diff options
author | simon <simon@FreeBSD.org> | 2006-07-29 19:41:41 +0000 |
---|---|---|
committer | simon <simon@FreeBSD.org> | 2006-07-29 19:41:41 +0000 |
commit | 018ef6efe1e20b420eaa3afdaa37b0abeba93a1a (patch) | |
tree | e9b6155f49a3b6073b95b808e1e0a1ec5489a21f | |
parent | 152e76d1d1dcc649357b52f30943345b06aa162c (diff) | |
download | FreeBSD-src-018ef6efe1e20b420eaa3afdaa37b0abeba93a1a.zip FreeBSD-src-018ef6efe1e20b420eaa3afdaa37b0abeba93a1a.tar.gz |
Upgrade to OpenSSL 0.9.8b.
299 files changed, 6561 insertions, 3674 deletions
diff --git a/secure/lib/libcrypto/Makefile b/secure/lib/libcrypto/Makefile index a7fa039..6edefc1 100644 --- a/secure/lib/libcrypto/Makefile +++ b/secure/lib/libcrypto/Makefile @@ -1,11 +1,12 @@ # $FreeBSD$ SHLIBDIR?= /lib +SUBDIR= engines .include <bsd.own.mk> LIB= crypto -SHLIB_MAJOR= 4 +SHLIB_MAJOR= 5 NO_LINT= @@ -20,7 +21,7 @@ MAN+= config.5 des_modes.7 # base sources SRCS= cpt_err.c cryptlib.c cversion.c ebcdic.c ex_data.c mem.c mem_clr.c \ - mem_dbg.c o_time.c o_str.c tmdiff.c uid.c + mem_dbg.c o_dir.c o_str.c o_time.c tmdiff.c uid.c INCS= crypto.h ebcdic.h opensslv.h ossl_typ.h symhacks.h tmdiff.h \ ../e_os.h ../e_os2.h @@ -29,19 +30,19 @@ SRCS+= aes_cbc.c aes_cfb.c aes_core.c aes_ctr.c aes_ecb.c aes_misc.c aes_ofb.c INCS+= aes.h aes_locl.h # asn1 -SRCS+= a_bitstr.c a_bool.c a_bytes.c a_d2i_fp.c a_digest.c \ - a_dup.c a_enum.c a_gentm.c a_hdr.c a_i2d_fp.c a_int.c \ - a_mbstr.c a_meth.c a_object.c a_octet.c a_print.c \ - a_set.c a_sign.c a_strex.c a_strnid.c a_time.c a_type.c \ - a_utctm.c a_utf8.c a_verify.c asn1_err.c asn1_lib.c \ - asn1_par.c asn_moid.c asn_pack.c d2i_pr.c d2i_pu.c \ - evp_asn1.c f_enum.c f_int.c f_string.c i2d_pr.c i2d_pu.c \ - n_pkey.c nsseq.c p5_pbe.c p5_pbev2.c p8_pkey.c t_bitst.c \ - t_crl.c t_pkey.c t_req.c t_spki.c t_x509.c t_x509a.c \ - tasn_dec.c tasn_enc.c tasn_fre.c tasn_new.c tasn_typ.c \ - tasn_utl.c x_algor.c x_attrib.c x_bignum.c x_crl.c \ - x_exten.c x_info.c x_long.c x_name.c x_pkey.c x_pubkey.c \ - x_req.c x_sig.c x_spki.c x_val.c x_x509.c x_x509a.c +SRCS+= a_bitstr.c a_bool.c a_bytes.c a_d2i_fp.c a_digest.c a_dup.c \ + a_enum.c a_gentm.c a_hdr.c a_i2d_fp.c a_int.c a_mbstr.c \ + a_meth.c a_object.c a_octet.c a_print.c a_set.c a_sign.c \ + a_strex.c a_strnid.c a_time.c a_type.c a_utctm.c a_utf8.c \ + a_verify.c asn1_err.c asn1_gen.c asn1_lib.c asn1_par.c \ + asn_moid.c asn_pack.c d2i_pr.c d2i_pu.c evp_asn1.c f_enum.c \ + f_int.c f_string.c i2d_pr.c i2d_pu.c n_pkey.c nsseq.c p5_pbe.c \ + p5_pbev2.c p8_pkey.c t_bitst.c t_crl.c t_pkey.c t_req.c \ + t_spki.c t_x509.c t_x509a.c tasn_dec.c tasn_enc.c tasn_fre.c \ + tasn_new.c tasn_typ.c tasn_utl.c x_algor.c x_attrib.c \ + x_bignum.c x_crl.c x_exten.c x_info.c x_long.c x_name.c \ + x_pkey.c x_pubkey.c x_req.c x_sig.c x_spki.c x_val.c x_x509.c \ + x_x509a.c INCS+= asn1.h asn1_mac.h asn1t.h # bf @@ -60,15 +61,16 @@ INCS+= blowfish.h # bio SRCS+= b_dump.c b_print.c b_sock.c bf_buff.c bf_lbuf.c bf_nbio.c \ bf_null.c bio_cb.c bio_err.c bio_lib.c bss_acpt.c bss_bio.c \ - bss_conn.c bss_fd.c bss_file.c bss_log.c bss_mem.c \ + bss_conn.c bss_dgram.c bss_fd.c bss_file.c bss_log.c bss_mem.c \ bss_null.c bss_sock.c -INCS+= bio.h +INCS+= bio.h bio_lcl.h # bn -SRCS+= bn_add.c bn_blind.c bn_ctx.c bn_div.c bn_err.c bn_exp.c \ - bn_exp2.c bn_gcd.c bn_kron.c bn_lib.c bn_mod.c bn_mont.c \ - bn_mpi.c bn_mul.c bn_prime.c bn_print.c bn_rand.c bn_recp.c \ - bn_shift.c bn_sqr.c bn_sqrt.c bn_word.c +SRCS+= bn_add.c bn_blind.c bn_const.c bn_ctx.c bn_depr.c bn_div.c \ + bn_err.c bn_exp.c bn_exp2.c bn_gcd.c bn_gf2m.c bn_kron.c \ + bn_lib.c bn_mod.c bn_mont.c bn_mpi.c bn_mul.c bn_nist.c \ + bn_prime.c bn_print.c bn_rand.c bn_recp.c bn_shift.c bn_sqr.c \ + bn_sqrt.c bn_word.c .if ${MACHINE_ARCH} == "i386" SRCS+= bn-586.s co-586.s .elif ${MACHINE_ARCH} == "amd64" @@ -114,11 +116,12 @@ SRCS+= des_enc.c fcrypt_b.c INCS+= des.h des_old.h # dh -SRCS+= dh_asn1.c dh_check.c dh_err.c dh_gen.c dh_key.c dh_lib.c +SRCS+= dh_asn1.c dh_check.c dh_err.c dh_depr.c dh_gen.c dh_key.c dh_lib.c INCS+= dh.h # dsa -SRCS+= dsa_asn1.c dsa_err.c dsa_gen.c dsa_key.c dsa_lib.c dsa_ossl.c dsa_sign.c dsa_vrf.c +SRCS+= dsa_asn1.c dsa_err.c dsa_depr.c dsa_gen.c dsa_key.c dsa_lib.c \ + dsa_ossl.c dsa_sign.c dsa_vrf.c INCS+= dsa.h # dso @@ -126,22 +129,26 @@ SRCS+= dso_dl.c dso_dlfcn.c dso_err.c dso_lib.c dso_null.c dso_openssl.c INCS+= dso.h # ec -SRCS+= ec_cvt.c ec_err.c ec_lib.c ec_mult.c ecp_mont.c ecp_nist.c \ - ecp_recp.c ecp_smpl.c +SRCS+= ec_asn1.c ec_check.c ec_curve.c ec_cvt.c ec_err.c ec_key.c \ + ec_lib.c ec_mult.c ec_print.c ecp_mont.c ecp_nist.c \ + ecp_smpl.c ec2_mult.c ec2_smpl.c INCS+= ec.h +# ecdh +SRCS+= ech_err.c ech_key.c ech_lib.c ech_ossl.c +INCS+= ecdh.h + +# ecdsa +SRCS+= ecs_asn1.c ecs_err.c ecs_lib.c ecs_ossl.c ecs_sign.c ecs_vrf.c +INCS+= ecdsa.h + # engine -SRCS+= eng_all.c eng_cnf.c eng_ctrl.c eng_dyn.c eng_err.c eng_fat.c \ - eng_init.c eng_lib.c eng_list.c eng_openssl.c eng_padlock.c eng_pkey.c \ - eng_table.c hw_4758_cca.c hw_4758_cca_err.c hw_aep.c hw_aep_err.c \ - hw_atalla.c hw_atalla_err.c hw_cryptodev.c hw_cswift.c \ - hw_cswift_err.c hw_ncipher.c hw_ncipher_err.c hw_nuron.c \ - hw_nuron_err.c hw_sureware.c hw_sureware_err.c hw_ubsec.c \ - hw_ubsec_err.c tb_cipher.c tb_dh.c tb_digest.c tb_dsa.c tb_rand.c \ - tb_rsa.c -INCS+= eng_int.h engine.h hw_4758_cca_err.h hw_aep_err.h hw_atalla_err.h \ - hw_cswift_err.h hw_ncipher_err.h hw_nuron_err.h hw_sureware_err.h \ - hw_ubsec_err.h +SRCS+= eng_all.c eng_cnf.c eng_cryptodev.c eng_ctrl.c eng_dyn.c \ + eng_err.c eng_fat.c eng_init.c eng_lib.c eng_list.c \ + eng_openssl.c eng_padlock.c eng_pkey.c eng_table.c tb_cipher.c \ + tb_dh.c tb_digest.c tb_dsa.c tb_ecdh.c tb_ecdsa.c tb_rand.c \ + tb_rsa.c tb_store.c +INCS+= engine.h # err SRCS+= err.c err_all.c err_prn.c @@ -151,12 +158,11 @@ INCS+= err.h SRCS+= bio_b64.c bio_enc.c bio_md.c bio_ok.c c_all.c c_allc.c c_alld.c \ digest.c e_aes.c e_bf.c e_cast.c e_des.c e_des3.c e_idea.c \ e_null.c e_old.c e_rc2.c e_rc4.c e_rc5.c e_xcbc_d.c encode.c \ - evp_acnf.c \ - evp_enc.c evp_err.c evp_key.c evp_lib.c evp_pbe.c evp_pkey.c \ - m_dss.c m_dss1.c m_md2.c m_md4.c m_md5.c m_mdc2.c m_null.c \ - m_ripemd.c m_sha.c m_sha1.c names.c openbsd_hw.c p5_crpt.c \ - p5_crpt2.c p_dec.c p_enc.c p_lib.c p_open.c p_seal.c p_sign.c \ - p_verify.c + evp_acnf.c evp_enc.c evp_err.c evp_key.c evp_lib.c evp_pbe.c \ + evp_pkey.c m_dss.c m_dss1.c m_ecdsa.c m_md2.c m_md4.c m_md5.c \ + m_mdc2.c m_null.c m_ripemd.c m_sha.c m_sha1.c names.c \ + openbsd_hw.c p5_crpt.c p5_crpt2.c p_dec.c p_enc.c p_lib.c \ + p_open.c p_seal.c p_sign.c p_verify.c INCS+= evp.h # fips @@ -223,6 +229,10 @@ INCS+= pkcs12.h pkcs7.h SRCS+= example.c pk7_asn1.c pk7_attr.c pk7_dgst.c pk7_doit.c \ pk7_lib.c pk7_mime.c pk7_smime.c pkcs7err.c +# pqueue +SRCS+= pqueue.c +INCS+= pqueue.h pq_compat.h + # rand SRCS+= md_rand.c rand_egd.c rand_err.c rand_lib.c rand_unix.c randfile.c INCS+= rand.h @@ -256,11 +266,11 @@ INCS+= ripemd.h # rsa SRCS+= rsa_asn1.c rsa_chk.c rsa_eay.c rsa_err.c rsa_gen.c rsa_lib.c \ rsa_none.c rsa_null.c rsa_oaep.c rsa_pk1.c rsa_saos.c \ - rsa_sign.c rsa_ssl.c + rsa_sign.c rsa_ssl.c rsa_depr.c rsa_pss.c rsa_x931.c INCS+= rsa.h # sha -SRCS+= sha1_one.c sha1dgst.c sha_dgst.c sha_one.c +SRCS+= sha1_one.c sha1dgst.c sha_dgst.c sha_one.c sha256.c sha512.c .if ${MACHINE_ARCH} == "i386" SRCS+= sha1-586.s .endif @@ -270,6 +280,10 @@ INCS+= sha.h SRCS+= stack.c INCS+= stack.h safestack.h +# store +SRCS+= str_err.c str_lib.c str_meth.c str_mem.c +INCS+= store.h + # threads SRCS+= th-lock.c @@ -286,14 +300,16 @@ SRCS+= by_dir.c by_file.c x509_att.c x509_cmp.c x509_d2.c \ x509_def.c x509_err.c x509_ext.c x509_lu.c x509_obj.c \ x509_r2x.c x509_req.c x509_set.c x509_trs.c x509_txt.c \ x509_v3.c x509_vfy.c x509cset.c x509name.c x509rset.c \ - x509spki.c x509type.c x_all.c + x509spki.c x509type.c x_all.c x509_vpm.c INCS+= x509.h x509_vfy.h # x509v3 -SRCS+= v3_akey.c v3_akeya.c v3_alt.c v3_bcons.c v3_bitst.c \ - v3_conf.c v3_cpols.c v3_crld.c v3_enum.c v3_extku.c \ - v3_genn.c v3_ia5.c v3_info.c v3_int.c v3_lib.c v3_ocsp.c \ - v3_pku.c v3_prn.c v3_purp.c v3_skey.c v3_sxnet.c v3_utl.c v3err.c +SRCS+= pcy_cache.c pcy_data.c pcy_lib.c pcy_map.c pcy_node.c \ + pcy_tree.c v3_akey.c v3_akeya.c v3_alt.c v3_bcons.c v3_bitst.c \ + v3_conf.c v3_cpols.c v3_crld.c v3_enum.c v3_extku.c v3_genn.c \ + v3_ia5.c v3_info.c v3_int.c v3_lib.c v3_ncons.c v3_ocsp.c \ + v3_pci.c v3_pcia.c v3_pcons.c v3_pku.c v3_pmaps.c v3_prn.c \ + v3_purp.c v3_skey.c v3_sxnet.c v3_utl.c v3err.c INCS+= x509v3.h SRCS+= buildinf.h @@ -370,6 +386,8 @@ _ideapath= ${LCRYPTO_SRC}/crypto/idea ${LCRYPTO_SRC}/crypto/dsa \ ${LCRYPTO_SRC}/crypto/dso \ ${LCRYPTO_SRC}/crypto/ec \ + ${LCRYPTO_SRC}/crypto/ecdh \ + ${LCRYPTO_SRC}/crypto/ecdsa \ ${LCRYPTO_SRC}/crypto/engine \ ${LCRYPTO_SRC}/crypto/err \ ${LCRYPTO_SRC}/crypto/evp \ @@ -386,6 +404,7 @@ _ideapath= ${LCRYPTO_SRC}/crypto/idea ${LCRYPTO_SRC}/crypto/pem \ ${LCRYPTO_SRC}/crypto/pkcs12 \ ${LCRYPTO_SRC}/crypto/pkcs7 \ + ${LCRYPTO_SRC}/crypto/pqueue \ ${LCRYPTO_SRC}/crypto/rand \ ${LCRYPTO_SRC}/crypto/rc2 \ ${LCRYPTO_SRC}/crypto/rc4 \ @@ -394,10 +413,12 @@ _ideapath= ${LCRYPTO_SRC}/crypto/idea ${LCRYPTO_SRC}/crypto/rsa \ ${LCRYPTO_SRC}/crypto/sha \ ${LCRYPTO_SRC}/crypto/stack \ + ${LCRYPTO_SRC}/crypto/store \ ${LCRYPTO_SRC}/crypto/threads \ ${LCRYPTO_SRC}/crypto/txt_db \ ${LCRYPTO_SRC}/crypto/ui \ ${LCRYPTO_SRC}/crypto/x509 \ ${LCRYPTO_SRC}/crypto/x509v3 \ + ${LCRYPTO_SRC}/engines \ ${LCRYPTO_SRC} \ ${.CURDIR}/man diff --git a/secure/lib/libcrypto/Makefile.inc b/secure/lib/libcrypto/Makefile.inc index 311a581..151b3de 100644 --- a/secure/lib/libcrypto/Makefile.inc +++ b/secure/lib/libcrypto/Makefile.inc @@ -36,9 +36,9 @@ man-update: @(sec=${manpage:E}; \ pod=${manpage:R}.pod; \ cp ${LCRYPTO_DOC}/${_docs}/$$pod .; \ - pod2man --section=$$sec --release="0.9.7d" --center="OpenSSL" \ + pod2man --section=$$sec --release="0.9.8b" --center="OpenSSL" \ $$pod > ${.CURDIR}/man/${manpage}; \ - rm $$pod; \ + rm -f $$pod; \ ${ECHO} ${manpage}) .endfor diff --git a/secure/lib/libcrypto/Makefile.man b/secure/lib/libcrypto/Makefile.man index 9a5f259..46dd1c8 100644 --- a/secure/lib/libcrypto/Makefile.man +++ b/secure/lib/libcrypto/Makefile.man @@ -4,6 +4,7 @@ MAN+= ASN1_OBJECT_new.3 MAN+= ASN1_STRING_length.3 MAN+= ASN1_STRING_new.3 MAN+= ASN1_STRING_print_ex.3 +MAN+= ASN1_generate_nconf.3 MAN+= BIO_ctrl.3 MAN+= BIO_f_base64.3 MAN+= BIO_f_buffer.3 @@ -25,6 +26,7 @@ MAN+= BIO_s_null.3 MAN+= BIO_s_socket.3 MAN+= BIO_set_callback.3 MAN+= BIO_should_retry.3 +MAN+= BN_BLINDING_new.3 MAN+= BN_CTX_new.3 MAN+= BN_CTX_start.3 MAN+= BN_add.3 @@ -70,6 +72,7 @@ MAN+= ERR_load_strings.3 MAN+= ERR_print_errors.3 MAN+= ERR_put_error.3 MAN+= ERR_remove_state.3 +MAN+= ERR_set_mark.3 MAN+= EVP_BytesToKey.3 MAN+= EVP_DigestInit.3 MAN+= EVP_EncryptInit.3 @@ -80,8 +83,10 @@ MAN+= EVP_SealInit.3 MAN+= EVP_SignInit.3 MAN+= EVP_VerifyInit.3 MAN+= OBJ_nid2obj.3 +MAN+= OPENSSL_Applink.3 MAN+= OPENSSL_VERSION_NUMBER.3 MAN+= OPENSSL_config.3 +MAN+= OPENSSL_ia32cap.3 MAN+= OPENSSL_load_builtin_modules.3 MAN+= OpenSSL_add_all_algorithms.3 MAN+= PKCS12_create.3 @@ -136,6 +141,7 @@ MAN+= d2i_X509_SIG.3 MAN+= des.3 MAN+= dh.3 MAN+= dsa.3 +MAN+= ecdsa.3 MAN+= engine.3 MAN+= err.3 MAN+= evp.3 @@ -153,6 +159,7 @@ MAN+= sha.3 MAN+= threads.3 MAN+= ui.3 MAN+= ui_compat.3 +MAN+= x509.3 MLINKS+= ASN1_OBJECT_new.3 ASN1_OBJECT_free.3 MLINKS+= ASN1_STRING_length.3 ASN1_STRING_dup.3 MLINKS+= ASN1_STRING_length.3 ASN1_STRING_cmp.3 @@ -163,6 +170,7 @@ MLINKS+= ASN1_STRING_length.3 ASN1_STRING_data.3 MLINKS+= ASN1_STRING_new.3 ASN1_STRING_type_new.3 MLINKS+= ASN1_STRING_new.3 ASN1_STRING_free.3 MLINKS+= ASN1_STRING_print_ex.3 ASN1_STRING_print_ex_fp.3 +MLINKS+= ASN1_generate_nconf.3 ASN1_generate_v3.3 MLINKS+= BIO_ctrl.3 BIO_callback_ctrl.3 MLINKS+= BIO_ctrl.3 BIO_ptr_ctrl.3 MLINKS+= BIO_ctrl.3 BIO_int_ctrl.3 @@ -260,6 +268,17 @@ MLINKS+= BIO_should_retry.3 BIO_should_io_special.3 MLINKS+= BIO_should_retry.3 BIO_retry_type.3 MLINKS+= BIO_should_retry.3 BIO_get_retry_BIO.3 MLINKS+= BIO_should_retry.3 BIO_get_retry_reason.3 +MLINKS+= BN_BLINDING_new.3 BN_BLINDING_free.3 +MLINKS+= BN_BLINDING_new.3 BN_BLINDING_update.3 +MLINKS+= BN_BLINDING_new.3 BN_BLINDING_convert.3 +MLINKS+= BN_BLINDING_new.3 BN_BLINDING_invert.3 +MLINKS+= BN_BLINDING_new.3 BN_BLINDING_convert_ex.3 +MLINKS+= BN_BLINDING_new.3 BN_BLINDING_invert_ex.3 +MLINKS+= BN_BLINDING_new.3 BN_BLINDING_get_thread_id.3 +MLINKS+= BN_BLINDING_new.3 BN_BLINDING_set_thread_id.3 +MLINKS+= BN_BLINDING_new.3 BN_BLINDING_get_flags.3 +MLINKS+= BN_BLINDING_new.3 BN_BLINDING_set_flags.3 +MLINKS+= BN_BLINDING_new.3 BN_BLINDING_create_param.3 MLINKS+= BN_CTX_new.3 BN_CTX_init.3 MLINKS+= BN_CTX_new.3 BN_CTX_free.3 MLINKS+= BN_CTX_start.3 BN_CTX_get.3 @@ -372,6 +391,7 @@ MLINKS+= ERR_load_strings.3 ERR_PACK.3 MLINKS+= ERR_load_strings.3 ERR_get_next_error_library.3 MLINKS+= ERR_print_errors.3 ERR_print_errors_fp.3 MLINKS+= ERR_put_error.3 ERR_add_error_data.3 +MLINKS+= ERR_set_mark.3 ERR_pop_to_mark.3 MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_init.3 MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_create.3 MLINKS+= EVP_DigestInit.3 EVP_DigestInit_ex.3 diff --git a/secure/lib/libcrypto/engines/Makefile b/secure/lib/libcrypto/engines/Makefile new file mode 100644 index 0000000..6250527 --- /dev/null +++ b/secure/lib/libcrypto/engines/Makefile @@ -0,0 +1,6 @@ +# $FreeBSD$ + +SUBDIR= lib4758cca libaep libatalla libcswift libchil libnuron \ + libsureware libubsec + +.include <bsd.subdir.mk> diff --git a/secure/lib/libcrypto/engines/Makefile.inc b/secure/lib/libcrypto/engines/Makefile.inc new file mode 100644 index 0000000..a71820f --- /dev/null +++ b/secure/lib/libcrypto/engines/Makefile.inc @@ -0,0 +1,6 @@ +# $FreeBSD$ + +LCRYPTO_SRC= ${.CURDIR}/../../../../../crypto/openssl +.PATH: ${LCRYPTO_SRC}/engines + +SHLIBDIR?= /usr/lib/engines diff --git a/secure/lib/libcrypto/engines/lib4758cca/Makefile b/secure/lib/libcrypto/engines/lib4758cca/Makefile new file mode 100644 index 0000000..4144034 --- /dev/null +++ b/secure/lib/libcrypto/engines/lib4758cca/Makefile @@ -0,0 +1,7 @@ +# $FreeBSD$ + +SHLIB_NAME?= lib4758cca.so +SRCS= e_4758cca.c +NO_MAN= # For now + +.include <bsd.lib.mk> diff --git a/secure/lib/libcrypto/engines/libaep/Makefile b/secure/lib/libcrypto/engines/libaep/Makefile new file mode 100644 index 0000000..66997df --- /dev/null +++ b/secure/lib/libcrypto/engines/libaep/Makefile @@ -0,0 +1,6 @@ +# $FreeBSD$ + +SHLIB_NAME?= libaep.so +SRCS= e_aep.c + +.include <bsd.lib.mk> diff --git a/secure/lib/libcrypto/engines/libatalla/Makefile b/secure/lib/libcrypto/engines/libatalla/Makefile new file mode 100644 index 0000000..6223dea --- /dev/null +++ b/secure/lib/libcrypto/engines/libatalla/Makefile @@ -0,0 +1,6 @@ +# $FreeBSD$ + +SHLIB_NAME?= libatalla.so +SRCS= e_atalla.c + +.include <bsd.lib.mk> diff --git a/secure/lib/libcrypto/engines/libchil/Makefile b/secure/lib/libcrypto/engines/libchil/Makefile new file mode 100644 index 0000000..14972c9 --- /dev/null +++ b/secure/lib/libcrypto/engines/libchil/Makefile @@ -0,0 +1,6 @@ +# $FreeBSD$ + +SHLIB_NAME?= libchil.so +SRCS= e_chil.c + +.include <bsd.lib.mk> diff --git a/secure/lib/libcrypto/engines/libcswift/Makefile b/secure/lib/libcrypto/engines/libcswift/Makefile new file mode 100644 index 0000000..38b0045 --- /dev/null +++ b/secure/lib/libcrypto/engines/libcswift/Makefile @@ -0,0 +1,6 @@ +# $FreeBSD$ + +SHLIB_NAME?= libcswift.so +SRCS= e_cswift.c + +.include <bsd.lib.mk> diff --git a/secure/lib/libcrypto/engines/libnuron/Makefile b/secure/lib/libcrypto/engines/libnuron/Makefile new file mode 100644 index 0000000..82aab9b --- /dev/null +++ b/secure/lib/libcrypto/engines/libnuron/Makefile @@ -0,0 +1,6 @@ +# $FreeBSD$ + +SHLIB_NAME?= libnuron.so +SRCS= e_nuron.c + +.include <bsd.lib.mk> diff --git a/secure/lib/libcrypto/engines/libsureware/Makefile b/secure/lib/libcrypto/engines/libsureware/Makefile new file mode 100644 index 0000000..4d176ee --- /dev/null +++ b/secure/lib/libcrypto/engines/libsureware/Makefile @@ -0,0 +1,6 @@ +# $FreeBSD$ + +SHLIB_NAME?= libsureware.so +SRCS= e_sureware.c + +.include <bsd.lib.mk> diff --git a/secure/lib/libcrypto/engines/libubsec/Makefile b/secure/lib/libcrypto/engines/libubsec/Makefile new file mode 100644 index 0000000..e02efab --- /dev/null +++ b/secure/lib/libcrypto/engines/libubsec/Makefile @@ -0,0 +1,6 @@ +# $FreeBSD$ + +SHLIB_NAME?= libubsec.so +SRCS= e_ubsec.c + +.include <bsd.lib.mk> diff --git a/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 b/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 index d951bbf..cc6deae 100644 --- a/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 +++ b/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_OBJECT_new 3" -.TH ASN1_OBJECT_new 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH ASN1_OBJECT_new 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" ASN1_OBJECT_new, ASN1_OBJECT_free, \- object allocation functions .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/ASN1_STRING_length.3 b/secure/lib/libcrypto/man/ASN1_STRING_length.3 index b77751a..f22f590 100644 --- a/secure/lib/libcrypto/man/ASN1_STRING_length.3 +++ b/secure/lib/libcrypto/man/ASN1_STRING_length.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_STRING_length 3" -.TH ASN1_STRING_length 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH ASN1_STRING_length 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" ASN1_STRING_dup, ASN1_STRING_cmp, ASN1_STRING_set, ASN1_STRING_length, ASN1_STRING_length_set, ASN1_STRING_type, ASN1_STRING_data \- diff --git a/secure/lib/libcrypto/man/ASN1_STRING_new.3 b/secure/lib/libcrypto/man/ASN1_STRING_new.3 index cad6034..c0dbaf1 100644 --- a/secure/lib/libcrypto/man/ASN1_STRING_new.3 +++ b/secure/lib/libcrypto/man/ASN1_STRING_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_STRING_new 3" -.TH ASN1_STRING_new 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH ASN1_STRING_new 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" ASN1_STRING_new, ASN1_STRING_type_new, ASN1_STRING_free \- ASN1_STRING allocation functions diff --git a/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 b/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 index 4d141fa..9fe8ad8 100644 --- a/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 +++ b/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_STRING_print_ex 3" -.TH ASN1_STRING_print_ex 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH ASN1_STRING_print_ex 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" ASN1_STRING_print_ex, ASN1_STRING_print_ex_fp \- ASN1_STRING output routines. .SH "SYNOPSIS" @@ -159,8 +159,8 @@ with '.'. .IX Header "NOTES" \&\fIASN1_STRING_print()\fR is a legacy function which should be avoided in new applications. .PP -Although there are a large number of options frequently \fB\s-1ASN1_STRFLAGS_RFC2253\s0\fR is -suitable, or on \s-1UTF8\s0 terminals \fB\s-1ASN1_STRFLAGS_RFC2253\s0 & ~ASN1_STRFLAGS_ESC_MSB\fR. +Although there are a large number of options frequently \fB\s-1ASN1_STRFLGS_RFC2253\s0\fR is +suitable, or on \s-1UTF8\s0 terminals \fB\s-1ASN1_STRFLGS_RFC2253\s0 & ~ASN1_STRFLGS_ESC_MSB\fR. .PP The complete set of supported options for \fBflags\fR is listed below. .PP @@ -201,7 +201,7 @@ octet. If \fB\s-1ASN1_STRFLGS_DUMP_ALL\s0\fR is set then any type is dumped. .PP Normally non character string types (such as \s-1OCTET\s0 \s-1STRING\s0) are assumed to be -one byte per character, if \fB\s-1ASN1_STRFLAGS_DUMP_UNKNOWN\s0\fR is set then they will +one byte per character, if \fB\s-1ASN1_STRFLGS_DUMP_UNKNOWN\s0\fR is set then they will be dumped instead. .PP When a type is dumped normally just the content octets are printed, if diff --git a/secure/lib/libcrypto/man/ASN1_generate_nconf.3 b/secure/lib/libcrypto/man/ASN1_generate_nconf.3 new file mode 100644 index 0000000..5398f06 --- /dev/null +++ b/secure/lib/libcrypto/man/ASN1_generate_nconf.3 @@ -0,0 +1,383 @@ +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_generate_nconf 3" +.TH ASN1_generate_nconf 3 "2006-07-29" "0.9.8b" "OpenSSL" +.SH "NAME" +ASN1_generate_nconf, ASN1_generate_v3 \- ASN1 generation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf); +\& ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions generate the \s-1ASN1\s0 encoding of a string +in an \fB\s-1ASN1_TYPE\s0\fR structure. +.PP +\&\fBstr\fR contains the string to encode \fBnconf\fR or \fBcnf\fR contains +the optional configuration information where additional strings +will be read from. \fBnconf\fR will typically come from a config +file wherease \fBcnf\fR is obtained from an \fBX509V3_CTX\fR structure +which will typically be used by X509 v3 certificate extension +functions. \fBcnf\fR or \fBnconf\fR can be set to \fB\s-1NULL\s0\fR if no additional +configuration will be used. +.SH "GENERATION STRING FORMAT" +.IX Header "GENERATION STRING FORMAT" +The actual data encoded is determined by the string \fBstr\fR and +the configuration information. The general format of the string +is: +.PP +.Vb 1 +\& B<[modifier,]type[:value]> +.Ve +.PP +That is zero or more comma separated modifiers followed by a type +followed by an optional colon and a value. The formats of \fBtype\fR, +\&\fBvalue\fR and \fBmodifier\fR are explained below. +.Sh "\s-1SUPPORTED\s0 \s-1TYPES\s0" +.IX Subsection "SUPPORTED TYPES" +The supported types are listed below. Unless otherwise specified +only the \fB\s-1ASCII\s0\fR format is permissible. +.IP "\fB\s-1BOOLEAN\s0\fR, \fB\s-1BOOL\s0\fR" 2 +.IX Item "BOOLEAN, BOOL" +This encodes a boolean type. The \fBvalue\fR string is mandatory and +should be \fB\s-1TRUE\s0\fR or \fB\s-1FALSE\s0\fR. Additionally \fB\s-1TRUE\s0\fR, \fBtrue\fR, \fBY\fR, +\&\fBy\fR, \fB\s-1YES\s0\fR, \fByes\fR, \fB\s-1FALSE\s0\fR, \fBfalse\fR, \fBN\fR, \fBn\fR, \fB\s-1NO\s0\fR and \fBno\fR +are acceptable. +.IP "\fB\s-1NULL\s0\fR" 2 +.IX Item "NULL" +Encode the \fB\s-1NULL\s0\fR type, the \fBvalue\fR string must not be present. +.IP "\fB\s-1INTEGER\s0\fR, \fB\s-1INT\s0\fR" 2 +.IX Item "INTEGER, INT" +Encodes an \s-1ASN1\s0 \fB\s-1INTEGER\s0\fR type. The \fBvalue\fR string represents +the value of the integer, it can be preceeded by a minus sign and +is normally interpreted as a decimal value unless the prefix \fB0x\fR +is included. +.IP "\fB\s-1ENUMERATED\s0\fR, \fB\s-1ENUM\s0\fR" 2 +.IX Item "ENUMERATED, ENUM" +Encodes the \s-1ASN1\s0 \fB\s-1ENUMERATED\s0\fR type, it is otherwise identical to +\&\fB\s-1INTEGER\s0\fR. +.IP "\fB\s-1OBJECT\s0\fR, \fB\s-1OID\s0\fR" 2 +.IX Item "OBJECT, OID" +Encodes an \s-1ASN1\s0 \fB\s-1OBJECT\s0 \s-1IDENTIFIER\s0\fR, the \fBvalue\fR string can be +a short name, a long name or numerical format. +.IP "\fB\s-1UTCTIME\s0\fR, \fB\s-1UTC\s0\fR" 2 +.IX Item "UTCTIME, UTC" +Encodes an \s-1ASN1\s0 \fBUTCTime\fR structure, the value should be in +the format \fB\s-1YYMMDDHHMMSSZ\s0\fR. +.IP "\fB\s-1GENERALIZEDTIME\s0\fR, \fB\s-1GENTIME\s0\fR" 2 +.IX Item "GENERALIZEDTIME, GENTIME" +Encodes an \s-1ASN1\s0 \fBGeneralizedTime\fR structure, the value should be in +the format \fB\s-1YYYYMMDDHHMMSSZ\s0\fR. +.IP "\fB\s-1OCTETSTRING\s0\fR, \fB\s-1OCT\s0\fR" 2 +.IX Item "OCTETSTRING, OCT" +Emcodes an \s-1ASN1\s0 \fB\s-1OCTET\s0 \s-1STRING\s0\fR. \fBvalue\fR represents the contents +of this structure, the format strings \fB\s-1ASCII\s0\fR and \fB\s-1HEX\s0\fR can be +used to specify the format of \fBvalue\fR. +.IP "\fB\s-1BITSRING\s0\fR, \fB\s-1BITSTR\s0\fR" 2 +.IX Item "BITSRING, BITSTR" +Emcodes an \s-1ASN1\s0 \fB\s-1BIT\s0 \s-1STRING\s0\fR. \fBvalue\fR represents the contents +of this structure, the format strings \fB\s-1ASCII\s0\fR, \fB\s-1HEX\s0\fR and \fB\s-1BITLIST\s0\fR +can be used to specify the format of \fBvalue\fR. +.Sp +If the format is anything other than \fB\s-1BITLIST\s0\fR the number of unused +bits is set to zero. +.IP "\fB\s-1UNIVERSALSTRING\s0\fR, \fB\s-1UNIV\s0\fR, \fB\s-1IA5\s0\fR, \fB\s-1IA5STRING\s0\fR, \fB\s-1UTF8\s0\fR, \fBUTF8String\fR, \fB\s-1BMP\s0\fR, \fB\s-1BMPSTRING\s0\fR, \fB\s-1VISIBLESTRING\s0\fR, \fB\s-1VISIBLE\s0\fR, \fB\s-1PRINTABLESTRING\s0\fR, \fB\s-1PRINTABLE\s0\fR, \fBT61\fR, \fBT61STRING\fR, \fB\s-1TELETEXSTRING\s0\fR, \fBGeneralString\fR" 2 +.IX Item "UNIVERSALSTRING, UNIV, IA5, IA5STRING, UTF8, UTF8String, BMP, BMPSTRING, VISIBLESTRING, VISIBLE, PRINTABLESTRING, PRINTABLE, T61, T61STRING, TELETEXSTRING, GeneralString" +These encode the corresponding string types. \fBvalue\fR represents the +contents of this structure. The format can be \fB\s-1ASCII\s0\fR or \fB\s-1UTF8\s0\fR. +.IP "\fB\s-1SEQUENCE\s0\fR, \fB\s-1SEQ\s0\fR, \fB\s-1SET\s0\fR" 2 +.IX Item "SEQUENCE, SEQ, SET" +Formats the result as an \s-1ASN1\s0 \fB\s-1SEQUENCE\s0\fR or \fB\s-1SET\s0\fR type. \fBvalue\fR +should be a section name which will contain the contents. The +field names in the section are ignored and the values are in the +generated string format. If \fBvalue\fR is absent then an empty \s-1SEQUENCE\s0 +will be encoded. +.Sh "\s-1MODIFIERS\s0" +.IX Subsection "MODIFIERS" +Modifiers affect the following structure, they can be used to +add \s-1EXPLICIT\s0 or \s-1IMPLICIT\s0 tagging, add wrappers or to change +the string format of the final type and value. The supported +formats are documented below. +.IP "\fB\s-1EXPLICIT\s0\fR, \fB\s-1EXP\s0\fR" 2 +.IX Item "EXPLICIT, EXP" +Add an explicit tag to the following structure. This string +should be followed by a colon and the tag value to use as a +decimal value. +.Sp +By following the number with \fBU\fR, \fBA\fR, \fBP\fR or \fBC\fR \s-1UNIVERSAL\s0, +\&\s-1APPLICATION\s0, \s-1PRIVATE\s0 or \s-1CONTEXT\s0 \s-1SPECIFIC\s0 tagging can be used, +the default is \s-1CONTEXT\s0 \s-1SPECIFIC\s0. +.IP "\fB\s-1IMPLICIT\s0\fR, \fB\s-1IMP\s0\fR" 2 +.IX Item "IMPLICIT, IMP" +This is the same as \fB\s-1EXPLICIT\s0\fR except \s-1IMPLICIT\s0 tagging is used +instead. +.IP "\fB\s-1OCTWRAP\s0\fR, \fB\s-1SEQWRAP\s0\fR, \fB\s-1SETWRAP\s0\fR, \fB\s-1BITWRAP\s0\fR" 2 +.IX Item "OCTWRAP, SEQWRAP, SETWRAP, BITWRAP" +The following structure is surrounded by an \s-1OCTET\s0 \s-1STRING\s0, a \s-1SEQUENCE\s0, +a \s-1SET\s0 or a \s-1BIT\s0 \s-1STRING\s0 respectively. For a \s-1BIT\s0 \s-1STRING\s0 the number of unused +bits is set to zero. +.IP "\fB\s-1FORMAT\s0\fR" 2 +.IX Item "FORMAT" +This specifies the format of the ultimate value. It should be followed +by a colon and one of the strings \fB\s-1ASCII\s0\fR, \fB\s-1UTF8\s0\fR, \fB\s-1HEX\s0\fR or \fB\s-1BITLIST\s0\fR. +.Sp +If no format specifier is included then \fB\s-1ASCII\s0\fR is used. If \fB\s-1UTF8\s0\fR is specified +then the value string must be a valid \fB\s-1UTF8\s0\fR string. For \fB\s-1HEX\s0\fR the output must +be a set of hex digits. \fB\s-1BITLIST\s0\fR (which is only valid for a \s-1BIT\s0 \s-1STRING\s0) is a +comma separated list of set bits. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +A simple IA5String: +.PP +.Vb 1 +\& IA5STRING:Hello World +.Ve +.PP +An IA5String explicitly tagged: +.PP +.Vb 1 +\& EXPLICIT:0,IA5STRING:Hello World +.Ve +.PP +An IA5String explicitly tagged using \s-1APPLICATION\s0 tagging: +.PP +.Vb 1 +\& EXPLICIT:0A,IA5STRING:Hello World +.Ve +.PP +A more complex example using a config file to produce a +\&\s-1SEQUENCE\s0 consiting of a \s-1BOOL\s0 an \s-1OID\s0 and a UTF8String: +.PP +asn1 = SEQUENCE:seq_section +.PP +[seq_section] +.PP +field1 = \s-1BOOLEAN:TRUE\s0 +field2 = OID:commonName +field3 = UTF8:Third field +.PP +This example produces an RSAPrivateKey structure, this is the +key contained in the file client.pem in all OpenSSL distributions +(note: the field names such as 'coeff' are ignored and are present just +for clarity): +.PP +.Vb 3 +\& asn1=SEQUENCE:private_key +\& [private_key] +\& version=INTEGER:0 +.Ve +.PP +.Vb 2 +\& n=INTEGER:0xBB6FE79432CC6EA2D8F970675A5A87BFBE1AFF0BE63E879F2AFFB93644\e +\& D4D2C6D000430DEC66ABF47829E74B8C5108623A1C0EE8BE217B3AD8D36D5EB4FCA1D9 +.Ve +.PP +.Vb 1 +\& e=INTEGER:0x010001 +.Ve +.PP +.Vb 2 +\& d=INTEGER:0x6F05EAD2F27FFAEC84BEC360C4B928FD5F3A9865D0FCAAD291E2A52F4A\e +\& F810DC6373278C006A0ABBA27DC8C63BF97F7E666E27C5284D7D3B1FFFE16B7A87B51D +.Ve +.PP +.Vb 2 +\& p=INTEGER:0xF3929B9435608F8A22C208D86795271D54EBDFB09DDEF539AB083DA912\e +\& D4BD57 +.Ve +.PP +.Vb 2 +\& q=INTEGER:0xC50016F89DFF2561347ED1186A46E150E28BF2D0F539A1594BBD7FE467\e +\& 46EC4F +.Ve +.PP +.Vb 2 +\& exp1=INTEGER:0x9E7D4326C924AFC1DEA40B45650134966D6F9DFA3A7F9D698CD4ABEA\e +\& 9C0A39B9 +.Ve +.PP +.Vb 2 +\& exp2=INTEGER:0xBA84003BB95355AFB7C50DF140C60513D0BA51D637272E355E397779\e +\& E7B2458F +.Ve +.PP +.Vb 2 +\& coeff=INTEGER:0x30B9E4F2AFA5AC679F920FC83F1F2DF1BAF1779CF989447FABC2F5\e +\& 628657053A +.Ve +.PP +This example is the corresponding public key in a SubjectPublicKeyInfo +structure: +.PP +.Vb 2 +\& # Start with a SEQUENCE +\& asn1=SEQUENCE:pubkeyinfo +.Ve +.PP +.Vb 5 +\& # pubkeyinfo contains an algorithm identifier and the public key wrapped +\& # in a BIT STRING +\& [pubkeyinfo] +\& algorithm=SEQUENCE:rsa_alg +\& pubkey=BITWRAP,SEQUENCE:rsapubkey +.Ve +.PP +.Vb 4 +\& # algorithm ID for RSA is just an OID and a NULL +\& [rsa_alg] +\& algorithm=OID:rsaEncryption +\& parameter=NULL +.Ve +.PP +.Vb 4 +\& # Actual public key: modulus and exponent +\& [rsapubkey] +\& n=INTEGER:0xBB6FE79432CC6EA2D8F970675A5A87BFBE1AFF0BE63E879F2AFFB93644\e +\& D4D2C6D000430DEC66ABF47829E74B8C5108623A1C0EE8BE217B3AD8D36D5EB4FCA1D9 +.Ve +.PP +.Vb 1 +\& e=INTEGER:0x010001 +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIASN1_generate_nconf()\fR and \fIASN1_generate_v3()\fR return the encoded +data as an \fB\s-1ASN1_TYPE\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurred. +.PP +The error codes that can be obtained by \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIASN1_generate_nconf()\fR and \fIASN1_generate_v3()\fR were added to OpenSSL 0.9.8 diff --git a/secure/lib/libcrypto/man/BIO_ctrl.3 b/secure/lib/libcrypto/man/BIO_ctrl.3 index 9bded0a..e9a3364 100644 --- a/secure/lib/libcrypto/man/BIO_ctrl.3 +++ b/secure/lib/libcrypto/man/BIO_ctrl.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BIO_ctrl 3" -.TH BIO_ctrl 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH BIO_ctrl 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" BIO_ctrl, BIO_callback_ctrl, BIO_ptr_ctrl, BIO_int_ctrl, BIO_reset, BIO_seek, BIO_tell, BIO_flush, BIO_eof, BIO_set_close, BIO_get_close, diff --git a/secure/lib/libcrypto/man/BIO_f_base64.3 b/secure/lib/libcrypto/man/BIO_f_base64.3 index eeddd92..4c32ac4 100644 --- a/secure/lib/libcrypto/man/BIO_f_base64.3 +++ b/secure/lib/libcrypto/man/BIO_f_base64.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_base64 3" -.TH BIO_f_base64 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH BIO_f_base64 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" BIO_f_base64 \- base64 BIO filter .SH "SYNOPSIS" @@ -200,7 +200,7 @@ data to standard output: \& bio = BIO_new_fp(stdin, BIO_NOCLOSE); \& bio_out = BIO_new_fp(stdout, BIO_NOCLOSE); \& bio = BIO_push(b64, bio); -\& while((inlen = BIO_read(bio, inbuf, 512) > 0) +\& while((inlen = BIO_read(bio, inbuf, 512)) > 0) \& BIO_write(bio_out, inbuf, inlen); .Ve .PP diff --git a/secure/lib/libcrypto/man/BIO_f_buffer.3 b/secure/lib/libcrypto/man/BIO_f_buffer.3 index f77266c..d491067 100644 --- a/secure/lib/libcrypto/man/BIO_f_buffer.3 +++ b/secure/lib/libcrypto/man/BIO_f_buffer.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_buffer 3" -.TH BIO_f_buffer 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH BIO_f_buffer 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" BIO_f_buffer \- buffering BIO .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/BIO_f_cipher.3 b/secure/lib/libcrypto/man/BIO_f_cipher.3 index cacd96d..5a748b0 100644 --- a/secure/lib/libcrypto/man/BIO_f_cipher.3 +++ b/secure/lib/libcrypto/man/BIO_f_cipher.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_cipher 3" -.TH BIO_f_cipher 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH BIO_f_cipher 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" BIO_f_cipher, BIO_set_cipher, BIO_get_cipher_status, BIO_get_cipher_ctx \- cipher BIO filter .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/BIO_f_md.3 b/secure/lib/libcrypto/man/BIO_f_md.3 index 5605e18..3d09385 100644 --- a/secure/lib/libcrypto/man/BIO_f_md.3 +++ b/secure/lib/libcrypto/man/BIO_f_md.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_md 3" -.TH BIO_f_md 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH BIO_f_md 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" BIO_f_md, BIO_set_md, BIO_get_md, BIO_get_md_ctx \- message digest BIO filter .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/BIO_f_null.3 b/secure/lib/libcrypto/man/BIO_f_null.3 index 05971ae..8400eaf 100644 --- a/secure/lib/libcrypto/man/BIO_f_null.3 +++ b/secure/lib/libcrypto/man/BIO_f_null.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_null 3" -.TH BIO_f_null 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH BIO_f_null 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" BIO_f_null \- null filter .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/BIO_f_ssl.3 b/secure/lib/libcrypto/man/BIO_f_ssl.3 index 36a1f0a..3eb313c 100644 --- a/secure/lib/libcrypto/man/BIO_f_ssl.3 +++ b/secure/lib/libcrypto/man/BIO_f_ssl.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_ssl 3" -.TH BIO_f_ssl 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH BIO_f_ssl 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" BIO_f_ssl, BIO_set_ssl, BIO_get_ssl, BIO_set_ssl_mode, BIO_set_ssl_renegotiate_bytes, BIO_get_num_renegotiates, BIO_set_ssl_renegotiate_timeout, BIO_new_ssl, diff --git a/secure/lib/libcrypto/man/BIO_find_type.3 b/secure/lib/libcrypto/man/BIO_find_type.3 index 16c6103..82236ce 100644 --- a/secure/lib/libcrypto/man/BIO_find_type.3 +++ b/secure/lib/libcrypto/man/BIO_find_type.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BIO_find_type 3" -.TH BIO_find_type 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH BIO_find_type 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" BIO_find_type, BIO_next \- BIO chain traversal .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/BIO_new.3 b/secure/lib/libcrypto/man/BIO_new.3 index cbef6d1..d9826b4 100644 --- a/secure/lib/libcrypto/man/BIO_new.3 +++ b/secure/lib/libcrypto/man/BIO_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BIO_new 3" -.TH BIO_new 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH BIO_new 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" BIO_new, BIO_set, BIO_free, BIO_vfree, BIO_free_all \- BIO allocation and freeing functions .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/BIO_push.3 b/secure/lib/libcrypto/man/BIO_push.3 index 4703794..d242475 100644 --- a/secure/lib/libcrypto/man/BIO_push.3 +++ b/secure/lib/libcrypto/man/BIO_push.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BIO_push 3" -.TH BIO_push 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH BIO_push 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" BIO_push, BIO_pop \- add and remove BIOs from a chain. .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/BIO_read.3 b/secure/lib/libcrypto/man/BIO_read.3 index e9bba6f..3e7e7d1 100644 --- a/secure/lib/libcrypto/man/BIO_read.3 +++ b/secure/lib/libcrypto/man/BIO_read.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BIO_read 3" -.TH BIO_read 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH BIO_read 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" BIO_read, BIO_write, BIO_gets, BIO_puts \- BIO I/O functions .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/BIO_s_accept.3 b/secure/lib/libcrypto/man/BIO_s_accept.3 index 4f48814..606a28a 100644 --- a/secure/lib/libcrypto/man/BIO_s_accept.3 +++ b/secure/lib/libcrypto/man/BIO_s_accept.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_accept 3" -.TH BIO_s_accept 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH BIO_s_accept 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" BIO_s_accept, BIO_set_accept_port, BIO_get_accept_port, BIO_set_nbio_accept, BIO_set_accept_bios, BIO_set_bind_mode, diff --git a/secure/lib/libcrypto/man/BIO_s_bio.3 b/secure/lib/libcrypto/man/BIO_s_bio.3 index 133dd63..c1ffe20 100644 --- a/secure/lib/libcrypto/man/BIO_s_bio.3 +++ b/secure/lib/libcrypto/man/BIO_s_bio.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_bio 3" -.TH BIO_s_bio 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH BIO_s_bio 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" BIO_s_bio, BIO_make_bio_pair, BIO_destroy_bio_pair, BIO_shutdown_wr, BIO_set_write_buf_size, BIO_get_write_buf_size, BIO_new_bio_pair, diff --git a/secure/lib/libcrypto/man/BIO_s_connect.3 b/secure/lib/libcrypto/man/BIO_s_connect.3 index f2f8d2e..ca70968 100644 --- a/secure/lib/libcrypto/man/BIO_s_connect.3 +++ b/secure/lib/libcrypto/man/BIO_s_connect.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_connect 3" -.TH BIO_s_connect 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH BIO_s_connect 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" BIO_s_connect, BIO_set_conn_hostname, BIO_set_conn_port, BIO_set_conn_ip, BIO_set_conn_int_port, BIO_get_conn_hostname, diff --git a/secure/lib/libcrypto/man/BIO_s_fd.3 b/secure/lib/libcrypto/man/BIO_s_fd.3 index 7956bfe..074cb33 100644 --- a/secure/lib/libcrypto/man/BIO_s_fd.3 +++ b/secure/lib/libcrypto/man/BIO_s_fd.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_fd 3" -.TH BIO_s_fd 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH BIO_s_fd 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" BIO_s_fd, BIO_set_fd, BIO_get_fd, BIO_new_fd \- file descriptor BIO .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/BIO_s_file.3 b/secure/lib/libcrypto/man/BIO_s_file.3 index e31213b..9048780 100644 --- a/secure/lib/libcrypto/man/BIO_s_file.3 +++ b/secure/lib/libcrypto/man/BIO_s_file.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_file 3" -.TH BIO_s_file 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH BIO_s_file 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" BIO_s_file, BIO_new_file, BIO_new_fp, BIO_set_fp, BIO_get_fp, BIO_read_filename, BIO_write_filename, BIO_append_filename, diff --git a/secure/lib/libcrypto/man/BIO_s_mem.3 b/secure/lib/libcrypto/man/BIO_s_mem.3 index 017a86e..d7304c4 100644 --- a/secure/lib/libcrypto/man/BIO_s_mem.3 +++ b/secure/lib/libcrypto/man/BIO_s_mem.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_mem 3" -.TH BIO_s_mem 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH BIO_s_mem 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" BIO_s_mem, BIO_set_mem_eof_return, BIO_get_mem_data, BIO_set_mem_buf, BIO_get_mem_ptr, BIO_new_mem_buf \- memory BIO diff --git a/secure/lib/libcrypto/man/BIO_s_null.3 b/secure/lib/libcrypto/man/BIO_s_null.3 index 47671ce..9ff5075 100644 --- a/secure/lib/libcrypto/man/BIO_s_null.3 +++ b/secure/lib/libcrypto/man/BIO_s_null.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_null 3" -.TH BIO_s_null 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH BIO_s_null 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" BIO_s_null \- null data sink .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/BIO_s_socket.3 b/secure/lib/libcrypto/man/BIO_s_socket.3 index 53ffd1a..e96de8c 100644 --- a/secure/lib/libcrypto/man/BIO_s_socket.3 +++ b/secure/lib/libcrypto/man/BIO_s_socket.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_socket 3" -.TH BIO_s_socket 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH BIO_s_socket 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" BIO_s_socket, BIO_new_socket \- socket BIO .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/BIO_set_callback.3 b/secure/lib/libcrypto/man/BIO_set_callback.3 index f6468df..926d6b4 100644 --- a/secure/lib/libcrypto/man/BIO_set_callback.3 +++ b/secure/lib/libcrypto/man/BIO_set_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BIO_set_callback 3" -.TH BIO_set_callback 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH BIO_set_callback 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" BIO_set_callback, BIO_get_callback, BIO_set_callback_arg, BIO_get_callback_arg, BIO_debug_callback \- BIO callback functions diff --git a/secure/lib/libcrypto/man/BIO_should_retry.3 b/secure/lib/libcrypto/man/BIO_should_retry.3 index 24c7877..8e6d473 100644 --- a/secure/lib/libcrypto/man/BIO_should_retry.3 +++ b/secure/lib/libcrypto/man/BIO_should_retry.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BIO_should_retry 3" -.TH BIO_should_retry 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH BIO_should_retry 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" BIO_should_retry, BIO_should_read, BIO_should_write, BIO_should_io_special, BIO_retry_type, BIO_should_retry, diff --git a/secure/lib/libcrypto/man/BN_BLINDING_new.3 b/secure/lib/libcrypto/man/BN_BLINDING_new.3 new file mode 100644 index 0000000..f5d8edb --- /dev/null +++ b/secure/lib/libcrypto/man/BN_BLINDING_new.3 @@ -0,0 +1,234 @@ +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_BLINDING_new 3" +.TH BN_BLINDING_new 3 "2006-07-29" "0.9.8b" "OpenSSL" +.SH "NAME" +BN_BLINDING_new, BN_BLINDING_free, BN_BLINDING_update, BN_BLINDING_convert, +BN_BLINDING_invert, BN_BLINDING_convert_ex, BN_BLINDING_invert_ex, +BN_BLINDING_get_thread_id, BN_BLINDING_set_thread_id, BN_BLINDING_get_flags, +BN_BLINDING_set_flags, BN_BLINDING_create_param \- blinding related BIGNUM +functions. +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/bn.h> +.Ve +.PP +.Vb 19 +\& BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, +\& BIGNUM *mod); +\& void BN_BLINDING_free(BN_BLINDING *b); +\& int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx); +\& int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); +\& int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); +\& int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, +\& BN_CTX *ctx); +\& int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, +\& BN_CTX *ctx); +\& unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *); +\& void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long); +\& unsigned long BN_BLINDING_get_flags(const BN_BLINDING *); +\& void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); +\& BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, +\& const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, +\& int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, +\& const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx), +\& BN_MONT_CTX *m_ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBN_BLINDING_new()\fR allocates a new \fB\s-1BN_BLINDING\s0\fR structure and copies +the \fBA\fR and \fBAi\fR values into the newly created \fB\s-1BN_BLINDING\s0\fR object. +.PP +\&\fIBN_BLINDING_free()\fR frees the \fB\s-1BN_BLINDING\s0\fR structure. +.PP +\&\fIBN_BLINDING_update()\fR updates the \fB\s-1BN_BLINDING\s0\fR parameters by squaring +the \fBA\fR and \fBAi\fR or, after specific number of uses and if the +necessary parameters are set, by re-creating the blinding parameters. +.PP +\&\fIBN_BLINDING_convert_ex()\fR multiplies \fBn\fR with the blinding factor \fBA\fR. +If \fBr\fR is not \s-1NULL\s0 a copy the inverse blinding factor \fBAi\fR will be +returned in \fBr\fR (this is useful if a \fB\s-1RSA\s0\fR object is shared amoung +several threads). \fIBN_BLINDING_invert_ex()\fR multiplies \fBn\fR with the +inverse blinding factor \fBAi\fR. If \fBr\fR is not \s-1NULL\s0 it will be used as +the inverse blinding. +.PP +\&\fIBN_BLINDING_convert()\fR and \fIBN_BLINDING_invert()\fR are wrapper +functions for \fIBN_BLINDING_convert_ex()\fR and \fIBN_BLINDING_invert_ex()\fR +with \fBr\fR set to \s-1NULL\s0. +.PP +\&\fIBN_BLINDING_set_thread_id()\fR and \fIBN_BLINDING_get_thread_id()\fR +set and get the \*(L"thread id\*(R" value of the \fB\s-1BN_BLINDING\s0\fR structure, +a field provided to users of \fB\s-1BN_BLINDING\s0\fR structure to help them +provide proper locking if needed for multi-threaded use. The +\&\*(L"thread id\*(R" of a newly allocated \fB\s-1BN_BLINDING\s0\fR structure is zero. +.PP +\&\fIBN_BLINDING_get_flags()\fR returns the \s-1BN_BLINDING\s0 flags. Currently +there are two supported flags: \fB\s-1BN_BLINDING_NO_UPDATE\s0\fR and +\&\fB\s-1BN_BLINDING_NO_RECREATE\s0\fR. \fB\s-1BN_BLINDING_NO_UPDATE\s0\fR inhibits the +automatic update of the \fB\s-1BN_BLINDING\s0\fR parameters after each use +and \fB\s-1BN_BLINDING_NO_RECREATE\s0\fR inhibits the automatic re-creation +of the \fB\s-1BN_BLINDING\s0\fR parameters after a fixed number of uses (currently +32). In newly allocated \fB\s-1BN_BLINDING\s0\fR objects no flags are set. +\&\fIBN_BLINDING_set_flags()\fR sets the \fB\s-1BN_BLINDING\s0\fR parameters flags. +.PP +\&\fIBN_BLINDING_create_param()\fR creates new \fB\s-1BN_BLINDING\s0\fR parameters +using the exponent \fBe\fR and the modulus \fBm\fR. \fBbn_mod_exp\fR and +\&\fBm_ctx\fR can be used to pass special functions for exponentiation +(normally \fIBN_mod_exp_mont()\fR and \fB\s-1BN_MONT_CTX\s0\fR). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBN_BLINDING_new()\fR returns the newly allocated \fB\s-1BN_BLINDING\s0\fR structure +or \s-1NULL\s0 in case of an error. +.PP +\&\fIBN_BLINDING_update()\fR, \fIBN_BLINDING_convert()\fR, \fIBN_BLINDING_invert()\fR, +\&\fIBN_BLINDING_convert_ex()\fR and \fIBN_BLINDING_invert_ex()\fR return 1 on +success and 0 if an error occured. +.PP +\&\fIBN_BLINDING_get_thread_id()\fR returns the thread id (a \fBunsigned long\fR +value) or 0 if not set. +.PP +\&\fIBN_BLINDING_get_flags()\fR returns the currently set \fB\s-1BN_BLINDING\s0\fR flags +(a \fBunsigned long\fR value). +.PP +\&\fIBN_BLINDING_create_param()\fR returns the newly created \fB\s-1BN_BLINDING\s0\fR +parameters or \s-1NULL\s0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIbn\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +BN_BLINDING_convert_ex, BN_BLINDIND_invert_ex, BN_BLINDING_get_thread_id, +BN_BLINDING_set_thread_id, BN_BLINDING_set_flags, BN_BLINDING_get_flags +and BN_BLINDING_create_param were first introduced in OpenSSL 0.9.8 +.SH "AUTHOR" +.IX Header "AUTHOR" +Nils Larsch for the OpenSSL project (http://www.openssl.org). diff --git a/secure/lib/libcrypto/man/BN_CTX_new.3 b/secure/lib/libcrypto/man/BN_CTX_new.3 index 489d3dd..a6133ce 100644 --- a/secure/lib/libcrypto/man/BN_CTX_new.3 +++ b/secure/lib/libcrypto/man/BN_CTX_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BN_CTX_new 3" -.TH BN_CTX_new 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH BN_CTX_new 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" BN_CTX_new, BN_CTX_init, BN_CTX_free \- allocate and free BN_CTX structures .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/BN_CTX_start.3 b/secure/lib/libcrypto/man/BN_CTX_start.3 index 4092ed6..3e98252 100644 --- a/secure/lib/libcrypto/man/BN_CTX_start.3 +++ b/secure/lib/libcrypto/man/BN_CTX_start.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BN_CTX_start 3" -.TH BN_CTX_start 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH BN_CTX_start 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" BN_CTX_start, BN_CTX_get, BN_CTX_end \- use temporary BIGNUM variables .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/BN_add.3 b/secure/lib/libcrypto/man/BN_add.3 index 019da52..cd50887 100644 --- a/secure/lib/libcrypto/man/BN_add.3 +++ b/secure/lib/libcrypto/man/BN_add.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BN_add 3" -.TH BN_add 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH BN_add 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" BN_add, BN_sub, BN_mul, BN_sqr, BN_div, BN_mod, BN_nnmod, BN_mod_add, BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_exp, BN_mod_exp, BN_gcd \- diff --git a/secure/lib/libcrypto/man/BN_add_word.3 b/secure/lib/libcrypto/man/BN_add_word.3 index 765786a..308c37c 100644 --- a/secure/lib/libcrypto/man/BN_add_word.3 +++ b/secure/lib/libcrypto/man/BN_add_word.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BN_add_word 3" -.TH BN_add_word 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH BN_add_word 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" BN_add_word, BN_sub_word, BN_mul_word, BN_div_word, BN_mod_word \- arithmetic functions on BIGNUMs with integers @@ -168,11 +168,11 @@ arithmetic operations. .PP \&\fIBN_sub_word()\fR subtracts \fBw\fR from \fBa\fR (\f(CW\*(C`a\-=w\*(C'\fR). .PP -\&\fIBN_mul_word()\fR multiplies \fBa\fR and \fBw\fR (\f(CW\*(C`a*=b\*(C'\fR). +\&\fIBN_mul_word()\fR multiplies \fBa\fR and \fBw\fR (\f(CW\*(C`a*=w\*(C'\fR). .PP \&\fIBN_div_word()\fR divides \fBa\fR by \fBw\fR (\f(CW\*(C`a/=w\*(C'\fR) and returns the remainder. .PP -\&\fIBN_mod_word()\fR returns the remainder of \fBa\fR divided by \fBw\fR (\f(CW\*(C`a%m\*(C'\fR). +\&\fIBN_mod_word()\fR returns the remainder of \fBa\fR divided by \fBw\fR (\f(CW\*(C`a%w\*(C'\fR). .PP For \fIBN_div_word()\fR and \fIBN_mod_word()\fR, \fBw\fR must not be 0. .SH "RETURN VALUES" @@ -180,7 +180,8 @@ For \fIBN_div_word()\fR and \fIBN_mod_word()\fR, \fBw\fR must not be 0. \&\fIBN_add_word()\fR, \fIBN_sub_word()\fR and \fIBN_mul_word()\fR return 1 for success, 0 on error. The error codes can be obtained by \fIERR_get_error\fR\|(3). .PP -\&\fIBN_mod_word()\fR and \fIBN_div_word()\fR return \fBa\fR%\fBw\fR. +\&\fIBN_mod_word()\fR and \fIBN_div_word()\fR return \fBa\fR%\fBw\fR on success and +\&\fB(\s-1BN_ULONG\s0)\-1\fR if an error occurred. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIbn\fR\|(3), \fIERR_get_error\fR\|(3), \fIBN_add\fR\|(3) @@ -189,3 +190,6 @@ on error. The error codes can be obtained by \fIERR_get_error\fR\|(3). \&\fIBN_add_word()\fR and \fIBN_mod_word()\fR are available in all versions of SSLeay and OpenSSL. \fIBN_div_word()\fR was added in SSLeay 0.8, and \&\fIBN_sub_word()\fR and \fIBN_mul_word()\fR in SSLeay 0.9.0. +.PP +Before 0.9.8a the return value for \fIBN_div_word()\fR and \fIBN_mod_word()\fR +in case of an error was 0. diff --git a/secure/lib/libcrypto/man/BN_bn2bin.3 b/secure/lib/libcrypto/man/BN_bn2bin.3 index b131ce3..daff91c 100644 --- a/secure/lib/libcrypto/man/BN_bn2bin.3 +++ b/secure/lib/libcrypto/man/BN_bn2bin.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BN_bn2bin 3" -.TH BN_bn2bin 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH BN_bn2bin 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" BN_bn2bin, BN_bin2bn, BN_bn2hex, BN_bn2dec, BN_hex2bn, BN_dec2bn, BN_print, BN_print_fp, BN_bn2mpi, BN_mpi2bn \- format conversions diff --git a/secure/lib/libcrypto/man/BN_cmp.3 b/secure/lib/libcrypto/man/BN_cmp.3 index a496d41..9534888 100644 --- a/secure/lib/libcrypto/man/BN_cmp.3 +++ b/secure/lib/libcrypto/man/BN_cmp.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BN_cmp 3" -.TH BN_cmp 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH BN_cmp 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_is_odd \- BIGNUM comparison and test functions .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/BN_copy.3 b/secure/lib/libcrypto/man/BN_copy.3 index 5f9a676..3de0eb2 100644 --- a/secure/lib/libcrypto/man/BN_copy.3 +++ b/secure/lib/libcrypto/man/BN_copy.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BN_copy 3" -.TH BN_copy 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH BN_copy 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" BN_copy, BN_dup \- copy BIGNUMs .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/BN_generate_prime.3 b/secure/lib/libcrypto/man/BN_generate_prime.3 index 0d5fd34..351ae6e 100644 --- a/secure/lib/libcrypto/man/BN_generate_prime.3 +++ b/secure/lib/libcrypto/man/BN_generate_prime.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BN_generate_prime 3" -.TH BN_generate_prime 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH BN_generate_prime 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" BN_generate_prime, BN_is_prime, BN_is_prime_fasttest \- generate primes and test for primality .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/BN_mod_inverse.3 b/secure/lib/libcrypto/man/BN_mod_inverse.3 index e616b11..dc0e073 100644 --- a/secure/lib/libcrypto/man/BN_mod_inverse.3 +++ b/secure/lib/libcrypto/man/BN_mod_inverse.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BN_mod_inverse 3" -.TH BN_mod_inverse 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH BN_mod_inverse 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" BN_mod_inverse \- compute inverse modulo n .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 b/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 index b3fd7c8..55c41be 100644 --- a/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 +++ b/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BN_mod_mul_montgomery 3" -.TH BN_mod_mul_montgomery 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH BN_mod_mul_montgomery 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" BN_mod_mul_montgomery, BN_MONT_CTX_new, BN_MONT_CTX_init, BN_MONT_CTX_free, BN_MONT_CTX_set, BN_MONT_CTX_copy, diff --git a/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 b/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 index 4ad45fb..638351f 100644 --- a/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 +++ b/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BN_mod_mul_reciprocal 3" -.TH BN_mod_mul_reciprocal 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH BN_mod_mul_reciprocal 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" BN_mod_mul_reciprocal, BN_div_recp, BN_RECP_CTX_new, BN_RECP_CTX_init, BN_RECP_CTX_free, BN_RECP_CTX_set \- modular multiplication using diff --git a/secure/lib/libcrypto/man/BN_new.3 b/secure/lib/libcrypto/man/BN_new.3 index 8eec0ff..90ac2e1 100644 --- a/secure/lib/libcrypto/man/BN_new.3 +++ b/secure/lib/libcrypto/man/BN_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BN_new 3" -.TH BN_new 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH BN_new 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" BN_new, BN_init, BN_clear, BN_free, BN_clear_free \- allocate and free BIGNUMs .SH "SYNOPSIS" @@ -159,7 +159,7 @@ BN_new, BN_init, BN_clear, BN_free, BN_clear_free \- allocate and free BIGNUMs .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBN_new()\fR allocated and initializes a \fB\s-1BIGNUM\s0\fR structure. \fIBN_init()\fR +\&\fIBN_new()\fR allocates and initializes a \fB\s-1BIGNUM\s0\fR structure. \fIBN_init()\fR initializes an existing uninitialized \fB\s-1BIGNUM\s0\fR. .PP \&\fIBN_clear()\fR is used to destroy sensitive data such as keys when they diff --git a/secure/lib/libcrypto/man/BN_num_bytes.3 b/secure/lib/libcrypto/man/BN_num_bytes.3 index 6fe4ec8..5864700 100644 --- a/secure/lib/libcrypto/man/BN_num_bytes.3 +++ b/secure/lib/libcrypto/man/BN_num_bytes.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BN_num_bytes 3" -.TH BN_num_bytes 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH BN_num_bytes 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" BN_num_bits, BN_num_bytes, BN_num_bits_word \- get BIGNUM size .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/BN_rand.3 b/secure/lib/libcrypto/man/BN_rand.3 index 7f3c8a4..c1de8f0 100644 --- a/secure/lib/libcrypto/man/BN_rand.3 +++ b/secure/lib/libcrypto/man/BN_rand.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BN_rand 3" -.TH BN_rand 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH BN_rand 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" BN_rand, BN_pseudo_rand \- generate pseudo\-random number .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/BN_set_bit.3 b/secure/lib/libcrypto/man/BN_set_bit.3 index 1277b1b..1306320 100644 --- a/secure/lib/libcrypto/man/BN_set_bit.3 +++ b/secure/lib/libcrypto/man/BN_set_bit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BN_set_bit 3" -.TH BN_set_bit 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH BN_set_bit 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" BN_set_bit, BN_clear_bit, BN_is_bit_set, BN_mask_bits, BN_lshift, BN_lshift1, BN_rshift, BN_rshift1 \- bit operations on BIGNUMs diff --git a/secure/lib/libcrypto/man/BN_swap.3 b/secure/lib/libcrypto/man/BN_swap.3 index f041675..7c17de3 100644 --- a/secure/lib/libcrypto/man/BN_swap.3 +++ b/secure/lib/libcrypto/man/BN_swap.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BN_swap 3" -.TH BN_swap 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH BN_swap 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" BN_swap \- exchange BIGNUMs .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/BN_zero.3 b/secure/lib/libcrypto/man/BN_zero.3 index d4a355f..0e02356 100644 --- a/secure/lib/libcrypto/man/BN_zero.3 +++ b/secure/lib/libcrypto/man/BN_zero.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BN_zero 3" -.TH BN_zero 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH BN_zero 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" BN_zero, BN_one, BN_value_one, BN_set_word, BN_get_word \- BIGNUM assignment operations diff --git a/secure/lib/libcrypto/man/CONF_modules_free.3 b/secure/lib/libcrypto/man/CONF_modules_free.3 index 79b69b0..3e96e7a 100644 --- a/secure/lib/libcrypto/man/CONF_modules_free.3 +++ b/secure/lib/libcrypto/man/CONF_modules_free.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "CONF_modules_free 3" -.TH CONF_modules_free 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH CONF_modules_free 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" .Vb 2 \& CONF_modules_free, CONF_modules_load, CONF_modules_unload - diff --git a/secure/lib/libcrypto/man/CONF_modules_load_file.3 b/secure/lib/libcrypto/man/CONF_modules_load_file.3 index ec62414..8c8ca8e 100644 --- a/secure/lib/libcrypto/man/CONF_modules_load_file.3 +++ b/secure/lib/libcrypto/man/CONF_modules_load_file.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "CONF_modules_load_file 3" -.TH CONF_modules_load_file 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH CONF_modules_load_file 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" .Vb 1 \& CONF_modules_load_file, CONF_modules_load - OpenSSL configuration functions diff --git a/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 b/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 index 6632342..7cf3cb3 100644 --- a/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 +++ b/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "CRYPTO_set_ex_data 3" -.TH CRYPTO_set_ex_data 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH CRYPTO_set_ex_data 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" CRYPTO_set_ex_data, CRYPTO_get_ex_data \- internal application specific data functions .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/DH_generate_key.3 b/secure/lib/libcrypto/man/DH_generate_key.3 index 79377f8..a3806ac 100644 --- a/secure/lib/libcrypto/man/DH_generate_key.3 +++ b/secure/lib/libcrypto/man/DH_generate_key.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "DH_generate_key 3" -.TH DH_generate_key 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH DH_generate_key 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" DH_generate_key, DH_compute_key \- perform Diffie\-Hellman key exchange .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/DH_generate_parameters.3 b/secure/lib/libcrypto/man/DH_generate_parameters.3 index 7cf5fb5..17bcfb0 100644 --- a/secure/lib/libcrypto/man/DH_generate_parameters.3 +++ b/secure/lib/libcrypto/man/DH_generate_parameters.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "DH_generate_parameters 3" -.TH DH_generate_parameters 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH DH_generate_parameters 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" DH_generate_parameters, DH_check \- generate and check Diffie\-Hellman parameters .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/DH_get_ex_new_index.3 b/secure/lib/libcrypto/man/DH_get_ex_new_index.3 index aaa29d9..8d39076 100644 --- a/secure/lib/libcrypto/man/DH_get_ex_new_index.3 +++ b/secure/lib/libcrypto/man/DH_get_ex_new_index.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "DH_get_ex_new_index 3" -.TH DH_get_ex_new_index 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH DH_get_ex_new_index 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data \- add application specific data to DH structures .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/DH_new.3 b/secure/lib/libcrypto/man/DH_new.3 index eda083a..ea718f9 100644 --- a/secure/lib/libcrypto/man/DH_new.3 +++ b/secure/lib/libcrypto/man/DH_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "DH_new 3" -.TH DH_new 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH DH_new 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" DH_new, DH_free \- allocate and free DH objects .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/DH_set_method.3 b/secure/lib/libcrypto/man/DH_set_method.3 index de96d06..d7c21b4 100644 --- a/secure/lib/libcrypto/man/DH_set_method.3 +++ b/secure/lib/libcrypto/man/DH_set_method.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "DH_set_method 3" -.TH DH_set_method 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH DH_set_method 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" DH_set_default_method, DH_get_default_method, DH_set_method, DH_new_method, DH_OpenSSL \- select DH method diff --git a/secure/lib/libcrypto/man/DH_size.3 b/secure/lib/libcrypto/man/DH_size.3 index a502f1a..741093b 100644 --- a/secure/lib/libcrypto/man/DH_size.3 +++ b/secure/lib/libcrypto/man/DH_size.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "DH_size 3" -.TH DH_size 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH DH_size 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" DH_size \- get Diffie\-Hellman prime size .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/DSA_SIG_new.3 b/secure/lib/libcrypto/man/DSA_SIG_new.3 index 4aa8a81..ad9535d 100644 --- a/secure/lib/libcrypto/man/DSA_SIG_new.3 +++ b/secure/lib/libcrypto/man/DSA_SIG_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "DSA_SIG_new 3" -.TH DSA_SIG_new 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH DSA_SIG_new 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" DSA_SIG_new, DSA_SIG_free \- allocate and free DSA signature objects .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/DSA_do_sign.3 b/secure/lib/libcrypto/man/DSA_do_sign.3 index 2671cc4..6426a20 100644 --- a/secure/lib/libcrypto/man/DSA_do_sign.3 +++ b/secure/lib/libcrypto/man/DSA_do_sign.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "DSA_do_sign 3" -.TH DSA_do_sign 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH DSA_do_sign 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" DSA_do_sign, DSA_do_verify \- raw DSA signature operations .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/DSA_dup_DH.3 b/secure/lib/libcrypto/man/DSA_dup_DH.3 index 9a6de62..79da553 100644 --- a/secure/lib/libcrypto/man/DSA_dup_DH.3 +++ b/secure/lib/libcrypto/man/DSA_dup_DH.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "DSA_dup_DH 3" -.TH DSA_dup_DH 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH DSA_dup_DH 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" DSA_dup_DH \- create a DH structure out of DSA structure .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/DSA_generate_key.3 b/secure/lib/libcrypto/man/DSA_generate_key.3 index 54766b2..cacfaf5 100644 --- a/secure/lib/libcrypto/man/DSA_generate_key.3 +++ b/secure/lib/libcrypto/man/DSA_generate_key.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "DSA_generate_key 3" -.TH DSA_generate_key 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH DSA_generate_key 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" DSA_generate_key \- generate DSA key pair .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/DSA_generate_parameters.3 b/secure/lib/libcrypto/man/DSA_generate_parameters.3 index 7b192ba..ae3c7be 100644 --- a/secure/lib/libcrypto/man/DSA_generate_parameters.3 +++ b/secure/lib/libcrypto/man/DSA_generate_parameters.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "DSA_generate_parameters 3" -.TH DSA_generate_parameters 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH DSA_generate_parameters 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" DSA_generate_parameters \- generate DSA parameters .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 b/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 index 07abc5a..d879bb0 100644 --- a/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 +++ b/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "DSA_get_ex_new_index 3" -.TH DSA_get_ex_new_index 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH DSA_get_ex_new_index 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data \- add application specific data to DSA structures .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/DSA_new.3 b/secure/lib/libcrypto/man/DSA_new.3 index d1da3a5..a9a8a72 100644 --- a/secure/lib/libcrypto/man/DSA_new.3 +++ b/secure/lib/libcrypto/man/DSA_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "DSA_new 3" -.TH DSA_new 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH DSA_new 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" DSA_new, DSA_free \- allocate and free DSA objects .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/DSA_set_method.3 b/secure/lib/libcrypto/man/DSA_set_method.3 index 5a485d7..23a2740 100644 --- a/secure/lib/libcrypto/man/DSA_set_method.3 +++ b/secure/lib/libcrypto/man/DSA_set_method.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "DSA_set_method 3" -.TH DSA_set_method 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH DSA_set_method 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" DSA_set_default_method, DSA_get_default_method, DSA_set_method, DSA_new_method, DSA_OpenSSL \- select DSA method diff --git a/secure/lib/libcrypto/man/DSA_sign.3 b/secure/lib/libcrypto/man/DSA_sign.3 index 3653873..e2587a9 100644 --- a/secure/lib/libcrypto/man/DSA_sign.3 +++ b/secure/lib/libcrypto/man/DSA_sign.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "DSA_sign 3" -.TH DSA_sign 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH DSA_sign 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" DSA_sign, DSA_sign_setup, DSA_verify \- DSA signatures .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/DSA_size.3 b/secure/lib/libcrypto/man/DSA_size.3 index d00ba78..4db6c15 100644 --- a/secure/lib/libcrypto/man/DSA_size.3 +++ b/secure/lib/libcrypto/man/DSA_size.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "DSA_size 3" -.TH DSA_size 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH DSA_size 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" DSA_size \- get DSA signature size .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/ERR_GET_LIB.3 b/secure/lib/libcrypto/man/ERR_GET_LIB.3 index 0e172d2..cf701b8 100644 --- a/secure/lib/libcrypto/man/ERR_GET_LIB.3 +++ b/secure/lib/libcrypto/man/ERR_GET_LIB.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "ERR_GET_LIB 3" -.TH ERR_GET_LIB 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH ERR_GET_LIB 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" ERR_GET_LIB, ERR_GET_FUNC, ERR_GET_REASON \- get library, function and reason code diff --git a/secure/lib/libcrypto/man/ERR_clear_error.3 b/secure/lib/libcrypto/man/ERR_clear_error.3 index 54fb8be..21ae4d1 100644 --- a/secure/lib/libcrypto/man/ERR_clear_error.3 +++ b/secure/lib/libcrypto/man/ERR_clear_error.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "ERR_clear_error 3" -.TH ERR_clear_error 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH ERR_clear_error 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" ERR_clear_error \- clear the error queue .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/ERR_error_string.3 b/secure/lib/libcrypto/man/ERR_error_string.3 index 41cc0a1..3040953 100644 --- a/secure/lib/libcrypto/man/ERR_error_string.3 +++ b/secure/lib/libcrypto/man/ERR_error_string.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "ERR_error_string 3" -.TH ERR_error_string 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH ERR_error_string 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" ERR_error_string, ERR_error_string_n, ERR_lib_error_string, ERR_func_error_string, ERR_reason_error_string \- obtain human\-readable @@ -142,7 +142,7 @@ error message .PP .Vb 2 \& char *ERR_error_string(unsigned long e, char *buf); -\& char *ERR_error_string_n(unsigned long e, char *buf, size_t len); +\& void ERR_error_string_n(unsigned long e, char *buf, size_t len); .Ve .PP .Vb 3 diff --git a/secure/lib/libcrypto/man/ERR_get_error.3 b/secure/lib/libcrypto/man/ERR_get_error.3 index 48d23c3..78130af 100644 --- a/secure/lib/libcrypto/man/ERR_get_error.3 +++ b/secure/lib/libcrypto/man/ERR_get_error.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "ERR_get_error 3" -.TH ERR_get_error 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH ERR_get_error 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" ERR_get_error, ERR_peek_error, ERR_peek_last_error, ERR_get_error_line, ERR_peek_error_line, ERR_peek_last_error_line, diff --git a/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 b/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 index 661ac5f..240a254 100644 --- a/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 +++ b/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "ERR_load_crypto_strings 3" -.TH ERR_load_crypto_strings 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH ERR_load_crypto_strings 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" ERR_load_crypto_strings, SSL_load_error_strings, ERR_free_strings \- load and free error strings diff --git a/secure/lib/libcrypto/man/ERR_load_strings.3 b/secure/lib/libcrypto/man/ERR_load_strings.3 index bd6d4ea..fb30a10 100644 --- a/secure/lib/libcrypto/man/ERR_load_strings.3 +++ b/secure/lib/libcrypto/man/ERR_load_strings.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "ERR_load_strings 3" -.TH ERR_load_strings 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH ERR_load_strings 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" ERR_load_strings, ERR_PACK, ERR_get_next_error_library \- load arbitrary error strings diff --git a/secure/lib/libcrypto/man/ERR_print_errors.3 b/secure/lib/libcrypto/man/ERR_print_errors.3 index 9e00c5e..bb15bcc 100644 --- a/secure/lib/libcrypto/man/ERR_print_errors.3 +++ b/secure/lib/libcrypto/man/ERR_print_errors.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "ERR_print_errors 3" -.TH ERR_print_errors 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH ERR_print_errors 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" ERR_print_errors, ERR_print_errors_fp \- print error messages .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/ERR_put_error.3 b/secure/lib/libcrypto/man/ERR_put_error.3 index 46d8ec2..8823ef7 100644 --- a/secure/lib/libcrypto/man/ERR_put_error.3 +++ b/secure/lib/libcrypto/man/ERR_put_error.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "ERR_put_error 3" -.TH ERR_put_error 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH ERR_put_error 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" ERR_put_error, ERR_add_error_data \- record an error .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/ERR_remove_state.3 b/secure/lib/libcrypto/man/ERR_remove_state.3 index 41d8e4b..4b19049 100644 --- a/secure/lib/libcrypto/man/ERR_remove_state.3 +++ b/secure/lib/libcrypto/man/ERR_remove_state.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "ERR_remove_state 3" -.TH ERR_remove_state 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH ERR_remove_state 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" ERR_remove_state \- free a thread's error queue .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/ERR_set_mark.3 b/secure/lib/libcrypto/man/ERR_set_mark.3 new file mode 100644 index 0000000..1b4d228 --- /dev/null +++ b/secure/lib/libcrypto/man/ERR_set_mark.3 @@ -0,0 +1,166 @@ +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_set_mark 3" +.TH ERR_set_mark 3 "2006-07-29" "0.9.8b" "OpenSSL" +.SH "NAME" +ERR_set_mark, ERR_pop_to_mark \- set marks and pop errors until mark +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/err.h> +.Ve +.PP +.Vb 1 +\& int ERR_set_mark(void); +.Ve +.PP +.Vb 1 +\& int ERR_pop_to_mark(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIERR_set_mark()\fR sets a mark on the current topmost error record if there +is one. +.PP +\&\fIERR_pop_to_mark()\fR will pop the top of the error stack until a mark is found. +The mark is then removed. If there is no mark, the whole stack is removed. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIERR_set_mark()\fR returns 0 if the error stack is empty, otherwise 1. +.PP +\&\fIERR_pop_to_mark()\fR returns 0 if there was no mark in the error stack, which +implies that the stack became empty, otherwise 1. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIerr\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIERR_set_mark()\fR and \fIERR_pop_to_mark()\fR were added in OpenSSL 0.9.8. diff --git a/secure/lib/libcrypto/man/EVP_BytesToKey.3 b/secure/lib/libcrypto/man/EVP_BytesToKey.3 index cef6b36..331ce1e 100644 --- a/secure/lib/libcrypto/man/EVP_BytesToKey.3 +++ b/secure/lib/libcrypto/man/EVP_BytesToKey.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_BytesToKey 3" -.TH EVP_BytesToKey 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH EVP_BytesToKey 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" EVP_BytesToKey \- password based encryption routine .SH "SYNOPSIS" @@ -189,6 +189,6 @@ the \s-1IV\s0. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIevp\fR\|(3), \fIrand\fR\|(3), -\&\fIEVP_EncryptInit\fR\|(3), +\&\fIEVP_EncryptInit\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" diff --git a/secure/lib/libcrypto/man/EVP_DigestInit.3 b/secure/lib/libcrypto/man/EVP_DigestInit.3 index 727d045..558a43c 100644 --- a/secure/lib/libcrypto/man/EVP_DigestInit.3 +++ b/secure/lib/libcrypto/man/EVP_DigestInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_DigestInit 3" -.TH EVP_DigestInit 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH EVP_DigestInit 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate, EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE, @@ -151,7 +151,7 @@ EVP digest routines .PP .Vb 4 \& int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); -\& int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); +\& int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); \& int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, \& unsigned int *s); .Ve diff --git a/secure/lib/libcrypto/man/EVP_EncryptInit.3 b/secure/lib/libcrypto/man/EVP_EncryptInit.3 index 1d96fee..2a8f328 100644 --- a/secure/lib/libcrypto/man/EVP_EncryptInit.3 +++ b/secure/lib/libcrypto/man/EVP_EncryptInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_EncryptInit 3" -.TH EVP_EncryptInit 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH EVP_EncryptInit 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" EVP_CIPHER_CTX_init, EVP_EncryptInit_ex, EVP_EncryptUpdate, EVP_EncryptFinal_ex, EVP_DecryptInit_ex, EVP_DecryptUpdate, @@ -153,7 +153,7 @@ EVP_CIPHER_CTX_set_padding \- EVP cipher routines .Ve .PP .Vb 1 -\& int EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a); +\& void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a); .Ve .PP .Vb 6 @@ -388,8 +388,8 @@ and set. Currently only the \s-1RC2\s0 effective key length and the number of ro \&\s-1RC5\s0 can be set. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -EVP_CIPHER_CTX_init, \fIEVP_EncryptInit_ex()\fR, \fIEVP_EncryptUpdate()\fR and -\&\fIEVP_EncryptFinal_ex()\fR return 1 for success and 0 for failure. +\&\fIEVP_EncryptInit_ex()\fR, \fIEVP_EncryptUpdate()\fR and \fIEVP_EncryptFinal_ex()\fR +return 1 for success and 0 for failure. .PP \&\fIEVP_DecryptInit_ex()\fR and \fIEVP_DecryptUpdate()\fR return 1 for success and 0 for failure. \&\fIEVP_DecryptFinal_ex()\fR returns 0 if the decrypt failed or 1 for success. @@ -619,7 +619,7 @@ General encryption, decryption function example using \s-1FILE\s0 I/O and \s-1RC \& EVP_CipherInit_ex(&ctx, NULL, NULL, key, iv, do_encrypt); .Ve .PP -.Vb 17 +.Vb 19 \& for(;;) \& { \& inlen = fread(inbuf, 1, 1024, in); @@ -627,6 +627,7 @@ General encryption, decryption function example using \s-1FILE\s0 I/O and \s-1RC \& if(!EVP_CipherUpdate(&ctx, outbuf, &outlen, inbuf, inlen)) \& { \& /* Error */ +\& EVP_CIPHER_CTX_cleanup(&ctx); \& return 0; \& } \& fwrite(outbuf, 1, outlen, out); @@ -634,6 +635,7 @@ General encryption, decryption function example using \s-1FILE\s0 I/O and \s-1RC \& if(!EVP_CipherFinal_ex(&ctx, outbuf, &outlen)) \& { \& /* Error */ +\& EVP_CIPHER_CTX_cleanup(&ctx); \& return 0; \& } \& fwrite(outbuf, 1, outlen, out); diff --git a/secure/lib/libcrypto/man/EVP_OpenInit.3 b/secure/lib/libcrypto/man/EVP_OpenInit.3 index a9c4142..1e26e9a 100644 --- a/secure/lib/libcrypto/man/EVP_OpenInit.3 +++ b/secure/lib/libcrypto/man/EVP_OpenInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_OpenInit 3" -.TH EVP_OpenInit 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH EVP_OpenInit 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal \- EVP envelope decryption .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/EVP_PKEY_new.3 b/secure/lib/libcrypto/man/EVP_PKEY_new.3 index f930d9c..2f48faf 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_new.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_new 3" -.TH EVP_PKEY_new 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH EVP_PKEY_new 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" EVP_PKEY_new, EVP_PKEY_free \- private key allocation functions. .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 b/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 index fd4c1b4..c98be39 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_set1_RSA 3" -.TH EVP_PKEY_set1_RSA 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH EVP_PKEY_set1_RSA 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY, EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY, diff --git a/secure/lib/libcrypto/man/EVP_SealInit.3 b/secure/lib/libcrypto/man/EVP_SealInit.3 index 1a21b28..037b56f 100644 --- a/secure/lib/libcrypto/man/EVP_SealInit.3 +++ b/secure/lib/libcrypto/man/EVP_SealInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_SealInit 3" -.TH EVP_SealInit 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH EVP_SealInit 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" EVP_SealInit, EVP_SealUpdate, EVP_SealFinal \- EVP envelope encryption .SH "SYNOPSIS" @@ -138,9 +138,10 @@ EVP_SealInit, EVP_SealUpdate, EVP_SealFinal \- EVP envelope encryption \& #include <openssl/evp.h> .Ve .PP -.Vb 6 -\& int EVP_SealInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char **ek, -\& int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk); +.Vb 7 +\& int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& unsigned char **ek, int *ekl, unsigned char *iv, +\& EVP_PKEY **pubk, int npubk); \& int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, \& int *outl, unsigned char *in, int inl); \& int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, diff --git a/secure/lib/libcrypto/man/EVP_SignInit.3 b/secure/lib/libcrypto/man/EVP_SignInit.3 index e65da15..af67f40 100644 --- a/secure/lib/libcrypto/man/EVP_SignInit.3 +++ b/secure/lib/libcrypto/man/EVP_SignInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_SignInit 3" -.TH EVP_SignInit 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH EVP_SignInit 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" EVP_SignInit, EVP_SignUpdate, EVP_SignFinal \- EVP signing functions .SH "SYNOPSIS" @@ -164,11 +164,10 @@ signatures. signature context \fBctx\fR. This function can be called several times on the same \fBctx\fR to include additional data. .PP -\&\fIEVP_SignFinal()\fR signs the data in \fBctx\fR using the private key \fBpkey\fR -and places the signature in \fBsig\fR. If the \fBs\fR parameter is not \s-1NULL\s0 -then the number of bytes of data written (i.e. the length of the signature) -will be written to the integer at \fBs\fR, at most EVP_PKEY_size(pkey) bytes -will be written. +\&\fIEVP_SignFinal()\fR signs the data in \fBctx\fR using the private key \fBpkey\fR and +places the signature in \fBsig\fR. The number of bytes of data written (i.e. the +length of the signature) will be written to the integer at \fBs\fR, at most +EVP_PKEY_size(pkey) bytes will be written. .PP \&\fIEVP_SignInit()\fR initializes a signing context \fBctx\fR to use the default implementation of digest \fBtype\fR. diff --git a/secure/lib/libcrypto/man/EVP_VerifyInit.3 b/secure/lib/libcrypto/man/EVP_VerifyInit.3 index 98d0402..b5d7295 100644 --- a/secure/lib/libcrypto/man/EVP_VerifyInit.3 +++ b/secure/lib/libcrypto/man/EVP_VerifyInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_VerifyInit 3" -.TH EVP_VerifyInit 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH EVP_VerifyInit 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal \- EVP signature verification functions .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/OBJ_nid2obj.3 b/secure/lib/libcrypto/man/OBJ_nid2obj.3 index 6c36d1e..1113822 100644 --- a/secure/lib/libcrypto/man/OBJ_nid2obj.3 +++ b/secure/lib/libcrypto/man/OBJ_nid2obj.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "OBJ_nid2obj 3" -.TH OBJ_nid2obj 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH OBJ_nid2obj 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" OBJ_nid2obj, OBJ_nid2ln, OBJ_nid2sn, OBJ_obj2nid, OBJ_txt2nid, OBJ_ln2nid, OBJ_sn2nid, OBJ_cmp, OBJ_dup, OBJ_txt2obj, OBJ_obj2txt, OBJ_create, OBJ_cleanup \- ASN1 object utility diff --git a/secure/lib/libcrypto/man/OPENSSL_Applink.3 b/secure/lib/libcrypto/man/OPENSSL_Applink.3 new file mode 100644 index 0000000..4f99ef2 --- /dev/null +++ b/secure/lib/libcrypto/man/OPENSSL_Applink.3 @@ -0,0 +1,148 @@ +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_Applink 3" +.TH OPENSSL_Applink 3 "2006-07-29" "0.9.8b" "OpenSSL" +.SH "NAME" +OPENSSL_Applink \- glue between OpenSSL BIO and Win32 compiler run\-time +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& __declspec(dllexport) void **OPENSSL_Applink(); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +OPENSSL_Applink is application-side interface which provides a glue +between OpenSSL \s-1BIO\s0 layer and Win32 compiler run-time environment. +Even though it appears at application side, it's essentially OpenSSL +private interface. For this reason application developers are not +expected to implement it, but to compile provided module with +compiler of their choice and link it into the target application. +The referred module is available as <openssl>/ms/applink.c. diff --git a/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 b/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 index 8b1fd55..409496a 100644 --- a/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 +++ b/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_VERSION_NUMBER 3" -.TH OPENSSL_VERSION_NUMBER 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH OPENSSL_VERSION_NUMBER 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" OPENSSL_VERSION_NUMBER, SSLeay, SSLeay_version \- get OpenSSL version number .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/OPENSSL_config.3 b/secure/lib/libcrypto/man/OPENSSL_config.3 index 091e7f7..0d9b19f 100644 --- a/secure/lib/libcrypto/man/OPENSSL_config.3 +++ b/secure/lib/libcrypto/man/OPENSSL_config.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_config 3" -.TH OPENSSL_config 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH OPENSSL_config 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" OPENSSL_config, OPENSSL_no_config \- simple OpenSSL configuration functions .SH "SYNOPSIS" @@ -165,7 +165,7 @@ calls \fIOPENSSL_add_all_algorithms()\fR by compiling an application with the preprocessor symbol \fB\s-1OPENSSL_LOAD_CONF\s0\fR #define'd. In this way configuration can be added without source changes. .PP -The environment variable \fB\s-1OPENSSL_CONFIG\s0\fR can be set to specify the location +The environment variable \fB\s-1OPENSSL_CONF\s0\fR can be set to specify the location of the configuration file. .PP Currently \s-1ASN1\s0 OBJECTs and \s-1ENGINE\s0 configuration can be performed future diff --git a/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 b/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 new file mode 100644 index 0000000..d78837c --- /dev/null +++ b/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 @@ -0,0 +1,162 @@ +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_ia32cap 3" +.TH OPENSSL_ia32cap 3 "2006-07-29" "0.9.8b" "OpenSSL" +.SH "NAME" +OPENSSL_ia32cap \- finding the IA\-32 processor capabilities +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& unsigned long *OPENSSL_ia32cap_loc(void); +\& #define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc())) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Value returned by \fIOPENSSL_ia32cap_loc()\fR is address of a variable +containing \s-1IA\-32\s0 processor capabilities bit vector as it appears in \s-1EDX\s0 +register after executing \s-1CPUID\s0 instruction with EAX=1 input value (see +Intel Application Note #241618). Naturally it's meaningful on IA\-32[E] +platforms only. The variable is normally set up automatically upon +toolkit initialization, but can be manipulated afterwards to modify +crypto library behaviour. For the moment of this writing three bits are +significant, namely bit #28 denoting Hyperthreading, which is used to +distinguish Intel P4 core, bit #26 denoting \s-1SSE2\s0 support, and bit #4 +denoting presence of Time-Stamp Counter. Clearing bit #26 at run-time +for example disables high-performance \s-1SSE2\s0 code present in the crypto +library. You might have to do this if target OpenSSL application is +executed on \s-1SSE2\s0 capable \s-1CPU\s0, but under control of \s-1OS\s0 which does not +support \s-1SSE2\s0 extentions. Even though you can manipulate the value +programmatically, you most likely will find it more appropriate to set +up an environment variable with the same name prior starting target +application, e.g. 'env OPENSSL_ia32cap=0x10 apps/openssl', to achieve +same effect without modifying the application source code. +Alternatively you can reconfigure the toolkit with no\-sse2 option and +recompile. diff --git a/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 b/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 index e346553..56dbe01 100644 --- a/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 +++ b/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_load_builtin_modules 3" -.TH OPENSSL_load_builtin_modules 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH OPENSSL_load_builtin_modules 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" OPENSSL_load_builtin_modules \- add standard configuration modules .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 b/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 index 619594b..04e56c4 100644 --- a/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 +++ b/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "OpenSSL_add_all_algorithms 3" -.TH OpenSSL_add_all_algorithms 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH OpenSSL_add_all_algorithms 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" OpenSSL_add_all_algorithms, OpenSSL_add_all_ciphers, OpenSSL_add_all_digests \- add algorithms to internal table diff --git a/secure/lib/libcrypto/man/PKCS12_create.3 b/secure/lib/libcrypto/man/PKCS12_create.3 index 83906a7..18b6dd6 100644 --- a/secure/lib/libcrypto/man/PKCS12_create.3 +++ b/secure/lib/libcrypto/man/PKCS12_create.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "PKCS12_create 3" -.TH PKCS12_create 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH PKCS12_create 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" PKCS12_create \- create a PKCS#12 structure .SH "SYNOPSIS" @@ -175,6 +175,23 @@ it can be used for signing and encryption. This option was useful for old export grade software which could use signing only keys of arbitrary size but had restrictions on the permissible sizes of keys which could be used for encryption. +.SH "NEW FUNCTIONALITY IN OPENSSL 0.9.8" +.IX Header "NEW FUNCTIONALITY IN OPENSSL 0.9.8" +Some additional functionality was added to \fIPKCS12_create()\fR in OpenSSL +0.9.8. These extensions are detailed below. +.PP +If a certificate contains an \fBalias\fR or \fBkeyid\fR then this will be +used for the corresponding \fBfriendlyName\fR or \fBlocalKeyID\fR in the +\&\s-1PKCS12\s0 structure. +.PP +Either \fBpkey\fR, \fBcert\fR or both can be \fB\s-1NULL\s0\fR to indicate that no key or +certficate is required. In previous versions both had to be present or +a fatal error is returned. +.PP +\&\fBnid_key\fR or \fBnid_cert\fR can be set to \-1 indicating that no encryption +should be used. +.PP +\&\fBmac_iter\fR can be set to \-1 and the \s-1MAC\s0 will then be omitted entirely. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fId2i_PKCS12\fR\|(3) diff --git a/secure/lib/libcrypto/man/PKCS12_parse.3 b/secure/lib/libcrypto/man/PKCS12_parse.3 index 542e7c5..f28e35e 100644 --- a/secure/lib/libcrypto/man/PKCS12_parse.3 +++ b/secure/lib/libcrypto/man/PKCS12_parse.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "PKCS12_parse 3" -.TH PKCS12_parse 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH PKCS12_parse 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" PKCS12_parse \- parse a PKCS#12 structure .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/PKCS7_decrypt.3 b/secure/lib/libcrypto/man/PKCS7_decrypt.3 index e80747f..0b751c9 100644 --- a/secure/lib/libcrypto/man/PKCS7_decrypt.3 +++ b/secure/lib/libcrypto/man/PKCS7_decrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_decrypt 3" -.TH PKCS7_decrypt 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH PKCS7_decrypt 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" PKCS7_decrypt \- decrypt content from a PKCS#7 envelopedData structure .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/PKCS7_encrypt.3 b/secure/lib/libcrypto/man/PKCS7_encrypt.3 index 0877f1a..80cc449 100644 --- a/secure/lib/libcrypto/man/PKCS7_encrypt.3 +++ b/secure/lib/libcrypto/man/PKCS7_encrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_encrypt 3" -.TH PKCS7_encrypt 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH PKCS7_encrypt 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" PKCS7_encrypt \- create a PKCS#7 envelopedData structure .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/PKCS7_sign.3 b/secure/lib/libcrypto/man/PKCS7_sign.3 index 1f3c1f0..275b9a7 100644 --- a/secure/lib/libcrypto/man/PKCS7_sign.3 +++ b/secure/lib/libcrypto/man/PKCS7_sign.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_sign 3" -.TH PKCS7_sign 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH PKCS7_sign 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" PKCS7_sign \- create a PKCS#7 signedData structure .SH "SYNOPSIS" @@ -176,6 +176,23 @@ omitted. If present the SMIMECapabilities attribute indicates support for the following algorithms: triple \s-1DES\s0, 128 bit \s-1RC2\s0, 64 bit \s-1RC2\s0, \s-1DES\s0 and 40 bit \s-1RC2\s0. If any of these algorithms is disabled then it will not be included. +.PP +If the flags \fB\s-1PKCS7_PARTSIGN\s0\fR is set then the returned \fB\s-1PKCS7\s0\fR structure +is just initialized ready to perform the signing operation. The signing +is however \fBnot\fR performed and the data to be signed is not read from +the \fBdata\fR parameter. Signing is deferred until after the data has been +written. In this way data can be signed in a single pass. Currently the +flag \fB\s-1PKCS7_DETACHED\s0\fR \fBmust\fR also be set. +.SH "NOTES" +.IX Header "NOTES" +Currently the flag \fB\s-1PKCS7_PARTSIGN\s0\fR is only supported for detached +data. If this flag is set the returned \fB\s-1PKCS7\s0\fR structure is \fBnot\fR +complete and outputting its contents via a function that does not +properly finalize the \fB\s-1PKCS7\s0\fR structure will give unpredictable +results. +.PP +At present only the \fISMIME_write_PKCS7()\fR function properly finalizes the +structure. .SH "BUGS" .IX Header "BUGS" \&\fIPKCS7_sign()\fR is somewhat limited. It does not support multiple signers, some @@ -188,11 +205,6 @@ When the signed data is not detached it will be stored in memory within the signed due to memory restraints. There should be a way to sign data without having to hold it all in memory, this would however require fairly major revisions of the OpenSSL \s-1ASN1\s0 code. -.PP -Clear text signing does not store the content in memory but the way \fIPKCS7_sign()\fR -operates means that two passes of the data must typically be made: one to compute -the signatures and a second to output the data along with the signature. There -should be a way to process the data with only a single pass. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fIPKCS7_sign()\fR returns either a valid \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error occurred. @@ -203,3 +215,5 @@ The error can be obtained from \fIERR_get_error\fR\|(3). .SH "HISTORY" .IX Header "HISTORY" \&\fIPKCS7_sign()\fR was added to OpenSSL 0.9.5 +.PP +The \fB\s-1PKCS7_PARTSIGN\s0\fR flag was added in OpenSSL 0.9.8 diff --git a/secure/lib/libcrypto/man/PKCS7_verify.3 b/secure/lib/libcrypto/man/PKCS7_verify.3 index 9727ab8..8767f6a 100644 --- a/secure/lib/libcrypto/man/PKCS7_verify.3 +++ b/secure/lib/libcrypto/man/PKCS7_verify.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,14 +129,14 @@ .\" ======================================================================== .\" .IX Title "PKCS7_verify 3" -.TH PKCS7_verify 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH PKCS7_verify 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" PKCS7_verify \- verify a PKCS#7 signedData structure .SH "SYNOPSIS" .IX Header "SYNOPSIS" int PKCS7_verify(\s-1PKCS7\s0 *p7, \s-1STACK_OF\s0(X509) *certs, X509_STORE *store, \s-1BIO\s0 *indata, \s-1BIO\s0 *out, int flags); .PP -int PKCS7_get0_signers(\s-1PKCS7\s0 *p7, \s-1STACK_OF\s0(X509) *certs, int flags); +\&\s-1STACK_OF\s0(X509) *PKCS7_get0_signers(\s-1PKCS7\s0 *p7, \s-1STACK_OF\s0(X509) *certs, int flags); .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fIPKCS7_verify()\fR verifies a PKCS#7 signedData structure. \fBp7\fR is the \s-1PKCS7\s0 diff --git a/secure/lib/libcrypto/man/RAND_add.3 b/secure/lib/libcrypto/man/RAND_add.3 index 5b8009b..c71adf9 100644 --- a/secure/lib/libcrypto/man/RAND_add.3 +++ b/secure/lib/libcrypto/man/RAND_add.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RAND_add 3" -.TH RAND_add 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH RAND_add 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" RAND_add, RAND_seed, RAND_status, RAND_event, RAND_screen \- add entropy to the PRNG diff --git a/secure/lib/libcrypto/man/RAND_bytes.3 b/secure/lib/libcrypto/man/RAND_bytes.3 index 33a9b9b..61ddf3a 100644 --- a/secure/lib/libcrypto/man/RAND_bytes.3 +++ b/secure/lib/libcrypto/man/RAND_bytes.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RAND_bytes 3" -.TH RAND_bytes 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH RAND_bytes 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" RAND_bytes, RAND_pseudo_bytes \- generate random data .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/RAND_cleanup.3 b/secure/lib/libcrypto/man/RAND_cleanup.3 index 51d5797..4c1d7bf 100644 --- a/secure/lib/libcrypto/man/RAND_cleanup.3 +++ b/secure/lib/libcrypto/man/RAND_cleanup.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RAND_cleanup 3" -.TH RAND_cleanup 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH RAND_cleanup 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" RAND_cleanup \- erase the PRNG state .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/RAND_egd.3 b/secure/lib/libcrypto/man/RAND_egd.3 index e6f9dd6..09ee388 100644 --- a/secure/lib/libcrypto/man/RAND_egd.3 +++ b/secure/lib/libcrypto/man/RAND_egd.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RAND_egd 3" -.TH RAND_egd 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH RAND_egd 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" RAND_egd \- query entropy gathering daemon .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/RAND_load_file.3 b/secure/lib/libcrypto/man/RAND_load_file.3 index bd03e76..3c1b456 100644 --- a/secure/lib/libcrypto/man/RAND_load_file.3 +++ b/secure/lib/libcrypto/man/RAND_load_file.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RAND_load_file 3" -.TH RAND_load_file 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH RAND_load_file 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" RAND_load_file, RAND_write_file, RAND_file_name \- PRNG seed file .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/RAND_set_rand_method.3 b/secure/lib/libcrypto/man/RAND_set_rand_method.3 index 5aa4fb7..f2392c6 100644 --- a/secure/lib/libcrypto/man/RAND_set_rand_method.3 +++ b/secure/lib/libcrypto/man/RAND_set_rand_method.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RAND_set_rand_method 3" -.TH RAND_set_rand_method 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH RAND_set_rand_method 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" RAND_set_rand_method, RAND_get_rand_method, RAND_SSLeay \- select RAND method .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/RSA_blinding_on.3 b/secure/lib/libcrypto/man/RSA_blinding_on.3 index 94e7c24..9feedb2 100644 --- a/secure/lib/libcrypto/man/RSA_blinding_on.3 +++ b/secure/lib/libcrypto/man/RSA_blinding_on.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RSA_blinding_on 3" -.TH RSA_blinding_on 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH RSA_blinding_on 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" RSA_blinding_on, RSA_blinding_off \- protect the RSA operation from timing attacks .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/RSA_check_key.3 b/secure/lib/libcrypto/man/RSA_check_key.3 index 9e3e8b4..d76748c 100644 --- a/secure/lib/libcrypto/man/RSA_check_key.3 +++ b/secure/lib/libcrypto/man/RSA_check_key.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RSA_check_key 3" -.TH RSA_check_key 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH RSA_check_key 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" RSA_check_key \- validate private RSA keys .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/RSA_generate_key.3 b/secure/lib/libcrypto/man/RSA_generate_key.3 index b32411f..8907850 100644 --- a/secure/lib/libcrypto/man/RSA_generate_key.3 +++ b/secure/lib/libcrypto/man/RSA_generate_key.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RSA_generate_key 3" -.TH RSA_generate_key 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH RSA_generate_key 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" RSA_generate_key \- generate RSA key pair .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 b/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 index 776d2f2..466e287 100644 --- a/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 +++ b/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RSA_get_ex_new_index 3" -.TH RSA_get_ex_new_index 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH RSA_get_ex_new_index 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data \- add application specific data to RSA structures .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/RSA_new.3 b/secure/lib/libcrypto/man/RSA_new.3 index 9eb9ed0..aeda45d 100644 --- a/secure/lib/libcrypto/man/RSA_new.3 +++ b/secure/lib/libcrypto/man/RSA_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RSA_new 3" -.TH RSA_new 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH RSA_new 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" RSA_new, RSA_free \- allocate and free RSA objects .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 b/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 index 337ee85..764d5ed 100644 --- a/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 +++ b/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RSA_padding_add_PKCS1_type_1 3" -.TH RSA_padding_add_PKCS1_type_1 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH RSA_padding_add_PKCS1_type_1 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1, RSA_padding_add_PKCS1_type_2, RSA_padding_check_PKCS1_type_2, diff --git a/secure/lib/libcrypto/man/RSA_print.3 b/secure/lib/libcrypto/man/RSA_print.3 index 57ba2fb..b0b376c 100644 --- a/secure/lib/libcrypto/man/RSA_print.3 +++ b/secure/lib/libcrypto/man/RSA_print.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RSA_print 3" -.TH RSA_print 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH RSA_print 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" RSA_print, RSA_print_fp, DSAparams_print, DSAparams_print_fp, DSA_print, DSA_print_fp, diff --git a/secure/lib/libcrypto/man/RSA_private_encrypt.3 b/secure/lib/libcrypto/man/RSA_private_encrypt.3 index 4e600a0..4f8d11c 100644 --- a/secure/lib/libcrypto/man/RSA_private_encrypt.3 +++ b/secure/lib/libcrypto/man/RSA_private_encrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RSA_private_encrypt 3" -.TH RSA_private_encrypt 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH RSA_private_encrypt 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" RSA_private_encrypt, RSA_public_decrypt \- low level signature operations .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/RSA_public_encrypt.3 b/secure/lib/libcrypto/man/RSA_public_encrypt.3 index c432db0..fdc60de 100644 --- a/secure/lib/libcrypto/man/RSA_public_encrypt.3 +++ b/secure/lib/libcrypto/man/RSA_public_encrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RSA_public_encrypt 3" -.TH RSA_public_encrypt 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH RSA_public_encrypt 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" RSA_public_encrypt, RSA_private_decrypt \- RSA public key cryptography .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/RSA_set_method.3 b/secure/lib/libcrypto/man/RSA_set_method.3 index 92096a7..3fd5b48 100644 --- a/secure/lib/libcrypto/man/RSA_set_method.3 +++ b/secure/lib/libcrypto/man/RSA_set_method.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RSA_set_method 3" -.TH RSA_set_method 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH RSA_set_method 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" RSA_set_default_method, RSA_get_default_method, RSA_set_method, RSA_get_method, RSA_PKCS1_SSLeay, RSA_null_method, RSA_flags, diff --git a/secure/lib/libcrypto/man/RSA_sign.3 b/secure/lib/libcrypto/man/RSA_sign.3 index 765fca4..38dfd3d 100644 --- a/secure/lib/libcrypto/man/RSA_sign.3 +++ b/secure/lib/libcrypto/man/RSA_sign.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RSA_sign 3" -.TH RSA_sign 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH RSA_sign 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" RSA_sign, RSA_verify \- RSA signatures .SH "SYNOPSIS" @@ -139,12 +139,12 @@ RSA_sign, RSA_verify \- RSA signatures .Ve .PP .Vb 2 -\& int RSA_sign(int type, unsigned char *m, unsigned int m_len, +\& int RSA_sign(int type, const unsigned char *m, unsigned int m_len, \& unsigned char *sigret, unsigned int *siglen, RSA *rsa); .Ve .PP .Vb 2 -\& int RSA_verify(int type, unsigned char *m, unsigned int m_len, +\& int RSA_verify(int type, const unsigned char *m, unsigned int m_len, \& unsigned char *sigbuf, unsigned int siglen, RSA *rsa); .Ve .SH "DESCRIPTION" diff --git a/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 b/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 index f84d9ec..afbfe4b 100644 --- a/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 +++ b/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RSA_sign_ASN1_OCTET_STRING 3" -.TH RSA_sign_ASN1_OCTET_STRING 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH RSA_sign_ASN1_OCTET_STRING 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING \- RSA signatures .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/RSA_size.3 b/secure/lib/libcrypto/man/RSA_size.3 index 4cbd27b..5162e98 100644 --- a/secure/lib/libcrypto/man/RSA_size.3 +++ b/secure/lib/libcrypto/man/RSA_size.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RSA_size 3" -.TH RSA_size 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH RSA_size 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" RSA_size \- get RSA modulus size .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 b/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 index 1882697..9c7ea9b 100644 --- a/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 +++ b/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SMIME_read_PKCS7 3" -.TH SMIME_read_PKCS7 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH SMIME_read_PKCS7 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SMIME_read_PKCS7 \- parse S/MIME message. .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 b/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 index 6e29d7a..a6b620f 100644 --- a/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 +++ b/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SMIME_write_PKCS7 3" -.TH SMIME_write_PKCS7 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH SMIME_write_PKCS7 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SMIME_write_PKCS7 \- convert PKCS#7 structure to S/MIME format. .SH "SYNOPSIS" @@ -156,16 +156,18 @@ If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/ are added to the content, this only makes sense if \fB\s-1PKCS7_DETACHED\s0\fR is also set. .PP -If cleartext signing is being used then the data must be read twice: -once to compute the signature in \fIPKCS7_sign()\fR and once to output the -S/MIME message. +If the \fB\s-1PKCS7_PARTSIGN\s0\fR flag is set the signed data is finalized +and output along with the content. This flag should only be set +if \fB\s-1PKCS7_DETACHED\s0\fR is also set and the previous call to \fIPKCS7_sign()\fR +also set these flags. +.PP +If cleartext signing is being used and \fB\s-1PKCS7_PARTSIGN\s0\fR not set then +the data must be read twice: once to compute the signature in \fIPKCS7_sign()\fR +and once to output the S/MIME message. .SH "BUGS" .IX Header "BUGS" \&\fISMIME_write_PKCS7()\fR always base64 encodes PKCS#7 structures, there should be an option to disable this. -.PP -There should really be a way to produce cleartext signing using only -a single pass of the data. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fISMIME_write_PKCS7()\fR returns 1 for success or 0 for failure. diff --git a/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 b/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 index eb53fe7..5f7db97 100644 --- a/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 +++ b/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "X509_NAME_ENTRY_get_object 3" -.TH X509_NAME_ENTRY_get_object 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH X509_NAME_ENTRY_get_object 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" X509_NAME_ENTRY_get_object, X509_NAME_ENTRY_get_data, X509_NAME_ENTRY_set_object, X509_NAME_ENTRY_set_data, @@ -141,11 +141,11 @@ X509_NAME_ENTRY_create_by_OBJ \- X509_NAME_ENTRY utility functions \&\s-1ASN1_STRING\s0 * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne); .PP int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, \s-1ASN1_OBJECT\s0 *obj); -int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, unsigned char *bytes, int len); +int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, const unsigned char *bytes, int len); .PP -X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, char *field, int type, unsigned char *bytes, int len); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const char *field, int type, const unsigned char *bytes, int len); X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type,unsigned char *bytes, int len); -X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, \s-1ASN1_OBJECT\s0 *obj, int type,unsigned char *bytes, int len); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, \s-1ASN1_OBJECT\s0 *obj, int type, const unsigned char *bytes, int len); .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fIX509_NAME_ENTRY_get_object()\fR retrieves the field name of \fBne\fR in diff --git a/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 b/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 index 5cde5f1..a65d58a 100644 --- a/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 +++ b/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,16 +129,20 @@ .\" ======================================================================== .\" .IX Title "X509_NAME_add_entry_by_txt 3" -.TH X509_NAME_add_entry_by_txt 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH X509_NAME_add_entry_by_txt 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" X509_NAME_add_entry_by_txt, X509_NAME_add_entry_by_OBJ, X509_NAME_add_entry_by_NID, X509_NAME_add_entry, X509_NAME_delete_entry \- X509_NAME modification functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" -int X509_NAME_add_entry_by_txt(X509_NAME *name, char *field, int type, unsigned char *bytes, int len, int loc, int set); +int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, const unsigned char *bytes, int len, int loc, int set); +.PP int X509_NAME_add_entry_by_OBJ(X509_NAME *name, \s-1ASN1_OBJECT\s0 *obj, int type, unsigned char *bytes, int len, int loc, int set); +.PP int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, unsigned char *bytes, int len, int loc, int set); +.PP int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, int loc, int set); +.PP X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); .SH "DESCRIPTION" .IX Header "DESCRIPTION" diff --git a/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 b/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 index 43f1004..87a2252 100644 --- a/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 +++ b/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "X509_NAME_get_index_by_NID 3" -.TH X509_NAME_get_index_by_NID 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH X509_NAME_get_index_by_NID 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" X509_NAME_get_index_by_NID, X509_NAME_get_index_by_OBJ, X509_NAME_get_entry, X509_NAME_entry_count, X509_NAME_get_text_by_NID, X509_NAME_get_text_by_OBJ \- diff --git a/secure/lib/libcrypto/man/X509_NAME_print_ex.3 b/secure/lib/libcrypto/man/X509_NAME_print_ex.3 index 7d60128..cc85b30 100644 --- a/secure/lib/libcrypto/man/X509_NAME_print_ex.3 +++ b/secure/lib/libcrypto/man/X509_NAME_print_ex.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "X509_NAME_print_ex 3" -.TH X509_NAME_print_ex 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH X509_NAME_print_ex 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" X509_NAME_print_ex, X509_NAME_print_ex_fp, X509_NAME_print, X509_NAME_oneline \- X509_NAME printing routines. @@ -171,8 +171,8 @@ applications. Although there are a large number of possible flags for most purposes \&\fB\s-1XN_FLAG_ONELINE\s0\fR, \fB\s-1XN_FLAG_MULTILINE\s0\fR or \fB\s-1XN_FLAG_RFC2253\s0\fR will suffice. As noted on the \fIASN1_STRING_print_ex\fR\|(3) manual page -for \s-1UTF8\s0 terminals the \fB\s-1ASN1_STRFLAGS_ESC_MSB\s0\fR should be unset: so for example -\&\fB\s-1XN_FLAG_ONELINE\s0 & ~ASN1_STRFLAGS_ESC_MSB\fR would be used. +for \s-1UTF8\s0 terminals the \fB\s-1ASN1_STRFLGS_ESC_MSB\s0\fR should be unset: so for example +\&\fB\s-1XN_FLAG_ONELINE\s0 & ~ASN1_STRFLGS_ESC_MSB\fR would be used. .PP The complete set of the flags supported by \fIX509_NAME_print_ex()\fR is listed below. .PP diff --git a/secure/lib/libcrypto/man/X509_new.3 b/secure/lib/libcrypto/man/X509_new.3 index 8d94d79..87a8d9a 100644 --- a/secure/lib/libcrypto/man/X509_new.3 +++ b/secure/lib/libcrypto/man/X509_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "X509_new 3" -.TH X509_new 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH X509_new 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" X509_new, X509_free \- X509 certificate ASN1 allocation functions .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/bio.3 b/secure/lib/libcrypto/man/bio.3 index 7b65897..14ec566 100644 --- a/secure/lib/libcrypto/man/bio.3 +++ b/secure/lib/libcrypto/man/bio.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "bio 3" -.TH bio 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH bio 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" bio \- I/O abstraction .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/blowfish.3 b/secure/lib/libcrypto/man/blowfish.3 index c4f5af1..1b16b02 100644 --- a/secure/lib/libcrypto/man/blowfish.3 +++ b/secure/lib/libcrypto/man/blowfish.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "blowfish 3" -.TH blowfish 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH blowfish 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" blowfish, BF_set_key, BF_encrypt, BF_decrypt, BF_ecb_encrypt, BF_cbc_encrypt, BF_cfb64_encrypt, BF_ofb64_encrypt, BF_options \- Blowfish encryption @@ -167,7 +167,7 @@ by Counterpane (see http://www.counterpane.com/blowfish.html ). .PP Blowfish is a block cipher that operates on 64 bit (8 byte) blocks of data. It uses a variable size key, but typically, 128 bit (16 byte) keys are -a considered good for strong encryption. Blowfish can be used in the same +considered good for strong encryption. Blowfish can be used in the same modes as \s-1DES\s0 (see \fIdes_modes\fR\|(7)). Blowfish is currently one of the faster block ciphers. It is quite a bit faster than \s-1DES\s0, and much faster than \s-1IDEA\s0 or \s-1RC2\s0. diff --git a/secure/lib/libcrypto/man/bn.3 b/secure/lib/libcrypto/man/bn.3 index 94032ed..340bf99 100644 --- a/secure/lib/libcrypto/man/bn.3 +++ b/secure/lib/libcrypto/man/bn.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "bn 3" -.TH bn 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH bn 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" bn \- multiprecision integer arithmetics .SH "SYNOPSIS" @@ -167,6 +167,11 @@ bn \- multiprecision integer arithmetics \& int BN_num_bits_word(BN_ULONG w); .Ve .PP +.Vb 2 +\& void BN_set_negative(BIGNUM *a, int n); +\& int BN_is_negative(const BIGNUM *a); +.Ve +.PP .Vb 19 \& int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); \& int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); @@ -279,6 +284,28 @@ bn \- multiprecision integer arithmetics \& int BN_to_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont, \& BN_CTX *ctx); .Ve +.PP +.Vb 19 +\& BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, +\& BIGNUM *mod); +\& void BN_BLINDING_free(BN_BLINDING *b); +\& int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx); +\& int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); +\& int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); +\& int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, +\& BN_CTX *ctx); +\& int BN_BLINDING_invert_ex(BIGNUM *n,const BIGNUM *r,BN_BLINDING *b, +\& BN_CTX *ctx); +\& unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *); +\& void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long); +\& unsigned long BN_BLINDING_get_flags(const BN_BLINDING *); +\& void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); +\& BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, +\& const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, +\& int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, +\& const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx), +\& BN_MONT_CTX *m_ctx); +.Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" This library performs arithmetic operations on integers of arbitrary @@ -312,4 +339,5 @@ of \fB\s-1BIGNUM\s0\fRs to external formats is described in \fIBN_bn2bin\fR\|(3) \&\fIBN_generate_prime\fR\|(3), \fIBN_set_bit\fR\|(3), \&\fIBN_bn2bin\fR\|(3), \fIBN_mod_inverse\fR\|(3), \&\fIBN_mod_mul_reciprocal\fR\|(3), -\&\fIBN_mod_mul_montgomery\fR\|(3) +\&\fIBN_mod_mul_montgomery\fR\|(3), +\&\fIBN_BLINDING_new\fR\|(3) diff --git a/secure/lib/libcrypto/man/bn_internal.3 b/secure/lib/libcrypto/man/bn_internal.3 index dfaae53..a0c5721 100644 --- a/secure/lib/libcrypto/man/bn_internal.3 +++ b/secure/lib/libcrypto/man/bn_internal.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "bn_internal 3" -.TH bn_internal 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH bn_internal 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" bn_mul_words, bn_mul_add_words, bn_sqr_words, bn_div_words, bn_add_words, bn_sub_words, bn_mul_comba4, bn_mul_comba8, @@ -215,20 +215,20 @@ applications. .Vb 7 \& typedef struct bignum_st \& { -\& int top; /* index of last used d (most significant word) */ -\& BN_ULONG *d; /* pointer to an array of 'BITS2' bit chunks */ +\& int top; /* number of words used in d */ +\& BN_ULONG *d; /* pointer to an array containing the integer value */ \& int max; /* size of the d array */ \& int neg; /* sign */ \& } BIGNUM; .Ve .PP -The big number is stored in \fBd\fR, a \fImalloc()\fRed array of \fB\s-1BN_ULONG\s0\fRs, -least significant first. A \fB\s-1BN_ULONG\s0\fR can be either 16, 32 or 64 bits -in size (\fB\s-1BITS2\s0\fR), depending on the 'number of bits' specified in +The integer value is stored in \fBd\fR, a \fImalloc()\fRed array of words (\fB\s-1BN_ULONG\s0\fR), +least significant word first. A \fB\s-1BN_ULONG\s0\fR can be either 16, 32 or 64 bits +in size, depending on the 'number of bits' (\fB\s-1BITS2\s0\fR) specified in \&\f(CW\*(C`openssl/bn.h\*(C'\fR. .PP \&\fBmax\fR is the size of the \fBd\fR array that has been allocated. \fBtop\fR -is the 'last' entry being used, so for a value of 4, bn.d[0]=4 and +is the number of words being used, so for a value of 4, bn.d[0]=4 and bn.top=1. \fBneg\fR is 1 if the number is negative. When a \fB\s-1BIGNUM\s0\fR is \&\fB0\fR, the \fBd\fR field can be \fB\s-1NULL\s0\fR and \fBtop\fR == \fB0\fR. .PP @@ -344,7 +344,7 @@ call \fIbn_expand2()\fR, which allocates a new \fBd\fR array and copies the data. They return \fB\s-1NULL\s0\fR on error, \fBb\fR otherwise. .PP The \fIbn_fix_top()\fR macro reduces \fBa\->top\fR to point to the most -significant non-zero word when \fBa\fR has shrunk. +significant non-zero word plus one when \fBa\fR has shrunk. .Sh "Debugging" .IX Subsection "Debugging" \&\fIbn_check_top()\fR verifies that \f(CW\*(C`((a)\->top >= 0 && (a)\->top diff --git a/secure/lib/libcrypto/man/buffer.3 b/secure/lib/libcrypto/man/buffer.3 index a352c87..630c383 100644 --- a/secure/lib/libcrypto/man/buffer.3 +++ b/secure/lib/libcrypto/man/buffer.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "buffer 3" -.TH buffer 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH buffer 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" BUF_MEM_new, BUF_MEM_free, BUF_MEM_grow, BUF_strdup \- simple character arrays structure diff --git a/secure/lib/libcrypto/man/crypto.3 b/secure/lib/libcrypto/man/crypto.3 index 6336d30..b673a16 100644 --- a/secure/lib/libcrypto/man/crypto.3 +++ b/secure/lib/libcrypto/man/crypto.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "crypto 3" -.TH crypto 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH crypto 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" crypto \- OpenSSL cryptographic library .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 b/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 index ccde338..59649b2 100644 --- a/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 +++ b/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "d2i_ASN1_OBJECT 3" -.TH d2i_ASN1_OBJECT 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH d2i_ASN1_OBJECT 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" d2i_ASN1_OBJECT, i2d_ASN1_OBJECT \- ASN1 OBJECT IDENTIFIER functions .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/d2i_DHparams.3 b/secure/lib/libcrypto/man/d2i_DHparams.3 index 1b85bee..583b620 100644 --- a/secure/lib/libcrypto/man/d2i_DHparams.3 +++ b/secure/lib/libcrypto/man/d2i_DHparams.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "d2i_DHparams 3" -.TH d2i_DHparams 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH d2i_DHparams 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" d2i_DHparams, i2d_DHparams \- PKCS#3 DH parameter functions. .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 b/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 index 61e2fd3..b3d96de 100644 --- a/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 +++ b/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "d2i_DSAPublicKey 3" -.TH d2i_DSAPublicKey 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH d2i_DSAPublicKey 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" d2i_DSAPublicKey, i2d_DSAPublicKey, d2i_DSAPrivateKey, i2d_DSAPrivateKey, d2i_DSA_PUBKEY, i2d_DSA_PUBKEY, d2i_DSA_SIG, i2d_DSA_SIG \- DSA key encoding diff --git a/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 b/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 index c5344e3..419a8cb 100644 --- a/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 +++ b/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "d2i_PKCS8PrivateKey 3" -.TH d2i_PKCS8PrivateKey 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH d2i_PKCS8PrivateKey 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" d2i_PKCS8PrivateKey_bio, d2i_PKCS8PrivateKey_fp, i2d_PKCS8PrivateKey_bio, i2d_PKCS8PrivateKey_fp, diff --git a/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 b/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 index 13ba811..7132f8d 100644 --- a/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 +++ b/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "d2i_RSAPublicKey 3" -.TH d2i_RSAPublicKey 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH d2i_RSAPublicKey 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" d2i_RSAPublicKey, i2d_RSAPublicKey, d2i_RSAPrivateKey, i2d_RSAPrivateKey, d2i_RSA_PUBKEY, i2d_RSA_PUBKEY, i2d_Netscape_RSA, diff --git a/secure/lib/libcrypto/man/d2i_X509.3 b/secure/lib/libcrypto/man/d2i_X509.3 index 20ddb94..0a73622 100644 --- a/secure/lib/libcrypto/man/d2i_X509.3 +++ b/secure/lib/libcrypto/man/d2i_X509.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509 3" -.TH d2i_X509 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH d2i_X509 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" d2i_X509, i2d_X509, d2i_X509_bio, d2i_X509_fp, i2d_X509_bio, i2d_X509_fp \- X509 encode and decode functions @@ -140,7 +140,7 @@ i2d_X509_fp \- X509 encode and decode functions .Ve .PP .Vb 2 -\& X509 *d2i_X509(X509 **px, unsigned char **in, int len); +\& X509 *d2i_X509(X509 **px, const unsigned char **in, int len); \& int i2d_X509(X509 *x, unsigned char **out); .Ve .PP @@ -158,13 +158,13 @@ i2d_X509_fp \- X509 encode and decode functions The X509 encode and decode routines encode and parse an \&\fBX509\fR structure, which represents an X509 certificate. .PP -\&\fId2i_X509()\fR attempts to decode \fBlen\fR bytes at \fB*out\fR. If +\&\fId2i_X509()\fR attempts to decode \fBlen\fR bytes at \fB*in\fR. If successful a pointer to the \fBX509\fR structure is returned. If an error occurred then \fB\s-1NULL\s0\fR is returned. If \fBpx\fR is not \fB\s-1NULL\s0\fR then the returned structure is written to \fB*px\fR. If \fB*px\fR is not \fB\s-1NULL\s0\fR then it is assumed that \fB*px\fR contains a valid \fBX509\fR structure and an attempt is made to reuse it. If the call is -successful \fB*out\fR is incremented to the byte following the +successful \fB*in\fR is incremented to the byte following the parsed data. .PP \&\fIi2d_X509()\fR encodes the structure pointed to by \fBx\fR into \s-1DER\s0 format. diff --git a/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 b/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 index d19dc37..bee64a8 100644 --- a/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 +++ b/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509_ALGOR 3" -.TH d2i_X509_ALGOR 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH d2i_X509_ALGOR 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" d2i_X509_ALGOR, i2d_X509_ALGOR \- AlgorithmIdentifier functions. .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/d2i_X509_CRL.3 b/secure/lib/libcrypto/man/d2i_X509_CRL.3 index 5ec0a06..94949a6 100644 --- a/secure/lib/libcrypto/man/d2i_X509_CRL.3 +++ b/secure/lib/libcrypto/man/d2i_X509_CRL.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509_CRL 3" -.TH d2i_X509_CRL 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH d2i_X509_CRL 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" d2i_X509_CRL, i2d_X509_CRL, d2i_X509_CRL_bio, d2i_509_CRL_fp, i2d_X509_CRL_bio, i2d_X509_CRL_fp \- PKCS#10 certificate request functions. @@ -140,7 +140,7 @@ i2d_X509_CRL_bio, i2d_X509_CRL_fp \- PKCS#10 certificate request functions. .Ve .PP .Vb 2 -\& X509_CRL *d2i_X509_CRL(X509_CRL **a, unsigned char **pp, long length); +\& X509_CRL *d2i_X509_CRL(X509_CRL **a, const unsigned char **pp, long length); \& int i2d_X509_CRL(X509_CRL *a, unsigned char **pp); .Ve .PP diff --git a/secure/lib/libcrypto/man/d2i_X509_NAME.3 b/secure/lib/libcrypto/man/d2i_X509_NAME.3 index f578fea..5f8b237 100644 --- a/secure/lib/libcrypto/man/d2i_X509_NAME.3 +++ b/secure/lib/libcrypto/man/d2i_X509_NAME.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509_NAME 3" -.TH d2i_X509_NAME 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH d2i_X509_NAME 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" d2i_X509_NAME, i2d_X509_NAME \- X509_NAME encoding functions .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/d2i_X509_REQ.3 b/secure/lib/libcrypto/man/d2i_X509_REQ.3 index 224fa33..81aa751 100644 --- a/secure/lib/libcrypto/man/d2i_X509_REQ.3 +++ b/secure/lib/libcrypto/man/d2i_X509_REQ.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509_REQ 3" -.TH d2i_X509_REQ 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH d2i_X509_REQ 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" d2i_X509_REQ, i2d_X509_REQ, d2i_X509_REQ_bio, d2i_X509_REQ_fp, i2d_X509_REQ_bio, i2d_X509_REQ_fp \- PKCS#10 certificate request functions. @@ -140,7 +140,7 @@ i2d_X509_REQ_bio, i2d_X509_REQ_fp \- PKCS#10 certificate request functions. .Ve .PP .Vb 2 -\& X509_REQ *d2i_X509_REQ(X509_REQ **a, unsigned char **pp, long length); +\& X509_REQ *d2i_X509_REQ(X509_REQ **a, const unsigned char **pp, long length); \& int i2d_X509_REQ(X509_REQ *a, unsigned char **pp); .Ve .PP diff --git a/secure/lib/libcrypto/man/d2i_X509_SIG.3 b/secure/lib/libcrypto/man/d2i_X509_SIG.3 index 2d49c394..7190475 100644 --- a/secure/lib/libcrypto/man/d2i_X509_SIG.3 +++ b/secure/lib/libcrypto/man/d2i_X509_SIG.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509_SIG 3" -.TH d2i_X509_SIG 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH d2i_X509_SIG 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" d2i_X509_SIG, i2d_X509_SIG \- DigestInfo functions. .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/des.3 b/secure/lib/libcrypto/man/des.3 index 41b29a3..cff23bb 100644 --- a/secure/lib/libcrypto/man/des.3 +++ b/secure/lib/libcrypto/man/des.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "des 3" -.TH des 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH des 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" DES_random_key, DES_set_key, DES_key_sched, DES_set_key_checked, DES_set_key_unchecked, DES_set_odd_parity, DES_is_weak_key, diff --git a/secure/lib/libcrypto/man/dh.3 b/secure/lib/libcrypto/man/dh.3 index bae8f25..ad5accc 100644 --- a/secure/lib/libcrypto/man/dh.3 +++ b/secure/lib/libcrypto/man/dh.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "dh 3" -.TH dh 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH dh 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" dh \- Diffie\-Hellman key agreement .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/dsa.3 b/secure/lib/libcrypto/man/dsa.3 index 83a8396..fd32ed1 100644 --- a/secure/lib/libcrypto/man/dsa.3 +++ b/secure/lib/libcrypto/man/dsa.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "dsa 3" -.TH dsa 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH dsa 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" dsa \- Digital Signature Algorithm .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/ecdsa.3 b/secure/lib/libcrypto/man/ecdsa.3 new file mode 100644 index 0000000..b99ff1a --- /dev/null +++ b/secure/lib/libcrypto/man/ecdsa.3 @@ -0,0 +1,353 @@ +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ecdsa 3" +.TH ecdsa 3 "2006-07-29" "0.9.8b" "OpenSSL" +.SH "NAME" +ecdsa \- Elliptic Curve Digital Signature Algorithm +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ecdsa.h> +.Ve +.PP +.Vb 5 +\& ECDSA_SIG* ECDSA_SIG_new(void); +\& void ECDSA_SIG_free(ECDSA_SIG *sig); +\& int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp); +\& ECDSA_SIG* d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, +\& long len); +.Ve +.PP +.Vb 20 +\& ECDSA_SIG* ECDSA_do_sign(const unsigned char *dgst, int dgst_len, +\& EC_KEY *eckey); +\& ECDSA_SIG* ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, +\& const BIGNUM *kinv, const BIGNUM *rp, +\& EC_KEY *eckey); +\& int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, +\& const ECDSA_SIG *sig, EC_KEY* eckey); +\& int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, +\& BIGNUM **kinv, BIGNUM **rp); +\& int ECDSA_sign(int type, const unsigned char *dgst, +\& int dgstlen, unsigned char *sig, +\& unsigned int *siglen, EC_KEY *eckey); +\& int ECDSA_sign_ex(int type, const unsigned char *dgst, +\& int dgstlen, unsigned char *sig, +\& unsigned int *siglen, const BIGNUM *kinv, +\& const BIGNUM *rp, EC_KEY *eckey); +\& int ECDSA_verify(int type, const unsigned char *dgst, +\& int dgstlen, const unsigned char *sig, +\& int siglen, EC_KEY *eckey); +\& int ECDSA_size(const EC_KEY *eckey); +.Ve +.PP +.Vb 4 +\& const ECDSA_METHOD* ECDSA_OpenSSL(void); +\& void ECDSA_set_default_method(const ECDSA_METHOD *meth); +\& const ECDSA_METHOD* ECDSA_get_default_method(void); +\& int ECDSA_set_method(EC_KEY *eckey,const ECDSA_METHOD *meth); +.Ve +.PP +.Vb 6 +\& int ECDSA_get_ex_new_index(long argl, void *argp, +\& CRYPTO_EX_new *new_func, +\& CRYPTO_EX_dup *dup_func, +\& CRYPTO_EX_free *free_func); +\& int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg); +\& void* ECDSA_get_ex_data(EC_KEY *d, int idx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1ECDSA_SIG\s0\fR structure consists of two BIGNUMs for the +r and s value of a \s-1ECDSA\s0 signature (see X9.62 or \s-1FIPS\s0 186\-2). +.PP +.Vb 5 +\& struct +\& { +\& BIGNUM *r; +\& BIGNUM *s; +\& } ECDSA_SIG; +.Ve +.PP +\&\fIECDSA_SIG_new()\fR allocates a new \fB\s-1ECDSA_SIG\s0\fR structure (note: this +function also allocates the BIGNUMs) and initialize it. +.PP +\&\fIECDSA_SIG_free()\fR frees the \fB\s-1ECDSA_SIG\s0\fR structure \fBsig\fR. +.PP +\&\fIi2d_ECDSA_SIG()\fR creates the \s-1DER\s0 encoding of the \s-1ECDSA\s0 signature +\&\fBsig\fR and writes the encoded signature to \fB*pp\fR (note: if \fBpp\fR +is \s-1NULL\s0 \fBi2d_ECDSA_SIG\fR returns the expected length in bytes of +the \s-1DER\s0 encoded signature). \fBi2d_ECDSA_SIG\fR returns the length +of the \s-1DER\s0 encoded signature (or 0 on error). +.PP +\&\fId2i_ECDSA_SIG()\fR decodes a \s-1DER\s0 encoded \s-1ECDSA\s0 signature and returns +the decoded signature in a newly allocated \fB\s-1ECDSA_SIG\s0\fR structure. +\&\fB*sig\fR points to the buffer containing the \s-1DER\s0 encoded signature +of size \fBlen\fR. +.PP +\&\fIECDSA_size()\fR returns the maximum length of a \s-1DER\s0 encoded +\&\s-1ECDSA\s0 signature created with the private \s-1EC\s0 key \fBeckey\fR. +.PP +\&\fIECDSA_sign_setup()\fR may be used to precompute parts of the +signing operation. \fBeckey\fR is the private \s-1EC\s0 key and \fBctx\fR +is a pointer to \fB\s-1BN_CTX\s0\fR structure (or \s-1NULL\s0). The precomputed +values or returned in \fBkinv\fR and \fBrp\fR and can be used in a +later call to \fBECDSA_sign_ex\fR or \fBECDSA_do_sign_ex\fR. +.PP +\&\fIECDSA_sign()\fR is wrapper function for ECDSA_sign_ex with \fBkinv\fR +and \fBrp\fR set to \s-1NULL\s0. +.PP +\&\fIECDSA_sign_ex()\fR computes a digital signature of the \fBdgstlen\fR bytes +hash value \fBdgst\fR using the private \s-1EC\s0 key \fBeckey\fR and the optional +pre-computed values \fBkinv\fR and \fBrp\fR. The \s-1DER\s0 encoded signatures is +stored in \fBsig\fR and it's length is returned in \fBsig_len\fR. Note: \fBsig\fR +must point to \fBECDSA_size\fR bytes of memory. The parameter \fBtype\fR +is ignored. +.PP +\&\fIECDSA_verify()\fR verifies that the signature in \fBsig\fR of size +\&\fBsiglen\fR is a valid \s-1ECDSA\s0 signature of the hash value +value \fBdgst\fR of size \fBdgstlen\fR using the public key \fBeckey\fR. +The parameter \fBtype\fR is ignored. +.PP +\&\fIECDSA_do_sign()\fR is wrapper function for ECDSA_do_sign_ex with \fBkinv\fR +and \fBrp\fR set to \s-1NULL\s0. +.PP +\&\fIECDSA_do_sign_ex()\fR computes a digital signature of the \fBdgst_len\fR +bytes hash value \fBdgst\fR using the private key \fBeckey\fR and the +optional pre-computed values \fBkinv\fR and \fBrp\fR. The signature is +returned in a newly allocated \fB\s-1ECDSA_SIG\s0\fR structure (or \s-1NULL\s0 on error). +.PP +\&\fIECDSA_do_verify()\fR verifies that the signature \fBsig\fR is a valid +\&\s-1ECDSA\s0 signature of the hash value \fBdgst\fR of size \fBdgst_len\fR +using the public key \fBeckey\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIECDSA_size()\fR returns the maximum length signature or 0 on error. +.PP +\&\fIECDSA_sign_setup()\fR and \fIECDSA_sign()\fR return 1 if successful or \-1 +on error. +.PP +\&\fIECDSA_verify()\fR and \fIECDSA_do_verify()\fR return 1 for a valid +signature, 0 for an invalid signature and \-1 on error. +The error codes can be obtained by \fIERR_get_error\fR\|(3). +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Creating a \s-1ECDSA\s0 signature of given \s-1SHA\-1\s0 hash value using the +named curve secp192k1. +.PP +First step: create a \s-1EC_KEY\s0 object (note: this part is \fBnot\fR \s-1ECDSA\s0 +specific) +.PP +.Vb 16 +\& int ret; +\& ECDSA_SIG *sig; +\& EC_KEY *eckey = EC_KEY_new(); +\& if (eckey == NULL) +\& { +\& /* error */ +\& } +\& key->group = EC_GROUP_new_by_nid(NID_secp192k1); +\& if (key->group == NULL) +\& { +\& /* error */ +\& } +\& if (!EC_KEY_generate_key(eckey)) +\& { +\& /* error */ +\& } +.Ve +.PP +Second step: compute the \s-1ECDSA\s0 signature of a \s-1SHA\-1\s0 hash value +using \fBECDSA_do_sign\fR +.PP +.Vb 5 +\& sig = ECDSA_do_sign(digest, 20, eckey); +\& if (sig == NULL) +\& { +\& /* error */ +\& } +.Ve +.PP +or using \fBECDSA_sign\fR +.PP +.Vb 9 +\& unsigned char *buffer, *pp; +\& int buf_len; +\& buf_len = ECDSA_size(eckey); +\& buffer = OPENSSL_malloc(buf_len); +\& pp = buffer; +\& if (!ECDSA_sign(0, dgst, dgstlen, pp, &buf_len, eckey); +\& { +\& /* error */ +\& } +.Ve +.PP +Third step: verify the created \s-1ECDSA\s0 signature using \fBECDSA_do_verify\fR +.PP +.Vb 1 +\& ret = ECDSA_do_verify(digest, 20, sig, eckey); +.Ve +.PP +or using \fBECDSA_verify\fR +.PP +.Vb 1 +\& ret = ECDSA_verify(0, digest, 20, buffer, buf_len, eckey); +.Ve +.PP +and finally evaluate the return value: +.PP +.Vb 12 +\& if (ret == -1) +\& { +\& /* error */ +\& } +\& else if (ret == 0) +\& { +\& /* incorrect signature */ +\& } +\& else /* ret == 1 */ +\& { +\& /* signature ok */ +\& } +.Ve +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1ANSI\s0 X9.62, \s-1US\s0 Federal Information Processing Standard \s-1FIPS\s0 186\-2 +(Digital Signature Standard, \s-1DSS\s0) +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIdsa\fR\|(3), \fIrsa\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The ecdsa implementation was first introduced in OpenSSL 0.9.8 +.SH "AUTHOR" +.IX Header "AUTHOR" +Nils Larsch for the OpenSSL project (http://www.openssl.org). diff --git a/secure/lib/libcrypto/man/engine.3 b/secure/lib/libcrypto/man/engine.3 index 9fcafc5..0441085 100644 --- a/secure/lib/libcrypto/man/engine.3 +++ b/secure/lib/libcrypto/man/engine.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "engine 3" -.TH engine 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH engine 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" engine \- ENGINE cryptographic module support .SH "SYNOPSIS" @@ -159,18 +159,21 @@ engine \- ENGINE cryptographic module support \& int ENGINE_finish(ENGINE *e); .Ve .PP -.Vb 12 +.Vb 15 \& void ENGINE_load_openssl(void); \& void ENGINE_load_dynamic(void); -\& void ENGINE_load_cswift(void); -\& void ENGINE_load_chil(void); +\& #ifndef OPENSSL_NO_STATIC_ENGINE +\& void ENGINE_load_4758cca(void); +\& void ENGINE_load_aep(void); \& void ENGINE_load_atalla(void); +\& void ENGINE_load_chil(void); +\& void ENGINE_load_cswift(void); +\& void ENGINE_load_gmp(void); \& void ENGINE_load_nuron(void); -\& void ENGINE_load_ubsec(void); -\& void ENGINE_load_aep(void); \& void ENGINE_load_sureware(void); -\& void ENGINE_load_4758cca(void); -\& void ENGINE_load_openbsd_dev_crypto(void); +\& void ENGINE_load_ubsec(void); +\& #endif +\& void ENGINE_load_cryptodev(void); \& void ENGINE_load_builtin_engines(void); .Ve .PP @@ -178,18 +181,22 @@ engine \- ENGINE cryptographic module support \& void ENGINE_cleanup(void); .Ve .PP -.Vb 6 +.Vb 8 \& ENGINE *ENGINE_get_default_RSA(void); \& ENGINE *ENGINE_get_default_DSA(void); +\& ENGINE *ENGINE_get_default_ECDH(void); +\& ENGINE *ENGINE_get_default_ECDSA(void); \& ENGINE *ENGINE_get_default_DH(void); \& ENGINE *ENGINE_get_default_RAND(void); \& ENGINE *ENGINE_get_cipher_engine(int nid); \& ENGINE *ENGINE_get_digest_engine(int nid); .Ve .PP -.Vb 7 +.Vb 9 \& int ENGINE_set_default_RSA(ENGINE *e); \& int ENGINE_set_default_DSA(ENGINE *e); +\& int ENGINE_set_default_ECDH(ENGINE *e); +\& int ENGINE_set_default_ECDSA(ENGINE *e); \& int ENGINE_set_default_DH(ENGINE *e); \& int ENGINE_set_default_RAND(ENGINE *e); \& int ENGINE_set_default_ciphers(ENGINE *e); @@ -206,19 +213,28 @@ engine \- ENGINE cryptographic module support \& void ENGINE_set_table_flags(unsigned int flags); .Ve .PP -.Vb 20 +.Vb 29 \& int ENGINE_register_RSA(ENGINE *e); \& void ENGINE_unregister_RSA(ENGINE *e); \& void ENGINE_register_all_RSA(void); \& int ENGINE_register_DSA(ENGINE *e); \& void ENGINE_unregister_DSA(ENGINE *e); \& void ENGINE_register_all_DSA(void); +\& int ENGINE_register_ECDH(ENGINE *e); +\& void ENGINE_unregister_ECDH(ENGINE *e); +\& void ENGINE_register_all_ECDH(void); +\& int ENGINE_register_ECDSA(ENGINE *e); +\& void ENGINE_unregister_ECDSA(ENGINE *e); +\& void ENGINE_register_all_ECDSA(void); \& int ENGINE_register_DH(ENGINE *e); \& void ENGINE_unregister_DH(ENGINE *e); \& void ENGINE_register_all_DH(void); \& int ENGINE_register_RAND(ENGINE *e); \& void ENGINE_unregister_RAND(ENGINE *e); \& void ENGINE_register_all_RAND(void); +\& int ENGINE_register_STORE(ENGINE *e); +\& void ENGINE_unregister_STORE(ENGINE *e); +\& void ENGINE_register_all_STORE(void); \& int ENGINE_register_ciphers(ENGINE *e); \& void ENGINE_unregister_ciphers(ENGINE *e); \& void ENGINE_register_all_ciphers(void); @@ -230,12 +246,12 @@ engine \- ENGINE cryptographic module support .Ve .PP .Vb 6 -\& int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); +\& int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); \& int ENGINE_cmd_is_executable(ENGINE *e, int cmd); \& int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, -\& long i, void *p, void (*f)(), int cmd_optional); +\& long i, void *p, void (*f)(void), int cmd_optional); \& int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, -\& int cmd_optional); +\& int cmd_optional); .Ve .PP .Vb 2 @@ -248,18 +264,22 @@ engine \- ENGINE cryptographic module support \& CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); .Ve .PP -.Vb 2 +.Vb 3 \& ENGINE *ENGINE_new(void); \& int ENGINE_free(ENGINE *e); +\& int ENGINE_up_ref(ENGINE *e); .Ve .PP -.Vb 16 +.Vb 19 \& int ENGINE_set_id(ENGINE *e, const char *id); \& int ENGINE_set_name(ENGINE *e, const char *name); \& int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); \& int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth); +\& int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *dh_meth); +\& int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *dh_meth); \& int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth); \& int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth); +\& int ENGINE_set_STORE(ENGINE *e, const STORE_METHOD *rand_meth); \& int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f); \& int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f); \& int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f); @@ -272,13 +292,16 @@ engine \- ENGINE cryptographic module support \& int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns); .Ve .PP -.Vb 18 +.Vb 21 \& const char *ENGINE_get_id(const ENGINE *e); \& const char *ENGINE_get_name(const ENGINE *e); \& const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e); \& const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e); +\& const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e); +\& const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e); \& const DH_METHOD *ENGINE_get_DH(const ENGINE *e); \& const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e); +\& const STORE_METHOD *ENGINE_get_STORE(const ENGINE *e); \& ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e); \& ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e); \& ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e); @@ -314,9 +337,10 @@ out of the running application. The cryptographic functionality that can be provided by an \fB\s-1ENGINE\s0\fR implementation includes the following abstractions; .PP -.Vb 5 +.Vb 6 \& RSA_METHOD - for providing alternative RSA implementations -\& DSA_METHOD, DH_METHOD, RAND_METHOD - alternative DSA, DH, and RAND +\& DSA_METHOD, DH_METHOD, RAND_METHOD, ECDH_METHOD, ECDSA_METHOD, +\& STORE_METHOD - similarly for other OpenSSL APIs \& EVP_CIPHER - potentially multiple cipher algorithms (indexed by 'nid') \& EVP_DIGEST - potentially multiple hash algorithms (indexed by 'nid') \& key-loading - loading public and/or private EVP_PKEY keys @@ -325,21 +349,20 @@ implementation includes the following abstractions; .IX Subsection "Reference counting and handles" Due to the modular nature of the \s-1ENGINE\s0 \s-1API\s0, pointers to ENGINEs need to be treated as handles \- ie. not only as pointers, but also as references to -the underlying \s-1ENGINE\s0 object. Ie. you should obtain a new reference when +the underlying \s-1ENGINE\s0 object. Ie. one should obtain a new reference when making copies of an \s-1ENGINE\s0 pointer if the copies will be used (and released) independantly. .PP \&\s-1ENGINE\s0 objects have two levels of reference-counting to match the way in which the objects are used. At the most basic level, each \s-1ENGINE\s0 pointer is -inherently a \fBstructural\fR reference \- you need a structural reference -simply to refer to the pointer value at all, as this kind of reference is -your guarantee that the structure can not be deallocated until you release -your reference. -.PP -However, a structural reference provides no guarantee that the \s-1ENGINE\s0 has -been initiliased to be usable to perform any of its cryptographic -implementations \- and indeed it's quite possible that most ENGINEs will not -initialised at all on standard setups, as ENGINEs are typically used to +inherently a \fBstructural\fR reference \- a structural reference is required +to use the pointer value at all, as this kind of reference is a guarantee +that the structure can not be deallocated until the reference is released. +.PP +However, a structural reference provides no guarantee that the \s-1ENGINE\s0 is +initiliased and able to use any of its cryptographic +implementations. Indeed it's quite possible that most ENGINEs will not +initialise at all in typical environments, as ENGINEs are typically used to support specialised hardware. To use an \s-1ENGINE\s0's functionality, you need a \&\fBfunctional\fR reference. This kind of reference can be considered a specialised form of structural reference, because each functional reference @@ -347,30 +370,24 @@ implicitly contains a structural reference as well \- however to avoid difficult-to-find programming bugs, it is recommended to treat the two kinds of reference independantly. If you have a functional reference to an \&\s-1ENGINE\s0, you have a guarantee that the \s-1ENGINE\s0 has been initialised ready to -perform cryptographic operations and will not be uninitialised or cleaned -up until after you have released your reference. -.PP -We will discuss the two kinds of reference separately, including how to -tell which one you are dealing with at any given point in time (after all -they are both simply (\s-1ENGINE\s0 *) pointers, the difference is in the way they -are used). +perform cryptographic operations and will remain uninitialised +until after you have released your reference. .PP \&\fIStructural references\fR .PP -This basic type of reference is typically used for creating new ENGINEs -dynamically, iterating across OpenSSL's internal linked-list of loaded +This basic type of reference is used for instantiating new ENGINEs, +iterating across OpenSSL's internal linked-list of loaded ENGINEs, reading information about an \s-1ENGINE\s0, etc. Essentially a structural reference is sufficient if you only need to query or manipulate the data of an \s-1ENGINE\s0 implementation rather than use its functionality. .PP The \fIENGINE_new()\fR function returns a structural reference to a new (empty) -\&\s-1ENGINE\s0 object. Other than that, structural references come from return -values to various \s-1ENGINE\s0 \s-1API\s0 functions such as; \fIENGINE_by_id()\fR, -\&\fIENGINE_get_first()\fR, \fIENGINE_get_last()\fR, \fIENGINE_get_next()\fR, -\&\fIENGINE_get_prev()\fR. All structural references should be released by a -corresponding to call to the \fIENGINE_free()\fR function \- the \s-1ENGINE\s0 object -itself will only actually be cleaned up and deallocated when the last -structural reference is released. +\&\s-1ENGINE\s0 object. There are other \s-1ENGINE\s0 \s-1API\s0 functions that return structural +references such as; \fIENGINE_by_id()\fR, \fIENGINE_get_first()\fR, \fIENGINE_get_last()\fR, +\&\fIENGINE_get_next()\fR, \fIENGINE_get_prev()\fR. All structural references should be +released by a corresponding to call to the \fIENGINE_free()\fR function \- the +\&\s-1ENGINE\s0 object itself will only actually be cleaned up and deallocated when +the last structural reference is released. .PP It should also be noted that many \s-1ENGINE\s0 \s-1API\s0 function calls that accept a structural reference will internally obtain another reference \- typically @@ -405,15 +422,9 @@ call the \fIENGINE_init()\fR function. This returns zero if the \s-1ENGINE\s0 wa already operational and couldn't be successfully initialised (eg. lack of system drivers, no special hardware attached, etc), otherwise it will return non-zero to indicate that the \s-1ENGINE\s0 is now operational and will -have allocated a new \fBfunctional\fR reference to the \s-1ENGINE\s0. In this case, -the supplied \s-1ENGINE\s0 pointer is, from the point of the view of the caller, -both a structural reference and a functional reference \- so if the caller -intends to use it as a functional reference it should free the structural -reference with \fIENGINE_free()\fR first. If the caller wishes to use it only as -a structural reference (eg. if the \fIENGINE_init()\fR call was simply to test if -the \s-1ENGINE\s0 seems available/online), then it should free the functional -reference; all functional references are released by the \fIENGINE_finish()\fR -function. +have allocated a new \fBfunctional\fR reference to the \s-1ENGINE\s0. All functional +references are released by calling \fIENGINE_finish()\fR (which removes the +implicit structural reference as well). .PP The second way to get a functional reference is by asking OpenSSL for a default implementation for a given task, eg. by \fIENGINE_get_default_RSA()\fR, @@ -426,26 +437,21 @@ algorithm-specific types in OpenSSL, such as \s-1RSA\s0, \s-1DSA\s0, \s-1EVP_CIP For each supported abstraction, the \s-1ENGINE\s0 code maintains an internal table of state to control which implementations are available for a given abstraction and which should be used by default. These implementations are -registered in the tables separated-out by an 'nid' index, because +registered in the tables and indexed by an 'nid' value, because abstractions like \s-1EVP_CIPHER\s0 and \s-1EVP_DIGEST\s0 support many distinct -algorithms and modes \- ENGINEs will support different numbers and -combinations of these. In the case of other abstractions like \s-1RSA\s0, \s-1DSA\s0, -etc, there is only one \*(L"algorithm\*(R" so all implementations implicitly -register using the same 'nid' index. ENGINEs can be \fBregistered\fR into -these tables to make themselves available for use automatically by the -various abstractions, eg. \s-1RSA\s0. For illustrative purposes, we continue with -the \s-1RSA\s0 example, though all comments apply similarly to the other -abstractions (they each get their own table and linkage to the -corresponding section of openssl code). -.PP -When a new \s-1RSA\s0 key is being created, ie. in \fIRSA_new_method()\fR, a -\&\*(L"get_default\*(R" call will be made to the \s-1ENGINE\s0 subsystem to process the \s-1RSA\s0 -state table and return a functional reference to an initialised \s-1ENGINE\s0 -whose \s-1RSA_METHOD\s0 should be used. If no \s-1ENGINE\s0 should (or can) be used, it -will return \s-1NULL\s0 and the \s-1RSA\s0 key will operate with a \s-1NULL\s0 \s-1ENGINE\s0 handle by -using the conventional \s-1RSA\s0 implementation in OpenSSL (and will from then on -behave the way it used to before the \s-1ENGINE\s0 \s-1API\s0 existed \- for details see -\&\fIRSA_new_method\fR\|(3)). +algorithms and modes, and ENGINEs can support arbitrarily many of them. +In the case of other abstractions like \s-1RSA\s0, \s-1DSA\s0, etc, there is only one +\&\*(L"algorithm\*(R" so all implementations implicitly register using the same 'nid' +index. +.PP +When a default \s-1ENGINE\s0 is requested for a given abstraction/algorithm/mode, (eg. +when calling RSA_new_method(\s-1NULL\s0)), a \*(L"get_default\*(R" call will be made to the +\&\s-1ENGINE\s0 subsystem to process the corresponding state table and return a +functional reference to an initialised \s-1ENGINE\s0 whose implementation should be +used. If no \s-1ENGINE\s0 should (or can) be used, it will return \s-1NULL\s0 and the caller +will operate with a \s-1NULL\s0 \s-1ENGINE\s0 handle \- this usually equates to using the +conventional software implementation. In the latter case, OpenSSL will from +then on behave the way it used to before the \s-1ENGINE\s0 \s-1API\s0 existed. .PP Each state table has a flag to note whether it has processed this \&\*(L"get_default\*(R" query since the table was last modified, because to process @@ -462,40 +468,9 @@ instead the only way for the state table to return a non-NULL \s-1ENGINE\s0 to t \&\*(L"get_default\*(R" query will be if one is expressly set in the table. Eg. \&\fIENGINE_set_default_RSA()\fR does the same job as \fIENGINE_register_RSA()\fR except that it also sets the state table's cached response for the \*(L"get_default\*(R" -query. -.PP -In the case of abstractions like \s-1EVP_CIPHER\s0, where implementations are -indexed by 'nid', these flags and cached-responses are distinct for each -\&'nid' value. -.PP -It is worth illustrating the difference between \*(L"registration\*(R" of ENGINEs -into these per-algorithm state tables and using the alternative -\&\*(L"set_default\*(R" functions. The latter handles both \*(L"registration\*(R" and also -setting the cached \*(L"default\*(R" \s-1ENGINE\s0 in each relevant state table \- so -registered ENGINEs will only have a chance to be initialised for use as a -default if a default \s-1ENGINE\s0 wasn't already set for the same state table. -Eg. if \s-1ENGINE\s0 X supports cipher nids {A,B} and \s-1RSA\s0, \s-1ENGINE\s0 Y supports -ciphers {A} and \s-1DSA\s0, and the following code is executed; -.PP -.Vb 7 -\& ENGINE_register_complete(X); -\& ENGINE_set_default(Y, ENGINE_METHOD_ALL); -\& e1 = ENGINE_get_default_RSA(); -\& e2 = ENGINE_get_cipher_engine(A); -\& e3 = ENGINE_get_cipher_engine(B); -\& e4 = ENGINE_get_default_DSA(); -\& e5 = ENGINE_get_cipher_engine(C); -.Ve -.PP -The results would be as follows; -.PP -.Vb 5 -\& assert(e1 == X); -\& assert(e2 == Y); -\& assert(e3 == X); -\& assert(e4 == Y); -\& assert(e5 == NULL); -.Ve +query. In the case of abstractions like \s-1EVP_CIPHER\s0, where implementations are +indexed by 'nid', these flags and cached-responses are distinct for each 'nid' +value. .Sh "Application requirements" .IX Subsection "Application requirements" This section will explain the basic things an application programmer should @@ -534,7 +509,7 @@ mention an important \s-1API\s0 function; .PP If no \s-1ENGINE\s0 \s-1API\s0 functions are called at all in an application, then there are no inherent memory leaks to worry about from the \s-1ENGINE\s0 functionality, -however if any ENGINEs are \*(L"load\*(R"ed, even if they are never registered or +however if any ENGINEs are loaded, even if they are never registered or used, it is necessary to use the \fIENGINE_cleanup()\fR function to correspondingly cleanup before program exit, if the caller wishes to avoid memory leaks. This mechanism uses an internal callback registration table @@ -549,7 +524,7 @@ linker. The fact that ENGINEs are made visible to OpenSSL (and thus are linked into the program and loaded into memory at run\-time) does not mean they are \&\*(L"registered\*(R" or called into use by OpenSSL automatically \- that behaviour -is something for the application to have control over. Some applications +is something for the application to control. Some applications will want to allow the user to specify exactly which \s-1ENGINE\s0 they want used if any is to be used at all. Others may prefer to load all support and have OpenSSL automatically use at run-time any \s-1ENGINE\s0 that is able to @@ -611,14 +586,14 @@ it should be used. The following code illustrates how this can work; That's all that's required. Eg. the next time OpenSSL tries to set up an \&\s-1RSA\s0 key, any bundled ENGINEs that implement \s-1RSA_METHOD\s0 will be passed to \&\fIENGINE_init()\fR and if any of those succeed, that \s-1ENGINE\s0 will be set as the -default for use with \s-1RSA\s0 from then on. +default for \s-1RSA\s0 use from then on. .Sh "Advanced configuration support" .IX Subsection "Advanced configuration support" There is a mechanism supported by the \s-1ENGINE\s0 framework that allows each \&\s-1ENGINE\s0 implementation to define an arbitrary set of configuration \&\*(L"commands\*(R" and expose them to OpenSSL and any applications based on OpenSSL. This mechanism is entirely based on the use of name-value pairs -and and assumes \s-1ASCII\s0 input (no unicode or \s-1UTF\s0 for now!), so it is ideal if +and assumes \s-1ASCII\s0 input (no unicode or \s-1UTF\s0 for now!), so it is ideal if applications want to provide a transparent way for users to provide arbitrary configuration \*(L"directives\*(R" directly to such ENGINEs. It is also possible for the application to dynamically interrogate the loaded \s-1ENGINE\s0 @@ -627,8 +602,8 @@ available \*(L"control commands\*(R", providing a more flexible configuration scheme. However, if the user is expected to know which \s-1ENGINE\s0 device he/she is using (in the case of specialised hardware, this goes without saying) then applications may not need to concern themselves with discovering the -supported control commands and simply prefer to allow settings to passed -into ENGINEs exactly as they are provided by the user. +supported control commands and simply prefer to pass settings into ENGINEs +exactly as they are provided by the user. .PP Before illustrating how control commands work, it is worth mentioning what they are typically used for. Broadly speaking there are two uses for @@ -636,13 +611,13 @@ control commands; the first is to provide the necessary details to the implementation (which may know nothing at all specific to the host system) so that it can be initialised for use. This could include the path to any driver or config files it needs to load, required network addresses, -smart-card identifiers, passwords to initialise password-protected devices, +smart-card identifiers, passwords to initialise protected devices, logging information, etc etc. This class of commands typically needs to be passed to an \s-1ENGINE\s0 \fBbefore\fR attempting to initialise it, ie. before calling \fIENGINE_init()\fR. The other class of commands consist of settings or operations that tweak certain behaviour or cause certain operations to take place, and these commands may work either before or after \fIENGINE_init()\fR, or -in same cases both. \s-1ENGINE\s0 implementations should provide indications of +in some cases both. \s-1ENGINE\s0 implementations should provide indications of this in the descriptions attached to builtin control commands and/or in external product documentation. .PP @@ -708,14 +683,14 @@ only supplying commands specific to the given \s-1ENGINE\s0 so we set this to \&\fIDiscovering supported control commands\fR .PP It is possible to discover at run-time the names, numerical\-ids, descriptions -and input parameters of the control commands supported from a structural -reference to any \s-1ENGINE\s0. It is first important to note that some control -commands are defined by OpenSSL itself and it will intercept and handle these -control commands on behalf of the \s-1ENGINE\s0, ie. the \s-1ENGINE\s0's \fIctrl()\fR handler is not -used for the control command. openssl/engine.h defines a symbol, -\&\s-1ENGINE_CMD_BASE\s0, that all control commands implemented by ENGINEs from. Any -command value lower than this symbol is considered a \*(L"generic\*(R" command is -handled directly by the OpenSSL core routines. +and input parameters of the control commands supported by an \s-1ENGINE\s0 using a +structural reference. Note that some control commands are defined by OpenSSL +itself and it will intercept and handle these control commands on behalf of the +\&\s-1ENGINE\s0, ie. the \s-1ENGINE\s0's \fIctrl()\fR handler is not used for the control command. +openssl/engine.h defines an index, \s-1ENGINE_CMD_BASE\s0, that all control commands +implemented by ENGINEs should be numbered from. Any command value lower than +this symbol is considered a \*(L"generic\*(R" command is handled directly by the +OpenSSL core routines. .PP It is using these \*(L"core\*(R" control commands that one can discover the the control commands implemented by a given \s-1ENGINE\s0, specifically the commands; @@ -733,8 +708,8 @@ commands implemented by a given \s-1ENGINE\s0, specifically the commands; .Ve .PP Whilst these commands are automatically processed by the OpenSSL framework code, -they use various properties exposed by each \s-1ENGINE\s0 by which to process these -queries. An \s-1ENGINE\s0 has 3 properties it exposes that can affect this behaviour; +they use various properties exposed by each \s-1ENGINE\s0 to process these +queries. An \s-1ENGINE\s0 has 3 properties it exposes that can affect how this behaves; it can supply a \fIctrl()\fR handler, it can specify \s-1ENGINE_FLAGS_MANUAL_CMD_CTRL\s0 in the \s-1ENGINE\s0's flags, and it can expose an array of control command descriptions. If an \s-1ENGINE\s0 specifies the \s-1ENGINE_FLAGS_MANUAL_CMD_CTRL\s0 flag, then it will @@ -798,5 +773,4 @@ applications to explicitly use the \*(L"dynamic\*(R" \s-1ENGINE\s0 to bind to sh implementations. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIrsa\fR\|(3), \fIdsa\fR\|(3), \fIdh\fR\|(3), \fIrand\fR\|(3), -\&\fIRSA_new_method\fR\|(3) +\&\fIrsa\fR\|(3), \fIdsa\fR\|(3), \fIdh\fR\|(3), \fIrand\fR\|(3) diff --git a/secure/lib/libcrypto/man/err.3 b/secure/lib/libcrypto/man/err.3 index 67d408d..7241e0c 100644 --- a/secure/lib/libcrypto/man/err.3 +++ b/secure/lib/libcrypto/man/err.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "err 3" -.TH err 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH err 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" err \- error codes .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/evp.3 b/secure/lib/libcrypto/man/evp.3 index f3cfaa4..c52543f 100644 --- a/secure/lib/libcrypto/man/evp.3 +++ b/secure/lib/libcrypto/man/evp.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "evp 3" -.TH evp 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH evp 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" evp \- high\-level cryptographic functions .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/hmac.3 b/secure/lib/libcrypto/man/hmac.3 index 629d5d8..b791235 100644 --- a/secure/lib/libcrypto/man/hmac.3 +++ b/secure/lib/libcrypto/man/hmac.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "hmac 3" -.TH hmac 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH hmac 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" HMAC, HMAC_Init, HMAC_Update, HMAC_Final, HMAC_cleanup \- HMAC message authentication code @@ -153,7 +153,7 @@ authentication code \& void HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len, \& const EVP_MD *md); \& void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len, -\& const EVP_MD *md); +\& const EVP_MD *md, ENGINE *impl); \& void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len); \& void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); .Ve diff --git a/secure/lib/libcrypto/man/lh_stats.3 b/secure/lib/libcrypto/man/lh_stats.3 index 25afcb3..3d56798 100644 --- a/secure/lib/libcrypto/man/lh_stats.3 +++ b/secure/lib/libcrypto/man/lh_stats.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "lh_stats 3" -.TH lh_stats 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH lh_stats 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" lh_stats, lh_node_stats, lh_node_usage_stats, lh_stats_bio, lh_node_stats_bio, lh_node_usage_stats_bio \- LHASH statistics diff --git a/secure/lib/libcrypto/man/lhash.3 b/secure/lib/libcrypto/man/lhash.3 index bd3b6ec..489e099 100644 --- a/secure/lib/libcrypto/man/lhash.3 +++ b/secure/lib/libcrypto/man/lhash.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "lhash 3" -.TH lhash 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH lhash 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" lh_new, lh_free, lh_insert, lh_delete, lh_retrieve, lh_doall, lh_doall_arg, lh_error \- dynamic hash table .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/md5.3 b/secure/lib/libcrypto/man/md5.3 index 3e63574..6f517cd 100644 --- a/secure/lib/libcrypto/man/md5.3 +++ b/secure/lib/libcrypto/man/md5.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "md5 3" -.TH md5 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH md5 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" MD2, MD4, MD5, MD2_Init, MD2_Update, MD2_Final, MD4_Init, MD4_Update, MD4_Final, MD5_Init, MD5_Update, MD5_Final \- MD2, MD4, and MD5 hash functions diff --git a/secure/lib/libcrypto/man/mdc2.3 b/secure/lib/libcrypto/man/mdc2.3 index ac07ea0..597ff5a 100644 --- a/secure/lib/libcrypto/man/mdc2.3 +++ b/secure/lib/libcrypto/man/mdc2.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "mdc2 3" -.TH mdc2 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH mdc2 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" MDC2, MDC2_Init, MDC2_Update, MDC2_Final \- MDC2 hash function .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/pem.3 b/secure/lib/libcrypto/man/pem.3 index dfd85be..6857fd8 100644 --- a/secure/lib/libcrypto/man/pem.3 +++ b/secure/lib/libcrypto/man/pem.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "pem 3" -.TH pem 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH pem 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" PEM \- PEM routines .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/rand.3 b/secure/lib/libcrypto/man/rand.3 index 02bbce0..4b96d77 100644 --- a/secure/lib/libcrypto/man/rand.3 +++ b/secure/lib/libcrypto/man/rand.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "rand 3" -.TH rand 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH rand 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" rand \- pseudo\-random number generator .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/rc4.3 b/secure/lib/libcrypto/man/rc4.3 index 35ba66a..ed67c82 100644 --- a/secure/lib/libcrypto/man/rc4.3 +++ b/secure/lib/libcrypto/man/rc4.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "rc4 3" -.TH rc4 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH rc4 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" RC4_set_key, RC4 \- RC4 encryption .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/ripemd.3 b/secure/lib/libcrypto/man/ripemd.3 index d37246a..8fcbbcf 100644 --- a/secure/lib/libcrypto/man/ripemd.3 +++ b/secure/lib/libcrypto/man/ripemd.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "ripemd 3" -.TH ripemd 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH ripemd 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" RIPEMD160, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final \- RIPEMD\-160 hash function diff --git a/secure/lib/libcrypto/man/rsa.3 b/secure/lib/libcrypto/man/rsa.3 index 60c91db..bd85312 100644 --- a/secure/lib/libcrypto/man/rsa.3 +++ b/secure/lib/libcrypto/man/rsa.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "rsa 3" -.TH rsa 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH rsa 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" rsa \- RSA public key cryptosystem .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/sha.3 b/secure/lib/libcrypto/man/sha.3 index 9504f6a..e42a418 100644 --- a/secure/lib/libcrypto/man/sha.3 +++ b/secure/lib/libcrypto/man/sha.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "sha 3" -.TH sha 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH sha 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SHA1, SHA1_Init, SHA1_Update, SHA1_Final \- Secure Hash Algorithm .SH "SYNOPSIS" diff --git a/secure/lib/libcrypto/man/threads.3 b/secure/lib/libcrypto/man/threads.3 index a2ee2f8..e5cedad 100644 --- a/secure/lib/libcrypto/man/threads.3 +++ b/secure/lib/libcrypto/man/threads.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "threads 3" -.TH threads 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH threads 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" CRYPTO_set_locking_callback, CRYPTO_set_id_callback, CRYPTO_num_locks, CRYPTO_set_dynlock_create_callback, CRYPTO_set_dynlock_lock_callback, @@ -211,9 +211,10 @@ different mutex locks. It sets the \fBn\fR\-th lock if \fBmode\fR & \&\fBfile\fR and \fBline\fR are the file number of the function setting the lock. They can be useful for debugging. .PP -id_function(void) is a function that returns a thread \s-1ID\s0. It is not +id_function(void) is a function that returns a thread \s-1ID\s0, for example +\&\fIpthread_self()\fR if it returns an integer (see \s-1NOTES\s0 below). It isn't needed on Windows nor on platforms where \fIgetpid()\fR returns a different -\&\s-1ID\s0 for each thread (most notably Linux). +\&\s-1ID\s0 for each thread (see \s-1NOTES\s0 below). .PP Additionally, OpenSSL supports dynamic locks, and sometimes, some parts of OpenSSL need it for better performance. To enable this, the following @@ -265,14 +266,14 @@ should not be used together): \&\fICRYPTO_get_new_dynlockid()\fR returns the index to the newly created lock. .PP The other functions return no values. -.SH "NOTE" -.IX Header "NOTE" +.SH "NOTES" +.IX Header "NOTES" You can find out if OpenSSL was configured with thread support: .PP .Vb 7 \& #define OPENSSL_THREAD_DEFINES \& #include <openssl/opensslconf.h> -\& #if defined(THREADS) +\& #if defined(OPENSSL_THREADS) \& // thread support enabled \& #else \& // no thread support @@ -281,6 +282,22 @@ You can find out if OpenSSL was configured with thread support: .PP Also, dynamic locks are currently not used internally by OpenSSL, but may do so in the future. +.PP +Defining id_function(void) has it's own issues. Generally speaking, +\&\fIpthread_self()\fR should be used, even on platforms where \fIgetpid()\fR gives +different answers in each thread, since that may depend on the machine +the program is run on, not the machine where the program is being +compiled. For instance, Red Hat 8 Linux and earlier used +LinuxThreads, whose \fIgetpid()\fR returns a different value for each +thread. Red Hat 9 Linux and later use \s-1NPTL\s0, which is +Posix\-conformant, and has a \fIgetpid()\fR that returns the same value for +all threads in a process. A program compiled on Red Hat 8 and run on +Red Hat 9 will therefore see \fIgetpid()\fR returning the same value for +all threads. +.PP +There is still the issue of platforms where \fIpthread_self()\fR returns +something other than an integer. This is a bit unusual, and this +manual has no cookbook solution for that case. .SH "EXAMPLES" .IX Header "EXAMPLES" \&\fBcrypto/threads/mttest.c\fR shows examples of the callback functions on diff --git a/secure/lib/libcrypto/man/ui.3 b/secure/lib/libcrypto/man/ui.3 index 4229c89..8f63068 100644 --- a/secure/lib/libcrypto/man/ui.3 +++ b/secure/lib/libcrypto/man/ui.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "ui 3" -.TH ui 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH ui 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string, UI_add_verify_string, UI_dup_verify_string, UI_add_input_boolean, diff --git a/secure/lib/libcrypto/man/ui_compat.3 b/secure/lib/libcrypto/man/ui_compat.3 index cc7e4e8..3f1c51e 100644 --- a/secure/lib/libcrypto/man/ui_compat.3 +++ b/secure/lib/libcrypto/man/ui_compat.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "ui_compat 3" -.TH ui_compat 3 "2005-02-24" "0.9.7d" "OpenSSL" +.TH ui_compat 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" des_read_password, des_read_2passwords, des_read_pw_string, des_read_pw \- Compatibility user interface functions diff --git a/secure/lib/libcrypto/man/x509.3 b/secure/lib/libcrypto/man/x509.3 new file mode 100644 index 0000000..2ffe5fa --- /dev/null +++ b/secure/lib/libcrypto/man/x509.3 @@ -0,0 +1,190 @@ +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "x509 3" +.TH x509 3 "2006-07-29" "0.9.8b" "OpenSSL" +.SH "NAME" +x509 \- X.509 certificate handling +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/x509.h> +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A X.509 certificate is a structured grouping of information about +an individual, a device, or anything one can imagine. A X.509 \s-1CRL\s0 +(certificate revocation list) is a tool to help determine if a +certificate is still valid. The exact definition of those can be +found in the X.509 document from \s-1ITU\-T\s0, or in \s-1RFC3280\s0 from \s-1PKIX\s0. +In OpenSSL, the type X509 is used to express such a certificate, and +the type X509_CRL is used to express a \s-1CRL\s0. +.PP +A related structure is a certificate request, defined in PKCS#10 from +\&\s-1RSA\s0 Security, Inc, also reflected in \s-1RFC2896\s0. In OpenSSL, the type +X509_REQ is used to express such a certificate request. +.PP +To handle some complex parts of a certificate, there are the types +X509_NAME (to express a certificate name), X509_ATTRIBUTE (to express +a certificate attributes), X509_EXTENSION (to express a certificate +extension) and a few more. +.PP +Finally, there's the supertype X509_INFO, which can contain a \s-1CRL\s0, a +certificate and a corresponding private key. +.PP +\&\fBX509_\fR\fI...\fR, \fBd2i_X509_\fR\fI...\fR and \fBi2d_X509_\fR\fI...\fR handle X.509 +certificates, with some exceptions, shown below. +.PP +\&\fBX509_CRL_\fR\fI...\fR, \fBd2i_X509_CRL_\fR\fI...\fR and \fBi2d_X509_CRL_\fR\fI...\fR +handle X.509 CRLs. +.PP +\&\fBX509_REQ_\fR\fI...\fR, \fBd2i_X509_REQ_\fR\fI...\fR and \fBi2d_X509_REQ_\fR\fI...\fR +handle PKCS#10 certificate requests. +.PP +\&\fBX509_NAME_\fR\fI...\fR handle certificate names. +.PP +\&\fBX509_ATTRIBUTE_\fR\fI...\fR handle certificate attributes. +.PP +\&\fBX509_EXTENSION_\fR\fI...\fR handle certificate extensions. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIX509_NAME_ENTRY_get_object\fR\|(3), +\&\fIX509_NAME_add_entry_by_txt\fR\|(3), +\&\fIX509_NAME_add_entry_by_NID\fR\|(3), +\&\fIX509_NAME_print_ex\fR\|(3), +\&\fIX509_NAME_new\fR\|(3), +\&\fId2i_X509\fR\|(3), +\&\fId2i_X509_ALGOR\fR\|(3), +\&\fId2i_X509_CRL\fR\|(3), +\&\fId2i_X509_NAME\fR\|(3), +\&\fId2i_X509_REQ\fR\|(3), +\&\fId2i_X509_SIG\fR\|(3), +\&\fIcrypto\fR\|(3), +\&\fIx509v3\fR\|(3) diff --git a/secure/lib/libcrypto/opensslconf-amd64.h b/secure/lib/libcrypto/opensslconf-amd64.h index 14e5af5..cc0dde1 100644 --- a/secure/lib/libcrypto/opensslconf-amd64.h +++ b/secure/lib/libcrypto/opensslconf-amd64.h @@ -1,17 +1,39 @@ /* $FreeBSD$ */ /* opensslconf.h */ - /* WARNING: Generated automatically from opensslconf.h.in by Configure. */ /* OpenSSL was configured with the following options: */ -#ifdef OPENSSL_ALGORITHM_DEFINES - /* no ciphers excluded */ +#ifndef OPENSSL_DOING_MAKEDEPEND + +/* libgmp is not in the FreeBSD base system. */ +#ifndef OPENSSL_NO_GMP +# define OPENSSL_NO_GMP #endif -#ifdef OPENSSL_THREAD_DEFINES -# ifndef THREADS -# define THREADS -# endif +/* The Kerberos 5 support is MIT-specific. */ +#ifndef OPENSSL_NO_KRB5 +# define OPENSSL_NO_KRB5 +#endif + +#endif /* OPENSSL_DOING_MAKEDEPEND */ +#ifndef OPENSSL_THREADS +# define OPENSSL_THREADS +#endif +#ifndef OPENSSL_NO_STATIC_ENGINE +# define OPENSSL_NO_STATIC_ENGINE #endif + +/* The OPENSSL_NO_* macros are also defined as NO_* if the application + asks for it. This is a transient feature that is provided for those + who haven't had the time to do the appropriate changes in their + applications. */ +#ifdef OPENSSL_ALGORITHM_DEFINES +# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP) +# define NO_GMP +# endif +# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5) +# define NO_KRB5 +# endif +# endif #ifdef OPENSSL_OTHER_DEFINES # ifndef NO_ASM # define NO_ASM @@ -25,12 +47,16 @@ #if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) +#define ENGINESDIR "/usr/lib/engines" #define OPENSSLDIR "/etc/ssl" #endif #endif +#undef OPENSSL_UNISTD #define OPENSSL_UNISTD <unistd.h> +#undef OPENSSL_EXPORT_VAR_AS_FUNCTION + #if defined(HEADER_IDEA_H) && !defined(IDEA_INT) #define IDEA_INT unsigned int #endif @@ -60,11 +86,11 @@ * This enables code handling data aligned at natural CPU word * boundary. See crypto/rc4/rc4_enc.c for further details. */ -#undef RC4_CHUNK +#define RC4_CHUNK unsigned long #endif #endif -#if (defined(HEADER_DES_H) || defined(HEADER_NEW_DES_H)) && !defined(DES_LONG) +#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG) /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a * %20 speed up (longs are 8 bytes, int's are 4). */ #ifndef DES_LONG @@ -107,7 +133,7 @@ /* the following is tweaked from a config script, that is why it is a * protected undef/define */ #ifndef DES_PTR -#define DES_PTR +#undef DES_PTR #endif /* This helps C compiler generate the correct code for multiple functional @@ -118,7 +144,7 @@ #endif #ifndef DES_RISC2 -#define DES_RISC2 +#undef DES_RISC2 #endif #if defined(DES_RISC1) && defined(DES_RISC2) @@ -128,7 +154,7 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! /* Unroll the inner loop, this sometimes helps, sometimes hinders. * Very mucy CPU dependant */ #ifndef DES_UNROLL -#undef DES_UNROLL +#define DES_UNROLL #endif /* These default values were supplied by @@ -173,5 +199,3 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! #endif /* DES_DEFAULT_OPTIONS */ #endif /* HEADER_DES_LOCL_H */ -/* The Kerberos 5 support is MIT-specific. */ -#define OPENSSL_NO_KRB5 diff --git a/secure/lib/libcrypto/opensslconf-arm.h b/secure/lib/libcrypto/opensslconf-arm.h index 736c996..f8ecc65 100644 --- a/secure/lib/libcrypto/opensslconf-arm.h +++ b/secure/lib/libcrypto/opensslconf-arm.h @@ -1,17 +1,39 @@ /* $FreeBSD$ */ /* opensslconf.h */ - /* WARNING: Generated automatically from opensslconf.h.in by Configure. */ /* OpenSSL was configured with the following options: */ -#ifdef OPENSSL_ALGORITHM_DEFINES - /* no ciphers excluded */ +#ifndef OPENSSL_DOING_MAKEDEPEND + +/* libgmp is not in the FreeBSD base system. */ +#ifndef OPENSSL_NO_GMP +# define OPENSSL_NO_GMP #endif -#ifdef OPENSSL_THREAD_DEFINES -# ifndef THREADS -# define THREADS -# endif +/* The Kerberos 5 support is MIT-specific. */ +#ifndef OPENSSL_NO_KRB5 +# define OPENSSL_NO_KRB5 +#endif + +#endif /* OPENSSL_DOING_MAKEDEPEND */ +#ifndef OPENSSL_THREADS +# define OPENSSL_THREADS +#endif +#ifndef OPENSSL_NO_STATIC_ENGINE +# define OPENSSL_NO_STATIC_ENGINE #endif + +/* The OPENSSL_NO_* macros are also defined as NO_* if the application + asks for it. This is a transient feature that is provided for those + who haven't had the time to do the appropriate changes in their + applications. */ +#ifdef OPENSSL_ALGORITHM_DEFINES +# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP) +# define NO_GMP +# endif +# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5) +# define NO_KRB5 +# endif +# endif #ifdef OPENSSL_OTHER_DEFINES # ifndef NO_ASM # define NO_ASM @@ -25,12 +47,16 @@ #if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) +#define ENGINESDIR "/usr/lib/engines" #define OPENSSLDIR "/etc/ssl" #endif #endif +#undef OPENSSL_UNISTD #define OPENSSL_UNISTD <unistd.h> +#undef OPENSSL_EXPORT_VAR_AS_FUNCTION + #if defined(HEADER_IDEA_H) && !defined(IDEA_INT) #define IDEA_INT unsigned int #endif @@ -64,7 +90,7 @@ #endif #endif -#if (defined(HEADER_DES_H) || defined(HEADER_NEW_DES_H)) && !defined(DES_LONG) +#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG) /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a * %20 speed up (longs are 8 bytes, int's are 4). */ #ifndef DES_LONG @@ -173,5 +199,3 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! #endif /* DES_DEFAULT_OPTIONS */ #endif /* HEADER_DES_LOCL_H */ -/* The Kerberos 5 support is MIT-specific. */ -#define OPENSSL_NO_KRB5 diff --git a/secure/lib/libcrypto/opensslconf-i386.h b/secure/lib/libcrypto/opensslconf-i386.h index 736c996..f8ecc65 100644 --- a/secure/lib/libcrypto/opensslconf-i386.h +++ b/secure/lib/libcrypto/opensslconf-i386.h @@ -1,17 +1,39 @@ /* $FreeBSD$ */ /* opensslconf.h */ - /* WARNING: Generated automatically from opensslconf.h.in by Configure. */ /* OpenSSL was configured with the following options: */ -#ifdef OPENSSL_ALGORITHM_DEFINES - /* no ciphers excluded */ +#ifndef OPENSSL_DOING_MAKEDEPEND + +/* libgmp is not in the FreeBSD base system. */ +#ifndef OPENSSL_NO_GMP +# define OPENSSL_NO_GMP #endif -#ifdef OPENSSL_THREAD_DEFINES -# ifndef THREADS -# define THREADS -# endif +/* The Kerberos 5 support is MIT-specific. */ +#ifndef OPENSSL_NO_KRB5 +# define OPENSSL_NO_KRB5 +#endif + +#endif /* OPENSSL_DOING_MAKEDEPEND */ +#ifndef OPENSSL_THREADS +# define OPENSSL_THREADS +#endif +#ifndef OPENSSL_NO_STATIC_ENGINE +# define OPENSSL_NO_STATIC_ENGINE #endif + +/* The OPENSSL_NO_* macros are also defined as NO_* if the application + asks for it. This is a transient feature that is provided for those + who haven't had the time to do the appropriate changes in their + applications. */ +#ifdef OPENSSL_ALGORITHM_DEFINES +# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP) +# define NO_GMP +# endif +# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5) +# define NO_KRB5 +# endif +# endif #ifdef OPENSSL_OTHER_DEFINES # ifndef NO_ASM # define NO_ASM @@ -25,12 +47,16 @@ #if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) +#define ENGINESDIR "/usr/lib/engines" #define OPENSSLDIR "/etc/ssl" #endif #endif +#undef OPENSSL_UNISTD #define OPENSSL_UNISTD <unistd.h> +#undef OPENSSL_EXPORT_VAR_AS_FUNCTION + #if defined(HEADER_IDEA_H) && !defined(IDEA_INT) #define IDEA_INT unsigned int #endif @@ -64,7 +90,7 @@ #endif #endif -#if (defined(HEADER_DES_H) || defined(HEADER_NEW_DES_H)) && !defined(DES_LONG) +#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG) /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a * %20 speed up (longs are 8 bytes, int's are 4). */ #ifndef DES_LONG @@ -173,5 +199,3 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! #endif /* DES_DEFAULT_OPTIONS */ #endif /* HEADER_DES_LOCL_H */ -/* The Kerberos 5 support is MIT-specific. */ -#define OPENSSL_NO_KRB5 diff --git a/secure/lib/libcrypto/opensslconf-ia64.h b/secure/lib/libcrypto/opensslconf-ia64.h index 14e5af5..e050be2 100644 --- a/secure/lib/libcrypto/opensslconf-ia64.h +++ b/secure/lib/libcrypto/opensslconf-ia64.h @@ -1,17 +1,39 @@ /* $FreeBSD$ */ /* opensslconf.h */ - /* WARNING: Generated automatically from opensslconf.h.in by Configure. */ /* OpenSSL was configured with the following options: */ -#ifdef OPENSSL_ALGORITHM_DEFINES - /* no ciphers excluded */ +#ifndef OPENSSL_DOING_MAKEDEPEND + +/* libgmp is not in the FreeBSD base system. */ +#ifndef OPENSSL_NO_GMP +# define OPENSSL_NO_GMP #endif -#ifdef OPENSSL_THREAD_DEFINES -# ifndef THREADS -# define THREADS -# endif +/* The Kerberos 5 support is MIT-specific. */ +#ifndef OPENSSL_NO_KRB5 +# define OPENSSL_NO_KRB5 +#endif + +#endif /* OPENSSL_DOING_MAKEDEPEND */ +#ifndef OPENSSL_THREADS +# define OPENSSL_THREADS +#endif +#ifndef OPENSSL_NO_STATIC_ENGINE +# define OPENSSL_NO_STATIC_ENGINE #endif + +/* The OPENSSL_NO_* macros are also defined as NO_* if the application + asks for it. This is a transient feature that is provided for those + who haven't had the time to do the appropriate changes in their + applications. */ +#ifdef OPENSSL_ALGORITHM_DEFINES +# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP) +# define NO_GMP +# endif +# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5) +# define NO_KRB5 +# endif +# endif #ifdef OPENSSL_OTHER_DEFINES # ifndef NO_ASM # define NO_ASM @@ -25,12 +47,16 @@ #if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) +#define ENGINESDIR "/usr/lib/engines" #define OPENSSLDIR "/etc/ssl" #endif #endif +#undef OPENSSL_UNISTD #define OPENSSL_UNISTD <unistd.h> +#undef OPENSSL_EXPORT_VAR_AS_FUNCTION + #if defined(HEADER_IDEA_H) && !defined(IDEA_INT) #define IDEA_INT unsigned int #endif @@ -64,7 +90,7 @@ #endif #endif -#if (defined(HEADER_DES_H) || defined(HEADER_NEW_DES_H)) && !defined(DES_LONG) +#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG) /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a * %20 speed up (longs are 8 bytes, int's are 4). */ #ifndef DES_LONG @@ -173,5 +199,3 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! #endif /* DES_DEFAULT_OPTIONS */ #endif /* HEADER_DES_LOCL_H */ -/* The Kerberos 5 support is MIT-specific. */ -#define OPENSSL_NO_KRB5 diff --git a/secure/lib/libcrypto/opensslconf-powerpc.h b/secure/lib/libcrypto/opensslconf-powerpc.h index 736c996..f8ecc65 100644 --- a/secure/lib/libcrypto/opensslconf-powerpc.h +++ b/secure/lib/libcrypto/opensslconf-powerpc.h @@ -1,17 +1,39 @@ /* $FreeBSD$ */ /* opensslconf.h */ - /* WARNING: Generated automatically from opensslconf.h.in by Configure. */ /* OpenSSL was configured with the following options: */ -#ifdef OPENSSL_ALGORITHM_DEFINES - /* no ciphers excluded */ +#ifndef OPENSSL_DOING_MAKEDEPEND + +/* libgmp is not in the FreeBSD base system. */ +#ifndef OPENSSL_NO_GMP +# define OPENSSL_NO_GMP #endif -#ifdef OPENSSL_THREAD_DEFINES -# ifndef THREADS -# define THREADS -# endif +/* The Kerberos 5 support is MIT-specific. */ +#ifndef OPENSSL_NO_KRB5 +# define OPENSSL_NO_KRB5 +#endif + +#endif /* OPENSSL_DOING_MAKEDEPEND */ +#ifndef OPENSSL_THREADS +# define OPENSSL_THREADS +#endif +#ifndef OPENSSL_NO_STATIC_ENGINE +# define OPENSSL_NO_STATIC_ENGINE #endif + +/* The OPENSSL_NO_* macros are also defined as NO_* if the application + asks for it. This is a transient feature that is provided for those + who haven't had the time to do the appropriate changes in their + applications. */ +#ifdef OPENSSL_ALGORITHM_DEFINES +# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP) +# define NO_GMP +# endif +# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5) +# define NO_KRB5 +# endif +# endif #ifdef OPENSSL_OTHER_DEFINES # ifndef NO_ASM # define NO_ASM @@ -25,12 +47,16 @@ #if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) +#define ENGINESDIR "/usr/lib/engines" #define OPENSSLDIR "/etc/ssl" #endif #endif +#undef OPENSSL_UNISTD #define OPENSSL_UNISTD <unistd.h> +#undef OPENSSL_EXPORT_VAR_AS_FUNCTION + #if defined(HEADER_IDEA_H) && !defined(IDEA_INT) #define IDEA_INT unsigned int #endif @@ -64,7 +90,7 @@ #endif #endif -#if (defined(HEADER_DES_H) || defined(HEADER_NEW_DES_H)) && !defined(DES_LONG) +#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG) /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a * %20 speed up (longs are 8 bytes, int's are 4). */ #ifndef DES_LONG @@ -173,5 +199,3 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! #endif /* DES_DEFAULT_OPTIONS */ #endif /* HEADER_DES_LOCL_H */ -/* The Kerberos 5 support is MIT-specific. */ -#define OPENSSL_NO_KRB5 diff --git a/secure/lib/libcrypto/opensslconf-sparc64.h b/secure/lib/libcrypto/opensslconf-sparc64.h index 14e5af5..e050be2 100644 --- a/secure/lib/libcrypto/opensslconf-sparc64.h +++ b/secure/lib/libcrypto/opensslconf-sparc64.h @@ -1,17 +1,39 @@ /* $FreeBSD$ */ /* opensslconf.h */ - /* WARNING: Generated automatically from opensslconf.h.in by Configure. */ /* OpenSSL was configured with the following options: */ -#ifdef OPENSSL_ALGORITHM_DEFINES - /* no ciphers excluded */ +#ifndef OPENSSL_DOING_MAKEDEPEND + +/* libgmp is not in the FreeBSD base system. */ +#ifndef OPENSSL_NO_GMP +# define OPENSSL_NO_GMP #endif -#ifdef OPENSSL_THREAD_DEFINES -# ifndef THREADS -# define THREADS -# endif +/* The Kerberos 5 support is MIT-specific. */ +#ifndef OPENSSL_NO_KRB5 +# define OPENSSL_NO_KRB5 +#endif + +#endif /* OPENSSL_DOING_MAKEDEPEND */ +#ifndef OPENSSL_THREADS +# define OPENSSL_THREADS +#endif +#ifndef OPENSSL_NO_STATIC_ENGINE +# define OPENSSL_NO_STATIC_ENGINE #endif + +/* The OPENSSL_NO_* macros are also defined as NO_* if the application + asks for it. This is a transient feature that is provided for those + who haven't had the time to do the appropriate changes in their + applications. */ +#ifdef OPENSSL_ALGORITHM_DEFINES +# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP) +# define NO_GMP +# endif +# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5) +# define NO_KRB5 +# endif +# endif #ifdef OPENSSL_OTHER_DEFINES # ifndef NO_ASM # define NO_ASM @@ -25,12 +47,16 @@ #if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) +#define ENGINESDIR "/usr/lib/engines" #define OPENSSLDIR "/etc/ssl" #endif #endif +#undef OPENSSL_UNISTD #define OPENSSL_UNISTD <unistd.h> +#undef OPENSSL_EXPORT_VAR_AS_FUNCTION + #if defined(HEADER_IDEA_H) && !defined(IDEA_INT) #define IDEA_INT unsigned int #endif @@ -64,7 +90,7 @@ #endif #endif -#if (defined(HEADER_DES_H) || defined(HEADER_NEW_DES_H)) && !defined(DES_LONG) +#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG) /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a * %20 speed up (longs are 8 bytes, int's are 4). */ #ifndef DES_LONG @@ -173,5 +199,3 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! #endif /* DES_DEFAULT_OPTIONS */ #endif /* HEADER_DES_LOCL_H */ -/* The Kerberos 5 support is MIT-specific. */ -#define OPENSSL_NO_KRB5 diff --git a/secure/lib/libssl/Makefile b/secure/lib/libssl/Makefile index 4db4b0a..5550b9b 100644 --- a/secure/lib/libssl/Makefile +++ b/secure/lib/libssl/Makefile @@ -1,7 +1,7 @@ # $FreeBSD$ LIB= ssl -SHLIB_MAJOR= 4 +SHLIB_MAJOR= 5 NO_LINT= @@ -10,14 +10,16 @@ NO_LINT= .endif .include "../libcrypto/Makefile.inc" -SRCS= bio_ssl.c s23_clnt.c s23_lib.c s23_meth.c s23_pkt.c s23_srvr.c \ +SRCS= bio_ssl.c d1_meth.c d1_srvr.c d1_clnt.c d1_lib.c d1_pkt.c \ + d1_both.c d1_enc.c \ + s23_clnt.c s23_lib.c s23_meth.c s23_pkt.c s23_srvr.c \ s2_clnt.c s2_enc.c s2_lib.c s2_meth.c s2_pkt.c s2_srvr.c \ s3_both.c s3_clnt.c s3_enc.c s3_lib.c s3_meth.c s3_pkt.c \ s3_srvr.c ssl_algs.c ssl_asn1.c ssl_cert.c ssl_ciph.c \ ssl_err.c ssl_err2.c ssl_lib.c ssl_rsa.c ssl_sess.c ssl_stat.c \ - ssl_txt.c t1_clnt.c t1_enc.c t1_lib.c t1_meth.c t1_srvr.c + ssl_txt.c t1_clnt.c t1_enc.c t1_lib.c t1_meth.c t1_srvr.c \ -INCS= kssl.h ssl.h ssl2.h ssl23.h ssl3.h tls1.h +INCS= dtls1.h kssl.h ssl.h ssl2.h ssl23.h ssl3.h tls1.h INCSDIR=${INCLUDEDIR}/openssl DPADD= ${LIBCRYPTO} diff --git a/secure/lib/libssl/man/SSL_CIPHER_get_name.3 b/secure/lib/libssl/man/SSL_CIPHER_get_name.3 index e10566cb..63916e0 100644 --- a/secure/lib/libssl/man/SSL_CIPHER_get_name.3 +++ b/secure/lib/libssl/man/SSL_CIPHER_get_name.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:37 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,22 +126,22 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CIPHER_get_name 3" -.TH SSL_CIPHER_get_name 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CIPHER_get_name 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, SSL_CIPHER_description \- get \s-1SSL_CIPHER\s0 properties +SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, SSL_CIPHER_description \- get SSL_CIPHER properties .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 4 -\& const char *SSL_CIPHER_get_name(SSL_CIPHER *cipher); -\& int SSL_CIPHER_get_bits(SSL_CIPHER *cipher, int *alg_bits); -\& char *SSL_CIPHER_get_version(SSL_CIPHER *cipher); +\& const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher); +\& int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits); +\& char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher); \& char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int size); .Ve .SH "DESCRIPTION" @@ -175,37 +166,37 @@ returned. If \fBbuf\fR is \s-1NULL\s0, a buffer of 128 bytes is allocated using .SH "NOTES" .IX Header "NOTES" The number of bits processed can be different from the secret bits. An -export cipher like e.g. \s-1EXP-RC4\-MD5\s0 has only 40 secret bits. The algorithm +export cipher like e.g. \s-1EXP\-RC4\-MD5\s0 has only 40 secret bits. The algorithm does use the full 128 bits (which would be returned for \fBalg_bits\fR), of which however 88bits are fixed. The search space is hence only 40 bits. .PP The string returned by \fISSL_CIPHER_description()\fR in case of success consists of cleartext information separated by one or more blanks in the following sequence: -.Ip "<ciphername>" 4 +.IP "<ciphername>" 4 .IX Item "<ciphername>" Textual representation of the cipher name. -.Ip "<protocol version>" 4 +.IP "<protocol version>" 4 .IX Item "<protocol version>" Protocol version: \fBSSLv2\fR, \fBSSLv3\fR. The TLSv1 ciphers are flagged with SSLv3. -.Ip "Kx=<key exchange>" 4 +.IP "Kx=<key exchange>" 4 .IX Item "Kx=<key exchange>" -Key exchange method: \fB\s-1RSA\s0\fR (for export ciphers as \fBRSA(512)\fR or -\&\fBRSA(1024)\fR), \fB\s-1DH\s0\fR (for export ciphers as \fBDH(512)\fR or \fBDH(1024)\fR), +Key exchange method: \fB\s-1RSA\s0\fR (for export ciphers as \fB\s-1RSA\s0(512)\fR or +\&\fB\s-1RSA\s0(1024)\fR), \fB\s-1DH\s0\fR (for export ciphers as \fB\s-1DH\s0(512)\fR or \fB\s-1DH\s0(1024)\fR), \&\fB\s-1DH/RSA\s0\fR, \fB\s-1DH/DSS\s0\fR, \fBFortezza\fR. -.Ip "Au=<authentication>" 4 +.IP "Au=<authentication>" 4 .IX Item "Au=<authentication>" Authentication method: \fB\s-1RSA\s0\fR, \fB\s-1DSS\s0\fR, \fB\s-1DH\s0\fR, \fBNone\fR. None is the representation of anonymous ciphers. -.Ip "Enc=<symmetric encryption method>" 4 +.IP "Enc=<symmetric encryption method>" 4 .IX Item "Enc=<symmetric encryption method>" -Encryption method with number of secret bits: \fBDES(40)\fR, \fBDES(56)\fR, -\&\fB3DES(168)\fR, \fBRC4(40)\fR, \fBRC4(56)\fR, \fBRC4(64)\fR, \fBRC4(128)\fR, -\&\fBRC2(40)\fR, \fBRC2(56)\fR, \fBRC2(128)\fR, \fBIDEA(128)\fR, \fBFortezza\fR, \fBNone\fR. -.Ip "Mac=<message authentication code>" 4 +Encryption method with number of secret bits: \fB\s-1DES\s0(40)\fR, \fB\s-1DES\s0(56)\fR, +\&\fB3DES(168)\fR, \fB\s-1RC4\s0(40)\fR, \fB\s-1RC4\s0(56)\fR, \fB\s-1RC4\s0(64)\fR, \fB\s-1RC4\s0(128)\fR, +\&\fB\s-1RC2\s0(40)\fR, \fB\s-1RC2\s0(56)\fR, \fB\s-1RC2\s0(128)\fR, \fB\s-1IDEA\s0(128)\fR, \fBFortezza\fR, \fBNone\fR. +.IP "Mac=<message authentication code>" 4 .IX Item "Mac=<message authentication code>" Message digest: \fB\s-1MD5\s0\fR, \fB\s-1SHA1\s0\fR. -.Ip "<export flag>" 4 +.IP "<export flag>" 4 .IX Item "<export flag>" If the cipher is flagged exportable with respect to old \s-1US\s0 crypto regulations, the word "\fBexport\fR" is printed. @@ -232,5 +223,5 @@ occur. See \s-1DESCRIPTION\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_get_current_cipher(3), -SSL_get_ciphers(3), ciphers(1) +\&\fIssl\fR\|(3), \fISSL_get_current_cipher\fR\|(3), +\&\fISSL_get_ciphers\fR\|(3), \fIciphers\fR\|(1) diff --git a/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 b/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 index 3da69db..dcef519 100644 --- a/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 +++ b/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:37 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,18 +126,18 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_COMP_add_compression_method 3" -.TH SSL_COMP_add_compression_method 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_COMP_add_compression_method 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_COMP_add_compression_method \- handle \s-1SSL/TLS\s0 integrated compression methods +SSL_COMP_add_compression_method \- handle SSL/TLS integrated compression methods .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 \& int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); .Ve @@ -187,11 +178,11 @@ it in the current state is not recommended. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fISSL_COMP_add_compression_method()\fR may return the following values: -.Ip "1" 4 -.IX Item "1" +.IP "0" 4 The operation succeeded. -.Ip "0" 4 +.IP "1" 4 +.IX Item "1" The operation failed. Check the error queue to find out the reason. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3) +\&\fIssl\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 b/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 index ffcbacf..1f8e3ba 100644 --- a/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 +++ b/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:37 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_add_extra_chain_cert 3" -.TH SSL_CTX_add_extra_chain_cert 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_add_extra_chain_cert 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_CTX_add_extra_chain_cert \- add certificate to chain .SH "SYNOPSIS" @@ -147,6 +137,7 @@ SSL_CTX_add_extra_chain_cert \- add certificate to chain .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 \& long SSL_CTX_add_extra_chain_cert(SSL_CTX ctx, X509 *x509) .Ve @@ -161,14 +152,14 @@ When constructing the certificate chain, the chain will be formed from these certificates explicitly specified. If no chain is specified, the library will try to complete the chain from the available \s-1CA\s0 certificates in the trusted \s-1CA\s0 storage, see -SSL_CTX_load_verify_locations(3). +\&\fISSL_CTX_load_verify_locations\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fISSL_CTX_add_extra_chain_cert()\fR returns 1 on success. Check out the error stack to find out the reason for failure otherwise. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), -SSL_CTX_use_certificate(3), -SSL_CTX_set_client_cert_cb(3), -SSL_CTX_load_verify_locations(3) +\&\fIssl\fR\|(3), +\&\fISSL_CTX_use_certificate\fR\|(3), +\&\fISSL_CTX_set_client_cert_cb\fR\|(3), +\&\fISSL_CTX_load_verify_locations\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_add_session.3 b/secure/lib/libssl/man/SSL_CTX_add_session.3 index 74d18a5..3e25e61 100644 --- a/secure/lib/libssl/man/SSL_CTX_add_session.3 +++ b/secure/lib/libssl/man/SSL_CTX_add_session.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:37 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_add_session 3" -.TH SSL_CTX_add_session 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_add_session 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_CTX_add_session, SSL_add_session, SSL_CTX_remove_session, SSL_remove_session \- manipulate session cache .SH "SYNOPSIS" @@ -147,10 +137,12 @@ SSL_CTX_add_session, SSL_add_session, SSL_CTX_remove_session, SSL_remove_session .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 2 \& int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c); \& int SSL_add_session(SSL_CTX *ctx, SSL_SESSION *c); .Ve +.PP .Vb 2 \& int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c); \& int SSL_remove_session(SSL_CTX *ctx, SSL_SESSION *c); @@ -160,10 +152,10 @@ SSL_CTX_add_session, SSL_add_session, SSL_CTX_remove_session, SSL_remove_session \&\fISSL_CTX_add_session()\fR adds the session \fBc\fR to the context \fBctx\fR. The reference count for session \fBc\fR is incremented by 1. If a session with the same session id already exists, the old session is removed by calling -SSL_SESSION_free(3). +\&\fISSL_SESSION_free\fR\|(3). .PP \&\fISSL_CTX_remove_session()\fR removes the session \fBc\fR from the context \fBctx\fR. -SSL_SESSION_free(3) is called once for \fBc\fR. +\&\fISSL_SESSION_free\fR\|(3) is called once for \fBc\fR. .PP \&\fISSL_add_session()\fR and \fISSL_remove_session()\fR are synonyms for their SSL_CTX_*() counterparts. @@ -175,7 +167,7 @@ it is assumed that both sessions are identical. If the same session is stored in a different \s-1SSL_SESSION\s0 object, The old session is removed and replaced by the new session. If the session is actually identical (the \s-1SSL_SESSION\s0 object is identical), \fISSL_CTX_add_session()\fR -is a no-op, and the return value is 0. +is a no\-op, and the return value is 0. .PP If a server \s-1SSL_CTX\s0 is configured with the \s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0 flag then the internal cache will not be populated automatically by new @@ -187,19 +179,19 @@ over the sessions that can be resumed if desired. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following values are returned by all functions: -.Ip "0" 4 +.IP "0" 4 .Vb 3 \& The operation failed. In case of the add operation, it was tried to add \& the same (identical) session twice. In case of the remove operation, the \& session was not found in the cache. .Ve -.Ip "1" 4 +.IP "1" 4 .IX Item "1" .Vb 1 \& The operation succeeded. .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), -SSL_CTX_set_session_cache_mode(3), -SSL_SESSION_free(3) +\&\fIssl\fR\|(3), +\&\fISSL_CTX_set_session_cache_mode\fR\|(3), +\&\fISSL_SESSION_free\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_ctrl.3 b/secure/lib/libssl/man/SSL_CTX_ctrl.3 index 3bb2602..3e0c960 100644 --- a/secure/lib/libssl/man/SSL_CTX_ctrl.3 +++ b/secure/lib/libssl/man/SSL_CTX_ctrl.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:38 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,22 +126,23 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_ctrl 3" -.TH SSL_CTX_ctrl 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_ctrl 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_CTX_ctrl, SSL_CTX_callback_ctrl, SSL_ctrl, SSL_callback_ctrl \- internal handling functions for \s-1SSL_CTX\s0 and \s-1SSL\s0 objects +SSL_CTX_ctrl, SSL_CTX_callback_ctrl, SSL_ctrl, SSL_callback_ctrl \- internal handling functions for SSL_CTX and SSL objects .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 2 \& long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); \& long SSL_CTX_callback_ctrl(SSL_CTX *, int cmd, void (*fp)()); .Ve +.PP .Vb 2 \& long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); \& long SSL_callback_ctrl(SSL *, int cmd, void (*fp)()); @@ -168,4 +160,4 @@ The return values of the SSL*\fI_ctrl()\fR functions depend on the command supplied via the \fBcmd\fR parameter. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3) +\&\fIssl\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 b/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 index f33b54e..29ef9a1 100644 --- a/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 +++ b/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:38 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_flush_sessions 3" -.TH SSL_CTX_flush_sessions 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_flush_sessions 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_CTX_flush_sessions, SSL_flush_sessions \- remove expired sessions .SH "SYNOPSIS" @@ -147,6 +137,7 @@ SSL_CTX_flush_sessions, SSL_flush_sessions \- remove expired sessions .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 2 \& void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); \& void SSL_flush_sessions(SSL_CTX *ctx, long tm); @@ -164,7 +155,7 @@ up to the specified maximum number (see \fISSL_CTX_sess_set_cache_size()\fR). As sessions will not be reused ones they are expired, they should be removed from the cache to save resources. This can either be done automatically whenever 255 new sessions were established (see -SSL_CTX_set_session_cache_mode(3)) +\&\fISSL_CTX_set_session_cache_mode\fR\|(3)) or manually by calling \fISSL_CTX_flush_sessions()\fR. .PP The parameter \fBtm\fR specifies the time which should be used for the @@ -174,12 +165,12 @@ will be used. \&\fISSL_CTX_flush_sessions()\fR will only check sessions stored in the internal cache. When a session is found and removed, the remove_session_cb is however called to synchronize with the external cache (see -SSL_CTX_sess_set_get_cb(3)). +\&\fISSL_CTX_sess_set_get_cb\fR\|(3)). .SH "RETURN VALUES" .IX Header "RETURN VALUES" .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), -SSL_CTX_set_session_cache_mode(3), -SSL_CTX_set_timeout(3), -SSL_CTX_sess_set_get_cb(3) +\&\fIssl\fR\|(3), +\&\fISSL_CTX_set_session_cache_mode\fR\|(3), +\&\fISSL_CTX_set_timeout\fR\|(3), +\&\fISSL_CTX_sess_set_get_cb\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_free.3 b/secure/lib/libssl/man/SSL_CTX_free.3 index 9a91c9b..dca22c7 100644 --- a/secure/lib/libssl/man/SSL_CTX_free.3 +++ b/secure/lib/libssl/man/SSL_CTX_free.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:38 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,18 +126,18 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_free 3" -.TH SSL_CTX_free 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_free 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_CTX_free \- free an allocated \s-1SSL_CTX\s0 object +SSL_CTX_free \- free an allocated SSL_CTX object .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 \& void SSL_CTX_free(SSL_CTX *ctx); .Ve @@ -159,9 +150,18 @@ the reference count has reached 0. It also calls the \fIfree()\fRing procedures for indirectly affected items, if applicable: the session cache, the list of ciphers, the list of Client CAs, the certificates and keys. +.SH "WARNINGS" +.IX Header "WARNINGS" +If a session-remove callback is set (\fISSL_CTX_sess_set_remove_cb()\fR), this +callback will be called for each session being freed from \fBctx\fR's +session cache. This implies, that all corresponding sessions from an +external session cache are removed as well. If this is not desired, the user +should explicitly unset the callback by calling +SSL_CTX_sess_set_remove_cb(\fBctx\fR, \s-1NULL\s0) prior to calling \fISSL_CTX_free()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fISSL_CTX_free()\fR does not provide diagnostic information. .SH "SEE ALSO" .IX Header "SEE ALSO" -SSL_CTX_new(3), ssl(3) +\&\fISSL_CTX_new\fR\|(3), \fIssl\fR\|(3), +\&\fISSL_CTX_sess_set_get_cb\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 b/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 index 106ede2..7385507 100644 --- a/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 +++ b/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:38 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_get_ex_new_index 3" -.TH SSL_CTX_get_ex_new_index 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_get_ex_new_index 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_CTX_get_ex_new_index, SSL_CTX_set_ex_data, SSL_CTX_get_ex_data \- internal application specific data functions .SH "SYNOPSIS" @@ -147,18 +137,22 @@ SSL_CTX_get_ex_new_index, SSL_CTX_set_ex_data, SSL_CTX_get_ex_data \- internal a .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 4 \& int SSL_CTX_get_ex_new_index(long argl, void *argp, \& CRYPTO_EX_new *new_func, \& CRYPTO_EX_dup *dup_func, \& CRYPTO_EX_free *free_func); .Ve +.PP .Vb 1 \& int SSL_CTX_set_ex_data(SSL_CTX *ctx, int idx, void *arg); .Ve +.PP .Vb 1 -\& void *SSL_CTX_get_ex_data(SSL_CTX *ctx, int idx); +\& void *SSL_CTX_get_ex_data(const SSL_CTX *ctx, int idx); .Ve +.PP .Vb 6 \& typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, \& int idx, long argl, void *argp); @@ -183,11 +177,11 @@ into the \fBctx\fR object. \&\fBctx\fR. .PP A detailed description for the \fB*\f(BI_get_ex_new_index()\fB\fR functionality -can be found in RSA_get_ex_new_index(3). +can be found in \fIRSA_get_ex_new_index\fR\|(3). The \fB*\f(BI_get_ex_data()\fB\fR and \fB*\f(BI_set_ex_data()\fB\fR functionality is described in -CRYPTO_set_ex_data(3). +\&\fICRYPTO_set_ex_data\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), -RSA_get_ex_new_index(3), -CRYPTO_set_ex_data(3) +\&\fIssl\fR\|(3), +\&\fIRSA_get_ex_new_index\fR\|(3), +\&\fICRYPTO_set_ex_data\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 b/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 index 3541228..50220ca 100644 --- a/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 +++ b/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:38 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_get_verify_mode 3" -.TH SSL_CTX_get_verify_mode 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_get_verify_mode 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_CTX_get_verify_mode, SSL_get_verify_mode, SSL_CTX_get_verify_depth, SSL_get_verify_depth, SSL_get_verify_callback, SSL_CTX_get_verify_callback \- get currently set verification parameters .SH "SYNOPSIS" @@ -147,13 +137,14 @@ SSL_CTX_get_verify_mode, SSL_get_verify_mode, SSL_CTX_get_verify_depth, SSL_get_ .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 6 -\& int SSL_CTX_get_verify_mode(SSL_CTX *ctx); -\& int SSL_get_verify_mode(SSL *ssl); -\& int SSL_CTX_get_verify_depth(SSL_CTX *ctx); -\& int SSL_get_verify_depth(SSL *ssl); -\& int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(int, X509_STORE_CTX *); -\& int (*SSL_get_verify_callback(SSL *ssl))(int, X509_STORE_CTX *); +\& int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); +\& int SSL_get_verify_mode(const SSL *ssl); +\& int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); +\& int SSL_get_verify_depth(const SSL *ssl); +\& int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *); +\& int (*SSL_get_verify_callback(const SSL *ssl))(int, X509_STORE_CTX *); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -183,4 +174,4 @@ callback currently set in \fBssl\fR. If no callback was explicitly set, the See \s-1DESCRIPTION\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_CTX_set_verify(3) +\&\fIssl\fR\|(3), \fISSL_CTX_set_verify\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 b/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 index b2ab727..4f99ec6 100644 --- a/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 +++ b/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:38 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,19 +126,19 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_load_verify_locations 3" -.TH SSL_CTX_load_verify_locations 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_load_verify_locations 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_CTX_load_verify_locations \- set default locations for trusted \s-1CA\s0 +SSL_CTX_load_verify_locations \- set default locations for trusted CA certificates .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 2 \& int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, \& const char *CApath); @@ -167,6 +158,7 @@ format. The file can contain several \s-1CA\s0 certificates identified by \& ... (CA certificate in base64 encoding) ... \& -----END CERTIFICATE----- .Ve +.PP sequences. Before, between, and after the certificates text is allowed which can be used e.g. for descriptions of the certificates. .PP @@ -199,14 +191,14 @@ In server mode, when requesting a client certificate, the server must send the list of CAs of which it will accept client certificates. This list is not influenced by the contents of \fBCAfile\fR or \fBCApath\fR and must explicitly be set using the -SSL_CTX_set_client_CA_list(3) +\&\fISSL_CTX_set_client_CA_list\fR\|(3) family of functions. .PP When building its own certificate chain, an OpenSSL client/server will try to fill in missing certificates from \fBCAfile\fR/\fBCApath\fR, if the certificate chain was not explicitly specified (see -SSL_CTX_add_extra_chain_cert(3), -SSL_CTX_use_certificate(3). +\&\fISSL_CTX_add_extra_chain_cert\fR\|(3), +\&\fISSL_CTX_use_certificate\fR\|(3). .SH "WARNINGS" .IX Header "WARNINGS" If several \s-1CA\s0 certificates matching the name, key identifier, and serial @@ -227,6 +219,7 @@ ca1.pem ca2.pem ca3.pem: \& openssl x509 -in $i -text >> CAfile.pem \& done .Ve +.PP Prepare the directory /some/where/certs containing several \s-1CA\s0 certificates for use as \fBCApath\fR: .PP @@ -237,18 +230,18 @@ for use as \fBCApath\fR: .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.Ip "0" 4 +.IP "0" 4 The operation failed because \fBCAfile\fR and \fBCApath\fR are \s-1NULL\s0 or the processing at one of the locations specified failed. Check the error stack to find out the reason. -.Ip "1" 4 +.IP "1" 4 .IX Item "1" The operation succeeded. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), -SSL_CTX_set_client_CA_list(3), -SSL_get_client_CA_list(3), -SSL_CTX_use_certificate(3), -SSL_CTX_add_extra_chain_cert(3), -SSL_CTX_set_cert_store(3) +\&\fIssl\fR\|(3), +\&\fISSL_CTX_set_client_CA_list\fR\|(3), +\&\fISSL_get_client_CA_list\fR\|(3), +\&\fISSL_CTX_use_certificate\fR\|(3), +\&\fISSL_CTX_add_extra_chain_cert\fR\|(3), +\&\fISSL_CTX_set_cert_store\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_new.3 b/secure/lib/libssl/man/SSL_CTX_new.3 index 0879393..1ffa256 100644 --- a/secure/lib/libssl/man/SSL_CTX_new.3 +++ b/secure/lib/libssl/man/SSL_CTX_new.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:39 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,18 +126,18 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_new 3" -.TH SSL_CTX_new 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_new 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_CTX_new \- create a new \s-1SSL_CTX\s0 object as framework for \s-1TLS/SSL\s0 enabled functions +SSL_CTX_new \- create a new SSL_CTX object as framework for TLS/SSL enabled functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 \& SSL_CTX *SSL_CTX_new(SSL_METHOD *method); .Ve @@ -159,13 +150,13 @@ SSL_CTX_new \- create a new \s-1SSL_CTX\s0 object as framework for \s-1TLS/SSL\s The \s-1SSL_CTX\s0 object uses \fBmethod\fR as connection method. The methods exist in a generic type (for client and server use), a server only type, and a client only type. \fBmethod\fR can be of the following types: -.Ip "SSLv2_method(void), SSLv2_server_method(void), SSLv2_client_method(void)" 4 +.IP "SSLv2_method(void), SSLv2_server_method(void), SSLv2_client_method(void)" 4 .IX Item "SSLv2_method(void), SSLv2_server_method(void), SSLv2_client_method(void)" A \s-1TLS/SSL\s0 connection established with these methods will only understand the SSLv2 protocol. A client will send out SSLv2 client hello messages and will also indicate that it only understand SSLv2. A server will only understand SSLv2 client hello messages. -.Ip "SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void)" 4 +.IP "SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void)" 4 .IX Item "SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void)" A \s-1TLS/SSL\s0 connection established with these methods will only understand the SSLv3 protocol. A client will send out SSLv3 client hello messages @@ -173,7 +164,7 @@ and will indicate that it only understands SSLv3. A server will only understand SSLv3 client hello messages. This especially means, that it will not understand SSLv2 client hello messages which are widely used for compatibility reasons, see SSLv23_*\fI_method()\fR. -.Ip "TLSv1_method(void), TLSv1_server_method(void), TLSv1_client_method(void)" 4 +.IP "TLSv1_method(void), TLSv1_server_method(void), TLSv1_client_method(void)" 4 .IX Item "TLSv1_method(void), TLSv1_server_method(void), TLSv1_client_method(void)" A \s-1TLS/SSL\s0 connection established with these methods will only understand the TLSv1 protocol. A client will send out TLSv1 client hello messages @@ -182,7 +173,7 @@ TLSv1 client hello messages. This especially means, that it will not understand SSLv2 client hello messages which are widely used for compatibility reasons, see SSLv23_*\fI_method()\fR. It will also not understand SSLv3 client hello messages. -.Ip "SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void)" 4 +.IP "SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void)" 4 .IX Item "SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void)" A \s-1TLS/SSL\s0 connection established with these methods will understand the SSLv2, SSLv3, and TLSv1 protocol. A client will send out SSLv2 client hello messages @@ -202,14 +193,14 @@ values. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.Ip "\s-1NULL\s0" 4 +.IP "\s-1NULL\s0" 4 .IX Item "NULL" The creation of a new \s-1SSL_CTX\s0 object failed. Check the error stack to find out the reason. -.Ip "Pointer to an \s-1SSL_CTX\s0 object" 4 +.IP "Pointer to an \s-1SSL_CTX\s0 object" 4 .IX Item "Pointer to an SSL_CTX object" The return value points to an allocated \s-1SSL_CTX\s0 object. .SH "SEE ALSO" .IX Header "SEE ALSO" -SSL_CTX_free(3), SSL_accept(3), -ssl(3), SSL_set_connect_state(3) +\&\fISSL_CTX_free\fR\|(3), \fISSL_accept\fR\|(3), +\&\fIssl\fR\|(3), \fISSL_set_connect_state\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_sess_number.3 b/secure/lib/libssl/man/SSL_CTX_sess_number.3 index 42251e8..44a262a 100644 --- a/secure/lib/libssl/man/SSL_CTX_sess_number.3 +++ b/secure/lib/libssl/man/SSL_CTX_sess_number.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:39 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_sess_number 3" -.TH SSL_CTX_sess_number 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_sess_number 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_CTX_sess_number, SSL_CTX_sess_connect, SSL_CTX_sess_connect_good, SSL_CTX_sess_connect_renegotiate, SSL_CTX_sess_accept, SSL_CTX_sess_accept_good, SSL_CTX_sess_accept_renegotiate, SSL_CTX_sess_hits, SSL_CTX_sess_cb_hits, SSL_CTX_sess_misses, SSL_CTX_sess_timeouts, SSL_CTX_sess_cache_full \- obtain session cache statistics .SH "SYNOPSIS" @@ -147,6 +137,7 @@ SSL_CTX_sess_number, SSL_CTX_sess_connect, SSL_CTX_sess_connect_good, SSL_CTX_se .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 12 \& long SSL_CTX_sess_number(SSL_CTX *ctx); \& long SSL_CTX_sess_connect(SSL_CTX *ctx); @@ -185,7 +176,7 @@ server mode. in server mode. .PP \&\fISSL_CTX_sess_hits()\fR returns the number of successfully reused sessions. -In client mode a session set with SSL_set_session(3) +In client mode a session set with \fISSL_set_session\fR\|(3) successfully reused is counted as a hit. In server mode a session successfully retrieved from internal or external cache is counted as a hit. .PP @@ -207,6 +198,6 @@ because the maximum session cache size was exceeded. The functions return the values indicated in the \s-1DESCRIPTION\s0 section. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_set_session(3), -SSL_CTX_set_session_cache_mode(3) -SSL_CTX_sess_set_cache_size(3) +\&\fIssl\fR\|(3), \fISSL_set_session\fR\|(3), +\&\fISSL_CTX_set_session_cache_mode\fR\|(3) +\&\fISSL_CTX_sess_set_cache_size\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 b/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 index 1c1fc51..1f74c68 100644 --- a/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 +++ b/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:39 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_sess_set_cache_size 3" -.TH SSL_CTX_sess_set_cache_size 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_sess_set_cache_size 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_CTX_sess_set_cache_size, SSL_CTX_sess_get_cache_size \- manipulate session cache size .SH "SYNOPSIS" @@ -147,6 +137,7 @@ SSL_CTX_sess_set_cache_size, SSL_CTX_sess_get_cache_size \- manipulate session c .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 2 \& long SSL_CTX_sess_set_cache_size(SSL_CTX *ctx, long t); \& long SSL_CTX_sess_get_cache_size(SSL_CTX *ctx); @@ -166,7 +157,7 @@ case is the size 0, which is used for unlimited size. .PP When the maximum number of sessions is reached, no more new sessions are added to the cache. New space may be added by calling -SSL_CTX_flush_sessions(3) to remove +\&\fISSL_CTX_flush_sessions\fR\|(3) to remove expired sessions. .PP If the size of the session cache is reduced and more sessions are already @@ -180,7 +171,7 @@ expiration of sessions. \&\fISSL_CTX_sess_get_cache_size()\fR returns the currently valid size. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), -SSL_CTX_set_session_cache_mode(3), -SSL_CTX_sess_number(3), -SSL_CTX_flush_sessions(3) +\&\fIssl\fR\|(3), +\&\fISSL_CTX_set_session_cache_mode\fR\|(3), +\&\fISSL_CTX_sess_number\fR\|(3), +\&\fISSL_CTX_flush_sessions\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 b/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 index 1fbb9fa..cb5874d 100644 --- a/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 +++ b/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:39 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_sess_set_get_cb 3" -.TH SSL_CTX_sess_set_get_cb 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_sess_set_get_cb 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_CTX_sess_set_new_cb, SSL_CTX_sess_set_remove_cb, SSL_CTX_sess_set_get_cb, SSL_CTX_sess_get_new_cb, SSL_CTX_sess_get_remove_cb, SSL_CTX_sess_get_get_cb \- provide callback functions for server side external session caching .SH "SYNOPSIS" @@ -147,6 +137,7 @@ SSL_CTX_sess_set_new_cb, SSL_CTX_sess_set_remove_cb, SSL_CTX_sess_set_get_cb, SS .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 6 \& void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, \& int (*new_session_cb)(SSL *, SSL_SESSION *)); @@ -155,11 +146,13 @@ SSL_CTX_sess_set_new_cb, SSL_CTX_sess_set_remove_cb, SSL_CTX_sess_set_get_cb, SS \& void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, \& SSL_SESSION (*get_session_cb)(SSL *, unsigned char *, int, int *)); .Ve +.PP .Vb 3 \& int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess); \& void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, SSL_SESSION *sess); \& SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, unsigned char *data, int len, int *copy); .Ve +.PP .Vb 4 \& int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess); \& void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION *sess); @@ -179,7 +172,7 @@ of exceeding the timeout value. \&\fISSL_CTX_sess_set_get_cb()\fR sets the callback function which is called, whenever a \s-1SSL/TLS\s0 client proposed to resume a session but the session could not be found in the internal session cache (see -SSL_CTX_set_session_cache_mode(3)). +\&\fISSL_CTX_set_session_cache_mode\fR\|(3)). (\s-1SSL/TLS\s0 server only.) .PP \&\fISSL_CTX_sess_get_new_cb()\fR, \fISSL_CTX_sess_get_remove_cb()\fR, and @@ -191,20 +184,21 @@ the \s-1NULL\s0 pointer is returned. In order to allow external session caching, synchronization with the internal session cache is realized via callback functions. Inside these callback functions, session can be saved to disk or put into a database using the -d2i_SSL_SESSION(3) interface. +\&\fId2i_SSL_SESSION\fR\|(3) interface. .PP The \fInew_session_cb()\fR is called, whenever a new session has been negotiated and session caching is enabled (see -SSL_CTX_set_session_cache_mode(3)). +\&\fISSL_CTX_set_session_cache_mode\fR\|(3)). The \fInew_session_cb()\fR is passed the \fBssl\fR connection and the ssl session \&\fBsess\fR. If the callback returns \fB0\fR, the session will be immediately removed again. .PP The \fIremove_session_cb()\fR is called, whenever the \s-1SSL\s0 engine removes a session -from the internal cache. This happens if the session is removed because -it is expired or when a connection was not shutdown cleanly. The -\&\fIremove_session_cb()\fR is passed the \fBctx\fR and the ssl session \fBsess\fR. -It does not provide any feedback. +from the internal cache. This happens when the session is removed because +it is expired or when a connection was not shutdown cleanly. It also happens +for all sessions in the internal session cache when +\&\fISSL_CTX_free\fR\|(3) is called. The \fIremove_session_cb()\fR is passed +the \fBctx\fR and the ssl session \fBsess\fR. It does not provide any feedback. .PP The \fIget_session_cb()\fR is only called on \s-1SSL/TLS\s0 servers with the session id proposed by the client. The \fIget_session_cb()\fR is always called, also when @@ -214,10 +208,11 @@ session caching was disabled. The \fIget_session_cb()\fR is passed the \&\s-1SSL\s0 engine to increment the reference count of the \s-1SSL_SESSION\s0 object, Normally the reference count is not incremented and therefore the session must not be explicitly freed with -SSL_SESSION_free(3). +\&\fISSL_SESSION_free\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), d2i_SSL_SESSION(3), -SSL_CTX_set_session_cache_mode(3), -SSL_CTX_flush_sessions(3), -SSL_SESSION_free(3) +\&\fIssl\fR\|(3), \fId2i_SSL_SESSION\fR\|(3), +\&\fISSL_CTX_set_session_cache_mode\fR\|(3), +\&\fISSL_CTX_flush_sessions\fR\|(3), +\&\fISSL_SESSION_free\fR\|(3), +\&\fISSL_CTX_free\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_sessions.3 b/secure/lib/libssl/man/SSL_CTX_sessions.3 index fce2b6d..f8062d7 100644 --- a/secure/lib/libssl/man/SSL_CTX_sessions.3 +++ b/secure/lib/libssl/man/SSL_CTX_sessions.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:39 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_sessions 3" -.TH SSL_CTX_sessions 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_sessions 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_CTX_sessions \- access internal session cache .SH "SYNOPSIS" @@ -147,6 +137,7 @@ SSL_CTX_sessions \- access internal session cache .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 \& struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx); .Ve @@ -157,14 +148,14 @@ internal session cache for \fBctx\fR. .SH "NOTES" .IX Header "NOTES" The sessions in the internal session cache are kept in an -lhash(3) type database. It is possible to directly +\&\fIlhash\fR\|(3) type database. It is possible to directly access this database e.g. for searching. In parallel, the sessions form a linked list which is maintained separately from the -lhash(3) operations, so that the database must not be +\&\fIlhash\fR\|(3) operations, so that the database must not be modified directly but by using the -SSL_CTX_add_session(3) family of functions. +\&\fISSL_CTX_add_session\fR\|(3) family of functions. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), lhash(3), -SSL_CTX_add_session(3), -SSL_CTX_set_session_cache_mode(3) +\&\fIssl\fR\|(3), \fIlhash\fR\|(3), +\&\fISSL_CTX_add_session\fR\|(3), +\&\fISSL_CTX_set_session_cache_mode\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 b/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 index c27c2aa..d7e4a0d 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:39 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_set_cert_store 3" -.TH SSL_CTX_set_cert_store 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_set_cert_store 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_CTX_set_cert_store, SSL_CTX_get_cert_store \- manipulate X509 certificate verification storage .SH "SYNOPSIS" @@ -147,9 +137,10 @@ SSL_CTX_set_cert_store, SSL_CTX_get_cert_store \- manipulate X509 certificate ve .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 2 \& void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store); -\& X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *ctx); +\& X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -167,17 +158,17 @@ via lookup methods, handled inside the X509_STORE. From the X509_STORE the X509_STORE_CTX used when verifying certificates is created. .PP Typically the trusted certificate store is handled indirectly via using -SSL_CTX_load_verify_locations(3). +\&\fISSL_CTX_load_verify_locations\fR\|(3). Using the \fISSL_CTX_set_cert_store()\fR and \fISSL_CTX_get_cert_store()\fR functions it is possible to manipulate the X509_STORE object beyond the -SSL_CTX_load_verify_locations(3) +\&\fISSL_CTX_load_verify_locations\fR\|(3) call. .PP Currently no detailed documentation on how to use the X509_STORE object is available. Not all members of the X509_STORE are used when the verification takes place. So will e.g. the \fIverify_callback()\fR be overridden with the \fIverify_callback()\fR set via the -SSL_CTX_set_verify(3) family of functions. +\&\fISSL_CTX_set_verify\fR\|(3) family of functions. This document must therefore be updated when documentation about the X509_STORE object and its handling becomes available. .SH "RETURN VALUES" @@ -187,6 +178,6 @@ X509_STORE object and its handling becomes available. \&\fISSL_CTX_get_cert_store()\fR returns the current setting. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), -SSL_CTX_load_verify_locations(3), -SSL_CTX_set_verify(3) +\&\fIssl\fR\|(3), +\&\fISSL_CTX_load_verify_locations\fR\|(3), +\&\fISSL_CTX_set_verify\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 index 5e19a97..78f4739 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:40 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_set_cert_verify_callback 3" -.TH SSL_CTX_set_cert_verify_callback 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_set_cert_verify_callback 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_CTX_set_cert_verify_callback \- set peer certificate verification procedure .SH "SYNOPSIS" @@ -147,6 +137,7 @@ SSL_CTX_set_cert_verify_callback \- set peer certificate verification procedure .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 \& void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*callback)(X509_STORE_CTX *,void *), void *arg); .Ve @@ -154,7 +145,7 @@ SSL_CTX_set_cert_verify_callback \- set peer certificate verification procedure .IX Header "DESCRIPTION" \&\fISSL_CTX_set_cert_verify_callback()\fR sets the verification callback function for \&\fIctx\fR. \s-1SSL\s0 objects that are created from \fIctx\fR inherit the setting valid at -the time when SSL_new(3) is called. +the time when \fISSL_new\fR\|(3) is called. .SH "NOTES" .IX Header "NOTES" Whenever a certificate is verified during a \s-1SSL/TLS\s0 handshake, a verification @@ -177,12 +168,12 @@ member of \fIx509_store_ctx\fR so that the calling application will be informed about the detailed result of the verification procedure! .PP Within \fIx509_store_ctx\fR, \fIcallback\fR has access to the \fIverify_callback\fR -function set using SSL_CTX_set_verify(3). +function set using \fISSL_CTX_set_verify\fR\|(3). .SH "WARNINGS" .IX Header "WARNINGS" Do not mix the verification callback described in this function with the \&\fBverify_callback\fR function called during the verification process. The -latter is set using the SSL_CTX_set_verify(3) +latter is set using the \fISSL_CTX_set_verify\fR\|(3) family of functions. .PP Providing a complete verification procedure including certificate purpose @@ -196,9 +187,9 @@ the \fBverify_callback\fR function. \&\fISSL_CTX_set_cert_verify_callback()\fR does not provide diagnostic information. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_CTX_set_verify(3), -SSL_get_verify_result(3), -SSL_CTX_load_verify_locations(3) +\&\fIssl\fR\|(3), \fISSL_CTX_set_verify\fR\|(3), +\&\fISSL_get_verify_result\fR\|(3), +\&\fISSL_CTX_load_verify_locations\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" Previous to OpenSSL 0.9.7, the \fIarg\fR argument to \fBSSL_CTX_set_cert_verify_callback\fR diff --git a/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 b/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 index 880205a..c3a4bb5 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:40 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_set_cipher_list 3" -.TH SSL_CTX_set_cipher_list 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_set_cipher_list 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_CTX_set_cipher_list, SSL_set_cipher_list \- choose list of available SSL_CIPHERs .SH "SYNOPSIS" @@ -147,6 +137,7 @@ SSL_CTX_set_cipher_list, SSL_set_cipher_list \- choose list of available SSL_CIP .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 2 \& int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str); \& int SSL_set_cipher_list(SSL *ssl, const char *str); @@ -155,7 +146,7 @@ SSL_CTX_set_cipher_list, SSL_set_cipher_list \- choose list of available SSL_CIP .IX Header "DESCRIPTION" \&\fISSL_CTX_set_cipher_list()\fR sets the list of available ciphers for \fBctx\fR using the control string \fBstr\fR. The format of the string is described -in ciphers(1). The list of ciphers is inherited by all +in \fIciphers\fR\|(1). The list of ciphers is inherited by all \&\fBssl\fR objects created from \fBctx\fR. .PP \&\fISSL_set_cipher_list()\fR sets the list of ciphers only for \fBssl\fR. @@ -179,13 +170,13 @@ A \s-1RSA\s0 cipher can only be chosen, when a \s-1RSA\s0 certificate is availab \&\s-1RSA\s0 export ciphers with a keylength of 512 bits for the \s-1RSA\s0 key require a temporary 512 bit \s-1RSA\s0 key, as typically the supplied key has a length of 1024 bit (see -SSL_CTX_set_tmp_rsa_callback(3)). +\&\fISSL_CTX_set_tmp_rsa_callback\fR\|(3)). \&\s-1RSA\s0 ciphers using \s-1EDH\s0 need a certificate and key and additional DH-parameters -(see SSL_CTX_set_tmp_dh_callback(3)). +(see \fISSL_CTX_set_tmp_dh_callback\fR\|(3)). .PP A \s-1DSA\s0 cipher can only be chosen, when a \s-1DSA\s0 certificate is available. \&\s-1DSA\s0 ciphers always use \s-1DH\s0 key exchange and therefore need DH-parameters -(see SSL_CTX_set_tmp_dh_callback(3)). +(see \fISSL_CTX_set_tmp_dh_callback\fR\|(3)). .PP When these conditions are not met for any cipher in the list (e.g. a client only supports export \s-1RSA\s0 ciphers with a asymmetric key length @@ -198,8 +189,8 @@ and the handshake will fail. could be selected and 0 on complete failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_get_ciphers(3), -SSL_CTX_use_certificate(3), -SSL_CTX_set_tmp_rsa_callback(3), -SSL_CTX_set_tmp_dh_callback(3), -ciphers(1) +\&\fIssl\fR\|(3), \fISSL_get_ciphers\fR\|(3), +\&\fISSL_CTX_use_certificate\fR\|(3), +\&\fISSL_CTX_set_tmp_rsa_callback\fR\|(3), +\&\fISSL_CTX_set_tmp_dh_callback\fR\|(3), +\&\fIciphers\fR\|(1) diff --git a/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 b/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 index 4cc034a..9bad3d7 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:40 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_set_client_CA_list 3" -.TH SSL_CTX_set_client_CA_list 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_set_client_CA_list 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_CTX_set_client_CA_list, SSL_set_client_CA_list, SSL_CTX_add_client_CA, SSL_add_client_CA \- set list of CAs sent to the client when requesting a @@ -149,6 +139,7 @@ client certificate .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 4 \& void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list); \& void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list); @@ -181,11 +172,11 @@ This list must explicitly be set using \fISSL_CTX_set_client_CA_list()\fR for \&\fBctx\fR and \fISSL_set_client_CA_list()\fR for the specific \fBssl\fR. The list specified overrides the previous setting. The CAs listed do not become trusted (\fBlist\fR only contains the names, not the complete certificates); use -SSL_CTX_load_verify_locations(3) +\&\fISSL_CTX_load_verify_locations\fR\|(3) to additionally load them for verification. .PP If the list of acceptable CAs is compiled in a file, the -SSL_load_client_CA_file(3) +\&\fISSL_load_client_CA_file\fR\|(3) function can be used to help importing the necessary data. .PP \&\fISSL_CTX_add_client_CA()\fR and \fISSL_add_client_CA()\fR can be used to add additional @@ -201,11 +192,11 @@ diagnostic information. .PP \&\fISSL_CTX_add_client_CA()\fR and \fISSL_add_client_CA()\fR have the following return values: -.Ip "1" 4 +.IP "1" 4 .IX Item "1" The operation succeeded. -.Ip "0" 4 -A failure while manipulating the STACK_OF(X509_NAME) object occurred or +.IP "0" 4 +A failure while manipulating the \s-1STACK_OF\s0(X509_NAME) object occurred or the X509_NAME could not be extracted from \fBcacert\fR. Check the error stack to find out the reason. .SH "EXAMPLES" @@ -217,7 +208,7 @@ Scan all certificates in \fBCAfile\fR and list them as acceptable CAs: .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), -SSL_get_client_CA_list(3), -SSL_load_client_CA_file(3), -SSL_CTX_load_verify_locations(3) +\&\fIssl\fR\|(3), +\&\fISSL_get_client_CA_list\fR\|(3), +\&\fISSL_load_client_CA_file\fR\|(3), +\&\fISSL_CTX_load_verify_locations\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 index 32721d8..ed46e7b 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:40 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_set_client_cert_cb 3" -.TH SSL_CTX_set_client_cert_cb 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_set_client_cert_cb 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb \- handle client certificate callback function .SH "SYNOPSIS" @@ -147,6 +137,7 @@ SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb \- handle client certific .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 3 \& void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)); \& int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey); @@ -169,7 +160,7 @@ using the \fBx509\fR and \fBpkey\fR arguments and \*(L"1\*(R" must be returned. certificate will be installed into \fBssl\fR, see the \s-1NOTES\s0 and \s-1BUGS\s0 sections. If no certificate should be set, \*(L"0\*(R" has to be returned and no certificate will be sent. A negative return value will suspend the handshake and the -handshake function will return immediatly. SSL_get_error(3) +handshake function will return immediatly. \fISSL_get_error\fR\|(3) will return \s-1SSL_ERROR_WANT_X509_LOOKUP\s0 to indicate, that the handshake was suspended. The next call to the handshake function will again lead to the call of \fIclient_cert_cb()\fR. It is the job of the \fIclient_cert_cb()\fR to store information @@ -181,7 +172,7 @@ from the client. A client certificate must only be sent, when the server did send the request. .PP When a certificate was set using the -SSL_CTX_use_certificate(3) family of functions, +\&\fISSL_CTX_use_certificate\fR\|(3) family of functions, it will be sent to the server. The \s-1TLS\s0 standard requires that only a certificate is sent, if it matches the list of acceptable CAs sent by the server. This constraint is violated by the default behavior of the OpenSSL @@ -195,7 +186,7 @@ If the callback function returns a certificate, the OpenSSL library will try to load the private key and certificate data into the \s-1SSL\s0 object using the \fISSL_use_certificate()\fR and \fISSL_use_private_key()\fR functions. Thus it will permanently install the certificate and key for this \s-1SSL\s0 -object. It will not be reset by calling SSL_clear(3). +object. It will not be reset by calling \fISSL_clear\fR\|(3). If the callback returns no certificate, the OpenSSL library will not send a certificate. .SH "BUGS" @@ -210,7 +201,7 @@ either adding the intermediate \s-1CA\s0 certificates into the trusted certificate store for the \s-1SSL_CTX\s0 object (resulting in having to add \&\s-1CA\s0 certificates that otherwise maybe would not be trusted), or by adding the chain certificates using the -SSL_CTX_add_extra_chain_cert(3) +\&\fISSL_CTX_add_extra_chain_cert\fR\|(3) function, which is only available for the \s-1SSL_CTX\s0 object as a whole and that therefore probably can only apply for one client certificate, making the concept of the callback function (to allow the choice from several @@ -218,12 +209,12 @@ certificates) questionable. .PP Once the \s-1SSL\s0 object has been used in conjunction with the callback function, the certificate will be set for the \s-1SSL\s0 object and will not be cleared -even when SSL_clear(3) is being called. It is therefore -mandatory to destroy the \s-1SSL\s0 object using SSL_free(3) +even when \fISSL_clear\fR\|(3) is being called. It is therefore +mandatory to destroy the \s-1SSL\s0 object using \fISSL_free\fR\|(3) and create a new one to return to the previous state. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_CTX_use_certificate(3), -SSL_CTX_add_extra_chain_cert(3), -SSL_get_client_CA_list(3), -SSL_clear(3), SSL_free(3) +\&\fIssl\fR\|(3), \fISSL_CTX_use_certificate\fR\|(3), +\&\fISSL_CTX_add_extra_chain_cert\fR\|(3), +\&\fISSL_get_client_CA_list\fR\|(3), +\&\fISSL_clear\fR\|(3), \fISSL_free\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 index 2a19c0f..ac26d57 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:40 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,22 +126,23 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_set_default_passwd_cb 3" -.TH SSL_CTX_set_default_passwd_cb 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_set_default_passwd_cb 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata \- set passwd callback for encrypted \s-1PEM\s0 file handling +SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata \- set passwd callback for encrypted PEM file handling .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 2 \& void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); \& void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); .Ve +.PP .Vb 1 \& int pem_passwd_cb(char *buf, int size, int rwflag, void *userdata); .Ve @@ -209,5 +201,5 @@ truncated. .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), -SSL_CTX_use_certificate(3) +\&\fIssl\fR\|(3), +\&\fISSL_CTX_use_certificate\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 b/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 index 4f9c69c..290da59 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:41 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,22 +126,23 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_set_generate_session_id 3" -.TH SSL_CTX_set_generate_session_id 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_set_generate_session_id 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_CTX_set_generate_session_id, SSL_set_generate_session_id, SSL_has_matching_session_id \- manipulate generation of \s-1SSL\s0 session IDs (server only) +SSL_CTX_set_generate_session_id, SSL_set_generate_session_id, SSL_has_matching_session_id \- manipulate generation of SSL session IDs (server only) .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 2 \& typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id, \& unsigned int *id_len); .Ve +.PP .Vb 4 \& int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb); \& int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB, cb); @@ -194,7 +186,7 @@ the callback \fBmust never\fR increase \fBid_len\fR or write to the location If a SSLv2 session id is generated and \fBid_len\fR is reduced, it will be restored after the callback has finished and the session id will be padded with 0x00. It is not recommended to change the \fBid_len\fR for SSLv2 sessions. -The callback can use the SSL_get_version(3) function +The callback can use the \fISSL_get_version\fR\|(3) function to check, whether the session is of type SSLv2. .PP The location \fBid\fR is filled with 0x00 before the callback is called, so the @@ -239,6 +231,7 @@ server id given, and will fill the rest with pseudo random bytes: .Vb 1 \& const char session_id_prefix = "www-18"; .Ve +.PP .Vb 6 \& #define MAX_SESSION_ID_ATTEMPTS 10 \& static int generate_session_id(const SSL *ssl, unsigned char *id, @@ -247,11 +240,13 @@ server id given, and will fill the rest with pseudo random bytes: \& unsigned int count = 0; \& const char *version; .Ve +.PP .Vb 3 \& version = SSL_get_version(ssl); \& if (!strcmp(version, "SSLv2")) \& /* we must not change id_len */; .Ve +.PP .Vb 17 \& do { \& RAND_pseudo_bytes(id, *id_len); @@ -280,7 +275,7 @@ always return 1. same id is already in the cache. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_get_version(3) +\&\fIssl\fR\|(3), \fISSL_get_version\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\fISSL_CTX_set_generate_session_id()\fR, \fISSL_set_generate_session_id()\fR diff --git a/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 index 1eab312..5209e79 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:41 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,25 +126,26 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_set_info_callback 3" -.TH SSL_CTX_set_info_callback 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_set_info_callback 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_CTX_set_info_callback, SSL_CTX_get_info_callback, SSL_set_info_callback, SSL_get_info_callback \- handle information callback for \s-1SSL\s0 connections +SSL_CTX_set_info_callback, SSL_CTX_get_info_callback, SSL_set_info_callback, SSL_get_info_callback \- handle information callback for SSL connections .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 2 \& void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*callback)()); -\& void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(); +\& void (*SSL_CTX_get_info_callback(const SSL_CTX *ctx))(); .Ve +.PP .Vb 2 \& void SSL_set_info_callback(SSL *ssl, void (*callback)()); -\& void (*SSL_get_info_callback(SSL *ssl))(); +\& void (*SSL_get_info_callback(const SSL *ssl))(); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -186,48 +178,48 @@ If an alert is handled, \s-1SSL_CB_ALERT\s0 is set and \fBret\fR specifies the a information. .PP \&\fBwhere\fR is a bitmask made up of the following bits: -.Ip "\s-1SSL_CB_LOOP\s0" 4 +.IP "\s-1SSL_CB_LOOP\s0" 4 .IX Item "SSL_CB_LOOP" Callback has been called to indicate state change inside a loop. -.Ip "\s-1SSL_CB_EXIT\s0" 4 +.IP "\s-1SSL_CB_EXIT\s0" 4 .IX Item "SSL_CB_EXIT" Callback has been called to indicate error exit of a handshake function. (May be soft error with retry option for non-blocking setups.) -.Ip "\s-1SSL_CB_READ\s0" 4 +.IP "\s-1SSL_CB_READ\s0" 4 .IX Item "SSL_CB_READ" Callback has been called during read operation. -.Ip "\s-1SSL_CB_WRITE\s0" 4 +.IP "\s-1SSL_CB_WRITE\s0" 4 .IX Item "SSL_CB_WRITE" Callback has been called during write operation. -.Ip "\s-1SSL_CB_ALERT\s0" 4 +.IP "\s-1SSL_CB_ALERT\s0" 4 .IX Item "SSL_CB_ALERT" Callback has been called due to an alert being sent or received. -.Ip "\s-1SSL_CB_READ_ALERT\s0 (SSL_CB_ALERT|SSL_CB_READ)" 4 +.IP "\s-1SSL_CB_READ_ALERT\s0 (SSL_CB_ALERT|SSL_CB_READ)" 4 .IX Item "SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ)" .PD 0 -.Ip "\s-1SSL_CB_WRITE_ALERT\s0 (SSL_CB_ALERT|SSL_CB_WRITE)" 4 +.IP "\s-1SSL_CB_WRITE_ALERT\s0 (SSL_CB_ALERT|SSL_CB_WRITE)" 4 .IX Item "SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE)" -.Ip "\s-1SSL_CB_ACCEPT_LOOP\s0 (SSL_ST_ACCEPT|SSL_CB_LOOP)" 4 +.IP "\s-1SSL_CB_ACCEPT_LOOP\s0 (SSL_ST_ACCEPT|SSL_CB_LOOP)" 4 .IX Item "SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP)" -.Ip "\s-1SSL_CB_ACCEPT_EXIT\s0 (SSL_ST_ACCEPT|SSL_CB_EXIT)" 4 +.IP "\s-1SSL_CB_ACCEPT_EXIT\s0 (SSL_ST_ACCEPT|SSL_CB_EXIT)" 4 .IX Item "SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT)" -.Ip "\s-1SSL_CB_CONNECT_LOOP\s0 (SSL_ST_CONNECT|SSL_CB_LOOP)" 4 +.IP "\s-1SSL_CB_CONNECT_LOOP\s0 (SSL_ST_CONNECT|SSL_CB_LOOP)" 4 .IX Item "SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP)" -.Ip "\s-1SSL_CB_CONNECT_EXIT\s0 (SSL_ST_CONNECT|SSL_CB_EXIT)" 4 +.IP "\s-1SSL_CB_CONNECT_EXIT\s0 (SSL_ST_CONNECT|SSL_CB_EXIT)" 4 .IX Item "SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT)" -.Ip "\s-1SSL_CB_HANDSHAKE_START\s0" 4 +.IP "\s-1SSL_CB_HANDSHAKE_START\s0" 4 .IX Item "SSL_CB_HANDSHAKE_START" .PD Callback has been called because a new handshake is started. -.Ip "\s-1SSL_CB_HANDSHAKE_DONE\s0 0x20" 4 +.IP "\s-1SSL_CB_HANDSHAKE_DONE\s0 0x20" 4 .IX Item "SSL_CB_HANDSHAKE_DONE 0x20" Callback has been called because a handshake is finished. .PP The current state information can be obtained using the -SSL_state_string(3) family of functions. +\&\fISSL_state_string\fR\|(3) family of functions. .PP The \fBret\fR information can be evaluated using the -SSL_alert_type_string(3) family of functions. +\&\fISSL_alert_type_string\fR\|(3) family of functions. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fISSL_set_info_callback()\fR does not provide diagnostic information. @@ -244,14 +236,17 @@ about alerts being handled and error messages to the \fBbio_err\fR \s-1BIO\s0. \& const char *str; \& int w; .Ve +.PP .Vb 1 \& w=where& ~SSL_ST_MASK; .Ve +.PP .Vb 3 \& if (w & SSL_ST_CONNECT) str="SSL_connect"; \& else if (w & SSL_ST_ACCEPT) str="SSL_accept"; \& else str="undefined"; .Ve +.PP .Vb 24 \& if (where & SSL_CB_LOOP) \& { @@ -280,5 +275,5 @@ about alerts being handled and error messages to the \fBbio_err\fR \s-1BIO\s0. .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_state_string(3), -SSL_alert_type_string(3) +\&\fIssl\fR\|(3), \fISSL_state_string\fR\|(3), +\&\fISSL_alert_type_string\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 b/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 index 05e48b1..bdf2627 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:41 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_set_max_cert_list 3" -.TH SSL_CTX_set_max_cert_list 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_set_max_cert_list 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_CTX_set_max_cert_list, SSL_CTX_get_max_cert_list, SSL_set_max_cert_list, SSL_get_max_cert_list, \- manipulate allowed for the peer's certificate chain .SH "SYNOPSIS" @@ -147,10 +137,12 @@ SSL_CTX_set_max_cert_list, SSL_CTX_get_max_cert_list, SSL_set_max_cert_list, SSL .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 2 \& long SSL_CTX_set_max_cert_list(SSL_CTX *ctx, long size); \& long SSL_CTX_get_max_cert_list(SSL_CTX *ctx); .Ve +.PP .Vb 2 \& long SSL_set_max_cert_list(SSL *ssl, long size); \& long SSL_get_max_cert_list(SSL *ctx); @@ -160,7 +152,7 @@ SSL_CTX_set_max_cert_list, SSL_CTX_get_max_cert_list, SSL_set_max_cert_list, SSL \&\fISSL_CTX_set_max_cert_list()\fR sets the maximum size allowed for the peer's certificate chain for all \s-1SSL\s0 objects created from \fBctx\fR to be <size> bytes. The \s-1SSL\s0 objects inherit the setting valid for \fBctx\fR at the time -SSL_new(3) is being called. +\&\fISSL_new\fR\|(3) is being called. .PP \&\fISSL_CTX_get_max_cert_list()\fR returns the currently set maximum size for \fBctx\fR. .PP @@ -181,7 +173,7 @@ chain is set. The default value for the maximum certificate chain size is 100kB (30kB on the 16bit \s-1DOS\s0 platform). This should be sufficient for usual certificate chains (OpenSSL's default maximum chain length is 10, see -SSL_CTX_set_verify(3), and certificates +\&\fISSL_CTX_set_verify\fR\|(3), and certificates without special extensions have a typical size of 1\-2kB). .PP For special applications it can be necessary to extend the maximum certificate @@ -205,8 +197,8 @@ set value. set value. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_new(3), -SSL_CTX_set_verify(3) +\&\fIssl\fR\|(3), \fISSL_new\fR\|(3), +\&\fISSL_CTX_set_verify\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" SSL*_set/\fIget_max_cert_list()\fR have been introduced in OpenSSL 0.9.7. diff --git a/secure/lib/libssl/man/SSL_CTX_set_mode.3 b/secure/lib/libssl/man/SSL_CTX_set_mode.3 index 841a600..d046dbc 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_mode.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_mode.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:41 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,22 +126,23 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_set_mode 3" -.TH SSL_CTX_set_mode 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_set_mode 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_CTX_set_mode, SSL_set_mode, SSL_CTX_get_mode, SSL_get_mode \- manipulate \s-1SSL\s0 engine mode +SSL_CTX_set_mode, SSL_set_mode, SSL_CTX_get_mode, SSL_get_mode \- manipulate SSL engine mode .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 2 \& long SSL_CTX_set_mode(SSL_CTX *ctx, long mode); \& long SSL_set_mode(SSL *ssl, long mode); .Ve +.PP .Vb 2 \& long SSL_CTX_get_mode(SSL_CTX *ctx); \& long SSL_get_mode(SSL *ssl); @@ -169,25 +161,25 @@ Options already set before are not cleared. .SH "NOTES" .IX Header "NOTES" The following mode changes are available: -.Ip "\s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0" 4 +.IP "\s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0" 4 .IX Item "SSL_MODE_ENABLE_PARTIAL_WRITE" Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success when just a single record has been written). When not set (the default), \&\fISSL_write()\fR will only report success once the complete chunk was written. Once \fISSL_write()\fR returns with r, r bytes have been successfully written -and the next call to \fISSL_write()\fR must only send the n-r bytes left, +and the next call to \fISSL_write()\fR must only send the n\-r bytes left, imitating the behaviour of \fIwrite()\fR. -.Ip "\s-1SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER\s0" 4 +.IP "\s-1SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER\s0" 4 .IX Item "SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER" Make it possible to retry \fISSL_write()\fR with changed buffer location (the buffer contents must stay the same). This is not the default to avoid the misconception that non-blocking \fISSL_write()\fR behaves like non-blocking \fIwrite()\fR. -.Ip "\s-1SSL_MODE_AUTO_RETRY\s0" 4 +.IP "\s-1SSL_MODE_AUTO_RETRY\s0" 4 .IX Item "SSL_MODE_AUTO_RETRY" Never bother the application with retries if the transport is blocking. If a renegotiation take place during normal operation, a -SSL_read(3) or SSL_write(3) would return +\&\fISSL_read\fR\|(3) or \fISSL_write\fR\|(3) would return with \-1 and indicate the need to retry with \s-1SSL_ERROR_WANT_READ\s0. In a non-blocking environment applications must be prepared to handle incomplete read/write operations. @@ -203,7 +195,7 @@ after adding \fBmode\fR. \&\fISSL_CTX_get_mode()\fR and \fISSL_get_mode()\fR return the current bitmask. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_read(3), SSL_write(3) +\&\fIssl\fR\|(3), \fISSL_read\fR\|(3), \fISSL_write\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\s-1SSL_MODE_AUTO_RETRY\s0 as been added in OpenSSL 0.9.6. diff --git a/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 index 3e96a47..9c8a8a6 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:41 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_set_msg_callback 3" -.TH SSL_CTX_set_msg_callback 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_set_msg_callback 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_CTX_set_msg_callback, SSL_CTX_set_msg_callback_arg, SSL_set_msg_callback, SSL_get_msg_callback_arg \- install callback for observing protocol messages .SH "SYNOPSIS" @@ -147,10 +137,12 @@ SSL_CTX_set_msg_callback, SSL_CTX_set_msg_callback_arg, SSL_set_msg_callback, SS .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 2 \& void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); \& void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg); .Ve +.PP .Vb 2 \& void SSL_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); \& void SSL_set_msg_callback_arg(SSL_CTX *ctx, void *arg); @@ -166,38 +158,38 @@ available for arbitrary application use. .PP \&\fISSL_CTX_set_msg_callback()\fR and \fISSL_CTX_set_msg_callback_arg()\fR specify default settings that will be copied to new \fB\s-1SSL\s0\fR objects by -SSL_new(3). \fISSL_set_msg_callback()\fR and +\&\fISSL_new\fR\|(3). \fISSL_set_msg_callback()\fR and \&\fISSL_set_msg_callback_arg()\fR modify the actual settings of an \fB\s-1SSL\s0\fR object. Using a \fB0\fR pointer for \fIcb\fR disables the message callback. .PP When \fIcb\fR is called by the \s-1SSL/TLS\s0 library for a protocol message, the function arguments have the following meaning: -.Ip "\fIwrite_p\fR" 4 +.IP "\fIwrite_p\fR" 4 .IX Item "write_p" This flag is \fB0\fR when a protocol message has been received and \fB1\fR when a protocol message has been sent. -.Ip "\fIversion\fR" 4 +.IP "\fIversion\fR" 4 .IX Item "version" The protocol version according to which the protocol message is interpreted by the library. Currently, this is one of \&\fB\s-1SSL2_VERSION\s0\fR, \fB\s-1SSL3_VERSION\s0\fR and \fB\s-1TLS1_VERSION\s0\fR (for \s-1SSL\s0 2.0, \s-1SSL\s0 3.0 and \s-1TLS\s0 1.0, respectively). -.Ip "\fIcontent_type\fR" 4 +.IP "\fIcontent_type\fR" 4 .IX Item "content_type" In the case of \s-1SSL\s0 2.0, this is always \fB0\fR. In the case of \s-1SSL\s0 3.0 or \s-1TLS\s0 1.0, this is one of the \fBContentType\fR values defined in the protocol specification (\fBchange_cipher_spec(20)\fR, \fBalert(21)\fR, \&\fBhandshake(22)\fR; but never \fBapplication_data(23)\fR because the callback will only be called for protocol messages). -.Ip "\fIbuf\fR, \fIlen\fR" 4 +.IP "\fIbuf\fR, \fIlen\fR" 4 .IX Item "buf, len" \&\fIbuf\fR points to a buffer containing the protocol message, which consists of \fIlen\fR bytes. The buffer is no longer valid after the callback function has returned. -.Ip "\fIssl\fR" 4 +.IP "\fIssl\fR" 4 .IX Item "ssl" The \fB\s-1SSL\s0\fR object that received or sent the message. -.Ip "\fIarg\fR" 4 +.IP "\fIarg\fR" 4 .IX Item "arg" The user-defined argument optionally defined by \&\fISSL_CTX_set_msg_callback_arg()\fR or \fISSL_set_msg_callback_arg()\fR. @@ -218,7 +210,7 @@ a \s-1TLS\s0 1.0 ClientHello message is received by an \s-1SSL\s0 3.0\-only serv \&\fIversion\fR will be \fB\s-1SSL3_VERSION\s0\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_new(3) +\&\fIssl\fR\|(3), \fISSL_new\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\fISSL_CTX_set_msg_callback()\fR, \fISSL_CTX_set_msg_callback_arg()\fR, diff --git a/secure/lib/libssl/man/SSL_CTX_set_options.3 b/secure/lib/libssl/man/SSL_CTX_set_options.3 index 2d2604d..c2911a6 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_options.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_options.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:41 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,22 +126,23 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_set_options 3" -.TH SSL_CTX_set_options 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_set_options 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_CTX_set_options, SSL_set_options, SSL_CTX_get_options, SSL_get_options \- manipulate \s-1SSL\s0 engine options +SSL_CTX_set_options, SSL_set_options, SSL_CTX_get_options, SSL_get_options \- manipulate SSL engine options .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 2 \& long SSL_CTX_set_options(SSL_CTX *ctx, long options); \& long SSL_set_options(SSL *ssl, long options); .Ve +.PP .Vb 2 \& long SSL_CTX_get_options(SSL_CTX *ctx); \& long SSL_get_options(SSL *ssl); @@ -175,7 +167,7 @@ operation (|). Options can only be added but can never be reset. \&\fISSL_CTX_set_options()\fR and \fISSL_set_options()\fR affect the (external) protocol behaviour of the \s-1SSL\s0 library. The (internal) behaviour of the \s-1API\s0 can be changed by using the similar -SSL_CTX_set_mode(3) and \fISSL_set_mode()\fR functions. +\&\fISSL_CTX_set_mode\fR\|(3) and \fISSL_set_mode()\fR functions. .PP During a handshake, the option settings of the \s-1SSL\s0 object are used. When a new \s-1SSL\s0 object is created from a context using \fISSL_new()\fR, the current @@ -183,58 +175,58 @@ option setting is copied. Changes to \fBctx\fR do not affect already created \&\s-1SSL\s0 objects. \fISSL_clear()\fR does not affect the settings. .PP The following \fBbug workaround\fR options are available: -.Ip "\s-1SSL_OP_MICROSOFT_SESS_ID_BUG\s0" 4 +.IP "\s-1SSL_OP_MICROSOFT_SESS_ID_BUG\s0" 4 .IX Item "SSL_OP_MICROSOFT_SESS_ID_BUG" www.microsoft.com \- when talking SSLv2, if session-id reuse is performed, the session-id passed back in the server-finished message is different from the one decided upon. -.Ip "\s-1SSL_OP_NETSCAPE_CHALLENGE_BUG\s0" 4 +.IP "\s-1SSL_OP_NETSCAPE_CHALLENGE_BUG\s0" 4 .IX Item "SSL_OP_NETSCAPE_CHALLENGE_BUG" -Netscape-Commerce/1.12, when talking SSLv2, accepts a 32 byte +Netscape\-Commerce/1.12, when talking SSLv2, accepts a 32 byte challenge but then appears to only use 16 bytes when generating the encryption keys. Using 16 bytes is ok but it should be ok to use 32. According to the SSLv3 spec, one should use 32 bytes for the challenge when operating in SSLv2/v3 compatibility mode, but as mentioned above, this breaks this server so 16 bytes is the way to go. -.Ip "\s-1SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG\s0" 4 +.IP "\s-1SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG\s0" 4 .IX Item "SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG" ssl3.netscape.com:443, first a connection is established with \s-1RC4\-MD5\s0. -If it is then resumed, we end up using \s-1DES-CBC3\-SHA\s0. It should be +If it is then resumed, we end up using \s-1DES\-CBC3\-SHA\s0. It should be \&\s-1RC4\-MD5\s0 according to 7.6.1.3, 'cipher_suite'. .Sp -Netscape-Enterprise/2.01 (https://merchant.netscape.com) has this bug. +Netscape\-Enterprise/2.01 (https://merchant.netscape.com) has this bug. It only really shows up when connecting via SSLv2/v3 then reconnecting via SSLv3. The cipher list changes.... .Sp \&\s-1NEW\s0 \s-1INFORMATION\s0. Try connecting with a cipher list of just -\&\s-1DES-CBC-SHA:RC4\-MD5\s0. For some weird reason, each new connection uses -\&\s-1RC4\-MD5\s0, but a re-connect tries to use \s-1DES-CBC-SHA\s0. So netscape, when -doing a re-connect, always takes the first cipher in the cipher list. -.Ip "\s-1SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG\s0" 4 +\&\s-1DES\-CBC\-SHA:RC4\-MD5\s0. For some weird reason, each new connection uses +\&\s-1RC4\-MD5\s0, but a re-connect tries to use \s-1DES\-CBC\-SHA\s0. So netscape, when +doing a re\-connect, always takes the first cipher in the cipher list. +.IP "\s-1SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG\s0" 4 .IX Item "SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG" \&... -.Ip "\s-1SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER\s0" 4 +.IP "\s-1SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER\s0" 4 .IX Item "SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER" \&... -.Ip "\s-1SSL_OP_MSIE_SSLV2_RSA_PADDING\s0" 4 +.IP "\s-1SSL_OP_MSIE_SSLV2_RSA_PADDING\s0" 4 .IX Item "SSL_OP_MSIE_SSLV2_RSA_PADDING" -\&... -.Ip "\s-1SSL_OP_SSLEAY_080_CLIENT_DH_BUG\s0" 4 +As of OpenSSL 0.9.7h and 0.9.8a, this option has no effect. +.IP "\s-1SSL_OP_SSLEAY_080_CLIENT_DH_BUG\s0" 4 .IX Item "SSL_OP_SSLEAY_080_CLIENT_DH_BUG" \&... -.Ip "\s-1SSL_OP_TLS_D5_BUG\s0" 4 +.IP "\s-1SSL_OP_TLS_D5_BUG\s0" 4 .IX Item "SSL_OP_TLS_D5_BUG" \&... -.Ip "\s-1SSL_OP_TLS_BLOCK_PADDING_BUG\s0" 4 +.IP "\s-1SSL_OP_TLS_BLOCK_PADDING_BUG\s0" 4 .IX Item "SSL_OP_TLS_BLOCK_PADDING_BUG" \&... -.Ip "\s-1SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS\s0" 4 +.IP "\s-1SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS\s0" 4 .IX Item "SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS" Disables a countermeasure against a \s-1SSL\s0 3.0/TLS 1.0 protocol vulnerability affecting \s-1CBC\s0 ciphers, which cannot be handled by some broken \s-1SSL\s0 implementations. This option has no effect for connections using other ciphers. -.Ip "\s-1SSL_OP_ALL\s0" 4 +.IP "\s-1SSL_OP_ALL\s0" 4 .IX Item "SSL_OP_ALL" All of the above bug workarounds. .PP @@ -243,7 +235,7 @@ options if compatibility with somewhat broken implementations is desired. .PP The following \fBmodifying\fR options are available: -.Ip "\s-1SSL_OP_TLS_ROLLBACK_BUG\s0" 4 +.IP "\s-1SSL_OP_TLS_ROLLBACK_BUG\s0" 4 .IX Item "SSL_OP_TLS_ROLLBACK_BUG" Disable version rollback attack detection. .Sp @@ -254,59 +246,59 @@ the client sends a SSLv2 hello and accepts up to SSLv3.1=TLSv1, the server only understands up to SSLv3. In this case the client must still use the same SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect to the server's answer and violate the version rollback protection.) -.Ip "\s-1SSL_OP_SINGLE_DH_USE\s0" 4 +.IP "\s-1SSL_OP_SINGLE_DH_USE\s0" 4 .IX Item "SSL_OP_SINGLE_DH_USE" Always create a new key when using temporary/ephemeral \s-1DH\s0 parameters -(see SSL_CTX_set_tmp_dh_callback(3)). +(see \fISSL_CTX_set_tmp_dh_callback\fR\|(3)). This option must be used to prevent small subgroup attacks, when the \s-1DH\s0 parameters were not generated using \*(L"strong\*(R" primes -(e.g. when using DSA-parameters, see dhparam(1)). +(e.g. when using DSA\-parameters, see \fIdhparam\fR\|(1)). If \*(L"strong\*(R" primes were used, it is not strictly necessary to generate a new \s-1DH\s0 key during each handshake but it is also recommended. \&\fB\s-1SSL_OP_SINGLE_DH_USE\s0\fR should therefore be enabled whenever temporary/ephemeral \s-1DH\s0 parameters are used. -.Ip "\s-1SSL_OP_EPHEMERAL_RSA\s0" 4 +.IP "\s-1SSL_OP_EPHEMERAL_RSA\s0" 4 .IX Item "SSL_OP_EPHEMERAL_RSA" Always use ephemeral (temporary) \s-1RSA\s0 key when doing \s-1RSA\s0 operations -(see SSL_CTX_set_tmp_rsa_callback(3)). +(see \fISSL_CTX_set_tmp_rsa_callback\fR\|(3)). According to the specifications this is only done, when a \s-1RSA\s0 key can only be used for signature operations (namely under export ciphers with restricted \s-1RSA\s0 keylength). By setting this option, ephemeral \&\s-1RSA\s0 keys are always used. This option breaks compatibility with the \&\s-1SSL/TLS\s0 specifications and may lead to interoperability problems with clients and should therefore never be used. Ciphers with \s-1EDH\s0 (ephemeral -Diffie-Hellman) key exchange should be used instead. -.Ip "\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0" 4 +Diffie\-Hellman) key exchange should be used instead. +.IP "\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0" 4 .IX Item "SSL_OP_CIPHER_SERVER_PREFERENCE" When choosing a cipher, use the server's preferences instead of the client preferences. When not set, the \s-1SSL\s0 server will always follow the clients preferences. When set, the SSLv3/TLSv1 server will choose following its own preferences. Because of the different protocol, for SSLv2 the server -will send his list of preferences to the client and the client chooses. -.Ip "\s-1SSL_OP_PKCS1_CHECK_1\s0" 4 +will send its list of preferences to the client and the client chooses. +.IP "\s-1SSL_OP_PKCS1_CHECK_1\s0" 4 .IX Item "SSL_OP_PKCS1_CHECK_1" \&... -.Ip "\s-1SSL_OP_PKCS1_CHECK_2\s0" 4 +.IP "\s-1SSL_OP_PKCS1_CHECK_2\s0" 4 .IX Item "SSL_OP_PKCS1_CHECK_2" \&... -.Ip "\s-1SSL_OP_NETSCAPE_CA_DN_BUG\s0" 4 +.IP "\s-1SSL_OP_NETSCAPE_CA_DN_BUG\s0" 4 .IX Item "SSL_OP_NETSCAPE_CA_DN_BUG" If we accept a netscape connection, demand a client cert, have a -non-self-sighed \s-1CA\s0 which does not have it's \s-1CA\s0 in netscape, and the +non-self-signed \s-1CA\s0 which does not have its \s-1CA\s0 in netscape, and the browser has a cert, it will crash/hang. Works for 3.x and 4.xbeta -.Ip "\s-1SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG\s0" 4 +.IP "\s-1SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG\s0" 4 .IX Item "SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG" \&... -.Ip "SSL_OP_NO_SSLv2" 4 +.IP "SSL_OP_NO_SSLv2" 4 .IX Item "SSL_OP_NO_SSLv2" Do not use the SSLv2 protocol. -.Ip "SSL_OP_NO_SSLv3" 4 +.IP "SSL_OP_NO_SSLv3" 4 .IX Item "SSL_OP_NO_SSLv3" Do not use the SSLv3 protocol. -.Ip "SSL_OP_NO_TLSv1" 4 +.IP "SSL_OP_NO_TLSv1" 4 .IX Item "SSL_OP_NO_TLSv1" Do not use the TLSv1 protocol. -.Ip "\s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0" 4 +.IP "\s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0" 4 .IX Item "SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION" When performing renegotiation as a server, always start a new session (i.e., session resumption requests are only accepted in the initial @@ -319,10 +311,10 @@ after adding \fBoptions\fR. \&\fISSL_CTX_get_options()\fR and \fISSL_get_options()\fR return the current bitmask. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_new(3), SSL_clear(3), -SSL_CTX_set_tmp_dh_callback(3), -SSL_CTX_set_tmp_rsa_callback(3), -dhparam(1) +\&\fIssl\fR\|(3), \fISSL_new\fR\|(3), \fISSL_clear\fR\|(3), +\&\fISSL_CTX_set_tmp_dh_callback\fR\|(3), +\&\fISSL_CTX_set_tmp_rsa_callback\fR\|(3), +\&\fIdhparam\fR\|(1) .SH "HISTORY" .IX Header "HISTORY" \&\fB\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0\fR and diff --git a/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 b/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 index c9bbc30..fc64d22 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:42 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_set_quiet_shutdown 3" -.TH SSL_CTX_set_quiet_shutdown 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_set_quiet_shutdown 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_CTX_set_quiet_shutdown, SSL_CTX_get_quiet_shutdown, SSL_set_quiet_shutdown, SSL_get_quiet_shutdown \- manipulate shutdown behaviour .SH "SYNOPSIS" @@ -147,39 +137,41 @@ SSL_CTX_set_quiet_shutdown, SSL_CTX_get_quiet_shutdown, SSL_set_quiet_shutdown, .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 2 \& void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode); -\& int SSL_CTX_get_quiet_shutdown(SSL_CTX *ctx); +\& int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); .Ve +.PP .Vb 2 \& void SSL_set_quiet_shutdown(SSL *ssl, int mode); -\& int SSL_get_quiet_shutdown(SSL *ssl); +\& int SSL_get_quiet_shutdown(const SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fISSL_CTX_set_quiet_shutdown()\fR sets the \*(L"quiet shutdown\*(R" flag for \fBctx\fR to be \&\fBmode\fR. \s-1SSL\s0 objects created from \fBctx\fR inherit the \fBmode\fR valid at the time -SSL_new(3) is called. \fBmode\fR may be 0 or 1. +\&\fISSL_new\fR\|(3) is called. \fBmode\fR may be 0 or 1. .PP \&\fISSL_CTX_get_quiet_shutdown()\fR returns the \*(L"quiet shutdown\*(R" setting of \fBctx\fR. .PP \&\fISSL_set_quiet_shutdown()\fR sets the \*(L"quiet shutdown\*(R" flag for \fBssl\fR to be \&\fBmode\fR. The setting stays valid until \fBssl\fR is removed with -SSL_free(3) or \fISSL_set_quiet_shutdown()\fR is called again. -It is not changed when SSL_clear(3) is called. +\&\fISSL_free\fR\|(3) or \fISSL_set_quiet_shutdown()\fR is called again. +It is not changed when \fISSL_clear\fR\|(3) is called. \&\fBmode\fR may be 0 or 1. .PP \&\fISSL_get_quiet_shutdown()\fR returns the \*(L"quiet shutdown\*(R" setting of \fBssl\fR. .SH "NOTES" .IX Header "NOTES" Normally when a \s-1SSL\s0 connection is finished, the parties must send out -\&\*(L"close notify\*(R" alert messages using SSL_shutdown(3) +\&\*(L"close notify\*(R" alert messages using \fISSL_shutdown\fR\|(3) for a clean shutdown. .PP -When setting the \*(L"quiet shutdown\*(R" flag to 1, SSL_shutdown(3) +When setting the \*(L"quiet shutdown\*(R" flag to 1, \fISSL_shutdown\fR\|(3) will set the internal flags to SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN. -(SSL_shutdown(3) then behaves like -SSL_set_shutdown(3) called with +(\fISSL_shutdown\fR\|(3) then behaves like +\&\fISSL_set_shutdown\fR\|(3) called with SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.) The session is thus considered to be shutdown, but no \*(L"close notify\*(R" alert is sent to the peer. This behaviour violates the \s-1TLS\s0 standard. @@ -194,6 +186,6 @@ diagnostic information. setting. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_shutdown(3), -SSL_set_shutdown(3), SSL_new(3), -SSL_clear(3), SSL_free(3) +\&\fIssl\fR\|(3), \fISSL_shutdown\fR\|(3), +\&\fISSL_set_shutdown\fR\|(3), \fISSL_new\fR\|(3), +\&\fISSL_clear\fR\|(3), \fISSL_free\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 b/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 index a9ceab5..39e7475 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:42 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_set_session_cache_mode 3" -.TH SSL_CTX_set_session_cache_mode 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_set_session_cache_mode 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_CTX_set_session_cache_mode, SSL_CTX_get_session_cache_mode \- enable/disable session caching .SH "SYNOPSIS" @@ -147,6 +137,7 @@ SSL_CTX_set_session_cache_mode, SSL_CTX_get_session_cache_mode \- enable/disable .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 2 \& long SSL_CTX_set_session_cache_mode(SSL_CTX ctx, long mode); \& long SSL_CTX_get_session_cache_mode(SSL_CTX ctx); @@ -176,40 +167,40 @@ the external storage if available. .PP Since a client may try to reuse a session intended for use in a different context, the session id context must be set by the server (see -SSL_CTX_set_session_id_context(3)). +\&\fISSL_CTX_set_session_id_context\fR\|(3)). .PP The following session cache modes and modifiers are available: -.Ip "\s-1SSL_SESS_CACHE_OFF\s0" 4 +.IP "\s-1SSL_SESS_CACHE_OFF\s0" 4 .IX Item "SSL_SESS_CACHE_OFF" No session caching for client or server takes place. -.Ip "\s-1SSL_SESS_CACHE_CLIENT\s0" 4 +.IP "\s-1SSL_SESS_CACHE_CLIENT\s0" 4 .IX Item "SSL_SESS_CACHE_CLIENT" Client sessions are added to the session cache. As there is no reliable way for the OpenSSL library to know whether a session should be reused or which session to choose (due to the abstract \s-1BIO\s0 layer the \s-1SSL\s0 engine does not have details about the connection), the application must select the session -to be reused by using the SSL_set_session(3) +to be reused by using the \fISSL_set_session\fR\|(3) function. This option is not activated by default. -.Ip "\s-1SSL_SESS_CACHE_SERVER\s0" 4 +.IP "\s-1SSL_SESS_CACHE_SERVER\s0" 4 .IX Item "SSL_SESS_CACHE_SERVER" Server sessions are added to the session cache. When a client proposes a session to be reused, the server looks for the corresponding session in (first) the internal session cache (unless \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0 is set), then (second) in the external cache if available. If the session is found, the server will try to reuse the session. This is the default. -.Ip "\s-1SSL_SESS_CACHE_BOTH\s0" 4 +.IP "\s-1SSL_SESS_CACHE_BOTH\s0" 4 .IX Item "SSL_SESS_CACHE_BOTH" Enable both \s-1SSL_SESS_CACHE_CLIENT\s0 and \s-1SSL_SESS_CACHE_SERVER\s0 at the same time. -.Ip "\s-1SSL_SESS_CACHE_NO_AUTO_CLEAR\s0" 4 +.IP "\s-1SSL_SESS_CACHE_NO_AUTO_CLEAR\s0" 4 .IX Item "SSL_SESS_CACHE_NO_AUTO_CLEAR" Normally the session cache is checked for expired sessions every 255 connections using the -SSL_CTX_flush_sessions(3) function. Since +\&\fISSL_CTX_flush_sessions\fR\|(3) function. Since this may lead to a delay which cannot be controlled, the automatic flushing may be disabled and -SSL_CTX_flush_sessions(3) can be called +\&\fISSL_CTX_flush_sessions\fR\|(3) can be called explicitly by the application. -.Ip "\s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0" 4 +.IP "\s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0" 4 .IX Item "SSL_SESS_CACHE_NO_INTERNAL_LOOKUP" By setting this flag, session-resume operations in an \s-1SSL/TLS\s0 server will not automatically look up sessions in the internal cache, even if sessions are @@ -217,19 +208,19 @@ automatically stored there. If external session caching callbacks are in use, this flag guarantees that all lookups are directed to the external cache. As automatic lookup only applies for \s-1SSL/TLS\s0 servers, the flag has no effect on clients. -.Ip "\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0" 4 +.IP "\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0" 4 .IX Item "SSL_SESS_CACHE_NO_INTERNAL_STORE" Depending on the presence of \s-1SSL_SESS_CACHE_CLIENT\s0 and/or \s-1SSL_SESS_CACHE_SERVER\s0, sessions negotiated in an \s-1SSL/TLS\s0 handshake may be cached for possible reuse. Normally a new session is added to the internal cache as well as any external session caching (callback) that is configured for the \s-1SSL_CTX\s0. This flag will prevent sessions being stored in the internal cache (though the application can -add them manually using SSL_CTX_add_session(3)). Note: +add them manually using \fISSL_CTX_add_session\fR\|(3)). Note: in any \s-1SSL/TLS\s0 servers where external caching is configured, any successful session lookups in the external cache (ie. for session-resume requests) would normally be copied into the local cache before processing continues \- this flag prevents these additions to the internal cache as well. -.Ip "\s-1SSL_SESS_CACHE_NO_INTERNAL\s0" 4 +.IP "\s-1SSL_SESS_CACHE_NO_INTERNAL\s0" 4 .IX Item "SSL_SESS_CACHE_NO_INTERNAL" Enable both \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0 and \&\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0 at the same time. @@ -242,15 +233,15 @@ The default mode is \s-1SSL_SESS_CACHE_SERVER\s0. \&\fISSL_CTX_get_session_cache_mode()\fR returns the currently set cache mode. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_set_session(3), -SSL_session_reused(3), -SSL_CTX_add_session(3), -SSL_CTX_sess_number(3), -SSL_CTX_sess_set_cache_size(3), -SSL_CTX_sess_set_get_cb(3), -SSL_CTX_set_session_id_context(3), -SSL_CTX_set_timeout(3), -SSL_CTX_flush_sessions(3) +\&\fIssl\fR\|(3), \fISSL_set_session\fR\|(3), +\&\fISSL_session_reused\fR\|(3), +\&\fISSL_CTX_add_session\fR\|(3), +\&\fISSL_CTX_sess_number\fR\|(3), +\&\fISSL_CTX_sess_set_cache_size\fR\|(3), +\&\fISSL_CTX_sess_set_get_cb\fR\|(3), +\&\fISSL_CTX_set_session_id_context\fR\|(3), +\&\fISSL_CTX_set_timeout\fR\|(3), +\&\fISSL_CTX_flush_sessions\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0 and \s-1SSL_SESS_CACHE_NO_INTERNAL\s0 diff --git a/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 b/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 index a93e087..468c286 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:42 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_set_session_id_context 3" -.TH SSL_CTX_set_session_id_context 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_set_session_id_context 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_CTX_set_session_id_context, SSL_set_session_id_context \- set context within which session can be reused (server side only) .SH "SYNOPSIS" @@ -147,6 +137,7 @@ SSL_CTX_set_session_id_context, SSL_set_session_id_context \- set context within .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 4 \& int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, \& unsigned int sid_ctx_len); @@ -184,7 +175,8 @@ The maximum length of the \fBsid_ctx\fR is limited to \&\fB\s-1SSL_MAX_SSL_SESSION_ID_LENGTH\s0\fR. .SH "WARNINGS" .IX Header "WARNINGS" -If the session id context is not set on an \s-1SSL/TLS\s0 server, stored sessions +If the session id context is not set on an \s-1SSL/TLS\s0 server and client +certificates are used, stored sessions will not be reused but a fatal error will be flagged and the handshake will fail. .PP @@ -197,13 +189,13 @@ a session as described above. .IX Header "RETURN VALUES" \&\fISSL_CTX_set_session_id_context()\fR and \fISSL_set_session_id_context()\fR return the following values: -.Ip "0" 4 +.IP "0" 4 The length \fBsid_ctx_len\fR of the session id context \fBsid_ctx\fR exceeded the maximum allowed length of \fB\s-1SSL_MAX_SSL_SESSION_ID_LENGTH\s0\fR. The error is logged to the error stack. -.Ip "1" 4 +.IP "1" 4 .IX Item "1" The operation succeeded. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3) +\&\fIssl\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 b/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 index 7f081b5..fcf6003 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:42 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,19 +126,19 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_set_ssl_version 3" -.TH SSL_CTX_set_ssl_version 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_set_ssl_version 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method -\&\- choose a new \s-1TLS/SSL\s0 method +\&\- choose a new TLS/SSL method .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 3 \& int SSL_CTX_set_ssl_version(SSL_CTX *ctx, SSL_METHOD *method); \& int SSL_set_ssl_method(SSL *s, SSL_METHOD *method); @@ -157,8 +148,8 @@ SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method .IX Header "DESCRIPTION" \&\fISSL_CTX_set_ssl_version()\fR sets a new default \s-1TLS/SSL\s0 \fBmethod\fR for \s-1SSL\s0 objects newly created from this \fBctx\fR. \s-1SSL\s0 objects already created with -SSL_new(3) are not affected, except when -SSL_clear(3) is being called. +\&\fISSL_new\fR\|(3) are not affected, except when +\&\fISSL_clear\fR\|(3) is being called. .PP \&\fISSL_set_ssl_method()\fR sets a new \s-1TLS/SSL\s0 \fBmethod\fR for a particular \fBssl\fR object. It may be reset, when \fISSL_clear()\fR is called. @@ -168,22 +159,22 @@ set in \fBssl\fR. .SH "NOTES" .IX Header "NOTES" The available \fBmethod\fR choices are described in -SSL_CTX_new(3). +\&\fISSL_CTX_new\fR\|(3). .PP -When SSL_clear(3) is called and no session is connected to +When \fISSL_clear\fR\|(3) is called and no session is connected to an \s-1SSL\s0 object, the method of the \s-1SSL\s0 object is reset to the method currently set in the corresponding \s-1SSL_CTX\s0 object. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur for \fISSL_CTX_set_ssl_version()\fR and \fISSL_set_ssl_method()\fR: -.Ip "0" 4 +.IP "0" 4 The new choice failed, check the error stack to find out the reason. -.Ip "1" 4 +.IP "1" 4 .IX Item "1" The operation succeeded. .SH "SEE ALSO" .IX Header "SEE ALSO" -SSL_CTX_new(3), SSL_new(3), -SSL_clear(3), ssl(3), -SSL_set_connect_state(3) +\&\fISSL_CTX_new\fR\|(3), \fISSL_new\fR\|(3), +\&\fISSL_clear\fR\|(3), \fIssl\fR\|(3), +\&\fISSL_set_connect_state\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_set_timeout.3 b/secure/lib/libssl/man/SSL_CTX_set_timeout.3 index 16bfc73..0f8f688 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_timeout.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_timeout.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:42 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_set_timeout 3" -.TH SSL_CTX_set_timeout 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_set_timeout 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_CTX_set_timeout, SSL_CTX_get_timeout \- manipulate timeout values for session caching .SH "SYNOPSIS" @@ -147,6 +137,7 @@ SSL_CTX_set_timeout, SSL_CTX_get_timeout \- manipulate timeout values for sessio .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 2 \& long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); \& long SSL_CTX_get_timeout(SSL_CTX *ctx); @@ -169,15 +160,15 @@ valid at the time of the session negotiation. Changes of the timeout value do not affect already established sessions. .PP The expiration time of a single session can be modified using the -SSL_SESSION_get_time(3) family of functions. +\&\fISSL_SESSION_get_time\fR\|(3) family of functions. .PP Expired sessions are removed from the internal session cache, whenever -SSL_CTX_flush_sessions(3) is called, either +\&\fISSL_CTX_flush_sessions\fR\|(3) is called, either directly by the application or automatically (see -SSL_CTX_set_session_cache_mode(3)) +\&\fISSL_CTX_set_session_cache_mode\fR\|(3)) .PP The default value for session timeout is decided on a per protocol -basis, see SSL_get_default_timeout(3). +basis, see \fISSL_get_default_timeout\fR\|(3). All currently supported protocols have the same default timeout value of 300 seconds. .SH "RETURN VALUES" @@ -187,8 +178,8 @@ of 300 seconds. \&\fISSL_CTX_get_timeout()\fR returns the currently set timeout value. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), -SSL_CTX_set_session_cache_mode(3), -SSL_SESSION_get_time(3), -SSL_CTX_flush_sessions(3), -SSL_get_default_timeout(3) +\&\fIssl\fR\|(3), +\&\fISSL_CTX_set_session_cache_mode\fR\|(3), +\&\fISSL_SESSION_get_time\fR\|(3), +\&\fISSL_CTX_flush_sessions\fR\|(3), +\&\fISSL_get_default_timeout\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 index 6b798b6..415206d 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:42 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,28 +126,30 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_set_tmp_dh_callback 3" -.TH SSL_CTX_set_tmp_dh_callback 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_set_tmp_dh_callback 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_set_tmp_dh \- handle \s-1DH\s0 keys for ephemeral key exchange +SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_set_tmp_dh \- handle DH keys for ephemeral key exchange .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 3 \& void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, \& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)); \& long SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh); .Ve +.PP .Vb 3 \& void SSL_set_tmp_dh_callback(SSL_CTX *ctx, \& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)); \& long SSL_set_tmp_dh(SSL *ssl, DH *dh) .Ve +.PP .Vb 1 \& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)); .Ve @@ -194,7 +187,7 @@ In order to perform a \s-1DH\s0 key exchange the server must use a \s-1DH\s0 gro (\s-1DH\s0 parameters) and generate a \s-1DH\s0 key. The server will always generate a new \&\s-1DH\s0 key during the negotiation, when the \s-1DH\s0 parameters are supplied via callback and/or when the \s-1SSL_OP_SINGLE_DH_USE\s0 option of -SSL_CTX_set_options(3) is set. It will +\&\fISSL_CTX_set_options\fR\|(3) is set. It will immediately create a \s-1DH\s0 key, when \s-1DH\s0 parameters are supplied via \&\fISSL_CTX_set_tmp_dh()\fR and \s-1SSL_OP_SINGLE_DH_USE\s0 is not set. In this case, it may happen that a key is generated on initialization without later @@ -216,19 +209,19 @@ should not generate the parameters on the fly but supply the parameters. the negotiation. The risk in reusing \s-1DH\s0 parameters is that an attacker may specialize on a very often used \s-1DH\s0 group. Applications should therefore generate their own \s-1DH\s0 parameters during the installation process using the -openssl dhparam(1) application. In order to reduce the computer +openssl \fIdhparam\fR\|(1) application. In order to reduce the computer time needed for this generation, it is possible to use \s-1DSA\s0 parameters -instead (see dhparam(1)), but in this case \s-1SSL_OP_SINGLE_DH_USE\s0 +instead (see \fIdhparam\fR\|(1)), but in this case \s-1SSL_OP_SINGLE_DH_USE\s0 is mandatory. .PP Application authors may compile in \s-1DH\s0 parameters. Files dh512.pem, dh1024.pem, dh2048.pem, and dh4096 in the 'apps' directory of current version of the OpenSSL distribution contain the '\s-1SKIP\s0' \s-1DH\s0 parameters, -which use safe primes and were generated verifiably pseudo-randomly. +which use safe primes and were generated verifiably pseudo\-randomly. These files can be converted into C code using the \fB\-C\fR option of the -dhparam(1) application. +\&\fIdhparam\fR\|(1) application. Authors may also generate their own set of parameters using -dhparam(1), but a user may not be sure how the parameters were +\&\fIdhparam\fR\|(1), but a user may not be sure how the parameters were generated. The generation of \s-1DH\s0 parameters during installation is therefore recommended. .PP @@ -252,6 +245,7 @@ partly left out.) \& DH *dh_1024 = NULL; \& FILE *paramfile; .Ve +.PP .Vb 14 \& ... \& /* "openssl dhparam -out dh_param_512.pem -2 512" */ @@ -268,16 +262,19 @@ partly left out.) \& } \& ... .Ve +.PP .Vb 3 \& /* "openssl dhparam -C -2 512" etc... */ \& DH *get_dh512() { ... } \& DH *get_dh1024() { ... } .Ve +.PP .Vb 3 \& DH *tmp_dh_callback(SSL *s, int is_export, int keylength) \& { \& DH *dh_tmp=NULL; .Ve +.PP .Vb 17 \& switch (keylength) { \& case 512: @@ -306,7 +303,7 @@ diagnostic output. on failure. Check the error queue to find out the reason of failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_CTX_set_cipher_list(3), -SSL_CTX_set_tmp_rsa_callback(3), -SSL_CTX_set_options(3), -ciphers(1), dhparam(1) +\&\fIssl\fR\|(3), \fISSL_CTX_set_cipher_list\fR\|(3), +\&\fISSL_CTX_set_tmp_rsa_callback\fR\|(3), +\&\fISSL_CTX_set_options\fR\|(3), +\&\fIciphers\fR\|(1), \fIdhparam\fR\|(1) diff --git a/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 index 8391b49..71c5912 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:43 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,30 +126,32 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_set_tmp_rsa_callback 3" -.TH SSL_CTX_set_tmp_rsa_callback 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_set_tmp_rsa_callback 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_CTX_set_tmp_rsa_callback, SSL_CTX_set_tmp_rsa, SSL_CTX_need_tmp_rsa, SSL_set_tmp_rsa_callback, SSL_set_tmp_rsa, SSL_need_tmp_rsa \- handle \s-1RSA\s0 keys for ephemeral key exchange +SSL_CTX_set_tmp_rsa_callback, SSL_CTX_set_tmp_rsa, SSL_CTX_need_tmp_rsa, SSL_set_tmp_rsa_callback, SSL_set_tmp_rsa, SSL_need_tmp_rsa \- handle RSA keys for ephemeral key exchange .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 4 \& void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, \& RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength)); \& long SSL_CTX_set_tmp_rsa(SSL_CTX *ctx, RSA *rsa); \& long SSL_CTX_need_tmp_rsa(SSL_CTX *ctx); .Ve +.PP .Vb 4 \& void SSL_set_tmp_rsa_callback(SSL_CTX *ctx, \& RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength)); \& long SSL_set_tmp_rsa(SSL *ssl, RSA *rsa) \& long SSL_need_tmp_rsa(SSL *ssl) .Ve +.PP .Vb 1 \& RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength)); .Ve @@ -211,13 +204,13 @@ the \s-1TLS\s0 standard, when the \s-1RSA\s0 key can be used for signing only, t for export ciphers. Using ephemeral \s-1RSA\s0 key exchange for other purposes violates the standard and can break interoperability with clients. It is therefore strongly recommended to not use ephemeral \s-1RSA\s0 key -exchange and use \s-1EDH\s0 (Ephemeral Diffie-Hellman) key exchange instead +exchange and use \s-1EDH\s0 (Ephemeral Diffie\-Hellman) key exchange instead in order to achieve forward secrecy (see -SSL_CTX_set_tmp_dh_callback(3)). +\&\fISSL_CTX_set_tmp_dh_callback\fR\|(3)). .PP On OpenSSL servers ephemeral \s-1RSA\s0 key exchange is therefore disabled by default and must be explicitly enabled using the \s-1SSL_OP_EPHEMERAL_RSA\s0 option of -SSL_CTX_set_options(3), violating the \s-1TLS/SSL\s0 +\&\fISSL_CTX_set_options\fR\|(3), violating the \s-1TLS/SSL\s0 standard. When ephemeral \s-1RSA\s0 key exchange is required for export ciphers, it will automatically be used without this option! .PP @@ -247,24 +240,29 @@ respectively are generated. \& RSA *rsa_512 = NULL; \& RSA *rsa_1024 = NULL; .Ve +.PP .Vb 3 \& rsa_512 = RSA_generate_key(512,RSA_F4,NULL,NULL); \& if (rsa_512 == NULL) \& evaluate_error_queue(); .Ve +.PP .Vb 3 \& rsa_1024 = RSA_generate_key(1024,RSA_F4,NULL,NULL); \& if (rsa_1024 == NULL) \& evaluate_error_queue(); .Ve +.PP .Vb 1 \& ... .Ve +.PP .Vb 3 \& RSA *tmp_rsa_callback(SSL *s, int is_export, int keylength) \& { \& RSA *rsa_tmp=NULL; .Ve +.PP .Vb 24 \& switch (keylength) { \& case 512: @@ -303,7 +301,7 @@ on failure. Check the error queue to find out the reason of failure. \&\s-1RSA\s0 key is needed and 0 otherwise. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_CTX_set_cipher_list(3), -SSL_CTX_set_options(3), -SSL_CTX_set_tmp_dh_callback(3), -SSL_new(3), ciphers(1) +\&\fIssl\fR\|(3), \fISSL_CTX_set_cipher_list\fR\|(3), +\&\fISSL_CTX_set_options\fR\|(3), +\&\fISSL_CTX_set_tmp_dh_callback\fR\|(3), +\&\fISSL_new\fR\|(3), \fIciphers\fR\|(1) diff --git a/secure/lib/libssl/man/SSL_CTX_set_verify.3 b/secure/lib/libssl/man/SSL_CTX_set_verify.3 index 491c054..7f7a607 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_verify.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_verify.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:43 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_set_verify 3" -.TH SSL_CTX_set_verify 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_set_verify 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_CTX_set_verify, SSL_set_verify, SSL_CTX_set_verify_depth, SSL_set_verify_depth \- set peer certificate verification parameters .SH "SYNOPSIS" @@ -147,6 +137,7 @@ SSL_CTX_set_verify, SSL_set_verify, SSL_CTX_set_verify_depth, SSL_set_verify_dep .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 6 \& void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, \& int (*verify_callback)(int, X509_STORE_CTX *)); @@ -155,6 +146,7 @@ SSL_CTX_set_verify, SSL_set_verify, SSL_CTX_set_verify_depth, SSL_set_verify_dep \& void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth); \& void SSL_set_verify_depth(SSL *s, int depth); .Ve +.PP .Vb 1 \& int verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx); .Ve @@ -170,7 +162,7 @@ shall be specified, the \s-1NULL\s0 pointer can be used for \fBverify_callback\f this case last \fBverify_callback\fR set specifically for this \fBssl\fR remains. If no special \fBcallback\fR was set before, the default callback for the underlying \&\fBctx\fR is used, that was valid at the the time \fBssl\fR was created with -SSL_new(3). +\&\fISSL_new\fR\|(3). .PP \&\fISSL_CTX_set_verify_depth()\fR sets the maximum \fBdepth\fR for the certificate chain verification that shall be allowed for \fBctx\fR. (See the \s-1BUGS\s0 section.) @@ -181,7 +173,7 @@ verification that shall be allowed for \fBssl\fR. (See the \s-1BUGS\s0 section.) .IX Header "NOTES" The verification of certificates can be controlled by a set of logically or'ed \fBmode\fR flags: -.Ip "\s-1SSL_VERIFY_NONE\s0" 4 +.IP "\s-1SSL_VERIFY_NONE\s0" 4 .IX Item "SSL_VERIFY_NONE" \&\fBServer mode:\fR the server will not send a client certificate request to the client, so the client will not send a certificate. @@ -189,9 +181,9 @@ client, so the client will not send a certificate. \&\fBClient mode:\fR if not using an anonymous cipher (by default disabled), the server will send a certificate which will be checked. The result of the certificate verification process can be checked after the \s-1TLS/SSL\s0 handshake -using the SSL_get_verify_result(3) function. +using the \fISSL_get_verify_result\fR\|(3) function. The handshake will be continued regardless of the verification result. -.Ip "\s-1SSL_VERIFY_PEER\s0" 4 +.IP "\s-1SSL_VERIFY_PEER\s0" 4 .IX Item "SSL_VERIFY_PEER" \&\fBServer mode:\fR the server sends a client certificate request to the client. The certificate returned (if any) is checked. If the verification process @@ -206,14 +198,14 @@ fails, the \s-1TLS/SSL\s0 handshake is immediately terminated with an alert message containing the reason for the verification failure. If no server certificate is sent, because an anonymous cipher is used, \s-1SSL_VERIFY_PEER\s0 is ignored. -.Ip "\s-1SSL_VERIFY_FAIL_IF_NO_PEER_CERT\s0" 4 +.IP "\s-1SSL_VERIFY_FAIL_IF_NO_PEER_CERT\s0" 4 .IX Item "SSL_VERIFY_FAIL_IF_NO_PEER_CERT" \&\fBServer mode:\fR if the client did not return a certificate, the \s-1TLS/SSL\s0 handshake is immediately terminated with a \*(L"handshake failure\*(R" alert. This flag must be used together with \s-1SSL_VERIFY_PEER\s0. .Sp \&\fBClient mode:\fR ignored -.Ip "\s-1SSL_VERIFY_CLIENT_ONCE\s0" 4 +.IP "\s-1SSL_VERIFY_CLIENT_ONCE\s0" 4 .IX Item "SSL_VERIFY_CLIENT_ONCE" \&\fBServer mode:\fR only request a client certificate on the initial \s-1TLS/SSL\s0 handshake. Do not ask for a client certificate again in case of a @@ -227,7 +219,7 @@ set at any time. The actual verification procedure is performed either using the built-in verification procedure or using another application provided verification function set with -SSL_CTX_set_cert_verify_callback(3). +\&\fISSL_CTX_set_cert_verify_callback\fR\|(3). The following descriptions apply in the case of the built-in procedure. An application provided procedure also has access to the verify depth information and the \fIverify_callback()\fR function, but the way this information is used @@ -267,10 +259,10 @@ process is immediately stopped with \*(L"verification failed\*(R" state. If \&\s-1SSL_VERIFY_PEER\s0 is set, a verification failure alert is sent to the peer and the \s-1TLS/SSL\s0 handshake is terminated. If \fBverify_callback\fR returns 1, the verification process is continued. If \fBverify_callback\fR always returns -1, the \s-1TLS/SSL\s0 handshake will never be terminated because of this application -experiencing a verification failure. The calling process can however -retrieve the error code of the last verification error using -SSL_get_verify_result(3) or by maintaining its +1, the \s-1TLS/SSL\s0 handshake will not be terminated with respect to verification +failures and the connection will be established. The calling process can +however retrieve the error code of the last verification error using +\&\fISSL_get_verify_result\fR\|(3) or by maintaining its own error storage managed by \fBverify_callback\fR. .PP If no \fBverify_callback\fR is specified, the default callback will be used. @@ -305,8 +297,8 @@ certificates. .PP The example makes use of the ex_data technique to store application data into/retrieve application data from the \s-1SSL\s0 structure -(see SSL_get_ex_new_index(3), -SSL_get_ex_data_X509_STORE_CTX_idx(3)). +(see \fISSL_get_ex_new_index\fR\|(3), +\&\fISSL_get_ex_data_X509_STORE_CTX_idx\fR\|(3)). .PP .Vb 15 \& ... @@ -325,11 +317,13 @@ SSL_get_ex_data_X509_STORE_CTX_idx(3)). \& SSL *ssl; \& mydata_t *mydata; .Ve +.PP .Vb 3 \& err_cert = X509_STORE_CTX_get_current_cert(ctx); \& err = X509_STORE_CTX_get_error(ctx); \& depth = X509_STORE_CTX_get_error_depth(ctx); .Ve +.PP .Vb 6 \& /* \& * Retrieve the pointer to the SSL of the connection currently treated @@ -338,9 +332,11 @@ SSL_get_ex_data_X509_STORE_CTX_idx(3)). \& ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); \& mydata = SSL_get_ex_data(ssl, mydata_index); .Ve +.PP .Vb 1 \& X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256); .Ve +.PP .Vb 22 \& /* \& * Catch a too long certificate chain. The depth limit set using @@ -365,6 +361,7 @@ SSL_get_ex_data_X509_STORE_CTX_idx(3)). \& printf("depth=%d:%s\en", depth, buf); \& } .Ve +.PP .Vb 9 \& /* \& * At this point, err contains the last verification error. We can use @@ -376,6 +373,7 @@ SSL_get_ex_data_X509_STORE_CTX_idx(3)). \& printf("issuer= %s\en", buf); \& } .Ve +.PP .Vb 6 \& if (mydata->always_continue) \& return 1; @@ -384,18 +382,22 @@ SSL_get_ex_data_X509_STORE_CTX_idx(3)). \& } \& ... .Ve +.PP .Vb 1 \& mydata_t mydata; .Ve +.PP .Vb 2 \& ... \& mydata_index = SSL_get_ex_new_index(0, "mydata index", NULL, NULL, NULL); .Ve +.PP .Vb 3 \& ... \& SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE, \& verify_callback); .Ve +.PP .Vb 5 \& /* \& * Let the verify_callback catch the verify_depth error so that we get @@ -403,6 +405,7 @@ SSL_get_ex_data_X509_STORE_CTX_idx(3)). \& */ \& SSL_CTX_set_verify_depth(verify_depth + 1); .Ve +.PP .Vb 6 \& /* \& * Set up the SSL specific data into "mydata" and store it into th SSL @@ -411,6 +414,7 @@ SSL_get_ex_data_X509_STORE_CTX_idx(3)). \& mydata.verify_depth = verify_depth; ... \& SSL_set_ex_data(ssl, mydata_index, &mydata); .Ve +.PP .Vb 9 \& ... \& SSL_accept(ssl); /* check of success left out for clarity */ @@ -424,11 +428,11 @@ SSL_get_ex_data_X509_STORE_CTX_idx(3)). .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_new(3), -SSL_CTX_get_verify_mode(3), -SSL_get_verify_result(3), -SSL_CTX_load_verify_locations(3), -SSL_get_peer_certificate(3), -SSL_CTX_set_cert_verify_callback(3), -SSL_get_ex_data_X509_STORE_CTX_idx(3), -SSL_get_ex_new_index(3) +\&\fIssl\fR\|(3), \fISSL_new\fR\|(3), +\&\fISSL_CTX_get_verify_mode\fR\|(3), +\&\fISSL_get_verify_result\fR\|(3), +\&\fISSL_CTX_load_verify_locations\fR\|(3), +\&\fISSL_get_peer_certificate\fR\|(3), +\&\fISSL_CTX_set_cert_verify_callback\fR\|(3), +\&\fISSL_get_ex_data_X509_STORE_CTX_idx\fR\|(3), +\&\fISSL_get_ex_new_index\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_use_certificate.3 b/secure/lib/libssl/man/SSL_CTX_use_certificate.3 index d45fda3..b81f200 100644 --- a/secure/lib/libssl/man/SSL_CTX_use_certificate.3 +++ b/secure/lib/libssl/man/SSL_CTX_use_certificate.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:43 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_use_certificate 3" -.TH SSL_CTX_use_certificate 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_use_certificate 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, SSL_CTX_use_certificate_file, SSL_use_certificate, SSL_use_certificate_ASN1, SSL_use_certificate_file, SSL_CTX_use_certificate_chain_file, SSL_CTX_use_PrivateKey, SSL_CTX_use_PrivateKey_ASN1, SSL_CTX_use_PrivateKey_file, SSL_CTX_use_RSAPrivateKey, SSL_CTX_use_RSAPrivateKey_ASN1, SSL_CTX_use_RSAPrivateKey_file, SSL_use_PrivateKey_file, SSL_use_PrivateKey_ASN1, SSL_use_PrivateKey, SSL_use_RSAPrivateKey, SSL_use_RSAPrivateKey_ASN1, SSL_use_RSAPrivateKey_file, SSL_CTX_check_private_key, SSL_check_private_key \- load certificate and key data .SH "SYNOPSIS" @@ -147,6 +137,7 @@ SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, SSL_CTX_use_certificate_f .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 6 \& int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); \& int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d); @@ -155,9 +146,11 @@ SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, SSL_CTX_use_certificate_f \& int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len); \& int SSL_use_certificate_file(SSL *ssl, const char *file, int type); .Ve +.PP .Vb 1 \& int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); .Ve +.PP .Vb 13 \& int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); \& int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, unsigned char *d, @@ -173,9 +166,10 @@ SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, SSL_CTX_use_certificate_f \& int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); \& int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); .Ve +.PP .Vb 2 -\& int SSL_CTX_check_private_key(SSL_CTX *ctx); -\& int SSL_check_private_key(SSL *ssl); +\& int SSL_CTX_check_private_key(const SSL_CTX *ctx); +\& int SSL_check_private_key(const SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -184,18 +178,18 @@ or \s-1SSL\s0 object, respectively. .PP The SSL_CTX_* class of functions loads the certificates and keys into the \&\s-1SSL_CTX\s0 object \fBctx\fR. The information is passed to \s-1SSL\s0 objects \fBssl\fR -created from \fBctx\fR with SSL_new(3) by copying, so that +created from \fBctx\fR with \fISSL_new\fR\|(3) by copying, so that changes applied to \fBctx\fR do not propagate to already existing \s-1SSL\s0 objects. .PP The SSL_* class of functions only loads certificates and keys into a specific \s-1SSL\s0 object. The specific information is kept, when -SSL_clear(3) is called for this \s-1SSL\s0 object. +\&\fISSL_clear\fR\|(3) is called for this \s-1SSL\s0 object. .PP \&\fISSL_CTX_use_certificate()\fR loads the certificate \fBx\fR into \fBctx\fR, \&\fISSL_use_certificate()\fR loads \fBx\fR into \fBssl\fR. The rest of the certificates needed to form the complete certificate chain can be specified using the -SSL_CTX_add_extra_chain_cert(3) +\&\fISSL_CTX_add_extra_chain_cert\fR\|(3) function. .PP \&\fISSL_CTX_use_certificate_ASN1()\fR loads the \s-1ASN1\s0 encoded certificate from @@ -211,13 +205,20 @@ should be preferred. .PP \&\fISSL_CTX_use_certificate_chain_file()\fR loads a certificate chain from \&\fBfile\fR into \fBctx\fR. The certificates must be in \s-1PEM\s0 format and must -be sorted starting with the certificate to the highest level (root \s-1CA\s0). +be sorted starting with the subject's certificate (actual client or server +certificate), followed by intermediate \s-1CA\s0 certificates if applicable, and +ending at the highest level (root) \s-1CA\s0. There is no corresponding function working on a single \s-1SSL\s0 object. .PP \&\fISSL_CTX_use_PrivateKey()\fR adds \fBpkey\fR as private key to \fBctx\fR. \&\fISSL_CTX_use_RSAPrivateKey()\fR adds the private key \fBrsa\fR of type \s-1RSA\s0 to \fBctx\fR. \fISSL_use_PrivateKey()\fR adds \fBpkey\fR as private key to \fBssl\fR; \&\fISSL_use_RSAPrivateKey()\fR adds \fBrsa\fR as private key of type \s-1RSA\s0 to \fBssl\fR. +If a certificate has already been set and the private does not belong +to the certificate an error is returned. To change a certificate, private +key pair the new certificate needs to be set with \fISSL_use_certificate()\fR +or \fISSL_CTX_use_certificate()\fR before setting the private key with +\&\fISSL_CTX_use_PrivateKey()\fR or \fISSL_use_PrivateKey()\fR. .PP \&\fISSL_CTX_use_PrivateKey_ASN1()\fR adds the private key of type \fBpk\fR stored at memory location \fBd\fR (length \fBlen\fR) to \fBctx\fR. @@ -246,7 +247,7 @@ this \fBssl\fR, the last item added into \fBctx\fR will be checked. The internal certificate store of OpenSSL can hold two private key/certificate pairs at a time: one key/certificate of type \s-1RSA\s0 and one key/certificate of type \s-1DSA\s0. The certificate used depends on the cipher select, see -also SSL_CTX_set_cipher_list(3). +also \fISSL_CTX_set_cipher_list\fR\|(3). .PP When reading certificates and private keys from file, files of type \&\s-1SSL_FILETYPE_ASN1\s0 (also known as \fB\s-1DER\s0\fR, binary encoding) can only contain @@ -257,7 +258,7 @@ Files of type \s-1SSL_FILETYPE_PEM\s0 can contain more than one item. \&\fISSL_CTX_use_certificate_chain_file()\fR adds the first certificate found in the file to the certificate store. The other certificates are added to the store of chain certificates using -SSL_CTX_add_extra_chain_cert(3). +\&\fISSL_CTX_add_extra_chain_cert\fR\|(3). There exists only one extra chain store, so that the same chain is appended to both types of certificates, \s-1RSA\s0 and \s-1DSA\s0! If it is not intended to use both type of certificate at the same time, it is recommended to use the @@ -270,12 +271,12 @@ when the \s-1CA\s0 issuing the certificate shall not be added to the trusted If additional certificates are needed to complete the chain during the \&\s-1TLS\s0 negotiation, \s-1CA\s0 certificates are additionally looked up in the locations of trusted \s-1CA\s0 certificates, see -SSL_CTX_load_verify_locations(3). +\&\fISSL_CTX_load_verify_locations\fR\|(3). .PP The private keys loaded from file can be encrypted. In order to successfully load encrypted keys, a function returning the passphrase must have been supplied, see -SSL_CTX_set_default_passwd_cb(3). +\&\fISSL_CTX_set_default_passwd_cb\fR\|(3). (Certificate files might be encrypted as well from the technical point of view, it however does not make sense as the data in the certificate is considered public anyway.) @@ -285,9 +286,14 @@ On success, the functions return 1. Otherwise check out the error stack to find out the reason. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_new(3), SSL_clear(3), -SSL_CTX_load_verify_locations(3), -SSL_CTX_set_default_passwd_cb(3), -SSL_CTX_set_cipher_list(3), -SSL_CTX_set_client_cert_cb(3), -SSL_CTX_add_extra_chain_cert(3) +\&\fIssl\fR\|(3), \fISSL_new\fR\|(3), \fISSL_clear\fR\|(3), +\&\fISSL_CTX_load_verify_locations\fR\|(3), +\&\fISSL_CTX_set_default_passwd_cb\fR\|(3), +\&\fISSL_CTX_set_cipher_list\fR\|(3), +\&\fISSL_CTX_set_client_cert_cb\fR\|(3), +\&\fISSL_CTX_add_extra_chain_cert\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +Support for \s-1DER\s0 encoded private keys (\s-1SSL_FILETYPE_ASN1\s0) in +\&\fISSL_CTX_use_PrivateKey_file()\fR and \fISSL_use_PrivateKey_file()\fR was added +in 0.9.8 . diff --git a/secure/lib/libssl/man/SSL_SESSION_free.3 b/secure/lib/libssl/man/SSL_SESSION_free.3 index 9d01628..f41f2fc 100644 --- a/secure/lib/libssl/man/SSL_SESSION_free.3 +++ b/secure/lib/libssl/man/SSL_SESSION_free.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:43 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,18 +126,18 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_SESSION_free 3" -.TH SSL_SESSION_free 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_SESSION_free 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_SESSION_free \- free an allocated \s-1SSL_SESSION\s0 structure +SSL_SESSION_free \- free an allocated SSL_SESSION structure .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 \& void SSL_SESSION_free(SSL_SESSION *session); .Ve @@ -159,7 +150,7 @@ memory, if the the reference count has reached 0. .IX Header "NOTES" \&\s-1SSL_SESSION\s0 objects are allocated, when a \s-1TLS/SSL\s0 handshake operation is successfully completed. Depending on the settings, see -SSL_CTX_set_session_cache_mode(3), +\&\fISSL_CTX_set_session_cache_mode\fR\|(3), the \s-1SSL_SESSION\s0 objects are internally referenced by the \s-1SSL_CTX\s0 and linked into its session cache. \s-1SSL\s0 objects may be using the \s-1SSL_SESSION\s0 object; as a session may be reused, several \s-1SSL\s0 objects may be using one \s-1SSL_SESSION\s0 @@ -170,13 +161,13 @@ dangling pointers. These failures may also appear delayed, e.g. when an \s-1SSL_SESSION\s0 object was completely freed as the reference count incorrectly became 0, but it is still referenced in the internal session cache and the cache list is processed during a -SSL_CTX_flush_sessions(3) operation. +\&\fISSL_CTX_flush_sessions\fR\|(3) operation. .PP \&\fISSL_SESSION_free()\fR must only be called for \s-1SSL_SESSION\s0 objects, for which the reference count was explicitly incremented (e.g. -by calling \fISSL_get1_session()\fR, see SSL_get_session(3)) +by calling \fISSL_get1_session()\fR, see \fISSL_get_session\fR\|(3)) or when the \s-1SSL_SESSION\s0 object was generated outside a \s-1TLS\s0 handshake -operation, e.g. by using d2i_SSL_SESSION(3). +operation, e.g. by using \fId2i_SSL_SESSION\fR\|(3). It must not be called on other \s-1SSL_SESSION\s0 objects, as this would cause incorrect reference counts and therefore program failures. .SH "RETURN VALUES" @@ -184,7 +175,7 @@ incorrect reference counts and therefore program failures. \&\fISSL_SESSION_free()\fR does not provide diagnostic information. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_get_session(3), -SSL_CTX_set_session_cache_mode(3), -SSL_CTX_flush_sessions(3), - d2i_SSL_SESSION(3) +\&\fIssl\fR\|(3), \fISSL_get_session\fR\|(3), +\&\fISSL_CTX_set_session_cache_mode\fR\|(3), +\&\fISSL_CTX_flush_sessions\fR\|(3), + \fId2i_SSL_SESSION\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 b/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 index 6b8425f..f5dc917 100644 --- a/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 +++ b/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:43 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_SESSION_get_ex_new_index 3" -.TH SSL_SESSION_get_ex_new_index 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_SESSION_get_ex_new_index 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_SESSION_get_ex_new_index, SSL_SESSION_set_ex_data, SSL_SESSION_get_ex_data \- internal application specific data functions .SH "SYNOPSIS" @@ -147,18 +137,22 @@ SSL_SESSION_get_ex_new_index, SSL_SESSION_set_ex_data, SSL_SESSION_get_ex_data \ .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 4 \& int SSL_SESSION_get_ex_new_index(long argl, void *argp, \& CRYPTO_EX_new *new_func, \& CRYPTO_EX_dup *dup_func, \& CRYPTO_EX_free *free_func); .Ve +.PP .Vb 1 \& int SSL_SESSION_set_ex_data(SSL_SESSION *session, int idx, void *arg); .Ve +.PP .Vb 1 -\& void *SSL_SESSION_get_ex_data(SSL_SESSION *session, int idx); +\& void *SSL_SESSION_get_ex_data(const SSL_SESSION *session, int idx); .Ve +.PP .Vb 6 \& typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, \& int idx, long argl, void *argp); @@ -183,9 +177,9 @@ into the \fBsession\fR object. \&\fBsession\fR. .PP A detailed description for the \fB*\f(BI_get_ex_new_index()\fB\fR functionality -can be found in RSA_get_ex_new_index(3). +can be found in \fIRSA_get_ex_new_index\fR\|(3). The \fB*\f(BI_get_ex_data()\fB\fR and \fB*\f(BI_set_ex_data()\fB\fR functionality is described in -CRYPTO_set_ex_data(3). +\&\fICRYPTO_set_ex_data\fR\|(3). .SH "WARNINGS" .IX Header "WARNINGS" The application data is only maintained for sessions held in memory. The @@ -195,6 +189,6 @@ like \fIPEM_write_SSL_SESSION()\fR and \fIPEM_write_bio_SSL_SESSION()\fR) and ca therefore not be restored. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), -RSA_get_ex_new_index(3), -CRYPTO_set_ex_data(3) +\&\fIssl\fR\|(3), +\&\fIRSA_get_ex_new_index\fR\|(3), +\&\fICRYPTO_set_ex_data\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_SESSION_get_time.3 b/secure/lib/libssl/man/SSL_SESSION_get_time.3 index 7d268b3..72a709a 100644 --- a/secure/lib/libssl/man/SSL_SESSION_get_time.3 +++ b/secure/lib/libssl/man/SSL_SESSION_get_time.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:44 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_SESSION_get_time 3" -.TH SSL_SESSION_get_time 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_SESSION_get_time 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_SESSION_get_time, SSL_SESSION_set_time, SSL_SESSION_get_timeout, SSL_SESSION_get_timeout \- retrieve and manipulate session time and timeout settings .SH "SYNOPSIS" @@ -147,16 +137,18 @@ SSL_SESSION_get_time, SSL_SESSION_set_time, SSL_SESSION_get_timeout, SSL_SESSION .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 4 -\& long SSL_SESSION_get_time(SSL_SESSION *s); +\& long SSL_SESSION_get_time(const SSL_SESSION *s); \& long SSL_SESSION_set_time(SSL_SESSION *s, long tm); -\& long SSL_SESSION_get_timeout(SSL_SESSION *s); +\& long SSL_SESSION_get_timeout(const SSL_SESSION *s); \& long SSL_SESSION_set_timeout(SSL_SESSION *s, long tm); .Ve +.PP .Vb 4 -\& long SSL_get_time(SSL_SESSION *s); +\& long SSL_get_time(const SSL_SESSION *s); \& long SSL_set_time(SSL_SESSION *s, long tm); -\& long SSL_get_timeout(SSL_SESSION *s); +\& long SSL_get_timeout(const SSL_SESSION *s); \& long SSL_set_timeout(SSL_SESSION *s, long tm); .Ve .SH "DESCRIPTION" @@ -181,7 +173,7 @@ functions are synonyms for the SSL_SESSION_*() counterparts. Sessions are expired by examining the creation time and the timeout value. Both are set at creation time of the session to the actual time and the default timeout value at creation, respectively, as set by -SSL_CTX_set_timeout(3). +\&\fISSL_CTX_set_timeout\fR\|(3). Using these functions it is possible to extend or shorten the lifetime of the session. .SH "RETURN VALUES" @@ -195,6 +187,6 @@ If any of the function is passed the \s-1NULL\s0 pointer for the session \fBs\fR 0 is returned. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), -SSL_CTX_set_timeout(3), -SSL_get_default_timeout(3) +\&\fIssl\fR\|(3), +\&\fISSL_CTX_set_timeout\fR\|(3), +\&\fISSL_get_default_timeout\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_accept.3 b/secure/lib/libssl/man/SSL_accept.3 index 2e44eed..0b9919a 100644 --- a/secure/lib/libssl/man/SSL_accept.3 +++ b/secure/lib/libssl/man/SSL_accept.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:44 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,18 +126,18 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_accept 3" -.TH SSL_accept 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_accept 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_accept \- wait for a \s-1TLS/SSL\s0 client to initiate a \s-1TLS/SSL\s0 handshake +SSL_accept \- wait for a TLS/SSL client to initiate a TLS/SSL handshake .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 \& int SSL_accept(SSL *ssl); .Ve @@ -167,7 +158,8 @@ should be called again. .PP If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_accept()\fR will also return when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_accept()\fR -to continue the handshake. In this case a call to \fISSL_get_error()\fR with the +to continue the handshake, indicating the problem by the return value \-1. +In this case a call to \fISSL_get_error()\fR with the return value of \fISSL_accept()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or \&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after taking appropriate action to satisfy the needs of \fISSL_accept()\fR. @@ -178,15 +170,15 @@ into or retrieved out of the \s-1BIO\s0 before being able to continue. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.Ip "1" 4 +.IP "1" 4 .IX Item "1" The \s-1TLS/SSL\s0 handshake was successfully completed, a \s-1TLS/SSL\s0 connection has been established. -.Ip "0" 4 +.IP "0" 4 The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fISSL_get_error()\fR with the return value \fBret\fR to find out the reason. -.Ip "<0" 4 +.IP "<0" 4 .IX Item "<0" The \s-1TLS/SSL\s0 handshake was not successful because a fatal error occurred either at the protocol level or a connection failure occurred. The shutdown was @@ -195,8 +187,8 @@ for non-blocking BIOs. Call \fISSL_get_error()\fR with the return value \fBret\f to find out the reason. .SH "SEE ALSO" .IX Header "SEE ALSO" -SSL_get_error(3), SSL_connect(3), -SSL_shutdown(3), ssl(3), bio(3), -SSL_set_connect_state(3), -SSL_do_handshake(3), -SSL_CTX_new(3) +\&\fISSL_get_error\fR\|(3), \fISSL_connect\fR\|(3), +\&\fISSL_shutdown\fR\|(3), \fIssl\fR\|(3), \fIbio\fR\|(3), +\&\fISSL_set_connect_state\fR\|(3), +\&\fISSL_do_handshake\fR\|(3), +\&\fISSL_CTX_new\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_alert_type_string.3 b/secure/lib/libssl/man/SSL_alert_type_string.3 index 114cd49..6305128 100644 --- a/secure/lib/libssl/man/SSL_alert_type_string.3 +++ b/secure/lib/libssl/man/SSL_alert_type_string.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:44 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_alert_type_string 3" -.TH SSL_alert_type_string 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_alert_type_string 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_alert_type_string, SSL_alert_type_string_long, SSL_alert_desc_string, SSL_alert_desc_string_long \- get textual description of alert information .SH "SYNOPSIS" @@ -147,10 +137,12 @@ SSL_alert_type_string, SSL_alert_type_string_long, SSL_alert_desc_string, SSL_al .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 2 \& const char *SSL_alert_type_string(int value); \& const char *SSL_alert_type_string_long(int value); .Ve +.PP .Vb 2 \& const char *SSL_alert_desc_string(int value); \& const char *SSL_alert_desc_string_long(int value); @@ -189,156 +181,156 @@ by the \s-1TLS\s0 \s-1RFC\s0. A fatal alert always leads to a connection abort. .IX Header "RETURN VALUES" The following strings can occur for \fISSL_alert_type_string()\fR or \&\fISSL_alert_type_string_long()\fR: -.if n .Ip """""W""""/""""warning""""" 4 -.el .Ip "``W''/``warning''" 4 -.IX Item ""W/warning" +.ie n .IP """W""/""warning""" 4 +.el .IP "``W''/``warning''" 4 +.IX Item "W/warning" .PD 0 -.if n .Ip """""F""""/""""fatal""""" 4 -.el .Ip "``F''/``fatal''" 4 -.IX Item ""F/fatal" -.if n .Ip """""U""""/""""unknown""""" 4 -.el .Ip "``U''/``unknown''" 4 -.IX Item ""U/unknown" +.ie n .IP """F""/""fatal""" 4 +.el .IP "``F''/``fatal''" 4 +.IX Item "F/fatal" +.ie n .IP """U""/""unknown""" 4 +.el .IP "``U''/``unknown''" 4 +.IX Item "U/unknown" .PD This indicates that no support is available for this alert type. Probably \fBvalue\fR does not contain a correct alert message. .PP The following strings can occur for \fISSL_alert_desc_string()\fR or \&\fISSL_alert_desc_string_long()\fR: -.if n .Ip """""\s-1CN\s0""""/""""close notify""""" 4 -.el .Ip "``\s-1CN\s0''/``close notify''" 4 -.IX Item ""CN/close notify" +.ie n .IP """\s-1CN\s0""/""close notify""" 4 +.el .IP "``\s-1CN\s0''/``close notify''" 4 +.IX Item "CN/close notify" The connection shall be closed. This is a warning alert. -.if n .Ip """""\s-1UM\s0""""/""""unexpected message""""" 4 -.el .Ip "``\s-1UM\s0''/``unexpected message''" 4 -.IX Item ""UM/unexpected message" +.ie n .IP """\s-1UM\s0""/""unexpected message""" 4 +.el .IP "``\s-1UM\s0''/``unexpected message''" 4 +.IX Item "UM/unexpected message" An inappropriate message was received. This alert is always fatal and should never be observed in communication between proper implementations. -.if n .Ip """""\s-1BM\s0""""/""""bad record mac""""" 4 -.el .Ip "``\s-1BM\s0''/``bad record mac''" 4 -.IX Item ""BM/bad record mac" +.ie n .IP """\s-1BM\s0""/""bad record mac""" 4 +.el .IP "``\s-1BM\s0''/``bad record mac''" 4 +.IX Item "BM/bad record mac" This alert is returned if a record is received with an incorrect \&\s-1MAC\s0. This message is always fatal. -.if n .Ip """""\s-1DF\s0""""/""""decompression failure""""" 4 -.el .Ip "``\s-1DF\s0''/``decompression failure''" 4 -.IX Item ""DF/decompression failure" +.ie n .IP """\s-1DF\s0""/""decompression failure""" 4 +.el .IP "``\s-1DF\s0''/``decompression failure''" 4 +.IX Item "DF/decompression failure" The decompression function received improper input (e.g. data that would expand to excessive length). This message is always fatal. -.if n .Ip """""\s-1HF\s0""""/""""handshake failure""""" 4 -.el .Ip "``\s-1HF\s0''/``handshake failure''" 4 -.IX Item ""HF/handshake failure" +.ie n .IP """\s-1HF\s0""/""handshake failure""" 4 +.el .IP "``\s-1HF\s0''/``handshake failure''" 4 +.IX Item "HF/handshake failure" Reception of a handshake_failure alert message indicates that the sender was unable to negotiate an acceptable set of security parameters given the options available. This is a fatal error. -.if n .Ip """""\s-1NC\s0""""/""""no certificate""""" 4 -.el .Ip "``\s-1NC\s0''/``no certificate''" 4 -.IX Item ""NC/no certificate" +.ie n .IP """\s-1NC\s0""/""no certificate""" 4 +.el .IP "``\s-1NC\s0''/``no certificate''" 4 +.IX Item "NC/no certificate" A client, that was asked to send a certificate, does not send a certificate (SSLv3 only). -.if n .Ip """""\s-1BC\s0""""/""""bad certificate""""" 4 -.el .Ip "``\s-1BC\s0''/``bad certificate''" 4 -.IX Item ""BC/bad certificate" +.ie n .IP """\s-1BC\s0""/""bad certificate""" 4 +.el .IP "``\s-1BC\s0''/``bad certificate''" 4 +.IX Item "BC/bad certificate" A certificate was corrupt, contained signatures that did not verify correctly, etc -.if n .Ip """""\s-1UC\s0""""/""""unsupported certificate""""" 4 -.el .Ip "``\s-1UC\s0''/``unsupported certificate''" 4 -.IX Item ""UC/unsupported certificate" +.ie n .IP """\s-1UC\s0""/""unsupported certificate""" 4 +.el .IP "``\s-1UC\s0''/``unsupported certificate''" 4 +.IX Item "UC/unsupported certificate" A certificate was of an unsupported type. -.if n .Ip """""\s-1CR\s0""""/""""certificate revoked""""" 4 -.el .Ip "``\s-1CR\s0''/``certificate revoked''" 4 -.IX Item ""CR/certificate revoked" +.ie n .IP """\s-1CR\s0""/""certificate revoked""" 4 +.el .IP "``\s-1CR\s0''/``certificate revoked''" 4 +.IX Item "CR/certificate revoked" A certificate was revoked by its signer. -.if n .Ip """""\s-1CE\s0""""/""""certificate expired""""" 4 -.el .Ip "``\s-1CE\s0''/``certificate expired''" 4 -.IX Item ""CE/certificate expired" +.ie n .IP """\s-1CE\s0""/""certificate expired""" 4 +.el .IP "``\s-1CE\s0''/``certificate expired''" 4 +.IX Item "CE/certificate expired" A certificate has expired or is not currently valid. -.if n .Ip """""\s-1CU\s0""""/""""certificate unknown""""" 4 -.el .Ip "``\s-1CU\s0''/``certificate unknown''" 4 -.IX Item ""CU/certificate unknown" +.ie n .IP """\s-1CU\s0""/""certificate unknown""" 4 +.el .IP "``\s-1CU\s0''/``certificate unknown''" 4 +.IX Item "CU/certificate unknown" Some other (unspecified) issue arose in processing the certificate, rendering it unacceptable. -.if n .Ip """""\s-1IP\s0""""/""""illegal parameter""""" 4 -.el .Ip "``\s-1IP\s0''/``illegal parameter''" 4 -.IX Item ""IP/illegal parameter" +.ie n .IP """\s-1IP\s0""/""illegal parameter""" 4 +.el .IP "``\s-1IP\s0''/``illegal parameter''" 4 +.IX Item "IP/illegal parameter" A field in the handshake was out of range or inconsistent with other fields. This is always fatal. -.if n .Ip """""\s-1DC\s0""""/""""decryption failed""""" 4 -.el .Ip "``\s-1DC\s0''/``decryption failed''" 4 -.IX Item ""DC/decryption failed" +.ie n .IP """\s-1DC\s0""/""decryption failed""" 4 +.el .IP "``\s-1DC\s0''/``decryption failed''" 4 +.IX Item "DC/decryption failed" A TLSCiphertext decrypted in an invalid way: either it wasn't an even multiple of the block length or its padding values, when checked, weren't correct. This message is always fatal. -.if n .Ip """""\s-1RO\s0""""/""""record overflow""""" 4 -.el .Ip "``\s-1RO\s0''/``record overflow''" 4 -.IX Item ""RO/record overflow" +.ie n .IP """\s-1RO\s0""/""record overflow""" 4 +.el .IP "``\s-1RO\s0''/``record overflow''" 4 +.IX Item "RO/record overflow" A TLSCiphertext record was received which had a length more than 2^14+2048 bytes, or a record decrypted to a TLSCompressed record with more than 2^14+1024 bytes. This message is always fatal. -.if n .Ip """""\s-1CA\s0""""/""""unknown \s-1CA\s0""""" 4 -.el .Ip "``\s-1CA\s0''/``unknown \s-1CA\s0''" 4 -.IX Item ""CA/unknown CA" +.ie n .IP """\s-1CA\s0""/""unknown \s-1CA\s0""" 4 +.el .IP "``\s-1CA\s0''/``unknown \s-1CA\s0''" 4 +.IX Item "CA/unknown CA" A valid certificate chain or partial chain was received, but the certificate was not accepted because the \s-1CA\s0 certificate could not be located or couldn't be matched with a known, trusted \s-1CA\s0. This message is always fatal. -.if n .Ip """""\s-1AD\s0""""/""""access denied""""" 4 -.el .Ip "``\s-1AD\s0''/``access denied''" 4 -.IX Item ""AD/access denied" +.ie n .IP """\s-1AD\s0""/""access denied""" 4 +.el .IP "``\s-1AD\s0''/``access denied''" 4 +.IX Item "AD/access denied" A valid certificate was received, but when access control was applied, the sender decided not to proceed with negotiation. This message is always fatal. -.if n .Ip """""\s-1DE\s0""""/""""decode error""""" 4 -.el .Ip "``\s-1DE\s0''/``decode error''" 4 -.IX Item ""DE/decode error" +.ie n .IP """\s-1DE\s0""/""decode error""" 4 +.el .IP "``\s-1DE\s0''/``decode error''" 4 +.IX Item "DE/decode error" A message could not be decoded because some field was out of the specified range or the length of the message was incorrect. This message is always fatal. -.if n .Ip """""\s-1CY\s0""""/""""decrypt error""""" 4 -.el .Ip "``\s-1CY\s0''/``decrypt error''" 4 -.IX Item ""CY/decrypt error" +.ie n .IP """\s-1CY\s0""/""decrypt error""" 4 +.el .IP "``\s-1CY\s0''/``decrypt error''" 4 +.IX Item "CY/decrypt error" A handshake cryptographic operation failed, including being unable to correctly verify a signature, decrypt a key exchange, or validate a finished message. -.if n .Ip """""\s-1ER\s0""""/""""export restriction""""" 4 -.el .Ip "``\s-1ER\s0''/``export restriction''" 4 -.IX Item ""ER/export restriction" +.ie n .IP """\s-1ER\s0""/""export restriction""" 4 +.el .IP "``\s-1ER\s0''/``export restriction''" 4 +.IX Item "ER/export restriction" A negotiation not in compliance with export restrictions was detected; for example, attempting to transfer a 1024 bit ephemeral \s-1RSA\s0 key for the \s-1RSA_EXPORT\s0 handshake method. This message is always fatal. -.if n .Ip """""\s-1PV\s0""""/""""protocol version""""" 4 -.el .Ip "``\s-1PV\s0''/``protocol version''" 4 -.IX Item ""PV/protocol version" +.ie n .IP """\s-1PV\s0""/""protocol version""" 4 +.el .IP "``\s-1PV\s0''/``protocol version''" 4 +.IX Item "PV/protocol version" The protocol version the client has attempted to negotiate is recognized, but not supported. (For example, old protocol versions might be avoided for security reasons). This message is always fatal. -.if n .Ip """""\s-1IS\s0""""/""""insufficient security""""" 4 -.el .Ip "``\s-1IS\s0''/``insufficient security''" 4 -.IX Item ""IS/insufficient security" +.ie n .IP """\s-1IS\s0""/""insufficient security""" 4 +.el .IP "``\s-1IS\s0''/``insufficient security''" 4 +.IX Item "IS/insufficient security" Returned instead of handshake_failure when a negotiation has failed specifically because the server requires ciphers more secure than those supported by the client. This message is always fatal. -.if n .Ip """""\s-1IE\s0""""/""""internal error""""" 4 -.el .Ip "``\s-1IE\s0''/``internal error''" 4 -.IX Item ""IE/internal error" +.ie n .IP """\s-1IE\s0""/""internal error""" 4 +.el .IP "``\s-1IE\s0''/``internal error''" 4 +.IX Item "IE/internal error" An internal error unrelated to the peer or the correctness of the protocol makes it impossible to continue (such as a memory allocation failure). This message is always fatal. -.if n .Ip """""\s-1US\s0""""/""""user canceled""""" 4 -.el .Ip "``\s-1US\s0''/``user canceled''" 4 -.IX Item ""US/user canceled" +.ie n .IP """\s-1US\s0""/""user canceled""" 4 +.el .IP "``\s-1US\s0''/``user canceled''" 4 +.IX Item "US/user canceled" This handshake is being canceled for some reason unrelated to a protocol failure. If the user cancels an operation after the handshake is complete, just closing the connection by sending a close_notify is more appropriate. This alert should be followed by a close_notify. This message is generally a warning. -.if n .Ip """""\s-1NR\s0""""/""""no renegotiation""""" 4 -.el .Ip "``\s-1NR\s0''/``no renegotiation''" 4 -.IX Item ""NR/no renegotiation" +.ie n .IP """\s-1NR\s0""/""no renegotiation""" 4 +.el .IP "``\s-1NR\s0''/``no renegotiation''" 4 +.IX Item "NR/no renegotiation" Sent by the client in response to a hello request or by the server in response to a client hello after initial handshaking. Either of these would normally lead to renegotiation; when that @@ -350,11 +342,11 @@ satisfy a request; the process might receive security parameters (key length, authentication, etc.) at startup and it might be difficult to communicate changes to these parameters after that point. This message is always a warning. -.if n .Ip """""\s-1UK\s0""""/""""unknown""""" 4 -.el .Ip "``\s-1UK\s0''/``unknown''" 4 -.IX Item ""UK/unknown" +.ie n .IP """\s-1UK\s0""/""unknown""" 4 +.el .IP "``\s-1UK\s0''/``unknown''" 4 +.IX Item "UK/unknown" This indicates that no description is available for this alert type. Probably \fBvalue\fR does not contain a correct alert message. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_CTX_set_info_callback(3) +\&\fIssl\fR\|(3), \fISSL_CTX_set_info_callback\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_clear.3 b/secure/lib/libssl/man/SSL_clear.3 index 26afe9e..0defcb1 100644 --- a/secure/lib/libssl/man/SSL_clear.3 +++ b/secure/lib/libssl/man/SSL_clear.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:44 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,18 +126,18 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_clear 3" -.TH SSL_clear 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_clear 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_clear \- reset \s-1SSL\s0 object to allow another connection +SSL_clear \- reset SSL object to allow another connection .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 \& int SSL_clear(SSL *ssl); .Ve @@ -160,8 +151,8 @@ SSL_clear is used to prepare an \s-1SSL\s0 object for a new connection. While al settings are kept, a side effect is the handling of the current \s-1SSL\s0 session. If a session is still \fBopen\fR, it is considered bad and will be removed from the session cache, as required by \s-1RFC2246\s0. A session is considered open, -if SSL_shutdown(3) was not called for the connection -or at least SSL_set_shutdown(3) was used to +if \fISSL_shutdown\fR\|(3) was not called for the connection +or at least \fISSL_set_shutdown\fR\|(3) was used to set the \s-1SSL_SENT_SHUTDOWN\s0 state. .PP If a session was closed cleanly, the session object will be kept and all @@ -170,7 +161,7 @@ used during the session will be kept for the next handshake. So if the session was a TLSv1 session, a \s-1SSL\s0 client object will use a TLSv1 client method for the next handshake and a \s-1SSL\s0 server object will use a TLSv1 server method, even if SSLv23_*_methods were chosen on startup. This -will might lead to connection failures (see SSL_new(3)) +will might lead to connection failures (see \fISSL_new\fR\|(3)) for a description of the method's properties. .SH "WARNINGS" .IX Header "WARNINGS" @@ -180,18 +171,18 @@ reset operation however keeps several settings of the last sessions handshake). It only makes sense when opening a new session (or reusing an old one) with the same peer that shares these settings. \&\fISSL_clear()\fR is not a short form for the sequence -SSL_free(3); SSL_new(3); . +\&\fISSL_free\fR\|(3); \fISSL_new\fR\|(3); . .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.Ip "0" 4 +.IP "0" 4 The \fISSL_clear()\fR operation could not be performed. Check the error stack to find out the reason. -.Ip "1" 4 +.IP "1" 4 .IX Item "1" The \fISSL_clear()\fR operation was successful. .PP -SSL_new(3), SSL_free(3), -SSL_shutdown(3), SSL_set_shutdown(3), -SSL_CTX_set_options(3), ssl(3), -SSL_CTX_set_client_cert_cb(3) +\&\fISSL_new\fR\|(3), \fISSL_free\fR\|(3), +\&\fISSL_shutdown\fR\|(3), \fISSL_set_shutdown\fR\|(3), +\&\fISSL_CTX_set_options\fR\|(3), \fIssl\fR\|(3), +\&\fISSL_CTX_set_client_cert_cb\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_connect.3 b/secure/lib/libssl/man/SSL_connect.3 index f79ab00..7fa74eb 100644 --- a/secure/lib/libssl/man/SSL_connect.3 +++ b/secure/lib/libssl/man/SSL_connect.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:44 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,18 +126,18 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_connect 3" -.TH SSL_connect 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_connect 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_connect \- initiate the \s-1TLS/SSL\s0 handshake with an \s-1TLS/SSL\s0 server +SSL_connect \- initiate the TLS/SSL handshake with an TLS/SSL server .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 \& int SSL_connect(SSL *ssl); .Ve @@ -164,7 +155,8 @@ handshake has been finished or an error occurred. .PP If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_connect()\fR will also return when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_connect()\fR -to continue the handshake. In this case a call to \fISSL_get_error()\fR with the +to continue the handshake, indicating the problem by the return value \-1. +In this case a call to \fISSL_get_error()\fR with the return value of \fISSL_connect()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or \&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after taking appropriate action to satisfy the needs of \fISSL_connect()\fR. @@ -175,15 +167,15 @@ into or retrieved out of the \s-1BIO\s0 before being able to continue. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.Ip "1" 4 +.IP "1" 4 .IX Item "1" The \s-1TLS/SSL\s0 handshake was successfully completed, a \s-1TLS/SSL\s0 connection has been established. -.Ip "0" 4 +.IP "0" 4 The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fISSL_get_error()\fR with the return value \fBret\fR to find out the reason. -.Ip "<0" 4 +.IP "<0" 4 .IX Item "<0" The \s-1TLS/SSL\s0 handshake was not successful, because a fatal error occurred either at the protocol level or a connection failure occurred. The shutdown was @@ -192,8 +184,8 @@ for non-blocking BIOs. Call \fISSL_get_error()\fR with the return value \fBret\f to find out the reason. .SH "SEE ALSO" .IX Header "SEE ALSO" -SSL_get_error(3), SSL_accept(3), -SSL_shutdown(3), ssl(3), bio(3), -SSL_set_connect_state(3), -SSL_do_handshake(3), -SSL_CTX_new(3) +\&\fISSL_get_error\fR\|(3), \fISSL_accept\fR\|(3), +\&\fISSL_shutdown\fR\|(3), \fIssl\fR\|(3), \fIbio\fR\|(3), +\&\fISSL_set_connect_state\fR\|(3), +\&\fISSL_do_handshake\fR\|(3), +\&\fISSL_CTX_new\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_do_handshake.3 b/secure/lib/libssl/man/SSL_do_handshake.3 index 0b3dfa2..b712cd6 100644 --- a/secure/lib/libssl/man/SSL_do_handshake.3 +++ b/secure/lib/libssl/man/SSL_do_handshake.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:44 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,18 +126,18 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_do_handshake 3" -.TH SSL_do_handshake 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_do_handshake 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_do_handshake \- perform a \s-1TLS/SSL\s0 handshake +SSL_do_handshake \- perform a TLS/SSL handshake .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 \& int SSL_do_handshake(SSL *ssl); .Ve @@ -155,8 +146,8 @@ SSL_do_handshake \- perform a \s-1TLS/SSL\s0 handshake \&\fISSL_do_handshake()\fR will wait for a \s-1SSL/TLS\s0 handshake to take place. If the connection is in client mode, the handshake will be started. The handshake routines may have to be explicitly set in advance using either -SSL_set_connect_state(3) or -SSL_set_accept_state(3). +\&\fISSL_set_connect_state\fR\|(3) or +\&\fISSL_set_accept_state\fR\|(3). .SH "NOTES" .IX Header "NOTES" The behaviour of \fISSL_do_handshake()\fR depends on the underlying \s-1BIO\s0. @@ -180,15 +171,15 @@ into or retrieved out of the \s-1BIO\s0 before being able to continue. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.Ip "1" 4 +.IP "1" 4 .IX Item "1" The \s-1TLS/SSL\s0 handshake was successfully completed, a \s-1TLS/SSL\s0 connection has been established. -.Ip "0" 4 +.IP "0" 4 The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fISSL_get_error()\fR with the return value \fBret\fR to find out the reason. -.Ip "<0" 4 +.IP "<0" 4 .IX Item "<0" The \s-1TLS/SSL\s0 handshake was not successful because a fatal error occurred either at the protocol level or a connection failure occurred. The shutdown was @@ -197,6 +188,6 @@ for non-blocking BIOs. Call \fISSL_get_error()\fR with the return value \fBret\f to find out the reason. .SH "SEE ALSO" .IX Header "SEE ALSO" -SSL_get_error(3), SSL_connect(3), -SSL_accept(3), ssl(3), bio(3), -SSL_set_connect_state(3) +\&\fISSL_get_error\fR\|(3), \fISSL_connect\fR\|(3), +\&\fISSL_accept\fR\|(3), \fIssl\fR\|(3), \fIbio\fR\|(3), +\&\fISSL_set_connect_state\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_free.3 b/secure/lib/libssl/man/SSL_free.3 index fb0f40d..b693cc5 100644 --- a/secure/lib/libssl/man/SSL_free.3 +++ b/secure/lib/libssl/man/SSL_free.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:45 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,18 +126,18 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_free 3" -.TH SSL_free 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_free 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_free \- free an allocated \s-1SSL\s0 structure +SSL_free \- free an allocated SSL structure .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 \& void SSL_free(SSL *ssl); .Ve @@ -167,14 +158,14 @@ failure. The ssl session has reference counts from two users: the \s-1SSL\s0 object, for which the reference count is removed by \fISSL_free()\fR and the internal session cache. If the session is considered bad, because -SSL_shutdown(3) was not called for the connection -and SSL_set_shutdown(3) was not used to set the +\&\fISSL_shutdown\fR\|(3) was not called for the connection +and \fISSL_set_shutdown\fR\|(3) was not used to set the \&\s-1SSL_SENT_SHUTDOWN\s0 state, the session will also be removed from the session cache as required by \s-1RFC2246\s0. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fISSL_free()\fR does not provide diagnostic information. .PP -SSL_new(3), SSL_clear(3), -SSL_shutdown(3), SSL_set_shutdown(3), -ssl(3) +\&\fISSL_new\fR\|(3), \fISSL_clear\fR\|(3), +\&\fISSL_shutdown\fR\|(3), \fISSL_set_shutdown\fR\|(3), +\&\fIssl\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_get_SSL_CTX.3 b/secure/lib/libssl/man/SSL_get_SSL_CTX.3 index be2587c..78a3af7 100644 --- a/secure/lib/libssl/man/SSL_get_SSL_CTX.3 +++ b/secure/lib/libssl/man/SSL_get_SSL_CTX.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:45 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,28 +126,28 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_get_SSL_CTX 3" -.TH SSL_get_SSL_CTX 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_get_SSL_CTX 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_get_SSL_CTX \- get the \s-1SSL_CTX\s0 from which an \s-1SSL\s0 is created +SSL_get_SSL_CTX \- get the SSL_CTX from which an SSL is created .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 -\& SSL_CTX *SSL_get_SSL_CTX(SSL *ssl); +\& SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fISSL_get_SSL_CTX()\fR returns a pointer to the \s-1SSL_CTX\s0 object, from which -\&\fBssl\fR was created with SSL_new(3). +\&\fBssl\fR was created with \fISSL_new\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" The pointer to the \s-1SSL_CTX\s0 object is returned. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_new(3) +\&\fIssl\fR\|(3), \fISSL_new\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_get_ciphers.3 b/secure/lib/libssl/man/SSL_get_ciphers.3 index d5bd175..97532de 100644 --- a/secure/lib/libssl/man/SSL_get_ciphers.3 +++ b/secure/lib/libssl/man/SSL_get_ciphers.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:45 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_get_ciphers 3" -.TH SSL_get_ciphers 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_get_ciphers 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_get_ciphers, SSL_get_cipher_list \- get list of available SSL_CIPHERs .SH "SYNOPSIS" @@ -147,9 +137,10 @@ SSL_get_ciphers, SSL_get_cipher_list \- get list of available SSL_CIPHERs .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 2 -\& STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *ssl); -\& const char *SSL_get_cipher_list(SSL *ssl, int priority); +\& STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl); +\& const char *SSL_get_cipher_list(const SSL *ssl, int priority); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -164,7 +155,7 @@ is returned. .SH "NOTES" .IX Header "NOTES" The details of the ciphers obtained by \fISSL_get_ciphers()\fR can be obtained using -the SSL_CIPHER_get_name(3) family of functions. +the \fISSL_CIPHER_get_name\fR\|(3) family of functions. .PP Call \fISSL_get_cipher_list()\fR with \fBpriority\fR starting from 0 to obtain the sorted list of available ciphers, until \s-1NULL\s0 is returned. @@ -173,5 +164,5 @@ sorted list of available ciphers, until \s-1NULL\s0 is returned. See \s-1DESCRIPTION\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_CTX_set_cipher_list(3), -SSL_CIPHER_get_name(3) +\&\fIssl\fR\|(3), \fISSL_CTX_set_cipher_list\fR\|(3), +\&\fISSL_CIPHER_get_name\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_get_client_CA_list.3 b/secure/lib/libssl/man/SSL_get_client_CA_list.3 index 32c28f8..a794e6b 100644 --- a/secure/lib/libssl/man/SSL_get_client_CA_list.3 +++ b/secure/lib/libssl/man/SSL_get_client_CA_list.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:45 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_get_client_CA_list 3" -.TH SSL_get_client_CA_list 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_get_client_CA_list 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_get_client_CA_list, SSL_CTX_get_client_CA_list \- get list of client CAs .SH "SYNOPSIS" @@ -147,18 +137,19 @@ SSL_get_client_CA_list, SSL_CTX_get_client_CA_list \- get list of client CAs .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 2 -\& STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s); -\& STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *ctx); +\& STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); +\& STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fISSL_CTX_get_client_CA_list()\fR returns the list of client CAs explicitly set for -\&\fBctx\fR using SSL_CTX_set_client_CA_list(3). +\&\fBctx\fR using \fISSL_CTX_set_client_CA_list\fR\|(3). .PP \&\fISSL_get_client_CA_list()\fR returns the list of client CAs explicitly set for \fBssl\fR using \fISSL_set_client_CA_list()\fR or \fBssl\fR's \s-1SSL_CTX\s0 object with -SSL_CTX_set_client_CA_list(3), when in +\&\fISSL_CTX_set_client_CA_list\fR\|(3), when in server mode. In client mode, SSL_get_client_CA_list returns the list of client CAs sent from the server, if any. .SH "RETURN VALUES" @@ -168,16 +159,16 @@ diagnostic information. .PP \&\fISSL_CTX_add_client_CA()\fR and \fISSL_add_client_CA()\fR have the following return values: -.Ip "STACK_OF(X509_NAMES)" 4 +.IP "\s-1STACK_OF\s0(X509_NAMES)" 4 .IX Item "STACK_OF(X509_NAMES)" List of \s-1CA\s0 names explicitly set (for \fBctx\fR or in server mode) or send by the server (client mode). -.Ip "\s-1NULL\s0" 4 +.IP "\s-1NULL\s0" 4 .IX Item "NULL" No client \s-1CA\s0 list was explicitly set (for \fBctx\fR or in server mode) or the server did not send a list of CAs (client mode). .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), -SSL_CTX_set_client_CA_list(3), -SSL_CTX_set_client_cert_cb(3) +\&\fIssl\fR\|(3), +\&\fISSL_CTX_set_client_CA_list\fR\|(3), +\&\fISSL_CTX_set_client_cert_cb\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_get_current_cipher.3 b/secure/lib/libssl/man/SSL_get_current_cipher.3 index 368303c..c28d55a 100644 --- a/secure/lib/libssl/man/SSL_get_current_cipher.3 +++ b/secure/lib/libssl/man/SSL_get_current_cipher.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:45 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,21 +126,21 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_get_current_cipher 3" -.TH SSL_get_current_cipher 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_get_current_cipher 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_get_current_cipher, SSL_get_cipher, SSL_get_cipher_name, -SSL_get_cipher_bits, SSL_get_cipher_version \- get \s-1SSL_CIPHER\s0 of a connection +SSL_get_cipher_bits, SSL_get_cipher_version \- get SSL_CIPHER of a connection .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 9 -\& SSL_CIPHER *SSL_get_current_cipher(SSL *ssl); +\& SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl); \& #define SSL_get_cipher(s) \e \& SSL_CIPHER_get_name(SSL_get_current_cipher(s)) \& #define SSL_get_cipher_name(s) \e @@ -169,11 +160,11 @@ the \fBssl\fR object. name of the currently used cipher. \fISSL_get_cipher_bits()\fR is a macro to obtain the number of secret/algorithm bits used and \&\fISSL_get_cipher_version()\fR returns the protocol name. -See SSL_CIPHER_get_name(3) for more details. +See \fISSL_CIPHER_get_name\fR\|(3) for more details. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fISSL_get_current_cipher()\fR returns the cipher actually used or \s-1NULL\s0, when no session has been established. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_CIPHER_get_name(3) +\&\fIssl\fR\|(3), \fISSL_CIPHER_get_name\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_get_default_timeout.3 b/secure/lib/libssl/man/SSL_get_default_timeout.3 index 07736d3..591f272 100644 --- a/secure/lib/libssl/man/SSL_get_default_timeout.3 +++ b/secure/lib/libssl/man/SSL_get_default_timeout.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:45 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_get_default_timeout 3" -.TH SSL_get_default_timeout 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_get_default_timeout 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_get_default_timeout \- get default session timeout value .SH "SYNOPSIS" @@ -147,8 +137,9 @@ SSL_get_default_timeout \- get default session timeout value .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 -\& long SSL_get_default_timeout(SSL *ssl); +\& long SSL_get_default_timeout(const SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -159,7 +150,7 @@ SSL_get_default_timeout \- get default session timeout value Whenever a new session is negotiated, it is assigned a timeout value, after which it will not be accepted for session reuse. If the timeout value was not explicitly set using -SSL_CTX_set_timeout(3), the hardcoded default +\&\fISSL_CTX_set_timeout\fR\|(3), the hardcoded default timeout for the protocol will be used. .PP \&\fISSL_get_default_timeout()\fR return this hardcoded value, which is 300 seconds @@ -169,8 +160,8 @@ for all currently supported protocols (SSLv2, SSLv3, and TLSv1). See description. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), -SSL_CTX_set_session_cache_mode(3), -SSL_SESSION_get_time(3), -SSL_CTX_flush_sessions(3), -SSL_get_default_timeout(3) +\&\fIssl\fR\|(3), +\&\fISSL_CTX_set_session_cache_mode\fR\|(3), +\&\fISSL_SESSION_get_time\fR\|(3), +\&\fISSL_CTX_flush_sessions\fR\|(3), +\&\fISSL_get_default_timeout\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_get_error.3 b/secure/lib/libssl/man/SSL_get_error.3 index 9422117..150362d 100644 --- a/secure/lib/libssl/man/SSL_get_error.3 +++ b/secure/lib/libssl/man/SSL_get_error.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:46 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,20 +126,20 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_get_error 3" -.TH SSL_get_error 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_get_error 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_get_error \- obtain result code for \s-1TLS/SSL\s0 I/O operation +SSL_get_error \- obtain result code for TLS/SSL I/O operation .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 -\& int SSL_get_error(SSL *ssl, int ret); +\& int SSL_get_error(const SSL *ssl, int ret); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -167,11 +158,11 @@ attempted, or \fISSL_get_error()\fR will not work reliably. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can currently occur: -.Ip "\s-1SSL_ERROR_NONE\s0" 4 +.IP "\s-1SSL_ERROR_NONE\s0" 4 .IX Item "SSL_ERROR_NONE" The \s-1TLS/SSL\s0 I/O operation completed. This result code is returned if and only if \fBret > 0\fR. -.Ip "\s-1SSL_ERROR_ZERO_RETURN\s0" 4 +.IP "\s-1SSL_ERROR_ZERO_RETURN\s0" 4 .IX Item "SSL_ERROR_ZERO_RETURN" The \s-1TLS/SSL\s0 connection has been closed. If the protocol version is \s-1SSL\s0 3.0 or \s-1TLS\s0 1.0, this result code is returned only if a closure @@ -179,7 +170,7 @@ alert has occurred in the protocol, i.e. if the connection has been closed cleanly. Note that in this case \fB\s-1SSL_ERROR_ZERO_RETURN\s0\fR does not necessarily indicate that the underlying transport has been closed. -.Ip "\s-1SSL_ERROR_WANT_READ\s0, \s-1SSL_ERROR_WANT_WRITE\s0" 4 +.IP "\s-1SSL_ERROR_WANT_READ\s0, \s-1SSL_ERROR_WANT_WRITE\s0" 4 .IX Item "SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE" The operation did not complete; the same \s-1TLS/SSL\s0 I/O function should be called again later. If, by then, the underlying \fB\s-1BIO\s0\fR has data @@ -202,7 +193,7 @@ Caveat: Any \s-1TLS/SSL\s0 I/O function can lead to either of to read data. This is mainly because \s-1TLS/SSL\s0 handshakes may occur at any time during the protocol (initiated by either the client or the server); \&\fISSL_read()\fR, \fISSL_peek()\fR, and \fISSL_write()\fR will handle any pending handshakes. -.Ip "\s-1SSL_ERROR_WANT_CONNECT\s0, \s-1SSL_ERROR_WANT_ACCEPT\s0" 4 +.IP "\s-1SSL_ERROR_WANT_CONNECT\s0, \s-1SSL_ERROR_WANT_ACCEPT\s0" 4 .IX Item "SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT" The operation did not complete; the same \s-1TLS/SSL\s0 I/O function should be called again later. The underlying \s-1BIO\s0 was not connected yet to the peer @@ -212,13 +203,13 @@ appear with a \fIBIO_s_connect()\fR or \fIBIO_s_accept()\fR \s-1BIO\s0, respecti In order to find out, when the connection has been successfully established, on many platforms \fIselect()\fR or \fIpoll()\fR for writing on the socket file descriptor can be used. -.Ip "\s-1SSL_ERROR_WANT_X509_LOOKUP\s0" 4 +.IP "\s-1SSL_ERROR_WANT_X509_LOOKUP\s0" 4 .IX Item "SSL_ERROR_WANT_X509_LOOKUP" The operation did not complete because an application callback set by \&\fISSL_CTX_set_client_cert_cb()\fR has asked to be called again. The \s-1TLS/SSL\s0 I/O function should be called again later. Details depend on the application. -.Ip "\s-1SSL_ERROR_SYSCALL\s0" 4 +.IP "\s-1SSL_ERROR_SYSCALL\s0" 4 .IX Item "SSL_ERROR_SYSCALL" Some I/O error occurred. The OpenSSL error queue may contain more information on the error. If the error queue is empty @@ -226,13 +217,13 @@ information on the error. If the error queue is empty about the error: If \fBret == 0\fR, an \s-1EOF\s0 was observed that violates the protocol. If \fBret == \-1\fR, the underlying \fB\s-1BIO\s0\fR reported an I/O error (for socket I/O on Unix systems, consult \fBerrno\fR for details). -.Ip "\s-1SSL_ERROR_SSL\s0" 4 +.IP "\s-1SSL_ERROR_SSL\s0" 4 .IX Item "SSL_ERROR_SSL" A failure in the \s-1SSL\s0 library occurred, usually a protocol error. The OpenSSL error queue contains more information on the error. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), err(3) +\&\fIssl\fR\|(3), \fIerr\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\fISSL_get_error()\fR was added in SSLeay 0.8. diff --git a/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 b/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 index 8cc2803..4591151 100644 --- a/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 +++ b/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:46 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,19 +126,19 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_get_ex_data_X509_STORE_CTX_idx 3" -.TH SSL_get_ex_data_X509_STORE_CTX_idx 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_get_ex_data_X509_STORE_CTX_idx 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_get_ex_data_X509_STORE_CTX_idx \- get ex_data index to access \s-1SSL\s0 structure +SSL_get_ex_data_X509_STORE_CTX_idx \- get ex_data index to access SSL structure from X509_STORE_CTX .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 \& int SSL_get_ex_data_X509_STORE_CTX_idx(void); .Ve @@ -172,10 +163,10 @@ The value depends on other index values defined for X509_STORE_CTX objects before the \s-1SSL\s0 index is created. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -.Ip ">=0" 4 +.IP ">=0" 4 .IX Item ">=0" The index value to access the pointer. -.Ip "<0" 4 +.IP "<0" 4 .IX Item "<0" An error occurred, check the error stack for a detailed error message. .SH "EXAMPLES" @@ -183,8 +174,8 @@ An error occurred, check the error stack for a detailed error message. The index returned from \fISSL_get_ex_data_X509_STORE_CTX_idx()\fR allows to access the \s-1SSL\s0 object for the connection to be accessed during the \&\fIverify_callback()\fR when checking the peers certificate. Please check -the example in SSL_CTX_set_verify(3), +the example in \fISSL_CTX_set_verify\fR\|(3), .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_CTX_set_verify(3), -CRYPTO_set_ex_data(3) +\&\fIssl\fR\|(3), \fISSL_CTX_set_verify\fR\|(3), +\&\fICRYPTO_set_ex_data\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_get_ex_new_index.3 b/secure/lib/libssl/man/SSL_get_ex_new_index.3 index 50369ce..4cb6b88 100644 --- a/secure/lib/libssl/man/SSL_get_ex_new_index.3 +++ b/secure/lib/libssl/man/SSL_get_ex_new_index.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:46 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_get_ex_new_index 3" -.TH SSL_get_ex_new_index 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_get_ex_new_index 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_get_ex_new_index, SSL_set_ex_data, SSL_get_ex_data \- internal application specific data functions .SH "SYNOPSIS" @@ -147,18 +137,22 @@ SSL_get_ex_new_index, SSL_set_ex_data, SSL_get_ex_data \- internal application s .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 4 \& int SSL_get_ex_new_index(long argl, void *argp, \& CRYPTO_EX_new *new_func, \& CRYPTO_EX_dup *dup_func, \& CRYPTO_EX_free *free_func); .Ve +.PP .Vb 1 \& int SSL_set_ex_data(SSL *ssl, int idx, void *arg); .Ve +.PP .Vb 1 -\& void *SSL_get_ex_data(SSL *ssl, int idx); +\& void *SSL_get_ex_data(const SSL *ssl, int idx); .Ve +.PP .Vb 6 \& typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, \& int idx, long argl, void *argp); @@ -183,16 +177,16 @@ the \fBssl\fR object. \&\fBssl\fR. .PP A detailed description for the \fB*\f(BI_get_ex_new_index()\fB\fR functionality -can be found in RSA_get_ex_new_index(3). +can be found in \fIRSA_get_ex_new_index\fR\|(3). The \fB*\f(BI_get_ex_data()\fB\fR and \fB*\f(BI_set_ex_data()\fB\fR functionality is described in -CRYPTO_set_ex_data(3). +\&\fICRYPTO_set_ex_data\fR\|(3). .SH "EXAMPLES" .IX Header "EXAMPLES" An example on how to use the functionality is included in the example -\&\fIverify_callback()\fR in SSL_CTX_set_verify(3). +\&\fIverify_callback()\fR in \fISSL_CTX_set_verify\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), -RSA_get_ex_new_index(3), -CRYPTO_set_ex_data(3), -SSL_CTX_set_verify(3) +\&\fIssl\fR\|(3), +\&\fIRSA_get_ex_new_index\fR\|(3), +\&\fICRYPTO_set_ex_data\fR\|(3), +\&\fISSL_CTX_set_verify\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_get_fd.3 b/secure/lib/libssl/man/SSL_get_fd.3 index f504acf..77ba2c7 100644 --- a/secure/lib/libssl/man/SSL_get_fd.3 +++ b/secure/lib/libssl/man/SSL_get_fd.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:46 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,22 +126,22 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_get_fd 3" -.TH SSL_get_fd 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_get_fd 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_get_fd \- get file descriptor linked to an \s-1SSL\s0 object +SSL_get_fd \- get file descriptor linked to an SSL object .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 3 -\& int SSL_get_fd(SSL *ssl); -\& int SSL_get_rfd(SSL *ssl); -\& int SSL_get_wfd(SSL *ssl); +\& int SSL_get_fd(const SSL *ssl); +\& int SSL_get_rfd(const SSL *ssl); +\& int SSL_get_wfd(const SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -162,13 +153,13 @@ of the read channel. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.Ip "\-1" 4 +.IP "\-1" 4 .IX Item "-1" The operation failed, because the underlying \s-1BIO\s0 is not of the correct type (suitable for file descriptors). -.Ip ">=0" 4 +.IP ">=0" 4 .IX Item ">=0" The file descriptor linked to \fBssl\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" -SSL_set_fd(3), ssl(3) , bio(3) +\&\fISSL_set_fd\fR\|(3), \fIssl\fR\|(3) , \fIbio\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 b/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 index 5710dbf..2033946 100644 --- a/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 +++ b/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:46 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_get_peer_cert_chain 3" -.TH SSL_get_peer_cert_chain 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_get_peer_cert_chain 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_get_peer_cert_chain \- get the X509 certificate chain of the peer .SH "SYNOPSIS" @@ -147,35 +137,36 @@ SSL_get_peer_cert_chain \- get the X509 certificate chain of the peer .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 -\& STACKOF(X509) *SSL_get_peer_cert_chain(SSL *ssl); +\& STACKOF(X509) *SSL_get_peer_cert_chain(const SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_get_peer_cert_chain()\fR returns a pointer to STACKOF(X509) certificates +\&\fISSL_get_peer_cert_chain()\fR returns a pointer to \s-1STACKOF\s0(X509) certificates forming the certificate chain of the peer. If called on the client side, the stack also contains the peer's certificate; if called on the server side, the peer's certificate must be obtained separately using -SSL_get_peer_certificate(3). +\&\fISSL_get_peer_certificate\fR\|(3). If the peer did not present a certificate, \s-1NULL\s0 is returned. .SH "NOTES" .IX Header "NOTES" The peer certificate chain is not necessarily available after reusing a session, in which case a \s-1NULL\s0 pointer is returned. .PP -The reference count of the STACKOF(X509) object is not incremented. +The reference count of the \s-1STACKOF\s0(X509) object is not incremented. If the corresponding session is freed, the pointer must not be used any longer. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.Ip "\s-1NULL\s0" 4 +.IP "\s-1NULL\s0" 4 .IX Item "NULL" No certificate was presented by the peer or no connection was established or the certificate chain is no longer available when a session is reused. -.Ip "Pointer to a STACKOF(X509)" 4 +.IP "Pointer to a \s-1STACKOF\s0(X509)" 4 .IX Item "Pointer to a STACKOF(X509)" The return value points to the certificate chain presented by the peer. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_get_peer_certificate(3) +\&\fIssl\fR\|(3), \fISSL_get_peer_certificate\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_get_peer_certificate.3 b/secure/lib/libssl/man/SSL_get_peer_certificate.3 index de49701..c87ac81 100644 --- a/secure/lib/libssl/man/SSL_get_peer_certificate.3 +++ b/secure/lib/libssl/man/SSL_get_peer_certificate.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:47 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_get_peer_certificate 3" -.TH SSL_get_peer_certificate 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_get_peer_certificate 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_get_peer_certificate \- get the X509 certificate of the peer .SH "SYNOPSIS" @@ -147,8 +137,9 @@ SSL_get_peer_certificate \- get the X509 certificate of the peer .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 -\& X509 *SSL_get_peer_certificate(SSL *ssl); +\& X509 *SSL_get_peer_certificate(const SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -159,11 +150,11 @@ peer presented. If the peer did not present a certificate, \s-1NULL\s0 is return Due to the protocol definition, a \s-1TLS/SSL\s0 server will always send a certificate, if present. A client will only send a certificate when explicitly requested to do so by the server (see -SSL_CTX_set_verify(3)). If an anonymous cipher +\&\fISSL_CTX_set_verify\fR\|(3)). If an anonymous cipher is used, no certificates are sent. .PP That a certificate is returned does not indicate information about the -verification state, use SSL_get_verify_result(3) +verification state, use \fISSL_get_verify_result\fR\|(3) to check the verification state. .PP The reference count of the X509 object is incremented by one, so that it @@ -172,13 +163,13 @@ freed. The X509 object must be explicitly freed using \fIX509_free()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.Ip "\s-1NULL\s0" 4 +.IP "\s-1NULL\s0" 4 .IX Item "NULL" No certificate was presented by the peer or no connection was established. -.Ip "Pointer to an X509 certificate" 4 +.IP "Pointer to an X509 certificate" 4 .IX Item "Pointer to an X509 certificate" The return value points to the certificate presented by the peer. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_get_verify_result(3), -SSL_CTX_set_verify(3) +\&\fIssl\fR\|(3), \fISSL_get_verify_result\fR\|(3), +\&\fISSL_CTX_set_verify\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_get_rbio.3 b/secure/lib/libssl/man/SSL_get_rbio.3 index 843a7b3..4042e36 100644 --- a/secure/lib/libssl/man/SSL_get_rbio.3 +++ b/secure/lib/libssl/man/SSL_get_rbio.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:47 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,18 +126,18 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_get_rbio 3" -.TH SSL_get_rbio 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_get_rbio 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_get_rbio \- get \s-1BIO\s0 linked to an \s-1SSL\s0 object +SSL_get_rbio \- get BIO linked to an SSL object .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 2 \& BIO *SSL_get_rbio(SSL *ssl); \& BIO *SSL_get_wbio(SSL *ssl); @@ -159,12 +150,12 @@ of the \s-1BIO\s0 is not incremented. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.Ip "\s-1NULL\s0" 4 +.IP "\s-1NULL\s0" 4 .IX Item "NULL" No \s-1BIO\s0 was connected to the \s-1SSL\s0 object -.Ip "Any other pointer" 4 +.IP "Any other pointer" 4 .IX Item "Any other pointer" The \s-1BIO\s0 linked to \fBssl\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" -SSL_set_bio(3), ssl(3) , bio(3) +\&\fISSL_set_bio\fR\|(3), \fIssl\fR\|(3) , \fIbio\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_get_session.3 b/secure/lib/libssl/man/SSL_get_session.3 index 1d936f9..22b7c89 100644 --- a/secure/lib/libssl/man/SSL_get_session.3 +++ b/secure/lib/libssl/man/SSL_get_session.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:47 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,21 +126,21 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_get_session 3" -.TH SSL_get_session 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_get_session 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_get_session \- retrieve \s-1TLS/SSL\s0 session data +SSL_get_session \- retrieve TLS/SSL session data .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 3 -\& SSL_SESSION *SSL_get_session(SSL *ssl); -\& SSL_SESSION *SSL_get0_session(SSL *ssl); +\& SSL_SESSION *SSL_get_session(const SSL *ssl); +\& SSL_SESSION *SSL_get0_session(const SSL *ssl); \& SSL_SESSION *SSL_get1_session(SSL *ssl); .Ve .SH "DESCRIPTION" @@ -169,16 +160,16 @@ connection without a new handshake. .PP \&\fISSL_get0_session()\fR returns a pointer to the actual session. As the reference counter is not incremented, the pointer is only valid while -the connection is in use. If SSL_clear(3) or -SSL_free(3) is called, the session may be removed completely +the connection is in use. If \fISSL_clear\fR\|(3) or +\&\fISSL_free\fR\|(3) is called, the session may be removed completely (if considered bad), and the pointer obtained will become invalid. Even if the session is valid, it can be removed at any time due to timeout -during SSL_CTX_flush_sessions(3). +during \fISSL_CTX_flush_sessions\fR\|(3). .PP If the data is to be kept, \fISSL_get1_session()\fR will increment the reference count, so that the session will not be implicitly removed by other operations but stays in memory. In order to remove the session -SSL_SESSION_free(3) must be explicitly called once +\&\fISSL_SESSION_free\fR\|(3) must be explicitly called once to decrement the reference count again. .PP \&\s-1SSL_SESSION\s0 objects keep internal link information about the session cache @@ -189,14 +180,14 @@ from this \s-1SSL_CTX\s0 object). .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.Ip "\s-1NULL\s0" 4 +.IP "\s-1NULL\s0" 4 .IX Item "NULL" There is no session available in \fBssl\fR. -.Ip "Pointer to an \s-1SSL\s0" 4 +.IP "Pointer to an \s-1SSL\s0" 4 .IX Item "Pointer to an SSL" The return value points to the data of an \s-1SSL\s0 session. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_free(3), -SSL_clear(3), -SSL_SESSION_free(3) +\&\fIssl\fR\|(3), \fISSL_free\fR\|(3), +\&\fISSL_clear\fR\|(3), +\&\fISSL_SESSION_free\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_get_verify_result.3 b/secure/lib/libssl/man/SSL_get_verify_result.3 index a9ca9f7..6a128d4 100644 --- a/secure/lib/libssl/man/SSL_get_verify_result.3 +++ b/secure/lib/libssl/man/SSL_get_verify_result.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:47 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_get_verify_result 3" -.TH SSL_get_verify_result 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_get_verify_result 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_get_verify_result \- get result of peer certificate verification .SH "SYNOPSIS" @@ -147,8 +137,9 @@ SSL_get_verify_result \- get result of peer certificate verification .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 -\& long SSL_get_verify_result(SSL *ssl); +\& long SSL_get_verify_result(const SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -168,18 +159,18 @@ when a session is reused. If no peer certificate was presented, the returned result code is X509_V_OK. This is because no verification error occurred, it does however not indicate success. \fISSL_get_verify_result()\fR is only useful in connection -with SSL_get_peer_certificate(3). +with \fISSL_get_peer_certificate\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can currently occur: -.Ip "X509_V_OK" 4 +.IP "X509_V_OK" 4 .IX Item "X509_V_OK" The verification succeeded or no peer certificate was presented. -.Ip "Any other value" 4 +.IP "Any other value" 4 .IX Item "Any other value" -Documented in verify(1). +Documented in \fIverify\fR\|(1). .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_set_verify_result(3), -SSL_get_peer_certificate(3), -verify(1) +\&\fIssl\fR\|(3), \fISSL_set_verify_result\fR\|(3), +\&\fISSL_get_peer_certificate\fR\|(3), +\&\fIverify\fR\|(1) diff --git a/secure/lib/libssl/man/SSL_get_version.3 b/secure/lib/libssl/man/SSL_get_version.3 index c8b806f..925f406 100644 --- a/secure/lib/libssl/man/SSL_get_version.3 +++ b/secure/lib/libssl/man/SSL_get_version.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:47 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_get_version 3" -.TH SSL_get_version 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_get_version 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_get_version \- get the protocol version of a connection. .SH "SYNOPSIS" @@ -147,8 +137,9 @@ SSL_get_version \- get the protocol version of a connection. .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 -\& const char *SSL_get_version(SSL *ssl); +\& const char *SSL_get_version(const SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -157,18 +148,18 @@ connection \fBssl\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following strings can occur: -.Ip "SSLv2" 4 +.IP "SSLv2" 4 .IX Item "SSLv2" The connection uses the SSLv2 protocol. -.Ip "SSLv3" 4 +.IP "SSLv3" 4 .IX Item "SSLv3" The connection uses the SSLv3 protocol. -.Ip "TLSv1" 4 +.IP "TLSv1" 4 .IX Item "TLSv1" The connection uses the TLSv1 protocol. -.Ip "unknown" 4 +.IP "unknown" 4 .IX Item "unknown" This indicates that no version has been set (no connection established). .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3) +\&\fIssl\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_library_init.3 b/secure/lib/libssl/man/SSL_library_init.3 index 67dac81..ad9ea2c 100644 --- a/secure/lib/libssl/man/SSL_library_init.3 +++ b/secure/lib/libssl/man/SSL_library_init.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:47 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,19 +126,19 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_library_init 3" -.TH SSL_library_init 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_library_init 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_library_init, OpenSSL_add_ssl_algorithms, SSLeay_add_ssl_algorithms -\&\- initialize \s-1SSL\s0 library by registering algorithms +\&\- initialize SSL library by registering algorithms .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 3 \& int SSL_library_init(void); \& #define OpenSSL_add_ssl_algorithms() SSL_library_init() @@ -183,5 +174,5 @@ will provide readable error messages and will seed the \s-1PRNG\s0. value. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_load_error_strings(3), -RAND_add(3) +\&\fIssl\fR\|(3), \fISSL_load_error_strings\fR\|(3), +\&\fIRAND_add\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_load_client_CA_file.3 b/secure/lib/libssl/man/SSL_load_client_CA_file.3 index d6fb1a8..5c2d8b5 100644 --- a/secure/lib/libssl/man/SSL_load_client_CA_file.3 +++ b/secure/lib/libssl/man/SSL_load_client_CA_file.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:48 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_load_client_CA_file 3" -.TH SSL_load_client_CA_file 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_load_client_CA_file 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_load_client_CA_file \- load certificate names from file .SH "SYNOPSIS" @@ -147,19 +137,20 @@ SSL_load_client_CA_file \- load certificate names from file .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 \& STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fISSL_load_client_CA_file()\fR reads certificates from \fBfile\fR and returns -a STACK_OF(X509_NAME) with the subject names found. +a \s-1STACK_OF\s0(X509_NAME) with the subject names found. .SH "NOTES" .IX Header "NOTES" \&\fISSL_load_client_CA_file()\fR reads a file of \s-1PEM\s0 formatted certificates and extracts the X509_NAMES of the certificates found. While the name suggests the specific usage as support function for -SSL_CTX_set_client_CA_list(3), +\&\fISSL_CTX_set_client_CA_list\fR\|(3), it is not limited to \s-1CA\s0 certificates. .SH "EXAMPLES" .IX Header "EXAMPLES" @@ -169,6 +160,7 @@ Load names of CAs from file and use it as a client \s-1CA\s0 list: \& SSL_CTX *ctx; \& STACK_OF(X509_NAME) *cert_names; .Ve +.PP .Vb 7 \& ... \& cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem"); @@ -181,13 +173,13 @@ Load names of CAs from file and use it as a client \s-1CA\s0 list: .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.Ip "\s-1NULL\s0" 4 +.IP "\s-1NULL\s0" 4 .IX Item "NULL" The operation failed, check out the error stack for the reason. -.Ip "Pointer to STACK_OF(X509_NAME)" 4 +.IP "Pointer to \s-1STACK_OF\s0(X509_NAME)" 4 .IX Item "Pointer to STACK_OF(X509_NAME)" Pointer to the subject names of the successfully read certificates. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), -SSL_CTX_set_client_CA_list(3) +\&\fIssl\fR\|(3), +\&\fISSL_CTX_set_client_CA_list\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_new.3 b/secure/lib/libssl/man/SSL_new.3 index 8c75860..e7b8348 100644 --- a/secure/lib/libssl/man/SSL_new.3 +++ b/secure/lib/libssl/man/SSL_new.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:48 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,18 +126,18 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_new 3" -.TH SSL_new 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_new 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_new \- create a new \s-1SSL\s0 structure for a connection +SSL_new \- create a new SSL structure for a connection .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 \& SSL *SSL_new(SSL_CTX *ctx); .Ve @@ -159,16 +150,16 @@ options, verification settings, timeout settings. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.Ip "\s-1NULL\s0" 4 +.IP "\s-1NULL\s0" 4 .IX Item "NULL" The creation of a new \s-1SSL\s0 structure failed. Check the error stack to find out the reason. -.Ip "Pointer to an \s-1SSL\s0 structure" 4 +.IP "Pointer to an \s-1SSL\s0 structure" 4 .IX Item "Pointer to an SSL structure" The return value points to an allocated \s-1SSL\s0 structure. .SH "SEE ALSO" .IX Header "SEE ALSO" -SSL_free(3), SSL_clear(3), -SSL_CTX_set_options(3), -SSL_get_SSL_CTX(3), -ssl(3) +\&\fISSL_free\fR\|(3), \fISSL_clear\fR\|(3), +\&\fISSL_CTX_set_options\fR\|(3), +\&\fISSL_get_SSL_CTX\fR\|(3), +\&\fIssl\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_pending.3 b/secure/lib/libssl/man/SSL_pending.3 index 2e96208..71be918 100644 --- a/secure/lib/libssl/man/SSL_pending.3 +++ b/secure/lib/libssl/man/SSL_pending.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:48 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,20 +126,20 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_pending 3" -.TH SSL_pending 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_pending 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_pending \- obtain number of readable bytes buffered in an \s-1SSL\s0 object +SSL_pending \- obtain number of readable bytes buffered in an SSL object .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 -\& int SSL_pending(SSL *ssl); +\& int SSL_pending(const SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -158,7 +149,7 @@ SSL_pending \- obtain number of readable bytes buffered in an \s-1SSL\s0 object .IX Header "NOTES" Data are received in blocks from the peer. Therefore data can be buffered inside \fBssl\fR and are ready for immediate retrieval with -SSL_read(3). +\&\fISSL_read\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" The number of bytes pending is returned. @@ -174,4 +165,4 @@ Up to OpenSSL 0.9.6, \fISSL_pending()\fR does not check if the record type of pending data is application data. .SH "SEE ALSO" .IX Header "SEE ALSO" -SSL_read(3), ssl(3) +\&\fISSL_read\fR\|(3), \fIssl\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_read.3 b/secure/lib/libssl/man/SSL_read.3 index 5e41942..2404f7c 100644 --- a/secure/lib/libssl/man/SSL_read.3 +++ b/secure/lib/libssl/man/SSL_read.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:48 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,18 +126,18 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_read 3" -.TH SSL_read 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_read 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_read \- read bytes from a \s-1TLS/SSL\s0 connection. +SSL_read \- read bytes from a TLS/SSL connection. .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 \& int SSL_read(SSL *ssl, void *buf, int num); .Ve @@ -157,16 +148,16 @@ buffer \fBbuf\fR. .SH "NOTES" .IX Header "NOTES" If necessary, \fISSL_read()\fR will negotiate a \s-1TLS/SSL\s0 session, if -not already explicitly performed by SSL_connect(3) or -SSL_accept(3). If the -peer requests a re-negotiation, it will be performed transparently during +not already explicitly performed by \fISSL_connect\fR\|(3) or +\&\fISSL_accept\fR\|(3). If the +peer requests a re\-negotiation, it will be performed transparently during the \fISSL_read()\fR operation. The behaviour of \fISSL_read()\fR depends on the underlying \s-1BIO\s0. .PP For the transparent negotiation to succeed, the \fBssl\fR must have been initialized to client or server mode. This is being done by calling -SSL_set_connect_state(3) or \fISSL_set_accept_state()\fR -before the first call to an \fISSL_read()\fR or SSL_write(3) +\&\fISSL_set_connect_state\fR\|(3) or \fISSL_set_accept_state()\fR +before the first call to an \fISSL_read()\fR or \fISSL_write\fR\|(3) function. .PP \&\fISSL_read()\fR works based on the \s-1SSL/TLS\s0 records. The data are received in @@ -188,12 +179,12 @@ If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_read()\fR will only retur read operation has been finished or an error occurred, except when a renegotiation take place, in which case a \s-1SSL_ERROR_WANT_READ\s0 may occur. This behaviour can be controlled with the \s-1SSL_MODE_AUTO_RETRY\s0 flag of the -SSL_CTX_set_mode(3) call. +\&\fISSL_CTX_set_mode\fR\|(3) call. .PP If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_read()\fR will also return when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_read()\fR to continue the operation. In this case a call to -SSL_get_error(3) with the +\&\fISSL_get_error\fR\|(3) with the return value of \fISSL_read()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or \&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. As at any time a re-negotiation is possible, a call to \fISSL_read()\fR can also cause write operations! The calling process @@ -210,16 +201,16 @@ with the same arguments. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.Ip ">0" 4 +.IP ">0" 4 .IX Item ">0" The read operation was successful; the return value is the number of bytes actually read from the \s-1TLS/SSL\s0 connection. -.Ip "0" 4 +.IP "0" 4 The read operation was not successful. The reason may either be a clean shutdown due to a \*(L"close notify\*(R" alert sent by the peer (in which case the \s-1SSL_RECEIVED_SHUTDOWN\s0 flag in the ssl shutdown state is set -(see SSL_shutdown(3), -SSL_set_shutdown(3)). It is also possible, that +(see \fISSL_shutdown\fR\|(3), +\&\fISSL_set_shutdown\fR\|(3)). It is also possible, that the peer simply shut down the underlying transport and the shutdown is incomplete. Call \fISSL_get_error()\fR with the return value \fBret\fR to find out, whether an error occurred or the connection was shut down cleanly @@ -229,16 +220,16 @@ SSLv2 (deprecated) does not support a shutdown alert protocol, so it can only be detected, whether the underlying connection was closed. It cannot be checked, whether the closure was initiated by the peer or by something else. -.Ip "<0" 4 +.IP "<0" 4 .IX Item "<0" The read operation was not successful, because either an error occurred or action must be taken by the calling process. Call \fISSL_get_error()\fR with the return value \fBret\fR to find out the reason. .SH "SEE ALSO" .IX Header "SEE ALSO" -SSL_get_error(3), SSL_write(3), -SSL_CTX_set_mode(3), SSL_CTX_new(3), -SSL_connect(3), SSL_accept(3) -SSL_set_connect_state(3), -SSL_shutdown(3), SSL_set_shutdown(3), -ssl(3), bio(3) +\&\fISSL_get_error\fR\|(3), \fISSL_write\fR\|(3), +\&\fISSL_CTX_set_mode\fR\|(3), \fISSL_CTX_new\fR\|(3), +\&\fISSL_connect\fR\|(3), \fISSL_accept\fR\|(3) +\&\fISSL_set_connect_state\fR\|(3), +\&\fISSL_shutdown\fR\|(3), \fISSL_set_shutdown\fR\|(3), +\&\fIssl\fR\|(3), \fIbio\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_rstate_string.3 b/secure/lib/libssl/man/SSL_rstate_string.3 index 48214cf..4d565a2 100644 --- a/secure/lib/libssl/man/SSL_rstate_string.3 +++ b/secure/lib/libssl/man/SSL_rstate_string.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:48 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,18 +126,18 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_rstate_string 3" -.TH SSL_rstate_string 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_rstate_string 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_rstate_string, SSL_rstate_string_long \- get textual description of state of an \s-1SSL\s0 object during read operation +SSL_rstate_string, SSL_rstate_string_long \- get textual description of state of an SSL object during read operation .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 2 \& const char *SSL_rstate_string(SSL *ssl); \& const char *SSL_rstate_string_long(SSL *ssl); @@ -169,22 +160,22 @@ This function should only seldom be needed in applications. .IX Header "RETURN VALUES" \&\fISSL_rstate_string()\fR and \fISSL_rstate_string_long()\fR can return the following values: -.if n .Ip """""\s-1RH\s0""""/""""read header""""" 4 -.el .Ip "``\s-1RH\s0''/``read header''" 4 -.IX Item ""RH/read header" +.ie n .IP """\s-1RH\s0""/""read header""" 4 +.el .IP "``\s-1RH\s0''/``read header''" 4 +.IX Item "RH/read header" The header of the record is being evaluated. -.if n .Ip """""\s-1RB\s0""""/""""read body""""" 4 -.el .Ip "``\s-1RB\s0''/``read body''" 4 -.IX Item ""RB/read body" +.ie n .IP """\s-1RB\s0""/""read body""" 4 +.el .IP "``\s-1RB\s0''/``read body''" 4 +.IX Item "RB/read body" The body of the record is being evaluated. -.if n .Ip """""\s-1RD\s0""""/""""read done""""" 4 -.el .Ip "``\s-1RD\s0''/``read done''" 4 -.IX Item ""RD/read done" +.ie n .IP """\s-1RD\s0""/""read done""" 4 +.el .IP "``\s-1RD\s0''/``read done''" 4 +.IX Item "RD/read done" The record has been completely processed. -.if n .Ip """""unknown""""/""""unknown""""" 4 -.el .Ip "``unknown''/``unknown''" 4 -.IX Item ""unknown/unknown" +.ie n .IP """unknown""/""unknown""" 4 +.el .IP "``unknown''/``unknown''" 4 +.IX Item "unknown/unknown" The read state is unknown. This should never happen. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3) +\&\fIssl\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_session_reused.3 b/secure/lib/libssl/man/SSL_session_reused.3 index 262903a..7b705e2 100644 --- a/secure/lib/libssl/man/SSL_session_reused.3 +++ b/secure/lib/libssl/man/SSL_session_reused.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:48 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_session_reused 3" -.TH SSL_session_reused 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_session_reused 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_session_reused \- query whether a reused session was negotiated during handshake .SH "SYNOPSIS" @@ -147,6 +137,7 @@ SSL_session_reused \- query whether a reused session was negotiated during hands .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 \& int SSL_session_reused(SSL *ssl); .Ve @@ -162,12 +153,12 @@ queried by the application. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.Ip "0" 4 +.IP "0" 4 A new session was negotiated. -.Ip "1" 4 +.IP "1" 4 .IX Item "1" A session was reused. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_set_session(3), -SSL_CTX_set_session_cache_mode(3) +\&\fIssl\fR\|(3), \fISSL_set_session\fR\|(3), +\&\fISSL_CTX_set_session_cache_mode\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_set_bio.3 b/secure/lib/libssl/man/SSL_set_bio.3 index a45734a..6d0d1b9 100644 --- a/secure/lib/libssl/man/SSL_set_bio.3 +++ b/secure/lib/libssl/man/SSL_set_bio.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:49 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,18 +126,18 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_set_bio 3" -.TH SSL_set_bio 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_set_bio 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_set_bio \- connect the \s-1SSL\s0 object with a \s-1BIO\s0 +SSL_set_bio \- connect the SSL object with a BIO .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 \& void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio); .Ve @@ -156,7 +147,7 @@ SSL_set_bio \- connect the \s-1SSL\s0 object with a \s-1BIO\s0 operations of the \s-1TLS/SSL\s0 (encrypted) side of \fBssl\fR. .PP The \s-1SSL\s0 engine inherits the behaviour of \fBrbio\fR and \fBwbio\fR, respectively. -If a \s-1BIO\s0 is non-blocking, the \fBssl\fR will also have non-blocking behaviour. +If a \s-1BIO\s0 is non\-blocking, the \fBssl\fR will also have non-blocking behaviour. .PP If there was already a \s-1BIO\s0 connected to \fBssl\fR, \fIBIO_free()\fR will be called (for both the reading and writing side, if different). @@ -165,6 +156,6 @@ If there was already a \s-1BIO\s0 connected to \fBssl\fR, \fIBIO_free()\fR will \&\fISSL_set_bio()\fR cannot fail. .SH "SEE ALSO" .IX Header "SEE ALSO" -SSL_get_rbio(3), -SSL_connect(3), SSL_accept(3), -SSL_shutdown(3), ssl(3), bio(3) +\&\fISSL_get_rbio\fR\|(3), +\&\fISSL_connect\fR\|(3), \fISSL_accept\fR\|(3), +\&\fISSL_shutdown\fR\|(3), \fIssl\fR\|(3), \fIbio\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_set_connect_state.3 b/secure/lib/libssl/man/SSL_set_connect_state.3 index 4987f4e..013907d 100644 --- a/secure/lib/libssl/man/SSL_set_connect_state.3 +++ b/secure/lib/libssl/man/SSL_set_connect_state.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:49 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,21 +126,22 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_set_connect_state 3" -.TH SSL_set_connect_state 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_set_connect_state 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_set_connect_state, SSL_get_accept_state \- prepare \s-1SSL\s0 object to work in client or server mode +SSL_set_connect_state, SSL_get_accept_state \- prepare SSL object to work in client or server mode .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 \& void SSL_set_connect_state(SSL *ssl); .Ve +.PP .Vb 1 \& void SSL_set_accept_state(SSL *ssl); .Ve @@ -160,11 +152,11 @@ SSL_set_connect_state, SSL_get_accept_state \- prepare \s-1SSL\s0 object to work \&\fISSL_set_accept_state()\fR sets \fBssl\fR to work in server mode. .SH "NOTES" .IX Header "NOTES" -When the \s-1SSL_CTX\s0 object was created with SSL_CTX_new(3), +When the \s-1SSL_CTX\s0 object was created with \fISSL_CTX_new\fR\|(3), it was either assigned a dedicated client method, a dedicated server method, or a generic method, that can be used for both client and server connections. (The method might have been changed with -SSL_CTX_set_ssl_version(3) or +\&\fISSL_CTX_set_ssl_version\fR\|(3) or \&\fISSL_set_ssl_method()\fR.) .PP When beginning a new handshake, the \s-1SSL\s0 engine must know whether it must @@ -172,10 +164,10 @@ call the connect (client) or accept (server) routines. Even though it may be clear from the method chosen, whether client or server mode was requested, the handshake routines must be explicitly set. .PP -When using the SSL_connect(3) or -SSL_accept(3) routines, the correct handshake +When using the \fISSL_connect\fR\|(3) or +\&\fISSL_accept\fR\|(3) routines, the correct handshake routines are automatically set. When performing a transparent negotiation -using SSL_write(3) or SSL_read(3), the +using \fISSL_write\fR\|(3) or \fISSL_read\fR\|(3), the handshake routines must be explicitly set in advance using either \&\fISSL_set_connect_state()\fR or \fISSL_set_accept_state()\fR. .SH "RETURN VALUES" @@ -184,8 +176,8 @@ handshake routines must be explicitly set in advance using either information. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_new(3), SSL_CTX_new(3), -SSL_connect(3), SSL_accept(3), -SSL_write(3), SSL_read(3), -SSL_do_handshake(3), -SSL_CTX_set_ssl_version(3) +\&\fIssl\fR\|(3), \fISSL_new\fR\|(3), \fISSL_CTX_new\fR\|(3), +\&\fISSL_connect\fR\|(3), \fISSL_accept\fR\|(3), +\&\fISSL_write\fR\|(3), \fISSL_read\fR\|(3), +\&\fISSL_do_handshake\fR\|(3), +\&\fISSL_CTX_set_ssl_version\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_set_fd.3 b/secure/lib/libssl/man/SSL_set_fd.3 index 45d3728..4e4c5f4 100644 --- a/secure/lib/libssl/man/SSL_set_fd.3 +++ b/secure/lib/libssl/man/SSL_set_fd.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:49 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,18 +126,18 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_set_fd 3" -.TH SSL_set_fd 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_set_fd 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_set_fd \- connect the \s-1SSL\s0 object with a file descriptor +SSL_set_fd \- connect the SSL object with a file descriptor .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 3 \& int SSL_set_fd(SSL *ssl, int fd); \& int SSL_set_rfd(SSL *ssl, int fd); @@ -160,7 +151,7 @@ socket file descriptor of a network connection. .PP When performing the operation, a \fBsocket \s-1BIO\s0\fR is automatically created to interface between the \fBssl\fR and \fBfd\fR. The \s-1BIO\s0 and hence the \s-1SSL\s0 engine -inherit the behaviour of \fBfd\fR. If \fBfd\fR is non-blocking, the \fBssl\fR will +inherit the behaviour of \fBfd\fR. If \fBfd\fR is non\-blocking, the \fBssl\fR will also have non-blocking behaviour. .PP If there was already a \s-1BIO\s0 connected to \fBssl\fR, \fIBIO_free()\fR will be called @@ -171,13 +162,13 @@ for the read channel or the write channel, which can be set independently. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.Ip "0" 4 +.IP "0" 4 The operation failed. Check the error stack to find out why. -.Ip "1" 4 +.IP "1" 4 .IX Item "1" The operation succeeded. .SH "SEE ALSO" .IX Header "SEE ALSO" -SSL_get_fd(3), SSL_set_bio(3), -SSL_connect(3), SSL_accept(3), -SSL_shutdown(3), ssl(3) , bio(3) +\&\fISSL_get_fd\fR\|(3), \fISSL_set_bio\fR\|(3), +\&\fISSL_connect\fR\|(3), \fISSL_accept\fR\|(3), +\&\fISSL_shutdown\fR\|(3), \fIssl\fR\|(3) , \fIbio\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_set_session.3 b/secure/lib/libssl/man/SSL_set_session.3 index a977d4e..d429b0c 100644 --- a/secure/lib/libssl/man/SSL_set_session.3 +++ b/secure/lib/libssl/man/SSL_set_session.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:49 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,18 +126,18 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_set_session 3" -.TH SSL_set_session 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_set_session 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_set_session \- set a \s-1TLS/SSL\s0 session to be used during \s-1TLS/SSL\s0 connect +SSL_set_session \- set a TLS/SSL session to be used during TLS/SSL connect .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 \& int SSL_set_session(SSL *ssl, SSL_SESSION *session); .Ve @@ -157,7 +148,7 @@ is to be established. \fISSL_set_session()\fR is only useful for \s-1TLS/SSL\s0 When the session is set, the reference count of \fBsession\fR is incremented by 1. If the session is not reused, the reference count is decremented again during \fISSL_connect()\fR. Whether the session was reused can be queried -with the SSL_session_reused(3) call. +with the \fISSL_session_reused\fR\|(3) call. .PP If there is already a session set inside \fBssl\fR (because it was set with \&\fISSL_set_session()\fR before or because the same \fBssl\fR was already used for @@ -172,14 +163,14 @@ from this \s-1SSL_CTX\s0 object). .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.Ip "0" 4 +.IP "0" 4 The operation failed; check the error stack to find out the reason. -.Ip "1" 4 +.IP "1" 4 .IX Item "1" The operation succeeded. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_SESSION_free(3), -SSL_get_session(3), -SSL_session_reused(3), -SSL_CTX_set_session_cache_mode(3) +\&\fIssl\fR\|(3), \fISSL_SESSION_free\fR\|(3), +\&\fISSL_get_session\fR\|(3), +\&\fISSL_session_reused\fR\|(3), +\&\fISSL_CTX_set_session_cache_mode\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_set_shutdown.3 b/secure/lib/libssl/man/SSL_set_shutdown.3 index 8b69112..3de924c 100644 --- a/secure/lib/libssl/man/SSL_set_shutdown.3 +++ b/secure/lib/libssl/man/SSL_set_shutdown.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:49 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,23 +126,24 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_set_shutdown 3" -.TH SSL_set_shutdown 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_set_shutdown 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_set_shutdown, SSL_get_shutdown \- manipulate shutdown state of an \s-1SSL\s0 connection +SSL_set_shutdown, SSL_get_shutdown \- manipulate shutdown state of an SSL connection .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 \& void SSL_set_shutdown(SSL *ssl, int mode); .Ve +.PP .Vb 1 -\& int SSL_get_shutdown(SSL *ssl); +\& int SSL_get_shutdown(const SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -161,13 +153,13 @@ SSL_set_shutdown, SSL_get_shutdown \- manipulate shutdown state of an \s-1SSL\s0 .SH "NOTES" .IX Header "NOTES" The shutdown state of an ssl connection is a bitmask of: -.Ip "0" 4 +.IP "0" 4 No shutdown setting, yet. -.Ip "\s-1SSL_SENT_SHUTDOWN\s0" 4 +.IP "\s-1SSL_SENT_SHUTDOWN\s0" 4 .IX Item "SSL_SENT_SHUTDOWN" A \*(L"close notify\*(R" shutdown alert was sent to the peer, the connection is being considered closed and the session is closed and correct. -.Ip "\s-1SSL_RECEIVED_SHUTDOWN\s0" 4 +.IP "\s-1SSL_RECEIVED_SHUTDOWN\s0" 4 .IX Item "SSL_RECEIVED_SHUTDOWN" A shutdown alert was received form the peer, either a normal \*(L"close notify\*(R" or a fatal error. @@ -176,18 +168,18 @@ or a fatal error. .PP The shutdown state of the connection is used to determine the state of the ssl session. If the session is still open, when -SSL_clear(3) or SSL_free(3) is called, +\&\fISSL_clear\fR\|(3) or \fISSL_free\fR\|(3) is called, it is considered bad and removed according to \s-1RFC2246\s0. The actual condition for a correctly closed session is \s-1SSL_SENT_SHUTDOWN\s0 (according to the \s-1TLS\s0 \s-1RFC\s0, it is acceptable to only send the \*(L"close notify\*(R" alert but to not wait for the peer's answer, when the underlying connection is closed). \&\fISSL_set_shutdown()\fR can be used to set this state without sending a -close alert to the peer (see SSL_shutdown(3)). +close alert to the peer (see \fISSL_shutdown\fR\|(3)). .PP If a \*(L"close notify\*(R" was received, \s-1SSL_RECEIVED_SHUTDOWN\s0 will be set, for setting \s-1SSL_SENT_SHUTDOWN\s0 the application must however still call -SSL_shutdown(3) or \fISSL_set_shutdown()\fR itself. +\&\fISSL_shutdown\fR\|(3) or \fISSL_set_shutdown()\fR itself. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fISSL_set_shutdown()\fR does not return diagnostic information. @@ -195,6 +187,6 @@ SSL_shutdown(3) or \fISSL_set_shutdown()\fR itself. \&\fISSL_get_shutdown()\fR returns the current setting. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_shutdown(3), -SSL_CTX_set_quiet_shutdown(3), -SSL_clear(3), SSL_free(3) +\&\fIssl\fR\|(3), \fISSL_shutdown\fR\|(3), +\&\fISSL_CTX_set_quiet_shutdown\fR\|(3), +\&\fISSL_clear\fR\|(3), \fISSL_free\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_set_verify_result.3 b/secure/lib/libssl/man/SSL_set_verify_result.3 index 8a7a0c0..9ca45fc 100644 --- a/secure/lib/libssl/man/SSL_set_verify_result.3 +++ b/secure/lib/libssl/man/SSL_set_verify_result.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:49 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_set_verify_result 3" -.TH SSL_set_verify_result 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_set_verify_result 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_set_verify_result \- override result of peer certificate verification .SH "SYNOPSIS" @@ -147,6 +137,7 @@ SSL_set_verify_result \- override result of peer certificate verification .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 \& void SSL_set_verify_result(SSL *ssl, long verify_result); .Ve @@ -162,12 +153,12 @@ the verification result of the \fBssl\fR object. It does not become part of the established session, so if the session is to be reused later, the original value will reappear. .PP -The valid codes for \fBverify_result\fR are documented in verify(1). +The valid codes for \fBverify_result\fR are documented in \fIverify\fR\|(1). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fISSL_set_verify_result()\fR does not provide a return value. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_get_verify_result(3), -SSL_get_peer_certificate(3), -verify(1) +\&\fIssl\fR\|(3), \fISSL_get_verify_result\fR\|(3), +\&\fISSL_get_peer_certificate\fR\|(3), +\&\fIverify\fR\|(1) diff --git a/secure/lib/libssl/man/SSL_shutdown.3 b/secure/lib/libssl/man/SSL_shutdown.3 index 291aa32..a6259db 100644 --- a/secure/lib/libssl/man/SSL_shutdown.3 +++ b/secure/lib/libssl/man/SSL_shutdown.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:49 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,18 +126,18 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_shutdown 3" -.TH SSL_shutdown 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_shutdown 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_shutdown \- shut down a \s-1TLS/SSL\s0 connection +SSL_shutdown \- shut down a TLS/SSL connection .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 \& int SSL_shutdown(SSL *ssl); .Ve @@ -171,15 +162,15 @@ When the underlying connection shall be used for more communications, the complete shutdown procedure (bidirectional \*(L"close notify\*(R" alerts) must be performed, so that the peers stay synchronized. .PP -\&\fISSL_shutdown()\fR supports both uni- and bidirectional shutdown by its 2 step +\&\fISSL_shutdown()\fR supports both uni\- and bidirectional shutdown by its 2 step behaviour. -.if n .Ip "When the application is the first party to send the """"close notify"""" alert, \fISSL_shutdown()\fR will only send the alert and the set the \s-1SSL_SENT_SHUTDOWN\s0 flag (so that the session is considered good and will be kept in cache). \fISSL_shutdown()\fR will then return with 0. If a unidirectional shutdown is enough (the underlying connection shall be closed anyway), this first call to \fISSL_shutdown()\fR is sufficient. In order to complete the bidirectional shutdown handshake, \fISSL_shutdown()\fR must be called again. The second call will make \fISSL_shutdown()\fR wait for the peer's """"close notify"""" shutdown alert. On success, the second call to \fISSL_shutdown()\fR will return with 1." 4 -.el .Ip "When the application is the first party to send the ``close notify'' alert, \fISSL_shutdown()\fR will only send the alert and the set the \s-1SSL_SENT_SHUTDOWN\s0 flag (so that the session is considered good and will be kept in cache). \fISSL_shutdown()\fR will then return with 0. If a unidirectional shutdown is enough (the underlying connection shall be closed anyway), this first call to \fISSL_shutdown()\fR is sufficient. In order to complete the bidirectional shutdown handshake, \fISSL_shutdown()\fR must be called again. The second call will make \fISSL_shutdown()\fR wait for the peer's ``close notify'' shutdown alert. On success, the second call to \fISSL_shutdown()\fR will return with 1." 4 -.IX Item "When the application is the first party to send the "close notify alert, SSL_shutdown() will only send the alert and the set the SSL_SENT_SHUTDOWN flag (so that the session is considered good and will be kept in cache). SSL_shutdown() will then return with 0. If a unidirectional shutdown is enough (the underlying connection shall be closed anyway), this first call to SSL_shutdown() is sufficient. In order to complete the bidirectional shutdown handshake, SSL_shutdown() must be called again. The second call will make SSL_shutdown() wait for the peer's close notify shutdown alert. On success, the second call to SSL_shutdown() will return with 1." +.ie n .IP "When the application is the first party to send the ""close notify"" alert, \fISSL_shutdown()\fR will only send the alert and then set the \s-1SSL_SENT_SHUTDOWN\s0 flag (so that the session is considered good and will be kept in cache). \fISSL_shutdown()\fR will then return with 0. If a unidirectional shutdown is enough (the underlying connection shall be closed anyway), this first call to \fISSL_shutdown()\fR is sufficient. In order to complete the bidirectional shutdown handshake, \fISSL_shutdown()\fR must be called again. The second call will make \fISSL_shutdown()\fR wait for the peer's ""close notify"" shutdown alert. On success, the second call to \fISSL_shutdown()\fR will return with 1." 4 +.el .IP "When the application is the first party to send the ``close notify'' alert, \fISSL_shutdown()\fR will only send the alert and then set the \s-1SSL_SENT_SHUTDOWN\s0 flag (so that the session is considered good and will be kept in cache). \fISSL_shutdown()\fR will then return with 0. If a unidirectional shutdown is enough (the underlying connection shall be closed anyway), this first call to \fISSL_shutdown()\fR is sufficient. In order to complete the bidirectional shutdown handshake, \fISSL_shutdown()\fR must be called again. The second call will make \fISSL_shutdown()\fR wait for the peer's ``close notify'' shutdown alert. On success, the second call to \fISSL_shutdown()\fR will return with 1." 4 +.IX Item "When the application is the first party to send the close notify alert, SSL_shutdown() will only send the alert and then set the SSL_SENT_SHUTDOWN flag (so that the session is considered good and will be kept in cache). SSL_shutdown() will then return with 0. If a unidirectional shutdown is enough (the underlying connection shall be closed anyway), this first call to SSL_shutdown() is sufficient. In order to complete the bidirectional shutdown handshake, SSL_shutdown() must be called again. The second call will make SSL_shutdown() wait for the peer's close notify shutdown alert. On success, the second call to SSL_shutdown() will return with 1." .PD 0 -.if n .Ip "If the peer already sent the """"close notify"""" alert \fBand\fR it was already processed implicitly inside another function (SSL_read(3)), the \s-1SSL_RECEIVED_SHUTDOWN\s0 flag is set. \fISSL_shutdown()\fR will send the """"close notify"""" alert, set the \s-1SSL_SENT_SHUTDOWN\s0 flag and will immediately return with 1. Whether \s-1SSL_RECEIVED_SHUTDOWN\s0 is already set can be checked using the \fISSL_get_shutdown()\fR (see also SSL_set_shutdown(3) call." 4 -.el .Ip "If the peer already sent the ``close notify'' alert \fBand\fR it was already processed implicitly inside another function (SSL_read(3)), the \s-1SSL_RECEIVED_SHUTDOWN\s0 flag is set. \fISSL_shutdown()\fR will send the ``close notify'' alert, set the \s-1SSL_SENT_SHUTDOWN\s0 flag and will immediately return with 1. Whether \s-1SSL_RECEIVED_SHUTDOWN\s0 is already set can be checked using the \fISSL_get_shutdown()\fR (see also SSL_set_shutdown(3) call." 4 -.IX Item "If the peer already sent the "close notify alert and it was already processed implicitly inside another function (SSL_read(3)), the SSL_RECEIVED_SHUTDOWN flag is set. SSL_shutdown() will send the close notify alert, set the SSL_SENT_SHUTDOWN flag and will immediately return with 1. Whether SSL_RECEIVED_SHUTDOWN is already set can be checked using the SSL_get_shutdown() (see also SSL_set_shutdown(3) call." +.ie n .IP "If the peer already sent the ""close notify"" alert \fBand\fR it was already processed implicitly inside another function (\fISSL_read\fR\|(3)), the \s-1SSL_RECEIVED_SHUTDOWN\s0 flag is set. \fISSL_shutdown()\fR will send the ""close notify"" alert, set the \s-1SSL_SENT_SHUTDOWN\s0 flag and will immediately return with 1. Whether \s-1SSL_RECEIVED_SHUTDOWN\s0 is already set can be checked using the \fISSL_get_shutdown()\fR (see also \fISSL_set_shutdown\fR\|(3) call." 4 +.el .IP "If the peer already sent the ``close notify'' alert \fBand\fR it was already processed implicitly inside another function (\fISSL_read\fR\|(3)), the \s-1SSL_RECEIVED_SHUTDOWN\s0 flag is set. \fISSL_shutdown()\fR will send the ``close notify'' alert, set the \s-1SSL_SENT_SHUTDOWN\s0 flag and will immediately return with 1. Whether \s-1SSL_RECEIVED_SHUTDOWN\s0 is already set can be checked using the \fISSL_get_shutdown()\fR (see also \fISSL_set_shutdown\fR\|(3) call." 4 +.IX Item "If the peer already sent the close notify alert and it was already processed implicitly inside another function (SSL_read), the SSL_RECEIVED_SHUTDOWN flag is set. SSL_shutdown() will send the close notify alert, set the SSL_SENT_SHUTDOWN flag and will immediately return with 1. Whether SSL_RECEIVED_SHUTDOWN is already set can be checked using the SSL_get_shutdown() (see also SSL_set_shutdown call." .PD .PP It is therefore recommended, to check the return value of \fISSL_shutdown()\fR @@ -206,32 +197,32 @@ into or retrieved out of the \s-1BIO\s0 before being able to continue. .PP \&\fISSL_shutdown()\fR can be modified to only set the connection to \*(L"shutdown\*(R" state but not actually send the \*(L"close notify\*(R" alert messages, -see SSL_CTX_set_quiet_shutdown(3). +see \fISSL_CTX_set_quiet_shutdown\fR\|(3). When \*(L"quiet shutdown\*(R" is enabled, \fISSL_shutdown()\fR will always succeed and return 1. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.Ip "1" 4 +.IP "1" 4 .IX Item "1" The shutdown was successfully completed. The \*(L"close notify\*(R" alert was sent and the peer's \*(L"close notify\*(R" alert was received. -.Ip "0" 4 +.IP "0" 4 The shutdown is not yet finished. Call \fISSL_shutdown()\fR for a second time, if a bidirectional shutdown shall be performed. -The output of SSL_get_error(3) may be misleading, as an +The output of \fISSL_get_error\fR\|(3) may be misleading, as an erroneous \s-1SSL_ERROR_SYSCALL\s0 may be flagged even though no error occurred. -.Ip "\-1" 4 +.IP "\-1" 4 .IX Item "-1" The shutdown was not successful because a fatal error occurred either at the protocol level or a connection failure occurred. It can also occur if action is need to continue the operation for non-blocking BIOs. -Call SSL_get_error(3) with the return value \fBret\fR +Call \fISSL_get_error\fR\|(3) with the return value \fBret\fR to find out the reason. .SH "SEE ALSO" .IX Header "SEE ALSO" -SSL_get_error(3), SSL_connect(3), -SSL_accept(3), SSL_set_shutdown(3), -SSL_CTX_set_quiet_shutdown(3), -SSL_clear(3), SSL_free(3), -ssl(3), bio(3) +\&\fISSL_get_error\fR\|(3), \fISSL_connect\fR\|(3), +\&\fISSL_accept\fR\|(3), \fISSL_set_shutdown\fR\|(3), +\&\fISSL_CTX_set_quiet_shutdown\fR\|(3), +\&\fISSL_clear\fR\|(3), \fISSL_free\fR\|(3), +\&\fIssl\fR\|(3), \fIbio\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_state_string.3 b/secure/lib/libssl/man/SSL_state_string.3 index 5d5c232..a7e925e 100644 --- a/secure/lib/libssl/man/SSL_state_string.3 +++ b/secure/lib/libssl/man/SSL_state_string.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:50 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,21 +126,21 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_state_string 3" -.TH SSL_state_string 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_state_string 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_state_string, SSL_state_string_long \- get textual description of state of an \s-1SSL\s0 object +SSL_state_string, SSL_state_string_long \- get textual description of state of an SSL object .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 2 -\& const char *SSL_state_string(SSL *ssl); -\& const char *SSL_state_string_long(SSL *ssl); +\& const char *SSL_state_string(const SSL *ssl); +\& const char *SSL_state_string_long(const SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -177,4 +168,4 @@ can be used within the info_callback function set with the Detailed description of possible states to be included later. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_CTX_set_info_callback(3) +\&\fIssl\fR\|(3), \fISSL_CTX_set_info_callback\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_want.3 b/secure/lib/libssl/man/SSL_want.3 index 2fef873..d8131f1 100644 --- a/secure/lib/libssl/man/SSL_want.3 +++ b/secure/lib/libssl/man/SSL_want.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:50 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,24 +126,24 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_want 3" -.TH SSL_want 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_want 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, SSL_want_x509_lookup \- obtain state information \s-1TLS/SSL\s0 I/O operation +SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, SSL_want_x509_lookup \- obtain state information TLS/SSL I/O operation .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 5 -\& int SSL_want(SSL *ssl); -\& int SSL_want_nothing(SSL *ssl); -\& int SSL_want_read(SSL *ssl); -\& int SSL_want_write(SSL *ssl); -\& int SSL_want_x509_lookup(SSL *ssl); +\& int SSL_want(const SSL *ssl); +\& int SSL_want_nothing(const SSL *ssl); +\& int SSL_want_read(const SSL *ssl); +\& int SSL_want_write(const SSL *ssl); +\& int SSL_want_x509_lookup(const SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -163,42 +154,42 @@ by \fISSL_want()\fR. .SH "NOTES" .IX Header "NOTES" \&\fISSL_want()\fR examines the internal state information of the \s-1SSL\s0 object. Its -return values are similar to that of SSL_get_error(3). -Unlike SSL_get_error(3), which also evaluates the +return values are similar to that of \fISSL_get_error\fR\|(3). +Unlike \fISSL_get_error\fR\|(3), which also evaluates the error queue, the results are obtained by examining an internal state flag only. The information must therefore only be used for normal operation under non-blocking I/O. Error conditions are not handled and must be treated -using SSL_get_error(3). +using \fISSL_get_error\fR\|(3). .PP The result returned by \fISSL_want()\fR should always be consistent with -the result of SSL_get_error(3). +the result of \fISSL_get_error\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can currently occur for \fISSL_want()\fR: -.Ip "\s-1SSL_NOTHING\s0" 4 +.IP "\s-1SSL_NOTHING\s0" 4 .IX Item "SSL_NOTHING" There is no data to be written or to be read. -.Ip "\s-1SSL_WRITING\s0" 4 +.IP "\s-1SSL_WRITING\s0" 4 .IX Item "SSL_WRITING" There are data in the \s-1SSL\s0 buffer that must be written to the underlying \&\fB\s-1BIO\s0\fR layer in order to complete the actual SSL_*() operation. -A call to SSL_get_error(3) should return +A call to \fISSL_get_error\fR\|(3) should return \&\s-1SSL_ERROR_WANT_WRITE\s0. -.Ip "\s-1SSL_READING\s0" 4 +.IP "\s-1SSL_READING\s0" 4 .IX Item "SSL_READING" More data must be read from the underlying \fB\s-1BIO\s0\fR layer in order to complete the actual SSL_*() operation. -A call to SSL_get_error(3) should return +A call to \fISSL_get_error\fR\|(3) should return \&\s-1SSL_ERROR_WANT_READ\s0. -.Ip "\s-1SSL_X509_LOOKUP\s0" 4 +.IP "\s-1SSL_X509_LOOKUP\s0" 4 .IX Item "SSL_X509_LOOKUP" The operation did not complete because an application callback set by \&\fISSL_CTX_set_client_cert_cb()\fR has asked to be called again. -A call to SSL_get_error(3) should return +A call to \fISSL_get_error\fR\|(3) should return \&\s-1SSL_ERROR_WANT_X509_LOOKUP\s0. .PP \&\fISSL_want_nothing()\fR, \fISSL_want_read()\fR, \fISSL_want_write()\fR, \fISSL_want_x509_lookup()\fR return 1, when the corresponding condition is true or 0 otherwise. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), err(3), SSL_get_error(3) +\&\fIssl\fR\|(3), \fIerr\fR\|(3), \fISSL_get_error\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_write.3 b/secure/lib/libssl/man/SSL_write.3 index 4edfc84..dff29b4 100644 --- a/secure/lib/libssl/man/SSL_write.3 +++ b/secure/lib/libssl/man/SSL_write.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:50 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,18 +126,18 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_write 3" -.TH SSL_write 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_write 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_write \- write bytes to a \s-1TLS/SSL\s0 connection. +SSL_write \- write bytes to a TLS/SSL connection. .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 \& int SSL_write(SSL *ssl, const void *buf, int num); .Ve @@ -157,27 +148,27 @@ SSL_write \- write bytes to a \s-1TLS/SSL\s0 connection. .SH "NOTES" .IX Header "NOTES" If necessary, \fISSL_write()\fR will negotiate a \s-1TLS/SSL\s0 session, if -not already explicitly performed by SSL_connect(3) or -SSL_accept(3). If the -peer requests a re-negotiation, it will be performed transparently during +not already explicitly performed by \fISSL_connect\fR\|(3) or +\&\fISSL_accept\fR\|(3). If the +peer requests a re\-negotiation, it will be performed transparently during the \fISSL_write()\fR operation. The behaviour of \fISSL_write()\fR depends on the underlying \s-1BIO\s0. .PP For the transparent negotiation to succeed, the \fBssl\fR must have been initialized to client or server mode. This is being done by calling -SSL_set_connect_state(3) or \fISSL_set_accept_state()\fR -before the first call to an SSL_read(3) or \fISSL_write()\fR function. +\&\fISSL_set_connect_state\fR\|(3) or \fISSL_set_accept_state()\fR +before the first call to an \fISSL_read\fR\|(3) or \fISSL_write()\fR function. .PP If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_write()\fR will only return, once the write operation has been finished or an error occurred, except when a renegotiation take place, in which case a \s-1SSL_ERROR_WANT_READ\s0 may occur. This behaviour can be controlled with the \s-1SSL_MODE_AUTO_RETRY\s0 flag of the -SSL_CTX_set_mode(3) call. +\&\fISSL_CTX_set_mode\fR\|(3) call. .PP If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_write()\fR will also return, when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_write()\fR to continue the operation. In this case a call to -SSL_get_error(3) with the +\&\fISSL_get_error\fR\|(3) with the return value of \fISSL_write()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or \&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. As at any time a re-negotiation is possible, a call to \fISSL_write()\fR can also cause read operations! The calling process @@ -190,7 +181,7 @@ must be written into or retrieved out of the \s-1BIO\s0 before being able to con \&\fISSL_write()\fR will only return with success, when the complete contents of \fBbuf\fR of length \fBnum\fR has been written. This default behaviour can be changed with the \s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0 option of -SSL_CTX_set_mode(3). When this flag is set, +\&\fISSL_CTX_set_mode\fR\|(3). When this flag is set, \&\fISSL_write()\fR will also return with success, when a partial write has been successfully completed. In this case the \fISSL_write()\fR operation is considered completed. The bytes are sent and a new \fISSL_write()\fR operation with a new @@ -208,11 +199,11 @@ undefined. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.Ip ">0" 4 +.IP ">0" 4 .IX Item ">0" The write operation was successful, the return value is the number of bytes actually written to the \s-1TLS/SSL\s0 connection. -.Ip "0" 4 +.IP "0" 4 The write operation was not successful. Probably the underlying connection was closed. Call \fISSL_get_error()\fR with the return value \fBret\fR to find out, whether an error occurred or the connection was shut down cleanly @@ -221,15 +212,15 @@ whether an error occurred or the connection was shut down cleanly SSLv2 (deprecated) does not support a shutdown alert protocol, so it can only be detected, whether the underlying connection was closed. It cannot be checked, why the closure happened. -.Ip "<0" 4 +.IP "<0" 4 .IX Item "<0" The write operation was not successful, because either an error occurred or action must be taken by the calling process. Call \fISSL_get_error()\fR with the return value \fBret\fR to find out the reason. .SH "SEE ALSO" .IX Header "SEE ALSO" -SSL_get_error(3), SSL_read(3), -SSL_CTX_set_mode(3), SSL_CTX_new(3), -SSL_connect(3), SSL_accept(3) -SSL_set_connect_state(3), -ssl(3), bio(3) +\&\fISSL_get_error\fR\|(3), \fISSL_read\fR\|(3), +\&\fISSL_CTX_set_mode\fR\|(3), \fISSL_CTX_new\fR\|(3), +\&\fISSL_connect\fR\|(3), \fISSL_accept\fR\|(3) +\&\fISSL_set_connect_state\fR\|(3), +\&\fIssl\fR\|(3), \fIbio\fR\|(3) diff --git a/secure/lib/libssl/man/d2i_SSL_SESSION.3 b/secure/lib/libssl/man/d2i_SSL_SESSION.3 index 8a9e70e..66793ff 100644 --- a/secure/lib/libssl/man/d2i_SSL_SESSION.3 +++ b/secure/lib/libssl/man/d2i_SSL_SESSION.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:50 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,20 +126,20 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "d2i_SSL_SESSION 3" -.TH d2i_SSL_SESSION 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH d2i_SSL_SESSION 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -d2i_SSL_SESSION, i2d_SSL_SESSION \- convert \s-1SSL_SESSION\s0 object from/to \s-1ASN1\s0 representation +d2i_SSL_SESSION, i2d_SSL_SESSION \- convert SSL_SESSION object from/to ASN1 representation .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 2 -\& SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp, long length); +\& SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length); \& int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); .Ve .SH "DESCRIPTION" @@ -170,10 +161,10 @@ a binary \s-1ASN1\s0 representation. .PP When using \fId2i_SSL_SESSION()\fR, the \s-1SSL_SESSION\s0 object is automatically allocated. The reference count is 1, so that the session must be -explicitly removed using SSL_SESSION_free(3), +explicitly removed using \fISSL_SESSION_free\fR\|(3), unless the \s-1SSL_SESSION\s0 object is completely taken over, when being called inside the \fIget_session_cb()\fR (see -SSL_CTX_sess_set_get_cb(3)). +\&\fISSL_CTX_sess_set_get_cb\fR\|(3)). .PP \&\s-1SSL_SESSION\s0 objects keep internal link information about the session cache list, when being inserted into one \s-1SSL_CTX\s0 object's session cache. @@ -197,5 +188,5 @@ can be retrieved from the error stack. When the session is not valid, \fB0\fR is returned and no operation is performed. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_SESSION_free(3), -SSL_CTX_sess_set_get_cb(3) +\&\fIssl\fR\|(3), \fISSL_SESSION_free\fR\|(3), +\&\fISSL_CTX_sess_set_get_cb\fR\|(3) diff --git a/secure/lib/libssl/man/ssl.3 b/secure/lib/libssl/man/ssl.3 index 38a1a43..5e0c925 100644 --- a/secure/lib/libssl/man/ssl.3 +++ b/secure/lib/libssl/man/ssl.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:50 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,13 +126,12 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "ssl 3" -.TH ssl 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH ssl 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -\&\s-1SSL\s0 \- OpenSSL \s-1SSL/TLS\s0 library +SSL \- OpenSSL SSL/TLS library .SH "SYNOPSIS" .IX Header "SYNOPSIS" .SH "DESCRIPTION" @@ -151,51 +141,51 @@ Transport Layer Security (\s-1TLS\s0 v1) protocols. It provides a rich \s-1API\s documented here. .PP At first the library must be initialized; see -SSL_library_init(3). +\&\fISSL_library_init\fR\|(3). .PP Then an \fB\s-1SSL_CTX\s0\fR object is created as a framework to establish -\&\s-1TLS/SSL\s0 enabled connections (see SSL_CTX_new(3)). +\&\s-1TLS/SSL\s0 enabled connections (see \fISSL_CTX_new\fR\|(3)). Various options regarding certificates, algorithms etc. can be set in this object. .PP When a network connection has been created, it can be assigned to an \&\fB\s-1SSL\s0\fR object. After the \fB\s-1SSL\s0\fR object has been created using -SSL_new(3), SSL_set_fd(3) or -SSL_set_bio(3) can be used to associate the network +\&\fISSL_new\fR\|(3), \fISSL_set_fd\fR\|(3) or +\&\fISSL_set_bio\fR\|(3) can be used to associate the network connection with the object. .PP Then the \s-1TLS/SSL\s0 handshake is performed using -SSL_accept(3) or SSL_connect(3) +\&\fISSL_accept\fR\|(3) or \fISSL_connect\fR\|(3) respectively. -SSL_read(3) and SSL_write(3) are used +\&\fISSL_read\fR\|(3) and \fISSL_write\fR\|(3) are used to read and write data on the \s-1TLS/SSL\s0 connection. -SSL_shutdown(3) can be used to shut down the +\&\fISSL_shutdown\fR\|(3) can be used to shut down the \&\s-1TLS/SSL\s0 connection. .SH "DATA STRUCTURES" .IX Header "DATA STRUCTURES" Currently the OpenSSL \fBssl\fR library functions deals with the following data structures: -.Ip "\fB\s-1SSL_METHOD\s0\fR (\s-1SSL\s0 Method)" 4 +.IP "\fB\s-1SSL_METHOD\s0\fR (\s-1SSL\s0 Method)" 4 .IX Item "SSL_METHOD (SSL Method)" That's a dispatch structure describing the internal \fBssl\fR library methods/functions which implement the various protocol versions (SSLv1, SSLv2 and TLSv1). It's needed to create an \fB\s-1SSL_CTX\s0\fR. -.Ip "\fB\s-1SSL_CIPHER\s0\fR (\s-1SSL\s0 Cipher)" 4 +.IP "\fB\s-1SSL_CIPHER\s0\fR (\s-1SSL\s0 Cipher)" 4 .IX Item "SSL_CIPHER (SSL Cipher)" This structure holds the algorithm information for a particular cipher which are a core part of the \s-1SSL/TLS\s0 protocol. The available ciphers are configured on a \fB\s-1SSL_CTX\s0\fR basis and the actually used ones are then part of the \&\fB\s-1SSL_SESSION\s0\fR. -.Ip "\fB\s-1SSL_CTX\s0\fR (\s-1SSL\s0 Context)" 4 +.IP "\fB\s-1SSL_CTX\s0\fR (\s-1SSL\s0 Context)" 4 .IX Item "SSL_CTX (SSL Context)" That's the global context structure which is created by a server or client once per program life-time and which holds mainly default values for the \&\fB\s-1SSL\s0\fR structures which are later created for the connections. -.Ip "\fB\s-1SSL_SESSION\s0\fR (\s-1SSL\s0 Session)" 4 +.IP "\fB\s-1SSL_SESSION\s0\fR (\s-1SSL\s0 Session)" 4 .IX Item "SSL_SESSION (SSL Session)" This is a structure containing the current \s-1TLS/SSL\s0 session details for a connection: \fB\s-1SSL_CIPHER\s0\fRs, client and server certificates, keys, etc. -.Ip "\fB\s-1SSL\s0\fR (\s-1SSL\s0 Connection)" 4 +.IP "\fB\s-1SSL\s0\fR (\s-1SSL\s0 Connection)" 4 .IX Item "SSL (SSL Connection)" That's the main \s-1SSL/TLS\s0 structure which is created by a server or client per established connection. This actually is the core structure in the \s-1SSL\s0 \s-1API\s0. @@ -205,30 +195,30 @@ links to mostly all other structures. .IX Header "HEADER FILES" Currently the OpenSSL \fBssl\fR library provides the following C header files containing the prototypes for the data structures and and functions: -.Ip "\fBssl.h\fR" 4 +.IP "\fBssl.h\fR" 4 .IX Item "ssl.h" That's the common header file for the \s-1SSL/TLS\s0 \s-1API\s0. Include it into your program to make the \s-1API\s0 of the \fBssl\fR library available. It internally includes both more private \s-1SSL\s0 headers and headers from the \fBcrypto\fR library. Whenever you need hard-core details on the internals of the \s-1SSL\s0 \s-1API\s0, look inside this header file. -.Ip "\fBssl2.h\fR" 4 +.IP "\fBssl2.h\fR" 4 .IX Item "ssl2.h" That's the sub header file dealing with the SSLv2 protocol only. \&\fIUsually you don't have to include it explicitly because it's already included by ssl.h\fR. -.Ip "\fBssl3.h\fR" 4 +.IP "\fBssl3.h\fR" 4 .IX Item "ssl3.h" That's the sub header file dealing with the SSLv3 protocol only. \&\fIUsually you don't have to include it explicitly because it's already included by ssl.h\fR. -.Ip "\fBssl23.h\fR" 4 +.IP "\fBssl23.h\fR" 4 .IX Item "ssl23.h" That's the sub header file dealing with the combined use of the SSLv2 and SSLv3 protocols. \&\fIUsually you don't have to include it explicitly because it's already included by ssl.h\fR. -.Ip "\fBtls1.h\fR" 4 +.IP "\fBtls1.h\fR" 4 .IX Item "tls1.h" That's the sub header file dealing with the TLSv1 protocol only. \&\fIUsually you don't have to include it explicitly because @@ -241,52 +231,52 @@ They are documented in the following: .IX Subsection "DEALING WITH PROTOCOL METHODS" Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 protocol methods defined in \fB\s-1SSL_METHOD\s0\fR structures. -.Ip "\s-1SSL_METHOD\s0 *\fBSSLv2_client_method\fR(void);" 4 +.IP "\s-1SSL_METHOD\s0 *\fBSSLv2_client_method\fR(void);" 4 .IX Item "SSL_METHOD *SSLv2_client_method(void);" Constructor for the SSLv2 \s-1SSL_METHOD\s0 structure for a dedicated client. -.Ip "\s-1SSL_METHOD\s0 *\fBSSLv2_server_method\fR(void);" 4 +.IP "\s-1SSL_METHOD\s0 *\fBSSLv2_server_method\fR(void);" 4 .IX Item "SSL_METHOD *SSLv2_server_method(void);" Constructor for the SSLv2 \s-1SSL_METHOD\s0 structure for a dedicated server. -.Ip "\s-1SSL_METHOD\s0 *\fBSSLv2_method\fR(void);" 4 +.IP "\s-1SSL_METHOD\s0 *\fBSSLv2_method\fR(void);" 4 .IX Item "SSL_METHOD *SSLv2_method(void);" Constructor for the SSLv2 \s-1SSL_METHOD\s0 structure for combined client and server. -.Ip "\s-1SSL_METHOD\s0 *\fBSSLv3_client_method\fR(void);" 4 +.IP "\s-1SSL_METHOD\s0 *\fBSSLv3_client_method\fR(void);" 4 .IX Item "SSL_METHOD *SSLv3_client_method(void);" Constructor for the SSLv3 \s-1SSL_METHOD\s0 structure for a dedicated client. -.Ip "\s-1SSL_METHOD\s0 *\fBSSLv3_server_method\fR(void);" 4 +.IP "\s-1SSL_METHOD\s0 *\fBSSLv3_server_method\fR(void);" 4 .IX Item "SSL_METHOD *SSLv3_server_method(void);" Constructor for the SSLv3 \s-1SSL_METHOD\s0 structure for a dedicated server. -.Ip "\s-1SSL_METHOD\s0 *\fBSSLv3_method\fR(void);" 4 +.IP "\s-1SSL_METHOD\s0 *\fBSSLv3_method\fR(void);" 4 .IX Item "SSL_METHOD *SSLv3_method(void);" Constructor for the SSLv3 \s-1SSL_METHOD\s0 structure for combined client and server. -.Ip "\s-1SSL_METHOD\s0 *\fBTLSv1_client_method\fR(void);" 4 +.IP "\s-1SSL_METHOD\s0 *\fBTLSv1_client_method\fR(void);" 4 .IX Item "SSL_METHOD *TLSv1_client_method(void);" Constructor for the TLSv1 \s-1SSL_METHOD\s0 structure for a dedicated client. -.Ip "\s-1SSL_METHOD\s0 *\fBTLSv1_server_method\fR(void);" 4 +.IP "\s-1SSL_METHOD\s0 *\fBTLSv1_server_method\fR(void);" 4 .IX Item "SSL_METHOD *TLSv1_server_method(void);" Constructor for the TLSv1 \s-1SSL_METHOD\s0 structure for a dedicated server. -.Ip "\s-1SSL_METHOD\s0 *\fBTLSv1_method\fR(void);" 4 +.IP "\s-1SSL_METHOD\s0 *\fBTLSv1_method\fR(void);" 4 .IX Item "SSL_METHOD *TLSv1_method(void);" Constructor for the TLSv1 \s-1SSL_METHOD\s0 structure for combined client and server. .Sh "\s-1DEALING\s0 \s-1WITH\s0 \s-1CIPHERS\s0" .IX Subsection "DEALING WITH CIPHERS" Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 ciphers defined in \fB\s-1SSL_CIPHER\s0\fR structures. -.Ip "char *\fBSSL_CIPHER_description\fR(\s-1SSL_CIPHER\s0 *cipher, char *buf, int len);" 4 +.IP "char *\fBSSL_CIPHER_description\fR(\s-1SSL_CIPHER\s0 *cipher, char *buf, int len);" 4 .IX Item "char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len);" Write a string to \fIbuf\fR (with a maximum size of \fIlen\fR) containing a human readable description of \fIcipher\fR. Returns \fIbuf\fR. -.Ip "int \fBSSL_CIPHER_get_bits\fR(\s-1SSL_CIPHER\s0 *cipher, int *alg_bits);" 4 +.IP "int \fBSSL_CIPHER_get_bits\fR(\s-1SSL_CIPHER\s0 *cipher, int *alg_bits);" 4 .IX Item "int SSL_CIPHER_get_bits(SSL_CIPHER *cipher, int *alg_bits);" Determine the number of bits in \fIcipher\fR. Because of export crippled ciphers there are two bits: The bits the algorithm supports in general (stored to \&\fIalg_bits\fR) and the bits which are actually used (the return value). -.Ip "const char *\fBSSL_CIPHER_get_name\fR(\s-1SSL_CIPHER\s0 *cipher);" 4 +.IP "const char *\fBSSL_CIPHER_get_name\fR(\s-1SSL_CIPHER\s0 *cipher);" 4 .IX Item "const char *SSL_CIPHER_get_name(SSL_CIPHER *cipher);" Return the internal name of \fIcipher\fR as a string. These are the various strings defined by the \fISSL2_TXT_xxx\fR, \fISSL3_TXT_xxx\fR and \fITLS1_TXT_xxx\fR definitions in the header files. -.Ip "char *\fBSSL_CIPHER_get_version\fR(\s-1SSL_CIPHER\s0 *cipher);" 4 +.IP "char *\fBSSL_CIPHER_get_version\fR(\s-1SSL_CIPHER\s0 *cipher);" 4 .IX Item "char *SSL_CIPHER_get_version(SSL_CIPHER *cipher);" Returns a string like "\f(CW\*(C`TLSv1/SSLv3\*(C'\fR\*(L" or \*(R"\f(CW\*(C`SSLv2\*(C'\fR" which indicates the \&\s-1SSL/TLS\s0 protocol version to which \fIcipher\fR belongs (i.e. where it was defined @@ -295,138 +285,138 @@ in the specification the first time). .IX Subsection "DEALING WITH PROTOCOL CONTEXTS" Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 protocol context defined in the \fB\s-1SSL_CTX\s0\fR structure. -.Ip "int \fBSSL_CTX_add_client_CA\fR(\s-1SSL_CTX\s0 *ctx, X509 *x);" 4 +.IP "int \fBSSL_CTX_add_client_CA\fR(\s-1SSL_CTX\s0 *ctx, X509 *x);" 4 .IX Item "int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x);" .PD 0 -.Ip "long \fBSSL_CTX_add_extra_chain_cert\fR(\s-1SSL_CTX\s0 *ctx, X509 *x509);" 4 +.IP "long \fBSSL_CTX_add_extra_chain_cert\fR(\s-1SSL_CTX\s0 *ctx, X509 *x509);" 4 .IX Item "long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509);" -.Ip "int \fBSSL_CTX_add_session\fR(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *c);" 4 +.IP "int \fBSSL_CTX_add_session\fR(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *c);" 4 .IX Item "int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c);" -.Ip "int \fBSSL_CTX_check_private_key\fR(\s-1SSL_CTX\s0 *ctx);" 4 -.IX Item "int SSL_CTX_check_private_key(SSL_CTX *ctx);" -.Ip "long \fBSSL_CTX_ctrl\fR(\s-1SSL_CTX\s0 *ctx, int cmd, long larg, char *parg);" 4 +.IP "int \fBSSL_CTX_check_private_key\fR(const \s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_check_private_key(const SSL_CTX *ctx);" +.IP "long \fBSSL_CTX_ctrl\fR(\s-1SSL_CTX\s0 *ctx, int cmd, long larg, char *parg);" 4 .IX Item "long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg);" -.Ip "void \fBSSL_CTX_flush_sessions\fR(\s-1SSL_CTX\s0 *s, long t);" 4 +.IP "void \fBSSL_CTX_flush_sessions\fR(\s-1SSL_CTX\s0 *s, long t);" 4 .IX Item "void SSL_CTX_flush_sessions(SSL_CTX *s, long t);" -.Ip "void \fBSSL_CTX_free\fR(\s-1SSL_CTX\s0 *a);" 4 +.IP "void \fBSSL_CTX_free\fR(\s-1SSL_CTX\s0 *a);" 4 .IX Item "void SSL_CTX_free(SSL_CTX *a);" -.Ip "char *\fBSSL_CTX_get_app_data\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IP "char *\fBSSL_CTX_get_app_data\fR(\s-1SSL_CTX\s0 *ctx);" 4 .IX Item "char *SSL_CTX_get_app_data(SSL_CTX *ctx);" -.Ip "X509_STORE *\fBSSL_CTX_get_cert_store\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IP "X509_STORE *\fBSSL_CTX_get_cert_store\fR(\s-1SSL_CTX\s0 *ctx);" 4 .IX Item "X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *ctx);" -.Ip "\s-1STACK\s0 *\fBSSL_CTX_get_client_CA_list\fR(\s-1SSL_CTX\s0 *ctx);" 4 -.IX Item "STACK *SSL_CTX_get_client_CA_list(SSL_CTX *ctx);" -.Ip "int (*\fBSSL_CTX_get_client_cert_cb\fR(\s-1SSL_CTX\s0 *ctx))(\s-1SSL\s0 *ssl, X509 **x509, \s-1EVP_PKEY\s0 **pkey);" 4 +.IP "\s-1STACK\s0 *\fBSSL_CTX_get_client_CA_list\fR(const \s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "STACK *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx);" +.IP "int (*\fBSSL_CTX_get_client_cert_cb\fR(\s-1SSL_CTX\s0 *ctx))(\s-1SSL\s0 *ssl, X509 **x509, \s-1EVP_PKEY\s0 **pkey);" 4 .IX Item "int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);" -.Ip "char *\fBSSL_CTX_get_ex_data\fR(\s-1SSL_CTX\s0 *s, int idx);" 4 -.IX Item "char *SSL_CTX_get_ex_data(SSL_CTX *s, int idx);" -.Ip "int \fBSSL_CTX_get_ex_new_index\fR(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" 4 +.IP "char *\fBSSL_CTX_get_ex_data\fR(const \s-1SSL_CTX\s0 *s, int idx);" 4 +.IX Item "char *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx);" +.IP "int \fBSSL_CTX_get_ex_new_index\fR(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" 4 .IX Item "int SSL_CTX_get_ex_new_index(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" -.Ip "void (*\fBSSL_CTX_get_info_callback\fR(\s-1SSL_CTX\s0 *ctx))(\s-1SSL\s0 *ssl, int cb, int ret);" 4 +.IP "void (*\fBSSL_CTX_get_info_callback\fR(\s-1SSL_CTX\s0 *ctx))(\s-1SSL\s0 *ssl, int cb, int ret);" 4 .IX Item "void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(SSL *ssl, int cb, int ret);" -.Ip "int \fBSSL_CTX_get_quiet_shutdown\fR(\s-1SSL_CTX\s0 *ctx);" 4 -.IX Item "int SSL_CTX_get_quiet_shutdown(SSL_CTX *ctx);" -.Ip "int \fBSSL_CTX_get_session_cache_mode\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IP "int \fBSSL_CTX_get_quiet_shutdown\fR(const \s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);" +.IP "int \fBSSL_CTX_get_session_cache_mode\fR(\s-1SSL_CTX\s0 *ctx);" 4 .IX Item "int SSL_CTX_get_session_cache_mode(SSL_CTX *ctx);" -.Ip "long \fBSSL_CTX_get_timeout\fR(\s-1SSL_CTX\s0 *ctx);" 4 -.IX Item "long SSL_CTX_get_timeout(SSL_CTX *ctx);" -.Ip "int (*\fBSSL_CTX_get_verify_callback\fR(\s-1SSL_CTX\s0 *ctx))(int ok, X509_STORE_CTX *ctx);" 4 -.IX Item "int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(int ok, X509_STORE_CTX *ctx);" -.Ip "int \fBSSL_CTX_get_verify_mode\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IP "long \fBSSL_CTX_get_timeout\fR(const \s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "long SSL_CTX_get_timeout(const SSL_CTX *ctx);" +.IP "int (*\fBSSL_CTX_get_verify_callback\fR(const \s-1SSL_CTX\s0 *ctx))(int ok, X509_STORE_CTX *ctx);" 4 +.IX Item "int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int ok, X509_STORE_CTX *ctx);" +.IP "int \fBSSL_CTX_get_verify_mode\fR(\s-1SSL_CTX\s0 *ctx);" 4 .IX Item "int SSL_CTX_get_verify_mode(SSL_CTX *ctx);" -.Ip "int \fBSSL_CTX_load_verify_locations\fR(\s-1SSL_CTX\s0 *ctx, char *CAfile, char *CApath);" 4 +.IP "int \fBSSL_CTX_load_verify_locations\fR(\s-1SSL_CTX\s0 *ctx, char *CAfile, char *CApath);" 4 .IX Item "int SSL_CTX_load_verify_locations(SSL_CTX *ctx, char *CAfile, char *CApath);" -.Ip "long \fBSSL_CTX_need_tmp_RSA\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IP "long \fBSSL_CTX_need_tmp_RSA\fR(\s-1SSL_CTX\s0 *ctx);" 4 .IX Item "long SSL_CTX_need_tmp_RSA(SSL_CTX *ctx);" -.Ip "\s-1SSL_CTX\s0 *\fBSSL_CTX_new\fR(\s-1SSL_METHOD\s0 *meth);" 4 +.IP "\s-1SSL_CTX\s0 *\fBSSL_CTX_new\fR(\s-1SSL_METHOD\s0 *meth);" 4 .IX Item "SSL_CTX *SSL_CTX_new(SSL_METHOD *meth);" -.Ip "int \fBSSL_CTX_remove_session\fR(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *c);" 4 +.IP "int \fBSSL_CTX_remove_session\fR(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *c);" 4 .IX Item "int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c);" -.Ip "int \fBSSL_CTX_sess_accept\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IP "int \fBSSL_CTX_sess_accept\fR(\s-1SSL_CTX\s0 *ctx);" 4 .IX Item "int SSL_CTX_sess_accept(SSL_CTX *ctx);" -.Ip "int \fBSSL_CTX_sess_accept_good\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IP "int \fBSSL_CTX_sess_accept_good\fR(\s-1SSL_CTX\s0 *ctx);" 4 .IX Item "int SSL_CTX_sess_accept_good(SSL_CTX *ctx);" -.Ip "int \fBSSL_CTX_sess_accept_renegotiate\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IP "int \fBSSL_CTX_sess_accept_renegotiate\fR(\s-1SSL_CTX\s0 *ctx);" 4 .IX Item "int SSL_CTX_sess_accept_renegotiate(SSL_CTX *ctx);" -.Ip "int \fBSSL_CTX_sess_cache_full\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IP "int \fBSSL_CTX_sess_cache_full\fR(\s-1SSL_CTX\s0 *ctx);" 4 .IX Item "int SSL_CTX_sess_cache_full(SSL_CTX *ctx);" -.Ip "int \fBSSL_CTX_sess_cb_hits\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IP "int \fBSSL_CTX_sess_cb_hits\fR(\s-1SSL_CTX\s0 *ctx);" 4 .IX Item "int SSL_CTX_sess_cb_hits(SSL_CTX *ctx);" -.Ip "int \fBSSL_CTX_sess_connect\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IP "int \fBSSL_CTX_sess_connect\fR(\s-1SSL_CTX\s0 *ctx);" 4 .IX Item "int SSL_CTX_sess_connect(SSL_CTX *ctx);" -.Ip "int \fBSSL_CTX_sess_connect_good\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IP "int \fBSSL_CTX_sess_connect_good\fR(\s-1SSL_CTX\s0 *ctx);" 4 .IX Item "int SSL_CTX_sess_connect_good(SSL_CTX *ctx);" -.Ip "int \fBSSL_CTX_sess_connect_renegotiate\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IP "int \fBSSL_CTX_sess_connect_renegotiate\fR(\s-1SSL_CTX\s0 *ctx);" 4 .IX Item "int SSL_CTX_sess_connect_renegotiate(SSL_CTX *ctx);" -.Ip "int \fBSSL_CTX_sess_get_cache_size\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IP "int \fBSSL_CTX_sess_get_cache_size\fR(\s-1SSL_CTX\s0 *ctx);" 4 .IX Item "int SSL_CTX_sess_get_cache_size(SSL_CTX *ctx);" -.Ip "\s-1SSL_SESSION\s0 *(*\fBSSL_CTX_sess_get_get_cb\fR(\s-1SSL_CTX\s0 *ctx))(\s-1SSL\s0 *ssl, unsigned char *data, int len, int *copy);" 4 +.IP "\s-1SSL_SESSION\s0 *(*\fBSSL_CTX_sess_get_get_cb\fR(\s-1SSL_CTX\s0 *ctx))(\s-1SSL\s0 *ssl, unsigned char *data, int len, int *copy);" 4 .IX Item "SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, unsigned char *data, int len, int *copy);" -.Ip "int (*\fBSSL_CTX_sess_get_new_cb\fR(\s-1SSL_CTX\s0 *ctx)(\s-1SSL\s0 *ssl, \s-1SSL_SESSION\s0 *sess);" 4 +.IP "int (*\fBSSL_CTX_sess_get_new_cb\fR(\s-1SSL_CTX\s0 *ctx)(\s-1SSL\s0 *ssl, \s-1SSL_SESSION\s0 *sess);" 4 .IX Item "int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)(SSL *ssl, SSL_SESSION *sess);" -.Ip "void (*\fBSSL_CTX_sess_get_remove_cb\fR(\s-1SSL_CTX\s0 *ctx)(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *sess);" 4 +.IP "void (*\fBSSL_CTX_sess_get_remove_cb\fR(\s-1SSL_CTX\s0 *ctx)(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *sess);" 4 .IX Item "void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)(SSL_CTX *ctx, SSL_SESSION *sess);" -.Ip "int \fBSSL_CTX_sess_hits\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IP "int \fBSSL_CTX_sess_hits\fR(\s-1SSL_CTX\s0 *ctx);" 4 .IX Item "int SSL_CTX_sess_hits(SSL_CTX *ctx);" -.Ip "int \fBSSL_CTX_sess_misses\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IP "int \fBSSL_CTX_sess_misses\fR(\s-1SSL_CTX\s0 *ctx);" 4 .IX Item "int SSL_CTX_sess_misses(SSL_CTX *ctx);" -.Ip "int \fBSSL_CTX_sess_number\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IP "int \fBSSL_CTX_sess_number\fR(\s-1SSL_CTX\s0 *ctx);" 4 .IX Item "int SSL_CTX_sess_number(SSL_CTX *ctx);" -.Ip "void \fBSSL_CTX_sess_set_cache_size\fR(\s-1SSL_CTX\s0 *ctx,t);" 4 +.IP "void \fBSSL_CTX_sess_set_cache_size\fR(\s-1SSL_CTX\s0 *ctx,t);" 4 .IX Item "void SSL_CTX_sess_set_cache_size(SSL_CTX *ctx,t);" -.Ip "void \fBSSL_CTX_sess_set_get_cb\fR(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *(*cb)(\s-1SSL\s0 *ssl, unsigned char *data, int len, int *copy));" 4 +.IP "void \fBSSL_CTX_sess_set_get_cb\fR(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *(*cb)(\s-1SSL\s0 *ssl, unsigned char *data, int len, int *copy));" 4 .IX Item "void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*cb)(SSL *ssl, unsigned char *data, int len, int *copy));" -.Ip "void \fBSSL_CTX_sess_set_new_cb\fR(\s-1SSL_CTX\s0 *ctx, int (*cb)(\s-1SSL\s0 *ssl, \s-1SSL_SESSION\s0 *sess));" 4 +.IP "void \fBSSL_CTX_sess_set_new_cb\fR(\s-1SSL_CTX\s0 *ctx, int (*cb)(\s-1SSL\s0 *ssl, \s-1SSL_SESSION\s0 *sess));" 4 .IX Item "void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, SSL_SESSION *sess));" -.Ip "void \fBSSL_CTX_sess_set_remove_cb\fR(\s-1SSL_CTX\s0 *ctx, void (*cb)(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *sess));" 4 +.IP "void \fBSSL_CTX_sess_set_remove_cb\fR(\s-1SSL_CTX\s0 *ctx, void (*cb)(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *sess));" 4 .IX Item "void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess));" -.Ip "int \fBSSL_CTX_sess_timeouts\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IP "int \fBSSL_CTX_sess_timeouts\fR(\s-1SSL_CTX\s0 *ctx);" 4 .IX Item "int SSL_CTX_sess_timeouts(SSL_CTX *ctx);" -.Ip "\s-1LHASH\s0 *\fBSSL_CTX_sessions\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IP "\s-1LHASH\s0 *\fBSSL_CTX_sessions\fR(\s-1SSL_CTX\s0 *ctx);" 4 .IX Item "LHASH *SSL_CTX_sessions(SSL_CTX *ctx);" -.Ip "void \fBSSL_CTX_set_app_data\fR(\s-1SSL_CTX\s0 *ctx, void *arg);" 4 +.IP "void \fBSSL_CTX_set_app_data\fR(\s-1SSL_CTX\s0 *ctx, void *arg);" 4 .IX Item "void SSL_CTX_set_app_data(SSL_CTX *ctx, void *arg);" -.Ip "void \fBSSL_CTX_set_cert_store\fR(\s-1SSL_CTX\s0 *ctx, X509_STORE *cs);" 4 +.IP "void \fBSSL_CTX_set_cert_store\fR(\s-1SSL_CTX\s0 *ctx, X509_STORE *cs);" 4 .IX Item "void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *cs);" -.Ip "void \fBSSL_CTX_set_cert_verify_cb\fR(\s-1SSL_CTX\s0 *ctx, int (*cb)(), char *arg)" 4 +.IP "void \fBSSL_CTX_set_cert_verify_cb\fR(\s-1SSL_CTX\s0 *ctx, int (*cb)(), char *arg)" 4 .IX Item "void SSL_CTX_set_cert_verify_cb(SSL_CTX *ctx, int (*cb)(), char *arg)" -.Ip "int \fBSSL_CTX_set_cipher_list\fR(\s-1SSL_CTX\s0 *ctx, char *str);" 4 +.IP "int \fBSSL_CTX_set_cipher_list\fR(\s-1SSL_CTX\s0 *ctx, char *str);" 4 .IX Item "int SSL_CTX_set_cipher_list(SSL_CTX *ctx, char *str);" -.Ip "void \fBSSL_CTX_set_client_CA_list\fR(\s-1SSL_CTX\s0 *ctx, \s-1STACK\s0 *list);" 4 +.IP "void \fBSSL_CTX_set_client_CA_list\fR(\s-1SSL_CTX\s0 *ctx, \s-1STACK\s0 *list);" 4 .IX Item "void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK *list);" -.Ip "void \fBSSL_CTX_set_client_cert_cb\fR(\s-1SSL_CTX\s0 *ctx, int (*cb)(\s-1SSL\s0 *ssl, X509 **x509, \s-1EVP_PKEY\s0 **pkey));" 4 +.IP "void \fBSSL_CTX_set_client_cert_cb\fR(\s-1SSL_CTX\s0 *ctx, int (*cb)(\s-1SSL\s0 *ssl, X509 **x509, \s-1EVP_PKEY\s0 **pkey));" 4 .IX Item "void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));" -.Ip "void \fBSSL_CTX_set_default_passwd_cb\fR(\s-1SSL_CTX\s0 *ctx, int (*cb);(void))" 4 +.IP "void \fBSSL_CTX_set_default_passwd_cb\fR(\s-1SSL_CTX\s0 *ctx, int (*cb);(void))" 4 .IX Item "void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, int (*cb);(void))" -.Ip "void \fBSSL_CTX_set_default_read_ahead\fR(\s-1SSL_CTX\s0 *ctx, int m);" 4 +.IP "void \fBSSL_CTX_set_default_read_ahead\fR(\s-1SSL_CTX\s0 *ctx, int m);" 4 .IX Item "void SSL_CTX_set_default_read_ahead(SSL_CTX *ctx, int m);" -.Ip "int \fBSSL_CTX_set_default_verify_paths\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IP "int \fBSSL_CTX_set_default_verify_paths\fR(\s-1SSL_CTX\s0 *ctx);" 4 .IX Item "int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);" -.Ip "int \fBSSL_CTX_set_ex_data\fR(\s-1SSL_CTX\s0 *s, int idx, char *arg);" 4 +.IP "int \fBSSL_CTX_set_ex_data\fR(\s-1SSL_CTX\s0 *s, int idx, char *arg);" 4 .IX Item "int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, char *arg);" -.Ip "void \fBSSL_CTX_set_info_callback\fR(\s-1SSL_CTX\s0 *ctx, void (*cb)(\s-1SSL\s0 *ssl, int cb, int ret));" 4 +.IP "void \fBSSL_CTX_set_info_callback\fR(\s-1SSL_CTX\s0 *ctx, void (*cb)(\s-1SSL\s0 *ssl, int cb, int ret));" 4 .IX Item "void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(SSL *ssl, int cb, int ret));" -.Ip "void \fBSSL_CTX_set_msg_callback\fR(\s-1SSL_CTX\s0 *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, \s-1SSL\s0 *ssl, void *arg));" 4 +.IP "void \fBSSL_CTX_set_msg_callback\fR(\s-1SSL_CTX\s0 *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, \s-1SSL\s0 *ssl, void *arg));" 4 .IX Item "void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));" -.Ip "void \fBSSL_CTX_set_msg_callback_arg\fR(\s-1SSL_CTX\s0 *ctx, void *arg);" 4 +.IP "void \fBSSL_CTX_set_msg_callback_arg\fR(\s-1SSL_CTX\s0 *ctx, void *arg);" 4 .IX Item "void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg);" -.Ip "void \fBSSL_CTX_set_options\fR(\s-1SSL_CTX\s0 *ctx, unsigned long op);" 4 +.IP "void \fBSSL_CTX_set_options\fR(\s-1SSL_CTX\s0 *ctx, unsigned long op);" 4 .IX Item "void SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op);" -.Ip "void \fBSSL_CTX_set_quiet_shutdown\fR(\s-1SSL_CTX\s0 *ctx, int mode);" 4 +.IP "void \fBSSL_CTX_set_quiet_shutdown\fR(\s-1SSL_CTX\s0 *ctx, int mode);" 4 .IX Item "void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode);" -.Ip "void \fBSSL_CTX_set_session_cache_mode\fR(\s-1SSL_CTX\s0 *ctx, int mode);" 4 +.IP "void \fBSSL_CTX_set_session_cache_mode\fR(\s-1SSL_CTX\s0 *ctx, int mode);" 4 .IX Item "void SSL_CTX_set_session_cache_mode(SSL_CTX *ctx, int mode);" -.Ip "int \fBSSL_CTX_set_ssl_version\fR(\s-1SSL_CTX\s0 *ctx, \s-1SSL_METHOD\s0 *meth);" 4 +.IP "int \fBSSL_CTX_set_ssl_version\fR(\s-1SSL_CTX\s0 *ctx, \s-1SSL_METHOD\s0 *meth);" 4 .IX Item "int SSL_CTX_set_ssl_version(SSL_CTX *ctx, SSL_METHOD *meth);" -.Ip "void \fBSSL_CTX_set_timeout\fR(\s-1SSL_CTX\s0 *ctx, long t);" 4 +.IP "void \fBSSL_CTX_set_timeout\fR(\s-1SSL_CTX\s0 *ctx, long t);" 4 .IX Item "void SSL_CTX_set_timeout(SSL_CTX *ctx, long t);" -.Ip "long \fBSSL_CTX_set_tmp_dh\fR(SSL_CTX* ctx, \s-1DH\s0 *dh);" 4 +.IP "long \fBSSL_CTX_set_tmp_dh\fR(SSL_CTX* ctx, \s-1DH\s0 *dh);" 4 .IX Item "long SSL_CTX_set_tmp_dh(SSL_CTX* ctx, DH *dh);" -.Ip "long \fBSSL_CTX_set_tmp_dh_callback\fR(\s-1SSL_CTX\s0 *ctx, \s-1DH\s0 *(*cb)(void));" 4 +.IP "long \fBSSL_CTX_set_tmp_dh_callback\fR(\s-1SSL_CTX\s0 *ctx, \s-1DH\s0 *(*cb)(void));" 4 .IX Item "long SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*cb)(void));" -.Ip "long \fBSSL_CTX_set_tmp_rsa\fR(\s-1SSL_CTX\s0 *ctx, \s-1RSA\s0 *rsa);" 4 +.IP "long \fBSSL_CTX_set_tmp_rsa\fR(\s-1SSL_CTX\s0 *ctx, \s-1RSA\s0 *rsa);" 4 .IX Item "long SSL_CTX_set_tmp_rsa(SSL_CTX *ctx, RSA *rsa);" -.Ip "SSL_CTX_set_tmp_rsa_callback" 4 +.IP "SSL_CTX_set_tmp_rsa_callback" 4 .IX Item "SSL_CTX_set_tmp_rsa_callback" .PD \&\f(CW\*(C`long \f(CBSSL_CTX_set_tmp_rsa_callback\f(CW(SSL_CTX *\f(CBctx\f(CW, RSA *(*\f(CBcb\f(CW)(SSL *\f(CBssl\f(CW, int \f(CBexport\f(CW, int \f(CBkeylength\f(CW));\*(C'\fR @@ -436,379 +426,379 @@ required. The \fB\f(CB\*(C`export\*(C'\fB\fR flag will be set if the reason for a temp key is that an export ciphersuite is in use, in which case, \&\fB\f(CB\*(C`keylength\*(C'\fB\fR will contain the required keylength in bits. Generate a key of appropriate size (using ???) and return it. -.Ip "SSL_set_tmp_rsa_callback" 4 +.IP "SSL_set_tmp_rsa_callback" 4 .IX Item "SSL_set_tmp_rsa_callback" long \fBSSL_set_tmp_rsa_callback\fR(\s-1SSL\s0 *ssl, \s-1RSA\s0 *(*cb)(\s-1SSL\s0 *ssl, int export, int keylength)); .Sp The same as \fBSSL_CTX_set_tmp_rsa_callback\fR, except it operates on an \s-1SSL\s0 session instead of a context. -.Ip "void \fBSSL_CTX_set_verify\fR(\s-1SSL_CTX\s0 *ctx, int mode, int (*cb);(void))" 4 +.IP "void \fBSSL_CTX_set_verify\fR(\s-1SSL_CTX\s0 *ctx, int mode, int (*cb);(void))" 4 .IX Item "void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*cb);(void))" .PD 0 -.Ip "int \fBSSL_CTX_use_PrivateKey\fR(\s-1SSL_CTX\s0 *ctx, \s-1EVP_PKEY\s0 *pkey);" 4 +.IP "int \fBSSL_CTX_use_PrivateKey\fR(\s-1SSL_CTX\s0 *ctx, \s-1EVP_PKEY\s0 *pkey);" 4 .IX Item "int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);" -.Ip "int \fBSSL_CTX_use_PrivateKey_ASN1\fR(int type, \s-1SSL_CTX\s0 *ctx, unsigned char *d, long len);" 4 +.IP "int \fBSSL_CTX_use_PrivateKey_ASN1\fR(int type, \s-1SSL_CTX\s0 *ctx, unsigned char *d, long len);" 4 .IX Item "int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, unsigned char *d, long len);" -.Ip "int \fBSSL_CTX_use_PrivateKey_file\fR(\s-1SSL_CTX\s0 *ctx, char *file, int type);" 4 +.IP "int \fBSSL_CTX_use_PrivateKey_file\fR(\s-1SSL_CTX\s0 *ctx, char *file, int type);" 4 .IX Item "int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, char *file, int type);" -.Ip "int \fBSSL_CTX_use_RSAPrivateKey\fR(\s-1SSL_CTX\s0 *ctx, \s-1RSA\s0 *rsa);" 4 +.IP "int \fBSSL_CTX_use_RSAPrivateKey\fR(\s-1SSL_CTX\s0 *ctx, \s-1RSA\s0 *rsa);" 4 .IX Item "int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);" -.Ip "int \fBSSL_CTX_use_RSAPrivateKey_ASN1\fR(\s-1SSL_CTX\s0 *ctx, unsigned char *d, long len);" 4 +.IP "int \fBSSL_CTX_use_RSAPrivateKey_ASN1\fR(\s-1SSL_CTX\s0 *ctx, unsigned char *d, long len);" 4 .IX Item "int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len);" -.Ip "int \fBSSL_CTX_use_RSAPrivateKey_file\fR(\s-1SSL_CTX\s0 *ctx, char *file, int type);" 4 +.IP "int \fBSSL_CTX_use_RSAPrivateKey_file\fR(\s-1SSL_CTX\s0 *ctx, char *file, int type);" 4 .IX Item "int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, char *file, int type);" -.Ip "int \fBSSL_CTX_use_certificate\fR(\s-1SSL_CTX\s0 *ctx, X509 *x);" 4 +.IP "int \fBSSL_CTX_use_certificate\fR(\s-1SSL_CTX\s0 *ctx, X509 *x);" 4 .IX Item "int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);" -.Ip "int \fBSSL_CTX_use_certificate_ASN1\fR(\s-1SSL_CTX\s0 *ctx, int len, unsigned char *d);" 4 +.IP "int \fBSSL_CTX_use_certificate_ASN1\fR(\s-1SSL_CTX\s0 *ctx, int len, unsigned char *d);" 4 .IX Item "int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d);" -.Ip "int \fBSSL_CTX_use_certificate_file\fR(\s-1SSL_CTX\s0 *ctx, char *file, int type);" 4 +.IP "int \fBSSL_CTX_use_certificate_file\fR(\s-1SSL_CTX\s0 *ctx, char *file, int type);" 4 .IX Item "int SSL_CTX_use_certificate_file(SSL_CTX *ctx, char *file, int type);" .PD .Sh "\s-1DEALING\s0 \s-1WITH\s0 \s-1SESSIONS\s0" .IX Subsection "DEALING WITH SESSIONS" Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 sessions defined in the \fB\s-1SSL_SESSION\s0\fR structures. -.Ip "int \fBSSL_SESSION_cmp\fR(\s-1SSL_SESSION\s0 *a, \s-1SSL_SESSION\s0 *b);" 4 -.IX Item "int SSL_SESSION_cmp(SSL_SESSION *a, SSL_SESSION *b);" +.IP "int \fBSSL_SESSION_cmp\fR(const \s-1SSL_SESSION\s0 *a, const \s-1SSL_SESSION\s0 *b);" 4 +.IX Item "int SSL_SESSION_cmp(const SSL_SESSION *a, const SSL_SESSION *b);" .PD 0 -.Ip "void \fBSSL_SESSION_free\fR(\s-1SSL_SESSION\s0 *ss);" 4 +.IP "void \fBSSL_SESSION_free\fR(\s-1SSL_SESSION\s0 *ss);" 4 .IX Item "void SSL_SESSION_free(SSL_SESSION *ss);" -.Ip "char *\fBSSL_SESSION_get_app_data\fR(\s-1SSL_SESSION\s0 *s);" 4 +.IP "char *\fBSSL_SESSION_get_app_data\fR(\s-1SSL_SESSION\s0 *s);" 4 .IX Item "char *SSL_SESSION_get_app_data(SSL_SESSION *s);" -.Ip "char *\fBSSL_SESSION_get_ex_data\fR(\s-1SSL_SESSION\s0 *s, int idx);" 4 -.IX Item "char *SSL_SESSION_get_ex_data(SSL_SESSION *s, int idx);" -.Ip "int \fBSSL_SESSION_get_ex_new_index\fR(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" 4 +.IP "char *\fBSSL_SESSION_get_ex_data\fR(const \s-1SSL_SESSION\s0 *s, int idx);" 4 +.IX Item "char *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx);" +.IP "int \fBSSL_SESSION_get_ex_new_index\fR(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" 4 .IX Item "int SSL_SESSION_get_ex_new_index(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" -.Ip "long \fBSSL_SESSION_get_time\fR(\s-1SSL_SESSION\s0 *s);" 4 -.IX Item "long SSL_SESSION_get_time(SSL_SESSION *s);" -.Ip "long \fBSSL_SESSION_get_timeout\fR(\s-1SSL_SESSION\s0 *s);" 4 -.IX Item "long SSL_SESSION_get_timeout(SSL_SESSION *s);" -.Ip "unsigned long \fBSSL_SESSION_hash\fR(\s-1SSL_SESSION\s0 *a);" 4 -.IX Item "unsigned long SSL_SESSION_hash(SSL_SESSION *a);" -.Ip "\s-1SSL_SESSION\s0 *\fBSSL_SESSION_new\fR(void);" 4 +.IP "long \fBSSL_SESSION_get_time\fR(const \s-1SSL_SESSION\s0 *s);" 4 +.IX Item "long SSL_SESSION_get_time(const SSL_SESSION *s);" +.IP "long \fBSSL_SESSION_get_timeout\fR(const \s-1SSL_SESSION\s0 *s);" 4 +.IX Item "long SSL_SESSION_get_timeout(const SSL_SESSION *s);" +.IP "unsigned long \fBSSL_SESSION_hash\fR(const \s-1SSL_SESSION\s0 *a);" 4 +.IX Item "unsigned long SSL_SESSION_hash(const SSL_SESSION *a);" +.IP "\s-1SSL_SESSION\s0 *\fBSSL_SESSION_new\fR(void);" 4 .IX Item "SSL_SESSION *SSL_SESSION_new(void);" -.Ip "int \fBSSL_SESSION_print\fR(\s-1BIO\s0 *bp, \s-1SSL_SESSION\s0 *x);" 4 -.IX Item "int SSL_SESSION_print(BIO *bp, SSL_SESSION *x);" -.Ip "int \fBSSL_SESSION_print_fp\fR(\s-1FILE\s0 *fp, \s-1SSL_SESSION\s0 *x);" 4 -.IX Item "int SSL_SESSION_print_fp(FILE *fp, SSL_SESSION *x);" -.Ip "void \fBSSL_SESSION_set_app_data\fR(\s-1SSL_SESSION\s0 *s, char *a);" 4 +.IP "int \fBSSL_SESSION_print\fR(\s-1BIO\s0 *bp, const \s-1SSL_SESSION\s0 *x);" 4 +.IX Item "int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x);" +.IP "int \fBSSL_SESSION_print_fp\fR(\s-1FILE\s0 *fp, const \s-1SSL_SESSION\s0 *x);" 4 +.IX Item "int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x);" +.IP "void \fBSSL_SESSION_set_app_data\fR(\s-1SSL_SESSION\s0 *s, char *a);" 4 .IX Item "void SSL_SESSION_set_app_data(SSL_SESSION *s, char *a);" -.Ip "int \fBSSL_SESSION_set_ex_data\fR(\s-1SSL_SESSION\s0 *s, int idx, char *arg);" 4 +.IP "int \fBSSL_SESSION_set_ex_data\fR(\s-1SSL_SESSION\s0 *s, int idx, char *arg);" 4 .IX Item "int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, char *arg);" -.Ip "long \fBSSL_SESSION_set_time\fR(\s-1SSL_SESSION\s0 *s, long t);" 4 +.IP "long \fBSSL_SESSION_set_time\fR(\s-1SSL_SESSION\s0 *s, long t);" 4 .IX Item "long SSL_SESSION_set_time(SSL_SESSION *s, long t);" -.Ip "long \fBSSL_SESSION_set_timeout\fR(\s-1SSL_SESSION\s0 *s, long t);" 4 +.IP "long \fBSSL_SESSION_set_timeout\fR(\s-1SSL_SESSION\s0 *s, long t);" 4 .IX Item "long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);" .PD .Sh "\s-1DEALING\s0 \s-1WITH\s0 \s-1CONNECTIONS\s0" .IX Subsection "DEALING WITH CONNECTIONS" Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 connection defined in the \fB\s-1SSL\s0\fR structure. -.Ip "int \fBSSL_accept\fR(\s-1SSL\s0 *ssl);" 4 +.IP "int \fBSSL_accept\fR(\s-1SSL\s0 *ssl);" 4 .IX Item "int SSL_accept(SSL *ssl);" .PD 0 -.Ip "int \fBSSL_add_dir_cert_subjects_to_stack\fR(\s-1STACK\s0 *stack, const char *dir);" 4 +.IP "int \fBSSL_add_dir_cert_subjects_to_stack\fR(\s-1STACK\s0 *stack, const char *dir);" 4 .IX Item "int SSL_add_dir_cert_subjects_to_stack(STACK *stack, const char *dir);" -.Ip "int \fBSSL_add_file_cert_subjects_to_stack\fR(\s-1STACK\s0 *stack, const char *file);" 4 +.IP "int \fBSSL_add_file_cert_subjects_to_stack\fR(\s-1STACK\s0 *stack, const char *file);" 4 .IX Item "int SSL_add_file_cert_subjects_to_stack(STACK *stack, const char *file);" -.Ip "int \fBSSL_add_client_CA\fR(\s-1SSL\s0 *ssl, X509 *x);" 4 +.IP "int \fBSSL_add_client_CA\fR(\s-1SSL\s0 *ssl, X509 *x);" 4 .IX Item "int SSL_add_client_CA(SSL *ssl, X509 *x);" -.Ip "char *\fBSSL_alert_desc_string\fR(int value);" 4 +.IP "char *\fBSSL_alert_desc_string\fR(int value);" 4 .IX Item "char *SSL_alert_desc_string(int value);" -.Ip "char *\fBSSL_alert_desc_string_long\fR(int value);" 4 +.IP "char *\fBSSL_alert_desc_string_long\fR(int value);" 4 .IX Item "char *SSL_alert_desc_string_long(int value);" -.Ip "char *\fBSSL_alert_type_string\fR(int value);" 4 +.IP "char *\fBSSL_alert_type_string\fR(int value);" 4 .IX Item "char *SSL_alert_type_string(int value);" -.Ip "char *\fBSSL_alert_type_string_long\fR(int value);" 4 +.IP "char *\fBSSL_alert_type_string_long\fR(int value);" 4 .IX Item "char *SSL_alert_type_string_long(int value);" -.Ip "int \fBSSL_check_private_key\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_check_private_key(SSL *ssl);" -.Ip "void \fBSSL_clear\fR(\s-1SSL\s0 *ssl);" 4 +.IP "int \fBSSL_check_private_key\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_check_private_key(const SSL *ssl);" +.IP "void \fBSSL_clear\fR(\s-1SSL\s0 *ssl);" 4 .IX Item "void SSL_clear(SSL *ssl);" -.Ip "long \fBSSL_clear_num_renegotiations\fR(\s-1SSL\s0 *ssl);" 4 +.IP "long \fBSSL_clear_num_renegotiations\fR(\s-1SSL\s0 *ssl);" 4 .IX Item "long SSL_clear_num_renegotiations(SSL *ssl);" -.Ip "int \fBSSL_connect\fR(\s-1SSL\s0 *ssl);" 4 +.IP "int \fBSSL_connect\fR(\s-1SSL\s0 *ssl);" 4 .IX Item "int SSL_connect(SSL *ssl);" -.Ip "void \fBSSL_copy_session_id\fR(\s-1SSL\s0 *t, \s-1SSL\s0 *f);" 4 -.IX Item "void SSL_copy_session_id(SSL *t, SSL *f);" -.Ip "long \fBSSL_ctrl\fR(\s-1SSL\s0 *ssl, int cmd, long larg, char *parg);" 4 +.IP "void \fBSSL_copy_session_id\fR(\s-1SSL\s0 *t, const \s-1SSL\s0 *f);" 4 +.IX Item "void SSL_copy_session_id(SSL *t, const SSL *f);" +.IP "long \fBSSL_ctrl\fR(\s-1SSL\s0 *ssl, int cmd, long larg, char *parg);" 4 .IX Item "long SSL_ctrl(SSL *ssl, int cmd, long larg, char *parg);" -.Ip "int \fBSSL_do_handshake\fR(\s-1SSL\s0 *ssl);" 4 +.IP "int \fBSSL_do_handshake\fR(\s-1SSL\s0 *ssl);" 4 .IX Item "int SSL_do_handshake(SSL *ssl);" -.Ip "\s-1SSL\s0 *\fBSSL_dup\fR(\s-1SSL\s0 *ssl);" 4 +.IP "\s-1SSL\s0 *\fBSSL_dup\fR(\s-1SSL\s0 *ssl);" 4 .IX Item "SSL *SSL_dup(SSL *ssl);" -.Ip "\s-1STACK\s0 *\fBSSL_dup_CA_list\fR(\s-1STACK\s0 *sk);" 4 +.IP "\s-1STACK\s0 *\fBSSL_dup_CA_list\fR(\s-1STACK\s0 *sk);" 4 .IX Item "STACK *SSL_dup_CA_list(STACK *sk);" -.Ip "void \fBSSL_free\fR(\s-1SSL\s0 *ssl);" 4 +.IP "void \fBSSL_free\fR(\s-1SSL\s0 *ssl);" 4 .IX Item "void SSL_free(SSL *ssl);" -.Ip "\s-1SSL_CTX\s0 *\fBSSL_get_SSL_CTX\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "SSL_CTX *SSL_get_SSL_CTX(SSL *ssl);" -.Ip "char *\fBSSL_get_app_data\fR(\s-1SSL\s0 *ssl);" 4 +.IP "\s-1SSL_CTX\s0 *\fBSSL_get_SSL_CTX\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);" +.IP "char *\fBSSL_get_app_data\fR(\s-1SSL\s0 *ssl);" 4 .IX Item "char *SSL_get_app_data(SSL *ssl);" -.Ip "X509 *\fBSSL_get_certificate\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "X509 *SSL_get_certificate(SSL *ssl);" -.Ip "const char *\fBSSL_get_cipher\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "const char *SSL_get_cipher(SSL *ssl);" -.Ip "int \fBSSL_get_cipher_bits\fR(\s-1SSL\s0 *ssl, int *alg_bits);" 4 -.IX Item "int SSL_get_cipher_bits(SSL *ssl, int *alg_bits);" -.Ip "char *\fBSSL_get_cipher_list\fR(\s-1SSL\s0 *ssl, int n);" 4 -.IX Item "char *SSL_get_cipher_list(SSL *ssl, int n);" -.Ip "char *\fBSSL_get_cipher_name\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "char *SSL_get_cipher_name(SSL *ssl);" -.Ip "char *\fBSSL_get_cipher_version\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "char *SSL_get_cipher_version(SSL *ssl);" -.Ip "\s-1STACK\s0 *\fBSSL_get_ciphers\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "STACK *SSL_get_ciphers(SSL *ssl);" -.Ip "\s-1STACK\s0 *\fBSSL_get_client_CA_list\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "STACK *SSL_get_client_CA_list(SSL *ssl);" -.Ip "\s-1SSL_CIPHER\s0 *\fBSSL_get_current_cipher\fR(\s-1SSL\s0 *ssl);" 4 +.IP "X509 *\fBSSL_get_certificate\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "X509 *SSL_get_certificate(const SSL *ssl);" +.IP "const char *\fBSSL_get_cipher\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "const char *SSL_get_cipher(const SSL *ssl);" +.IP "int \fBSSL_get_cipher_bits\fR(const \s-1SSL\s0 *ssl, int *alg_bits);" 4 +.IX Item "int SSL_get_cipher_bits(const SSL *ssl, int *alg_bits);" +.IP "char *\fBSSL_get_cipher_list\fR(const \s-1SSL\s0 *ssl, int n);" 4 +.IX Item "char *SSL_get_cipher_list(const SSL *ssl, int n);" +.IP "char *\fBSSL_get_cipher_name\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "char *SSL_get_cipher_name(const SSL *ssl);" +.IP "char *\fBSSL_get_cipher_version\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "char *SSL_get_cipher_version(const SSL *ssl);" +.IP "\s-1STACK\s0 *\fBSSL_get_ciphers\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "STACK *SSL_get_ciphers(const SSL *ssl);" +.IP "\s-1STACK\s0 *\fBSSL_get_client_CA_list\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "STACK *SSL_get_client_CA_list(const SSL *ssl);" +.IP "\s-1SSL_CIPHER\s0 *\fBSSL_get_current_cipher\fR(\s-1SSL\s0 *ssl);" 4 .IX Item "SSL_CIPHER *SSL_get_current_cipher(SSL *ssl);" -.Ip "long \fBSSL_get_default_timeout\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "long SSL_get_default_timeout(SSL *ssl);" -.Ip "int \fBSSL_get_error\fR(\s-1SSL\s0 *ssl, int i);" 4 -.IX Item "int SSL_get_error(SSL *ssl, int i);" -.Ip "char *\fBSSL_get_ex_data\fR(\s-1SSL\s0 *ssl, int idx);" 4 -.IX Item "char *SSL_get_ex_data(SSL *ssl, int idx);" -.Ip "int \fBSSL_get_ex_data_X509_STORE_CTX_idx\fR(void);" 4 +.IP "long \fBSSL_get_default_timeout\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "long SSL_get_default_timeout(const SSL *ssl);" +.IP "int \fBSSL_get_error\fR(const \s-1SSL\s0 *ssl, int i);" 4 +.IX Item "int SSL_get_error(const SSL *ssl, int i);" +.IP "char *\fBSSL_get_ex_data\fR(const \s-1SSL\s0 *ssl, int idx);" 4 +.IX Item "char *SSL_get_ex_data(const SSL *ssl, int idx);" +.IP "int \fBSSL_get_ex_data_X509_STORE_CTX_idx\fR(void);" 4 .IX Item "int SSL_get_ex_data_X509_STORE_CTX_idx(void);" -.Ip "int \fBSSL_get_ex_new_index\fR(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" 4 +.IP "int \fBSSL_get_ex_new_index\fR(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" 4 .IX Item "int SSL_get_ex_new_index(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" -.Ip "int \fBSSL_get_fd\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_get_fd(SSL *ssl);" -.Ip "void (*\fBSSL_get_info_callback\fR(\s-1SSL\s0 *ssl);)(void)" 4 -.IX Item "void (*SSL_get_info_callback(SSL *ssl);)(void)" -.Ip "\s-1STACK\s0 *\fBSSL_get_peer_cert_chain\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "STACK *SSL_get_peer_cert_chain(SSL *ssl);" -.Ip "X509 *\fBSSL_get_peer_certificate\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "X509 *SSL_get_peer_certificate(SSL *ssl);" -.Ip "\s-1EVP_PKEY\s0 *\fBSSL_get_privatekey\fR(\s-1SSL\s0 *ssl);" 4 +.IP "int \fBSSL_get_fd\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_get_fd(const SSL *ssl);" +.IP "void (*\fBSSL_get_info_callback\fR(const \s-1SSL\s0 *ssl);)()" 4 +.IX Item "void (*SSL_get_info_callback(const SSL *ssl);)()" +.IP "\s-1STACK\s0 *\fBSSL_get_peer_cert_chain\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "STACK *SSL_get_peer_cert_chain(const SSL *ssl);" +.IP "X509 *\fBSSL_get_peer_certificate\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "X509 *SSL_get_peer_certificate(const SSL *ssl);" +.IP "\s-1EVP_PKEY\s0 *\fBSSL_get_privatekey\fR(\s-1SSL\s0 *ssl);" 4 .IX Item "EVP_PKEY *SSL_get_privatekey(SSL *ssl);" -.Ip "int \fBSSL_get_quiet_shutdown\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_get_quiet_shutdown(SSL *ssl);" -.Ip "\s-1BIO\s0 *\fBSSL_get_rbio\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "BIO *SSL_get_rbio(SSL *ssl);" -.Ip "int \fBSSL_get_read_ahead\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_get_read_ahead(SSL *ssl);" -.Ip "\s-1SSL_SESSION\s0 *\fBSSL_get_session\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "SSL_SESSION *SSL_get_session(SSL *ssl);" -.Ip "char *\fBSSL_get_shared_ciphers\fR(\s-1SSL\s0 *ssl, char *buf, int len);" 4 -.IX Item "char *SSL_get_shared_ciphers(SSL *ssl, char *buf, int len);" -.Ip "int \fBSSL_get_shutdown\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_get_shutdown(SSL *ssl);" -.Ip "\s-1SSL_METHOD\s0 *\fBSSL_get_ssl_method\fR(\s-1SSL\s0 *ssl);" 4 +.IP "int \fBSSL_get_quiet_shutdown\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_get_quiet_shutdown(const SSL *ssl);" +.IP "\s-1BIO\s0 *\fBSSL_get_rbio\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "BIO *SSL_get_rbio(const SSL *ssl);" +.IP "int \fBSSL_get_read_ahead\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_get_read_ahead(const SSL *ssl);" +.IP "\s-1SSL_SESSION\s0 *\fBSSL_get_session\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "SSL_SESSION *SSL_get_session(const SSL *ssl);" +.IP "char *\fBSSL_get_shared_ciphers\fR(const \s-1SSL\s0 *ssl, char *buf, int len);" 4 +.IX Item "char *SSL_get_shared_ciphers(const SSL *ssl, char *buf, int len);" +.IP "int \fBSSL_get_shutdown\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_get_shutdown(const SSL *ssl);" +.IP "\s-1SSL_METHOD\s0 *\fBSSL_get_ssl_method\fR(\s-1SSL\s0 *ssl);" 4 .IX Item "SSL_METHOD *SSL_get_ssl_method(SSL *ssl);" -.Ip "int \fBSSL_get_state\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_get_state(SSL *ssl);" -.Ip "long \fBSSL_get_time\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "long SSL_get_time(SSL *ssl);" -.Ip "long \fBSSL_get_timeout\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "long SSL_get_timeout(SSL *ssl);" -.Ip "int (*\fBSSL_get_verify_callback\fR(\s-1SSL\s0 *ssl);)(void)" 4 -.IX Item "int (*SSL_get_verify_callback(SSL *ssl);)(void)" -.Ip "int \fBSSL_get_verify_mode\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_get_verify_mode(SSL *ssl);" -.Ip "long \fBSSL_get_verify_result\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "long SSL_get_verify_result(SSL *ssl);" -.Ip "char *\fBSSL_get_version\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "char *SSL_get_version(SSL *ssl);" -.Ip "\s-1BIO\s0 *\fBSSL_get_wbio\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "BIO *SSL_get_wbio(SSL *ssl);" -.Ip "int \fBSSL_in_accept_init\fR(\s-1SSL\s0 *ssl);" 4 +.IP "int \fBSSL_get_state\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_get_state(const SSL *ssl);" +.IP "long \fBSSL_get_time\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "long SSL_get_time(const SSL *ssl);" +.IP "long \fBSSL_get_timeout\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "long SSL_get_timeout(const SSL *ssl);" +.IP "int (*\fBSSL_get_verify_callback\fR(const \s-1SSL\s0 *ssl))(int,X509_STORE_CTX *)" 4 +.IX Item "int (*SSL_get_verify_callback(const SSL *ssl))(int,X509_STORE_CTX *)" +.IP "int \fBSSL_get_verify_mode\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_get_verify_mode(const SSL *ssl);" +.IP "long \fBSSL_get_verify_result\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "long SSL_get_verify_result(const SSL *ssl);" +.IP "char *\fBSSL_get_version\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "char *SSL_get_version(const SSL *ssl);" +.IP "\s-1BIO\s0 *\fBSSL_get_wbio\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "BIO *SSL_get_wbio(const SSL *ssl);" +.IP "int \fBSSL_in_accept_init\fR(\s-1SSL\s0 *ssl);" 4 .IX Item "int SSL_in_accept_init(SSL *ssl);" -.Ip "int \fBSSL_in_before\fR(\s-1SSL\s0 *ssl);" 4 +.IP "int \fBSSL_in_before\fR(\s-1SSL\s0 *ssl);" 4 .IX Item "int SSL_in_before(SSL *ssl);" -.Ip "int \fBSSL_in_connect_init\fR(\s-1SSL\s0 *ssl);" 4 +.IP "int \fBSSL_in_connect_init\fR(\s-1SSL\s0 *ssl);" 4 .IX Item "int SSL_in_connect_init(SSL *ssl);" -.Ip "int \fBSSL_in_init\fR(\s-1SSL\s0 *ssl);" 4 +.IP "int \fBSSL_in_init\fR(\s-1SSL\s0 *ssl);" 4 .IX Item "int SSL_in_init(SSL *ssl);" -.Ip "int \fBSSL_is_init_finished\fR(\s-1SSL\s0 *ssl);" 4 +.IP "int \fBSSL_is_init_finished\fR(\s-1SSL\s0 *ssl);" 4 .IX Item "int SSL_is_init_finished(SSL *ssl);" -.Ip "\s-1STACK\s0 *\fBSSL_load_client_CA_file\fR(char *file);" 4 +.IP "\s-1STACK\s0 *\fBSSL_load_client_CA_file\fR(char *file);" 4 .IX Item "STACK *SSL_load_client_CA_file(char *file);" -.Ip "void \fBSSL_load_error_strings\fR(void);" 4 +.IP "void \fBSSL_load_error_strings\fR(void);" 4 .IX Item "void SSL_load_error_strings(void);" -.Ip "\s-1SSL\s0 *\fBSSL_new\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IP "\s-1SSL\s0 *\fBSSL_new\fR(\s-1SSL_CTX\s0 *ctx);" 4 .IX Item "SSL *SSL_new(SSL_CTX *ctx);" -.Ip "long \fBSSL_num_renegotiations\fR(\s-1SSL\s0 *ssl);" 4 +.IP "long \fBSSL_num_renegotiations\fR(\s-1SSL\s0 *ssl);" 4 .IX Item "long SSL_num_renegotiations(SSL *ssl);" -.Ip "int \fBSSL_peek\fR(\s-1SSL\s0 *ssl, void *buf, int num);" 4 +.IP "int \fBSSL_peek\fR(\s-1SSL\s0 *ssl, void *buf, int num);" 4 .IX Item "int SSL_peek(SSL *ssl, void *buf, int num);" -.Ip "int \fBSSL_pending\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_pending(SSL *ssl);" -.Ip "int \fBSSL_read\fR(\s-1SSL\s0 *ssl, void *buf, int num);" 4 +.IP "int \fBSSL_pending\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_pending(const SSL *ssl);" +.IP "int \fBSSL_read\fR(\s-1SSL\s0 *ssl, void *buf, int num);" 4 .IX Item "int SSL_read(SSL *ssl, void *buf, int num);" -.Ip "int \fBSSL_renegotiate\fR(\s-1SSL\s0 *ssl);" 4 +.IP "int \fBSSL_renegotiate\fR(\s-1SSL\s0 *ssl);" 4 .IX Item "int SSL_renegotiate(SSL *ssl);" -.Ip "char *\fBSSL_rstate_string\fR(\s-1SSL\s0 *ssl);" 4 +.IP "char *\fBSSL_rstate_string\fR(\s-1SSL\s0 *ssl);" 4 .IX Item "char *SSL_rstate_string(SSL *ssl);" -.Ip "char *\fBSSL_rstate_string_long\fR(\s-1SSL\s0 *ssl);" 4 +.IP "char *\fBSSL_rstate_string_long\fR(\s-1SSL\s0 *ssl);" 4 .IX Item "char *SSL_rstate_string_long(SSL *ssl);" -.Ip "long \fBSSL_session_reused\fR(\s-1SSL\s0 *ssl);" 4 +.IP "long \fBSSL_session_reused\fR(\s-1SSL\s0 *ssl);" 4 .IX Item "long SSL_session_reused(SSL *ssl);" -.Ip "void \fBSSL_set_accept_state\fR(\s-1SSL\s0 *ssl);" 4 +.IP "void \fBSSL_set_accept_state\fR(\s-1SSL\s0 *ssl);" 4 .IX Item "void SSL_set_accept_state(SSL *ssl);" -.Ip "void \fBSSL_set_app_data\fR(\s-1SSL\s0 *ssl, char *arg);" 4 +.IP "void \fBSSL_set_app_data\fR(\s-1SSL\s0 *ssl, char *arg);" 4 .IX Item "void SSL_set_app_data(SSL *ssl, char *arg);" -.Ip "void \fBSSL_set_bio\fR(\s-1SSL\s0 *ssl, \s-1BIO\s0 *rbio, \s-1BIO\s0 *wbio);" 4 +.IP "void \fBSSL_set_bio\fR(\s-1SSL\s0 *ssl, \s-1BIO\s0 *rbio, \s-1BIO\s0 *wbio);" 4 .IX Item "void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio);" -.Ip "int \fBSSL_set_cipher_list\fR(\s-1SSL\s0 *ssl, char *str);" 4 +.IP "int \fBSSL_set_cipher_list\fR(\s-1SSL\s0 *ssl, char *str);" 4 .IX Item "int SSL_set_cipher_list(SSL *ssl, char *str);" -.Ip "void \fBSSL_set_client_CA_list\fR(\s-1SSL\s0 *ssl, \s-1STACK\s0 *list);" 4 +.IP "void \fBSSL_set_client_CA_list\fR(\s-1SSL\s0 *ssl, \s-1STACK\s0 *list);" 4 .IX Item "void SSL_set_client_CA_list(SSL *ssl, STACK *list);" -.Ip "void \fBSSL_set_connect_state\fR(\s-1SSL\s0 *ssl);" 4 +.IP "void \fBSSL_set_connect_state\fR(\s-1SSL\s0 *ssl);" 4 .IX Item "void SSL_set_connect_state(SSL *ssl);" -.Ip "int \fBSSL_set_ex_data\fR(\s-1SSL\s0 *ssl, int idx, char *arg);" 4 +.IP "int \fBSSL_set_ex_data\fR(\s-1SSL\s0 *ssl, int idx, char *arg);" 4 .IX Item "int SSL_set_ex_data(SSL *ssl, int idx, char *arg);" -.Ip "int \fBSSL_set_fd\fR(\s-1SSL\s0 *ssl, int fd);" 4 +.IP "int \fBSSL_set_fd\fR(\s-1SSL\s0 *ssl, int fd);" 4 .IX Item "int SSL_set_fd(SSL *ssl, int fd);" -.Ip "void \fBSSL_set_info_callback\fR(\s-1SSL\s0 *ssl, void (*cb);(void))" 4 +.IP "void \fBSSL_set_info_callback\fR(\s-1SSL\s0 *ssl, void (*cb);(void))" 4 .IX Item "void SSL_set_info_callback(SSL *ssl, void (*cb);(void))" -.Ip "void \fBSSL_set_msg_callback\fR(\s-1SSL\s0 *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, \s-1SSL\s0 *ssl, void *arg));" 4 +.IP "void \fBSSL_set_msg_callback\fR(\s-1SSL\s0 *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, \s-1SSL\s0 *ssl, void *arg));" 4 .IX Item "void SSL_set_msg_callback(SSL *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));" -.Ip "void \fBSSL_set_msg_callback_arg\fR(\s-1SSL\s0 *ctx, void *arg);" 4 +.IP "void \fBSSL_set_msg_callback_arg\fR(\s-1SSL\s0 *ctx, void *arg);" 4 .IX Item "void SSL_set_msg_callback_arg(SSL *ctx, void *arg);" -.Ip "void \fBSSL_set_options\fR(\s-1SSL\s0 *ssl, unsigned long op);" 4 +.IP "void \fBSSL_set_options\fR(\s-1SSL\s0 *ssl, unsigned long op);" 4 .IX Item "void SSL_set_options(SSL *ssl, unsigned long op);" -.Ip "void \fBSSL_set_quiet_shutdown\fR(\s-1SSL\s0 *ssl, int mode);" 4 +.IP "void \fBSSL_set_quiet_shutdown\fR(\s-1SSL\s0 *ssl, int mode);" 4 .IX Item "void SSL_set_quiet_shutdown(SSL *ssl, int mode);" -.Ip "void \fBSSL_set_read_ahead\fR(\s-1SSL\s0 *ssl, int yes);" 4 +.IP "void \fBSSL_set_read_ahead\fR(\s-1SSL\s0 *ssl, int yes);" 4 .IX Item "void SSL_set_read_ahead(SSL *ssl, int yes);" -.Ip "int \fBSSL_set_rfd\fR(\s-1SSL\s0 *ssl, int fd);" 4 +.IP "int \fBSSL_set_rfd\fR(\s-1SSL\s0 *ssl, int fd);" 4 .IX Item "int SSL_set_rfd(SSL *ssl, int fd);" -.Ip "int \fBSSL_set_session\fR(\s-1SSL\s0 *ssl, \s-1SSL_SESSION\s0 *session);" 4 +.IP "int \fBSSL_set_session\fR(\s-1SSL\s0 *ssl, \s-1SSL_SESSION\s0 *session);" 4 .IX Item "int SSL_set_session(SSL *ssl, SSL_SESSION *session);" -.Ip "void \fBSSL_set_shutdown\fR(\s-1SSL\s0 *ssl, int mode);" 4 +.IP "void \fBSSL_set_shutdown\fR(\s-1SSL\s0 *ssl, int mode);" 4 .IX Item "void SSL_set_shutdown(SSL *ssl, int mode);" -.Ip "int \fBSSL_set_ssl_method\fR(\s-1SSL\s0 *ssl, \s-1SSL_METHOD\s0 *meth);" 4 +.IP "int \fBSSL_set_ssl_method\fR(\s-1SSL\s0 *ssl, \s-1SSL_METHOD\s0 *meth);" 4 .IX Item "int SSL_set_ssl_method(SSL *ssl, SSL_METHOD *meth);" -.Ip "void \fBSSL_set_time\fR(\s-1SSL\s0 *ssl, long t);" 4 +.IP "void \fBSSL_set_time\fR(\s-1SSL\s0 *ssl, long t);" 4 .IX Item "void SSL_set_time(SSL *ssl, long t);" -.Ip "void \fBSSL_set_timeout\fR(\s-1SSL\s0 *ssl, long t);" 4 +.IP "void \fBSSL_set_timeout\fR(\s-1SSL\s0 *ssl, long t);" 4 .IX Item "void SSL_set_timeout(SSL *ssl, long t);" -.Ip "void \fBSSL_set_verify\fR(\s-1SSL\s0 *ssl, int mode, int (*callback);(void))" 4 +.IP "void \fBSSL_set_verify\fR(\s-1SSL\s0 *ssl, int mode, int (*callback);(void))" 4 .IX Item "void SSL_set_verify(SSL *ssl, int mode, int (*callback);(void))" -.Ip "void \fBSSL_set_verify_result\fR(\s-1SSL\s0 *ssl, long arg);" 4 +.IP "void \fBSSL_set_verify_result\fR(\s-1SSL\s0 *ssl, long arg);" 4 .IX Item "void SSL_set_verify_result(SSL *ssl, long arg);" -.Ip "int \fBSSL_set_wfd\fR(\s-1SSL\s0 *ssl, int fd);" 4 +.IP "int \fBSSL_set_wfd\fR(\s-1SSL\s0 *ssl, int fd);" 4 .IX Item "int SSL_set_wfd(SSL *ssl, int fd);" -.Ip "int \fBSSL_shutdown\fR(\s-1SSL\s0 *ssl);" 4 +.IP "int \fBSSL_shutdown\fR(\s-1SSL\s0 *ssl);" 4 .IX Item "int SSL_shutdown(SSL *ssl);" -.Ip "int \fBSSL_state\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_state(SSL *ssl);" -.Ip "char *\fBSSL_state_string\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "char *SSL_state_string(SSL *ssl);" -.Ip "char *\fBSSL_state_string_long\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "char *SSL_state_string_long(SSL *ssl);" -.Ip "long \fBSSL_total_renegotiations\fR(\s-1SSL\s0 *ssl);" 4 +.IP "int \fBSSL_state\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_state(const SSL *ssl);" +.IP "char *\fBSSL_state_string\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "char *SSL_state_string(const SSL *ssl);" +.IP "char *\fBSSL_state_string_long\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "char *SSL_state_string_long(const SSL *ssl);" +.IP "long \fBSSL_total_renegotiations\fR(\s-1SSL\s0 *ssl);" 4 .IX Item "long SSL_total_renegotiations(SSL *ssl);" -.Ip "int \fBSSL_use_PrivateKey\fR(\s-1SSL\s0 *ssl, \s-1EVP_PKEY\s0 *pkey);" 4 +.IP "int \fBSSL_use_PrivateKey\fR(\s-1SSL\s0 *ssl, \s-1EVP_PKEY\s0 *pkey);" 4 .IX Item "int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);" -.Ip "int \fBSSL_use_PrivateKey_ASN1\fR(int type, \s-1SSL\s0 *ssl, unsigned char *d, long len);" 4 +.IP "int \fBSSL_use_PrivateKey_ASN1\fR(int type, \s-1SSL\s0 *ssl, unsigned char *d, long len);" 4 .IX Item "int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, unsigned char *d, long len);" -.Ip "int \fBSSL_use_PrivateKey_file\fR(\s-1SSL\s0 *ssl, char *file, int type);" 4 +.IP "int \fBSSL_use_PrivateKey_file\fR(\s-1SSL\s0 *ssl, char *file, int type);" 4 .IX Item "int SSL_use_PrivateKey_file(SSL *ssl, char *file, int type);" -.Ip "int \fBSSL_use_RSAPrivateKey\fR(\s-1SSL\s0 *ssl, \s-1RSA\s0 *rsa);" 4 +.IP "int \fBSSL_use_RSAPrivateKey\fR(\s-1SSL\s0 *ssl, \s-1RSA\s0 *rsa);" 4 .IX Item "int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);" -.Ip "int \fBSSL_use_RSAPrivateKey_ASN1\fR(\s-1SSL\s0 *ssl, unsigned char *d, long len);" 4 +.IP "int \fBSSL_use_RSAPrivateKey_ASN1\fR(\s-1SSL\s0 *ssl, unsigned char *d, long len);" 4 .IX Item "int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);" -.Ip "int \fBSSL_use_RSAPrivateKey_file\fR(\s-1SSL\s0 *ssl, char *file, int type);" 4 +.IP "int \fBSSL_use_RSAPrivateKey_file\fR(\s-1SSL\s0 *ssl, char *file, int type);" 4 .IX Item "int SSL_use_RSAPrivateKey_file(SSL *ssl, char *file, int type);" -.Ip "int \fBSSL_use_certificate\fR(\s-1SSL\s0 *ssl, X509 *x);" 4 +.IP "int \fBSSL_use_certificate\fR(\s-1SSL\s0 *ssl, X509 *x);" 4 .IX Item "int SSL_use_certificate(SSL *ssl, X509 *x);" -.Ip "int \fBSSL_use_certificate_ASN1\fR(\s-1SSL\s0 *ssl, int len, unsigned char *d);" 4 +.IP "int \fBSSL_use_certificate_ASN1\fR(\s-1SSL\s0 *ssl, int len, unsigned char *d);" 4 .IX Item "int SSL_use_certificate_ASN1(SSL *ssl, int len, unsigned char *d);" -.Ip "int \fBSSL_use_certificate_file\fR(\s-1SSL\s0 *ssl, char *file, int type);" 4 +.IP "int \fBSSL_use_certificate_file\fR(\s-1SSL\s0 *ssl, char *file, int type);" 4 .IX Item "int SSL_use_certificate_file(SSL *ssl, char *file, int type);" -.Ip "int \fBSSL_version\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_version(SSL *ssl);" -.Ip "int \fBSSL_want\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_want(SSL *ssl);" -.Ip "int \fBSSL_want_nothing\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_want_nothing(SSL *ssl);" -.Ip "int \fBSSL_want_read\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_want_read(SSL *ssl);" -.Ip "int \fBSSL_want_write\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_want_write(SSL *ssl);" -.Ip "int \fBSSL_want_x509_lookup\fR(s);" 4 -.IX Item "int SSL_want_x509_lookup(s);" -.Ip "int \fBSSL_write\fR(\s-1SSL\s0 *ssl, const void *buf, int num);" 4 +.IP "int \fBSSL_version\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_version(const SSL *ssl);" +.IP "int \fBSSL_want\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_want(const SSL *ssl);" +.IP "int \fBSSL_want_nothing\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_want_nothing(const SSL *ssl);" +.IP "int \fBSSL_want_read\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_want_read(const SSL *ssl);" +.IP "int \fBSSL_want_write\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_want_write(const SSL *ssl);" +.IP "int \fBSSL_want_x509_lookup\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_want_x509_lookup(const SSL *ssl);" +.IP "int \fBSSL_write\fR(\s-1SSL\s0 *ssl, const void *buf, int num);" 4 .IX Item "int SSL_write(SSL *ssl, const void *buf, int num);" .PD .SH "SEE ALSO" .IX Header "SEE ALSO" -openssl(1), crypto(3), -SSL_accept(3), SSL_clear(3), -SSL_connect(3), -SSL_CIPHER_get_name(3), -SSL_COMP_add_compression_method(3), -SSL_CTX_add_extra_chain_cert(3), -SSL_CTX_add_session(3), -SSL_CTX_ctrl(3), -SSL_CTX_flush_sessions(3), -SSL_CTX_get_ex_new_index(3), -SSL_CTX_get_verify_mode(3), -SSL_CTX_load_verify_locations(3) -SSL_CTX_new(3), -SSL_CTX_sess_number(3), -SSL_CTX_sess_set_cache_size(3), -SSL_CTX_sess_set_get_cb(3), -SSL_CTX_sessions(3), -SSL_CTX_set_cert_store(3), -SSL_CTX_set_cert_verify_callback(3), -SSL_CTX_set_cipher_list(3), -SSL_CTX_set_client_CA_list(3), -SSL_CTX_set_client_cert_cb(3), -SSL_CTX_set_default_passwd_cb(3), -SSL_CTX_set_generate_session_id(3), -SSL_CTX_set_info_callback(3), -SSL_CTX_set_max_cert_list(3), -SSL_CTX_set_mode(3), -SSL_CTX_set_msg_callback(3), -SSL_CTX_set_options(3), -SSL_CTX_set_quiet_shutdown(3), -SSL_CTX_set_session_cache_mode(3), -SSL_CTX_set_session_id_context(3), -SSL_CTX_set_ssl_version(3), -SSL_CTX_set_timeout(3), -SSL_CTX_set_tmp_rsa_callback(3), -SSL_CTX_set_tmp_dh_callback(3), -SSL_CTX_set_verify(3), -SSL_CTX_use_certificate(3), -SSL_alert_type_string(3), -SSL_do_handshake(3), -SSL_get_SSL_CTX(3), -SSL_get_ciphers(3), -SSL_get_client_CA_list(3), -SSL_get_default_timeout(3), -SSL_get_error(3), -SSL_get_ex_data_X509_STORE_CTX_idx(3), -SSL_get_ex_new_index(3), -SSL_get_fd(3), -SSL_get_peer_cert_chain(3), -SSL_get_rbio(3), -SSL_get_session(3), -SSL_get_verify_result(3), -SSL_get_version(3), -SSL_library_init(3), -SSL_load_client_CA_file(3), -SSL_new(3), -SSL_pending(3), -SSL_read(3), -SSL_rstate_string(3), -SSL_session_reused(3), -SSL_set_bio(3), -SSL_set_connect_state(3), -SSL_set_fd(3), -SSL_set_session(3), -SSL_set_shutdown(3), -SSL_shutdown(3), -SSL_state_string(3), -SSL_want(3), -SSL_write(3), -SSL_SESSION_free(3), -SSL_SESSION_get_ex_new_index(3), -SSL_SESSION_get_time(3), -d2i_SSL_SESSION(3) +\&\fIopenssl\fR\|(1), \fIcrypto\fR\|(3), +\&\fISSL_accept\fR\|(3), \fISSL_clear\fR\|(3), +\&\fISSL_connect\fR\|(3), +\&\fISSL_CIPHER_get_name\fR\|(3), +\&\fISSL_COMP_add_compression_method\fR\|(3), +\&\fISSL_CTX_add_extra_chain_cert\fR\|(3), +\&\fISSL_CTX_add_session\fR\|(3), +\&\fISSL_CTX_ctrl\fR\|(3), +\&\fISSL_CTX_flush_sessions\fR\|(3), +\&\fISSL_CTX_get_ex_new_index\fR\|(3), +\&\fISSL_CTX_get_verify_mode\fR\|(3), +\&\fISSL_CTX_load_verify_locations\fR\|(3) +\&\fISSL_CTX_new\fR\|(3), +\&\fISSL_CTX_sess_number\fR\|(3), +\&\fISSL_CTX_sess_set_cache_size\fR\|(3), +\&\fISSL_CTX_sess_set_get_cb\fR\|(3), +\&\fISSL_CTX_sessions\fR\|(3), +\&\fISSL_CTX_set_cert_store\fR\|(3), +\&\fISSL_CTX_set_cert_verify_callback\fR\|(3), +\&\fISSL_CTX_set_cipher_list\fR\|(3), +\&\fISSL_CTX_set_client_CA_list\fR\|(3), +\&\fISSL_CTX_set_client_cert_cb\fR\|(3), +\&\fISSL_CTX_set_default_passwd_cb\fR\|(3), +\&\fISSL_CTX_set_generate_session_id\fR\|(3), +\&\fISSL_CTX_set_info_callback\fR\|(3), +\&\fISSL_CTX_set_max_cert_list\fR\|(3), +\&\fISSL_CTX_set_mode\fR\|(3), +\&\fISSL_CTX_set_msg_callback\fR\|(3), +\&\fISSL_CTX_set_options\fR\|(3), +\&\fISSL_CTX_set_quiet_shutdown\fR\|(3), +\&\fISSL_CTX_set_session_cache_mode\fR\|(3), +\&\fISSL_CTX_set_session_id_context\fR\|(3), +\&\fISSL_CTX_set_ssl_version\fR\|(3), +\&\fISSL_CTX_set_timeout\fR\|(3), +\&\fISSL_CTX_set_tmp_rsa_callback\fR\|(3), +\&\fISSL_CTX_set_tmp_dh_callback\fR\|(3), +\&\fISSL_CTX_set_verify\fR\|(3), +\&\fISSL_CTX_use_certificate\fR\|(3), +\&\fISSL_alert_type_string\fR\|(3), +\&\fISSL_do_handshake\fR\|(3), +\&\fISSL_get_SSL_CTX\fR\|(3), +\&\fISSL_get_ciphers\fR\|(3), +\&\fISSL_get_client_CA_list\fR\|(3), +\&\fISSL_get_default_timeout\fR\|(3), +\&\fISSL_get_error\fR\|(3), +\&\fISSL_get_ex_data_X509_STORE_CTX_idx\fR\|(3), +\&\fISSL_get_ex_new_index\fR\|(3), +\&\fISSL_get_fd\fR\|(3), +\&\fISSL_get_peer_cert_chain\fR\|(3), +\&\fISSL_get_rbio\fR\|(3), +\&\fISSL_get_session\fR\|(3), +\&\fISSL_get_verify_result\fR\|(3), +\&\fISSL_get_version\fR\|(3), +\&\fISSL_library_init\fR\|(3), +\&\fISSL_load_client_CA_file\fR\|(3), +\&\fISSL_new\fR\|(3), +\&\fISSL_pending\fR\|(3), +\&\fISSL_read\fR\|(3), +\&\fISSL_rstate_string\fR\|(3), +\&\fISSL_session_reused\fR\|(3), +\&\fISSL_set_bio\fR\|(3), +\&\fISSL_set_connect_state\fR\|(3), +\&\fISSL_set_fd\fR\|(3), +\&\fISSL_set_session\fR\|(3), +\&\fISSL_set_shutdown\fR\|(3), +\&\fISSL_shutdown\fR\|(3), +\&\fISSL_state_string\fR\|(3), +\&\fISSL_want\fR\|(3), +\&\fISSL_write\fR\|(3), +\&\fISSL_SESSION_free\fR\|(3), +\&\fISSL_SESSION_get_ex_new_index\fR\|(3), +\&\fISSL_SESSION_get_time\fR\|(3), +\&\fId2i_SSL_SESSION\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -The ssl(3) document appeared in OpenSSL 0.9.2 +The \fIssl\fR\|(3) document appeared in OpenSSL 0.9.2 diff --git a/secure/usr.bin/openssl/Makefile b/secure/usr.bin/openssl/Makefile index 76665dd..82e7e8d2 100644 --- a/secure/usr.bin/openssl/Makefile +++ b/secure/usr.bin/openssl/Makefile @@ -13,7 +13,8 @@ LDADD= -lssl -lcrypto CFLAGS+= -DMONOLITH -I${.CURDIR} SRCS+= app_rand.c apps.c asn1pars.c ca.c ciphers.c crl.c crl2p7.c \ - dgst.c dh.c dhparam.c dsa.c dsaparam.c enc.c engine.c errstr.c \ + dgst.c dh.c dhparam.c dsa.c dsaparam.c ec.c ecparam.c enc.c \ + engine.c errstr.c \ gendh.c gendsa.c genrsa.c nseq.c ocsp.c openssl.c passwd.c \ pkcs12.c pkcs7.c pkcs8.c prime.c rand.c req.c rsa.c rsautl.c s_cb.c \ s_client.c s_server.c s_socket.c s_time.c sess_id.c smime.c \ diff --git a/secure/usr.bin/openssl/Makefile.man b/secure/usr.bin/openssl/Makefile.man index f82cd8a..b87642f 100644 --- a/secure/usr.bin/openssl/Makefile.man +++ b/secure/usr.bin/openssl/Makefile.man @@ -10,7 +10,10 @@ MAN+= dgst.1 MAN+= dhparam.1 MAN+= dsa.1 MAN+= dsaparam.1 +MAN+= ec.1 +MAN+= ecparam.1 MAN+= enc.1 +MAN+= errstr.1 MAN+= gendsa.1 MAN+= genrsa.1 MAN+= nseq.1 @@ -34,6 +37,7 @@ MAN+= spkac.1 MAN+= verify.1 MAN+= version.1 MAN+= x509.1 +MAN+= x509v3_config.1 MLINKS+= dgst.1 md5.1 MLINKS+= dgst.1 md4.1 MLINKS+= dgst.1 md2.1 diff --git a/secure/usr.bin/openssl/man/CA.pl.1 b/secure/usr.bin/openssl/man/CA.pl.1 index 17db727..a8f74cb 100644 --- a/secure/usr.bin/openssl/man/CA.pl.1 +++ b/secure/usr.bin/openssl/man/CA.pl.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "CA.PL 1" -.TH CA.PL 1 "2005-02-25" "0.9.7d" "OpenSSL" +.TH CA.PL 1 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" CA.pl \- friendlier interface for OpenSSL certificate programs .SH "SYNOPSIS" @@ -167,8 +167,8 @@ written to the file \*(L"newreq.pem\*(R". .IX Item "-newreq" creates a new certificate request. The private key and request are written to the file \*(L"newreq.pem\*(R". -.IP "\fB\-newreq\-nowdes\fR" 4 -.IX Item "-newreq-nowdes" +.IP "\fB\-newreq\-nodes\fR" 4 +.IX Item "-newreq-nodes" is like \fB\-newreq\fR except that the private key will not be encrypted. .IP "\fB\-newca\fR" 4 .IX Item "-newca" diff --git a/secure/usr.bin/openssl/man/asn1parse.1 b/secure/usr.bin/openssl/man/asn1parse.1 index d1a81e8..f9cabea 100644 --- a/secure/usr.bin/openssl/man/asn1parse.1 +++ b/secure/usr.bin/openssl/man/asn1parse.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "ASN1PARSE 1" -.TH ASN1PARSE 1 "2005-02-25" "0.9.7d" "OpenSSL" +.TH ASN1PARSE 1 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" asn1parse \- ASN.1 parsing tool .SH "SYNOPSIS" @@ -144,6 +144,8 @@ asn1parse \- ASN.1 parsing tool [\fB\-i\fR] [\fB\-oid filename\fR] [\fB\-strparse offset\fR] +[\fB\-genstr string\fR] +[\fB\-genconf file\fR] .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fBasn1parse\fR command is a diagnostic utility that can parse \s-1ASN\s0.1 @@ -182,6 +184,14 @@ file is described in the \s-1NOTES\s0 section below. .IX Item "-strparse offset" parse the contents octets of the \s-1ASN\s0.1 object starting at \fBoffset\fR. This option can be used multiple times to \*(L"drill down\*(R" into a nested structure. +.IP "\fB\-genstr string\fR, \fB\-genconf file\fR" 4 +.IX Item "-genstr string, -genconf file" +generate encoded data based on \fBstring\fR, \fBfile\fR or both using +\&\fIASN1_generate_nconf()\fR format. If \fBfile\fR only is present then the string +is obtained from the default section using the name \fBasn1\fR. The encoded +data is passed through the \s-1ASN1\s0 parser and printed out as though it came +from a file, the contents can thus be examined and written to a file +using the \fBout\fR option. .Sh "\s-1OUTPUT\s0" .IX Subsection "OUTPUT" The output will typically contain lines like this: @@ -237,7 +247,53 @@ by white space. The final column is the rest of the line and is the \&\*(L"long name\*(R". \fBasn1parse\fR displays the long name. Example: .PP \&\f(CW\*(C`1.2.3.4 shortName A long name\*(C'\fR +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Parse a file: +.PP +.Vb 1 +\& openssl asn1parse -in file.pem +.Ve +.PP +Parse a \s-1DER\s0 file: +.PP +.Vb 1 +\& openssl asn1parse -inform DER -in file.der +.Ve +.PP +Generate a simple UTF8String: +.PP +.Vb 1 +\& openssl asn1parse -genstr 'UTF8:Hello World' +.Ve +.PP +Generate and write out a UTF8String, don't print parsed output: +.PP +.Vb 1 +\& openssl asn1parse -genstr 'UTF8:Hello World' -noout -out utf8.der +.Ve +.PP +Generate using a config file: +.PP +.Vb 1 +\& openssl asn1parse -genconf asn1.cnf -noout -out asn1.der +.Ve +.PP +Example config file: +.PP +.Vb 1 +\& asn1=SEQUENCE:seq_sect +.Ve +.PP +.Vb 1 +\& [seq_sect] +.Ve +.PP +.Vb 2 +\& field1=BOOL:TRUE +\& field2=EXP:0, UTF8:some random string +.Ve .SH "BUGS" .IX Header "BUGS" -There should be options to change the format of input lines. The output of some +There should be options to change the format of output lines. The output of some \&\s-1ASN\s0.1 types is not well handled (if at all). diff --git a/secure/usr.bin/openssl/man/ca.1 b/secure/usr.bin/openssl/man/ca.1 index ab85a0c..528f1d7 100644 --- a/secure/usr.bin/openssl/man/ca.1 +++ b/secure/usr.bin/openssl/man/ca.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "CA 1" -.TH CA 1 "2005-02-25" "0.9.7d" "OpenSSL" +.TH CA 1 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" ca \- sample minimal CA application .SH "SYNOPSIS" @@ -144,7 +144,6 @@ ca \- sample minimal CA application [\fB\-crl_hold instruction\fR] [\fB\-crl_compromise time\fR] [\fB\-crl_CA_compromise time\fR] -[\fB\-subj arg\fR] [\fB\-crldays days\fR] [\fB\-crlhours hours\fR] [\fB\-crlexts section\fR] @@ -157,6 +156,7 @@ ca \- sample minimal CA application [\fB\-key arg\fR] [\fB\-passin arg\fR] [\fB\-cert file\fR] +[\fB\-selfsign\fR] [\fB\-in file\fR] [\fB\-out file\fR] [\fB\-notext\fR] @@ -171,6 +171,9 @@ ca \- sample minimal CA application [\fB\-extensions section\fR] [\fB\-extfile section\fR] [\fB\-engine id\fR] +[\fB\-subj arg\fR] +[\fB\-utf8\fR] +[\fB\-multivalue\-rdn\fR] .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fBca\fR command is a minimal \s-1CA\s0 application. It can be used @@ -225,6 +228,19 @@ the private key to sign requests with. the password used to encrypt the private key. Since on some systems the command line arguments are visible (e.g. Unix with the 'ps' utility) this option should be used with caution. +.IP "\fB\-selfsign\fR" 4 +.IX Item "-selfsign" +indicates the issued certificates are to be signed with the key +the certificate requests were signed with (given with \fB\-keyfile\fR). +Cerificate requests signed with a different key are ignored. If +\&\fB\-spkac\fR, \fB\-ss_cert\fR or \fB\-gencrl\fR are given, \fB\-selfsign\fR is +ignored. +.Sp +A consequence of using \fB\-selfsign\fR is that the self-signed +certificate appears among the entries in the certificate database +(see the configuration option \fBdatabase\fR), and uses the same +serial number counter as all other certificates sign with the +self-signed certificate. .IP "\fB\-passin arg\fR" 4 .IX Item "-passin arg" the key password source. For more information about the format of \fBarg\fR @@ -300,6 +316,25 @@ specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. +.IP "\fB\-subj arg\fR" 4 +.IX Item "-subj arg" +supersedes subject name given in the request. +The arg must be formatted as \fI/type0=value0/type1=value1/type2=...\fR, +characters may be escaped by \e (backslash), no spaces are skipped. +.IP "\fB\-utf8\fR" 4 +.IX Item "-utf8" +this option causes field values to be interpreted as \s-1UTF8\s0 strings, by +default they are interpreted as \s-1ASCII\s0. This means that the field +values, whether prompted from a terminal or obtained from a +configuration file, must be valid \s-1UTF8\s0 strings. +.IP "\fB\-multivalue\-rdn\fR" 4 +.IX Item "-multivalue-rdn" +this option causes the \-subj argument to be interpretedt with full +support for multivalued RDNs. Example: +.Sp +\&\fI/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe\fR +.Sp +If \-multi\-rdn is not used then the \s-1UID\s0 value is \fI123456+CN=John Doe\fR. .SH "CRL OPTIONS" .IX Header "CRL OPTIONS" .IP "\fB\-gencrl\fR" 4 @@ -338,11 +373,6 @@ This sets the revocation reason to \fBkeyCompromise\fR and the compromise time t .IX Item "-crl_CA_compromise time" This is the same as \fBcrl_compromise\fR except the revocation reason is set to \&\fBCACompromise\fR. -.IP "\fB\-subj arg\fR" 4 -.IX Item "-subj arg" -supersedes subject name given in the request. -The arg must be formatted as \fI/type0=value0/type1=value1/type2=...\fR, -characters may be escaped by \e (backslash), no spaces are skipped. .IP "\fB\-crlexts section\fR" 4 .IX Item "-crlexts section" the section of the configuration file containing \s-1CRL\s0 extensions to @@ -425,10 +455,24 @@ the same as the \fB\-md\fR option. The message digest to use. Mandatory. .IX Item "database" the text database file to use. Mandatory. This file must be present though initially it will be empty. +.IP "\fBunique_subject\fR" 4 +.IX Item "unique_subject" +if the value \fByes\fR is given, the valid certificate entries in the +database must have unique subjects. if the value \fBno\fR is given, +several valid certificate entries may have the exact same subject. +The default value is \fByes\fR, to be compatible with older (pre 0.9.8) +versions of OpenSSL. However, to make \s-1CA\s0 certificate roll-over easier, +it's recommended to use the value \fBno\fR, especially if combined with +the \fB\-selfsign\fR command line option. .IP "\fBserial\fR" 4 .IX Item "serial" a text file containing the next serial number to use in hex. Mandatory. This file must be present and contain a valid serial number. +.IP "\fBcrlnumber\fR" 4 +.IX Item "crlnumber" +a text file containing the next \s-1CRL\s0 number to use in hex. The crl number +will be inserted in the CRLs only if this file exists. If this file is +present, it must contain a valid \s-1CRL\s0 number. .IP "\fBx509_extensions\fR" 4 .IX Item "x509_extensions" the same as \fB\-extensions\fR. @@ -450,8 +494,8 @@ the same as \fB\-msie_hack\fR .IX Item "policy" the same as \fB\-policy\fR. Mandatory. See the \fB\s-1POLICY\s0 \s-1FORMAT\s0\fR section for more information. -.IP "\fBnameopt\fR, \fBcertopt\fR" 4 -.IX Item "nameopt, certopt" +.IP "\fBname_opt\fR, \fBcert_opt\fR" 4 +.IX Item "name_opt, cert_opt" these options allow the format used to display the certificate details when asking the user to confirm signing. All the options supported by the \fBx509\fR utilities \fB\-nameopt\fR and \fB\-certopt\fR switches can be used @@ -590,8 +634,8 @@ A sample configuration file with the relevant sections for \fBca\fR: .Ve .PP .Vb 3 -\& nameopt = ca_default # Subject name display option -\& certopt = ca_default # Certificate display option +\& name_opt = ca_default # Subject name display option +\& cert_opt = ca_default # Certificate display option \& copy_extensions = none # Don't copy extensions from request .Ve .PP @@ -633,8 +677,7 @@ if corrupted it can be difficult to fix. It is theoretically possible to rebuild the index file from all the issued certificates and a current \&\s-1CRL:\s0 however there is no option to do this. .PP -V2 \s-1CRL\s0 features like delta \s-1CRL\s0 support and \s-1CRL\s0 numbers are not currently -supported. +V2 \s-1CRL\s0 features like delta CRLs are not currently supported. .PP Although several requests can be input and handled at once it is only possible to include one \s-1SPKAC\s0 or self signed certificate. @@ -644,12 +687,6 @@ The use of an in memory text database can cause problems when large numbers of certificates are present because, as the name implies the database has to be kept in memory. .PP -It is not possible to certify two certificates with the same \s-1DN:\s0 this -is a side effect of how the text database is indexed and it cannot easily -be fixed without introducing other problems. Some S/MIME clients can use -two certificates with the same \s-1DN\s0 for separate signing and encryption -keys. -.PP The \fBca\fR command really needs rewriting or the required functionality exposed at either a command or interface level so a more friendly utility (perl script or \s-1GUI\s0) can handle things properly. The scripts \fB\s-1CA\s0.sh\fR and diff --git a/secure/usr.bin/openssl/man/ciphers.1 b/secure/usr.bin/openssl/man/ciphers.1 index b539f13..bf33103 100644 --- a/secure/usr.bin/openssl/man/ciphers.1 +++ b/secure/usr.bin/openssl/man/ciphers.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "CIPHERS 1" -.TH CIPHERS 1 "2005-02-25" "0.9.7d" "OpenSSL" +.TH CIPHERS 1 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" ciphers \- SSL cipher display and cipher list tool. .SH "SYNOPSIS" diff --git a/secure/usr.bin/openssl/man/crl.1 b/secure/usr.bin/openssl/man/crl.1 index 2151b2b..5476601 100644 --- a/secure/usr.bin/openssl/man/crl.1 +++ b/secure/usr.bin/openssl/man/crl.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "CRL 1" -.TH CRL 1 "2005-02-25" "0.9.7d" "OpenSSL" +.TH CRL 1 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" crl \- CRL utility .SH "SYNOPSIS" diff --git a/secure/usr.bin/openssl/man/crl2pkcs7.1 b/secure/usr.bin/openssl/man/crl2pkcs7.1 index 4a6f956..49bb3e4 100644 --- a/secure/usr.bin/openssl/man/crl2pkcs7.1 +++ b/secure/usr.bin/openssl/man/crl2pkcs7.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "CRL2PKCS7 1" -.TH CRL2PKCS7 1 "2005-02-25" "0.9.7d" "OpenSSL" +.TH CRL2PKCS7 1 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" crl2pkcs7 \- Create a PKCS#7 structure from a CRL and certificates. .SH "SYNOPSIS" diff --git a/secure/usr.bin/openssl/man/dgst.1 b/secure/usr.bin/openssl/man/dgst.1 index cb6be37..2db68aa 100644 --- a/secure/usr.bin/openssl/man/dgst.1 +++ b/secure/usr.bin/openssl/man/dgst.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "DGST 1" -.TH DGST 1 "2005-02-25" "0.9.7d" "OpenSSL" +.TH DGST 1 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" dgst, md5, md4, md2, sha1, sha, mdc2, ripemd160 \- message digests .SH "SYNOPSIS" @@ -142,6 +142,7 @@ dgst, md5, md4, md2, sha1, sha, mdc2, ripemd160 \- message digests [\fB\-binary\fR] [\fB\-out filename\fR] [\fB\-sign filename\fR] +[\fB\-passin arg\fR] [\fB\-verify filename\fR] [\fB\-prverify filename\fR] [\fB\-signature filename\fR] @@ -177,6 +178,10 @@ filename to output to, or standard output by default. .IP "\fB\-sign filename\fR" 4 .IX Item "-sign filename" digitally sign the digest using the private key in \*(L"filename\*(R". +.IP "\fB\-passin arg\fR" 4 +.IX Item "-passin arg" +the private key password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). .IP "\fB\-verify filename\fR" 4 .IX Item "-verify filename" verify the signature using the the public key in \*(L"filename\*(R". diff --git a/secure/usr.bin/openssl/man/dhparam.1 b/secure/usr.bin/openssl/man/dhparam.1 index 08bf690..2f211fb 100644 --- a/secure/usr.bin/openssl/man/dhparam.1 +++ b/secure/usr.bin/openssl/man/dhparam.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "DHPARAM 1" -.TH DHPARAM 1 "2005-02-25" "0.9.7d" "OpenSSL" +.TH DHPARAM 1 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" dhparam \- DH parameter manipulation and generation .SH "SYNOPSIS" diff --git a/secure/usr.bin/openssl/man/dsa.1 b/secure/usr.bin/openssl/man/dsa.1 index 1c87076..60ed53d 100644 --- a/secure/usr.bin/openssl/man/dsa.1 +++ b/secure/usr.bin/openssl/man/dsa.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "DSA 1" -.TH DSA 1 "2005-02-25" "0.9.7d" "OpenSSL" +.TH DSA 1 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" dsa \- DSA key processing .SH "SYNOPSIS" diff --git a/secure/usr.bin/openssl/man/dsaparam.1 b/secure/usr.bin/openssl/man/dsaparam.1 index 86eb368..894f572 100644 --- a/secure/usr.bin/openssl/man/dsaparam.1 +++ b/secure/usr.bin/openssl/man/dsaparam.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "DSAPARAM 1" -.TH DSAPARAM 1 "2005-02-25" "0.9.7d" "OpenSSL" +.TH DSAPARAM 1 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" dsaparam \- DSA parameter manipulation and generation .SH "SYNOPSIS" diff --git a/secure/usr.bin/openssl/man/ec.1 b/secure/usr.bin/openssl/man/ec.1 new file mode 100644 index 0000000..6688669 --- /dev/null +++ b/secure/usr.bin/openssl/man/ec.1 @@ -0,0 +1,307 @@ +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EC 1" +.TH EC 1 "2006-07-29" "0.9.8b" "OpenSSL" +.SH "NAME" +ec \- EC key processing +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBec\fR +[\fB\-inform PEM|DER\fR] +[\fB\-outform PEM|DER\fR] +[\fB\-in filename\fR] +[\fB\-passin arg\fR] +[\fB\-out filename\fR] +[\fB\-passout arg\fR] +[\fB\-des\fR] +[\fB\-des3\fR] +[\fB\-idea\fR] +[\fB\-text\fR] +[\fB\-noout\fR] +[\fB\-param_out\fR] +[\fB\-pubin\fR] +[\fB\-pubout\fR] +[\fB\-conv_form arg\fR] +[\fB\-param_enc arg\fR] +[\fB\-engine id\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBec\fR command processes \s-1EC\s0 keys. They can be converted between various +forms and their components printed out. \fBNote\fR OpenSSL uses the +private key format specified in '\s-1SEC\s0 1: Elliptic Curve Cryptography' +(http://www.secg.org/). To convert a OpenSSL \s-1EC\s0 private key into the +PKCS#8 private key format use the \fBpkcs8\fR command. +.SH "COMMAND OPTIONS" +.IX Header "COMMAND OPTIONS" +.IP "\fB\-inform DER|PEM\fR" 4 +.IX Item "-inform DER|PEM" +This specifies the input format. The \fB\s-1DER\s0\fR option with a private key uses +an \s-1ASN\s0.1 \s-1DER\s0 encoded \s-1SEC1\s0 private key. When used with a public key it +uses the SubjectPublicKeyInfo structur as specified in \s-1RFC\s0 3280. +The \fB\s-1PEM\s0\fR form is the default format: it consists of the \fB\s-1DER\s0\fR format base64 +encoded with additional header and footer lines. In the case of a private key +PKCS#8 format is also accepted. +.IP "\fB\-outform DER|PEM\fR" 4 +.IX Item "-outform DER|PEM" +This specifies the output format, the options have the same meaning as the +\&\fB\-inform\fR option. +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read a key from or standard input if this +option is not specified. If the key is encrypted a pass phrase will be +prompted for. +.IP "\fB\-passin arg\fR" 4 +.IX Item "-passin arg" +the input file password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +This specifies the output filename to write a key to or standard output by +is not specified. If any encryption options are set then a pass phrase will be +prompted for. The output filename should \fBnot\fR be the same as the input +filename. +.IP "\fB\-passout arg\fR" 4 +.IX Item "-passout arg" +the output file password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +.IP "\fB\-des|\-des3|\-idea\fR" 4 +.IX Item "-des|-des3|-idea" +These options encrypt the private key with the \s-1DES\s0, triple \s-1DES\s0, \s-1IDEA\s0 or +any other cipher supported by OpenSSL before outputting it. A pass phrase is +prompted for. +If none of these options is specified the key is written in plain text. This +means that using the \fBec\fR utility to read in an encrypted key with no +encryption option can be used to remove the pass phrase from a key, or by +setting the encryption options it can be use to add or change the pass phrase. +These options can only be used with \s-1PEM\s0 format output files. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +prints out the public, private key components and parameters. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +this option prevents output of the encoded version of the key. +.IP "\fB\-modulus\fR" 4 +.IX Item "-modulus" +this option prints out the value of the public key component of the key. +.IP "\fB\-pubin\fR" 4 +.IX Item "-pubin" +by default a private key is read from the input file: with this option a +public key is read instead. +.IP "\fB\-pubout\fR" 4 +.IX Item "-pubout" +by default a private key is output. With this option a public +key will be output instead. This option is automatically set if the input is +a public key. +.IP "\fB\-conv_form\fR" 4 +.IX Item "-conv_form" +This specifies how the points on the elliptic curve are converted +into octet strings. Possible values are: \fBcompressed\fR (the default +value), \fBuncompressed\fR and \fBhybrid\fR. For more information regarding +the point conversion forms please read the X9.62 standard. +\&\fBNote\fR Due to patent issues the \fBcompressed\fR option is disabled +by default for binary curves and can be enabled by defining +the preprocessor macro \fB\s-1OPENSSL_EC_BIN_PT_COMP\s0\fR at compile time. +.IP "\fB\-param_enc arg\fR" 4 +.IX Item "-param_enc arg" +This specifies how the elliptic curve parameters are encoded. +Possible value are: \fBnamed_curve\fR, i.e. the ec parameters are +specified by a \s-1OID\s0, or \fBexplicit\fR where the ec parameters are +explicitly given (see \s-1RFC\s0 3279 for the definition of the +\&\s-1EC\s0 parameters structures). The default value is \fBnamed_curve\fR. +\&\fBNote\fR the \fBimplicitlyCA\fR alternative ,as specified in \s-1RFC\s0 3279, +is currently not implemented in OpenSSL. +.IP "\fB\-engine id\fR" 4 +.IX Item "-engine id" +specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. +.SH "NOTES" +.IX Header "NOTES" +The \s-1PEM\s0 private key format uses the header and footer lines: +.PP +.Vb 2 +\& -----BEGIN EC PRIVATE KEY----- +\& -----END EC PRIVATE KEY----- +.Ve +.PP +The \s-1PEM\s0 public key format uses the header and footer lines: +.PP +.Vb 2 +\& -----BEGIN PUBLIC KEY----- +\& -----END PUBLIC KEY----- +.Ve +.SH "EXAMPLES" +.IX Header "EXAMPLES" +To encrypt a private key using triple \s-1DES:\s0 +.PP +.Vb 1 +\& openssl ec -in key.pem -des3 -out keyout.pem +.Ve +.PP +To convert a private key from \s-1PEM\s0 to \s-1DER\s0 format: +.PP +.Vb 1 +\& openssl ec -in key.pem -outform DER -out keyout.der +.Ve +.PP +To print out the components of a private key to standard output: +.PP +.Vb 1 +\& openssl ec -in key.pem -text -noout +.Ve +.PP +To just output the public part of a private key: +.PP +.Vb 1 +\& openssl ec -in key.pem -pubout -out pubkey.pem +.Ve +.PP +To change the parameters encoding to \fBexplicit\fR: +.PP +.Vb 1 +\& openssl ec -in key.pem -param_enc explicit -out keyout.pem +.Ve +.PP +To change the point conversion form to \fBcompressed\fR: +.PP +.Vb 1 +\& openssl ec -in key.pem -conv_form compressed -out keyout.pem +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIecparam\fR\|(1), \fIdsa\fR\|(1), \fIrsa\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +The ec command was first introduced in OpenSSL 0.9.8. +.SH "AUTHOR" +.IX Header "AUTHOR" +Nils Larsch for the OpenSSL project (http://www.openssl.org). diff --git a/secure/usr.bin/openssl/man/ecparam.1 b/secure/usr.bin/openssl/man/ecparam.1 new file mode 100644 index 0000000..7f7e847 --- /dev/null +++ b/secure/usr.bin/openssl/man/ecparam.1 @@ -0,0 +1,293 @@ +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ECPARAM 1" +.TH ECPARAM 1 "2006-07-29" "0.9.8b" "OpenSSL" +.SH "NAME" +ecparam \- EC parameter manipulation and generation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl ecparam\fR +[\fB\-inform DER|PEM\fR] +[\fB\-outform DER|PEM\fR] +[\fB\-in filename\fR] +[\fB\-out filename\fR] +[\fB\-noout\fR] +[\fB\-text\fR] +[\fB\-C\fR] +[\fB\-check\fR] +[\fB\-name arg\fR] +[\fB\-list_curve\fR] +[\fB\-conv_form arg\fR] +[\fB\-param_enc arg\fR] +[\fB\-no_seed\fR] +[\fB\-rand file(s)\fR] +[\fB\-genkey\fR] +[\fB\-engine id\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command is used to manipulate or generate \s-1EC\s0 parameter files. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-inform DER|PEM\fR" 4 +.IX Item "-inform DER|PEM" +This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN\s0.1 \s-1DER\s0 encoded +form compatible with \s-1RFC\s0 3279 EcpkParameters. The \s-1PEM\s0 form is the default +format: it consists of the \fB\s-1DER\s0\fR format base64 encoded with additional +header and footer lines. +.IP "\fB\-outform DER|PEM\fR" 4 +.IX Item "-outform DER|PEM" +This specifies the output format, the options have the same meaning as the +\&\fB\-inform\fR option. +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read parameters from or standard input if +this option is not specified. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +This specifies the output filename parameters to. Standard output is used +if this option is not present. The output filename should \fBnot\fR be the same +as the input filename. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +This option inhibits the output of the encoded version of the parameters. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +This option prints out the \s-1EC\s0 parameters in human readable form. +.IP "\fB\-C\fR" 4 +.IX Item "-C" +This option converts the \s-1EC\s0 parameters into C code. The parameters can then +be loaded by calling the \fB\f(BIget_ec_group_XXX()\fB\fR function. +.IP "\fB\-check\fR" 4 +.IX Item "-check" +Validate the elliptic curve parameters. +.IP "\fB\-name arg\fR" 4 +.IX Item "-name arg" +Use the \s-1EC\s0 parameters with the specified 'short' name. Use \fB\-list_curves\fR +to get a list of all currently implemented \s-1EC\s0 parameters. +.IP "\fB\-list_curves\fR" 4 +.IX Item "-list_curves" +If this options is specified \fBecparam\fR will print out a list of all +currently implemented \s-1EC\s0 parameters names and exit. +.IP "\fB\-conv_form\fR" 4 +.IX Item "-conv_form" +This specifies how the points on the elliptic curve are converted +into octet strings. Possible values are: \fBcompressed\fR (the default +value), \fBuncompressed\fR and \fBhybrid\fR. For more information regarding +the point conversion forms please read the X9.62 standard. +\&\fBNote\fR Due to patent issues the \fBcompressed\fR option is disabled +by default for binary curves and can be enabled by defining +the preprocessor macro \fB\s-1OPENSSL_EC_BIN_PT_COMP\s0\fR at compile time. +.IP "\fB\-param_enc arg\fR" 4 +.IX Item "-param_enc arg" +This specifies how the elliptic curve parameters are encoded. +Possible value are: \fBnamed_curve\fR, i.e. the ec parameters are +specified by a \s-1OID\s0, or \fBexplicit\fR where the ec parameters are +explicitly given (see \s-1RFC\s0 3279 for the definition of the +\&\s-1EC\s0 parameters structures). The default value is \fBnamed_curve\fR. +\&\fBNote\fR the \fBimplicitlyCA\fR alternative ,as specified in \s-1RFC\s0 3279, +is currently not implemented in OpenSSL. +.IP "\fB\-no_seed\fR" 4 +.IX Item "-no_seed" +This option inhibits that the 'seed' for the parameter generation +is included in the ECParameters structure (see \s-1RFC\s0 3279). +.IP "\fB\-genkey\fR" 4 +.IX Item "-genkey" +This option will generate a \s-1EC\s0 private key using the specified parameters. +.IP "\fB\-rand file(s)\fR" 4 +.IX Item "-rand file(s)" +a file or files containing random data used to seed the random number +generator, or an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)). +Multiple files can be specified separated by a OS-dependent character. +The separator is \fB;\fR for MS\-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.IP "\fB\-engine id\fR" 4 +.IX Item "-engine id" +specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1PEM\s0 format \s-1EC\s0 parameters use the header and footer lines: +.PP +.Vb 2 +\& -----BEGIN EC PARAMETERS----- +\& -----END EC PARAMETERS----- +.Ve +.PP +OpenSSL is currently not able to generate new groups and therefore +\&\fBecparam\fR can only create \s-1EC\s0 parameters from known (named) curves. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +To create \s-1EC\s0 parameters with the group 'prime192v1': +.PP +.Vb 1 +\& openssl ecparam -out ec_param.pem -name prime192v1 +.Ve +.PP +To create \s-1EC\s0 parameters with explicit parameters: +.PP +.Vb 1 +\& openssl ecparam -out ec_param.pem -name prime192v1 -param_enc explicit +.Ve +.PP +To validate given \s-1EC\s0 parameters: +.PP +.Vb 1 +\& openssl ecparam -in ec_param.pem -check +.Ve +.PP +To create \s-1EC\s0 parameters and a private key: +.PP +.Vb 1 +\& openssl ecparam -out ec_key.pem -name prime192v1 -genkey +.Ve +.PP +To change the point encoding to 'compressed': +.PP +.Vb 1 +\& openssl ecparam -in ec_in.pem -out ec_out.pem -conv_form compressed +.Ve +.PP +To print out the \s-1EC\s0 parameters to standard output: +.PP +.Vb 1 +\& openssl ecparam -in ec_param.pem -noout -text +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIec\fR\|(1), \fIdsaparam\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +The ecparam command was first introduced in OpenSSL 0.9.8. +.SH "AUTHOR" +.IX Header "AUTHOR" +Nils Larsch for the OpenSSL project (http://www.openssl.org) diff --git a/secure/usr.bin/openssl/man/enc.1 b/secure/usr.bin/openssl/man/enc.1 index 9152e4a..61eaedd 100644 --- a/secure/usr.bin/openssl/man/enc.1 +++ b/secure/usr.bin/openssl/man/enc.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "ENC 1" -.TH ENC 1 "2005-02-25" "0.9.7d" "OpenSSL" +.TH ENC 1 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" enc \- symmetric cipher routines .SH "SYNOPSIS" @@ -302,14 +302,14 @@ Blowfish and \s-1RC5\s0 algorithms use a 128 bit key. .PP .Vb 4 \& des-ede-cbc Two key triple DES EDE in CBC mode -\& des-ede Alias for des-ede +\& des-ede Two key triple DES EDE in ECB mode \& des-ede-cfb Two key triple DES EDE in CFB mode \& des-ede-ofb Two key triple DES EDE in OFB mode .Ve .PP .Vb 5 \& des-ede3-cbc Three key triple DES EDE in CBC mode -\& des-ede3 Alias for des-ede3-cbc +\& des-ede3 Three key triple DES EDE in ECB mode \& des3 Alias for des-ede3-cbc \& des-ede3-cfb Three key triple DES EDE CFB mode \& des-ede3-ofb Three key triple DES EDE in OFB mode @@ -330,9 +330,9 @@ Blowfish and \s-1RC5\s0 algorithms use a 128 bit key. .Vb 7 \& rc2-cbc 128 bit RC2 in CBC mode \& rc2 Alias for rc2-cbc -\& rc2-cfb 128 bit RC2 in CBC mode -\& rc2-ecb 128 bit RC2 in CBC mode -\& rc2-ofb 128 bit RC2 in CBC mode +\& rc2-cfb 128 bit RC2 in CFB mode +\& rc2-ecb 128 bit RC2 in ECB mode +\& rc2-ofb 128 bit RC2 in OFB mode \& rc2-64-cbc 64 bit RC2 in CBC mode \& rc2-40-cbc 40 bit RC2 in CBC mode .Ve @@ -346,9 +346,9 @@ Blowfish and \s-1RC5\s0 algorithms use a 128 bit key. .Vb 5 \& rc5-cbc RC5 cipher in CBC mode \& rc5 Alias for rc5-cbc -\& rc5-cfb RC5 cipher in CBC mode -\& rc5-ecb RC5 cipher in CBC mode -\& rc5-ofb RC5 cipher in CBC mode +\& rc5-cfb RC5 cipher in CFB mode +\& rc5-ecb RC5 cipher in ECB mode +\& rc5-ofb RC5 cipher in OFB mode .Ve .SH "EXAMPLES" .IX Header "EXAMPLES" diff --git a/secure/usr.bin/openssl/man/errstr.1 b/secure/usr.bin/openssl/man/errstr.1 new file mode 100644 index 0000000..a2cc571 --- /dev/null +++ b/secure/usr.bin/openssl/man/errstr.1 @@ -0,0 +1,167 @@ +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERRSTR 1" +.TH ERRSTR 1 "2006-07-29" "0.9.8b" "OpenSSL" +.SH "NAME" +errstr \- lookup error codes +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl errstr error_code\fR +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Sometimes an application will not load error message and only +numerical forms will be available. The \fBerrstr\fR utility can be used to +display the meaning of the hex code. The hex code is the hex digits after the +second colon. +.SH "EXAMPLE" +.IX Header "EXAMPLE" +The error code: +.PP +.Vb 1 +\& 27594:error:2006D080:lib(32):func(109):reason(128):bss_file.c:107: +.Ve +.PP +can be displayed with: +.PP +.Vb 1 +\& openssl errstr 2006D080 +.Ve +.PP +to produce the error message: +.PP +.Vb 1 +\& error:2006D080:BIO routines:BIO_new_file:no such file +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIerr\fR\|(3), +\&\fIERR_load_crypto_strings\fR\|(3), +\&\fISSL_load_error_strings\fR\|(3) diff --git a/secure/usr.bin/openssl/man/gendsa.1 b/secure/usr.bin/openssl/man/gendsa.1 index 1d69e33..2c5bd54 100644 --- a/secure/usr.bin/openssl/man/gendsa.1 +++ b/secure/usr.bin/openssl/man/gendsa.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "GENDSA 1" -.TH GENDSA 1 "2005-02-25" "0.9.7d" "OpenSSL" +.TH GENDSA 1 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" gendsa \- generate a DSA private key from a set of parameters .SH "SYNOPSIS" diff --git a/secure/usr.bin/openssl/man/genrsa.1 b/secure/usr.bin/openssl/man/genrsa.1 index 589d10b..41e32c1 100644 --- a/secure/usr.bin/openssl/man/genrsa.1 +++ b/secure/usr.bin/openssl/man/genrsa.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "GENRSA 1" -.TH GENRSA 1 "2005-02-25" "0.9.7d" "OpenSSL" +.TH GENRSA 1 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" genrsa \- generate an RSA private key .SH "SYNOPSIS" diff --git a/secure/usr.bin/openssl/man/nseq.1 b/secure/usr.bin/openssl/man/nseq.1 index 605e699..7737e48 100644 --- a/secure/usr.bin/openssl/man/nseq.1 +++ b/secure/usr.bin/openssl/man/nseq.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "NSEQ 1" -.TH NSEQ 1 "2005-02-25" "0.9.7d" "OpenSSL" +.TH NSEQ 1 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" nseq \- create or examine a netscape certificate sequence .SH "SYNOPSIS" diff --git a/secure/usr.bin/openssl/man/ocsp.1 b/secure/usr.bin/openssl/man/ocsp.1 index 66694b5..14f15ce 100644 --- a/secure/usr.bin/openssl/man/ocsp.1 +++ b/secure/usr.bin/openssl/man/ocsp.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "OCSP 1" -.TH OCSP 1 "2005-02-25" "0.9.7d" "OpenSSL" +.TH OCSP 1 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" ocsp \- Online Certificate Status Protocol utility .SH "SYNOPSIS" diff --git a/secure/usr.bin/openssl/man/openssl.1 b/secure/usr.bin/openssl/man/openssl.1 index d29225f..55ef87e 100644 --- a/secure/usr.bin/openssl/man/openssl.1 +++ b/secure/usr.bin/openssl/man/openssl.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL 1" -.TH OPENSSL 1 "2005-02-25" "0.9.7d" "OpenSSL" +.TH OPENSSL 1 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" openssl \- OpenSSL command line tool .SH "SYNOPSIS" diff --git a/secure/usr.bin/openssl/man/passwd.1 b/secure/usr.bin/openssl/man/passwd.1 index 55bb623..63c35de 100644 --- a/secure/usr.bin/openssl/man/passwd.1 +++ b/secure/usr.bin/openssl/man/passwd.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "PASSWD 1" -.TH PASSWD 1 "2005-02-25" "0.9.7d" "OpenSSL" +.TH PASSWD 1 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" passwd \- compute password hashes .SH "SYNOPSIS" diff --git a/secure/usr.bin/openssl/man/pkcs12.1 b/secure/usr.bin/openssl/man/pkcs12.1 index 0eb7690..16486403 100644 --- a/secure/usr.bin/openssl/man/pkcs12.1 +++ b/secure/usr.bin/openssl/man/pkcs12.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "PKCS12 1" -.TH PKCS12 1 "2005-02-25" "0.9.7d" "OpenSSL" +.TH PKCS12 1 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" pkcs12 \- PKCS#12 file utility .SH "SYNOPSIS" diff --git a/secure/usr.bin/openssl/man/pkcs7.1 b/secure/usr.bin/openssl/man/pkcs7.1 index 18f1e2c..72bf255 100644 --- a/secure/usr.bin/openssl/man/pkcs7.1 +++ b/secure/usr.bin/openssl/man/pkcs7.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7 1" -.TH PKCS7 1 "2005-02-25" "0.9.7d" "OpenSSL" +.TH PKCS7 1 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" pkcs7 \- PKCS#7 utility .SH "SYNOPSIS" diff --git a/secure/usr.bin/openssl/man/pkcs8.1 b/secure/usr.bin/openssl/man/pkcs8.1 index fcf25e7..3ebc833 100644 --- a/secure/usr.bin/openssl/man/pkcs8.1 +++ b/secure/usr.bin/openssl/man/pkcs8.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "PKCS8 1" -.TH PKCS8 1 "2005-02-25" "0.9.7d" "OpenSSL" +.TH PKCS8 1 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" pkcs8 \- PKCS#8 format private key conversion tool .SH "SYNOPSIS" diff --git a/secure/usr.bin/openssl/man/rand.1 b/secure/usr.bin/openssl/man/rand.1 index b7b351c..9bc6303 100644 --- a/secure/usr.bin/openssl/man/rand.1 +++ b/secure/usr.bin/openssl/man/rand.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RAND 1" -.TH RAND 1 "2005-02-25" "0.9.7d" "OpenSSL" +.TH RAND 1 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" rand \- generate pseudo\-random bytes .SH "SYNOPSIS" diff --git a/secure/usr.bin/openssl/man/req.1 b/secure/usr.bin/openssl/man/req.1 index 0b4718d..031e81d 100644 --- a/secure/usr.bin/openssl/man/req.1 +++ b/secure/usr.bin/openssl/man/req.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "REQ 1" -.TH REQ 1 "2005-02-25" "0.9.7d" "OpenSSL" +.TH REQ 1 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" req \- PKCS#10 certificate request and certificate generating utility. .SH "SYNOPSIS" @@ -157,6 +157,7 @@ req \- PKCS#10 certificate request and certificate generating utility. [\fB\-[md5|sha1|md2|mdc2]\fR] [\fB\-config filename\fR] [\fB\-subj arg\fR] +[\fB\-multivalue\-rdn\fR] [\fB\-x509\fR] [\fB\-days n\fR] [\fB\-set_serial n\fR] @@ -275,6 +276,14 @@ sets subject name for new request or supersedes the subject name when processing a request. The arg must be formatted as \fI/type0=value0/type1=value1/type2=...\fR, characters may be escaped by \e (backslash), no spaces are skipped. +.IP "\fB\-multivalue\-rdn\fR" 4 +.IX Item "-multivalue-rdn" +this option causes the \-subj argument to be interpreted with full +support for multivalued RDNs. Example: +.Sp +\&\fI/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe\fR +.Sp +If \-multi\-rdn is not used then the \s-1UID\s0 value is \fI123456+CN=John Doe\fR. .IP "\fB\-x509\fR" 4 .IX Item "-x509" this option outputs a self signed certificate instead of a certificate diff --git a/secure/usr.bin/openssl/man/rsa.1 b/secure/usr.bin/openssl/man/rsa.1 index e0ee2fe..717db81 100644 --- a/secure/usr.bin/openssl/man/rsa.1 +++ b/secure/usr.bin/openssl/man/rsa.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RSA 1" -.TH RSA 1 "2005-02-25" "0.9.7d" "OpenSSL" +.TH RSA 1 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" rsa \- RSA key processing tool .SH "SYNOPSIS" diff --git a/secure/usr.bin/openssl/man/rsautl.1 b/secure/usr.bin/openssl/man/rsautl.1 index a46de46..5d1541b 100644 --- a/secure/usr.bin/openssl/man/rsautl.1 +++ b/secure/usr.bin/openssl/man/rsautl.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RSAUTL 1" -.TH RSAUTL 1 "2005-02-25" "0.9.7d" "OpenSSL" +.TH RSAUTL 1 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" rsautl \- RSA utility .SH "SYNOPSIS" diff --git a/secure/usr.bin/openssl/man/s_client.1 b/secure/usr.bin/openssl/man/s_client.1 index 3c1afbc..04b042f 100644 --- a/secure/usr.bin/openssl/man/s_client.1 +++ b/secure/usr.bin/openssl/man/s_client.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "S_CLIENT 1" -.TH S_CLIENT 1 "2005-02-25" "0.9.7d" "OpenSSL" +.TH S_CLIENT 1 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" s_client \- SSL/TLS client program .SH "SYNOPSIS" @@ -138,7 +138,10 @@ s_client \- SSL/TLS client program [\fB\-connect host:port\fR] [\fB\-verify depth\fR] [\fB\-cert filename\fR] +[\fB\-certform DER|PEM\fR] [\fB\-key filename\fR] +[\fB\-keyform DER|PEM\fR] +[\fB\-pass arg\fR] [\fB\-CApath directory\fR] [\fB\-CAfile filename\fR] [\fB\-reconnect\fR] @@ -178,10 +181,20 @@ then an attempt is made to connect to the local host on port 4433. .IX Item "-cert certname" The certificate to use, if one is requested by the server. The default is not to use a certificate. +.IP "\fB\-certform format\fR" 4 +.IX Item "-certform format" +The certificate format to use: \s-1DER\s0 or \s-1PEM\s0. \s-1PEM\s0 is the default. .IP "\fB\-key keyfile\fR" 4 .IX Item "-key keyfile" The private key to use. If not specified then the certificate file will be used. +.IP "\fB\-keyform format\fR" 4 +.IX Item "-keyform format" +The private format to use: \s-1DER\s0 or \s-1PEM\s0. \s-1PEM\s0 is the default. +.IP "\fB\-pass arg\fR" 4 +.IX Item "-pass arg" +the private key password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). .IP "\fB\-verify depth\fR" 4 .IX Item "-verify depth" The verify depth to use. This specifies the maximum length of the diff --git a/secure/usr.bin/openssl/man/s_server.1 b/secure/usr.bin/openssl/man/s_server.1 index 79d774f..0e17647 100644 --- a/secure/usr.bin/openssl/man/s_server.1 +++ b/secure/usr.bin/openssl/man/s_server.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "S_SERVER 1" -.TH S_SERVER 1 "2005-02-25" "0.9.7d" "OpenSSL" +.TH S_SERVER 1 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" s_server \- SSL/TLS server program .SH "SYNOPSIS" @@ -140,9 +140,15 @@ s_server \- SSL/TLS server program [\fB\-verify depth\fR] [\fB\-Verify depth\fR] [\fB\-cert filename\fR] +[\fB\-certform DER|PEM\fR] [\fB\-key keyfile\fR] +[\fB\-keyform DER|PEM\fR] +[\fB\-pass arg\fR] [\fB\-dcert filename\fR] +[\fB\-dcertform DER|PEM\fR] [\fB\-dkey keyfile\fR] +[\fB\-dkeyform DER|PEM\fR] +[\fB\-dpass arg\fR] [\fB\-dhparam filename\fR] [\fB\-nbio\fR] [\fB\-nbio_test\fR] @@ -190,10 +196,20 @@ The certificate to use, most servers cipher suites require the use of a certificate and some require a certificate with a certain public key type: for example the \s-1DSS\s0 cipher suites require a certificate containing a \s-1DSS\s0 (\s-1DSA\s0) key. If not specified then the filename \*(L"server.pem\*(R" will be used. +.IP "\fB\-certform format\fR" 4 +.IX Item "-certform format" +The certificate format to use: \s-1DER\s0 or \s-1PEM\s0. \s-1PEM\s0 is the default. .IP "\fB\-key keyfile\fR" 4 .IX Item "-key keyfile" The private key to use. If not specified then the certificate file will be used. +.IP "\fB\-keyform format\fR" 4 +.IX Item "-keyform format" +The private format to use: \s-1DER\s0 or \s-1PEM\s0. \s-1PEM\s0 is the default. +.IP "\fB\-pass arg\fR" 4 +.IX Item "-pass arg" +the private key password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). .IP "\fB\-dcert filename\fR, \fB\-dkey keyname\fR" 4 .IX Item "-dcert filename, -dkey keyname" specify an additional certificate and private key, these behave in the @@ -204,6 +220,9 @@ a certain type. Some cipher suites need a certificate carrying an \s-1RSA\s0 key and some a \s-1DSS\s0 (\s-1DSA\s0) key. By using \s-1RSA\s0 and \s-1DSS\s0 certificates and keys a server can support clients which only support \s-1RSA\s0 or \s-1DSS\s0 cipher suites by using an appropriate certificate. +.IP "\fB\-dcertform format\fR, \fB\-dkeyform format\fR, \fB\-dpass arg\fR" 4 +.IX Item "-dcertform format, -dkeyform format, -dpass arg" +addtional certificate and private key format and passphrase respectively. .IP "\fB\-nocert\fR" 4 .IX Item "-nocert" if this option is set then no certificate is used. This restricts the diff --git a/secure/usr.bin/openssl/man/s_time.1 b/secure/usr.bin/openssl/man/s_time.1 index 03b6e0e..60ac6e2 100644 --- a/secure/usr.bin/openssl/man/s_time.1 +++ b/secure/usr.bin/openssl/man/s_time.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "S_TIME 1" -.TH S_TIME 1 "2005-02-25" "0.9.7d" "OpenSSL" +.TH S_TIME 1 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" s_time \- SSL/TLS performance timing program .SH "SYNOPSIS" diff --git a/secure/usr.bin/openssl/man/sess_id.1 b/secure/usr.bin/openssl/man/sess_id.1 index 4ade266..c71a128 100644 --- a/secure/usr.bin/openssl/man/sess_id.1 +++ b/secure/usr.bin/openssl/man/sess_id.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SESS_ID 1" -.TH SESS_ID 1 "2005-02-25" "0.9.7d" "OpenSSL" +.TH SESS_ID 1 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" sess_id \- SSL/TLS session handling utility .SH "SYNOPSIS" diff --git a/secure/usr.bin/openssl/man/smime.1 b/secure/usr.bin/openssl/man/smime.1 index 66f86bc..c283c73 100644 --- a/secure/usr.bin/openssl/man/smime.1 +++ b/secure/usr.bin/openssl/man/smime.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SMIME 1" -.TH SMIME 1 "2005-02-25" "0.9.7d" "OpenSSL" +.TH SMIME 1 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" smime \- S/MIME utility .SH "SYNOPSIS" diff --git a/secure/usr.bin/openssl/man/speed.1 b/secure/usr.bin/openssl/man/speed.1 index d659da2..841ea5c 100644 --- a/secure/usr.bin/openssl/man/speed.1 +++ b/secure/usr.bin/openssl/man/speed.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SPEED 1" -.TH SPEED 1 "2005-02-25" "0.9.7d" "OpenSSL" +.TH SPEED 1 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" speed \- test library performance .SH "SYNOPSIS" diff --git a/secure/usr.bin/openssl/man/spkac.1 b/secure/usr.bin/openssl/man/spkac.1 index 64bb77d..60691e3 100644 --- a/secure/usr.bin/openssl/man/spkac.1 +++ b/secure/usr.bin/openssl/man/spkac.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SPKAC 1" -.TH SPKAC 1 "2005-02-25" "0.9.7d" "OpenSSL" +.TH SPKAC 1 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" spkac \- SPKAC printing and generating utility .SH "SYNOPSIS" diff --git a/secure/usr.bin/openssl/man/verify.1 b/secure/usr.bin/openssl/man/verify.1 index 2c6eec4..3fc0cfe 100644 --- a/secure/usr.bin/openssl/man/verify.1 +++ b/secure/usr.bin/openssl/man/verify.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "VERIFY 1" -.TH VERIFY 1 "2005-02-25" "0.9.7d" "OpenSSL" +.TH VERIFY 1 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" verify \- Utility to verify certificates. .SH "SYNOPSIS" diff --git a/secure/usr.bin/openssl/man/version.1 b/secure/usr.bin/openssl/man/version.1 index 9bb441d..87b840e 100644 --- a/secure/usr.bin/openssl/man/version.1 +++ b/secure/usr.bin/openssl/man/version.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "VERSION 1" -.TH VERSION 1 "2005-02-25" "0.9.7d" "OpenSSL" +.TH VERSION 1 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" version \- print OpenSSL version information .SH "SYNOPSIS" diff --git a/secure/usr.bin/openssl/man/x509.1 b/secure/usr.bin/openssl/man/x509.1 index a61b513..a798d1f 100644 --- a/secure/usr.bin/openssl/man/x509.1 +++ b/secure/usr.bin/openssl/man/x509.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "X509 1" -.TH X509 1 "2005-02-25" "0.9.7d" "OpenSSL" +.TH X509 1 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" x509 \- Certificate display and signing utility .SH "SYNOPSIS" @@ -144,6 +144,8 @@ x509 \- Certificate display and signing utility [\fB\-out filename\fR] [\fB\-serial\fR] [\fB\-hash\fR] +[\fB\-subject_hash\fR] +[\fB\-issuer_hash\fR] [\fB\-subject\fR] [\fB\-issuer\fR] [\fB\-nameopt option\fR] @@ -215,8 +217,8 @@ default. .IX Item "-md2|-md5|-sha1|-mdc2" the digest to use. This affects any signing or display option that uses a message digest, such as the \fB\-fingerprint\fR, \fB\-signkey\fR and \fB\-CA\fR options. If not -specified then \s-1MD5\s0 is used. If the key being used to sign with is a \s-1DSA\s0 key then -this option has no effect: \s-1SHA1\s0 is always used with \s-1DSA\s0 keys. +specified then \s-1SHA1\s0 is used. If the key being used to sign with is a \s-1DSA\s0 key +then this option has no effect: \s-1SHA1\s0 is always used with \s-1DSA\s0 keys. .IP "\fB\-engine id\fR" 4 .IX Item "-engine id" specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR @@ -248,11 +250,17 @@ contained in the certificate. .IP "\fB\-serial\fR" 4 .IX Item "-serial" outputs the certificate serial number. -.IP "\fB\-hash\fR" 4 -.IX Item "-hash" +.IP "\fB\-subject_hash\fR" 4 +.IX Item "-subject_hash" outputs the \*(L"hash\*(R" of the certificate subject name. This is used in OpenSSL to form an index to allow certificates in a directory to be looked up by subject name. +.IP "\fB\-issuer_hash\fR" 4 +.IX Item "-issuer_hash" +outputs the \*(L"hash\*(R" of the certificate issuer name. +.IP "\fB\-hash\fR" 4 +.IX Item "-hash" +synonym for \*(L"\-hash\*(R" for backward compatibility reasons. .IP "\fB\-subject\fR" 4 .IX Item "-subject" outputs the subject name. @@ -838,3 +846,6 @@ OpenSSL 0.9.5 and later. .IX Header "SEE ALSO" \&\fIreq\fR\|(1), \fIca\fR\|(1), \fIgenrsa\fR\|(1), \&\fIgendsa\fR\|(1), \fIverify\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +Before OpenSSL 0.9.8, the default digest for \s-1RSA\s0 keys was \s-1MD5\s0. diff --git a/secure/usr.bin/openssl/man/x509v3_config.1 b/secure/usr.bin/openssl/man/x509v3_config.1 new file mode 100644 index 0000000..c97538c --- /dev/null +++ b/secure/usr.bin/openssl/man/x509v3_config.1 @@ -0,0 +1,642 @@ +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509V3_CONFIG 1" +.TH X509V3_CONFIG 1 "2006-07-29" "0.9.8b" "OpenSSL" +.SH "NAME" +x509v3_config \- X509 V3 certificate extension configuration format +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Several of the OpenSSL utilities can add extensions to a certificate or +certificate request based on the contents of a configuration file. +.PP +Typically the application will contain an option to point to an extension +section. Each line of the extension section takes the form: +.PP +.Vb 1 +\& extension_name=[critical,] extension_options +.Ve +.PP +If \fBcritical\fR is present then the extension will be critical. +.PP +The format of \fBextension_options\fR depends on the value of \fBextension_name\fR. +.PP +There are four main types of extension: \fIstring\fR extensions, \fImulti-valued\fR +extensions, \fIraw\fR and \fIarbitrary\fR extensions. +.PP +String extensions simply have a string which contains either the value itself +or how it is obtained. +.PP +For example: +.PP +.Vb 1 +\& nsComment="This is a Comment" +.Ve +.PP +Multi-valued extensions have a short form and a long form. The short form +is a list of names and values: +.PP +.Vb 1 +\& basicConstraints=critical,CA:true,pathlen:1 +.Ve +.PP +The long form allows the values to be placed in a separate section: +.PP +.Vb 1 +\& basicConstraints=critical,@bs_section +.Ve +.PP +.Vb 1 +\& [bs_section] +.Ve +.PP +.Vb 2 +\& CA=true +\& pathlen=1 +.Ve +.PP +Both forms are equivalent. +.PP +The syntax of raw extensions is governed by the extension code: it can +for example contain data in multiple sections. The correct syntax to +use is defined by the extension code itself: check out the certificate +policies extension for an example. +.PP +If an extension type is unsupported then the \fIarbitrary\fR extension syntax +must be used, see the \s-1ARBITRART\s0 \s-1EXTENSIONS\s0 section for more details. +.SH "STANDARD EXTENSIONS" +.IX Header "STANDARD EXTENSIONS" +The following sections describe each supported extension in detail. +.Sh "Basic Constraints." +.IX Subsection "Basic Constraints." +This is a multi valued extension which indicates whether a certificate is +a \s-1CA\s0 certificate. The first (mandatory) name is \fB\s-1CA\s0\fR followed by \fB\s-1TRUE\s0\fR or +\&\fB\s-1FALSE\s0\fR. If \fB\s-1CA\s0\fR is \fB\s-1TRUE\s0\fR then an optional \fBpathlen\fR name followed by an +non-negative value can be included. +.PP +For example: +.PP +.Vb 1 +\& basicConstraints=CA:TRUE +.Ve +.PP +.Vb 1 +\& basicConstraints=CA:FALSE +.Ve +.PP +.Vb 1 +\& basicConstraints=critical,CA:TRUE, pathlen:0 +.Ve +.PP +A \s-1CA\s0 certificate \fBmust\fR include the basicConstraints value with the \s-1CA\s0 field +set to \s-1TRUE\s0. An end user certificate must either set \s-1CA\s0 to \s-1FALSE\s0 or exclude the +extension entirely. Some software may require the inclusion of basicConstraints +with \s-1CA\s0 set to \s-1FALSE\s0 for end entity certificates. +.PP +The pathlen parameter indicates the maximum number of CAs that can appear +below this one in a chain. So if you have a \s-1CA\s0 with a pathlen of zero it can +only be used to sign end user certificates and not further CAs. +.Sh "Key Usage." +.IX Subsection "Key Usage." +Key usage is a multi valued extension consisting of a list of names of the +permitted key usages. +.PP +The supporte names are: digitalSignature, nonRepudiation, keyEncipherment, +dataEncipherment, keyAgreement, keyCertSign, cRLSign, encipherOnly +and decipherOnly. +.PP +Examples: +.PP +.Vb 1 +\& keyUsage=digitalSignature, nonRepudiation +.Ve +.PP +.Vb 1 +\& keyUsage=critical, keyCertSign +.Ve +.Sh "Extended Key Usage." +.IX Subsection "Extended Key Usage." +This extensions consists of a list of usages indicating purposes for which +the certificate public key can be used for, +.PP +These can either be object short names of the dotted numerical form of OIDs. +While any \s-1OID\s0 can be used only certain values make sense. In particular the +following \s-1PKIX\s0, \s-1NS\s0 and \s-1MS\s0 values are meaningful: +.PP +.Vb 13 +\& Value Meaning +\& ----- ------- +\& serverAuth SSL/TLS Web Server Authentication. +\& clientAuth SSL/TLS Web Client Authentication. +\& codeSigning Code signing. +\& emailProtection E-mail Protection (S/MIME). +\& timeStamping Trusted Timestamping +\& msCodeInd Microsoft Individual Code Signing (authenticode) +\& msCodeCom Microsoft Commercial Code Signing (authenticode) +\& msCTLSign Microsoft Trust List Signing +\& msSGC Microsoft Server Gated Crypto +\& msEFS Microsoft Encrypted File System +\& nsSGC Netscape Server Gated Crypto +.Ve +.PP +Examples: +.PP +.Vb 2 +\& extendedKeyUsage=critical,codeSigning,1.2.3.4 +\& extendedKeyUsage=nsSGC,msSGC +.Ve +.Sh "Subject Key Identifier." +.IX Subsection "Subject Key Identifier." +This is really a string extension and can take two possible values. Either +the word \fBhash\fR which will automatically follow the guidelines in \s-1RFC3280\s0 +or a hex string giving the extension value to include. The use of the hex +string is strongly discouraged. +.PP +Example: +.PP +.Vb 1 +\& subjectKeyIdentifier=hash +.Ve +.Sh "Authority Key Identifier." +.IX Subsection "Authority Key Identifier." +The authority key identifier extension permits two options. keyid and issuer: +both can take the optional value \*(L"always\*(R". +.PP +If the keyid option is present an attempt is made to copy the subject key +identifier from the parent certificate. If the value \*(L"always\*(R" is present +then an error is returned if the option fails. +.PP +The issuer option copies the issuer and serial number from the issuer +certificate. This will only be done if the keyid option fails or +is not included unless the \*(L"always\*(R" flag will always include the value. +.PP +Example: +.PP +.Vb 1 +\& authorityKeyIdentifier=keyid,issuer +.Ve +.Sh "Subject Alternative Name." +.IX Subsection "Subject Alternative Name." +The subject alternative name extension allows various literal values to be +included in the configuration file. These include \fBemail\fR (an email address) +\&\fB\s-1URI\s0\fR a uniform resource indicator, \fB\s-1DNS\s0\fR (a \s-1DNS\s0 domain name), \fB\s-1RID\s0\fR (a +registered \s-1ID:\s0 \s-1OBJECT\s0 \s-1IDENTIFIER\s0), \fB\s-1IP\s0\fR (an \s-1IP\s0 address), \fBdirName\fR +(a distinguished name) and otherName. +.PP +The email option include a special 'copy' value. This will automatically +include and email addresses contained in the certificate subject name in +the extension. +.PP +The \s-1IP\s0 address used in the \fB\s-1IP\s0\fR options can be in either IPv4 or IPv6 format. +.PP +The value of \fBdirName\fR should point to a section containing the distinguished +name to use as a set of name value pairs. Multi values AVAs can be formed by +preceeding the name with a \fB+\fR character. +.PP +otherName can include arbitrary data associated with an \s-1OID:\s0 the value +should be the \s-1OID\s0 followed by a semicolon and the content in standard +\&\fIASN1_generate_nconf()\fR format. +.PP +Examples: +.PP +.Vb 5 +\& subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/ +\& subjectAltName=IP:192.168.7.1 +\& subjectAltName=IP:13::17 +\& subjectAltName=email:my@other.address,RID:1.2.3.4 +\& subjectAltName=otherName:1.2.3.4;UTF8:some other identifier +.Ve +.PP +.Vb 1 +\& subjectAltName=dirName:dir_sect +.Ve +.PP +.Vb 5 +\& [dir_sect] +\& C=UK +\& O=My Organization +\& OU=My Unit +\& CN=My Name +.Ve +.Sh "Issuer Alternative Name." +.IX Subsection "Issuer Alternative Name." +The issuer alternative name option supports all the literal options of +subject alternative name. It does \fBnot\fR support the email:copy option because +that would not make sense. It does support an additional issuer:copy option +that will copy all the subject alternative name values from the issuer +certificate (if possible). +.PP +Example: +.PP +.Vb 1 +\& issuserAltName = issuer:copy +.Ve +.Sh "Authority Info Access." +.IX Subsection "Authority Info Access." +The authority information access extension gives details about how to access +certain information relating to the \s-1CA\s0. Its syntax is accessOID;location +where \fIlocation\fR has the same syntax as subject alternative name (except +that email:copy is not supported). accessOID can be any valid \s-1OID\s0 but only +certain values are meaningful, for example \s-1OCSP\s0 and caIssuers. +.PP +Example: +.PP +.Vb 2 +\& authorityInfoAccess = OCSP;URI:http://ocsp.my.host/ +\& authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html +.Ve +.Sh "\s-1CRL\s0 distribution points." +.IX Subsection "CRL distribution points." +This is a multi-valued extension that supports all the literal options of +subject alternative name. Of the few software packages that currently interpret +this extension most only interpret the \s-1URI\s0 option. +.PP +Currently each option will set a new DistributionPoint with the fullName +field set to the given value. +.PP +Other fields like cRLissuer and reasons cannot currently be set or displayed: +at this time no examples were available that used these fields. +.PP +Examples: +.PP +.Vb 2 +\& crlDistributionPoints=URI:http://myhost.com/myca.crl +\& crlDistributionPoints=URI:http://my.com/my.crl,URI:http://oth.com/my.crl +.Ve +.Sh "Certificate Policies." +.IX Subsection "Certificate Policies." +This is a \fIraw\fR extension. All the fields of this extension can be set by +using the appropriate syntax. +.PP +If you follow the \s-1PKIX\s0 recommendations and just using one \s-1OID\s0 then you just +include the value of that \s-1OID\s0. Multiple OIDs can be set separated by commas, +for example: +.PP +.Vb 1 +\& certificatePolicies= 1.2.4.5, 1.1.3.4 +.Ve +.PP +If you wish to include qualifiers then the policy \s-1OID\s0 and qualifiers need to +be specified in a separate section: this is done by using the \f(CW@section\fR syntax +instead of a literal \s-1OID\s0 value. +.PP +The section referred to must include the policy \s-1OID\s0 using the name +policyIdentifier, cPSuri qualifiers can be included using the syntax: +.PP +.Vb 1 +\& CPS.nnn=value +.Ve +.PP +userNotice qualifiers can be set using the syntax: +.PP +.Vb 1 +\& userNotice.nnn=@notice +.Ve +.PP +The value of the userNotice qualifier is specified in the relevant section. +This section can include explicitText, organization and noticeNumbers +options. explicitText and organization are text strings, noticeNumbers is a +comma separated list of numbers. The organization and noticeNumbers options +(if included) must \s-1BOTH\s0 be present. If you use the userNotice option with \s-1IE5\s0 +then you need the 'ia5org' option at the top level to modify the encoding: +otherwise it will not be interpreted properly. +.PP +Example: +.PP +.Vb 1 +\& certificatePolicies=ia5org,1.2.3.4,1.5.6.7.8,@polsect +.Ve +.PP +.Vb 1 +\& [polsect] +.Ve +.PP +.Vb 4 +\& policyIdentifier = 1.3.5.8 +\& CPS.1="http://my.host.name/" +\& CPS.2="http://my.your.name/" +\& userNotice.1=@notice +.Ve +.PP +.Vb 1 +\& [notice] +.Ve +.PP +.Vb 3 +\& explicitText="Explicit Text Here" +\& organization="Organisation Name" +\& noticeNumbers=1,2,3,4 +.Ve +.PP +The \fBia5org\fR option changes the type of the \fIorganization\fR field. In \s-1RFC2459\s0 +it can only be of type DisplayText. In \s-1RFC3280\s0 IA5Strring is also permissible. +Some software (for example some versions of \s-1MSIE\s0) may require ia5org. +.Sh "Policy Constraints" +.IX Subsection "Policy Constraints" +This is a multi-valued extension which consisting of the names +\&\fBrequireExplicitPolicy\fR or \fBinhibitPolicyMapping\fR and a non negative intger +value. At least one component must be present. +.PP +Example: +.PP +.Vb 1 +\& policyConstraints = requireExplicitPolicy:3 +.Ve +.Sh "Inhibit Any Policy" +.IX Subsection "Inhibit Any Policy" +This is a string extension whose value must be a non negative integer. +.PP +Example: +.PP +.Vb 1 +\& inhibitAnyPolicy = 2 +.Ve +.Sh "Name Constraints" +.IX Subsection "Name Constraints" +The name constraints extension is a multi-valued extension. The name should +begin with the word \fBpermitted\fR or \fBexcluded\fR followed by a \fB;\fR. The rest of +the name and the value follows the syntax of subjectAltName except email:copy +is not supported and the \fB\s-1IP\s0\fR form should consist of an \s-1IP\s0 addresses and +subnet mask separated by a \fB/\fR. +.PP +Examples: +.PP +.Vb 1 +\& nameConstraints=permitted;IP:192.168.0.0/255.255.0.0 +.Ve +.PP +.Vb 1 +\& nameConstraints=permitted;email:.somedomain.com +.Ve +.PP +.Vb 1 +\& nameConstraints=excluded;email:.com +.Ve +.SH "DEPRECATED EXTENSIONS" +.IX Header "DEPRECATED EXTENSIONS" +The following extensions are non standard, Netscape specific and largely +obsolete. Their use in new applications is discouraged. +.Sh "Netscape String extensions." +.IX Subsection "Netscape String extensions." +Netscape Comment (\fBnsComment\fR) is a string extension containing a comment +which will be displayed when the certificate is viewed in some browsers. +.PP +Example: +.PP +.Vb 1 +\& nsComment = "Some Random Comment" +.Ve +.PP +Other supported extensions in this category are: \fBnsBaseUrl\fR, +\&\fBnsRevocationUrl\fR, \fBnsCaRevocationUrl\fR, \fBnsRenewalUrl\fR, \fBnsCaPolicyUrl\fR +and \fBnsSslServerName\fR. +.Sh "Netscape Certificate Type" +.IX Subsection "Netscape Certificate Type" +This is a multi-valued extensions which consists of a list of flags to be +included. It was used to indicate the purposes for which a certificate could +be used. The basicConstraints, keyUsage and extended key usage extensions are +now used instead. +.PP +Acceptable values for nsCertType are: \fBclient\fR, \fBserver\fR, \fBemail\fR, +\&\fBobjsign\fR, \fBreserved\fR, \fBsslCA\fR, \fBemailCA\fR, \fBobjCA\fR. +.SH "ARBITRARY EXTENSIONS" +.IX Header "ARBITRARY EXTENSIONS" +If an extension is not supported by the OpenSSL code then it must be encoded +using the arbitrary extension format. It is also possible to use the arbitrary +format for supported extensions. Extreme care should be taken to ensure that +the data is formatted correctly for the given extension type. +.PP +There are two ways to encode arbitrary extensions. +.PP +The first way is to use the word \s-1ASN1\s0 followed by the extension content +using the same syntax as \fIASN1_generate_nconf()\fR. For example: +.PP +.Vb 1 +\& 1.2.3.4=critical,ASN1:UTF8String:Some random data +.Ve +.PP +.Vb 1 +\& 1.2.3.4=ASN1:SEQUENCE:seq_sect +.Ve +.PP +.Vb 1 +\& [seq_sect] +.Ve +.PP +.Vb 2 +\& field1 = UTF8:field1 +\& field2 = UTF8:field2 +.Ve +.PP +It is also possible to use the word \s-1DER\s0 to include the raw encoded data in any +extension. +.PP +.Vb 2 +\& 1.2.3.4=critical,DER:01:02:03:04 +\& 1.2.3.4=DER:01020304 +.Ve +.PP +The value following \s-1DER\s0 is a hex dump of the \s-1DER\s0 encoding of the extension +Any extension can be placed in this form to override the default behaviour. +For example: +.PP +.Vb 1 +\& basicConstraints=critical,DER:00:01:02:03 +.Ve +.SH "WARNING" +.IX Header "WARNING" +There is no guarantee that a specific implementation will process a given +extension. It may therefore be sometimes possible to use certificates for +purposes prohibited by their extensions because a specific application does +not recognize or honour the values of the relevant extensions. +.PP +The \s-1DER\s0 and \s-1ASN1\s0 options should be used with caution. It is possible to create +totally invalid extensions if they are not used carefully. +.SH "NOTES" +.IX Header "NOTES" +If an extension is multi-value and a field value must contain a comma the long +form must be used otherwise the comma would be misinterpreted as a field +separator. For example: +.PP +.Vb 1 +\& subjectAltName=URI:ldap://somehost.com/CN=foo,OU=bar +.Ve +.PP +will produce an error but the equivalent form: +.PP +.Vb 1 +\& subjectAltName=@subject_alt_section +.Ve +.PP +.Vb 2 +\& [subject_alt_section] +\& subjectAltName=URI:ldap://somehost.com/CN=foo,OU=bar +.Ve +.PP +is valid. +.PP +Due to the behaviour of the OpenSSL \fBconf\fR library the same field name +can only occur once in a section. This means that: +.PP +.Vb 1 +\& subjectAltName=@alt_section +.Ve +.PP +.Vb 1 +\& [alt_section] +.Ve +.PP +.Vb 2 +\& email=steve@here +\& email=steve@there +.Ve +.PP +will only recognize the last value. This can be worked around by using the form: +.PP +.Vb 1 +\& [alt_section] +.Ve +.PP +.Vb 2 +\& email.1=steve@here +\& email.2=steve@there +.Ve +.SH "HISTORY" +.IX Header "HISTORY" +The X509v3 extension code was first added to OpenSSL 0.9.2. +.PP +Policy mappings, inhibit any policy and name constraints support was added in +OpenSSL 0.9.8 +.PP +The \fBdirectoryName\fR and \fBotherName\fR option as well as the \fB\s-1ASN1\s0\fR option +for arbitrary extensions was added in OpenSSL 0.9.8 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIreq\fR\|(1), \fIca\fR\|(1), \fIx509\fR\|(1) |