

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3050)
 2017-03-28 21:50:13 +02:00
Jon Spillett
86fde069d4 Add documentation for SSL version methods 
[skip ci]

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3049)
 2017-03-28 20:13:30 +02:00
Matt Caswell
249e3a1b20 Provide documentation for some state machine related functions 
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3051)
 2017-03-28 15:46:40 +01:00
Dr. Stephen Henson
0af8fd6085 fix typo 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3059)
 2017-03-28 15:43:41 +01:00
Matt Caswell
b31db50528 Provide documentation for missing SSL_SESSION_* functions 
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3052)
 2017-03-28 15:15:41 +01:00
Emilia Kasper
24053693b0 X509_cmp_time.pod: fix doc nits 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2017-03-28 14:40:25 +02:00
Emilia Kasper
4ac139b49a Add documentation for X509 time functions 
[ci skip]

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2017-03-28 12:22:32 +02:00
Rich Salz
3ba4dac67a Look for comma before - in POD pages 
[skip ci]

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3021)
 2017-03-23 13:18:31 -04:00
Rich Salz
2ca2e9175d Document BIO_printf family 
Also fix an error in UI_STRING (typo; wrong case).

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2999)
 2017-03-20 16:25:22 -04:00