diff options
author | jkim <jkim@FreeBSD.org> | 2015-10-30 20:51:33 +0000 |
---|---|---|
committer | jkim <jkim@FreeBSD.org> | 2015-10-30 20:51:33 +0000 |
commit | 6b741bee156148072e0e9588e7c9f4a9d66d1ab9 (patch) | |
tree | e8d8b5ada49f5cdbf70d1e455c13f2625fdcdd45 /secure/lib/libssl | |
parent | 979d5cd34dadfb0b78c606ecca3ec8d3a6ca245f (diff) | |
parent | 64cb0c902e312216cdc4c826fc0be9ba9e1bf4da (diff) | |
download | FreeBSD-src-6b741bee156148072e0e9588e7c9f4a9d66d1ab9.zip FreeBSD-src-6b741bee156148072e0e9588e7c9f4a9d66d1ab9.tar.gz |
Merge OpenSSL 1.0.2d.
Diffstat (limited to 'secure/lib/libssl')
99 files changed, 3216 insertions, 131 deletions
diff --git a/secure/lib/libssl/Makefile b/secure/lib/libssl/Makefile index 271c0ce..6b2bf3a 100644 --- a/secure/lib/libssl/Makefile +++ b/secure/lib/libssl/Makefile @@ -1,7 +1,7 @@ # $FreeBSD$ LIB= ssl -SHLIB_MAJOR= 7 +SHLIB_MAJOR= 8 NO_LINT= @@ -10,13 +10,13 @@ NO_LINT= .endif .include "../libcrypto/Makefile.inc" -SRCS= bio_ssl.c d1_both.c d1_clnt.c d1_enc.c d1_lib.c d1_meth.c d1_pkt.c \ - d1_srtp.c d1_srvr.c s23_clnt.c s23_lib.c s23_meth.c s23_pkt.c \ - s23_srvr.c s3_both.c s3_cbc.c s3_clnt.c s3_enc.c s3_lib.c s3_meth.c \ - s3_pkt.c s3_srvr.c ssl_algs.c ssl_asn1.c ssl_cert.c ssl_ciph.c \ +SRCS= bio_ssl.c d1_both.c d1_clnt.c d1_lib.c d1_meth.c d1_pkt.c d1_srtp.c \ + d1_srvr.c s23_clnt.c s23_lib.c s23_meth.c s23_pkt.c s23_srvr.c \ + s3_both.c s3_cbc.c s3_clnt.c s3_enc.c s3_lib.c s3_meth.c s3_pkt.c \ + s3_srvr.c ssl_algs.c ssl_asn1.c ssl_cert.c ssl_ciph.c ssl_conf.c \ ssl_err.c ssl_err2.c ssl_lib.c ssl_rsa.c ssl_sess.c ssl_stat.c \ - ssl_txt.c t1_clnt.c t1_enc.c t1_lib.c t1_meth.c t1_reneg.c t1_srvr.c \ - tls_srp.c + ssl_txt.c t1_clnt.c t1_enc.c t1_ext.c t1_lib.c t1_meth.c t1_reneg.c \ + t1_srvr.c tls_srp.c INCS= dtls1.h kssl.h srtp.h ssl.h ssl2.h ssl23.h ssl3.h tls1.h INCSDIR=${INCLUDEDIR}/openssl diff --git a/secure/lib/libssl/Makefile.man b/secure/lib/libssl/Makefile.man index 5302f4f..c06c27f 100644 --- a/secure/lib/libssl/Makefile.man +++ b/secure/lib/libssl/Makefile.man @@ -2,11 +2,19 @@ # DO NOT EDIT: generated from man-makefile-update target MAN+= SSL_CIPHER_get_name.3 MAN+= SSL_COMP_add_compression_method.3 +MAN+= SSL_CONF_CTX_new.3 +MAN+= SSL_CONF_CTX_set1_prefix.3 +MAN+= SSL_CONF_CTX_set_flags.3 +MAN+= SSL_CONF_CTX_set_ssl_ctx.3 +MAN+= SSL_CONF_cmd.3 +MAN+= SSL_CONF_cmd_argv.3 +MAN+= SSL_CTX_add1_chain_cert.3 MAN+= SSL_CTX_add_extra_chain_cert.3 MAN+= SSL_CTX_add_session.3 MAN+= SSL_CTX_ctrl.3 MAN+= SSL_CTX_flush_sessions.3 MAN+= SSL_CTX_free.3 +MAN+= SSL_CTX_get0_param.3 MAN+= SSL_CTX_get_ex_new_index.3 MAN+= SSL_CTX_get_verify_mode.3 MAN+= SSL_CTX_load_verify_locations.3 @@ -15,11 +23,15 @@ MAN+= SSL_CTX_sess_number.3 MAN+= SSL_CTX_sess_set_cache_size.3 MAN+= SSL_CTX_sess_set_get_cb.3 MAN+= SSL_CTX_sessions.3 +MAN+= SSL_CTX_set1_curves.3 +MAN+= SSL_CTX_set1_verify_cert_store.3 +MAN+= SSL_CTX_set_cert_cb.3 MAN+= SSL_CTX_set_cert_store.3 MAN+= SSL_CTX_set_cert_verify_callback.3 MAN+= SSL_CTX_set_cipher_list.3 MAN+= SSL_CTX_set_client_CA_list.3 MAN+= SSL_CTX_set_client_cert_cb.3 +MAN+= SSL_CTX_set_custom_cli_ext.3 MAN+= SSL_CTX_set_default_passwd_cb.3 MAN+= SSL_CTX_set_generate_session_id.3 MAN+= SSL_CTX_set_info_callback.3 @@ -40,6 +52,7 @@ MAN+= SSL_CTX_set_tmp_rsa_callback.3 MAN+= SSL_CTX_set_verify.3 MAN+= SSL_CTX_use_certificate.3 MAN+= SSL_CTX_use_psk_identity_hint.3 +MAN+= SSL_CTX_use_serverinfo.3 MAN+= SSL_SESSION_free.3 MAN+= SSL_SESSION_get_ex_new_index.3 MAN+= SSL_SESSION_get_time.3 @@ -87,6 +100,27 @@ MAN+= ssl.3 MLINKS+= SSL_CIPHER_get_name.3 SSL_CIPHER_get_bits.3 MLINKS+= SSL_CIPHER_get_name.3 SSL_CIPHER_get_version.3 MLINKS+= SSL_CIPHER_get_name.3 SSL_CIPHER_description.3 +MLINKS+= SSL_COMP_add_compression_method.3 SSL_COMP_free_compression_methods.3 +MLINKS+= SSL_CONF_CTX_new.3 SSL_CONF_CTX_free.3 +MLINKS+= SSL_CONF_CTX_set_flags.3 SSL_CONF_CTX_clear_flags.3 +MLINKS+= SSL_CONF_CTX_set_ssl_ctx.3 SSL_CONF_CTX_set_ssl.3 +MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_CTX_set0_chain.3 +MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_CTX_set1_chain.3 +MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_CTX_add0_chain_cert.3 +MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_CTX_get0_chain_certs.3 +MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_CTX_clear_chain_certs.3 +MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_set0_chain.3 +MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_set1_chain.3 +MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_add0_chain_cert.3 +MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_add1_chain_cert.3 +MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_get0_chain_certs.3 +MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_clear_chain_certs.3 +MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_CTX_build_cert_chain.3 +MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_build_cert_chain.3 +MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_CTX_select_current_cert.3 +MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_select_current_cert.3 +MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_CTX_set_current_cert.3 +MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_set_current_cert.3 MLINKS+= SSL_CTX_add_session.3 SSL_add_session.3 MLINKS+= SSL_CTX_add_session.3 SSL_CTX_remove_session.3 MLINKS+= SSL_CTX_add_session.3 SSL_remove_session.3 @@ -94,6 +128,9 @@ MLINKS+= SSL_CTX_ctrl.3 SSL_CTX_callback_ctrl.3 MLINKS+= SSL_CTX_ctrl.3 SSL_ctrl.3 MLINKS+= SSL_CTX_ctrl.3 SSL_callback_ctrl.3 MLINKS+= SSL_CTX_flush_sessions.3 SSL_flush_sessions.3 +MLINKS+= SSL_CTX_get0_param.3 SSL_get0_param.3 +MLINKS+= SSL_CTX_get0_param.3 SSL_CTX_set1_param.3 +MLINKS+= SSL_CTX_get0_param.3 SSL_set1_param.3 MLINKS+= SSL_CTX_get_ex_new_index.3 SSL_CTX_set_ex_data.3 MLINKS+= SSL_CTX_get_ex_new_index.3 SSL_CTX_get_ex_data.3 MLINKS+= SSL_CTX_get_verify_mode.3 SSL_get_verify_mode.3 @@ -118,12 +155,29 @@ MLINKS+= SSL_CTX_sess_set_get_cb.3 SSL_CTX_sess_set_remove_cb.3 MLINKS+= SSL_CTX_sess_set_get_cb.3 SSL_CTX_sess_get_new_cb.3 MLINKS+= SSL_CTX_sess_set_get_cb.3 SSL_CTX_sess_get_remove_cb.3 MLINKS+= SSL_CTX_sess_set_get_cb.3 SSL_CTX_sess_get_get_cb.3 +MLINKS+= SSL_CTX_set1_curves.3 SSL_CTX_set1_curves_list.3 +MLINKS+= SSL_CTX_set1_curves.3 SSL_set1_curves.3 +MLINKS+= SSL_CTX_set1_curves.3 SSL_set1_curves_list.3 +MLINKS+= SSL_CTX_set1_curves.3 SSL_get1_curves.3 +MLINKS+= SSL_CTX_set1_curves.3 SSL_get_shared_curve.3 +MLINKS+= SSL_CTX_set1_curves.3 SSL_CTX_set_ecdh_auto.3 +MLINKS+= SSL_CTX_set1_curves.3 SSL_set_ecdh_auto.3 +MLINKS+= SSL_CTX_set1_verify_cert_store.3 SSL_CTX_set0_verify_cert_store.3 +MLINKS+= SSL_CTX_set1_verify_cert_store.3 SSL_CTX_set0_chain_cert_store.3 +MLINKS+= SSL_CTX_set1_verify_cert_store.3 SSL_CTX_set1_chain_cert_store.3 +MLINKS+= SSL_CTX_set1_verify_cert_store.3 SSL_set0_verify_cert_store.3 +MLINKS+= SSL_CTX_set1_verify_cert_store.3 SSL_set1_verify_cert_store.3 +MLINKS+= SSL_CTX_set1_verify_cert_store.3 SSL_set0_chain_cert_store.3 +MLINKS+= SSL_CTX_set1_verify_cert_store.3 SSL_set1_chain_cert_store.3 +MLINKS+= SSL_CTX_set_cert_cb.3 SSL_set_cert_cb.3 MLINKS+= SSL_CTX_set_cert_store.3 SSL_CTX_get_cert_store.3 MLINKS+= SSL_CTX_set_cipher_list.3 SSL_set_cipher_list.3 MLINKS+= SSL_CTX_set_client_CA_list.3 SSL_set_client_CA_list.3 MLINKS+= SSL_CTX_set_client_CA_list.3 SSL_CTX_add_client_CA.3 MLINKS+= SSL_CTX_set_client_CA_list.3 SSL_add_client_CA.3 MLINKS+= SSL_CTX_set_client_cert_cb.3 SSL_CTX_get_client_cert_cb.3 +MLINKS+= SSL_CTX_set_custom_cli_ext.3 SSL_CTX_add_client_custom_ext.3 +MLINKS+= SSL_CTX_set_custom_cli_ext.3 SSL_CTX_add_server_custom_ext.3 MLINKS+= SSL_CTX_set_default_passwd_cb.3 SSL_CTX_set_default_passwd_cb_userdata.3 MLINKS+= SSL_CTX_set_generate_session_id.3 SSL_set_generate_session_id.3 MLINKS+= SSL_CTX_set_generate_session_id.3 SSL_has_matching_session_id.3 @@ -193,6 +247,7 @@ MLINKS+= SSL_CTX_use_certificate.3 SSL_check_private_key.3 MLINKS+= SSL_CTX_use_psk_identity_hint.3 SSL_use_psk_identity_hint.3 MLINKS+= SSL_CTX_use_psk_identity_hint.3 SSL_CTX_set_psk_server_callback.3 MLINKS+= SSL_CTX_use_psk_identity_hint.3 SSL_set_psk_server_callback.3 +MLINKS+= SSL_CTX_use_serverinfo.3 SSL_CTX_use_serverinfo_file.3 MLINKS+= SSL_SESSION_get_ex_new_index.3 SSL_SESSION_set_ex_data.3 MLINKS+= SSL_SESSION_get_ex_new_index.3 SSL_SESSION_get_ex_data.3 MLINKS+= SSL_SESSION_get_time.3 SSL_SESSION_set_time.3 diff --git a/secure/lib/libssl/man/SSL_CIPHER_get_name.3 b/secure/lib/libssl/man/SSL_CIPHER_get_name.3 index db90114..79b58fb 100644 --- a/secure/lib/libssl/man/SSL_CIPHER_get_name.3 +++ b/secure/lib/libssl/man/SSL_CIPHER_get_name.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CIPHER_get_name 3" -.TH SSL_CIPHER_get_name 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CIPHER_get_name 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -235,10 +235,21 @@ library crashes. If \fISSL_CIPHER_description()\fR cannot handle a built-in cipher, the according description of the cipher property is \fBunknown\fR. This case should not occur. +.PP +The standard terminology for ephemeral Diffie-Hellman schemes is \s-1DHE +\&\s0(finite field) or \s-1ECDHE \s0(elliptic curve). This version of OpenSSL +idiosyncratically reports these schemes as \s-1EDH\s0 and \s-1EECDH,\s0 even though +it also accepts the standard terminology. +.PP +It is recommended to use the standard terminology (\s-1DHE\s0 and \s-1ECDHE\s0) +during configuration (e.g. via SSL_CTX_set_cipher_list) for clarity of +configuration. OpenSSL versions after 1.0.2 will report the standard +terms via SSL_CIPHER_get_name and SSL_CIPHER_description. .SH "RETURN VALUES" .IX Header "RETURN VALUES" See \s-1DESCRIPTION\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIssl\fR\|(3), \fISSL_get_current_cipher\fR\|(3), -\&\fISSL_get_ciphers\fR\|(3), \fIciphers\fR\|(1) +\&\fISSL_get_ciphers\fR\|(3), \fIciphers\fR\|(1), +\&\fISSL_CTX_set_cipher_list\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 b/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 index d8b4a76..6b2da97 100644 --- a/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 +++ b/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 @@ -133,19 +133,21 @@ .\" ======================================================================== .\" .IX Title "SSL_COMP_add_compression_method 3" -.TH SSL_COMP_add_compression_method 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_COMP_add_compression_method 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_COMP_add_compression_method \- handle SSL/TLS integrated compression methods +SSL_COMP_add_compression_method, SSL_COMP_free_compression_methods \- handle SSL/TLS integrated compression methods .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> \& \& int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); +\& +\& +void SSL_COMP_free_compression_methods(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -153,6 +155,10 @@ SSL_COMP_add_compression_method \- handle SSL/TLS integrated compression methods the identifier \fBid\fR to the list of available compression methods. This list is globally maintained for all \s-1SSL\s0 operations within this application. It cannot be set for specific \s-1SSL_CTX\s0 or \s-1SSL\s0 objects. +.PP +\&\fISSL_COMP_free_compression_methods()\fR frees the internal table of +compression methods that were built internally, and possibly +augmented by adding \fISSL_COMP_add_compression_method()\fR. .SH "NOTES" .IX Header "NOTES" The \s-1TLS\s0 standard (or SSLv3) allows the integration of compression methods @@ -174,8 +180,8 @@ its own compression methods and will unconditionally activate compression when a matching identifier is found. There is no way to restrict the list of compression methods supported on a per connection basis. .PP -The OpenSSL library has the compression methods \fB\f(BICOMP_rle()\fB\fR and (when -especially enabled during compilation) \fB\f(BICOMP_zlib()\fB\fR available. +If enabled during compilation, the OpenSSL library will have the +\&\fICOMP_zlib()\fR compression method available. .SH "WARNINGS" .IX Header "WARNINGS" Once the identities of the compression methods for the \s-1TLS\s0 protocol have diff --git a/secure/lib/libssl/man/SSL_CONF_CTX_new.3 b/secure/lib/libssl/man/SSL_CONF_CTX_new.3 new file mode 100644 index 0000000..d72e8c6 --- /dev/null +++ b/secure/lib/libssl/man/SSL_CONF_CTX_new.3 @@ -0,0 +1,172 @@ +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CONF_CTX_new 3" +.TH SSL_CONF_CTX_new 3 "2015-07-09" "1.0.2d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CONF_CTX_new, SSL_CONF_CTX_free \- SSL configuration allocation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +\& +\& SSL_CONF_CTX *SSL_CONF_CTX_new(void); +\& void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fISSL_CONF_CTX_new()\fR allocates and initialises an \fB\s-1SSL_CONF_CTX\s0\fR +structure for use with the \s-1SSL_CONF\s0 functions. +.PP +The function \fISSL_CONF_CTX_free()\fR frees up the context \fBcctx\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CONF_CTX_new()\fR returns either the newly allocated \fB\s-1SSL_CONF_CTX\s0\fR structure +or \fB\s-1NULL\s0\fR if an error occurs. +.PP +\&\fISSL_CONF_CTX_free()\fR does not return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fISSL_CONF_CTX_set_flags\fR\|(3), +\&\fISSL_CONF_CTX_set_ssl_ctx\fR\|(3), +\&\fISSL_CONF_CTX_set1_prefix\fR\|(3), +\&\fISSL_CONF_cmd\fR\|(3), +\&\fISSL_CONF_cmd_argv\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were first added to OpenSSL 1.0.2 diff --git a/secure/lib/libssl/man/SSL_CONF_CTX_set1_prefix.3 b/secure/lib/libssl/man/SSL_CONF_CTX_set1_prefix.3 new file mode 100644 index 0000000..99b6f95 --- /dev/null +++ b/secure/lib/libssl/man/SSL_CONF_CTX_set1_prefix.3 @@ -0,0 +1,180 @@ +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CONF_CTX_set1_prefix 3" +.TH SSL_CONF_CTX_set1_prefix 3 "2015-07-09" "1.0.2d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CONF_CTX_set1_prefix \- Set configuration context command prefix +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +\& +\& unsigned int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *prefix); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fISSL_CONF_CTX_set1_prefix()\fR sets the command prefix of \fBcctx\fR +to \fBprefix\fR. If \fBprefix\fR is \fB\s-1NULL\s0\fR it is restored to the default value. +.SH "NOTES" +.IX Header "NOTES" +Command prefixes alter the commands recognised by subsequent \fISSL_CTX_cmd()\fR +calls. For example for files, if the prefix \*(L"\s-1SSL\*(R"\s0 is set then command names +such as \*(L"SSLProtocol\*(R", \*(L"SSLOptions\*(R" etc. are recognised instead of \*(L"Protocol\*(R" +and \*(L"Options\*(R". Similarly for command lines if the prefix is \*(L"\-\-ssl\-\*(R" then +\&\*(L"\-\-ssl\-no_tls1_2\*(R" is recognised instead of \*(L"\-no_tls1_2\*(R". +.PP +If the \fB\s-1SSL_CONF_FLAG_CMDLINE\s0\fR flag is set then prefix checks are case +sensitive and \*(L"\-\*(R" is the default. In the unlikely even an application +explicitly wants to set no prefix it must be explicitly set to "". +.PP +If the \fB\s-1SSL_CONF_FLAG_FILE\s0\fR flag is set then prefix checks are case +insensitive and no prefix is the default. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CONF_CTX_set1_prefix()\fR returns 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fISSL_CONF_CTX_new\fR\|(3), +\&\fISSL_CONF_CTX_set_flags\fR\|(3), +\&\fISSL_CONF_CTX_set_ssl_ctx\fR\|(3), +\&\fISSL_CONF_cmd\fR\|(3), +\&\fISSL_CONF_cmd_argv\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were first added to OpenSSL 1.0.2 diff --git a/secure/lib/libssl/man/SSL_CONF_CTX_set_flags.3 b/secure/lib/libssl/man/SSL_CONF_CTX_set_flags.3 new file mode 100644 index 0000000..0412b59 --- /dev/null +++ b/secure/lib/libssl/man/SSL_CONF_CTX_set_flags.3 @@ -0,0 +1,191 @@ +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CONF_CTX_set_flags 3" +.TH SSL_CONF_CTX_set_flags 3 "2015-07-09" "1.0.2d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CONF_CTX_set_flags, SSL_CONF_CTX_clear_flags \- Set of clear SSL configuration context flags +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +\& +\& unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags); +\& unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fISSL_CONF_CTX_set_flags()\fR sets \fBflags\fR in the context \fBcctx\fR. +.PP +The function \fISSL_CONF_CTX_clear_flags()\fR clears \fBflags\fR in the context \fBcctx\fR. +.SH "NOTES" +.IX Header "NOTES" +The flags set affect how subsequent calls to \fISSL_CONF_cmd()\fR or +\&\fISSL_CONF_argv()\fR behave. +.PP +Currently the following \fBflags\fR values are recognised: +.IP "\s-1SSL_CONF_FLAG_CMDLINE, SSL_CONF_FLAG_FILE\s0" 4 +.IX Item "SSL_CONF_FLAG_CMDLINE, SSL_CONF_FLAG_FILE" +recognise options intended for command line or configuration file use. At +least one of these flags must be set. +.IP "\s-1SSL_CONF_FLAG_CLIENT, SSL_CONF_FLAG_SERVER\s0" 4 +.IX Item "SSL_CONF_FLAG_CLIENT, SSL_CONF_FLAG_SERVER" +recognise options intended for use in \s-1SSL/TLS\s0 clients or servers. One or +both of these flags must be set. +.IP "\s-1SSL_CONF_FLAG_CERTIFICATE\s0" 4 +.IX Item "SSL_CONF_FLAG_CERTIFICATE" +recognise certificate and private key options. +.IP "\s-1SSL_CONF_FLAG_SHOW_ERRORS\s0" 4 +.IX Item "SSL_CONF_FLAG_SHOW_ERRORS" +indicate errors relating to unrecognised options or missing arguments in +the error queue. If this option isn't set such errors are only reflected +in the return values of \fISSL_CONF_set_cmd()\fR or \fISSL_CONF_set_argv()\fR +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CONF_CTX_set_flags()\fR and \fISSL_CONF_CTX_clear_flags()\fR returns the new flags +value after setting or clearing flags. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fISSL_CONF_CTX_new\fR\|(3), +\&\fISSL_CONF_CTX_set_ssl_ctx\fR\|(3), +\&\fISSL_CONF_CTX_set1_prefix\fR\|(3), +\&\fISSL_CONF_cmd\fR\|(3), +\&\fISSL_CONF_cmd_argv\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were first added to OpenSSL 1.0.2 diff --git a/secure/lib/libssl/man/SSL_CONF_CTX_set_ssl_ctx.3 b/secure/lib/libssl/man/SSL_CONF_CTX_set_ssl_ctx.3 new file mode 100644 index 0000000..c07a3eb --- /dev/null +++ b/secure/lib/libssl/man/SSL_CONF_CTX_set_ssl_ctx.3 @@ -0,0 +1,178 @@ +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CONF_CTX_set_ssl_ctx 3" +.TH SSL_CONF_CTX_set_ssl_ctx 3 "2015-07-09" "1.0.2d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CONF_CTX_set_ssl_ctx, SSL_CONF_CTX_set_ssl \- set context to configure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +\& +\& void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx); +\& void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CONF_CTX_set_ssl_ctx()\fR sets the context associated with \fBcctx\fR to the +\&\fB\s-1SSL_CTX\s0\fR structure \fBctx\fR. Any previous \fB\s-1SSL\s0\fR or \fB\s-1SSL_CTX\s0\fR associated with +\&\fBcctx\fR is cleared. Subsequent calls to \fISSL_CONF_cmd()\fR will be sent to +\&\fBctx\fR. +.PP +\&\fISSL_CONF_CTX_set_ssl()\fR sets the context associated with \fBcctx\fR to the +\&\fB\s-1SSL\s0\fR structure \fBssl\fR. Any previous \fB\s-1SSL\s0\fR or \fB\s-1SSL_CTX\s0\fR associated with +\&\fBcctx\fR is cleared. Subsequent calls to \fISSL_CONF_cmd()\fR will be sent to +\&\fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +The context need not be set or it can be set to \fB\s-1NULL\s0\fR in which case only +syntax checking of commands is performed, where possible. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CONF_CTX_set_ssl_ctx()\fR and \fISSL_CTX_set_ssl()\fR do not return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fISSL_CONF_CTX_new\fR\|(3), +\&\fISSL_CONF_CTX_set_flags\fR\|(3), +\&\fISSL_CONF_CTX_set1_prefix\fR\|(3), +\&\fISSL_CONF_cmd\fR\|(3), +\&\fISSL_CONF_cmd_argv\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were first added to OpenSSL 1.0.2 diff --git a/secure/lib/libssl/man/SSL_CONF_cmd.3 b/secure/lib/libssl/man/SSL_CONF_cmd.3 new file mode 100644 index 0000000..0d38c4c --- /dev/null +++ b/secure/lib/libssl/man/SSL_CONF_cmd.3 @@ -0,0 +1,536 @@ +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CONF_cmd 3" +.TH SSL_CONF_cmd 3 "2015-07-09" "1.0.2d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CONF_cmd \- send configuration command +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +\& +\& int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value); +\& int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd); +\& int SSL_CONF_finish(SSL_CONF_CTX *cctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fISSL_CONF_cmd()\fR performs configuration operation \fBcmd\fR with +optional parameter \fBvalue\fR on \fBctx\fR. Its purpose is to simplify application +configuration of \fB\s-1SSL_CTX\s0\fR or \fB\s-1SSL\s0\fR structures by providing a common +framework for command line options or configuration files. +.PP +\&\fISSL_CONF_cmd_value_type()\fR returns the type of value that \fBcmd\fR refers to. +.PP +The function \fISSL_CONF_finish()\fR must be called after all configuration +operations have been completed. It is used to finalise any operations +or to process defaults. +.SH "SUPPORTED COMMAND LINE COMMANDS" +.IX Header "SUPPORTED COMMAND LINE COMMANDS" +Currently supported \fBcmd\fR names for command lines (i.e. when the +flag \fB\s-1SSL_CONF_CMDLINE\s0\fR is set) are listed below. Note: all \fBcmd\fR names +are case sensitive. Unless otherwise stated commands can be used by +both clients and servers and the \fBvalue\fR parameter is not used. The default +prefix for command line commands is \fB\-\fR and that is reflected below. +.IP "\fB\-sigalgs\fR" 4 +.IX Item "-sigalgs" +This sets the supported signature algorithms for \s-1TLS\s0 v1.2. For clients this +value is used directly for the supported signature algorithms extension. For +servers it is used to determine which signature algorithms to support. +.Sp +The \fBvalue\fR argument should be a colon separated list of signature algorithms +in order of decreasing preference of the form \fBalgorithm+hash\fR. \fBalgorithm\fR +is one of \fB\s-1RSA\s0\fR, \fB\s-1DSA\s0\fR or \fB\s-1ECDSA\s0\fR and \fBhash\fR is a supported algorithm +\&\s-1OID\s0 short name such as \fB\s-1SHA1\s0\fR, \fB\s-1SHA224\s0\fR, \fB\s-1SHA256\s0\fR, \fB\s-1SHA384\s0\fR of \fB\s-1SHA512\s0\fR. +Note: algorithm and hash names are case sensitive. +.Sp +If this option is not set then all signature algorithms supported by the +OpenSSL library are permissible. +.IP "\fB\-client_sigalgs\fR" 4 +.IX Item "-client_sigalgs" +This sets the supported signature algorithms associated with client +authentication for \s-1TLS\s0 v1.2. For servers the value is used in the supported +signature algorithms field of a certificate request. For clients it is +used to determine which signature algorithm to with the client certificate. +If a server does not request a certificate this option has no effect. +.Sp +The syntax of \fBvalue\fR is identical to \fB\-sigalgs\fR. If not set then +the value set for \fB\-sigalgs\fR will be used instead. +.IP "\fB\-curves\fR" 4 +.IX Item "-curves" +This sets the supported elliptic curves. For clients the curves are +sent using the supported curves extension. For servers it is used +to determine which curve to use. This setting affects curves used for both +signatures and key exchange, if applicable. +.Sp +The \fBvalue\fR argument is a colon separated list of curves. The curve can be +either the \fB\s-1NIST\s0\fR name (e.g. \fBP\-256\fR) or an OpenSSL \s-1OID\s0 name (e.g +\&\fBprime256v1\fR). Curve names are case sensitive. +.IP "\fB\-named_curve\fR" 4 +.IX Item "-named_curve" +This sets the temporary curve used for ephemeral \s-1ECDH\s0 modes. Only used by +servers +.Sp +The \fBvalue\fR argument is a curve name or the special value \fBauto\fR which +picks an appropriate curve based on client and server preferences. The curve +can be either the \fB\s-1NIST\s0\fR name (e.g. \fBP\-256\fR) or an OpenSSL \s-1OID\s0 name +(e.g \fBprime256v1\fR). Curve names are case sensitive. +.IP "\fB\-cipher\fR" 4 +.IX Item "-cipher" +Sets the cipher suite list to \fBvalue\fR. Note: syntax checking of \fBvalue\fR is +currently not performed unless a \fB\s-1SSL\s0\fR or \fB\s-1SSL_CTX\s0\fR structure is +associated with \fBcctx\fR. +.IP "\fB\-cert\fR" 4 +.IX Item "-cert" +Attempts to use the file \fBvalue\fR as the certificate for the appropriate +context. It currently uses \fISSL_CTX_use_certificate_chain_file()\fR if an \fB\s-1SSL_CTX\s0\fR +structure is set or \fISSL_use_certificate_file()\fR with filetype \s-1PEM\s0 if an \fB\s-1SSL\s0\fR +structure is set. This option is only supported if certificate operations +are permitted. +.IP "\fB\-key\fR" 4 +.IX Item "-key" +Attempts to use the file \fBvalue\fR as the private key for the appropriate +context. This option is only supported if certificate operations +are permitted. Note: if no \fB\-key\fR option is set then a private key is +not loaded: it does not currently use the \fB\-cert\fR file. +.IP "\fB\-dhparam\fR" 4 +.IX Item "-dhparam" +Attempts to use the file \fBvalue\fR as the set of temporary \s-1DH\s0 parameters for +the appropriate context. This option is only supported if certificate +operations are permitted. +.IP "\fB\-no_ssl2\fR, \fB\-no_ssl3\fR, \fB\-no_tls1\fR, \fB\-no_tls1_1\fR, \fB\-no_tls1_2\fR" 4 +.IX Item "-no_ssl2, -no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2" +Disables protocol support for SSLv2, SSLv3, \s-1TLS 1.0, TLS 1.1\s0 or \s-1TLS 1.2 \s0 +by setting the corresponding options \fB\s-1SSL_OP_NO_SSL2\s0\fR, \fB\s-1SSL_OP_NO_SSL3\s0\fR, +\&\fB\s-1SSL_OP_NO_TLS1\s0\fR, \fB\s-1SSL_OP_NO_TLS1_1\s0\fR and \fB\s-1SSL_OP_NO_TLS1_2\s0\fR respectively. +.IP "\fB\-bugs\fR" 4 +.IX Item "-bugs" +Various bug workarounds are set, same as setting \fB\s-1SSL_OP_ALL\s0\fR. +.IP "\fB\-no_comp\fR" 4 +.IX Item "-no_comp" +Disables support for \s-1SSL/TLS\s0 compression, same as setting \fB\s-1SSL_OP_NO_COMPRESS\s0\fR. +.IP "\fB\-no_ticket\fR" 4 +.IX Item "-no_ticket" +Disables support for session tickets, same as setting \fB\s-1SSL_OP_NO_TICKET\s0\fR. +.IP "\fB\-serverpref\fR" 4 +.IX Item "-serverpref" +Use server and not client preference order when determining which cipher suite, +signature algorithm or elliptic curve to use for an incoming connection. +Equivalent to \fB\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0\fR. Only used by servers. +.IP "\fB\-no_resumption_on_reneg\fR" 4 +.IX Item "-no_resumption_on_reneg" +set \s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0 flag. Only used by servers. +.IP "\fB\-legacyrenegotiation\fR" 4 +.IX Item "-legacyrenegotiation" +permits the use of unsafe legacy renegotiation. Equivalent to setting +\&\fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR. +.IP "\fB\-legacy_server_connect\fR, \fB\-no_legacy_server_connect\fR" 4 +.IX Item "-legacy_server_connect, -no_legacy_server_connect" +permits or prohibits the use of unsafe legacy renegotiation for OpenSSL +clients only. Equivalent to setting or clearing \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR. +Set by default. +.IP "\fB\-strict\fR" 4 +.IX Item "-strict" +enables strict mode protocol handling. Equivalent to setting +\&\fB\s-1SSL_CERT_FLAG_TLS_STRICT\s0\fR. +.IP "\fB\-debug_broken_protocol\fR" 4 +.IX Item "-debug_broken_protocol" +disables various checks and permits several kinds of broken protocol behaviour +for testing purposes: it should \fB\s-1NEVER\s0\fR be used in anything other than a test +environment. Only supported if OpenSSL is configured with +\&\fB\-DOPENSSL_SSL_DEBUG_BROKEN_PROTOCOL\fR. +.SH "SUPPORTED CONFIGURATION FILE COMMANDS" +.IX Header "SUPPORTED CONFIGURATION FILE COMMANDS" +Currently supported \fBcmd\fR names for configuration files (i.e. when the +flag \fB\s-1SSL_CONF_FLAG_FILE\s0\fR is set) are listed below. All configuration file +\&\fBcmd\fR names and are case insensitive so \fBsignaturealgorithms\fR is recognised +as well as \fBSignatureAlgorithms\fR. Unless otherwise stated the \fBvalue\fR names +are also case insensitive. +.PP +Note: the command prefix (if set) alters the recognised \fBcmd\fR values. +.IP "\fBCipherString\fR" 4 +.IX Item "CipherString" +Sets the cipher suite list to \fBvalue\fR. Note: syntax checking of \fBvalue\fR is +currently not performed unless an \fB\s-1SSL\s0\fR or \fB\s-1SSL_CTX\s0\fR structure is +associated with \fBcctx\fR. +.IP "\fBCertificate\fR" 4 +.IX Item "Certificate" +Attempts to use the file \fBvalue\fR as the certificate for the appropriate +context. It currently uses \fISSL_CTX_use_certificate_chain_file()\fR if an \fB\s-1SSL_CTX\s0\fR +structure is set or \fISSL_use_certificate_file()\fR with filetype \s-1PEM\s0 if an \fB\s-1SSL\s0\fR +structure is set. This option is only supported if certificate operations +are permitted. +.IP "\fBPrivateKey\fR" 4 +.IX Item "PrivateKey" +Attempts to use the file \fBvalue\fR as the private key for the appropriate +context. This option is only supported if certificate operations +are permitted. Note: if no \fB\-key\fR option is set then a private key is +not loaded: it does not currently use the \fBCertificate\fR file. +.IP "\fBServerInfoFile\fR" 4 +.IX Item "ServerInfoFile" +Attempts to use the file \fBvalue\fR in the \*(L"serverinfo\*(R" extension using the +function SSL_CTX_use_serverinfo_file. +.IP "\fBDHParameters\fR" 4 +.IX Item "DHParameters" +Attempts to use the file \fBvalue\fR as the set of temporary \s-1DH\s0 parameters for +the appropriate context. This option is only supported if certificate +operations are permitted. +.IP "\fBSignatureAlgorithms\fR" 4 +.IX Item "SignatureAlgorithms" +This sets the supported signature algorithms for \s-1TLS\s0 v1.2. For clients this +value is used directly for the supported signature algorithms extension. For +servers it is used to determine which signature algorithms to support. +.Sp +The \fBvalue\fR argument should be a colon separated list of signature algorithms +in order of decreasing preference of the form \fBalgorithm+hash\fR. \fBalgorithm\fR +is one of \fB\s-1RSA\s0\fR, \fB\s-1DSA\s0\fR or \fB\s-1ECDSA\s0\fR and \fBhash\fR is a supported algorithm +\&\s-1OID\s0 short name such as \fB\s-1SHA1\s0\fR, \fB\s-1SHA224\s0\fR, \fB\s-1SHA256\s0\fR, \fB\s-1SHA384\s0\fR of \fB\s-1SHA512\s0\fR. +Note: algorithm and hash names are case sensitive. +.Sp +If this option is not set then all signature algorithms supported by the +OpenSSL library are permissible. +.IP "\fBClientSignatureAlgorithms\fR" 4 +.IX Item "ClientSignatureAlgorithms" +This sets the supported signature algorithms associated with client +authentication for \s-1TLS\s0 v1.2. For servers the value is used in the supported +signature algorithms field of a certificate request. For clients it is +used to determine which signature algorithm to with the client certificate. +.Sp +The syntax of \fBvalue\fR is identical to \fBSignatureAlgorithms\fR. If not set then +the value set for \fBSignatureAlgorithms\fR will be used instead. +.IP "\fBCurves\fR" 4 +.IX Item "Curves" +This sets the supported elliptic curves. For clients the curves are +sent using the supported curves extension. For servers it is used +to determine which curve to use. This setting affects curves used for both +signatures and key exchange, if applicable. +.Sp +The \fBvalue\fR argument is a colon separated list of curves. The curve can be +either the \fB\s-1NIST\s0\fR name (e.g. \fBP\-256\fR) or an OpenSSL \s-1OID\s0 name (e.g +\&\fBprime256v1\fR). Curve names are case sensitive. +.IP "\fBECDHParameters\fR" 4 +.IX Item "ECDHParameters" +This sets the temporary curve used for ephemeral \s-1ECDH\s0 modes. Only used by +servers +.Sp +The \fBvalue\fR argument is a curve name or the special value \fBAutomatic\fR which +picks an appropriate curve based on client and server preferences. The curve +can be either the \fB\s-1NIST\s0\fR name (e.g. \fBP\-256\fR) or an OpenSSL \s-1OID\s0 name +(e.g \fBprime256v1\fR). Curve names are case sensitive. +.IP "\fBProtocol\fR" 4 +.IX Item "Protocol" +The supported versions of the \s-1SSL\s0 or \s-1TLS\s0 protocol. +.Sp +The \fBvalue\fR argument is a comma separated list of supported protocols to +enable or disable. If an protocol is preceded by \fB\-\fR that version is disabled. +All versions are enabled by default, though applications may choose to +explicitly disable some. Currently supported protocol values are \fBSSLv2\fR, +\&\fBSSLv3\fR, \fBTLSv1\fR, \fBTLSv1.1\fR and \fBTLSv1.2\fR. The special value \fB\s-1ALL\s0\fR refers +to all supported versions. +.IP "\fBOptions\fR" 4 +.IX Item "Options" +The \fBvalue\fR argument is a comma separated list of various flags to set. +If a flag string is preceded \fB\-\fR it is disabled. See the +\&\fBSSL_CTX_set_options\fR function for more details of individual options. +.Sp +Each option is listed below. Where an operation is enabled by default +the \fB\-flag\fR syntax is needed to disable it. +.Sp +\&\fBSessionTicket\fR: session ticket support, enabled by default. Inverse of +\&\fB\s-1SSL_OP_NO_TICKET\s0\fR: that is \fB\-SessionTicket\fR is the same as setting +\&\fB\s-1SSL_OP_NO_TICKET\s0\fR. +.Sp +\&\fBCompression\fR: \s-1SSL/TLS\s0 compression support, enabled by default. Inverse +of \fB\s-1SSL_OP_NO_COMPRESSION\s0\fR. +.Sp +\&\fBEmptyFragments\fR: use empty fragments as a countermeasure against a +\&\s-1SSL 3.0/TLS 1.0\s0 protocol vulnerability affecting \s-1CBC\s0 ciphers. It +is set by default. Inverse of \fB\s-1SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS\s0\fR. +.Sp +\&\fBBugs\fR: enable various bug workarounds. Same as \fB\s-1SSL_OP_ALL\s0\fR. +.Sp +\&\fBDHSingle\fR: enable single use \s-1DH\s0 keys, set by default. Inverse of +\&\fB\s-1SSL_OP_DH_SINGLE\s0\fR. Only used by servers. +.Sp +\&\fBECDHSingle\fR enable single use \s-1ECDH\s0 keys, set by default. Inverse of +\&\fB\s-1SSL_OP_ECDH_SINGLE\s0\fR. Only used by servers. +.Sp +\&\fBServerPreference\fR use server and not client preference order when +determining which cipher suite, signature algorithm or elliptic curve +to use for an incoming connection. Equivalent to +\&\fB\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0\fR. Only used by servers. +.Sp +\&\fBNoResumptionOnRenegotiation\fR set +\&\fB\s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0\fR flag. Only used by servers. +.Sp +\&\fBUnsafeLegacyRenegotiation\fR permits the use of unsafe legacy renegotiation. +Equivalent to \fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR. +.Sp +\&\fBUnsafeLegacyServerConnect\fR permits the use of unsafe legacy renegotiation +for OpenSSL clients only. Equivalent to \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR. +Set by default. +.SH "SUPPORTED COMMAND TYPES" +.IX Header "SUPPORTED COMMAND TYPES" +The function \fISSL_CONF_cmd_value_type()\fR currently returns one of the following +types: +.IP "\fB\s-1SSL_CONF_TYPE_UNKNOWN\s0\fR" 4 +.IX Item "SSL_CONF_TYPE_UNKNOWN" +The \fBcmd\fR string is unrecognised, this return value can be use to flag +syntax errors. +.IP "\fB\s-1SSL_CONF_TYPE_STRING\s0\fR" 4 +.IX Item "SSL_CONF_TYPE_STRING" +The value is a string without any specific structure. +.IP "\fB\s-1SSL_CONF_TYPE_FILE\s0\fR" 4 +.IX Item "SSL_CONF_TYPE_FILE" +The value is a file name. +.IP "\fB\s-1SSL_CONF_TYPE_DIR\s0\fR" 4 +.IX Item "SSL_CONF_TYPE_DIR" +The value is a directory name. +.SH "NOTES" +.IX Header "NOTES" +The order of operations is significant. This can be used to set either defaults +or values which cannot be overridden. For example if an application calls: +.PP +.Vb 2 +\& SSL_CONF_cmd(ctx, "Protocol", "\-SSLv2"); +\& SSL_CONF_cmd(ctx, userparam, uservalue); +.Ve +.PP +it will disable SSLv2 support by default but the user can override it. If +however the call sequence is: +.PP +.Vb 2 +\& SSL_CONF_cmd(ctx, userparam, uservalue); +\& SSL_CONF_cmd(ctx, "Protocol", "\-SSLv2"); +.Ve +.PP +SSLv2 is \fBalways\fR disabled and attempt to override this by the user are +ignored. +.PP +By checking the return code of \fISSL_CTX_cmd()\fR it is possible to query if a +given \fBcmd\fR is recognised, this is useful is \fISSL_CTX_cmd()\fR values are +mixed with additional application specific operations. +.PP +For example an application might call \fISSL_CTX_cmd()\fR and if it returns +\&\-2 (unrecognised command) continue with processing of application specific +commands. +.PP +Applications can also use \fISSL_CTX_cmd()\fR to process command lines though the +utility function \fISSL_CTX_cmd_argv()\fR is normally used instead. One way +to do this is to set the prefix to an appropriate value using +\&\fISSL_CONF_CTX_set1_prefix()\fR, pass the current argument to \fBcmd\fR and the +following argument to \fBvalue\fR (which may be \s-1NULL\s0). +.PP +In this case if the return value is positive then it is used to skip that +number of arguments as they have been processed by \fISSL_CTX_cmd()\fR. If \-2 is +returned then \fBcmd\fR is not recognised and application specific arguments +can be checked instead. If \-3 is returned a required argument is missing +and an error is indicated. If 0 is returned some other error occurred and +this can be reported back to the user. +.PP +The function \fISSL_CONF_cmd_value_type()\fR can be used by applications to +check for the existence of a command or to perform additional syntax +checking or translation of the command value. For example if the return +value is \fB\s-1SSL_CONF_TYPE_FILE\s0\fR an application could translate a relative +pathname to an absolute pathname. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Set supported signature algorithms: +.PP +.Vb 1 +\& SSL_CONF_cmd(ctx, "SignatureAlgorithms", "ECDSA+SHA256:RSA+SHA256:DSA+SHA256"); +.Ve +.PP +Enable all protocols except SSLv3 and SSLv2: +.PP +.Vb 1 +\& SSL_CONF_cmd(ctx, "Protocol", "ALL,\-SSLv3,\-SSLv2"); +.Ve +.PP +Only enable TLSv1.2: +.PP +.Vb 1 +\& SSL_CONF_cmd(ctx, "Protocol", "\-ALL,TLSv1.2"); +.Ve +.PP +Disable \s-1TLS\s0 session tickets: +.PP +.Vb 1 +\& SSL_CONF_cmd(ctx, "Options", "\-SessionTicket"); +.Ve +.PP +Set supported curves to P\-256, P\-384: +.PP +.Vb 1 +\& SSL_CONF_cmd(ctx, "Curves", "P\-256:P\-384"); +.Ve +.PP +Set automatic support for any elliptic curve for key exchange: +.PP +.Vb 1 +\& SSL_CONF_cmd(ctx, "ECDHParameters", "Automatic"); +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CONF_cmd()\fR returns 1 if the value of \fBcmd\fR is recognised and \fBvalue\fR is +\&\fB\s-1NOT\s0\fR used and 2 if both \fBcmd\fR and \fBvalue\fR are used. In other words it +returns the number of arguments processed. This is useful when processing +command lines. +.PP +A return value of \-2 means \fBcmd\fR is not recognised. +.PP +A return value of \-3 means \fBcmd\fR is recognised and the command requires a +value but \fBvalue\fR is \s-1NULL.\s0 +.PP +A return code of 0 indicates that both \fBcmd\fR and \fBvalue\fR are valid but an +error occurred attempting to perform the operation: for example due to an +error in the syntax of \fBvalue\fR in this case the error queue may provide +additional information. +.PP +\&\fISSL_CONF_finish()\fR returns 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fISSL_CONF_CTX_new\fR\|(3), +\&\fISSL_CONF_CTX_set_flags\fR\|(3), +\&\fISSL_CONF_CTX_set1_prefix\fR\|(3), +\&\fISSL_CONF_CTX_set_ssl_ctx\fR\|(3), +\&\fISSL_CONF_cmd_argv\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fISSL_CONF_cmd()\fR was first added to OpenSSL 1.0.2 diff --git a/secure/lib/libssl/man/SSL_CONF_cmd_argv.3 b/secure/lib/libssl/man/SSL_CONF_cmd_argv.3 new file mode 100644 index 0000000..377eaac --- /dev/null +++ b/secure/lib/libssl/man/SSL_CONF_cmd_argv.3 @@ -0,0 +1,174 @@ +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CONF_cmd_argv 3" +.TH SSL_CONF_cmd_argv 3 "2015-07-09" "1.0.2d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CONF_cmd_argv \- SSL configuration command line processing. +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +\& +\& int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fISSL_CONF_cmd_argv()\fR processes at most two command line +arguments from \fBpargv\fR and \fBpargc\fR. The values of \fBpargv\fR and \fBpargc\fR +are updated to reflect the number of command options processed. The \fBpargc\fR +argument can be set to \fB\s-1NULL\s0\fR is it is not used. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CONF_cmd_argv()\fR returns the number of command arguments processed: 0, 1, 2 +or a negative error code. +.PP +If \-2 is returned then an argument for a command is missing. +.PP +If \-1 is returned the command is recognised but couldn't be processed due +to an error: for example a syntax error in the argument. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fISSL_CONF_CTX_new\fR\|(3), +\&\fISSL_CONF_CTX_set_flags\fR\|(3), +\&\fISSL_CONF_CTX_set1_prefix\fR\|(3), +\&\fISSL_CONF_CTX_set_ssl_ctx\fR\|(3), +\&\fISSL_CONF_cmd\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were first added to OpenSSL 1.0.2 diff --git a/secure/lib/libssl/man/SSL_CTX_add1_chain_cert.3 b/secure/lib/libssl/man/SSL_CTX_add1_chain_cert.3 new file mode 100644 index 0000000..c4fb8ea --- /dev/null +++ b/secure/lib/libssl/man/SSL_CTX_add1_chain_cert.3 @@ -0,0 +1,280 @@ +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_add1_chain_cert 3" +.TH SSL_CTX_add1_chain_cert 3 "2015-07-09" "1.0.2d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set0_chain, SSL_CTX_set1_chain, SSL_CTX_add0_chain_cert, +SSL_CTX_add1_chain_cert, SSL_CTX_get0_chain_certs, SSL_CTX_clear_chain_certs, +SSL_set0_chain, SSL_set1_chain, SSL_add0_chain_cert, SSL_add1_chain_cert, +SSL_get0_chain_certs, SSL_clear_chain_certs, SSL_CTX_build_cert_chain, +SSL_build_cert_chain, SSL_CTX_select_current_cert, +SSL_select_current_cert, SSL_CTX_set_current_cert, SSL_set_current_cert \- extra +chain certificate processing +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +\& +\& int SSL_CTX_set0_chain(SSL_CTX *ctx, STACK_OF(X509) *sk); +\& int SSL_CTX_set1_chain(SSL_CTX *ctx, STACK_OF(X509) *sk); +\& int SSL_CTX_add0_chain_cert(SSL_CTX *ctx, X509 *x509); +\& int SSL_CTX_add1_chain_cert(SSL_CTX *ctx, X509 *x509); +\& int SSL_CTX_get0_chain_certs(SSL_CTX *ctx, STACK_OF(X509) **sk); +\& int SSL_CTX_clear_chain_certs(SSL_CTX *ctx); +\& +\& int SSL_set0_chain(SSL *ssl, STACK_OF(X509) *sk); +\& int SSL_set1_chain(SSL *ssl, STACK_OF(X509) *sk); +\& int SSL_add0_chain_cert(SSL *ssl, X509 *x509); +\& int SSL_add1_chain_cert(SSL *ssl, X509 *x509); +\& int SSL_get0_chain_certs(SSL *ssl, STACK_OF(X509) **sk); +\& int SSL_clear_chain_certs(SSL *ssl); +\& +\& int SSL_CTX_build_cert_chain(SSL_CTX *ctx, flags); +\& int SSL_build_cert_chain(SSL *ssl, flags); +\& +\& int SSL_CTX_select_current_cert(SSL_CTX *ctx, X509 *x509); +\& int SSL_select_current_cert(SSL *ssl, X509 *x509); +\& int SSL_CTX_set_current_cert(SSL_CTX *ctx, long op); +\& int SSL_set_current_cert(SSL *ssl, long op); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set0_chain()\fR and \fISSL_CTX_set1_chain()\fR set the certificate chain +associated with the current certificate of \fBctx\fR to \fBsk\fR. +.PP +\&\fISSL_CTX_add0_chain_cert()\fR and \fISSL_CTX_add1_chain_cert()\fR append the single +certificate \fBx509\fR to the chain associated with the current certificate of +\&\fBctx\fR. +.PP +\&\fISSL_CTX_get0_chain_certs()\fR retrieves the chain associated with the current +certificate of \fBctx\fR. +.PP +\&\fISSL_CTX_clear_chain_certs()\fR clears any existing chain associated with the +current certificate of \fBctx\fR. (This is implemented by calling +\&\fISSL_CTX_set0_chain()\fR with \fBsk\fR set to \fB\s-1NULL\s0\fR). +.PP +\&\fISSL_CTX_build_cert_chain()\fR builds the certificate chain for \fBctx\fR normally +this uses the chain store or the verify store if the chain store is not set. +If the function is successful the built chain will replace any existing chain. +The \fBflags\fR parameter can be set to \fB\s-1SSL_BUILD_CHAIN_FLAG_UNTRUSTED\s0\fR to use +existing chain certificates as untrusted CAs, \fB\s-1SSL_BUILD_CHAIN_FLAG_NO_ROOT\s0\fR +to omit the root \s-1CA\s0 from the built chain, \fB\s-1SSL_BUILD_CHAIN_FLAG_CHECK\s0\fR to +use all existing chain certificates only to build the chain (effectively +sanity checking and rearranging them if necessary), the flag +\&\fB\s-1SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR\s0\fR ignores any errors during verification: +if flag \fB\s-1SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR\s0\fR is also set verification errors +are cleared from the error queue. +.PP +Each of these functions operates on the \fIcurrent\fR end entity +(i.e. server or client) certificate. This is the last certificate loaded or +selected on the corresponding \fBctx\fR structure. +.PP +\&\fISSL_CTX_select_current_cert()\fR selects \fBx509\fR as the current end entity +certificate, but only if \fBx509\fR has already been loaded into \fBctx\fR using a +function such as \fISSL_CTX_use_certificate()\fR. +.PP +\&\fISSL_set0_chain()\fR, \fISSL_set1_chain()\fR, \fISSL_add0_chain_cert()\fR, +\&\fISSL_add1_chain_cert()\fR, \fISSL_get0_chain_certs()\fR, \fISSL_clear_chain_certs()\fR, +\&\fISSL_build_cert_chain()\fR, \fISSL_select_current_cert()\fR and \fISSL_set_current_cert()\fR +are similar except they apply to \s-1SSL\s0 structure \fBssl\fR. +.PP +\&\fISSL_CTX_set_current_cert()\fR changes the current certificate to a value based +on the \fBop\fR argument. Currently \fBop\fR can be \fB\s-1SSL_CERT_SET_FIRST\s0\fR to use +the first valid certificate or \fB\s-1SSL_CERT_SET_NEXT\s0\fR to set the next valid +certificate after the current certificate. These two operations can be +used to iterate over all certificates in an \fB\s-1SSL_CTX\s0\fR structure. +.PP +\&\fISSL_set_current_cert()\fR also supports the option \fB\s-1SSL_CERT_SET_SERVER\s0\fR. +If \fBssl\fR is a server and has sent a certificate to a connected client +this option sets that certificate to the current certificate and returns 1. +If the negotiated ciphersuite is anonymous (and thus no certificate will +be sent) 2 is returned and the current certificate is unchanged. If \fBssl\fR +is not a server or a certificate has not been sent 0 is returned and +the current certificate is unchanged. +.PP +All these functions are implemented as macros. Those containing a \fB1\fR +increment the reference count of the supplied certificate or chain so it must +be freed at some point after the operation. Those containing a \fB0\fR do +not increment reference counts and the supplied certificate or chain +\&\fB\s-1MUST NOT\s0\fR be freed after the operation. +.SH "NOTES" +.IX Header "NOTES" +The chains associate with an \s-1SSL_CTX\s0 structure are copied to any \s-1SSL\s0 +structures when \fISSL_new()\fR is called. \s-1SSL\s0 structures will not be affected +by any chains subsequently changed in the parent \s-1SSL_CTX.\s0 +.PP +One chain can be set for each key type supported by a server. So, for example, +an \s-1RSA\s0 and a \s-1DSA\s0 certificate can (and often will) have different chains. +.PP +The functions \fISSL_CTX_build_cert_chain()\fR and \fISSL_build_cert_chain()\fR can +be used to check application configuration and to ensure any necessary +subordinate CAs are sent in the correct order. Misconfigured applications +sending incorrect certificate chains often cause problems with peers. +.PP +For example an application can add any set of certificates using +\&\fISSL_CTX_use_certificate_chain_file()\fR then call \fISSL_CTX_build_cert_chain()\fR +with the option \fB\s-1SSL_BUILD_CHAIN_FLAG_CHECK\s0\fR to check and reorder them. +.PP +Applications can issue non fatal warnings when checking chains by setting +the flag \fB\s-1SSL_BUILD_CHAIN_FLAG_IGNORE_ERRORS\s0\fR and checking the return +value. +.PP +Calling \fISSL_CTX_build_cert_chain()\fR or \fISSL_build_cert_chain()\fR is more +efficient than the automatic chain building as it is only performed once. +Automatic chain building is performed on each new session. +.PP +If any certificates are added using these functions no certificates added +using \fISSL_CTX_add_extra_chain_cert()\fR will be used. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_set_current_cert()\fR with \fB\s-1SSL_CERT_SET_SERVER\s0\fR return 1 for success, 2 if +no server certificate is used because the ciphersuites is anonymous and 0 +for failure. +.PP +\&\fISSL_CTX_build_cert_chain()\fR and \fISSL_build_cert_chain()\fR return 1 for success +and 0 for failure. If the flag \fB\s-1SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR\s0\fR and +a verification error occurs then 2 is returned. +.PP +All other functions return 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fISSL_CTX_add_extra_chain_cert\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were first added to OpenSSL 1.0.2. diff --git a/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 b/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 index aba4756..fcaf811 100644 --- a/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 +++ b/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_add_extra_chain_cert 3" -.TH SSL_CTX_add_extra_chain_cert 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_add_extra_chain_cert 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -167,7 +167,8 @@ Only one set of extra chain certificates can be specified per \s-1SSL_CTX\s0 structure. Different chains for different certificates (for example if both \&\s-1RSA\s0 and \s-1DSA\s0 certificates are specified by the same server) or different \s-1SSL\s0 structures with the same parent \s-1SSL_CTX\s0 cannot be specified using this -function. +function. For more flexibility functions such as \fISSL_add1_chain_cert()\fR should +be used instead. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fISSL_CTX_add_extra_chain_cert()\fR returns 1 on success. Check out the @@ -178,3 +179,13 @@ error stack to find out the reason for failure otherwise. \&\fISSL_CTX_use_certificate\fR\|(3), \&\fISSL_CTX_set_client_cert_cb\fR\|(3), \&\fISSL_CTX_load_verify_locations\fR\|(3) +\&\fISSL_CTX_set0_chain\fR\|(3) +\&\fISSL_CTX_set1_chain\fR\|(3) +\&\fISSL_CTX_add0_chain_cert\fR\|(3) +\&\fISSL_CTX_add1_chain_cert\fR\|(3) +\&\fISSL_set0_chain\fR\|(3) +\&\fISSL_set1_chain\fR\|(3) +\&\fISSL_add0_chain_cert\fR\|(3) +\&\fISSL_add1_chain_cert\fR\|(3) +\&\fISSL_CTX_build_cert_chain\fR\|(3) +\&\fISSL_build_cert_chain\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_add_session.3 b/secure/lib/libssl/man/SSL_CTX_add_session.3 index 5215c74..4a3b113 100644 --- a/secure/lib/libssl/man/SSL_CTX_add_session.3 +++ b/secure/lib/libssl/man/SSL_CTX_add_session.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_add_session 3" -.TH SSL_CTX_add_session 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_add_session 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_ctrl.3 b/secure/lib/libssl/man/SSL_CTX_ctrl.3 index b74fd36..74d9683 100644 --- a/secure/lib/libssl/man/SSL_CTX_ctrl.3 +++ b/secure/lib/libssl/man/SSL_CTX_ctrl.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_ctrl 3" -.TH SSL_CTX_ctrl 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_ctrl 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 b/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 index 671ad58..1bc8b52 100644 --- a/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 +++ b/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_flush_sessions 3" -.TH SSL_CTX_flush_sessions 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_flush_sessions 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_free.3 b/secure/lib/libssl/man/SSL_CTX_free.3 index b627fc9..7df44e9 100644 --- a/secure/lib/libssl/man/SSL_CTX_free.3 +++ b/secure/lib/libssl/man/SSL_CTX_free.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_free 3" -.TH SSL_CTX_free 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_free 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_get0_param.3 b/secure/lib/libssl/man/SSL_CTX_get0_param.3 new file mode 100644 index 0000000..6e1eb27 --- /dev/null +++ b/secure/lib/libssl/man/SSL_CTX_get0_param.3 @@ -0,0 +1,187 @@ +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_get0_param 3" +.TH SSL_CTX_get0_param 3 "2015-07-09" "1.0.2d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_get0_param, SSL_get0_param, SSL_CTX_set1_param, SSL_set1_param \- +get and set verification parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +\& +\& X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx) +\& X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl) +\& int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm) +\& int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_get0_param()\fR and \fISSL_get0_param()\fR retrieve an internal pointer to +the verification parameters for \fBctx\fR or \fBssl\fR respectively. The returned +pointer must not be freed by the calling application. +.PP +\&\fISSL_CTX_set1_param()\fR and \fISSL_set1_param()\fR set the verification parameters +to \fBvpm\fR for \fBctx\fR or \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +Typically parameters are retrieved from an \fB\s-1SSL_CTX\s0\fR or \fB\s-1SSL\s0\fR structure +using \fISSL_CTX_get0_param()\fR or \fISSL_get0_param()\fR and an application modifies +them to suit its needs: for example to add a hostname check. +.SH "EXAMPLE" +.IX Header "EXAMPLE" +Check hostname matches \*(L"www.foo.com\*(R" in peer certificate: +.PP +.Vb 2 +\& X509_VERIFY_PARAM *vpm = SSL_get0_param(ssl); +\& X509_VERIFY_PARAM_set1_host(vpm, "www.foo.com"); +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_get0_param()\fR and \fISSL_get0_param()\fR return a pointer to an +\&\fBX509_VERIFY_PARAM\fR structure. +.PP +\&\fISSL_CTX_set1_param()\fR and \fISSL_set1_param()\fR return 1 for success and 0 +for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIX509_VERIFY_PARAM_set_flags\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were first added to OpenSSL 1.0.2. diff --git a/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 b/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 index f8ebb59..5dd1820 100644 --- a/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 +++ b/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_get_ex_new_index 3" -.TH SSL_CTX_get_ex_new_index 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_get_ex_new_index 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 b/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 index 0169da7..be53503 100644 --- a/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 +++ b/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_get_verify_mode 3" -.TH SSL_CTX_get_verify_mode 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_get_verify_mode 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 b/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 index ac1ebcf..5942be4 100644 --- a/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 +++ b/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_load_verify_locations 3" -.TH SSL_CTX_load_verify_locations 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_load_verify_locations 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_new.3 b/secure/lib/libssl/man/SSL_CTX_new.3 index 1395429..f81b32f 100644 --- a/secure/lib/libssl/man/SSL_CTX_new.3 +++ b/secure/lib/libssl/man/SSL_CTX_new.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_new 3" -.TH SSL_CTX_new 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_new 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_sess_number.3 b/secure/lib/libssl/man/SSL_CTX_sess_number.3 index d980b8b..2f8194b 100644 --- a/secure/lib/libssl/man/SSL_CTX_sess_number.3 +++ b/secure/lib/libssl/man/SSL_CTX_sess_number.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_sess_number 3" -.TH SSL_CTX_sess_number 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_sess_number 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 b/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 index 8bf5a0f..32a5ecc 100644 --- a/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 +++ b/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_sess_set_cache_size 3" -.TH SSL_CTX_sess_set_cache_size 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_sess_set_cache_size 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -152,6 +152,7 @@ SSL_CTX_sess_set_cache_size, SSL_CTX_sess_get_cache_size \- manipulate session c .IX Header "DESCRIPTION" \&\fISSL_CTX_sess_set_cache_size()\fR sets the size of the internal session cache of context \fBctx\fR to \fBt\fR. +This value is a hint and not an absolute; see the notes below. .PP \&\fISSL_CTX_sess_get_cache_size()\fR returns the currently valid session cache size. .SH "NOTES" @@ -161,8 +162,9 @@ currently 1024*20, so that up to 20000 sessions can be held. This size can be modified using the \fISSL_CTX_sess_set_cache_size()\fR call. A special case is the size 0, which is used for unlimited size. .PP -When the maximum number of sessions is reached, no more new sessions are -added to the cache. New space may be added by calling +If adding the session makes the cache exceed its size, then unused +sessions are dropped from the end of the cache. +Cache space may also be reclaimed by calling \&\fISSL_CTX_flush_sessions\fR\|(3) to remove expired sessions. .PP diff --git a/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 b/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 index 370c2e4..140755e 100644 --- a/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 +++ b/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_sess_set_get_cb 3" -.TH SSL_CTX_sess_set_get_cb 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_sess_set_get_cb 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_sessions.3 b/secure/lib/libssl/man/SSL_CTX_sessions.3 index 36dbf68..9dbd080 100644 --- a/secure/lib/libssl/man/SSL_CTX_sessions.3 +++ b/secure/lib/libssl/man/SSL_CTX_sessions.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_sessions 3" -.TH SSL_CTX_sessions 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_sessions 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set1_curves.3 b/secure/lib/libssl/man/SSL_CTX_set1_curves.3 new file mode 100644 index 0000000..0e5fe2d --- /dev/null +++ b/secure/lib/libssl/man/SSL_CTX_set1_curves.3 @@ -0,0 +1,236 @@ +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_set1_curves 3" +.TH SSL_CTX_set1_curves 3 "2015-07-09" "1.0.2d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set1_curves, SSL_CTX_set1_curves_list, SSL_set1_curves, +SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve, +SSL_CTX_set_ecdh_auto, SSL_set_ecdh_auto \- EC supported curve functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +\& +\& int SSL_CTX_set1_curves(SSL_CTX *ctx, int *clist, int clistlen); +\& int SSL_CTX_set1_curves_list(SSL_CTX *ctx, char *list); +\& +\& int SSL_set1_curves(SSL *ssl, int *clist, int clistlen); +\& int SSL_set1_curves_list(SSL *ssl, char *list); +\& +\& int SSL_get1_curves(SSL *ssl, int *curves); +\& int SSL_get_shared_curve(SSL *s, int n); +\& +\& int SSL_CTX_set_ecdh_auto(SSL_CTX *ctx, int onoff); +\& int SSL_set_ecdh_auto(SSL *s, int onoff); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set1_curves()\fR sets the supported curves for \fBctx\fR to \fBclistlen\fR +curves in the array \fBclist\fR. The array consist of all NIDs of curves in +preference order. For a \s-1TLS\s0 client the curves are used directly in the +supported curves extension. For a \s-1TLS\s0 server the curves are used to +determine the set of shared curves. +.PP +\&\fISSL_CTX_set1_curves_list()\fR sets the supported curves for \fBctx\fR to +string \fBlist\fR. The string is a colon separated list of curve NIDs or +names, for example \*(L"P\-521:P\-384:P\-256\*(R". +.PP +\&\fISSL_set1_curves()\fR and \fISSL_set1_curves_list()\fR are similar except they set +supported curves for the \s-1SSL\s0 structure \fBssl\fR. +.PP +\&\fISSL_get1_curves()\fR returns the set of supported curves sent by a client +in the supported curves extension. It returns the total number of +supported curves. The \fBcurves\fR parameter can be \fB\s-1NULL\s0\fR to simply +return the number of curves for memory allocation purposes. The +\&\fBcurves\fR array is in the form of a set of curve NIDs in preference +order. It can return zero if the client did not send a supported curves +extension. +.PP +\&\fISSL_get_shared_curve()\fR returns shared curve \fBn\fR for a server-side +\&\s-1SSL \s0\fBssl\fR. If \fBn\fR is \-1 then the total number of shared curves is +returned, which may be zero. Other than for diagnostic purposes, +most applications will only be interested in the first shared curve +so \fBn\fR is normally set to zero. If the value \fBn\fR is out of range, +NID_undef is returned. +.PP +\&\fISSL_CTX_set_ecdh_auto()\fR and \fISSL_set_ecdh_auto()\fR set automatic curve +selection for server \fBctx\fR or \fBssl\fR to \fBonoff\fR. If \fBonoff\fR is 1 then +the highest preference curve is automatically used for \s-1ECDH\s0 temporary +keys used during key exchange. +.PP +All these functions are implemented as macros. +.SH "NOTES" +.IX Header "NOTES" +If an application wishes to make use of several of these functions for +configuration purposes either on a command line or in a file it should +consider using the \s-1SSL_CONF\s0 interface instead of manually parsing options. +.PP +The functions \fISSL_CTX_set_ecdh_auto()\fR and \fISSL_set_ecdh_auto()\fR can be used to +make a server always choose the most appropriate curve for a client. If set +it will override any temporary \s-1ECDH\s0 parameters set by a server. Previous +versions of OpenSSL could effectively only use a single \s-1ECDH\s0 curve set +using a function such as \fISSL_CTX_set_ecdh_tmp()\fR. Newer applications should +just call: +.PP +.Vb 1 +\& SSL_CTX_set_ecdh_auto(ctx, 1); +.Ve +.PP +and they will automatically support \s-1ECDH\s0 using the most appropriate shared +curve. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set1_curves()\fR, \fISSL_CTX_set1_curves_list()\fR, \fISSL_set1_curves()\fR, +\&\fISSL_set1_curves_list()\fR, \fISSL_CTX_set_ecdh_auto()\fR and \fISSL_set_ecdh_auto()\fR +return 1 for success and 0 for failure. +.PP +\&\fISSL_get1_curves()\fR returns the number of curves, which may be zero. +.PP +\&\fISSL_get_shared_curve()\fR returns the \s-1NID\s0 of shared curve \fBn\fR or NID_undef if there +is no shared curve \fBn\fR; or the total number of shared curves if \fBn\fR +is \-1. +.PP +When called on a client \fBssl\fR, \fISSL_get_shared_curve()\fR has no meaning and +returns \-1. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fISSL_CTX_add_extra_chain_cert\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were first added to OpenSSL 1.0.2. diff --git a/secure/lib/libssl/man/SSL_CTX_set1_verify_cert_store.3 b/secure/lib/libssl/man/SSL_CTX_set1_verify_cert_store.3 new file mode 100644 index 0000000..8709286 --- /dev/null +++ b/secure/lib/libssl/man/SSL_CTX_set1_verify_cert_store.3 @@ -0,0 +1,222 @@ +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_set1_verify_cert_store 3" +.TH SSL_CTX_set1_verify_cert_store 3 "2015-07-09" "1.0.2d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set0_verify_cert_store, SSL_CTX_set1_verify_cert_store, +SSL_CTX_set0_chain_cert_store, SSL_CTX_set1_chain_cert_store, +SSL_set0_verify_cert_store, SSL_set1_verify_cert_store, +SSL_set0_chain_cert_store, SSL_set1_chain_cert_store \- set certificate +verification or chain store +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +\& +\& int SSL_CTX_set0_verify_cert_store(SSL_CTX *ctx, X509_STORE *st); +\& int SSL_CTX_set1_verify_cert_store(SSL_CTX *ctx, X509_STORE *st); +\& int SSL_CTX_set0_chain_cert_store(SSL_CTX *ctx, X509_STORE *st); +\& int SSL_CTX_set1_chain_cert_store(SSL_CTX *ctx, X509_STORE *st); +\& +\& int SSL_set0_verify_cert_store(SSL_CTX *ctx, X509_STORE *st); +\& int SSL_set1_verify_cert_store(SSL_CTX *ctx, X509_STORE *st); +\& int SSL_set0_chain_cert_store(SSL_CTX *ctx, X509_STORE *st); +\& int SSL_set1_chain_cert_store(SSL_CTX *ctx, X509_STORE *st); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set0_verify_cert_store()\fR and \fISSL_CTX_set1_verify_cert_store()\fR +set the certificate store used for certificate verification to \fBst\fR. +.PP +\&\fISSL_CTX_set0_chain_cert_store()\fR and \fISSL_CTX_set1_chain_cert_store()\fR +set the certificate store used for certificate chain building to \fBst\fR. +.PP +\&\fISSL_set0_verify_cert_store()\fR, \fISSL_set1_verify_cert_store()\fR, +\&\fISSL_set0_chain_cert_store()\fR and \fISSL_set1_chain_cert_store()\fR are similar +except they apply to \s-1SSL\s0 structure \fBssl\fR. +.PP +All these functions are implemented as macros. Those containing a \fB1\fR +increment the reference count of the supplied store so it must +be freed at some point after the operation. Those containing a \fB0\fR do +not increment reference counts and the supplied store \fB\s-1MUST NOT\s0\fR be freed +after the operation. +.SH "NOTES" +.IX Header "NOTES" +The stores pointers associated with an \s-1SSL_CTX\s0 structure are copied to any \s-1SSL\s0 +structures when \fISSL_new()\fR is called. As a result \s-1SSL\s0 structures will not be +affected if the parent \s-1SSL_CTX\s0 store pointer is set to a new value. +.PP +The verification store is used to verify the certificate chain sent by the +peer: that is an \s-1SSL/TLS\s0 client will use the verification store to verify +the server's certificate chain and a \s-1SSL/TLS\s0 server will use it to verify +any client certificate chain. +.PP +The chain store is used to build the certificate chain. +.PP +If the mode \fB\s-1SSL_MODE_NO_AUTO_CHAIN\s0\fR is set or a certificate chain is +configured already (for example using the functions such as +\&\fISSL_CTX_add1_chain_cert\fR\|(3) or +\&\fISSL_CTX_add_extra_chain_cert\fR\|(3)) then +automatic chain building is disabled. +.PP +If the mode \fB\s-1SSL_MODE_NO_AUTO_CHAIN\s0\fR is set then automatic chain building +is disabled. +.PP +If the chain or the verification store is not set then the store associated +with the parent \s-1SSL_CTX\s0 is used instead to retain compatibility with previous +versions of OpenSSL. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All these functions return 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fISSL_CTX_add_extra_chain_cert\fR\|(3) +\&\fISSL_CTX_set0_chain\fR\|(3) +\&\fISSL_CTX_set1_chain\fR\|(3) +\&\fISSL_CTX_add0_chain_cert\fR\|(3) +\&\fISSL_CTX_add1_chain_cert\fR\|(3) +\&\fISSL_set0_chain\fR\|(3) +\&\fISSL_set1_chain\fR\|(3) +\&\fISSL_add0_chain_cert\fR\|(3) +\&\fISSL_add1_chain_cert\fR\|(3) +\&\fISSL_CTX_build_cert_chain\fR\|(3) +\&\fISSL_build_cert_chain\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were first added to OpenSSL 1.0.2. diff --git a/secure/lib/libssl/man/SSL_CTX_set_cert_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_cert_cb.3 new file mode 100644 index 0000000..b858902 --- /dev/null +++ b/secure/lib/libssl/man/SSL_CTX_set_cert_cb.3 @@ -0,0 +1,201 @@ +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_set_cert_cb 3" +.TH SSL_CTX_set_cert_cb 3 "2015-07-09" "1.0.2d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_cert_cb, SSL_set_cert_cb \- handle certificate callback function +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +\& +\& void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cert_cb)(SSL *ssl, void *arg), void *arg); +\& void SSL_set_cert_cb(SSL *s, int (*cert_cb)(SSL *ssl, void *arg), void *arg); +\& +\& int (*cert_cb)(SSL *ssl, void *arg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_cert_cb()\fR and \fISSL_set_cert_cb()\fR sets the \fB\f(BIcert_cb()\fB\fR callback, +\&\fBarg\fR value is pointer which is passed to the application callback. +.PP +When \fB\f(BIcert_cb()\fB\fR is \s-1NULL,\s0 no callback function is used. +.PP +\&\fIcert_cb()\fR is the application defined callback. It is called before a +certificate will be used by a client or server. The callback can then inspect +the passed \fBssl\fR structure and set or clear any appropriate certificates. If +the callback is successful it \fB\s-1MUST\s0\fR return 1 even if no certificates have +been set. A zero is returned on error which will abort the handshake with a +fatal internal error alert. A negative return value will suspend the handshake +and the handshake function will return immediately. +\&\fISSL_get_error\fR\|(3) will return \s-1SSL_ERROR_WANT_X509_LOOKUP\s0 to +indicate, that the handshake was suspended. The next call to the handshake +function will again lead to the call of \fIcert_cb()\fR. It is the job of the +\&\fIcert_cb()\fR to store information about the state of the last call, +if required to continue. +.SH "NOTES" +.IX Header "NOTES" +An application will typically call \fISSL_use_certificate()\fR and +\&\fISSL_use_PrivateKey()\fR to set the end entity certificate and private key. +It can add intermediate and optionally the root \s-1CA\s0 certificates using +\&\fISSL_add1_chain_cert()\fR. +.PP +It might also call \fISSL_certs_clear()\fR to delete any certificates associated +with the \fB\s-1SSL\s0\fR object. +.PP +The certificate callback functionality supercedes the (largely broken) +functionality provided by the old client certificate callback interface. +It is \fBalways\fR called even is a certificate is already set so the callback +can modify or delete the existing certificate. +.PP +A more advanced callback might examine the handshake parameters and set +whatever chain is appropriate. For example a legacy client supporting only +\&\s-1TLS\s0 v1.0 might receive a certificate chain signed using \s-1SHA1\s0 whereas a +\&\s-1TLS\s0 v1.2 client which advertises support for \s-1SHA256\s0 could receive a chain +using \s-1SHA256.\s0 +.PP +Normal server sanity checks are performed on any certificates set +by the callback. So if an \s-1EC\s0 chain is set for a curve the client does not +support it will \fBnot\fR be used. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(3), \fISSL_use_certificate\fR\|(3), +\&\fISSL_add1_chain_cert\fR\|(3), +\&\fISSL_get_client_CA_list\fR\|(3), +\&\fISSL_clear\fR\|(3), \fISSL_free\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 b/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 index 5d17a91..4253a53 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_cert_store 3" -.TH SSL_CTX_set_cert_store 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_set_cert_store 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -177,6 +177,12 @@ overridden with the \fIverify_callback()\fR set via the \&\fISSL_CTX_set_verify\fR\|(3) family of functions. This document must therefore be updated when documentation about the X509_STORE object and its handling becomes available. +.SH "RESTRICTIONS" +.IX Header "RESTRICTIONS" +The X509_STORE structure used by an \s-1SSL_CTX\s0 is used for verifying peer +certificates and building certificate chains, it is also shared by +every child \s-1SSL\s0 structure. Applications wanting finer control can use +functions such as \fISSL_CTX_set1_verify_cert_store()\fR instead. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fISSL_CTX_set_cert_store()\fR does not return diagnostic output. diff --git a/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 index 5d86dc3..a6a590e 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_cert_verify_callback 3" -.TH SSL_CTX_set_cert_verify_callback 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_set_cert_verify_callback 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 b/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 index e0243d6..3d70ced 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_cipher_list 3" -.TH SSL_CTX_set_cipher_list 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_set_cipher_list 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -177,7 +177,7 @@ A \s-1RSA\s0 cipher can only be chosen, when a \s-1RSA\s0 certificate is availab a temporary 512 bit \s-1RSA\s0 key, as typically the supplied key has a length of 1024 bit (see \&\fISSL_CTX_set_tmp_rsa_callback\fR\|(3)). -\&\s-1RSA\s0 ciphers using \s-1EDH\s0 need a certificate and key and additional DH-parameters +\&\s-1RSA\s0 ciphers using \s-1DHE\s0 need a certificate and key and additional DH-parameters (see \fISSL_CTX_set_tmp_dh_callback\fR\|(3)). .PP A \s-1DSA\s0 cipher can only be chosen, when a \s-1DSA\s0 certificate is available. diff --git a/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 b/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 index 3746b3b..203378c 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_client_CA_list 3" -.TH SSL_CTX_set_client_CA_list 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_set_client_CA_list 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 index ef24866..d9a4b7e 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_client_cert_cb 3" -.TH SSL_CTX_set_client_cert_cb 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_set_client_cert_cb 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_custom_cli_ext.3 b/secure/lib/libssl/man/SSL_CTX_set_custom_cli_ext.3 new file mode 100644 index 0000000..4bec817 --- /dev/null +++ b/secure/lib/libssl/man/SSL_CTX_set_custom_cli_ext.3 @@ -0,0 +1,264 @@ +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_set_custom_cli_ext 3" +.TH SSL_CTX_set_custom_cli_ext 3 "2015-07-09" "1.0.2d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_add_client_custom_ext, SSL_CTX_add_server_custom_ext \- custom TLS extension handling +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +\& +\& int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type, +\& custom_ext_add_cb add_cb, +\& custom_ext_free_cb free_cb, void *add_arg, +\& custom_ext_parse_cb parse_cb, +\& void *parse_arg); +\& +\& int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type, +\& custom_ext_add_cb add_cb, +\& custom_ext_free_cb free_cb, void *add_arg, +\& custom_ext_parse_cb parse_cb, +\& void *parse_arg); +\& +\& int SSL_extension_supported(unsigned int ext_type); +\& +\& typedef int (*custom_ext_add_cb)(SSL *s, unsigned int ext_type, +\& const unsigned char **out, +\& size_t *outlen, int *al, +\& void *add_arg); +\& +\& typedef void (*custom_ext_free_cb)(SSL *s, unsigned int ext_type, +\& const unsigned char *out, +\& void *add_arg); +\& +\& typedef int (*custom_ext_parse_cb)(SSL *s, unsigned int ext_type, +\& const unsigned char *in, +\& size_t inlen, int *al, +\& void *parse_arg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_add_client_custom_ext()\fR adds a custom extension for a \s-1TLS\s0 client +with extension type \fBext_type\fR and callbacks \fBadd_cb\fR, \fBfree_cb\fR and +\&\fBparse_cb\fR. +.PP +\&\fISSL_CTX_add_server_custom_ext()\fR adds a custom extension for a \s-1TLS\s0 server +with extension type \fBext_type\fR and callbacks \fBadd_cb\fR, \fBfree_cb\fR and +\&\fBparse_cb\fR. +.PP +In both cases the extension type must not be handled by OpenSSL internally +or an error occurs. +.PP +\&\fISSL_extension_supported()\fR returns 1 if the extension \fBext_type\fR is handled +internally by OpenSSL and 0 otherwise. +.SH "EXTENSION CALLBACKS" +.IX Header "EXTENSION CALLBACKS" +The callback \fBadd_cb\fR is called to send custom extension data to be +included in ClientHello for \s-1TLS\s0 clients or ServerHello for servers. The +\&\fBext_type\fR parameter is set to the extension type which will be added and +\&\fBadd_arg\fR to the value set when the extension handler was added. +.PP +If the application wishes to include the extension \fBext_type\fR it should +set \fB*out\fR to the extension data, set \fB*outlen\fR to the length of the +extension data and return 1. +.PP +If the \fBadd_cb\fR does not wish to include the extension it must return 0. +.PP +If \fBadd_cb\fR returns \-1 a fatal handshake error occurs using the \s-1TLS\s0 +alert value specified in \fB*al\fR. +.PP +For clients (but not servers) if \fBadd_cb\fR is set to \s-1NULL\s0 a zero length +extension is added for \fBext_type\fR. +.PP +For clients every registered \fBadd_cb\fR is always called to see if the +application wishes to add an extension to ClientHello. +.PP +For servers every registered \fBadd_cb\fR is called once if and only if the +corresponding extension was received in ClientHello to see if the application +wishes to add the extension to ServerHello. That is, if no corresponding extension +was received in ClientHello then \fBadd_cb\fR will not be called. +.PP +If an extension is added (that is \fBadd_cb\fR returns 1) \fBfree_cb\fR is called +(if it is set) with the value of \fBout\fR set by the add callback. It can be +used to free up any dynamic extension data set by \fBadd_cb\fR. Since \fBout\fR is +constant (to permit use of constant data in \fBadd_cb\fR) applications may need to +cast away const to free the data. +.PP +The callback \fBparse_cb\fR receives data for \s-1TLS\s0 extensions. For \s-1TLS\s0 clients +the extension data will come from ServerHello and for \s-1TLS\s0 servers it will +come from ClientHello. +.PP +The extension data consists of \fBinlen\fR bytes in the buffer \fBin\fR for the +extension \fBextension_type\fR. +.PP +If the \fBparse_cb\fR considers the extension data acceptable it must return +1. If it returns 0 or a negative value a fatal handshake error occurs +using the \s-1TLS\s0 alert value specified in \fB*al\fR. +.PP +The buffer \fBin\fR is a temporary internal buffer which will not be valid after +the callback returns. +.SH "NOTES" +.IX Header "NOTES" +The \fBadd_arg\fR and \fBparse_arg\fR parameters can be set to arbitrary values +which will be passed to the corresponding callbacks. They can, for example, +be used to store the extension data received in a convenient structure or +pass the extension data to be added or freed when adding extensions. +.PP +The \fBext_type\fR parameter corresponds to the \fBextension_type\fR field of +\&\s-1RFC5246\s0 et al. It is \fBnot\fR a \s-1NID.\s0 +.PP +If the same custom extension type is received multiple times a fatal +\&\fBdecode_error\fR alert is sent and the handshake aborts. If a custom extension +is received in ServerHello which was not sent in ClientHello a fatal +\&\fBunsupported_extension\fR alert is sent and the handshake is aborted. The +ServerHello \fBadd_cb\fR callback is only called if the corresponding extension +was received in ClientHello. This is compliant with the \s-1TLS\s0 specifications. +This behaviour ensures that each callback is called at most once and that +an application can never send unsolicited extensions. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_add_client_custom_ext()\fR and \fISSL_CTX_add_server_custom_ext()\fR return 1 for +success and 0 for failure. A failure can occur if an attempt is made to +add the same \fBext_type\fR more than once, if an attempt is made to use an +extension type handled internally by OpenSSL or if an internal error occurs +(for example a memory allocation failure). +.PP +\&\fISSL_extension_supported()\fR returns 1 if the extension \fBext_type\fR is handled +internally by OpenSSL and 0 otherwise. diff --git a/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 index 9dab343..7388cb1 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_default_passwd_cb 3" -.TH SSL_CTX_set_default_passwd_cb 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_set_default_passwd_cb 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 b/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 index cd51338..602d00c 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_generate_session_id 3" -.TH SSL_CTX_set_generate_session_id 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_set_generate_session_id 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 index 58ee7a2..d8bcc3e 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_info_callback 3" -.TH SSL_CTX_set_info_callback 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_set_info_callback 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 b/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 index 265cc55..c018083 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_max_cert_list 3" -.TH SSL_CTX_set_max_cert_list 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_set_max_cert_list 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_mode.3 b/secure/lib/libssl/man/SSL_CTX_set_mode.3 index b1502ff..d0e0442 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_mode.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_mode.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_mode 3" -.TH SSL_CTX_set_mode 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_set_mode 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 index 3bfa3d5..8c5cc1d 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_msg_callback 3" -.TH SSL_CTX_set_msg_callback 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_set_msg_callback 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_options.3 b/secure/lib/libssl/man/SSL_CTX_set_options.3 index 3747de6..2be16ce 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_options.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_options.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_options 3" -.TH SSL_CTX_set_options 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_set_options 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3 index 54bbe43..0596370 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_psk_client_callback 3" -.TH SSL_CTX_set_psk_client_callback 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_set_psk_client_callback 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 b/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 index 9520211..1184c4a 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_quiet_shutdown 3" -.TH SSL_CTX_set_quiet_shutdown 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_set_quiet_shutdown 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_read_ahead.3 b/secure/lib/libssl/man/SSL_CTX_set_read_ahead.3 index d72eb46..c5fbc2c 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_read_ahead.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_read_ahead.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_read_ahead 3" -.TH SSL_CTX_set_read_ahead 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_set_read_ahead 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 b/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 index dac4b7d..40585e6 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_session_cache_mode 3" -.TH SSL_CTX_set_session_cache_mode 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_set_session_cache_mode 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 b/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 index 31dea8b..1ade776 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_session_id_context 3" -.TH SSL_CTX_set_session_id_context 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_set_session_id_context 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 b/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 index ebce586..c3037c8 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_ssl_version 3" -.TH SSL_CTX_set_ssl_version 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_set_ssl_version 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_timeout.3 b/secure/lib/libssl/man/SSL_CTX_set_timeout.3 index e9471a0..6b085c8 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_timeout.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_timeout.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_timeout 3" -.TH SSL_CTX_set_timeout 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_set_timeout 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 index 0e442ea..ca7e7aa 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_tlsext_ticket_key_cb 3" -.TH SSL_CTX_set_tlsext_ticket_key_cb 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_set_tlsext_ticket_key_cb 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 index d58f518..22e2e6b 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_tmp_dh_callback 3" -.TH SSL_CTX_set_tmp_dh_callback 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_set_tmp_dh_callback 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 index 2338021..efd8ee0 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_tmp_rsa_callback 3" -.TH SSL_CTX_set_tmp_rsa_callback 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_set_tmp_rsa_callback 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -206,7 +206,7 @@ the \s-1TLS\s0 standard, when the \s-1RSA\s0 key can be used for signing only, t for export ciphers. Using ephemeral \s-1RSA\s0 key exchange for other purposes violates the standard and can break interoperability with clients. It is therefore strongly recommended to not use ephemeral \s-1RSA\s0 key -exchange and use \s-1EDH \s0(Ephemeral Diffie-Hellman) key exchange instead +exchange and use \s-1DHE \s0(Ephemeral Diffie-Hellman) key exchange instead in order to achieve forward secrecy (see \&\fISSL_CTX_set_tmp_dh_callback\fR\|(3)). .PP diff --git a/secure/lib/libssl/man/SSL_CTX_set_verify.3 b/secure/lib/libssl/man/SSL_CTX_set_verify.3 index 1e4b37d..6a5961e 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_verify.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_verify.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_verify 3" -.TH SSL_CTX_set_verify 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_set_verify 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_use_certificate.3 b/secure/lib/libssl/man/SSL_CTX_use_certificate.3 index 293b584..c5c6eea 100644 --- a/secure/lib/libssl/man/SSL_CTX_use_certificate.3 +++ b/secure/lib/libssl/man/SSL_CTX_use_certificate.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_use_certificate 3" -.TH SSL_CTX_use_certificate 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_use_certificate 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -244,10 +244,9 @@ the same check for \fBssl\fR. If no key/certificate was explicitly added for this \fBssl\fR, the last item added into \fBctx\fR will be checked. .SH "NOTES" .IX Header "NOTES" -The internal certificate store of OpenSSL can hold two private key/certificate -pairs at a time: one key/certificate of type \s-1RSA\s0 and one key/certificate -of type \s-1DSA.\s0 The certificate used depends on the cipher select, see -also \fISSL_CTX_set_cipher_list\fR\|(3). +The internal certificate store of OpenSSL can hold several private +key/certificate pairs at a time. The certificate used depends on the +cipher selected, see also \fISSL_CTX_set_cipher_list\fR\|(3). .PP When reading certificates and private keys from file, files of type \&\s-1SSL_FILETYPE_ASN1 \s0(also known as \fB\s-1DER\s0\fR, binary encoding) can only contain @@ -257,16 +256,13 @@ Files of type \s-1SSL_FILETYPE_PEM\s0 can contain more than one item. .PP \&\fISSL_CTX_use_certificate_chain_file()\fR adds the first certificate found in the file to the certificate store. The other certificates are added -to the store of chain certificates using -\&\fISSL_CTX_add_extra_chain_cert\fR\|(3). -There exists only one extra chain store, so that the same chain is appended -to both types of certificates, \s-1RSA\s0 and \s-1DSA\s0! If it is not intended to use -both type of certificate at the same time, it is recommended to use the -\&\fISSL_CTX_use_certificate_chain_file()\fR instead of the -\&\fISSL_CTX_use_certificate_file()\fR function in order to allow the use of -complete certificate chains even when no trusted \s-1CA\s0 storage is used or -when the \s-1CA\s0 issuing the certificate shall not be added to the trusted -\&\s-1CA\s0 storage. +to the store of chain certificates using \fISSL_CTX_add1_chain_cert\fR\|(3). Note: versions of OpenSSL before 1.0.2 only had a single +certificate chain store for all certificate types, OpenSSL 1.0.2 and later +have a separate chain store for each type. \fISSL_CTX_use_certificate_chain_file()\fR +should be used instead of the \fISSL_CTX_use_certificate_file()\fR function in order +to allow the use of complete certificate chains even when no trusted \s-1CA\s0 +storage is used or when the \s-1CA\s0 issuing the certificate shall not be added to +the trusted \s-1CA\s0 storage. .PP If additional certificates are needed to complete the chain during the \&\s-1TLS\s0 negotiation, \s-1CA\s0 certificates are additionally looked up in the diff --git a/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3 b/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3 index 04ea12a..3061fbc 100644 --- a/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3 +++ b/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_use_psk_identity_hint 3" -.TH SSL_CTX_use_psk_identity_hint 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_CTX_use_psk_identity_hint 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -184,8 +184,11 @@ by the client in parameter \fBidentity\fR, and a buffer \fBpsk\fR of length 1 on success, 0 otherwise. .PP Return values from the server callback are interpreted as follows: -.IP "> 0" 4 -.IX Item "> 0" +.IP "0" 4 +\&\s-1PSK\s0 identity was not found. An \*(L"unknown_psk_identity\*(R" alert message +will be sent and the connection setup fails. +.IP ">0" 4 +.IX Item ">0" \&\s-1PSK\s0 identity was found and the server callback has provided the \s-1PSK\s0 successfully in parameter \fBpsk\fR. Return value is the length of \&\fBpsk\fR in bytes. It is an error to return a value greater than @@ -196,6 +199,3 @@ protocol to continue anyway, the callback must provide some random data to \fBpsk\fR and return the length of the random data, so the connection will fail with decryption_error before it will be finished completely. -.IP "0" 4 -\&\s-1PSK\s0 identity was not found. An \*(L"unknown_psk_identity\*(R" alert message -will be sent and the connection setup fails. diff --git a/secure/lib/libssl/man/SSL_CTX_use_serverinfo.3 b/secure/lib/libssl/man/SSL_CTX_use_serverinfo.3 new file mode 100644 index 0000000..124d00a --- /dev/null +++ b/secure/lib/libssl/man/SSL_CTX_use_serverinfo.3 @@ -0,0 +1,179 @@ +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_use_serverinfo 3" +.TH SSL_CTX_use_serverinfo 3 "2015-07-09" "1.0.2d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_use_serverinfo, SSL_CTX_use_serverinfo_file \- use serverinfo extension +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +\& +\& int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, +\& size_t serverinfo_length); +\& +\& int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions load \*(L"serverinfo\*(R" \s-1TLS\s0 ServerHello Extensions into the \s-1SSL_CTX. +A \s0\*(L"serverinfo\*(R" extension is returned in response to an empty ClientHello +Extension. +.PP +\&\fISSL_CTX_use_serverinfo()\fR loads one or more serverinfo extensions from +a byte array into \fBctx\fR. The extensions must be concatenated into a +sequence of bytes. Each extension must consist of a 2\-byte Extension Type, +a 2\-byte length, and then length bytes of extension_data. +.PP +\&\fISSL_CTX_use_serverinfo_file()\fR loads one or more serverinfo extensions from +\&\fBfile\fR into \fBctx\fR. The extensions must be in \s-1PEM\s0 format. Each extension +must consist of a 2\-byte Extension Type, a 2\-byte length, and then length +bytes of extension_data. Each \s-1PEM\s0 extension name must begin with the phrase +\&\*(L"\s-1BEGIN SERVERINFO FOR \*(R".\s0 +.SH "NOTES" +.IX Header "NOTES" +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +On success, the functions return 1. +On failure, the functions return 0. Check out the error stack to find out +the reason. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +.SH "HISTORY" +.IX Header "HISTORY" diff --git a/secure/lib/libssl/man/SSL_SESSION_free.3 b/secure/lib/libssl/man/SSL_SESSION_free.3 index 52a5490..31dc630 100644 --- a/secure/lib/libssl/man/SSL_SESSION_free.3 +++ b/secure/lib/libssl/man/SSL_SESSION_free.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_free 3" -.TH SSL_SESSION_free 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_SESSION_free 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 b/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 index b861fe3..f84542d 100644 --- a/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 +++ b/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_get_ex_new_index 3" -.TH SSL_SESSION_get_ex_new_index 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_SESSION_get_ex_new_index 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_SESSION_get_time.3 b/secure/lib/libssl/man/SSL_SESSION_get_time.3 index 669901e..5dc18e6 100644 --- a/secure/lib/libssl/man/SSL_SESSION_get_time.3 +++ b/secure/lib/libssl/man/SSL_SESSION_get_time.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_get_time 3" -.TH SSL_SESSION_get_time 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_SESSION_get_time 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_accept.3 b/secure/lib/libssl/man/SSL_accept.3 index 0636013..9c9608a 100644 --- a/secure/lib/libssl/man/SSL_accept.3 +++ b/secure/lib/libssl/man/SSL_accept.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_accept 3" -.TH SSL_accept 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_accept 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -157,10 +157,7 @@ The communication channel must already have been set and assigned to the The behaviour of \fISSL_accept()\fR depends on the underlying \s-1BIO. \s0 .PP If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_accept()\fR will only return once the -handshake has been finished or an error occurred, except for \s-1SGC \s0(Server -Gated Cryptography). For \s-1SGC,\s0 \fISSL_accept()\fR may return with \-1, but -\&\fISSL_get_error()\fR will yield \fB\s-1SSL_ERROR_WANT_READ/WRITE\s0\fR and \fISSL_accept()\fR -should be called again. +handshake has been finished or an error occurred. .PP If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_accept()\fR will also return when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_accept()\fR diff --git a/secure/lib/libssl/man/SSL_alert_type_string.3 b/secure/lib/libssl/man/SSL_alert_type_string.3 index 476983d..f4d2f4e 100644 --- a/secure/lib/libssl/man/SSL_alert_type_string.3 +++ b/secure/lib/libssl/man/SSL_alert_type_string.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_alert_type_string 3" -.TH SSL_alert_type_string 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_alert_type_string 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_clear.3 b/secure/lib/libssl/man/SSL_clear.3 index 1226faa..26bca44 100644 --- a/secure/lib/libssl/man/SSL_clear.3 +++ b/secure/lib/libssl/man/SSL_clear.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_clear 3" -.TH SSL_clear 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_clear 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_connect.3 b/secure/lib/libssl/man/SSL_connect.3 index b82e103..a1039ba 100644 --- a/secure/lib/libssl/man/SSL_connect.3 +++ b/secure/lib/libssl/man/SSL_connect.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_connect 3" -.TH SSL_connect 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_connect 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_do_handshake.3 b/secure/lib/libssl/man/SSL_do_handshake.3 index 3d62274..5471b70 100644 --- a/secure/lib/libssl/man/SSL_do_handshake.3 +++ b/secure/lib/libssl/man/SSL_do_handshake.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_do_handshake 3" -.TH SSL_do_handshake 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_do_handshake 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -159,10 +159,7 @@ routines may have to be explicitly set in advance using either The behaviour of \fISSL_do_handshake()\fR depends on the underlying \s-1BIO.\s0 .PP If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_do_handshake()\fR will only return -once the handshake has been finished or an error occurred, except for \s-1SGC -\&\s0(Server Gated Cryptography). For \s-1SGC,\s0 \fISSL_do_handshake()\fR may return with \-1, -but \fISSL_get_error()\fR will yield \fB\s-1SSL_ERROR_WANT_READ/WRITE\s0\fR and -\&\fISSL_do_handshake()\fR should be called again. +once the handshake has been finished or an error occurred. .PP If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_do_handshake()\fR will also return when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_do_handshake()\fR diff --git a/secure/lib/libssl/man/SSL_free.3 b/secure/lib/libssl/man/SSL_free.3 index f2dc9d8..1c87807 100644 --- a/secure/lib/libssl/man/SSL_free.3 +++ b/secure/lib/libssl/man/SSL_free.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_free 3" -.TH SSL_free 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_free 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_SSL_CTX.3 b/secure/lib/libssl/man/SSL_get_SSL_CTX.3 index e33e11e..2960a43 100644 --- a/secure/lib/libssl/man/SSL_get_SSL_CTX.3 +++ b/secure/lib/libssl/man/SSL_get_SSL_CTX.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_SSL_CTX 3" -.TH SSL_get_SSL_CTX 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_get_SSL_CTX 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_ciphers.3 b/secure/lib/libssl/man/SSL_get_ciphers.3 index e31ba68..37fa048 100644 --- a/secure/lib/libssl/man/SSL_get_ciphers.3 +++ b/secure/lib/libssl/man/SSL_get_ciphers.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_ciphers 3" -.TH SSL_get_ciphers 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_get_ciphers 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_client_CA_list.3 b/secure/lib/libssl/man/SSL_get_client_CA_list.3 index 47a8ba5..370f86f 100644 --- a/secure/lib/libssl/man/SSL_get_client_CA_list.3 +++ b/secure/lib/libssl/man/SSL_get_client_CA_list.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_client_CA_list 3" -.TH SSL_get_client_CA_list 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_get_client_CA_list 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_current_cipher.3 b/secure/lib/libssl/man/SSL_get_current_cipher.3 index 041ec39..1c27046 100644 --- a/secure/lib/libssl/man/SSL_get_current_cipher.3 +++ b/secure/lib/libssl/man/SSL_get_current_cipher.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_current_cipher 3" -.TH SSL_get_current_cipher 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_get_current_cipher 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_default_timeout.3 b/secure/lib/libssl/man/SSL_get_default_timeout.3 index fd3298a..bfa05ef 100644 --- a/secure/lib/libssl/man/SSL_get_default_timeout.3 +++ b/secure/lib/libssl/man/SSL_get_default_timeout.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_default_timeout 3" -.TH SSL_get_default_timeout 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_get_default_timeout 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_error.3 b/secure/lib/libssl/man/SSL_get_error.3 index ce9d766..68201a0 100644 --- a/secure/lib/libssl/man/SSL_get_error.3 +++ b/secure/lib/libssl/man/SSL_get_error.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_error 3" -.TH SSL_get_error 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_get_error 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 b/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 index 0758afa..0f067ed 100644 --- a/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 +++ b/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_ex_data_X509_STORE_CTX_idx 3" -.TH SSL_get_ex_data_X509_STORE_CTX_idx 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_get_ex_data_X509_STORE_CTX_idx 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_ex_new_index.3 b/secure/lib/libssl/man/SSL_get_ex_new_index.3 index 8343610..3a7177c 100644 --- a/secure/lib/libssl/man/SSL_get_ex_new_index.3 +++ b/secure/lib/libssl/man/SSL_get_ex_new_index.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_ex_new_index 3" -.TH SSL_get_ex_new_index 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_get_ex_new_index 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_fd.3 b/secure/lib/libssl/man/SSL_get_fd.3 index 610e409..1660074 100644 --- a/secure/lib/libssl/man/SSL_get_fd.3 +++ b/secure/lib/libssl/man/SSL_get_fd.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_fd 3" -.TH SSL_get_fd 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_get_fd 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 b/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 index e63045b..3659142 100644 --- a/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 +++ b/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_peer_cert_chain 3" -.TH SSL_get_peer_cert_chain 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_get_peer_cert_chain 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_peer_certificate.3 b/secure/lib/libssl/man/SSL_get_peer_certificate.3 index b908dd7..2199634 100644 --- a/secure/lib/libssl/man/SSL_get_peer_certificate.3 +++ b/secure/lib/libssl/man/SSL_get_peer_certificate.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_peer_certificate 3" -.TH SSL_get_peer_certificate 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_get_peer_certificate 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_psk_identity.3 b/secure/lib/libssl/man/SSL_get_psk_identity.3 index 7849428..a67c8a1 100644 --- a/secure/lib/libssl/man/SSL_get_psk_identity.3 +++ b/secure/lib/libssl/man/SSL_get_psk_identity.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_psk_identity 3" -.TH SSL_get_psk_identity 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_get_psk_identity 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_rbio.3 b/secure/lib/libssl/man/SSL_get_rbio.3 index b4f6682..8e2aca5 100644 --- a/secure/lib/libssl/man/SSL_get_rbio.3 +++ b/secure/lib/libssl/man/SSL_get_rbio.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_rbio 3" -.TH SSL_get_rbio 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_get_rbio 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_session.3 b/secure/lib/libssl/man/SSL_get_session.3 index 58ccee0..8071642 100644 --- a/secure/lib/libssl/man/SSL_get_session.3 +++ b/secure/lib/libssl/man/SSL_get_session.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_session 3" -.TH SSL_get_session 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_get_session 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_verify_result.3 b/secure/lib/libssl/man/SSL_get_verify_result.3 index 898c0a0..85bd8a7 100644 --- a/secure/lib/libssl/man/SSL_get_verify_result.3 +++ b/secure/lib/libssl/man/SSL_get_verify_result.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_verify_result 3" -.TH SSL_get_verify_result 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_get_verify_result 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_version.3 b/secure/lib/libssl/man/SSL_get_version.3 index 672e51f..faf1c43 100644 --- a/secure/lib/libssl/man/SSL_get_version.3 +++ b/secure/lib/libssl/man/SSL_get_version.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_version 3" -.TH SSL_get_version 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_get_version 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_library_init.3 b/secure/lib/libssl/man/SSL_library_init.3 index 41c9a78..bc49f6c 100644 --- a/secure/lib/libssl/man/SSL_library_init.3 +++ b/secure/lib/libssl/man/SSL_library_init.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_library_init 3" -.TH SSL_library_init 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_library_init 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_load_client_CA_file.3 b/secure/lib/libssl/man/SSL_load_client_CA_file.3 index 2fadca2..4382fea 100644 --- a/secure/lib/libssl/man/SSL_load_client_CA_file.3 +++ b/secure/lib/libssl/man/SSL_load_client_CA_file.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_load_client_CA_file 3" -.TH SSL_load_client_CA_file 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_load_client_CA_file 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_new.3 b/secure/lib/libssl/man/SSL_new.3 index dd76ac5..a6a5319 100644 --- a/secure/lib/libssl/man/SSL_new.3 +++ b/secure/lib/libssl/man/SSL_new.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_new 3" -.TH SSL_new 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_new 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_pending.3 b/secure/lib/libssl/man/SSL_pending.3 index 975f6e1..1f25900 100644 --- a/secure/lib/libssl/man/SSL_pending.3 +++ b/secure/lib/libssl/man/SSL_pending.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_pending 3" -.TH SSL_pending 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_pending 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_read.3 b/secure/lib/libssl/man/SSL_read.3 index 5cb35f8..9f899c5 100644 --- a/secure/lib/libssl/man/SSL_read.3 +++ b/secure/lib/libssl/man/SSL_read.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_read 3" -.TH SSL_read 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_read 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_rstate_string.3 b/secure/lib/libssl/man/SSL_rstate_string.3 index 6c83879..ba560a5 100644 --- a/secure/lib/libssl/man/SSL_rstate_string.3 +++ b/secure/lib/libssl/man/SSL_rstate_string.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_rstate_string 3" -.TH SSL_rstate_string 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_rstate_string 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_session_reused.3 b/secure/lib/libssl/man/SSL_session_reused.3 index 278e81a..c977ef6 100644 --- a/secure/lib/libssl/man/SSL_session_reused.3 +++ b/secure/lib/libssl/man/SSL_session_reused.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_session_reused 3" -.TH SSL_session_reused 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_session_reused 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_set_bio.3 b/secure/lib/libssl/man/SSL_set_bio.3 index c7c3bf9..d097281 100644 --- a/secure/lib/libssl/man/SSL_set_bio.3 +++ b/secure/lib/libssl/man/SSL_set_bio.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_bio 3" -.TH SSL_set_bio 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_set_bio 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_set_connect_state.3 b/secure/lib/libssl/man/SSL_set_connect_state.3 index b937dc1..0fe480a 100644 --- a/secure/lib/libssl/man/SSL_set_connect_state.3 +++ b/secure/lib/libssl/man/SSL_set_connect_state.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_connect_state 3" -.TH SSL_set_connect_state 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_set_connect_state 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_set_fd.3 b/secure/lib/libssl/man/SSL_set_fd.3 index 2cb4fdc..56bde1d 100644 --- a/secure/lib/libssl/man/SSL_set_fd.3 +++ b/secure/lib/libssl/man/SSL_set_fd.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_fd 3" -.TH SSL_set_fd 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_set_fd 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_set_session.3 b/secure/lib/libssl/man/SSL_set_session.3 index 42c6eb0..63eecd5 100644 --- a/secure/lib/libssl/man/SSL_set_session.3 +++ b/secure/lib/libssl/man/SSL_set_session.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_session 3" -.TH SSL_set_session 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_set_session 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_set_shutdown.3 b/secure/lib/libssl/man/SSL_set_shutdown.3 index ec6b0ba..6c401f4 100644 --- a/secure/lib/libssl/man/SSL_set_shutdown.3 +++ b/secure/lib/libssl/man/SSL_set_shutdown.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_shutdown 3" -.TH SSL_set_shutdown 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_set_shutdown 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_set_verify_result.3 b/secure/lib/libssl/man/SSL_set_verify_result.3 index 3e00707..f0ce4c3 100644 --- a/secure/lib/libssl/man/SSL_set_verify_result.3 +++ b/secure/lib/libssl/man/SSL_set_verify_result.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_verify_result 3" -.TH SSL_set_verify_result 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_set_verify_result 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_shutdown.3 b/secure/lib/libssl/man/SSL_shutdown.3 index 24b81bc..cef5bfb 100644 --- a/secure/lib/libssl/man/SSL_shutdown.3 +++ b/secure/lib/libssl/man/SSL_shutdown.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_shutdown 3" -.TH SSL_shutdown 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_shutdown 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -218,8 +218,8 @@ erroneous \s-1SSL_ERROR_SYSCALL\s0 may be flagged even though no error occurred. .IX Item "1" The shutdown was successfully completed. The \*(L"close notify\*(R" alert was sent and the peer's \*(L"close notify\*(R" alert was received. -.IP "\-1" 4 -.IX Item "-1" +.IP "<0" 4 +.IX Item "<0" The shutdown was not successful because a fatal error occurred either at the protocol level or a connection failure occurred. It can also occur if action is need to continue the operation for non-blocking BIOs. diff --git a/secure/lib/libssl/man/SSL_state_string.3 b/secure/lib/libssl/man/SSL_state_string.3 index 5c44d91..f9ecb1e 100644 --- a/secure/lib/libssl/man/SSL_state_string.3 +++ b/secure/lib/libssl/man/SSL_state_string.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_state_string 3" -.TH SSL_state_string 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_state_string 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_want.3 b/secure/lib/libssl/man/SSL_want.3 index 87b19d8..b45588f 100644 --- a/secure/lib/libssl/man/SSL_want.3 +++ b/secure/lib/libssl/man/SSL_want.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_want 3" -.TH SSL_want 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_want 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_write.3 b/secure/lib/libssl/man/SSL_write.3 index c66c99d..8b258da 100644 --- a/secure/lib/libssl/man/SSL_write.3 +++ b/secure/lib/libssl/man/SSL_write.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_write 3" -.TH SSL_write 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH SSL_write 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/d2i_SSL_SESSION.3 b/secure/lib/libssl/man/d2i_SSL_SESSION.3 index fc6269a..02f691e 100644 --- a/secure/lib/libssl/man/d2i_SSL_SESSION.3 +++ b/secure/lib/libssl/man/d2i_SSL_SESSION.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_SSL_SESSION 3" -.TH d2i_SSL_SESSION 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH d2i_SSL_SESSION 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/ssl.3 b/secure/lib/libssl/man/ssl.3 index b4c2649..c155431 100644 --- a/secure/lib/libssl/man/ssl.3 +++ b/secure/lib/libssl/man/ssl.3 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ssl 3" -.TH ssl 3 "2015-07-09" "1.0.1p" "OpenSSL" +.TH ssl 3 "2015-07-09" "1.0.2d" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -467,6 +467,10 @@ session instead of a context. .IX Item "int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d);" .IP "int \fBSSL_CTX_use_certificate_file\fR(\s-1SSL_CTX\s0 *ctx, char *file, int type);" 4 .IX Item "int SSL_CTX_use_certificate_file(SSL_CTX *ctx, char *file, int type);" +.IP "X509 *\fBSSL_CTX_get0_certificate\fR(const \s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx);" +.IP "\s-1EVP_PKEY\s0 *\fBSSL_CTX_get0_privatekey\fR(const \s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx);" .IP "void \fBSSL_CTX_set_psk_client_callback\fR(\s-1SSL_CTX\s0 *ctx, unsigned int (*callback)(\s-1SSL\s0 *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len));" 4 .IX Item "void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len));" .IP "int \fBSSL_CTX_use_psk_identity_hint\fR(\s-1SSL_CTX\s0 *ctx, const char *hint);" 4 @@ -591,8 +595,8 @@ connection defined in the \fB\s-1SSL\s0\fR structure. .IX Item "STACK *SSL_get_peer_cert_chain(const SSL *ssl);" .IP "X509 *\fBSSL_get_peer_certificate\fR(const \s-1SSL\s0 *ssl);" 4 .IX Item "X509 *SSL_get_peer_certificate(const SSL *ssl);" -.IP "\s-1EVP_PKEY\s0 *\fBSSL_get_privatekey\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "EVP_PKEY *SSL_get_privatekey(SSL *ssl);" +.IP "\s-1EVP_PKEY\s0 *\fBSSL_get_privatekey\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "EVP_PKEY *SSL_get_privatekey(const SSL *ssl);" .IP "int \fBSSL_get_quiet_shutdown\fR(const \s-1SSL\s0 *ssl);" 4 .IX Item "int SSL_get_quiet_shutdown(const SSL *ssl);" .IP "\s-1BIO\s0 *\fBSSL_get_rbio\fR(const \s-1SSL\s0 *ssl);" 4 |