diff options
author | jkim <jkim@FreeBSD.org> | 2012-06-27 18:44:36 +0000 |
---|---|---|
committer | jkim <jkim@FreeBSD.org> | 2012-06-27 18:44:36 +0000 |
commit | 299ab12592ee76c1d23012fb680eb3de3047a332 (patch) | |
tree | eec54a5ed50326dd4ab254bab7df3b566651ac6d /crypto/openssl/doc | |
parent | a461bd15071993dd2121ed8ddfaee9fef880cd56 (diff) | |
download | FreeBSD-src-299ab12592ee76c1d23012fb680eb3de3047a332.zip FreeBSD-src-299ab12592ee76c1d23012fb680eb3de3047a332.tar.gz |
Merge OpenSSL 0.9.8x.
Reviewed by: stas
Approved by: benl (maintainer)
MFC after: 3 days
Diffstat (limited to 'crypto/openssl/doc')
-rw-r--r-- | crypto/openssl/doc/HOWTO/proxy_certificates.txt | 2 | ||||
-rw-r--r-- | crypto/openssl/doc/ssl/SSL_clear.pod | 14 |
2 files changed, 11 insertions, 5 deletions
diff --git a/crypto/openssl/doc/HOWTO/proxy_certificates.txt b/crypto/openssl/doc/HOWTO/proxy_certificates.txt index 3d36b02..f98ec36 100644 --- a/crypto/openssl/doc/HOWTO/proxy_certificates.txt +++ b/crypto/openssl/doc/HOWTO/proxy_certificates.txt @@ -57,7 +57,7 @@ following methods: - in all other cases, proxy certificate validation can be enabled before starting the application by setting the envirnoment variable - OPENSSL_ALLOW_PROXY with some non-empty value. + OPENSSL_ALLOW_PROXY_CERTS with some non-empty value. There are thoughts to allow proxy certificates with a line in the default openssl.cnf, but that's still in the future. diff --git a/crypto/openssl/doc/ssl/SSL_clear.pod b/crypto/openssl/doc/ssl/SSL_clear.pod index 8e077e31..d4df1bf 100644 --- a/crypto/openssl/doc/ssl/SSL_clear.pod +++ b/crypto/openssl/doc/ssl/SSL_clear.pod @@ -39,10 +39,16 @@ for a description of the method's properties. SSL_clear() resets the SSL object to allow for another connection. The reset operation however keeps several settings of the last sessions (some of these settings were made automatically during the last -handshake). It only makes sense when opening a new session (or reusing -an old one) with the same peer that shares these settings. -SSL_clear() is not a short form for the sequence -L<SSL_free(3)|SSL_free(3)>; L<SSL_new(3)|SSL_new(3)>; . +handshake). It only makes sense for a new connection with the exact +same peer that shares these settings, and may fail if that peer +changes its settings between connections. Use the sequence +L<SSL_get_session(3)|SSL_get_session(3)>; +L<SSL_new(3)|SSL_new(3)>; +L<SSL_set_session(3)|SSL_set_session(3)>; +L<SSL_free(3)|SSL_free(3)> +instead to avoid such failures +(or simply L<SSL_free(3)|SSL_free(3)>; L<SSL_new(3)|SSL_new(3)> +if session reuse is not desired). =head1 RETURN VALUES |