diff options
| author | simon <simon@FreeBSD.org> | 2006-07-29 19:41:41 +0000 |
|---|---|---|
| committer | simon <simon@FreeBSD.org> | 2006-07-29 19:41:41 +0000 |
| commit | 018ef6efe1e20b420eaa3afdaa37b0abeba93a1a (patch) | |
| tree | e9b6155f49a3b6073b95b808e1e0a1ec5489a21f /secure/lib/libssl | |
| parent | 152e76d1d1dcc649357b52f30943345b06aa162c (diff) | |
| download | FreeBSD-src-018ef6efe1e20b420eaa3afdaa37b0abeba93a1a.zip FreeBSD-src-018ef6efe1e20b420eaa3afdaa37b0abeba93a1a.tar.gz | |
Upgrade to OpenSSL 0.9.8b.
Diffstat (limited to 'secure/lib/libssl')
80 files changed, 2340 insertions, 2961 deletions
diff --git a/secure/lib/libssl/Makefile b/secure/lib/libssl/Makefile index 4db4b0a..5550b9b 100644 --- a/secure/lib/libssl/Makefile +++ b/secure/lib/libssl/Makefile @@ -1,7 +1,7 @@ # $FreeBSD$ LIB= ssl -SHLIB_MAJOR= 4 +SHLIB_MAJOR= 5 NO_LINT= @@ -10,14 +10,16 @@ NO_LINT= .endif .include "../libcrypto/Makefile.inc" -SRCS= bio_ssl.c s23_clnt.c s23_lib.c s23_meth.c s23_pkt.c s23_srvr.c \ +SRCS= bio_ssl.c d1_meth.c d1_srvr.c d1_clnt.c d1_lib.c d1_pkt.c \ + d1_both.c d1_enc.c \ + s23_clnt.c s23_lib.c s23_meth.c s23_pkt.c s23_srvr.c \ s2_clnt.c s2_enc.c s2_lib.c s2_meth.c s2_pkt.c s2_srvr.c \ s3_both.c s3_clnt.c s3_enc.c s3_lib.c s3_meth.c s3_pkt.c \ s3_srvr.c ssl_algs.c ssl_asn1.c ssl_cert.c ssl_ciph.c \ ssl_err.c ssl_err2.c ssl_lib.c ssl_rsa.c ssl_sess.c ssl_stat.c \ - ssl_txt.c t1_clnt.c t1_enc.c t1_lib.c t1_meth.c t1_srvr.c + ssl_txt.c t1_clnt.c t1_enc.c t1_lib.c t1_meth.c t1_srvr.c \ -INCS= kssl.h ssl.h ssl2.h ssl23.h ssl3.h tls1.h +INCS= dtls1.h kssl.h ssl.h ssl2.h ssl23.h ssl3.h tls1.h INCSDIR=${INCLUDEDIR}/openssl DPADD= ${LIBCRYPTO} diff --git a/secure/lib/libssl/man/SSL_CIPHER_get_name.3 b/secure/lib/libssl/man/SSL_CIPHER_get_name.3 index e10566cb..63916e0 100644 --- a/secure/lib/libssl/man/SSL_CIPHER_get_name.3 +++ b/secure/lib/libssl/man/SSL_CIPHER_get_name.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:37 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,22 +126,22 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CIPHER_get_name 3" -.TH SSL_CIPHER_get_name 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CIPHER_get_name 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, SSL_CIPHER_description \- get \s-1SSL_CIPHER\s0 properties +SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, SSL_CIPHER_description \- get SSL_CIPHER properties .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 4 -\& const char *SSL_CIPHER_get_name(SSL_CIPHER *cipher); -\& int SSL_CIPHER_get_bits(SSL_CIPHER *cipher, int *alg_bits); -\& char *SSL_CIPHER_get_version(SSL_CIPHER *cipher); +\& const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher); +\& int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits); +\& char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher); \& char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int size); .Ve .SH "DESCRIPTION" @@ -175,37 +166,37 @@ returned. If \fBbuf\fR is \s-1NULL\s0, a buffer of 128 bytes is allocated using .SH "NOTES" .IX Header "NOTES" The number of bits processed can be different from the secret bits. An -export cipher like e.g. \s-1EXP-RC4\-MD5\s0 has only 40 secret bits. The algorithm +export cipher like e.g. \s-1EXP\-RC4\-MD5\s0 has only 40 secret bits. The algorithm does use the full 128 bits (which would be returned for \fBalg_bits\fR), of which however 88bits are fixed. The search space is hence only 40 bits. .PP The string returned by \fISSL_CIPHER_description()\fR in case of success consists of cleartext information separated by one or more blanks in the following sequence: -.Ip "<ciphername>" 4 +.IP "<ciphername>" 4 .IX Item "<ciphername>" Textual representation of the cipher name. -.Ip "<protocol version>" 4 +.IP "<protocol version>" 4 .IX Item "<protocol version>" Protocol version: \fBSSLv2\fR, \fBSSLv3\fR. The TLSv1 ciphers are flagged with SSLv3. -.Ip "Kx=<key exchange>" 4 +.IP "Kx=<key exchange>" 4 .IX Item "Kx=<key exchange>" -Key exchange method: \fB\s-1RSA\s0\fR (for export ciphers as \fBRSA(512)\fR or -\&\fBRSA(1024)\fR), \fB\s-1DH\s0\fR (for export ciphers as \fBDH(512)\fR or \fBDH(1024)\fR), +Key exchange method: \fB\s-1RSA\s0\fR (for export ciphers as \fB\s-1RSA\s0(512)\fR or +\&\fB\s-1RSA\s0(1024)\fR), \fB\s-1DH\s0\fR (for export ciphers as \fB\s-1DH\s0(512)\fR or \fB\s-1DH\s0(1024)\fR), \&\fB\s-1DH/RSA\s0\fR, \fB\s-1DH/DSS\s0\fR, \fBFortezza\fR. -.Ip "Au=<authentication>" 4 +.IP "Au=<authentication>" 4 .IX Item "Au=<authentication>" Authentication method: \fB\s-1RSA\s0\fR, \fB\s-1DSS\s0\fR, \fB\s-1DH\s0\fR, \fBNone\fR. None is the representation of anonymous ciphers. -.Ip "Enc=<symmetric encryption method>" 4 +.IP "Enc=<symmetric encryption method>" 4 .IX Item "Enc=<symmetric encryption method>" -Encryption method with number of secret bits: \fBDES(40)\fR, \fBDES(56)\fR, -\&\fB3DES(168)\fR, \fBRC4(40)\fR, \fBRC4(56)\fR, \fBRC4(64)\fR, \fBRC4(128)\fR, -\&\fBRC2(40)\fR, \fBRC2(56)\fR, \fBRC2(128)\fR, \fBIDEA(128)\fR, \fBFortezza\fR, \fBNone\fR. -.Ip "Mac=<message authentication code>" 4 +Encryption method with number of secret bits: \fB\s-1DES\s0(40)\fR, \fB\s-1DES\s0(56)\fR, +\&\fB3DES(168)\fR, \fB\s-1RC4\s0(40)\fR, \fB\s-1RC4\s0(56)\fR, \fB\s-1RC4\s0(64)\fR, \fB\s-1RC4\s0(128)\fR, +\&\fB\s-1RC2\s0(40)\fR, \fB\s-1RC2\s0(56)\fR, \fB\s-1RC2\s0(128)\fR, \fB\s-1IDEA\s0(128)\fR, \fBFortezza\fR, \fBNone\fR. +.IP "Mac=<message authentication code>" 4 .IX Item "Mac=<message authentication code>" Message digest: \fB\s-1MD5\s0\fR, \fB\s-1SHA1\s0\fR. -.Ip "<export flag>" 4 +.IP "<export flag>" 4 .IX Item "<export flag>" If the cipher is flagged exportable with respect to old \s-1US\s0 crypto regulations, the word "\fBexport\fR" is printed. @@ -232,5 +223,5 @@ occur. See \s-1DESCRIPTION\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_get_current_cipher(3), -SSL_get_ciphers(3), ciphers(1) +\&\fIssl\fR\|(3), \fISSL_get_current_cipher\fR\|(3), +\&\fISSL_get_ciphers\fR\|(3), \fIciphers\fR\|(1) diff --git a/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 b/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 index 3da69db..dcef519 100644 --- a/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 +++ b/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:37 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,18 +126,18 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_COMP_add_compression_method 3" -.TH SSL_COMP_add_compression_method 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_COMP_add_compression_method 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_COMP_add_compression_method \- handle \s-1SSL/TLS\s0 integrated compression methods +SSL_COMP_add_compression_method \- handle SSL/TLS integrated compression methods .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 \& int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); .Ve @@ -187,11 +178,11 @@ it in the current state is not recommended. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fISSL_COMP_add_compression_method()\fR may return the following values: -.Ip "1" 4 -.IX Item "1" +.IP "0" 4 The operation succeeded. -.Ip "0" 4 +.IP "1" 4 +.IX Item "1" The operation failed. Check the error queue to find out the reason. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3) +\&\fIssl\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 b/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 index ffcbacf..1f8e3ba 100644 --- a/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 +++ b/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:37 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_add_extra_chain_cert 3" -.TH SSL_CTX_add_extra_chain_cert 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_add_extra_chain_cert 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_CTX_add_extra_chain_cert \- add certificate to chain .SH "SYNOPSIS" @@ -147,6 +137,7 @@ SSL_CTX_add_extra_chain_cert \- add certificate to chain .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 \& long SSL_CTX_add_extra_chain_cert(SSL_CTX ctx, X509 *x509) .Ve @@ -161,14 +152,14 @@ When constructing the certificate chain, the chain will be formed from these certificates explicitly specified. If no chain is specified, the library will try to complete the chain from the available \s-1CA\s0 certificates in the trusted \s-1CA\s0 storage, see -SSL_CTX_load_verify_locations(3). +\&\fISSL_CTX_load_verify_locations\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fISSL_CTX_add_extra_chain_cert()\fR returns 1 on success. Check out the error stack to find out the reason for failure otherwise. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), -SSL_CTX_use_certificate(3), -SSL_CTX_set_client_cert_cb(3), -SSL_CTX_load_verify_locations(3) +\&\fIssl\fR\|(3), +\&\fISSL_CTX_use_certificate\fR\|(3), +\&\fISSL_CTX_set_client_cert_cb\fR\|(3), +\&\fISSL_CTX_load_verify_locations\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_add_session.3 b/secure/lib/libssl/man/SSL_CTX_add_session.3 index 74d18a5..3e25e61 100644 --- a/secure/lib/libssl/man/SSL_CTX_add_session.3 +++ b/secure/lib/libssl/man/SSL_CTX_add_session.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:37 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_add_session 3" -.TH SSL_CTX_add_session 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_add_session 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_CTX_add_session, SSL_add_session, SSL_CTX_remove_session, SSL_remove_session \- manipulate session cache .SH "SYNOPSIS" @@ -147,10 +137,12 @@ SSL_CTX_add_session, SSL_add_session, SSL_CTX_remove_session, SSL_remove_session .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 2 \& int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c); \& int SSL_add_session(SSL_CTX *ctx, SSL_SESSION *c); .Ve +.PP .Vb 2 \& int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c); \& int SSL_remove_session(SSL_CTX *ctx, SSL_SESSION *c); @@ -160,10 +152,10 @@ SSL_CTX_add_session, SSL_add_session, SSL_CTX_remove_session, SSL_remove_session \&\fISSL_CTX_add_session()\fR adds the session \fBc\fR to the context \fBctx\fR. The reference count for session \fBc\fR is incremented by 1. If a session with the same session id already exists, the old session is removed by calling -SSL_SESSION_free(3). +\&\fISSL_SESSION_free\fR\|(3). .PP \&\fISSL_CTX_remove_session()\fR removes the session \fBc\fR from the context \fBctx\fR. -SSL_SESSION_free(3) is called once for \fBc\fR. +\&\fISSL_SESSION_free\fR\|(3) is called once for \fBc\fR. .PP \&\fISSL_add_session()\fR and \fISSL_remove_session()\fR are synonyms for their SSL_CTX_*() counterparts. @@ -175,7 +167,7 @@ it is assumed that both sessions are identical. If the same session is stored in a different \s-1SSL_SESSION\s0 object, The old session is removed and replaced by the new session. If the session is actually identical (the \s-1SSL_SESSION\s0 object is identical), \fISSL_CTX_add_session()\fR -is a no-op, and the return value is 0. +is a no\-op, and the return value is 0. .PP If a server \s-1SSL_CTX\s0 is configured with the \s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0 flag then the internal cache will not be populated automatically by new @@ -187,19 +179,19 @@ over the sessions that can be resumed if desired. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following values are returned by all functions: -.Ip "0" 4 +.IP "0" 4 .Vb 3 \& The operation failed. In case of the add operation, it was tried to add \& the same (identical) session twice. In case of the remove operation, the \& session was not found in the cache. .Ve -.Ip "1" 4 +.IP "1" 4 .IX Item "1" .Vb 1 \& The operation succeeded. .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), -SSL_CTX_set_session_cache_mode(3), -SSL_SESSION_free(3) +\&\fIssl\fR\|(3), +\&\fISSL_CTX_set_session_cache_mode\fR\|(3), +\&\fISSL_SESSION_free\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_ctrl.3 b/secure/lib/libssl/man/SSL_CTX_ctrl.3 index 3bb2602..3e0c960 100644 --- a/secure/lib/libssl/man/SSL_CTX_ctrl.3 +++ b/secure/lib/libssl/man/SSL_CTX_ctrl.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:38 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,22 +126,23 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_ctrl 3" -.TH SSL_CTX_ctrl 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_ctrl 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_CTX_ctrl, SSL_CTX_callback_ctrl, SSL_ctrl, SSL_callback_ctrl \- internal handling functions for \s-1SSL_CTX\s0 and \s-1SSL\s0 objects +SSL_CTX_ctrl, SSL_CTX_callback_ctrl, SSL_ctrl, SSL_callback_ctrl \- internal handling functions for SSL_CTX and SSL objects .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 2 \& long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); \& long SSL_CTX_callback_ctrl(SSL_CTX *, int cmd, void (*fp)()); .Ve +.PP .Vb 2 \& long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); \& long SSL_callback_ctrl(SSL *, int cmd, void (*fp)()); @@ -168,4 +160,4 @@ The return values of the SSL*\fI_ctrl()\fR functions depend on the command supplied via the \fBcmd\fR parameter. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3) +\&\fIssl\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 b/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 index f33b54e..29ef9a1 100644 --- a/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 +++ b/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:38 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_flush_sessions 3" -.TH SSL_CTX_flush_sessions 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_flush_sessions 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_CTX_flush_sessions, SSL_flush_sessions \- remove expired sessions .SH "SYNOPSIS" @@ -147,6 +137,7 @@ SSL_CTX_flush_sessions, SSL_flush_sessions \- remove expired sessions .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 2 \& void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); \& void SSL_flush_sessions(SSL_CTX *ctx, long tm); @@ -164,7 +155,7 @@ up to the specified maximum number (see \fISSL_CTX_sess_set_cache_size()\fR). As sessions will not be reused ones they are expired, they should be removed from the cache to save resources. This can either be done automatically whenever 255 new sessions were established (see -SSL_CTX_set_session_cache_mode(3)) +\&\fISSL_CTX_set_session_cache_mode\fR\|(3)) or manually by calling \fISSL_CTX_flush_sessions()\fR. .PP The parameter \fBtm\fR specifies the time which should be used for the @@ -174,12 +165,12 @@ will be used. \&\fISSL_CTX_flush_sessions()\fR will only check sessions stored in the internal cache. When a session is found and removed, the remove_session_cb is however called to synchronize with the external cache (see -SSL_CTX_sess_set_get_cb(3)). +\&\fISSL_CTX_sess_set_get_cb\fR\|(3)). .SH "RETURN VALUES" .IX Header "RETURN VALUES" .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), -SSL_CTX_set_session_cache_mode(3), -SSL_CTX_set_timeout(3), -SSL_CTX_sess_set_get_cb(3) +\&\fIssl\fR\|(3), +\&\fISSL_CTX_set_session_cache_mode\fR\|(3), +\&\fISSL_CTX_set_timeout\fR\|(3), +\&\fISSL_CTX_sess_set_get_cb\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_free.3 b/secure/lib/libssl/man/SSL_CTX_free.3 index 9a91c9b..dca22c7 100644 --- a/secure/lib/libssl/man/SSL_CTX_free.3 +++ b/secure/lib/libssl/man/SSL_CTX_free.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:38 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,18 +126,18 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_free 3" -.TH SSL_CTX_free 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_free 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_CTX_free \- free an allocated \s-1SSL_CTX\s0 object +SSL_CTX_free \- free an allocated SSL_CTX object .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 \& void SSL_CTX_free(SSL_CTX *ctx); .Ve @@ -159,9 +150,18 @@ the reference count has reached 0. It also calls the \fIfree()\fRing procedures for indirectly affected items, if applicable: the session cache, the list of ciphers, the list of Client CAs, the certificates and keys. +.SH "WARNINGS" +.IX Header "WARNINGS" +If a session-remove callback is set (\fISSL_CTX_sess_set_remove_cb()\fR), this +callback will be called for each session being freed from \fBctx\fR's +session cache. This implies, that all corresponding sessions from an +external session cache are removed as well. If this is not desired, the user +should explicitly unset the callback by calling +SSL_CTX_sess_set_remove_cb(\fBctx\fR, \s-1NULL\s0) prior to calling \fISSL_CTX_free()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fISSL_CTX_free()\fR does not provide diagnostic information. .SH "SEE ALSO" .IX Header "SEE ALSO" -SSL_CTX_new(3), ssl(3) +\&\fISSL_CTX_new\fR\|(3), \fIssl\fR\|(3), +\&\fISSL_CTX_sess_set_get_cb\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 b/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 index 106ede2..7385507 100644 --- a/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 +++ b/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:38 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_get_ex_new_index 3" -.TH SSL_CTX_get_ex_new_index 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_get_ex_new_index 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_CTX_get_ex_new_index, SSL_CTX_set_ex_data, SSL_CTX_get_ex_data \- internal application specific data functions .SH "SYNOPSIS" @@ -147,18 +137,22 @@ SSL_CTX_get_ex_new_index, SSL_CTX_set_ex_data, SSL_CTX_get_ex_data \- internal a .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 4 \& int SSL_CTX_get_ex_new_index(long argl, void *argp, \& CRYPTO_EX_new *new_func, \& CRYPTO_EX_dup *dup_func, \& CRYPTO_EX_free *free_func); .Ve +.PP .Vb 1 \& int SSL_CTX_set_ex_data(SSL_CTX *ctx, int idx, void *arg); .Ve +.PP .Vb 1 -\& void *SSL_CTX_get_ex_data(SSL_CTX *ctx, int idx); +\& void *SSL_CTX_get_ex_data(const SSL_CTX *ctx, int idx); .Ve +.PP .Vb 6 \& typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, \& int idx, long argl, void *argp); @@ -183,11 +177,11 @@ into the \fBctx\fR object. \&\fBctx\fR. .PP A detailed description for the \fB*\f(BI_get_ex_new_index()\fB\fR functionality -can be found in RSA_get_ex_new_index(3). +can be found in \fIRSA_get_ex_new_index\fR\|(3). The \fB*\f(BI_get_ex_data()\fB\fR and \fB*\f(BI_set_ex_data()\fB\fR functionality is described in -CRYPTO_set_ex_data(3). +\&\fICRYPTO_set_ex_data\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), -RSA_get_ex_new_index(3), -CRYPTO_set_ex_data(3) +\&\fIssl\fR\|(3), +\&\fIRSA_get_ex_new_index\fR\|(3), +\&\fICRYPTO_set_ex_data\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 b/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 index 3541228..50220ca 100644 --- a/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 +++ b/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:38 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_get_verify_mode 3" -.TH SSL_CTX_get_verify_mode 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_get_verify_mode 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_CTX_get_verify_mode, SSL_get_verify_mode, SSL_CTX_get_verify_depth, SSL_get_verify_depth, SSL_get_verify_callback, SSL_CTX_get_verify_callback \- get currently set verification parameters .SH "SYNOPSIS" @@ -147,13 +137,14 @@ SSL_CTX_get_verify_mode, SSL_get_verify_mode, SSL_CTX_get_verify_depth, SSL_get_ .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 6 -\& int SSL_CTX_get_verify_mode(SSL_CTX *ctx); -\& int SSL_get_verify_mode(SSL *ssl); -\& int SSL_CTX_get_verify_depth(SSL_CTX *ctx); -\& int SSL_get_verify_depth(SSL *ssl); -\& int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(int, X509_STORE_CTX *); -\& int (*SSL_get_verify_callback(SSL *ssl))(int, X509_STORE_CTX *); +\& int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); +\& int SSL_get_verify_mode(const SSL *ssl); +\& int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); +\& int SSL_get_verify_depth(const SSL *ssl); +\& int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *); +\& int (*SSL_get_verify_callback(const SSL *ssl))(int, X509_STORE_CTX *); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -183,4 +174,4 @@ callback currently set in \fBssl\fR. If no callback was explicitly set, the See \s-1DESCRIPTION\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_CTX_set_verify(3) +\&\fIssl\fR\|(3), \fISSL_CTX_set_verify\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 b/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 index b2ab727..4f99ec6 100644 --- a/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 +++ b/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:38 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,19 +126,19 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_load_verify_locations 3" -.TH SSL_CTX_load_verify_locations 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_load_verify_locations 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_CTX_load_verify_locations \- set default locations for trusted \s-1CA\s0 +SSL_CTX_load_verify_locations \- set default locations for trusted CA certificates .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 2 \& int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, \& const char *CApath); @@ -167,6 +158,7 @@ format. The file can contain several \s-1CA\s0 certificates identified by \& ... (CA certificate in base64 encoding) ... \& -----END CERTIFICATE----- .Ve +.PP sequences. Before, between, and after the certificates text is allowed which can be used e.g. for descriptions of the certificates. .PP @@ -199,14 +191,14 @@ In server mode, when requesting a client certificate, the server must send the list of CAs of which it will accept client certificates. This list is not influenced by the contents of \fBCAfile\fR or \fBCApath\fR and must explicitly be set using the -SSL_CTX_set_client_CA_list(3) +\&\fISSL_CTX_set_client_CA_list\fR\|(3) family of functions. .PP When building its own certificate chain, an OpenSSL client/server will try to fill in missing certificates from \fBCAfile\fR/\fBCApath\fR, if the certificate chain was not explicitly specified (see -SSL_CTX_add_extra_chain_cert(3), -SSL_CTX_use_certificate(3). +\&\fISSL_CTX_add_extra_chain_cert\fR\|(3), +\&\fISSL_CTX_use_certificate\fR\|(3). .SH "WARNINGS" .IX Header "WARNINGS" If several \s-1CA\s0 certificates matching the name, key identifier, and serial @@ -227,6 +219,7 @@ ca1.pem ca2.pem ca3.pem: \& openssl x509 -in $i -text >> CAfile.pem \& done .Ve +.PP Prepare the directory /some/where/certs containing several \s-1CA\s0 certificates for use as \fBCApath\fR: .PP @@ -237,18 +230,18 @@ for use as \fBCApath\fR: .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.Ip "0" 4 +.IP "0" 4 The operation failed because \fBCAfile\fR and \fBCApath\fR are \s-1NULL\s0 or the processing at one of the locations specified failed. Check the error stack to find out the reason. -.Ip "1" 4 +.IP "1" 4 .IX Item "1" The operation succeeded. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), -SSL_CTX_set_client_CA_list(3), -SSL_get_client_CA_list(3), -SSL_CTX_use_certificate(3), -SSL_CTX_add_extra_chain_cert(3), -SSL_CTX_set_cert_store(3) +\&\fIssl\fR\|(3), +\&\fISSL_CTX_set_client_CA_list\fR\|(3), +\&\fISSL_get_client_CA_list\fR\|(3), +\&\fISSL_CTX_use_certificate\fR\|(3), +\&\fISSL_CTX_add_extra_chain_cert\fR\|(3), +\&\fISSL_CTX_set_cert_store\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_new.3 b/secure/lib/libssl/man/SSL_CTX_new.3 index 0879393..1ffa256 100644 --- a/secure/lib/libssl/man/SSL_CTX_new.3 +++ b/secure/lib/libssl/man/SSL_CTX_new.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:39 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,18 +126,18 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_new 3" -.TH SSL_CTX_new 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_new 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_CTX_new \- create a new \s-1SSL_CTX\s0 object as framework for \s-1TLS/SSL\s0 enabled functions +SSL_CTX_new \- create a new SSL_CTX object as framework for TLS/SSL enabled functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 \& SSL_CTX *SSL_CTX_new(SSL_METHOD *method); .Ve @@ -159,13 +150,13 @@ SSL_CTX_new \- create a new \s-1SSL_CTX\s0 object as framework for \s-1TLS/SSL\s The \s-1SSL_CTX\s0 object uses \fBmethod\fR as connection method. The methods exist in a generic type (for client and server use), a server only type, and a client only type. \fBmethod\fR can be of the following types: -.Ip "SSLv2_method(void), SSLv2_server_method(void), SSLv2_client_method(void)" 4 +.IP "SSLv2_method(void), SSLv2_server_method(void), SSLv2_client_method(void)" 4 .IX Item "SSLv2_method(void), SSLv2_server_method(void), SSLv2_client_method(void)" A \s-1TLS/SSL\s0 connection established with these methods will only understand the SSLv2 protocol. A client will send out SSLv2 client hello messages and will also indicate that it only understand SSLv2. A server will only understand SSLv2 client hello messages. -.Ip "SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void)" 4 +.IP "SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void)" 4 .IX Item "SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void)" A \s-1TLS/SSL\s0 connection established with these methods will only understand the SSLv3 protocol. A client will send out SSLv3 client hello messages @@ -173,7 +164,7 @@ and will indicate that it only understands SSLv3. A server will only understand SSLv3 client hello messages. This especially means, that it will not understand SSLv2 client hello messages which are widely used for compatibility reasons, see SSLv23_*\fI_method()\fR. -.Ip "TLSv1_method(void), TLSv1_server_method(void), TLSv1_client_method(void)" 4 +.IP "TLSv1_method(void), TLSv1_server_method(void), TLSv1_client_method(void)" 4 .IX Item "TLSv1_method(void), TLSv1_server_method(void), TLSv1_client_method(void)" A \s-1TLS/SSL\s0 connection established with these methods will only understand the TLSv1 protocol. A client will send out TLSv1 client hello messages @@ -182,7 +173,7 @@ TLSv1 client hello messages. This especially means, that it will not understand SSLv2 client hello messages which are widely used for compatibility reasons, see SSLv23_*\fI_method()\fR. It will also not understand SSLv3 client hello messages. -.Ip "SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void)" 4 +.IP "SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void)" 4 .IX Item "SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void)" A \s-1TLS/SSL\s0 connection established with these methods will understand the SSLv2, SSLv3, and TLSv1 protocol. A client will send out SSLv2 client hello messages @@ -202,14 +193,14 @@ values. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.Ip "\s-1NULL\s0" 4 +.IP "\s-1NULL\s0" 4 .IX Item "NULL" The creation of a new \s-1SSL_CTX\s0 object failed. Check the error stack to find out the reason. -.Ip "Pointer to an \s-1SSL_CTX\s0 object" 4 +.IP "Pointer to an \s-1SSL_CTX\s0 object" 4 .IX Item "Pointer to an SSL_CTX object" The return value points to an allocated \s-1SSL_CTX\s0 object. .SH "SEE ALSO" .IX Header "SEE ALSO" -SSL_CTX_free(3), SSL_accept(3), -ssl(3), SSL_set_connect_state(3) +\&\fISSL_CTX_free\fR\|(3), \fISSL_accept\fR\|(3), +\&\fIssl\fR\|(3), \fISSL_set_connect_state\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_sess_number.3 b/secure/lib/libssl/man/SSL_CTX_sess_number.3 index 42251e8..44a262a 100644 --- a/secure/lib/libssl/man/SSL_CTX_sess_number.3 +++ b/secure/lib/libssl/man/SSL_CTX_sess_number.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:39 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_sess_number 3" -.TH SSL_CTX_sess_number 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_sess_number 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_CTX_sess_number, SSL_CTX_sess_connect, SSL_CTX_sess_connect_good, SSL_CTX_sess_connect_renegotiate, SSL_CTX_sess_accept, SSL_CTX_sess_accept_good, SSL_CTX_sess_accept_renegotiate, SSL_CTX_sess_hits, SSL_CTX_sess_cb_hits, SSL_CTX_sess_misses, SSL_CTX_sess_timeouts, SSL_CTX_sess_cache_full \- obtain session cache statistics .SH "SYNOPSIS" @@ -147,6 +137,7 @@ SSL_CTX_sess_number, SSL_CTX_sess_connect, SSL_CTX_sess_connect_good, SSL_CTX_se .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 12 \& long SSL_CTX_sess_number(SSL_CTX *ctx); \& long SSL_CTX_sess_connect(SSL_CTX *ctx); @@ -185,7 +176,7 @@ server mode. in server mode. .PP \&\fISSL_CTX_sess_hits()\fR returns the number of successfully reused sessions. -In client mode a session set with SSL_set_session(3) +In client mode a session set with \fISSL_set_session\fR\|(3) successfully reused is counted as a hit. In server mode a session successfully retrieved from internal or external cache is counted as a hit. .PP @@ -207,6 +198,6 @@ because the maximum session cache size was exceeded. The functions return the values indicated in the \s-1DESCRIPTION\s0 section. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_set_session(3), -SSL_CTX_set_session_cache_mode(3) -SSL_CTX_sess_set_cache_size(3) +\&\fIssl\fR\|(3), \fISSL_set_session\fR\|(3), +\&\fISSL_CTX_set_session_cache_mode\fR\|(3) +\&\fISSL_CTX_sess_set_cache_size\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 b/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 index 1c1fc51..1f74c68 100644 --- a/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 +++ b/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:39 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_sess_set_cache_size 3" -.TH SSL_CTX_sess_set_cache_size 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_sess_set_cache_size 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_CTX_sess_set_cache_size, SSL_CTX_sess_get_cache_size \- manipulate session cache size .SH "SYNOPSIS" @@ -147,6 +137,7 @@ SSL_CTX_sess_set_cache_size, SSL_CTX_sess_get_cache_size \- manipulate session c .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 2 \& long SSL_CTX_sess_set_cache_size(SSL_CTX *ctx, long t); \& long SSL_CTX_sess_get_cache_size(SSL_CTX *ctx); @@ -166,7 +157,7 @@ case is the size 0, which is used for unlimited size. .PP When the maximum number of sessions is reached, no more new sessions are added to the cache. New space may be added by calling -SSL_CTX_flush_sessions(3) to remove +\&\fISSL_CTX_flush_sessions\fR\|(3) to remove expired sessions. .PP If the size of the session cache is reduced and more sessions are already @@ -180,7 +171,7 @@ expiration of sessions. \&\fISSL_CTX_sess_get_cache_size()\fR returns the currently valid size. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), -SSL_CTX_set_session_cache_mode(3), -SSL_CTX_sess_number(3), -SSL_CTX_flush_sessions(3) +\&\fIssl\fR\|(3), +\&\fISSL_CTX_set_session_cache_mode\fR\|(3), +\&\fISSL_CTX_sess_number\fR\|(3), +\&\fISSL_CTX_flush_sessions\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 b/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 index 1fbb9fa..cb5874d 100644 --- a/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 +++ b/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:39 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_sess_set_get_cb 3" -.TH SSL_CTX_sess_set_get_cb 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_sess_set_get_cb 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_CTX_sess_set_new_cb, SSL_CTX_sess_set_remove_cb, SSL_CTX_sess_set_get_cb, SSL_CTX_sess_get_new_cb, SSL_CTX_sess_get_remove_cb, SSL_CTX_sess_get_get_cb \- provide callback functions for server side external session caching .SH "SYNOPSIS" @@ -147,6 +137,7 @@ SSL_CTX_sess_set_new_cb, SSL_CTX_sess_set_remove_cb, SSL_CTX_sess_set_get_cb, SS .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 6 \& void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, \& int (*new_session_cb)(SSL *, SSL_SESSION *)); @@ -155,11 +146,13 @@ SSL_CTX_sess_set_new_cb, SSL_CTX_sess_set_remove_cb, SSL_CTX_sess_set_get_cb, SS \& void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, \& SSL_SESSION (*get_session_cb)(SSL *, unsigned char *, int, int *)); .Ve +.PP .Vb 3 \& int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess); \& void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, SSL_SESSION *sess); \& SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, unsigned char *data, int len, int *copy); .Ve +.PP .Vb 4 \& int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess); \& void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION *sess); @@ -179,7 +172,7 @@ of exceeding the timeout value. \&\fISSL_CTX_sess_set_get_cb()\fR sets the callback function which is called, whenever a \s-1SSL/TLS\s0 client proposed to resume a session but the session could not be found in the internal session cache (see -SSL_CTX_set_session_cache_mode(3)). +\&\fISSL_CTX_set_session_cache_mode\fR\|(3)). (\s-1SSL/TLS\s0 server only.) .PP \&\fISSL_CTX_sess_get_new_cb()\fR, \fISSL_CTX_sess_get_remove_cb()\fR, and @@ -191,20 +184,21 @@ the \s-1NULL\s0 pointer is returned. In order to allow external session caching, synchronization with the internal session cache is realized via callback functions. Inside these callback functions, session can be saved to disk or put into a database using the -d2i_SSL_SESSION(3) interface. +\&\fId2i_SSL_SESSION\fR\|(3) interface. .PP The \fInew_session_cb()\fR is called, whenever a new session has been negotiated and session caching is enabled (see -SSL_CTX_set_session_cache_mode(3)). +\&\fISSL_CTX_set_session_cache_mode\fR\|(3)). The \fInew_session_cb()\fR is passed the \fBssl\fR connection and the ssl session \&\fBsess\fR. If the callback returns \fB0\fR, the session will be immediately removed again. .PP The \fIremove_session_cb()\fR is called, whenever the \s-1SSL\s0 engine removes a session -from the internal cache. This happens if the session is removed because -it is expired or when a connection was not shutdown cleanly. The -\&\fIremove_session_cb()\fR is passed the \fBctx\fR and the ssl session \fBsess\fR. -It does not provide any feedback. +from the internal cache. This happens when the session is removed because +it is expired or when a connection was not shutdown cleanly. It also happens +for all sessions in the internal session cache when +\&\fISSL_CTX_free\fR\|(3) is called. The \fIremove_session_cb()\fR is passed +the \fBctx\fR and the ssl session \fBsess\fR. It does not provide any feedback. .PP The \fIget_session_cb()\fR is only called on \s-1SSL/TLS\s0 servers with the session id proposed by the client. The \fIget_session_cb()\fR is always called, also when @@ -214,10 +208,11 @@ session caching was disabled. The \fIget_session_cb()\fR is passed the \&\s-1SSL\s0 engine to increment the reference count of the \s-1SSL_SESSION\s0 object, Normally the reference count is not incremented and therefore the session must not be explicitly freed with -SSL_SESSION_free(3). +\&\fISSL_SESSION_free\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), d2i_SSL_SESSION(3), -SSL_CTX_set_session_cache_mode(3), -SSL_CTX_flush_sessions(3), -SSL_SESSION_free(3) +\&\fIssl\fR\|(3), \fId2i_SSL_SESSION\fR\|(3), +\&\fISSL_CTX_set_session_cache_mode\fR\|(3), +\&\fISSL_CTX_flush_sessions\fR\|(3), +\&\fISSL_SESSION_free\fR\|(3), +\&\fISSL_CTX_free\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_sessions.3 b/secure/lib/libssl/man/SSL_CTX_sessions.3 index fce2b6d..f8062d7 100644 --- a/secure/lib/libssl/man/SSL_CTX_sessions.3 +++ b/secure/lib/libssl/man/SSL_CTX_sessions.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:39 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_sessions 3" -.TH SSL_CTX_sessions 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_sessions 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_CTX_sessions \- access internal session cache .SH "SYNOPSIS" @@ -147,6 +137,7 @@ SSL_CTX_sessions \- access internal session cache .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 \& struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx); .Ve @@ -157,14 +148,14 @@ internal session cache for \fBctx\fR. .SH "NOTES" .IX Header "NOTES" The sessions in the internal session cache are kept in an -lhash(3) type database. It is possible to directly +\&\fIlhash\fR\|(3) type database. It is possible to directly access this database e.g. for searching. In parallel, the sessions form a linked list which is maintained separately from the -lhash(3) operations, so that the database must not be +\&\fIlhash\fR\|(3) operations, so that the database must not be modified directly but by using the -SSL_CTX_add_session(3) family of functions. +\&\fISSL_CTX_add_session\fR\|(3) family of functions. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), lhash(3), -SSL_CTX_add_session(3), -SSL_CTX_set_session_cache_mode(3) +\&\fIssl\fR\|(3), \fIlhash\fR\|(3), +\&\fISSL_CTX_add_session\fR\|(3), +\&\fISSL_CTX_set_session_cache_mode\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 b/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 index c27c2aa..d7e4a0d 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:39 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_set_cert_store 3" -.TH SSL_CTX_set_cert_store 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_set_cert_store 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_CTX_set_cert_store, SSL_CTX_get_cert_store \- manipulate X509 certificate verification storage .SH "SYNOPSIS" @@ -147,9 +137,10 @@ SSL_CTX_set_cert_store, SSL_CTX_get_cert_store \- manipulate X509 certificate ve .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 2 \& void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store); -\& X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *ctx); +\& X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -167,17 +158,17 @@ via lookup methods, handled inside the X509_STORE. From the X509_STORE the X509_STORE_CTX used when verifying certificates is created. .PP Typically the trusted certificate store is handled indirectly via using -SSL_CTX_load_verify_locations(3). +\&\fISSL_CTX_load_verify_locations\fR\|(3). Using the \fISSL_CTX_set_cert_store()\fR and \fISSL_CTX_get_cert_store()\fR functions it is possible to manipulate the X509_STORE object beyond the -SSL_CTX_load_verify_locations(3) +\&\fISSL_CTX_load_verify_locations\fR\|(3) call. .PP Currently no detailed documentation on how to use the X509_STORE object is available. Not all members of the X509_STORE are used when the verification takes place. So will e.g. the \fIverify_callback()\fR be overridden with the \fIverify_callback()\fR set via the -SSL_CTX_set_verify(3) family of functions. +\&\fISSL_CTX_set_verify\fR\|(3) family of functions. This document must therefore be updated when documentation about the X509_STORE object and its handling becomes available. .SH "RETURN VALUES" @@ -187,6 +178,6 @@ X509_STORE object and its handling becomes available. \&\fISSL_CTX_get_cert_store()\fR returns the current setting. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), -SSL_CTX_load_verify_locations(3), -SSL_CTX_set_verify(3) +\&\fIssl\fR\|(3), +\&\fISSL_CTX_load_verify_locations\fR\|(3), +\&\fISSL_CTX_set_verify\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 index 5e19a97..78f4739 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:40 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_set_cert_verify_callback 3" -.TH SSL_CTX_set_cert_verify_callback 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_set_cert_verify_callback 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_CTX_set_cert_verify_callback \- set peer certificate verification procedure .SH "SYNOPSIS" @@ -147,6 +137,7 @@ SSL_CTX_set_cert_verify_callback \- set peer certificate verification procedure .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 \& void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*callback)(X509_STORE_CTX *,void *), void *arg); .Ve @@ -154,7 +145,7 @@ SSL_CTX_set_cert_verify_callback \- set peer certificate verification procedure .IX Header "DESCRIPTION" \&\fISSL_CTX_set_cert_verify_callback()\fR sets the verification callback function for \&\fIctx\fR. \s-1SSL\s0 objects that are created from \fIctx\fR inherit the setting valid at -the time when SSL_new(3) is called. +the time when \fISSL_new\fR\|(3) is called. .SH "NOTES" .IX Header "NOTES" Whenever a certificate is verified during a \s-1SSL/TLS\s0 handshake, a verification @@ -177,12 +168,12 @@ member of \fIx509_store_ctx\fR so that the calling application will be informed about the detailed result of the verification procedure! .PP Within \fIx509_store_ctx\fR, \fIcallback\fR has access to the \fIverify_callback\fR -function set using SSL_CTX_set_verify(3). +function set using \fISSL_CTX_set_verify\fR\|(3). .SH "WARNINGS" .IX Header "WARNINGS" Do not mix the verification callback described in this function with the \&\fBverify_callback\fR function called during the verification process. The -latter is set using the SSL_CTX_set_verify(3) +latter is set using the \fISSL_CTX_set_verify\fR\|(3) family of functions. .PP Providing a complete verification procedure including certificate purpose @@ -196,9 +187,9 @@ the \fBverify_callback\fR function. \&\fISSL_CTX_set_cert_verify_callback()\fR does not provide diagnostic information. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_CTX_set_verify(3), -SSL_get_verify_result(3), -SSL_CTX_load_verify_locations(3) +\&\fIssl\fR\|(3), \fISSL_CTX_set_verify\fR\|(3), +\&\fISSL_get_verify_result\fR\|(3), +\&\fISSL_CTX_load_verify_locations\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" Previous to OpenSSL 0.9.7, the \fIarg\fR argument to \fBSSL_CTX_set_cert_verify_callback\fR diff --git a/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 b/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 index 880205a..c3a4bb5 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:40 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_set_cipher_list 3" -.TH SSL_CTX_set_cipher_list 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_set_cipher_list 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_CTX_set_cipher_list, SSL_set_cipher_list \- choose list of available SSL_CIPHERs .SH "SYNOPSIS" @@ -147,6 +137,7 @@ SSL_CTX_set_cipher_list, SSL_set_cipher_list \- choose list of available SSL_CIP .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 2 \& int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str); \& int SSL_set_cipher_list(SSL *ssl, const char *str); @@ -155,7 +146,7 @@ SSL_CTX_set_cipher_list, SSL_set_cipher_list \- choose list of available SSL_CIP .IX Header "DESCRIPTION" \&\fISSL_CTX_set_cipher_list()\fR sets the list of available ciphers for \fBctx\fR using the control string \fBstr\fR. The format of the string is described -in ciphers(1). The list of ciphers is inherited by all +in \fIciphers\fR\|(1). The list of ciphers is inherited by all \&\fBssl\fR objects created from \fBctx\fR. .PP \&\fISSL_set_cipher_list()\fR sets the list of ciphers only for \fBssl\fR. @@ -179,13 +170,13 @@ A \s-1RSA\s0 cipher can only be chosen, when a \s-1RSA\s0 certificate is availab \&\s-1RSA\s0 export ciphers with a keylength of 512 bits for the \s-1RSA\s0 key require a temporary 512 bit \s-1RSA\s0 key, as typically the supplied key has a length of 1024 bit (see -SSL_CTX_set_tmp_rsa_callback(3)). +\&\fISSL_CTX_set_tmp_rsa_callback\fR\|(3)). \&\s-1RSA\s0 ciphers using \s-1EDH\s0 need a certificate and key and additional DH-parameters -(see SSL_CTX_set_tmp_dh_callback(3)). +(see \fISSL_CTX_set_tmp_dh_callback\fR\|(3)). .PP A \s-1DSA\s0 cipher can only be chosen, when a \s-1DSA\s0 certificate is available. \&\s-1DSA\s0 ciphers always use \s-1DH\s0 key exchange and therefore need DH-parameters -(see SSL_CTX_set_tmp_dh_callback(3)). +(see \fISSL_CTX_set_tmp_dh_callback\fR\|(3)). .PP When these conditions are not met for any cipher in the list (e.g. a client only supports export \s-1RSA\s0 ciphers with a asymmetric key length @@ -198,8 +189,8 @@ and the handshake will fail. could be selected and 0 on complete failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_get_ciphers(3), -SSL_CTX_use_certificate(3), -SSL_CTX_set_tmp_rsa_callback(3), -SSL_CTX_set_tmp_dh_callback(3), -ciphers(1) +\&\fIssl\fR\|(3), \fISSL_get_ciphers\fR\|(3), +\&\fISSL_CTX_use_certificate\fR\|(3), +\&\fISSL_CTX_set_tmp_rsa_callback\fR\|(3), +\&\fISSL_CTX_set_tmp_dh_callback\fR\|(3), +\&\fIciphers\fR\|(1) diff --git a/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 b/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 index 4cc034a..9bad3d7 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:40 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_set_client_CA_list 3" -.TH SSL_CTX_set_client_CA_list 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_set_client_CA_list 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_CTX_set_client_CA_list, SSL_set_client_CA_list, SSL_CTX_add_client_CA, SSL_add_client_CA \- set list of CAs sent to the client when requesting a @@ -149,6 +139,7 @@ client certificate .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 4 \& void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list); \& void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list); @@ -181,11 +172,11 @@ This list must explicitly be set using \fISSL_CTX_set_client_CA_list()\fR for \&\fBctx\fR and \fISSL_set_client_CA_list()\fR for the specific \fBssl\fR. The list specified overrides the previous setting. The CAs listed do not become trusted (\fBlist\fR only contains the names, not the complete certificates); use -SSL_CTX_load_verify_locations(3) +\&\fISSL_CTX_load_verify_locations\fR\|(3) to additionally load them for verification. .PP If the list of acceptable CAs is compiled in a file, the -SSL_load_client_CA_file(3) +\&\fISSL_load_client_CA_file\fR\|(3) function can be used to help importing the necessary data. .PP \&\fISSL_CTX_add_client_CA()\fR and \fISSL_add_client_CA()\fR can be used to add additional @@ -201,11 +192,11 @@ diagnostic information. .PP \&\fISSL_CTX_add_client_CA()\fR and \fISSL_add_client_CA()\fR have the following return values: -.Ip "1" 4 +.IP "1" 4 .IX Item "1" The operation succeeded. -.Ip "0" 4 -A failure while manipulating the STACK_OF(X509_NAME) object occurred or +.IP "0" 4 +A failure while manipulating the \s-1STACK_OF\s0(X509_NAME) object occurred or the X509_NAME could not be extracted from \fBcacert\fR. Check the error stack to find out the reason. .SH "EXAMPLES" @@ -217,7 +208,7 @@ Scan all certificates in \fBCAfile\fR and list them as acceptable CAs: .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), -SSL_get_client_CA_list(3), -SSL_load_client_CA_file(3), -SSL_CTX_load_verify_locations(3) +\&\fIssl\fR\|(3), +\&\fISSL_get_client_CA_list\fR\|(3), +\&\fISSL_load_client_CA_file\fR\|(3), +\&\fISSL_CTX_load_verify_locations\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 index 32721d8..ed46e7b 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:40 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_set_client_cert_cb 3" -.TH SSL_CTX_set_client_cert_cb 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_set_client_cert_cb 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb \- handle client certificate callback function .SH "SYNOPSIS" @@ -147,6 +137,7 @@ SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb \- handle client certific .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 3 \& void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)); \& int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey); @@ -169,7 +160,7 @@ using the \fBx509\fR and \fBpkey\fR arguments and \*(L"1\*(R" must be returned. certificate will be installed into \fBssl\fR, see the \s-1NOTES\s0 and \s-1BUGS\s0 sections. If no certificate should be set, \*(L"0\*(R" has to be returned and no certificate will be sent. A negative return value will suspend the handshake and the -handshake function will return immediatly. SSL_get_error(3) +handshake function will return immediatly. \fISSL_get_error\fR\|(3) will return \s-1SSL_ERROR_WANT_X509_LOOKUP\s0 to indicate, that the handshake was suspended. The next call to the handshake function will again lead to the call of \fIclient_cert_cb()\fR. It is the job of the \fIclient_cert_cb()\fR to store information @@ -181,7 +172,7 @@ from the client. A client certificate must only be sent, when the server did send the request. .PP When a certificate was set using the -SSL_CTX_use_certificate(3) family of functions, +\&\fISSL_CTX_use_certificate\fR\|(3) family of functions, it will be sent to the server. The \s-1TLS\s0 standard requires that only a certificate is sent, if it matches the list of acceptable CAs sent by the server. This constraint is violated by the default behavior of the OpenSSL @@ -195,7 +186,7 @@ If the callback function returns a certificate, the OpenSSL library will try to load the private key and certificate data into the \s-1SSL\s0 object using the \fISSL_use_certificate()\fR and \fISSL_use_private_key()\fR functions. Thus it will permanently install the certificate and key for this \s-1SSL\s0 -object. It will not be reset by calling SSL_clear(3). +object. It will not be reset by calling \fISSL_clear\fR\|(3). If the callback returns no certificate, the OpenSSL library will not send a certificate. .SH "BUGS" @@ -210,7 +201,7 @@ either adding the intermediate \s-1CA\s0 certificates into the trusted certificate store for the \s-1SSL_CTX\s0 object (resulting in having to add \&\s-1CA\s0 certificates that otherwise maybe would not be trusted), or by adding the chain certificates using the -SSL_CTX_add_extra_chain_cert(3) +\&\fISSL_CTX_add_extra_chain_cert\fR\|(3) function, which is only available for the \s-1SSL_CTX\s0 object as a whole and that therefore probably can only apply for one client certificate, making the concept of the callback function (to allow the choice from several @@ -218,12 +209,12 @@ certificates) questionable. .PP Once the \s-1SSL\s0 object has been used in conjunction with the callback function, the certificate will be set for the \s-1SSL\s0 object and will not be cleared -even when SSL_clear(3) is being called. It is therefore -mandatory to destroy the \s-1SSL\s0 object using SSL_free(3) +even when \fISSL_clear\fR\|(3) is being called. It is therefore +mandatory to destroy the \s-1SSL\s0 object using \fISSL_free\fR\|(3) and create a new one to return to the previous state. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_CTX_use_certificate(3), -SSL_CTX_add_extra_chain_cert(3), -SSL_get_client_CA_list(3), -SSL_clear(3), SSL_free(3) +\&\fIssl\fR\|(3), \fISSL_CTX_use_certificate\fR\|(3), +\&\fISSL_CTX_add_extra_chain_cert\fR\|(3), +\&\fISSL_get_client_CA_list\fR\|(3), +\&\fISSL_clear\fR\|(3), \fISSL_free\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 index 2a19c0f..ac26d57 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:40 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,22 +126,23 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_set_default_passwd_cb 3" -.TH SSL_CTX_set_default_passwd_cb 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_set_default_passwd_cb 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata \- set passwd callback for encrypted \s-1PEM\s0 file handling +SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata \- set passwd callback for encrypted PEM file handling .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 2 \& void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); \& void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); .Ve +.PP .Vb 1 \& int pem_passwd_cb(char *buf, int size, int rwflag, void *userdata); .Ve @@ -209,5 +201,5 @@ truncated. .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), -SSL_CTX_use_certificate(3) +\&\fIssl\fR\|(3), +\&\fISSL_CTX_use_certificate\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 b/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 index 4f9c69c..290da59 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:41 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,22 +126,23 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_set_generate_session_id 3" -.TH SSL_CTX_set_generate_session_id 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_set_generate_session_id 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_CTX_set_generate_session_id, SSL_set_generate_session_id, SSL_has_matching_session_id \- manipulate generation of \s-1SSL\s0 session IDs (server only) +SSL_CTX_set_generate_session_id, SSL_set_generate_session_id, SSL_has_matching_session_id \- manipulate generation of SSL session IDs (server only) .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 2 \& typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id, \& unsigned int *id_len); .Ve +.PP .Vb 4 \& int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb); \& int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB, cb); @@ -194,7 +186,7 @@ the callback \fBmust never\fR increase \fBid_len\fR or write to the location If a SSLv2 session id is generated and \fBid_len\fR is reduced, it will be restored after the callback has finished and the session id will be padded with 0x00. It is not recommended to change the \fBid_len\fR for SSLv2 sessions. -The callback can use the SSL_get_version(3) function +The callback can use the \fISSL_get_version\fR\|(3) function to check, whether the session is of type SSLv2. .PP The location \fBid\fR is filled with 0x00 before the callback is called, so the @@ -239,6 +231,7 @@ server id given, and will fill the rest with pseudo random bytes: .Vb 1 \& const char session_id_prefix = "www-18"; .Ve +.PP .Vb 6 \& #define MAX_SESSION_ID_ATTEMPTS 10 \& static int generate_session_id(const SSL *ssl, unsigned char *id, @@ -247,11 +240,13 @@ server id given, and will fill the rest with pseudo random bytes: \& unsigned int count = 0; \& const char *version; .Ve +.PP .Vb 3 \& version = SSL_get_version(ssl); \& if (!strcmp(version, "SSLv2")) \& /* we must not change id_len */; .Ve +.PP .Vb 17 \& do { \& RAND_pseudo_bytes(id, *id_len); @@ -280,7 +275,7 @@ always return 1. same id is already in the cache. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_get_version(3) +\&\fIssl\fR\|(3), \fISSL_get_version\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\fISSL_CTX_set_generate_session_id()\fR, \fISSL_set_generate_session_id()\fR diff --git a/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 index 1eab312..5209e79 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:41 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,25 +126,26 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_set_info_callback 3" -.TH SSL_CTX_set_info_callback 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_set_info_callback 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_CTX_set_info_callback, SSL_CTX_get_info_callback, SSL_set_info_callback, SSL_get_info_callback \- handle information callback for \s-1SSL\s0 connections +SSL_CTX_set_info_callback, SSL_CTX_get_info_callback, SSL_set_info_callback, SSL_get_info_callback \- handle information callback for SSL connections .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 2 \& void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*callback)()); -\& void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(); +\& void (*SSL_CTX_get_info_callback(const SSL_CTX *ctx))(); .Ve +.PP .Vb 2 \& void SSL_set_info_callback(SSL *ssl, void (*callback)()); -\& void (*SSL_get_info_callback(SSL *ssl))(); +\& void (*SSL_get_info_callback(const SSL *ssl))(); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -186,48 +178,48 @@ If an alert is handled, \s-1SSL_CB_ALERT\s0 is set and \fBret\fR specifies the a information. .PP \&\fBwhere\fR is a bitmask made up of the following bits: -.Ip "\s-1SSL_CB_LOOP\s0" 4 +.IP "\s-1SSL_CB_LOOP\s0" 4 .IX Item "SSL_CB_LOOP" Callback has been called to indicate state change inside a loop. -.Ip "\s-1SSL_CB_EXIT\s0" 4 +.IP "\s-1SSL_CB_EXIT\s0" 4 .IX Item "SSL_CB_EXIT" Callback has been called to indicate error exit of a handshake function. (May be soft error with retry option for non-blocking setups.) -.Ip "\s-1SSL_CB_READ\s0" 4 +.IP "\s-1SSL_CB_READ\s0" 4 .IX Item "SSL_CB_READ" Callback has been called during read operation. -.Ip "\s-1SSL_CB_WRITE\s0" 4 +.IP "\s-1SSL_CB_WRITE\s0" 4 .IX Item "SSL_CB_WRITE" Callback has been called during write operation. -.Ip "\s-1SSL_CB_ALERT\s0" 4 +.IP "\s-1SSL_CB_ALERT\s0" 4 .IX Item "SSL_CB_ALERT" Callback has been called due to an alert being sent or received. -.Ip "\s-1SSL_CB_READ_ALERT\s0 (SSL_CB_ALERT|SSL_CB_READ)" 4 +.IP "\s-1SSL_CB_READ_ALERT\s0 (SSL_CB_ALERT|SSL_CB_READ)" 4 .IX Item "SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ)" .PD 0 -.Ip "\s-1SSL_CB_WRITE_ALERT\s0 (SSL_CB_ALERT|SSL_CB_WRITE)" 4 +.IP "\s-1SSL_CB_WRITE_ALERT\s0 (SSL_CB_ALERT|SSL_CB_WRITE)" 4 .IX Item "SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE)" -.Ip "\s-1SSL_CB_ACCEPT_LOOP\s0 (SSL_ST_ACCEPT|SSL_CB_LOOP)" 4 +.IP "\s-1SSL_CB_ACCEPT_LOOP\s0 (SSL_ST_ACCEPT|SSL_CB_LOOP)" 4 .IX Item "SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP)" -.Ip "\s-1SSL_CB_ACCEPT_EXIT\s0 (SSL_ST_ACCEPT|SSL_CB_EXIT)" 4 +.IP "\s-1SSL_CB_ACCEPT_EXIT\s0 (SSL_ST_ACCEPT|SSL_CB_EXIT)" 4 .IX Item "SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT)" -.Ip "\s-1SSL_CB_CONNECT_LOOP\s0 (SSL_ST_CONNECT|SSL_CB_LOOP)" 4 +.IP "\s-1SSL_CB_CONNECT_LOOP\s0 (SSL_ST_CONNECT|SSL_CB_LOOP)" 4 .IX Item "SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP)" -.Ip "\s-1SSL_CB_CONNECT_EXIT\s0 (SSL_ST_CONNECT|SSL_CB_EXIT)" 4 +.IP "\s-1SSL_CB_CONNECT_EXIT\s0 (SSL_ST_CONNECT|SSL_CB_EXIT)" 4 .IX Item "SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT)" -.Ip "\s-1SSL_CB_HANDSHAKE_START\s0" 4 +.IP "\s-1SSL_CB_HANDSHAKE_START\s0" 4 .IX Item "SSL_CB_HANDSHAKE_START" .PD Callback has been called because a new handshake is started. -.Ip "\s-1SSL_CB_HANDSHAKE_DONE\s0 0x20" 4 +.IP "\s-1SSL_CB_HANDSHAKE_DONE\s0 0x20" 4 .IX Item "SSL_CB_HANDSHAKE_DONE 0x20" Callback has been called because a handshake is finished. .PP The current state information can be obtained using the -SSL_state_string(3) family of functions. +\&\fISSL_state_string\fR\|(3) family of functions. .PP The \fBret\fR information can be evaluated using the -SSL_alert_type_string(3) family of functions. +\&\fISSL_alert_type_string\fR\|(3) family of functions. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fISSL_set_info_callback()\fR does not provide diagnostic information. @@ -244,14 +236,17 @@ about alerts being handled and error messages to the \fBbio_err\fR \s-1BIO\s0. \& const char *str; \& int w; .Ve +.PP .Vb 1 \& w=where& ~SSL_ST_MASK; .Ve +.PP .Vb 3 \& if (w & SSL_ST_CONNECT) str="SSL_connect"; \& else if (w & SSL_ST_ACCEPT) str="SSL_accept"; \& else str="undefined"; .Ve +.PP .Vb 24 \& if (where & SSL_CB_LOOP) \& { @@ -280,5 +275,5 @@ about alerts being handled and error messages to the \fBbio_err\fR \s-1BIO\s0. .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_state_string(3), -SSL_alert_type_string(3) +\&\fIssl\fR\|(3), \fISSL_state_string\fR\|(3), +\&\fISSL_alert_type_string\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 b/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 index 05e48b1..bdf2627 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:41 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_set_max_cert_list 3" -.TH SSL_CTX_set_max_cert_list 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_set_max_cert_list 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_CTX_set_max_cert_list, SSL_CTX_get_max_cert_list, SSL_set_max_cert_list, SSL_get_max_cert_list, \- manipulate allowed for the peer's certificate chain .SH "SYNOPSIS" @@ -147,10 +137,12 @@ SSL_CTX_set_max_cert_list, SSL_CTX_get_max_cert_list, SSL_set_max_cert_list, SSL .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 2 \& long SSL_CTX_set_max_cert_list(SSL_CTX *ctx, long size); \& long SSL_CTX_get_max_cert_list(SSL_CTX *ctx); .Ve +.PP .Vb 2 \& long SSL_set_max_cert_list(SSL *ssl, long size); \& long SSL_get_max_cert_list(SSL *ctx); @@ -160,7 +152,7 @@ SSL_CTX_set_max_cert_list, SSL_CTX_get_max_cert_list, SSL_set_max_cert_list, SSL \&\fISSL_CTX_set_max_cert_list()\fR sets the maximum size allowed for the peer's certificate chain for all \s-1SSL\s0 objects created from \fBctx\fR to be <size> bytes. The \s-1SSL\s0 objects inherit the setting valid for \fBctx\fR at the time -SSL_new(3) is being called. +\&\fISSL_new\fR\|(3) is being called. .PP \&\fISSL_CTX_get_max_cert_list()\fR returns the currently set maximum size for \fBctx\fR. .PP @@ -181,7 +173,7 @@ chain is set. The default value for the maximum certificate chain size is 100kB (30kB on the 16bit \s-1DOS\s0 platform). This should be sufficient for usual certificate chains (OpenSSL's default maximum chain length is 10, see -SSL_CTX_set_verify(3), and certificates +\&\fISSL_CTX_set_verify\fR\|(3), and certificates without special extensions have a typical size of 1\-2kB). .PP For special applications it can be necessary to extend the maximum certificate @@ -205,8 +197,8 @@ set value. set value. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_new(3), -SSL_CTX_set_verify(3) +\&\fIssl\fR\|(3), \fISSL_new\fR\|(3), +\&\fISSL_CTX_set_verify\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" SSL*_set/\fIget_max_cert_list()\fR have been introduced in OpenSSL 0.9.7. diff --git a/secure/lib/libssl/man/SSL_CTX_set_mode.3 b/secure/lib/libssl/man/SSL_CTX_set_mode.3 index 841a600..d046dbc 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_mode.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_mode.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:41 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,22 +126,23 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_set_mode 3" -.TH SSL_CTX_set_mode 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_set_mode 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_CTX_set_mode, SSL_set_mode, SSL_CTX_get_mode, SSL_get_mode \- manipulate \s-1SSL\s0 engine mode +SSL_CTX_set_mode, SSL_set_mode, SSL_CTX_get_mode, SSL_get_mode \- manipulate SSL engine mode .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 2 \& long SSL_CTX_set_mode(SSL_CTX *ctx, long mode); \& long SSL_set_mode(SSL *ssl, long mode); .Ve +.PP .Vb 2 \& long SSL_CTX_get_mode(SSL_CTX *ctx); \& long SSL_get_mode(SSL *ssl); @@ -169,25 +161,25 @@ Options already set before are not cleared. .SH "NOTES" .IX Header "NOTES" The following mode changes are available: -.Ip "\s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0" 4 +.IP "\s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0" 4 .IX Item "SSL_MODE_ENABLE_PARTIAL_WRITE" Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success when just a single record has been written). When not set (the default), \&\fISSL_write()\fR will only report success once the complete chunk was written. Once \fISSL_write()\fR returns with r, r bytes have been successfully written -and the next call to \fISSL_write()\fR must only send the n-r bytes left, +and the next call to \fISSL_write()\fR must only send the n\-r bytes left, imitating the behaviour of \fIwrite()\fR. -.Ip "\s-1SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER\s0" 4 +.IP "\s-1SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER\s0" 4 .IX Item "SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER" Make it possible to retry \fISSL_write()\fR with changed buffer location (the buffer contents must stay the same). This is not the default to avoid the misconception that non-blocking \fISSL_write()\fR behaves like non-blocking \fIwrite()\fR. -.Ip "\s-1SSL_MODE_AUTO_RETRY\s0" 4 +.IP "\s-1SSL_MODE_AUTO_RETRY\s0" 4 .IX Item "SSL_MODE_AUTO_RETRY" Never bother the application with retries if the transport is blocking. If a renegotiation take place during normal operation, a -SSL_read(3) or SSL_write(3) would return +\&\fISSL_read\fR\|(3) or \fISSL_write\fR\|(3) would return with \-1 and indicate the need to retry with \s-1SSL_ERROR_WANT_READ\s0. In a non-blocking environment applications must be prepared to handle incomplete read/write operations. @@ -203,7 +195,7 @@ after adding \fBmode\fR. \&\fISSL_CTX_get_mode()\fR and \fISSL_get_mode()\fR return the current bitmask. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_read(3), SSL_write(3) +\&\fIssl\fR\|(3), \fISSL_read\fR\|(3), \fISSL_write\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\s-1SSL_MODE_AUTO_RETRY\s0 as been added in OpenSSL 0.9.6. diff --git a/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 index 3e96a47..9c8a8a6 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:41 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_set_msg_callback 3" -.TH SSL_CTX_set_msg_callback 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_set_msg_callback 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_CTX_set_msg_callback, SSL_CTX_set_msg_callback_arg, SSL_set_msg_callback, SSL_get_msg_callback_arg \- install callback for observing protocol messages .SH "SYNOPSIS" @@ -147,10 +137,12 @@ SSL_CTX_set_msg_callback, SSL_CTX_set_msg_callback_arg, SSL_set_msg_callback, SS .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 2 \& void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); \& void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg); .Ve +.PP .Vb 2 \& void SSL_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); \& void SSL_set_msg_callback_arg(SSL_CTX *ctx, void *arg); @@ -166,38 +158,38 @@ available for arbitrary application use. .PP \&\fISSL_CTX_set_msg_callback()\fR and \fISSL_CTX_set_msg_callback_arg()\fR specify default settings that will be copied to new \fB\s-1SSL\s0\fR objects by -SSL_new(3). \fISSL_set_msg_callback()\fR and +\&\fISSL_new\fR\|(3). \fISSL_set_msg_callback()\fR and \&\fISSL_set_msg_callback_arg()\fR modify the actual settings of an \fB\s-1SSL\s0\fR object. Using a \fB0\fR pointer for \fIcb\fR disables the message callback. .PP When \fIcb\fR is called by the \s-1SSL/TLS\s0 library for a protocol message, the function arguments have the following meaning: -.Ip "\fIwrite_p\fR" 4 +.IP "\fIwrite_p\fR" 4 .IX Item "write_p" This flag is \fB0\fR when a protocol message has been received and \fB1\fR when a protocol message has been sent. -.Ip "\fIversion\fR" 4 +.IP "\fIversion\fR" 4 .IX Item "version" The protocol version according to which the protocol message is interpreted by the library. Currently, this is one of \&\fB\s-1SSL2_VERSION\s0\fR, \fB\s-1SSL3_VERSION\s0\fR and \fB\s-1TLS1_VERSION\s0\fR (for \s-1SSL\s0 2.0, \s-1SSL\s0 3.0 and \s-1TLS\s0 1.0, respectively). -.Ip "\fIcontent_type\fR" 4 +.IP "\fIcontent_type\fR" 4 .IX Item "content_type" In the case of \s-1SSL\s0 2.0, this is always \fB0\fR. In the case of \s-1SSL\s0 3.0 or \s-1TLS\s0 1.0, this is one of the \fBContentType\fR values defined in the protocol specification (\fBchange_cipher_spec(20)\fR, \fBalert(21)\fR, \&\fBhandshake(22)\fR; but never \fBapplication_data(23)\fR because the callback will only be called for protocol messages). -.Ip "\fIbuf\fR, \fIlen\fR" 4 +.IP "\fIbuf\fR, \fIlen\fR" 4 .IX Item "buf, len" \&\fIbuf\fR points to a buffer containing the protocol message, which consists of \fIlen\fR bytes. The buffer is no longer valid after the callback function has returned. -.Ip "\fIssl\fR" 4 +.IP "\fIssl\fR" 4 .IX Item "ssl" The \fB\s-1SSL\s0\fR object that received or sent the message. -.Ip "\fIarg\fR" 4 +.IP "\fIarg\fR" 4 .IX Item "arg" The user-defined argument optionally defined by \&\fISSL_CTX_set_msg_callback_arg()\fR or \fISSL_set_msg_callback_arg()\fR. @@ -218,7 +210,7 @@ a \s-1TLS\s0 1.0 ClientHello message is received by an \s-1SSL\s0 3.0\-only serv \&\fIversion\fR will be \fB\s-1SSL3_VERSION\s0\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_new(3) +\&\fIssl\fR\|(3), \fISSL_new\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\fISSL_CTX_set_msg_callback()\fR, \fISSL_CTX_set_msg_callback_arg()\fR, diff --git a/secure/lib/libssl/man/SSL_CTX_set_options.3 b/secure/lib/libssl/man/SSL_CTX_set_options.3 index 2d2604d..c2911a6 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_options.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_options.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:41 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,22 +126,23 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_set_options 3" -.TH SSL_CTX_set_options 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_set_options 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_CTX_set_options, SSL_set_options, SSL_CTX_get_options, SSL_get_options \- manipulate \s-1SSL\s0 engine options +SSL_CTX_set_options, SSL_set_options, SSL_CTX_get_options, SSL_get_options \- manipulate SSL engine options .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 2 \& long SSL_CTX_set_options(SSL_CTX *ctx, long options); \& long SSL_set_options(SSL *ssl, long options); .Ve +.PP .Vb 2 \& long SSL_CTX_get_options(SSL_CTX *ctx); \& long SSL_get_options(SSL *ssl); @@ -175,7 +167,7 @@ operation (|). Options can only be added but can never be reset. \&\fISSL_CTX_set_options()\fR and \fISSL_set_options()\fR affect the (external) protocol behaviour of the \s-1SSL\s0 library. The (internal) behaviour of the \s-1API\s0 can be changed by using the similar -SSL_CTX_set_mode(3) and \fISSL_set_mode()\fR functions. +\&\fISSL_CTX_set_mode\fR\|(3) and \fISSL_set_mode()\fR functions. .PP During a handshake, the option settings of the \s-1SSL\s0 object are used. When a new \s-1SSL\s0 object is created from a context using \fISSL_new()\fR, the current @@ -183,58 +175,58 @@ option setting is copied. Changes to \fBctx\fR do not affect already created \&\s-1SSL\s0 objects. \fISSL_clear()\fR does not affect the settings. .PP The following \fBbug workaround\fR options are available: -.Ip "\s-1SSL_OP_MICROSOFT_SESS_ID_BUG\s0" 4 +.IP "\s-1SSL_OP_MICROSOFT_SESS_ID_BUG\s0" 4 .IX Item "SSL_OP_MICROSOFT_SESS_ID_BUG" www.microsoft.com \- when talking SSLv2, if session-id reuse is performed, the session-id passed back in the server-finished message is different from the one decided upon. -.Ip "\s-1SSL_OP_NETSCAPE_CHALLENGE_BUG\s0" 4 +.IP "\s-1SSL_OP_NETSCAPE_CHALLENGE_BUG\s0" 4 .IX Item "SSL_OP_NETSCAPE_CHALLENGE_BUG" -Netscape-Commerce/1.12, when talking SSLv2, accepts a 32 byte +Netscape\-Commerce/1.12, when talking SSLv2, accepts a 32 byte challenge but then appears to only use 16 bytes when generating the encryption keys. Using 16 bytes is ok but it should be ok to use 32. According to the SSLv3 spec, one should use 32 bytes for the challenge when operating in SSLv2/v3 compatibility mode, but as mentioned above, this breaks this server so 16 bytes is the way to go. -.Ip "\s-1SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG\s0" 4 +.IP "\s-1SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG\s0" 4 .IX Item "SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG" ssl3.netscape.com:443, first a connection is established with \s-1RC4\-MD5\s0. -If it is then resumed, we end up using \s-1DES-CBC3\-SHA\s0. It should be +If it is then resumed, we end up using \s-1DES\-CBC3\-SHA\s0. It should be \&\s-1RC4\-MD5\s0 according to 7.6.1.3, 'cipher_suite'. .Sp -Netscape-Enterprise/2.01 (https://merchant.netscape.com) has this bug. +Netscape\-Enterprise/2.01 (https://merchant.netscape.com) has this bug. It only really shows up when connecting via SSLv2/v3 then reconnecting via SSLv3. The cipher list changes.... .Sp \&\s-1NEW\s0 \s-1INFORMATION\s0. Try connecting with a cipher list of just -\&\s-1DES-CBC-SHA:RC4\-MD5\s0. For some weird reason, each new connection uses -\&\s-1RC4\-MD5\s0, but a re-connect tries to use \s-1DES-CBC-SHA\s0. So netscape, when -doing a re-connect, always takes the first cipher in the cipher list. -.Ip "\s-1SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG\s0" 4 +\&\s-1DES\-CBC\-SHA:RC4\-MD5\s0. For some weird reason, each new connection uses +\&\s-1RC4\-MD5\s0, but a re-connect tries to use \s-1DES\-CBC\-SHA\s0. So netscape, when +doing a re\-connect, always takes the first cipher in the cipher list. +.IP "\s-1SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG\s0" 4 .IX Item "SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG" \&... -.Ip "\s-1SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER\s0" 4 +.IP "\s-1SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER\s0" 4 .IX Item "SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER" \&... -.Ip "\s-1SSL_OP_MSIE_SSLV2_RSA_PADDING\s0" 4 +.IP "\s-1SSL_OP_MSIE_SSLV2_RSA_PADDING\s0" 4 .IX Item "SSL_OP_MSIE_SSLV2_RSA_PADDING" -\&... -.Ip "\s-1SSL_OP_SSLEAY_080_CLIENT_DH_BUG\s0" 4 +As of OpenSSL 0.9.7h and 0.9.8a, this option has no effect. +.IP "\s-1SSL_OP_SSLEAY_080_CLIENT_DH_BUG\s0" 4 .IX Item "SSL_OP_SSLEAY_080_CLIENT_DH_BUG" \&... -.Ip "\s-1SSL_OP_TLS_D5_BUG\s0" 4 +.IP "\s-1SSL_OP_TLS_D5_BUG\s0" 4 .IX Item "SSL_OP_TLS_D5_BUG" \&... -.Ip "\s-1SSL_OP_TLS_BLOCK_PADDING_BUG\s0" 4 +.IP "\s-1SSL_OP_TLS_BLOCK_PADDING_BUG\s0" 4 .IX Item "SSL_OP_TLS_BLOCK_PADDING_BUG" \&... -.Ip "\s-1SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS\s0" 4 +.IP "\s-1SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS\s0" 4 .IX Item "SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS" Disables a countermeasure against a \s-1SSL\s0 3.0/TLS 1.0 protocol vulnerability affecting \s-1CBC\s0 ciphers, which cannot be handled by some broken \s-1SSL\s0 implementations. This option has no effect for connections using other ciphers. -.Ip "\s-1SSL_OP_ALL\s0" 4 +.IP "\s-1SSL_OP_ALL\s0" 4 .IX Item "SSL_OP_ALL" All of the above bug workarounds. .PP @@ -243,7 +235,7 @@ options if compatibility with somewhat broken implementations is desired. .PP The following \fBmodifying\fR options are available: -.Ip "\s-1SSL_OP_TLS_ROLLBACK_BUG\s0" 4 +.IP "\s-1SSL_OP_TLS_ROLLBACK_BUG\s0" 4 .IX Item "SSL_OP_TLS_ROLLBACK_BUG" Disable version rollback attack detection. .Sp @@ -254,59 +246,59 @@ the client sends a SSLv2 hello and accepts up to SSLv3.1=TLSv1, the server only understands up to SSLv3. In this case the client must still use the same SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect to the server's answer and violate the version rollback protection.) -.Ip "\s-1SSL_OP_SINGLE_DH_USE\s0" 4 +.IP "\s-1SSL_OP_SINGLE_DH_USE\s0" 4 .IX Item "SSL_OP_SINGLE_DH_USE" Always create a new key when using temporary/ephemeral \s-1DH\s0 parameters -(see SSL_CTX_set_tmp_dh_callback(3)). +(see \fISSL_CTX_set_tmp_dh_callback\fR\|(3)). This option must be used to prevent small subgroup attacks, when the \s-1DH\s0 parameters were not generated using \*(L"strong\*(R" primes -(e.g. when using DSA-parameters, see dhparam(1)). +(e.g. when using DSA\-parameters, see \fIdhparam\fR\|(1)). If \*(L"strong\*(R" primes were used, it is not strictly necessary to generate a new \s-1DH\s0 key during each handshake but it is also recommended. \&\fB\s-1SSL_OP_SINGLE_DH_USE\s0\fR should therefore be enabled whenever temporary/ephemeral \s-1DH\s0 parameters are used. -.Ip "\s-1SSL_OP_EPHEMERAL_RSA\s0" 4 +.IP "\s-1SSL_OP_EPHEMERAL_RSA\s0" 4 .IX Item "SSL_OP_EPHEMERAL_RSA" Always use ephemeral (temporary) \s-1RSA\s0 key when doing \s-1RSA\s0 operations -(see SSL_CTX_set_tmp_rsa_callback(3)). +(see \fISSL_CTX_set_tmp_rsa_callback\fR\|(3)). According to the specifications this is only done, when a \s-1RSA\s0 key can only be used for signature operations (namely under export ciphers with restricted \s-1RSA\s0 keylength). By setting this option, ephemeral \&\s-1RSA\s0 keys are always used. This option breaks compatibility with the \&\s-1SSL/TLS\s0 specifications and may lead to interoperability problems with clients and should therefore never be used. Ciphers with \s-1EDH\s0 (ephemeral -Diffie-Hellman) key exchange should be used instead. -.Ip "\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0" 4 +Diffie\-Hellman) key exchange should be used instead. +.IP "\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0" 4 .IX Item "SSL_OP_CIPHER_SERVER_PREFERENCE" When choosing a cipher, use the server's preferences instead of the client preferences. When not set, the \s-1SSL\s0 server will always follow the clients preferences. When set, the SSLv3/TLSv1 server will choose following its own preferences. Because of the different protocol, for SSLv2 the server -will send his list of preferences to the client and the client chooses. -.Ip "\s-1SSL_OP_PKCS1_CHECK_1\s0" 4 +will send its list of preferences to the client and the client chooses. +.IP "\s-1SSL_OP_PKCS1_CHECK_1\s0" 4 .IX Item "SSL_OP_PKCS1_CHECK_1" \&... -.Ip "\s-1SSL_OP_PKCS1_CHECK_2\s0" 4 +.IP "\s-1SSL_OP_PKCS1_CHECK_2\s0" 4 .IX Item "SSL_OP_PKCS1_CHECK_2" \&... -.Ip "\s-1SSL_OP_NETSCAPE_CA_DN_BUG\s0" 4 +.IP "\s-1SSL_OP_NETSCAPE_CA_DN_BUG\s0" 4 .IX Item "SSL_OP_NETSCAPE_CA_DN_BUG" If we accept a netscape connection, demand a client cert, have a -non-self-sighed \s-1CA\s0 which does not have it's \s-1CA\s0 in netscape, and the +non-self-signed \s-1CA\s0 which does not have its \s-1CA\s0 in netscape, and the browser has a cert, it will crash/hang. Works for 3.x and 4.xbeta -.Ip "\s-1SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG\s0" 4 +.IP "\s-1SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG\s0" 4 .IX Item "SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG" \&... -.Ip "SSL_OP_NO_SSLv2" 4 +.IP "SSL_OP_NO_SSLv2" 4 .IX Item "SSL_OP_NO_SSLv2" Do not use the SSLv2 protocol. -.Ip "SSL_OP_NO_SSLv3" 4 +.IP "SSL_OP_NO_SSLv3" 4 .IX Item "SSL_OP_NO_SSLv3" Do not use the SSLv3 protocol. -.Ip "SSL_OP_NO_TLSv1" 4 +.IP "SSL_OP_NO_TLSv1" 4 .IX Item "SSL_OP_NO_TLSv1" Do not use the TLSv1 protocol. -.Ip "\s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0" 4 +.IP "\s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0" 4 .IX Item "SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION" When performing renegotiation as a server, always start a new session (i.e., session resumption requests are only accepted in the initial @@ -319,10 +311,10 @@ after adding \fBoptions\fR. \&\fISSL_CTX_get_options()\fR and \fISSL_get_options()\fR return the current bitmask. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_new(3), SSL_clear(3), -SSL_CTX_set_tmp_dh_callback(3), -SSL_CTX_set_tmp_rsa_callback(3), -dhparam(1) +\&\fIssl\fR\|(3), \fISSL_new\fR\|(3), \fISSL_clear\fR\|(3), +\&\fISSL_CTX_set_tmp_dh_callback\fR\|(3), +\&\fISSL_CTX_set_tmp_rsa_callback\fR\|(3), +\&\fIdhparam\fR\|(1) .SH "HISTORY" .IX Header "HISTORY" \&\fB\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0\fR and diff --git a/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 b/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 index c9bbc30..fc64d22 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:42 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_set_quiet_shutdown 3" -.TH SSL_CTX_set_quiet_shutdown 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_set_quiet_shutdown 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_CTX_set_quiet_shutdown, SSL_CTX_get_quiet_shutdown, SSL_set_quiet_shutdown, SSL_get_quiet_shutdown \- manipulate shutdown behaviour .SH "SYNOPSIS" @@ -147,39 +137,41 @@ SSL_CTX_set_quiet_shutdown, SSL_CTX_get_quiet_shutdown, SSL_set_quiet_shutdown, .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 2 \& void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode); -\& int SSL_CTX_get_quiet_shutdown(SSL_CTX *ctx); +\& int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); .Ve +.PP .Vb 2 \& void SSL_set_quiet_shutdown(SSL *ssl, int mode); -\& int SSL_get_quiet_shutdown(SSL *ssl); +\& int SSL_get_quiet_shutdown(const SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fISSL_CTX_set_quiet_shutdown()\fR sets the \*(L"quiet shutdown\*(R" flag for \fBctx\fR to be \&\fBmode\fR. \s-1SSL\s0 objects created from \fBctx\fR inherit the \fBmode\fR valid at the time -SSL_new(3) is called. \fBmode\fR may be 0 or 1. +\&\fISSL_new\fR\|(3) is called. \fBmode\fR may be 0 or 1. .PP \&\fISSL_CTX_get_quiet_shutdown()\fR returns the \*(L"quiet shutdown\*(R" setting of \fBctx\fR. .PP \&\fISSL_set_quiet_shutdown()\fR sets the \*(L"quiet shutdown\*(R" flag for \fBssl\fR to be \&\fBmode\fR. The setting stays valid until \fBssl\fR is removed with -SSL_free(3) or \fISSL_set_quiet_shutdown()\fR is called again. -It is not changed when SSL_clear(3) is called. +\&\fISSL_free\fR\|(3) or \fISSL_set_quiet_shutdown()\fR is called again. +It is not changed when \fISSL_clear\fR\|(3) is called. \&\fBmode\fR may be 0 or 1. .PP \&\fISSL_get_quiet_shutdown()\fR returns the \*(L"quiet shutdown\*(R" setting of \fBssl\fR. .SH "NOTES" .IX Header "NOTES" Normally when a \s-1SSL\s0 connection is finished, the parties must send out -\&\*(L"close notify\*(R" alert messages using SSL_shutdown(3) +\&\*(L"close notify\*(R" alert messages using \fISSL_shutdown\fR\|(3) for a clean shutdown. .PP -When setting the \*(L"quiet shutdown\*(R" flag to 1, SSL_shutdown(3) +When setting the \*(L"quiet shutdown\*(R" flag to 1, \fISSL_shutdown\fR\|(3) will set the internal flags to SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN. -(SSL_shutdown(3) then behaves like -SSL_set_shutdown(3) called with +(\fISSL_shutdown\fR\|(3) then behaves like +\&\fISSL_set_shutdown\fR\|(3) called with SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.) The session is thus considered to be shutdown, but no \*(L"close notify\*(R" alert is sent to the peer. This behaviour violates the \s-1TLS\s0 standard. @@ -194,6 +186,6 @@ diagnostic information. setting. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_shutdown(3), -SSL_set_shutdown(3), SSL_new(3), -SSL_clear(3), SSL_free(3) +\&\fIssl\fR\|(3), \fISSL_shutdown\fR\|(3), +\&\fISSL_set_shutdown\fR\|(3), \fISSL_new\fR\|(3), +\&\fISSL_clear\fR\|(3), \fISSL_free\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 b/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 index a9ceab5..39e7475 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:42 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_set_session_cache_mode 3" -.TH SSL_CTX_set_session_cache_mode 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_set_session_cache_mode 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_CTX_set_session_cache_mode, SSL_CTX_get_session_cache_mode \- enable/disable session caching .SH "SYNOPSIS" @@ -147,6 +137,7 @@ SSL_CTX_set_session_cache_mode, SSL_CTX_get_session_cache_mode \- enable/disable .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 2 \& long SSL_CTX_set_session_cache_mode(SSL_CTX ctx, long mode); \& long SSL_CTX_get_session_cache_mode(SSL_CTX ctx); @@ -176,40 +167,40 @@ the external storage if available. .PP Since a client may try to reuse a session intended for use in a different context, the session id context must be set by the server (see -SSL_CTX_set_session_id_context(3)). +\&\fISSL_CTX_set_session_id_context\fR\|(3)). .PP The following session cache modes and modifiers are available: -.Ip "\s-1SSL_SESS_CACHE_OFF\s0" 4 +.IP "\s-1SSL_SESS_CACHE_OFF\s0" 4 .IX Item "SSL_SESS_CACHE_OFF" No session caching for client or server takes place. -.Ip "\s-1SSL_SESS_CACHE_CLIENT\s0" 4 +.IP "\s-1SSL_SESS_CACHE_CLIENT\s0" 4 .IX Item "SSL_SESS_CACHE_CLIENT" Client sessions are added to the session cache. As there is no reliable way for the OpenSSL library to know whether a session should be reused or which session to choose (due to the abstract \s-1BIO\s0 layer the \s-1SSL\s0 engine does not have details about the connection), the application must select the session -to be reused by using the SSL_set_session(3) +to be reused by using the \fISSL_set_session\fR\|(3) function. This option is not activated by default. -.Ip "\s-1SSL_SESS_CACHE_SERVER\s0" 4 +.IP "\s-1SSL_SESS_CACHE_SERVER\s0" 4 .IX Item "SSL_SESS_CACHE_SERVER" Server sessions are added to the session cache. When a client proposes a session to be reused, the server looks for the corresponding session in (first) the internal session cache (unless \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0 is set), then (second) in the external cache if available. If the session is found, the server will try to reuse the session. This is the default. -.Ip "\s-1SSL_SESS_CACHE_BOTH\s0" 4 +.IP "\s-1SSL_SESS_CACHE_BOTH\s0" 4 .IX Item "SSL_SESS_CACHE_BOTH" Enable both \s-1SSL_SESS_CACHE_CLIENT\s0 and \s-1SSL_SESS_CACHE_SERVER\s0 at the same time. -.Ip "\s-1SSL_SESS_CACHE_NO_AUTO_CLEAR\s0" 4 +.IP "\s-1SSL_SESS_CACHE_NO_AUTO_CLEAR\s0" 4 .IX Item "SSL_SESS_CACHE_NO_AUTO_CLEAR" Normally the session cache is checked for expired sessions every 255 connections using the -SSL_CTX_flush_sessions(3) function. Since +\&\fISSL_CTX_flush_sessions\fR\|(3) function. Since this may lead to a delay which cannot be controlled, the automatic flushing may be disabled and -SSL_CTX_flush_sessions(3) can be called +\&\fISSL_CTX_flush_sessions\fR\|(3) can be called explicitly by the application. -.Ip "\s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0" 4 +.IP "\s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0" 4 .IX Item "SSL_SESS_CACHE_NO_INTERNAL_LOOKUP" By setting this flag, session-resume operations in an \s-1SSL/TLS\s0 server will not automatically look up sessions in the internal cache, even if sessions are @@ -217,19 +208,19 @@ automatically stored there. If external session caching callbacks are in use, this flag guarantees that all lookups are directed to the external cache. As automatic lookup only applies for \s-1SSL/TLS\s0 servers, the flag has no effect on clients. -.Ip "\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0" 4 +.IP "\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0" 4 .IX Item "SSL_SESS_CACHE_NO_INTERNAL_STORE" Depending on the presence of \s-1SSL_SESS_CACHE_CLIENT\s0 and/or \s-1SSL_SESS_CACHE_SERVER\s0, sessions negotiated in an \s-1SSL/TLS\s0 handshake may be cached for possible reuse. Normally a new session is added to the internal cache as well as any external session caching (callback) that is configured for the \s-1SSL_CTX\s0. This flag will prevent sessions being stored in the internal cache (though the application can -add them manually using SSL_CTX_add_session(3)). Note: +add them manually using \fISSL_CTX_add_session\fR\|(3)). Note: in any \s-1SSL/TLS\s0 servers where external caching is configured, any successful session lookups in the external cache (ie. for session-resume requests) would normally be copied into the local cache before processing continues \- this flag prevents these additions to the internal cache as well. -.Ip "\s-1SSL_SESS_CACHE_NO_INTERNAL\s0" 4 +.IP "\s-1SSL_SESS_CACHE_NO_INTERNAL\s0" 4 .IX Item "SSL_SESS_CACHE_NO_INTERNAL" Enable both \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0 and \&\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0 at the same time. @@ -242,15 +233,15 @@ The default mode is \s-1SSL_SESS_CACHE_SERVER\s0. \&\fISSL_CTX_get_session_cache_mode()\fR returns the currently set cache mode. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_set_session(3), -SSL_session_reused(3), -SSL_CTX_add_session(3), -SSL_CTX_sess_number(3), -SSL_CTX_sess_set_cache_size(3), -SSL_CTX_sess_set_get_cb(3), -SSL_CTX_set_session_id_context(3), -SSL_CTX_set_timeout(3), -SSL_CTX_flush_sessions(3) +\&\fIssl\fR\|(3), \fISSL_set_session\fR\|(3), +\&\fISSL_session_reused\fR\|(3), +\&\fISSL_CTX_add_session\fR\|(3), +\&\fISSL_CTX_sess_number\fR\|(3), +\&\fISSL_CTX_sess_set_cache_size\fR\|(3), +\&\fISSL_CTX_sess_set_get_cb\fR\|(3), +\&\fISSL_CTX_set_session_id_context\fR\|(3), +\&\fISSL_CTX_set_timeout\fR\|(3), +\&\fISSL_CTX_flush_sessions\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0 and \s-1SSL_SESS_CACHE_NO_INTERNAL\s0 diff --git a/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 b/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 index a93e087..468c286 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:42 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_set_session_id_context 3" -.TH SSL_CTX_set_session_id_context 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_set_session_id_context 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_CTX_set_session_id_context, SSL_set_session_id_context \- set context within which session can be reused (server side only) .SH "SYNOPSIS" @@ -147,6 +137,7 @@ SSL_CTX_set_session_id_context, SSL_set_session_id_context \- set context within .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 4 \& int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, \& unsigned int sid_ctx_len); @@ -184,7 +175,8 @@ The maximum length of the \fBsid_ctx\fR is limited to \&\fB\s-1SSL_MAX_SSL_SESSION_ID_LENGTH\s0\fR. .SH "WARNINGS" .IX Header "WARNINGS" -If the session id context is not set on an \s-1SSL/TLS\s0 server, stored sessions +If the session id context is not set on an \s-1SSL/TLS\s0 server and client +certificates are used, stored sessions will not be reused but a fatal error will be flagged and the handshake will fail. .PP @@ -197,13 +189,13 @@ a session as described above. .IX Header "RETURN VALUES" \&\fISSL_CTX_set_session_id_context()\fR and \fISSL_set_session_id_context()\fR return the following values: -.Ip "0" 4 +.IP "0" 4 The length \fBsid_ctx_len\fR of the session id context \fBsid_ctx\fR exceeded the maximum allowed length of \fB\s-1SSL_MAX_SSL_SESSION_ID_LENGTH\s0\fR. The error is logged to the error stack. -.Ip "1" 4 +.IP "1" 4 .IX Item "1" The operation succeeded. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3) +\&\fIssl\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 b/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 index 7f081b5..fcf6003 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:42 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,19 +126,19 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_set_ssl_version 3" -.TH SSL_CTX_set_ssl_version 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_set_ssl_version 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method -\&\- choose a new \s-1TLS/SSL\s0 method +\&\- choose a new TLS/SSL method .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 3 \& int SSL_CTX_set_ssl_version(SSL_CTX *ctx, SSL_METHOD *method); \& int SSL_set_ssl_method(SSL *s, SSL_METHOD *method); @@ -157,8 +148,8 @@ SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method .IX Header "DESCRIPTION" \&\fISSL_CTX_set_ssl_version()\fR sets a new default \s-1TLS/SSL\s0 \fBmethod\fR for \s-1SSL\s0 objects newly created from this \fBctx\fR. \s-1SSL\s0 objects already created with -SSL_new(3) are not affected, except when -SSL_clear(3) is being called. +\&\fISSL_new\fR\|(3) are not affected, except when +\&\fISSL_clear\fR\|(3) is being called. .PP \&\fISSL_set_ssl_method()\fR sets a new \s-1TLS/SSL\s0 \fBmethod\fR for a particular \fBssl\fR object. It may be reset, when \fISSL_clear()\fR is called. @@ -168,22 +159,22 @@ set in \fBssl\fR. .SH "NOTES" .IX Header "NOTES" The available \fBmethod\fR choices are described in -SSL_CTX_new(3). +\&\fISSL_CTX_new\fR\|(3). .PP -When SSL_clear(3) is called and no session is connected to +When \fISSL_clear\fR\|(3) is called and no session is connected to an \s-1SSL\s0 object, the method of the \s-1SSL\s0 object is reset to the method currently set in the corresponding \s-1SSL_CTX\s0 object. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur for \fISSL_CTX_set_ssl_version()\fR and \fISSL_set_ssl_method()\fR: -.Ip "0" 4 +.IP "0" 4 The new choice failed, check the error stack to find out the reason. -.Ip "1" 4 +.IP "1" 4 .IX Item "1" The operation succeeded. .SH "SEE ALSO" .IX Header "SEE ALSO" -SSL_CTX_new(3), SSL_new(3), -SSL_clear(3), ssl(3), -SSL_set_connect_state(3) +\&\fISSL_CTX_new\fR\|(3), \fISSL_new\fR\|(3), +\&\fISSL_clear\fR\|(3), \fIssl\fR\|(3), +\&\fISSL_set_connect_state\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_set_timeout.3 b/secure/lib/libssl/man/SSL_CTX_set_timeout.3 index 16bfc73..0f8f688 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_timeout.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_timeout.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:42 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_set_timeout 3" -.TH SSL_CTX_set_timeout 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_set_timeout 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_CTX_set_timeout, SSL_CTX_get_timeout \- manipulate timeout values for session caching .SH "SYNOPSIS" @@ -147,6 +137,7 @@ SSL_CTX_set_timeout, SSL_CTX_get_timeout \- manipulate timeout values for sessio .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 2 \& long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); \& long SSL_CTX_get_timeout(SSL_CTX *ctx); @@ -169,15 +160,15 @@ valid at the time of the session negotiation. Changes of the timeout value do not affect already established sessions. .PP The expiration time of a single session can be modified using the -SSL_SESSION_get_time(3) family of functions. +\&\fISSL_SESSION_get_time\fR\|(3) family of functions. .PP Expired sessions are removed from the internal session cache, whenever -SSL_CTX_flush_sessions(3) is called, either +\&\fISSL_CTX_flush_sessions\fR\|(3) is called, either directly by the application or automatically (see -SSL_CTX_set_session_cache_mode(3)) +\&\fISSL_CTX_set_session_cache_mode\fR\|(3)) .PP The default value for session timeout is decided on a per protocol -basis, see SSL_get_default_timeout(3). +basis, see \fISSL_get_default_timeout\fR\|(3). All currently supported protocols have the same default timeout value of 300 seconds. .SH "RETURN VALUES" @@ -187,8 +178,8 @@ of 300 seconds. \&\fISSL_CTX_get_timeout()\fR returns the currently set timeout value. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), -SSL_CTX_set_session_cache_mode(3), -SSL_SESSION_get_time(3), -SSL_CTX_flush_sessions(3), -SSL_get_default_timeout(3) +\&\fIssl\fR\|(3), +\&\fISSL_CTX_set_session_cache_mode\fR\|(3), +\&\fISSL_SESSION_get_time\fR\|(3), +\&\fISSL_CTX_flush_sessions\fR\|(3), +\&\fISSL_get_default_timeout\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 index 6b798b6..415206d 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:42 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,28 +126,30 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_set_tmp_dh_callback 3" -.TH SSL_CTX_set_tmp_dh_callback 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_set_tmp_dh_callback 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_set_tmp_dh \- handle \s-1DH\s0 keys for ephemeral key exchange +SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_set_tmp_dh \- handle DH keys for ephemeral key exchange .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 3 \& void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, \& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)); \& long SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh); .Ve +.PP .Vb 3 \& void SSL_set_tmp_dh_callback(SSL_CTX *ctx, \& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)); \& long SSL_set_tmp_dh(SSL *ssl, DH *dh) .Ve +.PP .Vb 1 \& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)); .Ve @@ -194,7 +187,7 @@ In order to perform a \s-1DH\s0 key exchange the server must use a \s-1DH\s0 gro (\s-1DH\s0 parameters) and generate a \s-1DH\s0 key. The server will always generate a new \&\s-1DH\s0 key during the negotiation, when the \s-1DH\s0 parameters are supplied via callback and/or when the \s-1SSL_OP_SINGLE_DH_USE\s0 option of -SSL_CTX_set_options(3) is set. It will +\&\fISSL_CTX_set_options\fR\|(3) is set. It will immediately create a \s-1DH\s0 key, when \s-1DH\s0 parameters are supplied via \&\fISSL_CTX_set_tmp_dh()\fR and \s-1SSL_OP_SINGLE_DH_USE\s0 is not set. In this case, it may happen that a key is generated on initialization without later @@ -216,19 +209,19 @@ should not generate the parameters on the fly but supply the parameters. the negotiation. The risk in reusing \s-1DH\s0 parameters is that an attacker may specialize on a very often used \s-1DH\s0 group. Applications should therefore generate their own \s-1DH\s0 parameters during the installation process using the -openssl dhparam(1) application. In order to reduce the computer +openssl \fIdhparam\fR\|(1) application. In order to reduce the computer time needed for this generation, it is possible to use \s-1DSA\s0 parameters -instead (see dhparam(1)), but in this case \s-1SSL_OP_SINGLE_DH_USE\s0 +instead (see \fIdhparam\fR\|(1)), but in this case \s-1SSL_OP_SINGLE_DH_USE\s0 is mandatory. .PP Application authors may compile in \s-1DH\s0 parameters. Files dh512.pem, dh1024.pem, dh2048.pem, and dh4096 in the 'apps' directory of current version of the OpenSSL distribution contain the '\s-1SKIP\s0' \s-1DH\s0 parameters, -which use safe primes and were generated verifiably pseudo-randomly. +which use safe primes and were generated verifiably pseudo\-randomly. These files can be converted into C code using the \fB\-C\fR option of the -dhparam(1) application. +\&\fIdhparam\fR\|(1) application. Authors may also generate their own set of parameters using -dhparam(1), but a user may not be sure how the parameters were +\&\fIdhparam\fR\|(1), but a user may not be sure how the parameters were generated. The generation of \s-1DH\s0 parameters during installation is therefore recommended. .PP @@ -252,6 +245,7 @@ partly left out.) \& DH *dh_1024 = NULL; \& FILE *paramfile; .Ve +.PP .Vb 14 \& ... \& /* "openssl dhparam -out dh_param_512.pem -2 512" */ @@ -268,16 +262,19 @@ partly left out.) \& } \& ... .Ve +.PP .Vb 3 \& /* "openssl dhparam -C -2 512" etc... */ \& DH *get_dh512() { ... } \& DH *get_dh1024() { ... } .Ve +.PP .Vb 3 \& DH *tmp_dh_callback(SSL *s, int is_export, int keylength) \& { \& DH *dh_tmp=NULL; .Ve +.PP .Vb 17 \& switch (keylength) { \& case 512: @@ -306,7 +303,7 @@ diagnostic output. on failure. Check the error queue to find out the reason of failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_CTX_set_cipher_list(3), -SSL_CTX_set_tmp_rsa_callback(3), -SSL_CTX_set_options(3), -ciphers(1), dhparam(1) +\&\fIssl\fR\|(3), \fISSL_CTX_set_cipher_list\fR\|(3), +\&\fISSL_CTX_set_tmp_rsa_callback\fR\|(3), +\&\fISSL_CTX_set_options\fR\|(3), +\&\fIciphers\fR\|(1), \fIdhparam\fR\|(1) diff --git a/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 index 8391b49..71c5912 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:43 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,30 +126,32 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_set_tmp_rsa_callback 3" -.TH SSL_CTX_set_tmp_rsa_callback 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_set_tmp_rsa_callback 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_CTX_set_tmp_rsa_callback, SSL_CTX_set_tmp_rsa, SSL_CTX_need_tmp_rsa, SSL_set_tmp_rsa_callback, SSL_set_tmp_rsa, SSL_need_tmp_rsa \- handle \s-1RSA\s0 keys for ephemeral key exchange +SSL_CTX_set_tmp_rsa_callback, SSL_CTX_set_tmp_rsa, SSL_CTX_need_tmp_rsa, SSL_set_tmp_rsa_callback, SSL_set_tmp_rsa, SSL_need_tmp_rsa \- handle RSA keys for ephemeral key exchange .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 4 \& void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, \& RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength)); \& long SSL_CTX_set_tmp_rsa(SSL_CTX *ctx, RSA *rsa); \& long SSL_CTX_need_tmp_rsa(SSL_CTX *ctx); .Ve +.PP .Vb 4 \& void SSL_set_tmp_rsa_callback(SSL_CTX *ctx, \& RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength)); \& long SSL_set_tmp_rsa(SSL *ssl, RSA *rsa) \& long SSL_need_tmp_rsa(SSL *ssl) .Ve +.PP .Vb 1 \& RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength)); .Ve @@ -211,13 +204,13 @@ the \s-1TLS\s0 standard, when the \s-1RSA\s0 key can be used for signing only, t for export ciphers. Using ephemeral \s-1RSA\s0 key exchange for other purposes violates the standard and can break interoperability with clients. It is therefore strongly recommended to not use ephemeral \s-1RSA\s0 key -exchange and use \s-1EDH\s0 (Ephemeral Diffie-Hellman) key exchange instead +exchange and use \s-1EDH\s0 (Ephemeral Diffie\-Hellman) key exchange instead in order to achieve forward secrecy (see -SSL_CTX_set_tmp_dh_callback(3)). +\&\fISSL_CTX_set_tmp_dh_callback\fR\|(3)). .PP On OpenSSL servers ephemeral \s-1RSA\s0 key exchange is therefore disabled by default and must be explicitly enabled using the \s-1SSL_OP_EPHEMERAL_RSA\s0 option of -SSL_CTX_set_options(3), violating the \s-1TLS/SSL\s0 +\&\fISSL_CTX_set_options\fR\|(3), violating the \s-1TLS/SSL\s0 standard. When ephemeral \s-1RSA\s0 key exchange is required for export ciphers, it will automatically be used without this option! .PP @@ -247,24 +240,29 @@ respectively are generated. \& RSA *rsa_512 = NULL; \& RSA *rsa_1024 = NULL; .Ve +.PP .Vb 3 \& rsa_512 = RSA_generate_key(512,RSA_F4,NULL,NULL); \& if (rsa_512 == NULL) \& evaluate_error_queue(); .Ve +.PP .Vb 3 \& rsa_1024 = RSA_generate_key(1024,RSA_F4,NULL,NULL); \& if (rsa_1024 == NULL) \& evaluate_error_queue(); .Ve +.PP .Vb 1 \& ... .Ve +.PP .Vb 3 \& RSA *tmp_rsa_callback(SSL *s, int is_export, int keylength) \& { \& RSA *rsa_tmp=NULL; .Ve +.PP .Vb 24 \& switch (keylength) { \& case 512: @@ -303,7 +301,7 @@ on failure. Check the error queue to find out the reason of failure. \&\s-1RSA\s0 key is needed and 0 otherwise. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_CTX_set_cipher_list(3), -SSL_CTX_set_options(3), -SSL_CTX_set_tmp_dh_callback(3), -SSL_new(3), ciphers(1) +\&\fIssl\fR\|(3), \fISSL_CTX_set_cipher_list\fR\|(3), +\&\fISSL_CTX_set_options\fR\|(3), +\&\fISSL_CTX_set_tmp_dh_callback\fR\|(3), +\&\fISSL_new\fR\|(3), \fIciphers\fR\|(1) diff --git a/secure/lib/libssl/man/SSL_CTX_set_verify.3 b/secure/lib/libssl/man/SSL_CTX_set_verify.3 index 491c054..7f7a607 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_verify.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_verify.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:43 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_set_verify 3" -.TH SSL_CTX_set_verify 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_set_verify 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_CTX_set_verify, SSL_set_verify, SSL_CTX_set_verify_depth, SSL_set_verify_depth \- set peer certificate verification parameters .SH "SYNOPSIS" @@ -147,6 +137,7 @@ SSL_CTX_set_verify, SSL_set_verify, SSL_CTX_set_verify_depth, SSL_set_verify_dep .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 6 \& void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, \& int (*verify_callback)(int, X509_STORE_CTX *)); @@ -155,6 +146,7 @@ SSL_CTX_set_verify, SSL_set_verify, SSL_CTX_set_verify_depth, SSL_set_verify_dep \& void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth); \& void SSL_set_verify_depth(SSL *s, int depth); .Ve +.PP .Vb 1 \& int verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx); .Ve @@ -170,7 +162,7 @@ shall be specified, the \s-1NULL\s0 pointer can be used for \fBverify_callback\f this case last \fBverify_callback\fR set specifically for this \fBssl\fR remains. If no special \fBcallback\fR was set before, the default callback for the underlying \&\fBctx\fR is used, that was valid at the the time \fBssl\fR was created with -SSL_new(3). +\&\fISSL_new\fR\|(3). .PP \&\fISSL_CTX_set_verify_depth()\fR sets the maximum \fBdepth\fR for the certificate chain verification that shall be allowed for \fBctx\fR. (See the \s-1BUGS\s0 section.) @@ -181,7 +173,7 @@ verification that shall be allowed for \fBssl\fR. (See the \s-1BUGS\s0 section.) .IX Header "NOTES" The verification of certificates can be controlled by a set of logically or'ed \fBmode\fR flags: -.Ip "\s-1SSL_VERIFY_NONE\s0" 4 +.IP "\s-1SSL_VERIFY_NONE\s0" 4 .IX Item "SSL_VERIFY_NONE" \&\fBServer mode:\fR the server will not send a client certificate request to the client, so the client will not send a certificate. @@ -189,9 +181,9 @@ client, so the client will not send a certificate. \&\fBClient mode:\fR if not using an anonymous cipher (by default disabled), the server will send a certificate which will be checked. The result of the certificate verification process can be checked after the \s-1TLS/SSL\s0 handshake -using the SSL_get_verify_result(3) function. +using the \fISSL_get_verify_result\fR\|(3) function. The handshake will be continued regardless of the verification result. -.Ip "\s-1SSL_VERIFY_PEER\s0" 4 +.IP "\s-1SSL_VERIFY_PEER\s0" 4 .IX Item "SSL_VERIFY_PEER" \&\fBServer mode:\fR the server sends a client certificate request to the client. The certificate returned (if any) is checked. If the verification process @@ -206,14 +198,14 @@ fails, the \s-1TLS/SSL\s0 handshake is immediately terminated with an alert message containing the reason for the verification failure. If no server certificate is sent, because an anonymous cipher is used, \s-1SSL_VERIFY_PEER\s0 is ignored. -.Ip "\s-1SSL_VERIFY_FAIL_IF_NO_PEER_CERT\s0" 4 +.IP "\s-1SSL_VERIFY_FAIL_IF_NO_PEER_CERT\s0" 4 .IX Item "SSL_VERIFY_FAIL_IF_NO_PEER_CERT" \&\fBServer mode:\fR if the client did not return a certificate, the \s-1TLS/SSL\s0 handshake is immediately terminated with a \*(L"handshake failure\*(R" alert. This flag must be used together with \s-1SSL_VERIFY_PEER\s0. .Sp \&\fBClient mode:\fR ignored -.Ip "\s-1SSL_VERIFY_CLIENT_ONCE\s0" 4 +.IP "\s-1SSL_VERIFY_CLIENT_ONCE\s0" 4 .IX Item "SSL_VERIFY_CLIENT_ONCE" \&\fBServer mode:\fR only request a client certificate on the initial \s-1TLS/SSL\s0 handshake. Do not ask for a client certificate again in case of a @@ -227,7 +219,7 @@ set at any time. The actual verification procedure is performed either using the built-in verification procedure or using another application provided verification function set with -SSL_CTX_set_cert_verify_callback(3). +\&\fISSL_CTX_set_cert_verify_callback\fR\|(3). The following descriptions apply in the case of the built-in procedure. An application provided procedure also has access to the verify depth information and the \fIverify_callback()\fR function, but the way this information is used @@ -267,10 +259,10 @@ process is immediately stopped with \*(L"verification failed\*(R" state. If \&\s-1SSL_VERIFY_PEER\s0 is set, a verification failure alert is sent to the peer and the \s-1TLS/SSL\s0 handshake is terminated. If \fBverify_callback\fR returns 1, the verification process is continued. If \fBverify_callback\fR always returns -1, the \s-1TLS/SSL\s0 handshake will never be terminated because of this application -experiencing a verification failure. The calling process can however -retrieve the error code of the last verification error using -SSL_get_verify_result(3) or by maintaining its +1, the \s-1TLS/SSL\s0 handshake will not be terminated with respect to verification +failures and the connection will be established. The calling process can +however retrieve the error code of the last verification error using +\&\fISSL_get_verify_result\fR\|(3) or by maintaining its own error storage managed by \fBverify_callback\fR. .PP If no \fBverify_callback\fR is specified, the default callback will be used. @@ -305,8 +297,8 @@ certificates. .PP The example makes use of the ex_data technique to store application data into/retrieve application data from the \s-1SSL\s0 structure -(see SSL_get_ex_new_index(3), -SSL_get_ex_data_X509_STORE_CTX_idx(3)). +(see \fISSL_get_ex_new_index\fR\|(3), +\&\fISSL_get_ex_data_X509_STORE_CTX_idx\fR\|(3)). .PP .Vb 15 \& ... @@ -325,11 +317,13 @@ SSL_get_ex_data_X509_STORE_CTX_idx(3)). \& SSL *ssl; \& mydata_t *mydata; .Ve +.PP .Vb 3 \& err_cert = X509_STORE_CTX_get_current_cert(ctx); \& err = X509_STORE_CTX_get_error(ctx); \& depth = X509_STORE_CTX_get_error_depth(ctx); .Ve +.PP .Vb 6 \& /* \& * Retrieve the pointer to the SSL of the connection currently treated @@ -338,9 +332,11 @@ SSL_get_ex_data_X509_STORE_CTX_idx(3)). \& ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); \& mydata = SSL_get_ex_data(ssl, mydata_index); .Ve +.PP .Vb 1 \& X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256); .Ve +.PP .Vb 22 \& /* \& * Catch a too long certificate chain. The depth limit set using @@ -365,6 +361,7 @@ SSL_get_ex_data_X509_STORE_CTX_idx(3)). \& printf("depth=%d:%s\en", depth, buf); \& } .Ve +.PP .Vb 9 \& /* \& * At this point, err contains the last verification error. We can use @@ -376,6 +373,7 @@ SSL_get_ex_data_X509_STORE_CTX_idx(3)). \& printf("issuer= %s\en", buf); \& } .Ve +.PP .Vb 6 \& if (mydata->always_continue) \& return 1; @@ -384,18 +382,22 @@ SSL_get_ex_data_X509_STORE_CTX_idx(3)). \& } \& ... .Ve +.PP .Vb 1 \& mydata_t mydata; .Ve +.PP .Vb 2 \& ... \& mydata_index = SSL_get_ex_new_index(0, "mydata index", NULL, NULL, NULL); .Ve +.PP .Vb 3 \& ... \& SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE, \& verify_callback); .Ve +.PP .Vb 5 \& /* \& * Let the verify_callback catch the verify_depth error so that we get @@ -403,6 +405,7 @@ SSL_get_ex_data_X509_STORE_CTX_idx(3)). \& */ \& SSL_CTX_set_verify_depth(verify_depth + 1); .Ve +.PP .Vb 6 \& /* \& * Set up the SSL specific data into "mydata" and store it into th SSL @@ -411,6 +414,7 @@ SSL_get_ex_data_X509_STORE_CTX_idx(3)). \& mydata.verify_depth = verify_depth; ... \& SSL_set_ex_data(ssl, mydata_index, &mydata); .Ve +.PP .Vb 9 \& ... \& SSL_accept(ssl); /* check of success left out for clarity */ @@ -424,11 +428,11 @@ SSL_get_ex_data_X509_STORE_CTX_idx(3)). .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_new(3), -SSL_CTX_get_verify_mode(3), -SSL_get_verify_result(3), -SSL_CTX_load_verify_locations(3), -SSL_get_peer_certificate(3), -SSL_CTX_set_cert_verify_callback(3), -SSL_get_ex_data_X509_STORE_CTX_idx(3), -SSL_get_ex_new_index(3) +\&\fIssl\fR\|(3), \fISSL_new\fR\|(3), +\&\fISSL_CTX_get_verify_mode\fR\|(3), +\&\fISSL_get_verify_result\fR\|(3), +\&\fISSL_CTX_load_verify_locations\fR\|(3), +\&\fISSL_get_peer_certificate\fR\|(3), +\&\fISSL_CTX_set_cert_verify_callback\fR\|(3), +\&\fISSL_get_ex_data_X509_STORE_CTX_idx\fR\|(3), +\&\fISSL_get_ex_new_index\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_CTX_use_certificate.3 b/secure/lib/libssl/man/SSL_CTX_use_certificate.3 index d45fda3..b81f200 100644 --- a/secure/lib/libssl/man/SSL_CTX_use_certificate.3 +++ b/secure/lib/libssl/man/SSL_CTX_use_certificate.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:43 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_CTX_use_certificate 3" -.TH SSL_CTX_use_certificate 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_CTX_use_certificate 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, SSL_CTX_use_certificate_file, SSL_use_certificate, SSL_use_certificate_ASN1, SSL_use_certificate_file, SSL_CTX_use_certificate_chain_file, SSL_CTX_use_PrivateKey, SSL_CTX_use_PrivateKey_ASN1, SSL_CTX_use_PrivateKey_file, SSL_CTX_use_RSAPrivateKey, SSL_CTX_use_RSAPrivateKey_ASN1, SSL_CTX_use_RSAPrivateKey_file, SSL_use_PrivateKey_file, SSL_use_PrivateKey_ASN1, SSL_use_PrivateKey, SSL_use_RSAPrivateKey, SSL_use_RSAPrivateKey_ASN1, SSL_use_RSAPrivateKey_file, SSL_CTX_check_private_key, SSL_check_private_key \- load certificate and key data .SH "SYNOPSIS" @@ -147,6 +137,7 @@ SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, SSL_CTX_use_certificate_f .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 6 \& int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); \& int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d); @@ -155,9 +146,11 @@ SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, SSL_CTX_use_certificate_f \& int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len); \& int SSL_use_certificate_file(SSL *ssl, const char *file, int type); .Ve +.PP .Vb 1 \& int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); .Ve +.PP .Vb 13 \& int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); \& int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, unsigned char *d, @@ -173,9 +166,10 @@ SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, SSL_CTX_use_certificate_f \& int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); \& int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); .Ve +.PP .Vb 2 -\& int SSL_CTX_check_private_key(SSL_CTX *ctx); -\& int SSL_check_private_key(SSL *ssl); +\& int SSL_CTX_check_private_key(const SSL_CTX *ctx); +\& int SSL_check_private_key(const SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -184,18 +178,18 @@ or \s-1SSL\s0 object, respectively. .PP The SSL_CTX_* class of functions loads the certificates and keys into the \&\s-1SSL_CTX\s0 object \fBctx\fR. The information is passed to \s-1SSL\s0 objects \fBssl\fR -created from \fBctx\fR with SSL_new(3) by copying, so that +created from \fBctx\fR with \fISSL_new\fR\|(3) by copying, so that changes applied to \fBctx\fR do not propagate to already existing \s-1SSL\s0 objects. .PP The SSL_* class of functions only loads certificates and keys into a specific \s-1SSL\s0 object. The specific information is kept, when -SSL_clear(3) is called for this \s-1SSL\s0 object. +\&\fISSL_clear\fR\|(3) is called for this \s-1SSL\s0 object. .PP \&\fISSL_CTX_use_certificate()\fR loads the certificate \fBx\fR into \fBctx\fR, \&\fISSL_use_certificate()\fR loads \fBx\fR into \fBssl\fR. The rest of the certificates needed to form the complete certificate chain can be specified using the -SSL_CTX_add_extra_chain_cert(3) +\&\fISSL_CTX_add_extra_chain_cert\fR\|(3) function. .PP \&\fISSL_CTX_use_certificate_ASN1()\fR loads the \s-1ASN1\s0 encoded certificate from @@ -211,13 +205,20 @@ should be preferred. .PP \&\fISSL_CTX_use_certificate_chain_file()\fR loads a certificate chain from \&\fBfile\fR into \fBctx\fR. The certificates must be in \s-1PEM\s0 format and must -be sorted starting with the certificate to the highest level (root \s-1CA\s0). +be sorted starting with the subject's certificate (actual client or server +certificate), followed by intermediate \s-1CA\s0 certificates if applicable, and +ending at the highest level (root) \s-1CA\s0. There is no corresponding function working on a single \s-1SSL\s0 object. .PP \&\fISSL_CTX_use_PrivateKey()\fR adds \fBpkey\fR as private key to \fBctx\fR. \&\fISSL_CTX_use_RSAPrivateKey()\fR adds the private key \fBrsa\fR of type \s-1RSA\s0 to \fBctx\fR. \fISSL_use_PrivateKey()\fR adds \fBpkey\fR as private key to \fBssl\fR; \&\fISSL_use_RSAPrivateKey()\fR adds \fBrsa\fR as private key of type \s-1RSA\s0 to \fBssl\fR. +If a certificate has already been set and the private does not belong +to the certificate an error is returned. To change a certificate, private +key pair the new certificate needs to be set with \fISSL_use_certificate()\fR +or \fISSL_CTX_use_certificate()\fR before setting the private key with +\&\fISSL_CTX_use_PrivateKey()\fR or \fISSL_use_PrivateKey()\fR. .PP \&\fISSL_CTX_use_PrivateKey_ASN1()\fR adds the private key of type \fBpk\fR stored at memory location \fBd\fR (length \fBlen\fR) to \fBctx\fR. @@ -246,7 +247,7 @@ this \fBssl\fR, the last item added into \fBctx\fR will be checked. The internal certificate store of OpenSSL can hold two private key/certificate pairs at a time: one key/certificate of type \s-1RSA\s0 and one key/certificate of type \s-1DSA\s0. The certificate used depends on the cipher select, see -also SSL_CTX_set_cipher_list(3). +also \fISSL_CTX_set_cipher_list\fR\|(3). .PP When reading certificates and private keys from file, files of type \&\s-1SSL_FILETYPE_ASN1\s0 (also known as \fB\s-1DER\s0\fR, binary encoding) can only contain @@ -257,7 +258,7 @@ Files of type \s-1SSL_FILETYPE_PEM\s0 can contain more than one item. \&\fISSL_CTX_use_certificate_chain_file()\fR adds the first certificate found in the file to the certificate store. The other certificates are added to the store of chain certificates using -SSL_CTX_add_extra_chain_cert(3). +\&\fISSL_CTX_add_extra_chain_cert\fR\|(3). There exists only one extra chain store, so that the same chain is appended to both types of certificates, \s-1RSA\s0 and \s-1DSA\s0! If it is not intended to use both type of certificate at the same time, it is recommended to use the @@ -270,12 +271,12 @@ when the \s-1CA\s0 issuing the certificate shall not be added to the trusted If additional certificates are needed to complete the chain during the \&\s-1TLS\s0 negotiation, \s-1CA\s0 certificates are additionally looked up in the locations of trusted \s-1CA\s0 certificates, see -SSL_CTX_load_verify_locations(3). +\&\fISSL_CTX_load_verify_locations\fR\|(3). .PP The private keys loaded from file can be encrypted. In order to successfully load encrypted keys, a function returning the passphrase must have been supplied, see -SSL_CTX_set_default_passwd_cb(3). +\&\fISSL_CTX_set_default_passwd_cb\fR\|(3). (Certificate files might be encrypted as well from the technical point of view, it however does not make sense as the data in the certificate is considered public anyway.) @@ -285,9 +286,14 @@ On success, the functions return 1. Otherwise check out the error stack to find out the reason. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_new(3), SSL_clear(3), -SSL_CTX_load_verify_locations(3), -SSL_CTX_set_default_passwd_cb(3), -SSL_CTX_set_cipher_list(3), -SSL_CTX_set_client_cert_cb(3), -SSL_CTX_add_extra_chain_cert(3) +\&\fIssl\fR\|(3), \fISSL_new\fR\|(3), \fISSL_clear\fR\|(3), +\&\fISSL_CTX_load_verify_locations\fR\|(3), +\&\fISSL_CTX_set_default_passwd_cb\fR\|(3), +\&\fISSL_CTX_set_cipher_list\fR\|(3), +\&\fISSL_CTX_set_client_cert_cb\fR\|(3), +\&\fISSL_CTX_add_extra_chain_cert\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +Support for \s-1DER\s0 encoded private keys (\s-1SSL_FILETYPE_ASN1\s0) in +\&\fISSL_CTX_use_PrivateKey_file()\fR and \fISSL_use_PrivateKey_file()\fR was added +in 0.9.8 . diff --git a/secure/lib/libssl/man/SSL_SESSION_free.3 b/secure/lib/libssl/man/SSL_SESSION_free.3 index 9d01628..f41f2fc 100644 --- a/secure/lib/libssl/man/SSL_SESSION_free.3 +++ b/secure/lib/libssl/man/SSL_SESSION_free.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:43 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,18 +126,18 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_SESSION_free 3" -.TH SSL_SESSION_free 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_SESSION_free 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_SESSION_free \- free an allocated \s-1SSL_SESSION\s0 structure +SSL_SESSION_free \- free an allocated SSL_SESSION structure .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 \& void SSL_SESSION_free(SSL_SESSION *session); .Ve @@ -159,7 +150,7 @@ memory, if the the reference count has reached 0. .IX Header "NOTES" \&\s-1SSL_SESSION\s0 objects are allocated, when a \s-1TLS/SSL\s0 handshake operation is successfully completed. Depending on the settings, see -SSL_CTX_set_session_cache_mode(3), +\&\fISSL_CTX_set_session_cache_mode\fR\|(3), the \s-1SSL_SESSION\s0 objects are internally referenced by the \s-1SSL_CTX\s0 and linked into its session cache. \s-1SSL\s0 objects may be using the \s-1SSL_SESSION\s0 object; as a session may be reused, several \s-1SSL\s0 objects may be using one \s-1SSL_SESSION\s0 @@ -170,13 +161,13 @@ dangling pointers. These failures may also appear delayed, e.g. when an \s-1SSL_SESSION\s0 object was completely freed as the reference count incorrectly became 0, but it is still referenced in the internal session cache and the cache list is processed during a -SSL_CTX_flush_sessions(3) operation. +\&\fISSL_CTX_flush_sessions\fR\|(3) operation. .PP \&\fISSL_SESSION_free()\fR must only be called for \s-1SSL_SESSION\s0 objects, for which the reference count was explicitly incremented (e.g. -by calling \fISSL_get1_session()\fR, see SSL_get_session(3)) +by calling \fISSL_get1_session()\fR, see \fISSL_get_session\fR\|(3)) or when the \s-1SSL_SESSION\s0 object was generated outside a \s-1TLS\s0 handshake -operation, e.g. by using d2i_SSL_SESSION(3). +operation, e.g. by using \fId2i_SSL_SESSION\fR\|(3). It must not be called on other \s-1SSL_SESSION\s0 objects, as this would cause incorrect reference counts and therefore program failures. .SH "RETURN VALUES" @@ -184,7 +175,7 @@ incorrect reference counts and therefore program failures. \&\fISSL_SESSION_free()\fR does not provide diagnostic information. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_get_session(3), -SSL_CTX_set_session_cache_mode(3), -SSL_CTX_flush_sessions(3), - d2i_SSL_SESSION(3) +\&\fIssl\fR\|(3), \fISSL_get_session\fR\|(3), +\&\fISSL_CTX_set_session_cache_mode\fR\|(3), +\&\fISSL_CTX_flush_sessions\fR\|(3), + \fId2i_SSL_SESSION\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 b/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 index 6b8425f..f5dc917 100644 --- a/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 +++ b/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:43 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_SESSION_get_ex_new_index 3" -.TH SSL_SESSION_get_ex_new_index 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_SESSION_get_ex_new_index 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_SESSION_get_ex_new_index, SSL_SESSION_set_ex_data, SSL_SESSION_get_ex_data \- internal application specific data functions .SH "SYNOPSIS" @@ -147,18 +137,22 @@ SSL_SESSION_get_ex_new_index, SSL_SESSION_set_ex_data, SSL_SESSION_get_ex_data \ .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 4 \& int SSL_SESSION_get_ex_new_index(long argl, void *argp, \& CRYPTO_EX_new *new_func, \& CRYPTO_EX_dup *dup_func, \& CRYPTO_EX_free *free_func); .Ve +.PP .Vb 1 \& int SSL_SESSION_set_ex_data(SSL_SESSION *session, int idx, void *arg); .Ve +.PP .Vb 1 -\& void *SSL_SESSION_get_ex_data(SSL_SESSION *session, int idx); +\& void *SSL_SESSION_get_ex_data(const SSL_SESSION *session, int idx); .Ve +.PP .Vb 6 \& typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, \& int idx, long argl, void *argp); @@ -183,9 +177,9 @@ into the \fBsession\fR object. \&\fBsession\fR. .PP A detailed description for the \fB*\f(BI_get_ex_new_index()\fB\fR functionality -can be found in RSA_get_ex_new_index(3). +can be found in \fIRSA_get_ex_new_index\fR\|(3). The \fB*\f(BI_get_ex_data()\fB\fR and \fB*\f(BI_set_ex_data()\fB\fR functionality is described in -CRYPTO_set_ex_data(3). +\&\fICRYPTO_set_ex_data\fR\|(3). .SH "WARNINGS" .IX Header "WARNINGS" The application data is only maintained for sessions held in memory. The @@ -195,6 +189,6 @@ like \fIPEM_write_SSL_SESSION()\fR and \fIPEM_write_bio_SSL_SESSION()\fR) and ca therefore not be restored. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), -RSA_get_ex_new_index(3), -CRYPTO_set_ex_data(3) +\&\fIssl\fR\|(3), +\&\fIRSA_get_ex_new_index\fR\|(3), +\&\fICRYPTO_set_ex_data\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_SESSION_get_time.3 b/secure/lib/libssl/man/SSL_SESSION_get_time.3 index 7d268b3..72a709a 100644 --- a/secure/lib/libssl/man/SSL_SESSION_get_time.3 +++ b/secure/lib/libssl/man/SSL_SESSION_get_time.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:44 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_SESSION_get_time 3" -.TH SSL_SESSION_get_time 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_SESSION_get_time 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_SESSION_get_time, SSL_SESSION_set_time, SSL_SESSION_get_timeout, SSL_SESSION_get_timeout \- retrieve and manipulate session time and timeout settings .SH "SYNOPSIS" @@ -147,16 +137,18 @@ SSL_SESSION_get_time, SSL_SESSION_set_time, SSL_SESSION_get_timeout, SSL_SESSION .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 4 -\& long SSL_SESSION_get_time(SSL_SESSION *s); +\& long SSL_SESSION_get_time(const SSL_SESSION *s); \& long SSL_SESSION_set_time(SSL_SESSION *s, long tm); -\& long SSL_SESSION_get_timeout(SSL_SESSION *s); +\& long SSL_SESSION_get_timeout(const SSL_SESSION *s); \& long SSL_SESSION_set_timeout(SSL_SESSION *s, long tm); .Ve +.PP .Vb 4 -\& long SSL_get_time(SSL_SESSION *s); +\& long SSL_get_time(const SSL_SESSION *s); \& long SSL_set_time(SSL_SESSION *s, long tm); -\& long SSL_get_timeout(SSL_SESSION *s); +\& long SSL_get_timeout(const SSL_SESSION *s); \& long SSL_set_timeout(SSL_SESSION *s, long tm); .Ve .SH "DESCRIPTION" @@ -181,7 +173,7 @@ functions are synonyms for the SSL_SESSION_*() counterparts. Sessions are expired by examining the creation time and the timeout value. Both are set at creation time of the session to the actual time and the default timeout value at creation, respectively, as set by -SSL_CTX_set_timeout(3). +\&\fISSL_CTX_set_timeout\fR\|(3). Using these functions it is possible to extend or shorten the lifetime of the session. .SH "RETURN VALUES" @@ -195,6 +187,6 @@ If any of the function is passed the \s-1NULL\s0 pointer for the session \fBs\fR 0 is returned. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), -SSL_CTX_set_timeout(3), -SSL_get_default_timeout(3) +\&\fIssl\fR\|(3), +\&\fISSL_CTX_set_timeout\fR\|(3), +\&\fISSL_get_default_timeout\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_accept.3 b/secure/lib/libssl/man/SSL_accept.3 index 2e44eed..0b9919a 100644 --- a/secure/lib/libssl/man/SSL_accept.3 +++ b/secure/lib/libssl/man/SSL_accept.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:44 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,18 +126,18 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_accept 3" -.TH SSL_accept 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_accept 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_accept \- wait for a \s-1TLS/SSL\s0 client to initiate a \s-1TLS/SSL\s0 handshake +SSL_accept \- wait for a TLS/SSL client to initiate a TLS/SSL handshake .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 \& int SSL_accept(SSL *ssl); .Ve @@ -167,7 +158,8 @@ should be called again. .PP If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_accept()\fR will also return when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_accept()\fR -to continue the handshake. In this case a call to \fISSL_get_error()\fR with the +to continue the handshake, indicating the problem by the return value \-1. +In this case a call to \fISSL_get_error()\fR with the return value of \fISSL_accept()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or \&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after taking appropriate action to satisfy the needs of \fISSL_accept()\fR. @@ -178,15 +170,15 @@ into or retrieved out of the \s-1BIO\s0 before being able to continue. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.Ip "1" 4 +.IP "1" 4 .IX Item "1" The \s-1TLS/SSL\s0 handshake was successfully completed, a \s-1TLS/SSL\s0 connection has been established. -.Ip "0" 4 +.IP "0" 4 The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fISSL_get_error()\fR with the return value \fBret\fR to find out the reason. -.Ip "<0" 4 +.IP "<0" 4 .IX Item "<0" The \s-1TLS/SSL\s0 handshake was not successful because a fatal error occurred either at the protocol level or a connection failure occurred. The shutdown was @@ -195,8 +187,8 @@ for non-blocking BIOs. Call \fISSL_get_error()\fR with the return value \fBret\f to find out the reason. .SH "SEE ALSO" .IX Header "SEE ALSO" -SSL_get_error(3), SSL_connect(3), -SSL_shutdown(3), ssl(3), bio(3), -SSL_set_connect_state(3), -SSL_do_handshake(3), -SSL_CTX_new(3) +\&\fISSL_get_error\fR\|(3), \fISSL_connect\fR\|(3), +\&\fISSL_shutdown\fR\|(3), \fIssl\fR\|(3), \fIbio\fR\|(3), +\&\fISSL_set_connect_state\fR\|(3), +\&\fISSL_do_handshake\fR\|(3), +\&\fISSL_CTX_new\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_alert_type_string.3 b/secure/lib/libssl/man/SSL_alert_type_string.3 index 114cd49..6305128 100644 --- a/secure/lib/libssl/man/SSL_alert_type_string.3 +++ b/secure/lib/libssl/man/SSL_alert_type_string.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:44 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_alert_type_string 3" -.TH SSL_alert_type_string 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_alert_type_string 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_alert_type_string, SSL_alert_type_string_long, SSL_alert_desc_string, SSL_alert_desc_string_long \- get textual description of alert information .SH "SYNOPSIS" @@ -147,10 +137,12 @@ SSL_alert_type_string, SSL_alert_type_string_long, SSL_alert_desc_string, SSL_al .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 2 \& const char *SSL_alert_type_string(int value); \& const char *SSL_alert_type_string_long(int value); .Ve +.PP .Vb 2 \& const char *SSL_alert_desc_string(int value); \& const char *SSL_alert_desc_string_long(int value); @@ -189,156 +181,156 @@ by the \s-1TLS\s0 \s-1RFC\s0. A fatal alert always leads to a connection abort. .IX Header "RETURN VALUES" The following strings can occur for \fISSL_alert_type_string()\fR or \&\fISSL_alert_type_string_long()\fR: -.if n .Ip """""W""""/""""warning""""" 4 -.el .Ip "``W''/``warning''" 4 -.IX Item ""W/warning" +.ie n .IP """W""/""warning""" 4 +.el .IP "``W''/``warning''" 4 +.IX Item "W/warning" .PD 0 -.if n .Ip """""F""""/""""fatal""""" 4 -.el .Ip "``F''/``fatal''" 4 -.IX Item ""F/fatal" -.if n .Ip """""U""""/""""unknown""""" 4 -.el .Ip "``U''/``unknown''" 4 -.IX Item ""U/unknown" +.ie n .IP """F""/""fatal""" 4 +.el .IP "``F''/``fatal''" 4 +.IX Item "F/fatal" +.ie n .IP """U""/""unknown""" 4 +.el .IP "``U''/``unknown''" 4 +.IX Item "U/unknown" .PD This indicates that no support is available for this alert type. Probably \fBvalue\fR does not contain a correct alert message. .PP The following strings can occur for \fISSL_alert_desc_string()\fR or \&\fISSL_alert_desc_string_long()\fR: -.if n .Ip """""\s-1CN\s0""""/""""close notify""""" 4 -.el .Ip "``\s-1CN\s0''/``close notify''" 4 -.IX Item ""CN/close notify" +.ie n .IP """\s-1CN\s0""/""close notify""" 4 +.el .IP "``\s-1CN\s0''/``close notify''" 4 +.IX Item "CN/close notify" The connection shall be closed. This is a warning alert. -.if n .Ip """""\s-1UM\s0""""/""""unexpected message""""" 4 -.el .Ip "``\s-1UM\s0''/``unexpected message''" 4 -.IX Item ""UM/unexpected message" +.ie n .IP """\s-1UM\s0""/""unexpected message""" 4 +.el .IP "``\s-1UM\s0''/``unexpected message''" 4 +.IX Item "UM/unexpected message" An inappropriate message was received. This alert is always fatal and should never be observed in communication between proper implementations. -.if n .Ip """""\s-1BM\s0""""/""""bad record mac""""" 4 -.el .Ip "``\s-1BM\s0''/``bad record mac''" 4 -.IX Item ""BM/bad record mac" +.ie n .IP """\s-1BM\s0""/""bad record mac""" 4 +.el .IP "``\s-1BM\s0''/``bad record mac''" 4 +.IX Item "BM/bad record mac" This alert is returned if a record is received with an incorrect \&\s-1MAC\s0. This message is always fatal. -.if n .Ip """""\s-1DF\s0""""/""""decompression failure""""" 4 -.el .Ip "``\s-1DF\s0''/``decompression failure''" 4 -.IX Item ""DF/decompression failure" +.ie n .IP """\s-1DF\s0""/""decompression failure""" 4 +.el .IP "``\s-1DF\s0''/``decompression failure''" 4 +.IX Item "DF/decompression failure" The decompression function received improper input (e.g. data that would expand to excessive length). This message is always fatal. -.if n .Ip """""\s-1HF\s0""""/""""handshake failure""""" 4 -.el .Ip "``\s-1HF\s0''/``handshake failure''" 4 -.IX Item ""HF/handshake failure" +.ie n .IP """\s-1HF\s0""/""handshake failure""" 4 +.el .IP "``\s-1HF\s0''/``handshake failure''" 4 +.IX Item "HF/handshake failure" Reception of a handshake_failure alert message indicates that the sender was unable to negotiate an acceptable set of security parameters given the options available. This is a fatal error. -.if n .Ip """""\s-1NC\s0""""/""""no certificate""""" 4 -.el .Ip "``\s-1NC\s0''/``no certificate''" 4 -.IX Item ""NC/no certificate" +.ie n .IP """\s-1NC\s0""/""no certificate""" 4 +.el .IP "``\s-1NC\s0''/``no certificate''" 4 +.IX Item "NC/no certificate" A client, that was asked to send a certificate, does not send a certificate (SSLv3 only). -.if n .Ip """""\s-1BC\s0""""/""""bad certificate""""" 4 -.el .Ip "``\s-1BC\s0''/``bad certificate''" 4 -.IX Item ""BC/bad certificate" +.ie n .IP """\s-1BC\s0""/""bad certificate""" 4 +.el .IP "``\s-1BC\s0''/``bad certificate''" 4 +.IX Item "BC/bad certificate" A certificate was corrupt, contained signatures that did not verify correctly, etc -.if n .Ip """""\s-1UC\s0""""/""""unsupported certificate""""" 4 -.el .Ip "``\s-1UC\s0''/``unsupported certificate''" 4 -.IX Item ""UC/unsupported certificate" +.ie n .IP """\s-1UC\s0""/""unsupported certificate""" 4 +.el .IP "``\s-1UC\s0''/``unsupported certificate''" 4 +.IX Item "UC/unsupported certificate" A certificate was of an unsupported type. -.if n .Ip """""\s-1CR\s0""""/""""certificate revoked""""" 4 -.el .Ip "``\s-1CR\s0''/``certificate revoked''" 4 -.IX Item ""CR/certificate revoked" +.ie n .IP """\s-1CR\s0""/""certificate revoked""" 4 +.el .IP "``\s-1CR\s0''/``certificate revoked''" 4 +.IX Item "CR/certificate revoked" A certificate was revoked by its signer. -.if n .Ip """""\s-1CE\s0""""/""""certificate expired""""" 4 -.el .Ip "``\s-1CE\s0''/``certificate expired''" 4 -.IX Item ""CE/certificate expired" +.ie n .IP """\s-1CE\s0""/""certificate expired""" 4 +.el .IP "``\s-1CE\s0''/``certificate expired''" 4 +.IX Item "CE/certificate expired" A certificate has expired or is not currently valid. -.if n .Ip """""\s-1CU\s0""""/""""certificate unknown""""" 4 -.el .Ip "``\s-1CU\s0''/``certificate unknown''" 4 -.IX Item ""CU/certificate unknown" +.ie n .IP """\s-1CU\s0""/""certificate unknown""" 4 +.el .IP "``\s-1CU\s0''/``certificate unknown''" 4 +.IX Item "CU/certificate unknown" Some other (unspecified) issue arose in processing the certificate, rendering it unacceptable. -.if n .Ip """""\s-1IP\s0""""/""""illegal parameter""""" 4 -.el .Ip "``\s-1IP\s0''/``illegal parameter''" 4 -.IX Item ""IP/illegal parameter" +.ie n .IP """\s-1IP\s0""/""illegal parameter""" 4 +.el .IP "``\s-1IP\s0''/``illegal parameter''" 4 +.IX Item "IP/illegal parameter" A field in the handshake was out of range or inconsistent with other fields. This is always fatal. -.if n .Ip """""\s-1DC\s0""""/""""decryption failed""""" 4 -.el .Ip "``\s-1DC\s0''/``decryption failed''" 4 -.IX Item ""DC/decryption failed" +.ie n .IP """\s-1DC\s0""/""decryption failed""" 4 +.el .IP "``\s-1DC\s0''/``decryption failed''" 4 +.IX Item "DC/decryption failed" A TLSCiphertext decrypted in an invalid way: either it wasn't an even multiple of the block length or its padding values, when checked, weren't correct. This message is always fatal. -.if n .Ip """""\s-1RO\s0""""/""""record overflow""""" 4 -.el .Ip "``\s-1RO\s0''/``record overflow''" 4 -.IX Item ""RO/record overflow" +.ie n .IP """\s-1RO\s0""/""record overflow""" 4 +.el .IP "``\s-1RO\s0''/``record overflow''" 4 +.IX Item "RO/record overflow" A TLSCiphertext record was received which had a length more than 2^14+2048 bytes, or a record decrypted to a TLSCompressed record with more than 2^14+1024 bytes. This message is always fatal. -.if n .Ip """""\s-1CA\s0""""/""""unknown \s-1CA\s0""""" 4 -.el .Ip "``\s-1CA\s0''/``unknown \s-1CA\s0''" 4 -.IX Item ""CA/unknown CA" +.ie n .IP """\s-1CA\s0""/""unknown \s-1CA\s0""" 4 +.el .IP "``\s-1CA\s0''/``unknown \s-1CA\s0''" 4 +.IX Item "CA/unknown CA" A valid certificate chain or partial chain was received, but the certificate was not accepted because the \s-1CA\s0 certificate could not be located or couldn't be matched with a known, trusted \s-1CA\s0. This message is always fatal. -.if n .Ip """""\s-1AD\s0""""/""""access denied""""" 4 -.el .Ip "``\s-1AD\s0''/``access denied''" 4 -.IX Item ""AD/access denied" +.ie n .IP """\s-1AD\s0""/""access denied""" 4 +.el .IP "``\s-1AD\s0''/``access denied''" 4 +.IX Item "AD/access denied" A valid certificate was received, but when access control was applied, the sender decided not to proceed with negotiation. This message is always fatal. -.if n .Ip """""\s-1DE\s0""""/""""decode error""""" 4 -.el .Ip "``\s-1DE\s0''/``decode error''" 4 -.IX Item ""DE/decode error" +.ie n .IP """\s-1DE\s0""/""decode error""" 4 +.el .IP "``\s-1DE\s0''/``decode error''" 4 +.IX Item "DE/decode error" A message could not be decoded because some field was out of the specified range or the length of the message was incorrect. This message is always fatal. -.if n .Ip """""\s-1CY\s0""""/""""decrypt error""""" 4 -.el .Ip "``\s-1CY\s0''/``decrypt error''" 4 -.IX Item ""CY/decrypt error" +.ie n .IP """\s-1CY\s0""/""decrypt error""" 4 +.el .IP "``\s-1CY\s0''/``decrypt error''" 4 +.IX Item "CY/decrypt error" A handshake cryptographic operation failed, including being unable to correctly verify a signature, decrypt a key exchange, or validate a finished message. -.if n .Ip """""\s-1ER\s0""""/""""export restriction""""" 4 -.el .Ip "``\s-1ER\s0''/``export restriction''" 4 -.IX Item ""ER/export restriction" +.ie n .IP """\s-1ER\s0""/""export restriction""" 4 +.el .IP "``\s-1ER\s0''/``export restriction''" 4 +.IX Item "ER/export restriction" A negotiation not in compliance with export restrictions was detected; for example, attempting to transfer a 1024 bit ephemeral \s-1RSA\s0 key for the \s-1RSA_EXPORT\s0 handshake method. This message is always fatal. -.if n .Ip """""\s-1PV\s0""""/""""protocol version""""" 4 -.el .Ip "``\s-1PV\s0''/``protocol version''" 4 -.IX Item ""PV/protocol version" +.ie n .IP """\s-1PV\s0""/""protocol version""" 4 +.el .IP "``\s-1PV\s0''/``protocol version''" 4 +.IX Item "PV/protocol version" The protocol version the client has attempted to negotiate is recognized, but not supported. (For example, old protocol versions might be avoided for security reasons). This message is always fatal. -.if n .Ip """""\s-1IS\s0""""/""""insufficient security""""" 4 -.el .Ip "``\s-1IS\s0''/``insufficient security''" 4 -.IX Item ""IS/insufficient security" +.ie n .IP """\s-1IS\s0""/""insufficient security""" 4 +.el .IP "``\s-1IS\s0''/``insufficient security''" 4 +.IX Item "IS/insufficient security" Returned instead of handshake_failure when a negotiation has failed specifically because the server requires ciphers more secure than those supported by the client. This message is always fatal. -.if n .Ip """""\s-1IE\s0""""/""""internal error""""" 4 -.el .Ip "``\s-1IE\s0''/``internal error''" 4 -.IX Item ""IE/internal error" +.ie n .IP """\s-1IE\s0""/""internal error""" 4 +.el .IP "``\s-1IE\s0''/``internal error''" 4 +.IX Item "IE/internal error" An internal error unrelated to the peer or the correctness of the protocol makes it impossible to continue (such as a memory allocation failure). This message is always fatal. -.if n .Ip """""\s-1US\s0""""/""""user canceled""""" 4 -.el .Ip "``\s-1US\s0''/``user canceled''" 4 -.IX Item ""US/user canceled" +.ie n .IP """\s-1US\s0""/""user canceled""" 4 +.el .IP "``\s-1US\s0''/``user canceled''" 4 +.IX Item "US/user canceled" This handshake is being canceled for some reason unrelated to a protocol failure. If the user cancels an operation after the handshake is complete, just closing the connection by sending a close_notify is more appropriate. This alert should be followed by a close_notify. This message is generally a warning. -.if n .Ip """""\s-1NR\s0""""/""""no renegotiation""""" 4 -.el .Ip "``\s-1NR\s0''/``no renegotiation''" 4 -.IX Item ""NR/no renegotiation" +.ie n .IP """\s-1NR\s0""/""no renegotiation""" 4 +.el .IP "``\s-1NR\s0''/``no renegotiation''" 4 +.IX Item "NR/no renegotiation" Sent by the client in response to a hello request or by the server in response to a client hello after initial handshaking. Either of these would normally lead to renegotiation; when that @@ -350,11 +342,11 @@ satisfy a request; the process might receive security parameters (key length, authentication, etc.) at startup and it might be difficult to communicate changes to these parameters after that point. This message is always a warning. -.if n .Ip """""\s-1UK\s0""""/""""unknown""""" 4 -.el .Ip "``\s-1UK\s0''/``unknown''" 4 -.IX Item ""UK/unknown" +.ie n .IP """\s-1UK\s0""/""unknown""" 4 +.el .IP "``\s-1UK\s0''/``unknown''" 4 +.IX Item "UK/unknown" This indicates that no description is available for this alert type. Probably \fBvalue\fR does not contain a correct alert message. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_CTX_set_info_callback(3) +\&\fIssl\fR\|(3), \fISSL_CTX_set_info_callback\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_clear.3 b/secure/lib/libssl/man/SSL_clear.3 index 26afe9e..0defcb1 100644 --- a/secure/lib/libssl/man/SSL_clear.3 +++ b/secure/lib/libssl/man/SSL_clear.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:44 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,18 +126,18 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_clear 3" -.TH SSL_clear 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_clear 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_clear \- reset \s-1SSL\s0 object to allow another connection +SSL_clear \- reset SSL object to allow another connection .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 \& int SSL_clear(SSL *ssl); .Ve @@ -160,8 +151,8 @@ SSL_clear is used to prepare an \s-1SSL\s0 object for a new connection. While al settings are kept, a side effect is the handling of the current \s-1SSL\s0 session. If a session is still \fBopen\fR, it is considered bad and will be removed from the session cache, as required by \s-1RFC2246\s0. A session is considered open, -if SSL_shutdown(3) was not called for the connection -or at least SSL_set_shutdown(3) was used to +if \fISSL_shutdown\fR\|(3) was not called for the connection +or at least \fISSL_set_shutdown\fR\|(3) was used to set the \s-1SSL_SENT_SHUTDOWN\s0 state. .PP If a session was closed cleanly, the session object will be kept and all @@ -170,7 +161,7 @@ used during the session will be kept for the next handshake. So if the session was a TLSv1 session, a \s-1SSL\s0 client object will use a TLSv1 client method for the next handshake and a \s-1SSL\s0 server object will use a TLSv1 server method, even if SSLv23_*_methods were chosen on startup. This -will might lead to connection failures (see SSL_new(3)) +will might lead to connection failures (see \fISSL_new\fR\|(3)) for a description of the method's properties. .SH "WARNINGS" .IX Header "WARNINGS" @@ -180,18 +171,18 @@ reset operation however keeps several settings of the last sessions handshake). It only makes sense when opening a new session (or reusing an old one) with the same peer that shares these settings. \&\fISSL_clear()\fR is not a short form for the sequence -SSL_free(3); SSL_new(3); . +\&\fISSL_free\fR\|(3); \fISSL_new\fR\|(3); . .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.Ip "0" 4 +.IP "0" 4 The \fISSL_clear()\fR operation could not be performed. Check the error stack to find out the reason. -.Ip "1" 4 +.IP "1" 4 .IX Item "1" The \fISSL_clear()\fR operation was successful. .PP -SSL_new(3), SSL_free(3), -SSL_shutdown(3), SSL_set_shutdown(3), -SSL_CTX_set_options(3), ssl(3), -SSL_CTX_set_client_cert_cb(3) +\&\fISSL_new\fR\|(3), \fISSL_free\fR\|(3), +\&\fISSL_shutdown\fR\|(3), \fISSL_set_shutdown\fR\|(3), +\&\fISSL_CTX_set_options\fR\|(3), \fIssl\fR\|(3), +\&\fISSL_CTX_set_client_cert_cb\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_connect.3 b/secure/lib/libssl/man/SSL_connect.3 index f79ab00..7fa74eb 100644 --- a/secure/lib/libssl/man/SSL_connect.3 +++ b/secure/lib/libssl/man/SSL_connect.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:44 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,18 +126,18 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_connect 3" -.TH SSL_connect 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_connect 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_connect \- initiate the \s-1TLS/SSL\s0 handshake with an \s-1TLS/SSL\s0 server +SSL_connect \- initiate the TLS/SSL handshake with an TLS/SSL server .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 \& int SSL_connect(SSL *ssl); .Ve @@ -164,7 +155,8 @@ handshake has been finished or an error occurred. .PP If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_connect()\fR will also return when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_connect()\fR -to continue the handshake. In this case a call to \fISSL_get_error()\fR with the +to continue the handshake, indicating the problem by the return value \-1. +In this case a call to \fISSL_get_error()\fR with the return value of \fISSL_connect()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or \&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after taking appropriate action to satisfy the needs of \fISSL_connect()\fR. @@ -175,15 +167,15 @@ into or retrieved out of the \s-1BIO\s0 before being able to continue. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.Ip "1" 4 +.IP "1" 4 .IX Item "1" The \s-1TLS/SSL\s0 handshake was successfully completed, a \s-1TLS/SSL\s0 connection has been established. -.Ip "0" 4 +.IP "0" 4 The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fISSL_get_error()\fR with the return value \fBret\fR to find out the reason. -.Ip "<0" 4 +.IP "<0" 4 .IX Item "<0" The \s-1TLS/SSL\s0 handshake was not successful, because a fatal error occurred either at the protocol level or a connection failure occurred. The shutdown was @@ -192,8 +184,8 @@ for non-blocking BIOs. Call \fISSL_get_error()\fR with the return value \fBret\f to find out the reason. .SH "SEE ALSO" .IX Header "SEE ALSO" -SSL_get_error(3), SSL_accept(3), -SSL_shutdown(3), ssl(3), bio(3), -SSL_set_connect_state(3), -SSL_do_handshake(3), -SSL_CTX_new(3) +\&\fISSL_get_error\fR\|(3), \fISSL_accept\fR\|(3), +\&\fISSL_shutdown\fR\|(3), \fIssl\fR\|(3), \fIbio\fR\|(3), +\&\fISSL_set_connect_state\fR\|(3), +\&\fISSL_do_handshake\fR\|(3), +\&\fISSL_CTX_new\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_do_handshake.3 b/secure/lib/libssl/man/SSL_do_handshake.3 index 0b3dfa2..b712cd6 100644 --- a/secure/lib/libssl/man/SSL_do_handshake.3 +++ b/secure/lib/libssl/man/SSL_do_handshake.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:44 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,18 +126,18 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_do_handshake 3" -.TH SSL_do_handshake 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_do_handshake 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_do_handshake \- perform a \s-1TLS/SSL\s0 handshake +SSL_do_handshake \- perform a TLS/SSL handshake .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 \& int SSL_do_handshake(SSL *ssl); .Ve @@ -155,8 +146,8 @@ SSL_do_handshake \- perform a \s-1TLS/SSL\s0 handshake \&\fISSL_do_handshake()\fR will wait for a \s-1SSL/TLS\s0 handshake to take place. If the connection is in client mode, the handshake will be started. The handshake routines may have to be explicitly set in advance using either -SSL_set_connect_state(3) or -SSL_set_accept_state(3). +\&\fISSL_set_connect_state\fR\|(3) or +\&\fISSL_set_accept_state\fR\|(3). .SH "NOTES" .IX Header "NOTES" The behaviour of \fISSL_do_handshake()\fR depends on the underlying \s-1BIO\s0. @@ -180,15 +171,15 @@ into or retrieved out of the \s-1BIO\s0 before being able to continue. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.Ip "1" 4 +.IP "1" 4 .IX Item "1" The \s-1TLS/SSL\s0 handshake was successfully completed, a \s-1TLS/SSL\s0 connection has been established. -.Ip "0" 4 +.IP "0" 4 The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fISSL_get_error()\fR with the return value \fBret\fR to find out the reason. -.Ip "<0" 4 +.IP "<0" 4 .IX Item "<0" The \s-1TLS/SSL\s0 handshake was not successful because a fatal error occurred either at the protocol level or a connection failure occurred. The shutdown was @@ -197,6 +188,6 @@ for non-blocking BIOs. Call \fISSL_get_error()\fR with the return value \fBret\f to find out the reason. .SH "SEE ALSO" .IX Header "SEE ALSO" -SSL_get_error(3), SSL_connect(3), -SSL_accept(3), ssl(3), bio(3), -SSL_set_connect_state(3) +\&\fISSL_get_error\fR\|(3), \fISSL_connect\fR\|(3), +\&\fISSL_accept\fR\|(3), \fIssl\fR\|(3), \fIbio\fR\|(3), +\&\fISSL_set_connect_state\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_free.3 b/secure/lib/libssl/man/SSL_free.3 index fb0f40d..b693cc5 100644 --- a/secure/lib/libssl/man/SSL_free.3 +++ b/secure/lib/libssl/man/SSL_free.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:45 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,18 +126,18 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_free 3" -.TH SSL_free 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_free 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_free \- free an allocated \s-1SSL\s0 structure +SSL_free \- free an allocated SSL structure .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 \& void SSL_free(SSL *ssl); .Ve @@ -167,14 +158,14 @@ failure. The ssl session has reference counts from two users: the \s-1SSL\s0 object, for which the reference count is removed by \fISSL_free()\fR and the internal session cache. If the session is considered bad, because -SSL_shutdown(3) was not called for the connection -and SSL_set_shutdown(3) was not used to set the +\&\fISSL_shutdown\fR\|(3) was not called for the connection +and \fISSL_set_shutdown\fR\|(3) was not used to set the \&\s-1SSL_SENT_SHUTDOWN\s0 state, the session will also be removed from the session cache as required by \s-1RFC2246\s0. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fISSL_free()\fR does not provide diagnostic information. .PP -SSL_new(3), SSL_clear(3), -SSL_shutdown(3), SSL_set_shutdown(3), -ssl(3) +\&\fISSL_new\fR\|(3), \fISSL_clear\fR\|(3), +\&\fISSL_shutdown\fR\|(3), \fISSL_set_shutdown\fR\|(3), +\&\fIssl\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_get_SSL_CTX.3 b/secure/lib/libssl/man/SSL_get_SSL_CTX.3 index be2587c..78a3af7 100644 --- a/secure/lib/libssl/man/SSL_get_SSL_CTX.3 +++ b/secure/lib/libssl/man/SSL_get_SSL_CTX.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:45 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,28 +126,28 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_get_SSL_CTX 3" -.TH SSL_get_SSL_CTX 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_get_SSL_CTX 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_get_SSL_CTX \- get the \s-1SSL_CTX\s0 from which an \s-1SSL\s0 is created +SSL_get_SSL_CTX \- get the SSL_CTX from which an SSL is created .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 -\& SSL_CTX *SSL_get_SSL_CTX(SSL *ssl); +\& SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fISSL_get_SSL_CTX()\fR returns a pointer to the \s-1SSL_CTX\s0 object, from which -\&\fBssl\fR was created with SSL_new(3). +\&\fBssl\fR was created with \fISSL_new\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" The pointer to the \s-1SSL_CTX\s0 object is returned. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_new(3) +\&\fIssl\fR\|(3), \fISSL_new\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_get_ciphers.3 b/secure/lib/libssl/man/SSL_get_ciphers.3 index d5bd175..97532de 100644 --- a/secure/lib/libssl/man/SSL_get_ciphers.3 +++ b/secure/lib/libssl/man/SSL_get_ciphers.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:45 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_get_ciphers 3" -.TH SSL_get_ciphers 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_get_ciphers 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_get_ciphers, SSL_get_cipher_list \- get list of available SSL_CIPHERs .SH "SYNOPSIS" @@ -147,9 +137,10 @@ SSL_get_ciphers, SSL_get_cipher_list \- get list of available SSL_CIPHERs .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 2 -\& STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *ssl); -\& const char *SSL_get_cipher_list(SSL *ssl, int priority); +\& STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl); +\& const char *SSL_get_cipher_list(const SSL *ssl, int priority); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -164,7 +155,7 @@ is returned. .SH "NOTES" .IX Header "NOTES" The details of the ciphers obtained by \fISSL_get_ciphers()\fR can be obtained using -the SSL_CIPHER_get_name(3) family of functions. +the \fISSL_CIPHER_get_name\fR\|(3) family of functions. .PP Call \fISSL_get_cipher_list()\fR with \fBpriority\fR starting from 0 to obtain the sorted list of available ciphers, until \s-1NULL\s0 is returned. @@ -173,5 +164,5 @@ sorted list of available ciphers, until \s-1NULL\s0 is returned. See \s-1DESCRIPTION\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_CTX_set_cipher_list(3), -SSL_CIPHER_get_name(3) +\&\fIssl\fR\|(3), \fISSL_CTX_set_cipher_list\fR\|(3), +\&\fISSL_CIPHER_get_name\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_get_client_CA_list.3 b/secure/lib/libssl/man/SSL_get_client_CA_list.3 index 32c28f8..a794e6b 100644 --- a/secure/lib/libssl/man/SSL_get_client_CA_list.3 +++ b/secure/lib/libssl/man/SSL_get_client_CA_list.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:45 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_get_client_CA_list 3" -.TH SSL_get_client_CA_list 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_get_client_CA_list 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_get_client_CA_list, SSL_CTX_get_client_CA_list \- get list of client CAs .SH "SYNOPSIS" @@ -147,18 +137,19 @@ SSL_get_client_CA_list, SSL_CTX_get_client_CA_list \- get list of client CAs .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 2 -\& STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s); -\& STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *ctx); +\& STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); +\& STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fISSL_CTX_get_client_CA_list()\fR returns the list of client CAs explicitly set for -\&\fBctx\fR using SSL_CTX_set_client_CA_list(3). +\&\fBctx\fR using \fISSL_CTX_set_client_CA_list\fR\|(3). .PP \&\fISSL_get_client_CA_list()\fR returns the list of client CAs explicitly set for \fBssl\fR using \fISSL_set_client_CA_list()\fR or \fBssl\fR's \s-1SSL_CTX\s0 object with -SSL_CTX_set_client_CA_list(3), when in +\&\fISSL_CTX_set_client_CA_list\fR\|(3), when in server mode. In client mode, SSL_get_client_CA_list returns the list of client CAs sent from the server, if any. .SH "RETURN VALUES" @@ -168,16 +159,16 @@ diagnostic information. .PP \&\fISSL_CTX_add_client_CA()\fR and \fISSL_add_client_CA()\fR have the following return values: -.Ip "STACK_OF(X509_NAMES)" 4 +.IP "\s-1STACK_OF\s0(X509_NAMES)" 4 .IX Item "STACK_OF(X509_NAMES)" List of \s-1CA\s0 names explicitly set (for \fBctx\fR or in server mode) or send by the server (client mode). -.Ip "\s-1NULL\s0" 4 +.IP "\s-1NULL\s0" 4 .IX Item "NULL" No client \s-1CA\s0 list was explicitly set (for \fBctx\fR or in server mode) or the server did not send a list of CAs (client mode). .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), -SSL_CTX_set_client_CA_list(3), -SSL_CTX_set_client_cert_cb(3) +\&\fIssl\fR\|(3), +\&\fISSL_CTX_set_client_CA_list\fR\|(3), +\&\fISSL_CTX_set_client_cert_cb\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_get_current_cipher.3 b/secure/lib/libssl/man/SSL_get_current_cipher.3 index 368303c..c28d55a 100644 --- a/secure/lib/libssl/man/SSL_get_current_cipher.3 +++ b/secure/lib/libssl/man/SSL_get_current_cipher.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:45 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,21 +126,21 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_get_current_cipher 3" -.TH SSL_get_current_cipher 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_get_current_cipher 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_get_current_cipher, SSL_get_cipher, SSL_get_cipher_name, -SSL_get_cipher_bits, SSL_get_cipher_version \- get \s-1SSL_CIPHER\s0 of a connection +SSL_get_cipher_bits, SSL_get_cipher_version \- get SSL_CIPHER of a connection .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 9 -\& SSL_CIPHER *SSL_get_current_cipher(SSL *ssl); +\& SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl); \& #define SSL_get_cipher(s) \e \& SSL_CIPHER_get_name(SSL_get_current_cipher(s)) \& #define SSL_get_cipher_name(s) \e @@ -169,11 +160,11 @@ the \fBssl\fR object. name of the currently used cipher. \fISSL_get_cipher_bits()\fR is a macro to obtain the number of secret/algorithm bits used and \&\fISSL_get_cipher_version()\fR returns the protocol name. -See SSL_CIPHER_get_name(3) for more details. +See \fISSL_CIPHER_get_name\fR\|(3) for more details. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fISSL_get_current_cipher()\fR returns the cipher actually used or \s-1NULL\s0, when no session has been established. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_CIPHER_get_name(3) +\&\fIssl\fR\|(3), \fISSL_CIPHER_get_name\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_get_default_timeout.3 b/secure/lib/libssl/man/SSL_get_default_timeout.3 index 07736d3..591f272 100644 --- a/secure/lib/libssl/man/SSL_get_default_timeout.3 +++ b/secure/lib/libssl/man/SSL_get_default_timeout.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:45 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_get_default_timeout 3" -.TH SSL_get_default_timeout 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_get_default_timeout 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_get_default_timeout \- get default session timeout value .SH "SYNOPSIS" @@ -147,8 +137,9 @@ SSL_get_default_timeout \- get default session timeout value .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 -\& long SSL_get_default_timeout(SSL *ssl); +\& long SSL_get_default_timeout(const SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -159,7 +150,7 @@ SSL_get_default_timeout \- get default session timeout value Whenever a new session is negotiated, it is assigned a timeout value, after which it will not be accepted for session reuse. If the timeout value was not explicitly set using -SSL_CTX_set_timeout(3), the hardcoded default +\&\fISSL_CTX_set_timeout\fR\|(3), the hardcoded default timeout for the protocol will be used. .PP \&\fISSL_get_default_timeout()\fR return this hardcoded value, which is 300 seconds @@ -169,8 +160,8 @@ for all currently supported protocols (SSLv2, SSLv3, and TLSv1). See description. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), -SSL_CTX_set_session_cache_mode(3), -SSL_SESSION_get_time(3), -SSL_CTX_flush_sessions(3), -SSL_get_default_timeout(3) +\&\fIssl\fR\|(3), +\&\fISSL_CTX_set_session_cache_mode\fR\|(3), +\&\fISSL_SESSION_get_time\fR\|(3), +\&\fISSL_CTX_flush_sessions\fR\|(3), +\&\fISSL_get_default_timeout\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_get_error.3 b/secure/lib/libssl/man/SSL_get_error.3 index 9422117..150362d 100644 --- a/secure/lib/libssl/man/SSL_get_error.3 +++ b/secure/lib/libssl/man/SSL_get_error.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:46 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,20 +126,20 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_get_error 3" -.TH SSL_get_error 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_get_error 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_get_error \- obtain result code for \s-1TLS/SSL\s0 I/O operation +SSL_get_error \- obtain result code for TLS/SSL I/O operation .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 -\& int SSL_get_error(SSL *ssl, int ret); +\& int SSL_get_error(const SSL *ssl, int ret); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -167,11 +158,11 @@ attempted, or \fISSL_get_error()\fR will not work reliably. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can currently occur: -.Ip "\s-1SSL_ERROR_NONE\s0" 4 +.IP "\s-1SSL_ERROR_NONE\s0" 4 .IX Item "SSL_ERROR_NONE" The \s-1TLS/SSL\s0 I/O operation completed. This result code is returned if and only if \fBret > 0\fR. -.Ip "\s-1SSL_ERROR_ZERO_RETURN\s0" 4 +.IP "\s-1SSL_ERROR_ZERO_RETURN\s0" 4 .IX Item "SSL_ERROR_ZERO_RETURN" The \s-1TLS/SSL\s0 connection has been closed. If the protocol version is \s-1SSL\s0 3.0 or \s-1TLS\s0 1.0, this result code is returned only if a closure @@ -179,7 +170,7 @@ alert has occurred in the protocol, i.e. if the connection has been closed cleanly. Note that in this case \fB\s-1SSL_ERROR_ZERO_RETURN\s0\fR does not necessarily indicate that the underlying transport has been closed. -.Ip "\s-1SSL_ERROR_WANT_READ\s0, \s-1SSL_ERROR_WANT_WRITE\s0" 4 +.IP "\s-1SSL_ERROR_WANT_READ\s0, \s-1SSL_ERROR_WANT_WRITE\s0" 4 .IX Item "SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE" The operation did not complete; the same \s-1TLS/SSL\s0 I/O function should be called again later. If, by then, the underlying \fB\s-1BIO\s0\fR has data @@ -202,7 +193,7 @@ Caveat: Any \s-1TLS/SSL\s0 I/O function can lead to either of to read data. This is mainly because \s-1TLS/SSL\s0 handshakes may occur at any time during the protocol (initiated by either the client or the server); \&\fISSL_read()\fR, \fISSL_peek()\fR, and \fISSL_write()\fR will handle any pending handshakes. -.Ip "\s-1SSL_ERROR_WANT_CONNECT\s0, \s-1SSL_ERROR_WANT_ACCEPT\s0" 4 +.IP "\s-1SSL_ERROR_WANT_CONNECT\s0, \s-1SSL_ERROR_WANT_ACCEPT\s0" 4 .IX Item "SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT" The operation did not complete; the same \s-1TLS/SSL\s0 I/O function should be called again later. The underlying \s-1BIO\s0 was not connected yet to the peer @@ -212,13 +203,13 @@ appear with a \fIBIO_s_connect()\fR or \fIBIO_s_accept()\fR \s-1BIO\s0, respecti In order to find out, when the connection has been successfully established, on many platforms \fIselect()\fR or \fIpoll()\fR for writing on the socket file descriptor can be used. -.Ip "\s-1SSL_ERROR_WANT_X509_LOOKUP\s0" 4 +.IP "\s-1SSL_ERROR_WANT_X509_LOOKUP\s0" 4 .IX Item "SSL_ERROR_WANT_X509_LOOKUP" The operation did not complete because an application callback set by \&\fISSL_CTX_set_client_cert_cb()\fR has asked to be called again. The \s-1TLS/SSL\s0 I/O function should be called again later. Details depend on the application. -.Ip "\s-1SSL_ERROR_SYSCALL\s0" 4 +.IP "\s-1SSL_ERROR_SYSCALL\s0" 4 .IX Item "SSL_ERROR_SYSCALL" Some I/O error occurred. The OpenSSL error queue may contain more information on the error. If the error queue is empty @@ -226,13 +217,13 @@ information on the error. If the error queue is empty about the error: If \fBret == 0\fR, an \s-1EOF\s0 was observed that violates the protocol. If \fBret == \-1\fR, the underlying \fB\s-1BIO\s0\fR reported an I/O error (for socket I/O on Unix systems, consult \fBerrno\fR for details). -.Ip "\s-1SSL_ERROR_SSL\s0" 4 +.IP "\s-1SSL_ERROR_SSL\s0" 4 .IX Item "SSL_ERROR_SSL" A failure in the \s-1SSL\s0 library occurred, usually a protocol error. The OpenSSL error queue contains more information on the error. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), err(3) +\&\fIssl\fR\|(3), \fIerr\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\fISSL_get_error()\fR was added in SSLeay 0.8. diff --git a/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 b/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 index 8cc2803..4591151 100644 --- a/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 +++ b/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:46 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,19 +126,19 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_get_ex_data_X509_STORE_CTX_idx 3" -.TH SSL_get_ex_data_X509_STORE_CTX_idx 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_get_ex_data_X509_STORE_CTX_idx 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_get_ex_data_X509_STORE_CTX_idx \- get ex_data index to access \s-1SSL\s0 structure +SSL_get_ex_data_X509_STORE_CTX_idx \- get ex_data index to access SSL structure from X509_STORE_CTX .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 \& int SSL_get_ex_data_X509_STORE_CTX_idx(void); .Ve @@ -172,10 +163,10 @@ The value depends on other index values defined for X509_STORE_CTX objects before the \s-1SSL\s0 index is created. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -.Ip ">=0" 4 +.IP ">=0" 4 .IX Item ">=0" The index value to access the pointer. -.Ip "<0" 4 +.IP "<0" 4 .IX Item "<0" An error occurred, check the error stack for a detailed error message. .SH "EXAMPLES" @@ -183,8 +174,8 @@ An error occurred, check the error stack for a detailed error message. The index returned from \fISSL_get_ex_data_X509_STORE_CTX_idx()\fR allows to access the \s-1SSL\s0 object for the connection to be accessed during the \&\fIverify_callback()\fR when checking the peers certificate. Please check -the example in SSL_CTX_set_verify(3), +the example in \fISSL_CTX_set_verify\fR\|(3), .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_CTX_set_verify(3), -CRYPTO_set_ex_data(3) +\&\fIssl\fR\|(3), \fISSL_CTX_set_verify\fR\|(3), +\&\fICRYPTO_set_ex_data\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_get_ex_new_index.3 b/secure/lib/libssl/man/SSL_get_ex_new_index.3 index 50369ce..4cb6b88 100644 --- a/secure/lib/libssl/man/SSL_get_ex_new_index.3 +++ b/secure/lib/libssl/man/SSL_get_ex_new_index.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:46 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_get_ex_new_index 3" -.TH SSL_get_ex_new_index 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_get_ex_new_index 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_get_ex_new_index, SSL_set_ex_data, SSL_get_ex_data \- internal application specific data functions .SH "SYNOPSIS" @@ -147,18 +137,22 @@ SSL_get_ex_new_index, SSL_set_ex_data, SSL_get_ex_data \- internal application s .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 4 \& int SSL_get_ex_new_index(long argl, void *argp, \& CRYPTO_EX_new *new_func, \& CRYPTO_EX_dup *dup_func, \& CRYPTO_EX_free *free_func); .Ve +.PP .Vb 1 \& int SSL_set_ex_data(SSL *ssl, int idx, void *arg); .Ve +.PP .Vb 1 -\& void *SSL_get_ex_data(SSL *ssl, int idx); +\& void *SSL_get_ex_data(const SSL *ssl, int idx); .Ve +.PP .Vb 6 \& typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, \& int idx, long argl, void *argp); @@ -183,16 +177,16 @@ the \fBssl\fR object. \&\fBssl\fR. .PP A detailed description for the \fB*\f(BI_get_ex_new_index()\fB\fR functionality -can be found in RSA_get_ex_new_index(3). +can be found in \fIRSA_get_ex_new_index\fR\|(3). The \fB*\f(BI_get_ex_data()\fB\fR and \fB*\f(BI_set_ex_data()\fB\fR functionality is described in -CRYPTO_set_ex_data(3). +\&\fICRYPTO_set_ex_data\fR\|(3). .SH "EXAMPLES" .IX Header "EXAMPLES" An example on how to use the functionality is included in the example -\&\fIverify_callback()\fR in SSL_CTX_set_verify(3). +\&\fIverify_callback()\fR in \fISSL_CTX_set_verify\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), -RSA_get_ex_new_index(3), -CRYPTO_set_ex_data(3), -SSL_CTX_set_verify(3) +\&\fIssl\fR\|(3), +\&\fIRSA_get_ex_new_index\fR\|(3), +\&\fICRYPTO_set_ex_data\fR\|(3), +\&\fISSL_CTX_set_verify\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_get_fd.3 b/secure/lib/libssl/man/SSL_get_fd.3 index f504acf..77ba2c7 100644 --- a/secure/lib/libssl/man/SSL_get_fd.3 +++ b/secure/lib/libssl/man/SSL_get_fd.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:46 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,22 +126,22 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_get_fd 3" -.TH SSL_get_fd 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_get_fd 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_get_fd \- get file descriptor linked to an \s-1SSL\s0 object +SSL_get_fd \- get file descriptor linked to an SSL object .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 3 -\& int SSL_get_fd(SSL *ssl); -\& int SSL_get_rfd(SSL *ssl); -\& int SSL_get_wfd(SSL *ssl); +\& int SSL_get_fd(const SSL *ssl); +\& int SSL_get_rfd(const SSL *ssl); +\& int SSL_get_wfd(const SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -162,13 +153,13 @@ of the read channel. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.Ip "\-1" 4 +.IP "\-1" 4 .IX Item "-1" The operation failed, because the underlying \s-1BIO\s0 is not of the correct type (suitable for file descriptors). -.Ip ">=0" 4 +.IP ">=0" 4 .IX Item ">=0" The file descriptor linked to \fBssl\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" -SSL_set_fd(3), ssl(3) , bio(3) +\&\fISSL_set_fd\fR\|(3), \fIssl\fR\|(3) , \fIbio\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 b/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 index 5710dbf..2033946 100644 --- a/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 +++ b/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:46 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_get_peer_cert_chain 3" -.TH SSL_get_peer_cert_chain 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_get_peer_cert_chain 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_get_peer_cert_chain \- get the X509 certificate chain of the peer .SH "SYNOPSIS" @@ -147,35 +137,36 @@ SSL_get_peer_cert_chain \- get the X509 certificate chain of the peer .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 -\& STACKOF(X509) *SSL_get_peer_cert_chain(SSL *ssl); +\& STACKOF(X509) *SSL_get_peer_cert_chain(const SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_get_peer_cert_chain()\fR returns a pointer to STACKOF(X509) certificates +\&\fISSL_get_peer_cert_chain()\fR returns a pointer to \s-1STACKOF\s0(X509) certificates forming the certificate chain of the peer. If called on the client side, the stack also contains the peer's certificate; if called on the server side, the peer's certificate must be obtained separately using -SSL_get_peer_certificate(3). +\&\fISSL_get_peer_certificate\fR\|(3). If the peer did not present a certificate, \s-1NULL\s0 is returned. .SH "NOTES" .IX Header "NOTES" The peer certificate chain is not necessarily available after reusing a session, in which case a \s-1NULL\s0 pointer is returned. .PP -The reference count of the STACKOF(X509) object is not incremented. +The reference count of the \s-1STACKOF\s0(X509) object is not incremented. If the corresponding session is freed, the pointer must not be used any longer. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.Ip "\s-1NULL\s0" 4 +.IP "\s-1NULL\s0" 4 .IX Item "NULL" No certificate was presented by the peer or no connection was established or the certificate chain is no longer available when a session is reused. -.Ip "Pointer to a STACKOF(X509)" 4 +.IP "Pointer to a \s-1STACKOF\s0(X509)" 4 .IX Item "Pointer to a STACKOF(X509)" The return value points to the certificate chain presented by the peer. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_get_peer_certificate(3) +\&\fIssl\fR\|(3), \fISSL_get_peer_certificate\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_get_peer_certificate.3 b/secure/lib/libssl/man/SSL_get_peer_certificate.3 index de49701..c87ac81 100644 --- a/secure/lib/libssl/man/SSL_get_peer_certificate.3 +++ b/secure/lib/libssl/man/SSL_get_peer_certificate.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:47 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_get_peer_certificate 3" -.TH SSL_get_peer_certificate 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_get_peer_certificate 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_get_peer_certificate \- get the X509 certificate of the peer .SH "SYNOPSIS" @@ -147,8 +137,9 @@ SSL_get_peer_certificate \- get the X509 certificate of the peer .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 -\& X509 *SSL_get_peer_certificate(SSL *ssl); +\& X509 *SSL_get_peer_certificate(const SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -159,11 +150,11 @@ peer presented. If the peer did not present a certificate, \s-1NULL\s0 is return Due to the protocol definition, a \s-1TLS/SSL\s0 server will always send a certificate, if present. A client will only send a certificate when explicitly requested to do so by the server (see -SSL_CTX_set_verify(3)). If an anonymous cipher +\&\fISSL_CTX_set_verify\fR\|(3)). If an anonymous cipher is used, no certificates are sent. .PP That a certificate is returned does not indicate information about the -verification state, use SSL_get_verify_result(3) +verification state, use \fISSL_get_verify_result\fR\|(3) to check the verification state. .PP The reference count of the X509 object is incremented by one, so that it @@ -172,13 +163,13 @@ freed. The X509 object must be explicitly freed using \fIX509_free()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.Ip "\s-1NULL\s0" 4 +.IP "\s-1NULL\s0" 4 .IX Item "NULL" No certificate was presented by the peer or no connection was established. -.Ip "Pointer to an X509 certificate" 4 +.IP "Pointer to an X509 certificate" 4 .IX Item "Pointer to an X509 certificate" The return value points to the certificate presented by the peer. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_get_verify_result(3), -SSL_CTX_set_verify(3) +\&\fIssl\fR\|(3), \fISSL_get_verify_result\fR\|(3), +\&\fISSL_CTX_set_verify\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_get_rbio.3 b/secure/lib/libssl/man/SSL_get_rbio.3 index 843a7b3..4042e36 100644 --- a/secure/lib/libssl/man/SSL_get_rbio.3 +++ b/secure/lib/libssl/man/SSL_get_rbio.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:47 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,18 +126,18 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_get_rbio 3" -.TH SSL_get_rbio 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_get_rbio 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_get_rbio \- get \s-1BIO\s0 linked to an \s-1SSL\s0 object +SSL_get_rbio \- get BIO linked to an SSL object .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 2 \& BIO *SSL_get_rbio(SSL *ssl); \& BIO *SSL_get_wbio(SSL *ssl); @@ -159,12 +150,12 @@ of the \s-1BIO\s0 is not incremented. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.Ip "\s-1NULL\s0" 4 +.IP "\s-1NULL\s0" 4 .IX Item "NULL" No \s-1BIO\s0 was connected to the \s-1SSL\s0 object -.Ip "Any other pointer" 4 +.IP "Any other pointer" 4 .IX Item "Any other pointer" The \s-1BIO\s0 linked to \fBssl\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" -SSL_set_bio(3), ssl(3) , bio(3) +\&\fISSL_set_bio\fR\|(3), \fIssl\fR\|(3) , \fIbio\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_get_session.3 b/secure/lib/libssl/man/SSL_get_session.3 index 1d936f9..22b7c89 100644 --- a/secure/lib/libssl/man/SSL_get_session.3 +++ b/secure/lib/libssl/man/SSL_get_session.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:47 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,21 +126,21 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_get_session 3" -.TH SSL_get_session 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_get_session 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_get_session \- retrieve \s-1TLS/SSL\s0 session data +SSL_get_session \- retrieve TLS/SSL session data .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 3 -\& SSL_SESSION *SSL_get_session(SSL *ssl); -\& SSL_SESSION *SSL_get0_session(SSL *ssl); +\& SSL_SESSION *SSL_get_session(const SSL *ssl); +\& SSL_SESSION *SSL_get0_session(const SSL *ssl); \& SSL_SESSION *SSL_get1_session(SSL *ssl); .Ve .SH "DESCRIPTION" @@ -169,16 +160,16 @@ connection without a new handshake. .PP \&\fISSL_get0_session()\fR returns a pointer to the actual session. As the reference counter is not incremented, the pointer is only valid while -the connection is in use. If SSL_clear(3) or -SSL_free(3) is called, the session may be removed completely +the connection is in use. If \fISSL_clear\fR\|(3) or +\&\fISSL_free\fR\|(3) is called, the session may be removed completely (if considered bad), and the pointer obtained will become invalid. Even if the session is valid, it can be removed at any time due to timeout -during SSL_CTX_flush_sessions(3). +during \fISSL_CTX_flush_sessions\fR\|(3). .PP If the data is to be kept, \fISSL_get1_session()\fR will increment the reference count, so that the session will not be implicitly removed by other operations but stays in memory. In order to remove the session -SSL_SESSION_free(3) must be explicitly called once +\&\fISSL_SESSION_free\fR\|(3) must be explicitly called once to decrement the reference count again. .PP \&\s-1SSL_SESSION\s0 objects keep internal link information about the session cache @@ -189,14 +180,14 @@ from this \s-1SSL_CTX\s0 object). .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.Ip "\s-1NULL\s0" 4 +.IP "\s-1NULL\s0" 4 .IX Item "NULL" There is no session available in \fBssl\fR. -.Ip "Pointer to an \s-1SSL\s0" 4 +.IP "Pointer to an \s-1SSL\s0" 4 .IX Item "Pointer to an SSL" The return value points to the data of an \s-1SSL\s0 session. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_free(3), -SSL_clear(3), -SSL_SESSION_free(3) +\&\fIssl\fR\|(3), \fISSL_free\fR\|(3), +\&\fISSL_clear\fR\|(3), +\&\fISSL_SESSION_free\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_get_verify_result.3 b/secure/lib/libssl/man/SSL_get_verify_result.3 index a9ca9f7..6a128d4 100644 --- a/secure/lib/libssl/man/SSL_get_verify_result.3 +++ b/secure/lib/libssl/man/SSL_get_verify_result.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:47 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_get_verify_result 3" -.TH SSL_get_verify_result 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_get_verify_result 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_get_verify_result \- get result of peer certificate verification .SH "SYNOPSIS" @@ -147,8 +137,9 @@ SSL_get_verify_result \- get result of peer certificate verification .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 -\& long SSL_get_verify_result(SSL *ssl); +\& long SSL_get_verify_result(const SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -168,18 +159,18 @@ when a session is reused. If no peer certificate was presented, the returned result code is X509_V_OK. This is because no verification error occurred, it does however not indicate success. \fISSL_get_verify_result()\fR is only useful in connection -with SSL_get_peer_certificate(3). +with \fISSL_get_peer_certificate\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can currently occur: -.Ip "X509_V_OK" 4 +.IP "X509_V_OK" 4 .IX Item "X509_V_OK" The verification succeeded or no peer certificate was presented. -.Ip "Any other value" 4 +.IP "Any other value" 4 .IX Item "Any other value" -Documented in verify(1). +Documented in \fIverify\fR\|(1). .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_set_verify_result(3), -SSL_get_peer_certificate(3), -verify(1) +\&\fIssl\fR\|(3), \fISSL_set_verify_result\fR\|(3), +\&\fISSL_get_peer_certificate\fR\|(3), +\&\fIverify\fR\|(1) diff --git a/secure/lib/libssl/man/SSL_get_version.3 b/secure/lib/libssl/man/SSL_get_version.3 index c8b806f..925f406 100644 --- a/secure/lib/libssl/man/SSL_get_version.3 +++ b/secure/lib/libssl/man/SSL_get_version.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:47 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_get_version 3" -.TH SSL_get_version 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_get_version 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_get_version \- get the protocol version of a connection. .SH "SYNOPSIS" @@ -147,8 +137,9 @@ SSL_get_version \- get the protocol version of a connection. .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 -\& const char *SSL_get_version(SSL *ssl); +\& const char *SSL_get_version(const SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -157,18 +148,18 @@ connection \fBssl\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following strings can occur: -.Ip "SSLv2" 4 +.IP "SSLv2" 4 .IX Item "SSLv2" The connection uses the SSLv2 protocol. -.Ip "SSLv3" 4 +.IP "SSLv3" 4 .IX Item "SSLv3" The connection uses the SSLv3 protocol. -.Ip "TLSv1" 4 +.IP "TLSv1" 4 .IX Item "TLSv1" The connection uses the TLSv1 protocol. -.Ip "unknown" 4 +.IP "unknown" 4 .IX Item "unknown" This indicates that no version has been set (no connection established). .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3) +\&\fIssl\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_library_init.3 b/secure/lib/libssl/man/SSL_library_init.3 index 67dac81..ad9ea2c 100644 --- a/secure/lib/libssl/man/SSL_library_init.3 +++ b/secure/lib/libssl/man/SSL_library_init.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:47 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,19 +126,19 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_library_init 3" -.TH SSL_library_init 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_library_init 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_library_init, OpenSSL_add_ssl_algorithms, SSLeay_add_ssl_algorithms -\&\- initialize \s-1SSL\s0 library by registering algorithms +\&\- initialize SSL library by registering algorithms .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 3 \& int SSL_library_init(void); \& #define OpenSSL_add_ssl_algorithms() SSL_library_init() @@ -183,5 +174,5 @@ will provide readable error messages and will seed the \s-1PRNG\s0. value. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_load_error_strings(3), -RAND_add(3) +\&\fIssl\fR\|(3), \fISSL_load_error_strings\fR\|(3), +\&\fIRAND_add\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_load_client_CA_file.3 b/secure/lib/libssl/man/SSL_load_client_CA_file.3 index d6fb1a8..5c2d8b5 100644 --- a/secure/lib/libssl/man/SSL_load_client_CA_file.3 +++ b/secure/lib/libssl/man/SSL_load_client_CA_file.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:48 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_load_client_CA_file 3" -.TH SSL_load_client_CA_file 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_load_client_CA_file 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_load_client_CA_file \- load certificate names from file .SH "SYNOPSIS" @@ -147,19 +137,20 @@ SSL_load_client_CA_file \- load certificate names from file .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 \& STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fISSL_load_client_CA_file()\fR reads certificates from \fBfile\fR and returns -a STACK_OF(X509_NAME) with the subject names found. +a \s-1STACK_OF\s0(X509_NAME) with the subject names found. .SH "NOTES" .IX Header "NOTES" \&\fISSL_load_client_CA_file()\fR reads a file of \s-1PEM\s0 formatted certificates and extracts the X509_NAMES of the certificates found. While the name suggests the specific usage as support function for -SSL_CTX_set_client_CA_list(3), +\&\fISSL_CTX_set_client_CA_list\fR\|(3), it is not limited to \s-1CA\s0 certificates. .SH "EXAMPLES" .IX Header "EXAMPLES" @@ -169,6 +160,7 @@ Load names of CAs from file and use it as a client \s-1CA\s0 list: \& SSL_CTX *ctx; \& STACK_OF(X509_NAME) *cert_names; .Ve +.PP .Vb 7 \& ... \& cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem"); @@ -181,13 +173,13 @@ Load names of CAs from file and use it as a client \s-1CA\s0 list: .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.Ip "\s-1NULL\s0" 4 +.IP "\s-1NULL\s0" 4 .IX Item "NULL" The operation failed, check out the error stack for the reason. -.Ip "Pointer to STACK_OF(X509_NAME)" 4 +.IP "Pointer to \s-1STACK_OF\s0(X509_NAME)" 4 .IX Item "Pointer to STACK_OF(X509_NAME)" Pointer to the subject names of the successfully read certificates. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), -SSL_CTX_set_client_CA_list(3) +\&\fIssl\fR\|(3), +\&\fISSL_CTX_set_client_CA_list\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_new.3 b/secure/lib/libssl/man/SSL_new.3 index 8c75860..e7b8348 100644 --- a/secure/lib/libssl/man/SSL_new.3 +++ b/secure/lib/libssl/man/SSL_new.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:48 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,18 +126,18 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_new 3" -.TH SSL_new 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_new 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_new \- create a new \s-1SSL\s0 structure for a connection +SSL_new \- create a new SSL structure for a connection .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 \& SSL *SSL_new(SSL_CTX *ctx); .Ve @@ -159,16 +150,16 @@ options, verification settings, timeout settings. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.Ip "\s-1NULL\s0" 4 +.IP "\s-1NULL\s0" 4 .IX Item "NULL" The creation of a new \s-1SSL\s0 structure failed. Check the error stack to find out the reason. -.Ip "Pointer to an \s-1SSL\s0 structure" 4 +.IP "Pointer to an \s-1SSL\s0 structure" 4 .IX Item "Pointer to an SSL structure" The return value points to an allocated \s-1SSL\s0 structure. .SH "SEE ALSO" .IX Header "SEE ALSO" -SSL_free(3), SSL_clear(3), -SSL_CTX_set_options(3), -SSL_get_SSL_CTX(3), -ssl(3) +\&\fISSL_free\fR\|(3), \fISSL_clear\fR\|(3), +\&\fISSL_CTX_set_options\fR\|(3), +\&\fISSL_get_SSL_CTX\fR\|(3), +\&\fIssl\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_pending.3 b/secure/lib/libssl/man/SSL_pending.3 index 2e96208..71be918 100644 --- a/secure/lib/libssl/man/SSL_pending.3 +++ b/secure/lib/libssl/man/SSL_pending.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:48 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,20 +126,20 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_pending 3" -.TH SSL_pending 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_pending 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_pending \- obtain number of readable bytes buffered in an \s-1SSL\s0 object +SSL_pending \- obtain number of readable bytes buffered in an SSL object .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 -\& int SSL_pending(SSL *ssl); +\& int SSL_pending(const SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -158,7 +149,7 @@ SSL_pending \- obtain number of readable bytes buffered in an \s-1SSL\s0 object .IX Header "NOTES" Data are received in blocks from the peer. Therefore data can be buffered inside \fBssl\fR and are ready for immediate retrieval with -SSL_read(3). +\&\fISSL_read\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" The number of bytes pending is returned. @@ -174,4 +165,4 @@ Up to OpenSSL 0.9.6, \fISSL_pending()\fR does not check if the record type of pending data is application data. .SH "SEE ALSO" .IX Header "SEE ALSO" -SSL_read(3), ssl(3) +\&\fISSL_read\fR\|(3), \fIssl\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_read.3 b/secure/lib/libssl/man/SSL_read.3 index 5e41942..2404f7c 100644 --- a/secure/lib/libssl/man/SSL_read.3 +++ b/secure/lib/libssl/man/SSL_read.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:48 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,18 +126,18 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_read 3" -.TH SSL_read 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_read 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_read \- read bytes from a \s-1TLS/SSL\s0 connection. +SSL_read \- read bytes from a TLS/SSL connection. .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 \& int SSL_read(SSL *ssl, void *buf, int num); .Ve @@ -157,16 +148,16 @@ buffer \fBbuf\fR. .SH "NOTES" .IX Header "NOTES" If necessary, \fISSL_read()\fR will negotiate a \s-1TLS/SSL\s0 session, if -not already explicitly performed by SSL_connect(3) or -SSL_accept(3). If the -peer requests a re-negotiation, it will be performed transparently during +not already explicitly performed by \fISSL_connect\fR\|(3) or +\&\fISSL_accept\fR\|(3). If the +peer requests a re\-negotiation, it will be performed transparently during the \fISSL_read()\fR operation. The behaviour of \fISSL_read()\fR depends on the underlying \s-1BIO\s0. .PP For the transparent negotiation to succeed, the \fBssl\fR must have been initialized to client or server mode. This is being done by calling -SSL_set_connect_state(3) or \fISSL_set_accept_state()\fR -before the first call to an \fISSL_read()\fR or SSL_write(3) +\&\fISSL_set_connect_state\fR\|(3) or \fISSL_set_accept_state()\fR +before the first call to an \fISSL_read()\fR or \fISSL_write\fR\|(3) function. .PP \&\fISSL_read()\fR works based on the \s-1SSL/TLS\s0 records. The data are received in @@ -188,12 +179,12 @@ If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_read()\fR will only retur read operation has been finished or an error occurred, except when a renegotiation take place, in which case a \s-1SSL_ERROR_WANT_READ\s0 may occur. This behaviour can be controlled with the \s-1SSL_MODE_AUTO_RETRY\s0 flag of the -SSL_CTX_set_mode(3) call. +\&\fISSL_CTX_set_mode\fR\|(3) call. .PP If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_read()\fR will also return when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_read()\fR to continue the operation. In this case a call to -SSL_get_error(3) with the +\&\fISSL_get_error\fR\|(3) with the return value of \fISSL_read()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or \&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. As at any time a re-negotiation is possible, a call to \fISSL_read()\fR can also cause write operations! The calling process @@ -210,16 +201,16 @@ with the same arguments. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.Ip ">0" 4 +.IP ">0" 4 .IX Item ">0" The read operation was successful; the return value is the number of bytes actually read from the \s-1TLS/SSL\s0 connection. -.Ip "0" 4 +.IP "0" 4 The read operation was not successful. The reason may either be a clean shutdown due to a \*(L"close notify\*(R" alert sent by the peer (in which case the \s-1SSL_RECEIVED_SHUTDOWN\s0 flag in the ssl shutdown state is set -(see SSL_shutdown(3), -SSL_set_shutdown(3)). It is also possible, that +(see \fISSL_shutdown\fR\|(3), +\&\fISSL_set_shutdown\fR\|(3)). It is also possible, that the peer simply shut down the underlying transport and the shutdown is incomplete. Call \fISSL_get_error()\fR with the return value \fBret\fR to find out, whether an error occurred or the connection was shut down cleanly @@ -229,16 +220,16 @@ SSLv2 (deprecated) does not support a shutdown alert protocol, so it can only be detected, whether the underlying connection was closed. It cannot be checked, whether the closure was initiated by the peer or by something else. -.Ip "<0" 4 +.IP "<0" 4 .IX Item "<0" The read operation was not successful, because either an error occurred or action must be taken by the calling process. Call \fISSL_get_error()\fR with the return value \fBret\fR to find out the reason. .SH "SEE ALSO" .IX Header "SEE ALSO" -SSL_get_error(3), SSL_write(3), -SSL_CTX_set_mode(3), SSL_CTX_new(3), -SSL_connect(3), SSL_accept(3) -SSL_set_connect_state(3), -SSL_shutdown(3), SSL_set_shutdown(3), -ssl(3), bio(3) +\&\fISSL_get_error\fR\|(3), \fISSL_write\fR\|(3), +\&\fISSL_CTX_set_mode\fR\|(3), \fISSL_CTX_new\fR\|(3), +\&\fISSL_connect\fR\|(3), \fISSL_accept\fR\|(3) +\&\fISSL_set_connect_state\fR\|(3), +\&\fISSL_shutdown\fR\|(3), \fISSL_set_shutdown\fR\|(3), +\&\fIssl\fR\|(3), \fIbio\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_rstate_string.3 b/secure/lib/libssl/man/SSL_rstate_string.3 index 48214cf..4d565a2 100644 --- a/secure/lib/libssl/man/SSL_rstate_string.3 +++ b/secure/lib/libssl/man/SSL_rstate_string.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:48 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,18 +126,18 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_rstate_string 3" -.TH SSL_rstate_string 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_rstate_string 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_rstate_string, SSL_rstate_string_long \- get textual description of state of an \s-1SSL\s0 object during read operation +SSL_rstate_string, SSL_rstate_string_long \- get textual description of state of an SSL object during read operation .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 2 \& const char *SSL_rstate_string(SSL *ssl); \& const char *SSL_rstate_string_long(SSL *ssl); @@ -169,22 +160,22 @@ This function should only seldom be needed in applications. .IX Header "RETURN VALUES" \&\fISSL_rstate_string()\fR and \fISSL_rstate_string_long()\fR can return the following values: -.if n .Ip """""\s-1RH\s0""""/""""read header""""" 4 -.el .Ip "``\s-1RH\s0''/``read header''" 4 -.IX Item ""RH/read header" +.ie n .IP """\s-1RH\s0""/""read header""" 4 +.el .IP "``\s-1RH\s0''/``read header''" 4 +.IX Item "RH/read header" The header of the record is being evaluated. -.if n .Ip """""\s-1RB\s0""""/""""read body""""" 4 -.el .Ip "``\s-1RB\s0''/``read body''" 4 -.IX Item ""RB/read body" +.ie n .IP """\s-1RB\s0""/""read body""" 4 +.el .IP "``\s-1RB\s0''/``read body''" 4 +.IX Item "RB/read body" The body of the record is being evaluated. -.if n .Ip """""\s-1RD\s0""""/""""read done""""" 4 -.el .Ip "``\s-1RD\s0''/``read done''" 4 -.IX Item ""RD/read done" +.ie n .IP """\s-1RD\s0""/""read done""" 4 +.el .IP "``\s-1RD\s0''/``read done''" 4 +.IX Item "RD/read done" The record has been completely processed. -.if n .Ip """""unknown""""/""""unknown""""" 4 -.el .Ip "``unknown''/``unknown''" 4 -.IX Item ""unknown/unknown" +.ie n .IP """unknown""/""unknown""" 4 +.el .IP "``unknown''/``unknown''" 4 +.IX Item "unknown/unknown" The read state is unknown. This should never happen. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3) +\&\fIssl\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_session_reused.3 b/secure/lib/libssl/man/SSL_session_reused.3 index 262903a..7b705e2 100644 --- a/secure/lib/libssl/man/SSL_session_reused.3 +++ b/secure/lib/libssl/man/SSL_session_reused.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:48 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_session_reused 3" -.TH SSL_session_reused 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_session_reused 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_session_reused \- query whether a reused session was negotiated during handshake .SH "SYNOPSIS" @@ -147,6 +137,7 @@ SSL_session_reused \- query whether a reused session was negotiated during hands .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 \& int SSL_session_reused(SSL *ssl); .Ve @@ -162,12 +153,12 @@ queried by the application. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.Ip "0" 4 +.IP "0" 4 A new session was negotiated. -.Ip "1" 4 +.IP "1" 4 .IX Item "1" A session was reused. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_set_session(3), -SSL_CTX_set_session_cache_mode(3) +\&\fIssl\fR\|(3), \fISSL_set_session\fR\|(3), +\&\fISSL_CTX_set_session_cache_mode\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_set_bio.3 b/secure/lib/libssl/man/SSL_set_bio.3 index a45734a..6d0d1b9 100644 --- a/secure/lib/libssl/man/SSL_set_bio.3 +++ b/secure/lib/libssl/man/SSL_set_bio.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:49 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,18 +126,18 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_set_bio 3" -.TH SSL_set_bio 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_set_bio 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_set_bio \- connect the \s-1SSL\s0 object with a \s-1BIO\s0 +SSL_set_bio \- connect the SSL object with a BIO .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 \& void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio); .Ve @@ -156,7 +147,7 @@ SSL_set_bio \- connect the \s-1SSL\s0 object with a \s-1BIO\s0 operations of the \s-1TLS/SSL\s0 (encrypted) side of \fBssl\fR. .PP The \s-1SSL\s0 engine inherits the behaviour of \fBrbio\fR and \fBwbio\fR, respectively. -If a \s-1BIO\s0 is non-blocking, the \fBssl\fR will also have non-blocking behaviour. +If a \s-1BIO\s0 is non\-blocking, the \fBssl\fR will also have non-blocking behaviour. .PP If there was already a \s-1BIO\s0 connected to \fBssl\fR, \fIBIO_free()\fR will be called (for both the reading and writing side, if different). @@ -165,6 +156,6 @@ If there was already a \s-1BIO\s0 connected to \fBssl\fR, \fIBIO_free()\fR will \&\fISSL_set_bio()\fR cannot fail. .SH "SEE ALSO" .IX Header "SEE ALSO" -SSL_get_rbio(3), -SSL_connect(3), SSL_accept(3), -SSL_shutdown(3), ssl(3), bio(3) +\&\fISSL_get_rbio\fR\|(3), +\&\fISSL_connect\fR\|(3), \fISSL_accept\fR\|(3), +\&\fISSL_shutdown\fR\|(3), \fIssl\fR\|(3), \fIbio\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_set_connect_state.3 b/secure/lib/libssl/man/SSL_set_connect_state.3 index 4987f4e..013907d 100644 --- a/secure/lib/libssl/man/SSL_set_connect_state.3 +++ b/secure/lib/libssl/man/SSL_set_connect_state.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:49 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,21 +126,22 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_set_connect_state 3" -.TH SSL_set_connect_state 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_set_connect_state 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_set_connect_state, SSL_get_accept_state \- prepare \s-1SSL\s0 object to work in client or server mode +SSL_set_connect_state, SSL_get_accept_state \- prepare SSL object to work in client or server mode .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 \& void SSL_set_connect_state(SSL *ssl); .Ve +.PP .Vb 1 \& void SSL_set_accept_state(SSL *ssl); .Ve @@ -160,11 +152,11 @@ SSL_set_connect_state, SSL_get_accept_state \- prepare \s-1SSL\s0 object to work \&\fISSL_set_accept_state()\fR sets \fBssl\fR to work in server mode. .SH "NOTES" .IX Header "NOTES" -When the \s-1SSL_CTX\s0 object was created with SSL_CTX_new(3), +When the \s-1SSL_CTX\s0 object was created with \fISSL_CTX_new\fR\|(3), it was either assigned a dedicated client method, a dedicated server method, or a generic method, that can be used for both client and server connections. (The method might have been changed with -SSL_CTX_set_ssl_version(3) or +\&\fISSL_CTX_set_ssl_version\fR\|(3) or \&\fISSL_set_ssl_method()\fR.) .PP When beginning a new handshake, the \s-1SSL\s0 engine must know whether it must @@ -172,10 +164,10 @@ call the connect (client) or accept (server) routines. Even though it may be clear from the method chosen, whether client or server mode was requested, the handshake routines must be explicitly set. .PP -When using the SSL_connect(3) or -SSL_accept(3) routines, the correct handshake +When using the \fISSL_connect\fR\|(3) or +\&\fISSL_accept\fR\|(3) routines, the correct handshake routines are automatically set. When performing a transparent negotiation -using SSL_write(3) or SSL_read(3), the +using \fISSL_write\fR\|(3) or \fISSL_read\fR\|(3), the handshake routines must be explicitly set in advance using either \&\fISSL_set_connect_state()\fR or \fISSL_set_accept_state()\fR. .SH "RETURN VALUES" @@ -184,8 +176,8 @@ handshake routines must be explicitly set in advance using either information. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_new(3), SSL_CTX_new(3), -SSL_connect(3), SSL_accept(3), -SSL_write(3), SSL_read(3), -SSL_do_handshake(3), -SSL_CTX_set_ssl_version(3) +\&\fIssl\fR\|(3), \fISSL_new\fR\|(3), \fISSL_CTX_new\fR\|(3), +\&\fISSL_connect\fR\|(3), \fISSL_accept\fR\|(3), +\&\fISSL_write\fR\|(3), \fISSL_read\fR\|(3), +\&\fISSL_do_handshake\fR\|(3), +\&\fISSL_CTX_set_ssl_version\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_set_fd.3 b/secure/lib/libssl/man/SSL_set_fd.3 index 45d3728..4e4c5f4 100644 --- a/secure/lib/libssl/man/SSL_set_fd.3 +++ b/secure/lib/libssl/man/SSL_set_fd.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:49 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,18 +126,18 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_set_fd 3" -.TH SSL_set_fd 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_set_fd 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_set_fd \- connect the \s-1SSL\s0 object with a file descriptor +SSL_set_fd \- connect the SSL object with a file descriptor .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 3 \& int SSL_set_fd(SSL *ssl, int fd); \& int SSL_set_rfd(SSL *ssl, int fd); @@ -160,7 +151,7 @@ socket file descriptor of a network connection. .PP When performing the operation, a \fBsocket \s-1BIO\s0\fR is automatically created to interface between the \fBssl\fR and \fBfd\fR. The \s-1BIO\s0 and hence the \s-1SSL\s0 engine -inherit the behaviour of \fBfd\fR. If \fBfd\fR is non-blocking, the \fBssl\fR will +inherit the behaviour of \fBfd\fR. If \fBfd\fR is non\-blocking, the \fBssl\fR will also have non-blocking behaviour. .PP If there was already a \s-1BIO\s0 connected to \fBssl\fR, \fIBIO_free()\fR will be called @@ -171,13 +162,13 @@ for the read channel or the write channel, which can be set independently. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.Ip "0" 4 +.IP "0" 4 The operation failed. Check the error stack to find out why. -.Ip "1" 4 +.IP "1" 4 .IX Item "1" The operation succeeded. .SH "SEE ALSO" .IX Header "SEE ALSO" -SSL_get_fd(3), SSL_set_bio(3), -SSL_connect(3), SSL_accept(3), -SSL_shutdown(3), ssl(3) , bio(3) +\&\fISSL_get_fd\fR\|(3), \fISSL_set_bio\fR\|(3), +\&\fISSL_connect\fR\|(3), \fISSL_accept\fR\|(3), +\&\fISSL_shutdown\fR\|(3), \fIssl\fR\|(3) , \fIbio\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_set_session.3 b/secure/lib/libssl/man/SSL_set_session.3 index a977d4e..d429b0c 100644 --- a/secure/lib/libssl/man/SSL_set_session.3 +++ b/secure/lib/libssl/man/SSL_set_session.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:49 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,18 +126,18 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_set_session 3" -.TH SSL_set_session 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_set_session 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_set_session \- set a \s-1TLS/SSL\s0 session to be used during \s-1TLS/SSL\s0 connect +SSL_set_session \- set a TLS/SSL session to be used during TLS/SSL connect .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 \& int SSL_set_session(SSL *ssl, SSL_SESSION *session); .Ve @@ -157,7 +148,7 @@ is to be established. \fISSL_set_session()\fR is only useful for \s-1TLS/SSL\s0 When the session is set, the reference count of \fBsession\fR is incremented by 1. If the session is not reused, the reference count is decremented again during \fISSL_connect()\fR. Whether the session was reused can be queried -with the SSL_session_reused(3) call. +with the \fISSL_session_reused\fR\|(3) call. .PP If there is already a session set inside \fBssl\fR (because it was set with \&\fISSL_set_session()\fR before or because the same \fBssl\fR was already used for @@ -172,14 +163,14 @@ from this \s-1SSL_CTX\s0 object). .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.Ip "0" 4 +.IP "0" 4 The operation failed; check the error stack to find out the reason. -.Ip "1" 4 +.IP "1" 4 .IX Item "1" The operation succeeded. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_SESSION_free(3), -SSL_get_session(3), -SSL_session_reused(3), -SSL_CTX_set_session_cache_mode(3) +\&\fIssl\fR\|(3), \fISSL_SESSION_free\fR\|(3), +\&\fISSL_get_session\fR\|(3), +\&\fISSL_session_reused\fR\|(3), +\&\fISSL_CTX_set_session_cache_mode\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_set_shutdown.3 b/secure/lib/libssl/man/SSL_set_shutdown.3 index 8b69112..3de924c 100644 --- a/secure/lib/libssl/man/SSL_set_shutdown.3 +++ b/secure/lib/libssl/man/SSL_set_shutdown.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:49 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,23 +126,24 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_set_shutdown 3" -.TH SSL_set_shutdown 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_set_shutdown 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_set_shutdown, SSL_get_shutdown \- manipulate shutdown state of an \s-1SSL\s0 connection +SSL_set_shutdown, SSL_get_shutdown \- manipulate shutdown state of an SSL connection .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 \& void SSL_set_shutdown(SSL *ssl, int mode); .Ve +.PP .Vb 1 -\& int SSL_get_shutdown(SSL *ssl); +\& int SSL_get_shutdown(const SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -161,13 +153,13 @@ SSL_set_shutdown, SSL_get_shutdown \- manipulate shutdown state of an \s-1SSL\s0 .SH "NOTES" .IX Header "NOTES" The shutdown state of an ssl connection is a bitmask of: -.Ip "0" 4 +.IP "0" 4 No shutdown setting, yet. -.Ip "\s-1SSL_SENT_SHUTDOWN\s0" 4 +.IP "\s-1SSL_SENT_SHUTDOWN\s0" 4 .IX Item "SSL_SENT_SHUTDOWN" A \*(L"close notify\*(R" shutdown alert was sent to the peer, the connection is being considered closed and the session is closed and correct. -.Ip "\s-1SSL_RECEIVED_SHUTDOWN\s0" 4 +.IP "\s-1SSL_RECEIVED_SHUTDOWN\s0" 4 .IX Item "SSL_RECEIVED_SHUTDOWN" A shutdown alert was received form the peer, either a normal \*(L"close notify\*(R" or a fatal error. @@ -176,18 +168,18 @@ or a fatal error. .PP The shutdown state of the connection is used to determine the state of the ssl session. If the session is still open, when -SSL_clear(3) or SSL_free(3) is called, +\&\fISSL_clear\fR\|(3) or \fISSL_free\fR\|(3) is called, it is considered bad and removed according to \s-1RFC2246\s0. The actual condition for a correctly closed session is \s-1SSL_SENT_SHUTDOWN\s0 (according to the \s-1TLS\s0 \s-1RFC\s0, it is acceptable to only send the \*(L"close notify\*(R" alert but to not wait for the peer's answer, when the underlying connection is closed). \&\fISSL_set_shutdown()\fR can be used to set this state without sending a -close alert to the peer (see SSL_shutdown(3)). +close alert to the peer (see \fISSL_shutdown\fR\|(3)). .PP If a \*(L"close notify\*(R" was received, \s-1SSL_RECEIVED_SHUTDOWN\s0 will be set, for setting \s-1SSL_SENT_SHUTDOWN\s0 the application must however still call -SSL_shutdown(3) or \fISSL_set_shutdown()\fR itself. +\&\fISSL_shutdown\fR\|(3) or \fISSL_set_shutdown()\fR itself. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fISSL_set_shutdown()\fR does not return diagnostic information. @@ -195,6 +187,6 @@ SSL_shutdown(3) or \fISSL_set_shutdown()\fR itself. \&\fISSL_get_shutdown()\fR returns the current setting. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_shutdown(3), -SSL_CTX_set_quiet_shutdown(3), -SSL_clear(3), SSL_free(3) +\&\fIssl\fR\|(3), \fISSL_shutdown\fR\|(3), +\&\fISSL_CTX_set_quiet_shutdown\fR\|(3), +\&\fISSL_clear\fR\|(3), \fISSL_free\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_set_verify_result.3 b/secure/lib/libssl/man/SSL_set_verify_result.3 index 8a7a0c0..9ca45fc 100644 --- a/secure/lib/libssl/man/SSL_set_verify_result.3 +++ b/secure/lib/libssl/man/SSL_set_verify_result.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:49 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,11 +126,10 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_set_verify_result 3" -.TH SSL_set_verify_result 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_set_verify_result 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" SSL_set_verify_result \- override result of peer certificate verification .SH "SYNOPSIS" @@ -147,6 +137,7 @@ SSL_set_verify_result \- override result of peer certificate verification .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 \& void SSL_set_verify_result(SSL *ssl, long verify_result); .Ve @@ -162,12 +153,12 @@ the verification result of the \fBssl\fR object. It does not become part of the established session, so if the session is to be reused later, the original value will reappear. .PP -The valid codes for \fBverify_result\fR are documented in verify(1). +The valid codes for \fBverify_result\fR are documented in \fIverify\fR\|(1). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fISSL_set_verify_result()\fR does not provide a return value. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_get_verify_result(3), -SSL_get_peer_certificate(3), -verify(1) +\&\fIssl\fR\|(3), \fISSL_get_verify_result\fR\|(3), +\&\fISSL_get_peer_certificate\fR\|(3), +\&\fIverify\fR\|(1) diff --git a/secure/lib/libssl/man/SSL_shutdown.3 b/secure/lib/libssl/man/SSL_shutdown.3 index 291aa32..a6259db 100644 --- a/secure/lib/libssl/man/SSL_shutdown.3 +++ b/secure/lib/libssl/man/SSL_shutdown.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:49 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,18 +126,18 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_shutdown 3" -.TH SSL_shutdown 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_shutdown 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_shutdown \- shut down a \s-1TLS/SSL\s0 connection +SSL_shutdown \- shut down a TLS/SSL connection .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 \& int SSL_shutdown(SSL *ssl); .Ve @@ -171,15 +162,15 @@ When the underlying connection shall be used for more communications, the complete shutdown procedure (bidirectional \*(L"close notify\*(R" alerts) must be performed, so that the peers stay synchronized. .PP -\&\fISSL_shutdown()\fR supports both uni- and bidirectional shutdown by its 2 step +\&\fISSL_shutdown()\fR supports both uni\- and bidirectional shutdown by its 2 step behaviour. -.if n .Ip "When the application is the first party to send the """"close notify"""" alert, \fISSL_shutdown()\fR will only send the alert and the set the \s-1SSL_SENT_SHUTDOWN\s0 flag (so that the session is considered good and will be kept in cache). \fISSL_shutdown()\fR will then return with 0. If a unidirectional shutdown is enough (the underlying connection shall be closed anyway), this first call to \fISSL_shutdown()\fR is sufficient. In order to complete the bidirectional shutdown handshake, \fISSL_shutdown()\fR must be called again. The second call will make \fISSL_shutdown()\fR wait for the peer's """"close notify"""" shutdown alert. On success, the second call to \fISSL_shutdown()\fR will return with 1." 4 -.el .Ip "When the application is the first party to send the ``close notify'' alert, \fISSL_shutdown()\fR will only send the alert and the set the \s-1SSL_SENT_SHUTDOWN\s0 flag (so that the session is considered good and will be kept in cache). \fISSL_shutdown()\fR will then return with 0. If a unidirectional shutdown is enough (the underlying connection shall be closed anyway), this first call to \fISSL_shutdown()\fR is sufficient. In order to complete the bidirectional shutdown handshake, \fISSL_shutdown()\fR must be called again. The second call will make \fISSL_shutdown()\fR wait for the peer's ``close notify'' shutdown alert. On success, the second call to \fISSL_shutdown()\fR will return with 1." 4 -.IX Item "When the application is the first party to send the "close notify alert, SSL_shutdown() will only send the alert and the set the SSL_SENT_SHUTDOWN flag (so that the session is considered good and will be kept in cache). SSL_shutdown() will then return with 0. If a unidirectional shutdown is enough (the underlying connection shall be closed anyway), this first call to SSL_shutdown() is sufficient. In order to complete the bidirectional shutdown handshake, SSL_shutdown() must be called again. The second call will make SSL_shutdown() wait for the peer's close notify shutdown alert. On success, the second call to SSL_shutdown() will return with 1." +.ie n .IP "When the application is the first party to send the ""close notify"" alert, \fISSL_shutdown()\fR will only send the alert and then set the \s-1SSL_SENT_SHUTDOWN\s0 flag (so that the session is considered good and will be kept in cache). \fISSL_shutdown()\fR will then return with 0. If a unidirectional shutdown is enough (the underlying connection shall be closed anyway), this first call to \fISSL_shutdown()\fR is sufficient. In order to complete the bidirectional shutdown handshake, \fISSL_shutdown()\fR must be called again. The second call will make \fISSL_shutdown()\fR wait for the peer's ""close notify"" shutdown alert. On success, the second call to \fISSL_shutdown()\fR will return with 1." 4 +.el .IP "When the application is the first party to send the ``close notify'' alert, \fISSL_shutdown()\fR will only send the alert and then set the \s-1SSL_SENT_SHUTDOWN\s0 flag (so that the session is considered good and will be kept in cache). \fISSL_shutdown()\fR will then return with 0. If a unidirectional shutdown is enough (the underlying connection shall be closed anyway), this first call to \fISSL_shutdown()\fR is sufficient. In order to complete the bidirectional shutdown handshake, \fISSL_shutdown()\fR must be called again. The second call will make \fISSL_shutdown()\fR wait for the peer's ``close notify'' shutdown alert. On success, the second call to \fISSL_shutdown()\fR will return with 1." 4 +.IX Item "When the application is the first party to send the close notify alert, SSL_shutdown() will only send the alert and then set the SSL_SENT_SHUTDOWN flag (so that the session is considered good and will be kept in cache). SSL_shutdown() will then return with 0. If a unidirectional shutdown is enough (the underlying connection shall be closed anyway), this first call to SSL_shutdown() is sufficient. In order to complete the bidirectional shutdown handshake, SSL_shutdown() must be called again. The second call will make SSL_shutdown() wait for the peer's close notify shutdown alert. On success, the second call to SSL_shutdown() will return with 1." .PD 0 -.if n .Ip "If the peer already sent the """"close notify"""" alert \fBand\fR it was already processed implicitly inside another function (SSL_read(3)), the \s-1SSL_RECEIVED_SHUTDOWN\s0 flag is set. \fISSL_shutdown()\fR will send the """"close notify"""" alert, set the \s-1SSL_SENT_SHUTDOWN\s0 flag and will immediately return with 1. Whether \s-1SSL_RECEIVED_SHUTDOWN\s0 is already set can be checked using the \fISSL_get_shutdown()\fR (see also SSL_set_shutdown(3) call." 4 -.el .Ip "If the peer already sent the ``close notify'' alert \fBand\fR it was already processed implicitly inside another function (SSL_read(3)), the \s-1SSL_RECEIVED_SHUTDOWN\s0 flag is set. \fISSL_shutdown()\fR will send the ``close notify'' alert, set the \s-1SSL_SENT_SHUTDOWN\s0 flag and will immediately return with 1. Whether \s-1SSL_RECEIVED_SHUTDOWN\s0 is already set can be checked using the \fISSL_get_shutdown()\fR (see also SSL_set_shutdown(3) call." 4 -.IX Item "If the peer already sent the "close notify alert and it was already processed implicitly inside another function (SSL_read(3)), the SSL_RECEIVED_SHUTDOWN flag is set. SSL_shutdown() will send the close notify alert, set the SSL_SENT_SHUTDOWN flag and will immediately return with 1. Whether SSL_RECEIVED_SHUTDOWN is already set can be checked using the SSL_get_shutdown() (see also SSL_set_shutdown(3) call." +.ie n .IP "If the peer already sent the ""close notify"" alert \fBand\fR it was already processed implicitly inside another function (\fISSL_read\fR\|(3)), the \s-1SSL_RECEIVED_SHUTDOWN\s0 flag is set. \fISSL_shutdown()\fR will send the ""close notify"" alert, set the \s-1SSL_SENT_SHUTDOWN\s0 flag and will immediately return with 1. Whether \s-1SSL_RECEIVED_SHUTDOWN\s0 is already set can be checked using the \fISSL_get_shutdown()\fR (see also \fISSL_set_shutdown\fR\|(3) call." 4 +.el .IP "If the peer already sent the ``close notify'' alert \fBand\fR it was already processed implicitly inside another function (\fISSL_read\fR\|(3)), the \s-1SSL_RECEIVED_SHUTDOWN\s0 flag is set. \fISSL_shutdown()\fR will send the ``close notify'' alert, set the \s-1SSL_SENT_SHUTDOWN\s0 flag and will immediately return with 1. Whether \s-1SSL_RECEIVED_SHUTDOWN\s0 is already set can be checked using the \fISSL_get_shutdown()\fR (see also \fISSL_set_shutdown\fR\|(3) call." 4 +.IX Item "If the peer already sent the close notify alert and it was already processed implicitly inside another function (SSL_read), the SSL_RECEIVED_SHUTDOWN flag is set. SSL_shutdown() will send the close notify alert, set the SSL_SENT_SHUTDOWN flag and will immediately return with 1. Whether SSL_RECEIVED_SHUTDOWN is already set can be checked using the SSL_get_shutdown() (see also SSL_set_shutdown call." .PD .PP It is therefore recommended, to check the return value of \fISSL_shutdown()\fR @@ -206,32 +197,32 @@ into or retrieved out of the \s-1BIO\s0 before being able to continue. .PP \&\fISSL_shutdown()\fR can be modified to only set the connection to \*(L"shutdown\*(R" state but not actually send the \*(L"close notify\*(R" alert messages, -see SSL_CTX_set_quiet_shutdown(3). +see \fISSL_CTX_set_quiet_shutdown\fR\|(3). When \*(L"quiet shutdown\*(R" is enabled, \fISSL_shutdown()\fR will always succeed and return 1. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.Ip "1" 4 +.IP "1" 4 .IX Item "1" The shutdown was successfully completed. The \*(L"close notify\*(R" alert was sent and the peer's \*(L"close notify\*(R" alert was received. -.Ip "0" 4 +.IP "0" 4 The shutdown is not yet finished. Call \fISSL_shutdown()\fR for a second time, if a bidirectional shutdown shall be performed. -The output of SSL_get_error(3) may be misleading, as an +The output of \fISSL_get_error\fR\|(3) may be misleading, as an erroneous \s-1SSL_ERROR_SYSCALL\s0 may be flagged even though no error occurred. -.Ip "\-1" 4 +.IP "\-1" 4 .IX Item "-1" The shutdown was not successful because a fatal error occurred either at the protocol level or a connection failure occurred. It can also occur if action is need to continue the operation for non-blocking BIOs. -Call SSL_get_error(3) with the return value \fBret\fR +Call \fISSL_get_error\fR\|(3) with the return value \fBret\fR to find out the reason. .SH "SEE ALSO" .IX Header "SEE ALSO" -SSL_get_error(3), SSL_connect(3), -SSL_accept(3), SSL_set_shutdown(3), -SSL_CTX_set_quiet_shutdown(3), -SSL_clear(3), SSL_free(3), -ssl(3), bio(3) +\&\fISSL_get_error\fR\|(3), \fISSL_connect\fR\|(3), +\&\fISSL_accept\fR\|(3), \fISSL_set_shutdown\fR\|(3), +\&\fISSL_CTX_set_quiet_shutdown\fR\|(3), +\&\fISSL_clear\fR\|(3), \fISSL_free\fR\|(3), +\&\fIssl\fR\|(3), \fIbio\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_state_string.3 b/secure/lib/libssl/man/SSL_state_string.3 index 5d5c232..a7e925e 100644 --- a/secure/lib/libssl/man/SSL_state_string.3 +++ b/secure/lib/libssl/man/SSL_state_string.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:50 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,21 +126,21 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_state_string 3" -.TH SSL_state_string 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_state_string 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_state_string, SSL_state_string_long \- get textual description of state of an \s-1SSL\s0 object +SSL_state_string, SSL_state_string_long \- get textual description of state of an SSL object .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 2 -\& const char *SSL_state_string(SSL *ssl); -\& const char *SSL_state_string_long(SSL *ssl); +\& const char *SSL_state_string(const SSL *ssl); +\& const char *SSL_state_string_long(const SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -177,4 +168,4 @@ can be used within the info_callback function set with the Detailed description of possible states to be included later. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_CTX_set_info_callback(3) +\&\fIssl\fR\|(3), \fISSL_CTX_set_info_callback\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_want.3 b/secure/lib/libssl/man/SSL_want.3 index 2fef873..d8131f1 100644 --- a/secure/lib/libssl/man/SSL_want.3 +++ b/secure/lib/libssl/man/SSL_want.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:50 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,24 +126,24 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_want 3" -.TH SSL_want 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_want 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, SSL_want_x509_lookup \- obtain state information \s-1TLS/SSL\s0 I/O operation +SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, SSL_want_x509_lookup \- obtain state information TLS/SSL I/O operation .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 5 -\& int SSL_want(SSL *ssl); -\& int SSL_want_nothing(SSL *ssl); -\& int SSL_want_read(SSL *ssl); -\& int SSL_want_write(SSL *ssl); -\& int SSL_want_x509_lookup(SSL *ssl); +\& int SSL_want(const SSL *ssl); +\& int SSL_want_nothing(const SSL *ssl); +\& int SSL_want_read(const SSL *ssl); +\& int SSL_want_write(const SSL *ssl); +\& int SSL_want_x509_lookup(const SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -163,42 +154,42 @@ by \fISSL_want()\fR. .SH "NOTES" .IX Header "NOTES" \&\fISSL_want()\fR examines the internal state information of the \s-1SSL\s0 object. Its -return values are similar to that of SSL_get_error(3). -Unlike SSL_get_error(3), which also evaluates the +return values are similar to that of \fISSL_get_error\fR\|(3). +Unlike \fISSL_get_error\fR\|(3), which also evaluates the error queue, the results are obtained by examining an internal state flag only. The information must therefore only be used for normal operation under non-blocking I/O. Error conditions are not handled and must be treated -using SSL_get_error(3). +using \fISSL_get_error\fR\|(3). .PP The result returned by \fISSL_want()\fR should always be consistent with -the result of SSL_get_error(3). +the result of \fISSL_get_error\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can currently occur for \fISSL_want()\fR: -.Ip "\s-1SSL_NOTHING\s0" 4 +.IP "\s-1SSL_NOTHING\s0" 4 .IX Item "SSL_NOTHING" There is no data to be written or to be read. -.Ip "\s-1SSL_WRITING\s0" 4 +.IP "\s-1SSL_WRITING\s0" 4 .IX Item "SSL_WRITING" There are data in the \s-1SSL\s0 buffer that must be written to the underlying \&\fB\s-1BIO\s0\fR layer in order to complete the actual SSL_*() operation. -A call to SSL_get_error(3) should return +A call to \fISSL_get_error\fR\|(3) should return \&\s-1SSL_ERROR_WANT_WRITE\s0. -.Ip "\s-1SSL_READING\s0" 4 +.IP "\s-1SSL_READING\s0" 4 .IX Item "SSL_READING" More data must be read from the underlying \fB\s-1BIO\s0\fR layer in order to complete the actual SSL_*() operation. -A call to SSL_get_error(3) should return +A call to \fISSL_get_error\fR\|(3) should return \&\s-1SSL_ERROR_WANT_READ\s0. -.Ip "\s-1SSL_X509_LOOKUP\s0" 4 +.IP "\s-1SSL_X509_LOOKUP\s0" 4 .IX Item "SSL_X509_LOOKUP" The operation did not complete because an application callback set by \&\fISSL_CTX_set_client_cert_cb()\fR has asked to be called again. -A call to SSL_get_error(3) should return +A call to \fISSL_get_error\fR\|(3) should return \&\s-1SSL_ERROR_WANT_X509_LOOKUP\s0. .PP \&\fISSL_want_nothing()\fR, \fISSL_want_read()\fR, \fISSL_want_write()\fR, \fISSL_want_x509_lookup()\fR return 1, when the corresponding condition is true or 0 otherwise. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), err(3), SSL_get_error(3) +\&\fIssl\fR\|(3), \fIerr\fR\|(3), \fISSL_get_error\fR\|(3) diff --git a/secure/lib/libssl/man/SSL_write.3 b/secure/lib/libssl/man/SSL_write.3 index 4edfc84..dff29b4 100644 --- a/secure/lib/libssl/man/SSL_write.3 +++ b/secure/lib/libssl/man/SSL_write.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:50 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,18 +126,18 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "SSL_write 3" -.TH SSL_write 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH SSL_write 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -SSL_write \- write bytes to a \s-1TLS/SSL\s0 connection. +SSL_write \- write bytes to a TLS/SSL connection. .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 1 \& int SSL_write(SSL *ssl, const void *buf, int num); .Ve @@ -157,27 +148,27 @@ SSL_write \- write bytes to a \s-1TLS/SSL\s0 connection. .SH "NOTES" .IX Header "NOTES" If necessary, \fISSL_write()\fR will negotiate a \s-1TLS/SSL\s0 session, if -not already explicitly performed by SSL_connect(3) or -SSL_accept(3). If the -peer requests a re-negotiation, it will be performed transparently during +not already explicitly performed by \fISSL_connect\fR\|(3) or +\&\fISSL_accept\fR\|(3). If the +peer requests a re\-negotiation, it will be performed transparently during the \fISSL_write()\fR operation. The behaviour of \fISSL_write()\fR depends on the underlying \s-1BIO\s0. .PP For the transparent negotiation to succeed, the \fBssl\fR must have been initialized to client or server mode. This is being done by calling -SSL_set_connect_state(3) or \fISSL_set_accept_state()\fR -before the first call to an SSL_read(3) or \fISSL_write()\fR function. +\&\fISSL_set_connect_state\fR\|(3) or \fISSL_set_accept_state()\fR +before the first call to an \fISSL_read\fR\|(3) or \fISSL_write()\fR function. .PP If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_write()\fR will only return, once the write operation has been finished or an error occurred, except when a renegotiation take place, in which case a \s-1SSL_ERROR_WANT_READ\s0 may occur. This behaviour can be controlled with the \s-1SSL_MODE_AUTO_RETRY\s0 flag of the -SSL_CTX_set_mode(3) call. +\&\fISSL_CTX_set_mode\fR\|(3) call. .PP If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_write()\fR will also return, when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_write()\fR to continue the operation. In this case a call to -SSL_get_error(3) with the +\&\fISSL_get_error\fR\|(3) with the return value of \fISSL_write()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or \&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. As at any time a re-negotiation is possible, a call to \fISSL_write()\fR can also cause read operations! The calling process @@ -190,7 +181,7 @@ must be written into or retrieved out of the \s-1BIO\s0 before being able to con \&\fISSL_write()\fR will only return with success, when the complete contents of \fBbuf\fR of length \fBnum\fR has been written. This default behaviour can be changed with the \s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0 option of -SSL_CTX_set_mode(3). When this flag is set, +\&\fISSL_CTX_set_mode\fR\|(3). When this flag is set, \&\fISSL_write()\fR will also return with success, when a partial write has been successfully completed. In this case the \fISSL_write()\fR operation is considered completed. The bytes are sent and a new \fISSL_write()\fR operation with a new @@ -208,11 +199,11 @@ undefined. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: -.Ip ">0" 4 +.IP ">0" 4 .IX Item ">0" The write operation was successful, the return value is the number of bytes actually written to the \s-1TLS/SSL\s0 connection. -.Ip "0" 4 +.IP "0" 4 The write operation was not successful. Probably the underlying connection was closed. Call \fISSL_get_error()\fR with the return value \fBret\fR to find out, whether an error occurred or the connection was shut down cleanly @@ -221,15 +212,15 @@ whether an error occurred or the connection was shut down cleanly SSLv2 (deprecated) does not support a shutdown alert protocol, so it can only be detected, whether the underlying connection was closed. It cannot be checked, why the closure happened. -.Ip "<0" 4 +.IP "<0" 4 .IX Item "<0" The write operation was not successful, because either an error occurred or action must be taken by the calling process. Call \fISSL_get_error()\fR with the return value \fBret\fR to find out the reason. .SH "SEE ALSO" .IX Header "SEE ALSO" -SSL_get_error(3), SSL_read(3), -SSL_CTX_set_mode(3), SSL_CTX_new(3), -SSL_connect(3), SSL_accept(3) -SSL_set_connect_state(3), -ssl(3), bio(3) +\&\fISSL_get_error\fR\|(3), \fISSL_read\fR\|(3), +\&\fISSL_CTX_set_mode\fR\|(3), \fISSL_CTX_new\fR\|(3), +\&\fISSL_connect\fR\|(3), \fISSL_accept\fR\|(3) +\&\fISSL_set_connect_state\fR\|(3), +\&\fIssl\fR\|(3), \fIbio\fR\|(3) diff --git a/secure/lib/libssl/man/d2i_SSL_SESSION.3 b/secure/lib/libssl/man/d2i_SSL_SESSION.3 index 8a9e70e..66793ff 100644 --- a/secure/lib/libssl/man/d2i_SSL_SESSION.3 +++ b/secure/lib/libssl/man/d2i_SSL_SESSION.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:50 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,20 +126,20 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "d2i_SSL_SESSION 3" -.TH d2i_SSL_SESSION 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH d2i_SSL_SESSION 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -d2i_SSL_SESSION, i2d_SSL_SESSION \- convert \s-1SSL_SESSION\s0 object from/to \s-1ASN1\s0 representation +d2i_SSL_SESSION, i2d_SSL_SESSION \- convert SSL_SESSION object from/to ASN1 representation .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> .Ve +.PP .Vb 2 -\& SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp, long length); +\& SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length); \& int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); .Ve .SH "DESCRIPTION" @@ -170,10 +161,10 @@ a binary \s-1ASN1\s0 representation. .PP When using \fId2i_SSL_SESSION()\fR, the \s-1SSL_SESSION\s0 object is automatically allocated. The reference count is 1, so that the session must be -explicitly removed using SSL_SESSION_free(3), +explicitly removed using \fISSL_SESSION_free\fR\|(3), unless the \s-1SSL_SESSION\s0 object is completely taken over, when being called inside the \fIget_session_cb()\fR (see -SSL_CTX_sess_set_get_cb(3)). +\&\fISSL_CTX_sess_set_get_cb\fR\|(3)). .PP \&\s-1SSL_SESSION\s0 objects keep internal link information about the session cache list, when being inserted into one \s-1SSL_CTX\s0 object's session cache. @@ -197,5 +188,5 @@ can be retrieved from the error stack. When the session is not valid, \fB0\fR is returned and no operation is performed. .SH "SEE ALSO" .IX Header "SEE ALSO" -ssl(3), SSL_SESSION_free(3), -SSL_CTX_sess_set_get_cb(3) +\&\fIssl\fR\|(3), \fISSL_SESSION_free\fR\|(3), +\&\fISSL_CTX_sess_set_get_cb\fR\|(3) diff --git a/secure/lib/libssl/man/ssl.3 b/secure/lib/libssl/man/ssl.3 index 38a1a43..5e0c925 100644 --- a/secure/lib/libssl/man/ssl.3 +++ b/secure/lib/libssl/man/ssl.3 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:47:50 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,13 +126,12 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "ssl 3" -.TH ssl 3 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH ssl 3 "2006-07-29" "0.9.8b" "OpenSSL" .SH "NAME" -\&\s-1SSL\s0 \- OpenSSL \s-1SSL/TLS\s0 library +SSL \- OpenSSL SSL/TLS library .SH "SYNOPSIS" .IX Header "SYNOPSIS" .SH "DESCRIPTION" @@ -151,51 +141,51 @@ Transport Layer Security (\s-1TLS\s0 v1) protocols. It provides a rich \s-1API\s documented here. .PP At first the library must be initialized; see -SSL_library_init(3). +\&\fISSL_library_init\fR\|(3). .PP Then an \fB\s-1SSL_CTX\s0\fR object is created as a framework to establish -\&\s-1TLS/SSL\s0 enabled connections (see SSL_CTX_new(3)). +\&\s-1TLS/SSL\s0 enabled connections (see \fISSL_CTX_new\fR\|(3)). Various options regarding certificates, algorithms etc. can be set in this object. .PP When a network connection has been created, it can be assigned to an \&\fB\s-1SSL\s0\fR object. After the \fB\s-1SSL\s0\fR object has been created using -SSL_new(3), SSL_set_fd(3) or -SSL_set_bio(3) can be used to associate the network +\&\fISSL_new\fR\|(3), \fISSL_set_fd\fR\|(3) or +\&\fISSL_set_bio\fR\|(3) can be used to associate the network connection with the object. .PP Then the \s-1TLS/SSL\s0 handshake is performed using -SSL_accept(3) or SSL_connect(3) +\&\fISSL_accept\fR\|(3) or \fISSL_connect\fR\|(3) respectively. -SSL_read(3) and SSL_write(3) are used +\&\fISSL_read\fR\|(3) and \fISSL_write\fR\|(3) are used to read and write data on the \s-1TLS/SSL\s0 connection. -SSL_shutdown(3) can be used to shut down the +\&\fISSL_shutdown\fR\|(3) can be used to shut down the \&\s-1TLS/SSL\s0 connection. .SH "DATA STRUCTURES" .IX Header "DATA STRUCTURES" Currently the OpenSSL \fBssl\fR library functions deals with the following data structures: -.Ip "\fB\s-1SSL_METHOD\s0\fR (\s-1SSL\s0 Method)" 4 +.IP "\fB\s-1SSL_METHOD\s0\fR (\s-1SSL\s0 Method)" 4 .IX Item "SSL_METHOD (SSL Method)" That's a dispatch structure describing the internal \fBssl\fR library methods/functions which implement the various protocol versions (SSLv1, SSLv2 and TLSv1). It's needed to create an \fB\s-1SSL_CTX\s0\fR. -.Ip "\fB\s-1SSL_CIPHER\s0\fR (\s-1SSL\s0 Cipher)" 4 +.IP "\fB\s-1SSL_CIPHER\s0\fR (\s-1SSL\s0 Cipher)" 4 .IX Item "SSL_CIPHER (SSL Cipher)" This structure holds the algorithm information for a particular cipher which are a core part of the \s-1SSL/TLS\s0 protocol. The available ciphers are configured on a \fB\s-1SSL_CTX\s0\fR basis and the actually used ones are then part of the \&\fB\s-1SSL_SESSION\s0\fR. -.Ip "\fB\s-1SSL_CTX\s0\fR (\s-1SSL\s0 Context)" 4 +.IP "\fB\s-1SSL_CTX\s0\fR (\s-1SSL\s0 Context)" 4 .IX Item "SSL_CTX (SSL Context)" That's the global context structure which is created by a server or client once per program life-time and which holds mainly default values for the \&\fB\s-1SSL\s0\fR structures which are later created for the connections. -.Ip "\fB\s-1SSL_SESSION\s0\fR (\s-1SSL\s0 Session)" 4 +.IP "\fB\s-1SSL_SESSION\s0\fR (\s-1SSL\s0 Session)" 4 .IX Item "SSL_SESSION (SSL Session)" This is a structure containing the current \s-1TLS/SSL\s0 session details for a connection: \fB\s-1SSL_CIPHER\s0\fRs, client and server certificates, keys, etc. -.Ip "\fB\s-1SSL\s0\fR (\s-1SSL\s0 Connection)" 4 +.IP "\fB\s-1SSL\s0\fR (\s-1SSL\s0 Connection)" 4 .IX Item "SSL (SSL Connection)" That's the main \s-1SSL/TLS\s0 structure which is created by a server or client per established connection. This actually is the core structure in the \s-1SSL\s0 \s-1API\s0. @@ -205,30 +195,30 @@ links to mostly all other structures. .IX Header "HEADER FILES" Currently the OpenSSL \fBssl\fR library provides the following C header files containing the prototypes for the data structures and and functions: -.Ip "\fBssl.h\fR" 4 +.IP "\fBssl.h\fR" 4 .IX Item "ssl.h" That's the common header file for the \s-1SSL/TLS\s0 \s-1API\s0. Include it into your program to make the \s-1API\s0 of the \fBssl\fR library available. It internally includes both more private \s-1SSL\s0 headers and headers from the \fBcrypto\fR library. Whenever you need hard-core details on the internals of the \s-1SSL\s0 \s-1API\s0, look inside this header file. -.Ip "\fBssl2.h\fR" 4 +.IP "\fBssl2.h\fR" 4 .IX Item "ssl2.h" That's the sub header file dealing with the SSLv2 protocol only. \&\fIUsually you don't have to include it explicitly because it's already included by ssl.h\fR. -.Ip "\fBssl3.h\fR" 4 +.IP "\fBssl3.h\fR" 4 .IX Item "ssl3.h" That's the sub header file dealing with the SSLv3 protocol only. \&\fIUsually you don't have to include it explicitly because it's already included by ssl.h\fR. -.Ip "\fBssl23.h\fR" 4 +.IP "\fBssl23.h\fR" 4 .IX Item "ssl23.h" That's the sub header file dealing with the combined use of the SSLv2 and SSLv3 protocols. \&\fIUsually you don't have to include it explicitly because it's already included by ssl.h\fR. -.Ip "\fBtls1.h\fR" 4 +.IP "\fBtls1.h\fR" 4 .IX Item "tls1.h" That's the sub header file dealing with the TLSv1 protocol only. \&\fIUsually you don't have to include it explicitly because @@ -241,52 +231,52 @@ They are documented in the following: .IX Subsection "DEALING WITH PROTOCOL METHODS" Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 protocol methods defined in \fB\s-1SSL_METHOD\s0\fR structures. -.Ip "\s-1SSL_METHOD\s0 *\fBSSLv2_client_method\fR(void);" 4 +.IP "\s-1SSL_METHOD\s0 *\fBSSLv2_client_method\fR(void);" 4 .IX Item "SSL_METHOD *SSLv2_client_method(void);" Constructor for the SSLv2 \s-1SSL_METHOD\s0 structure for a dedicated client. -.Ip "\s-1SSL_METHOD\s0 *\fBSSLv2_server_method\fR(void);" 4 +.IP "\s-1SSL_METHOD\s0 *\fBSSLv2_server_method\fR(void);" 4 .IX Item "SSL_METHOD *SSLv2_server_method(void);" Constructor for the SSLv2 \s-1SSL_METHOD\s0 structure for a dedicated server. -.Ip "\s-1SSL_METHOD\s0 *\fBSSLv2_method\fR(void);" 4 +.IP "\s-1SSL_METHOD\s0 *\fBSSLv2_method\fR(void);" 4 .IX Item "SSL_METHOD *SSLv2_method(void);" Constructor for the SSLv2 \s-1SSL_METHOD\s0 structure for combined client and server. -.Ip "\s-1SSL_METHOD\s0 *\fBSSLv3_client_method\fR(void);" 4 +.IP "\s-1SSL_METHOD\s0 *\fBSSLv3_client_method\fR(void);" 4 .IX Item "SSL_METHOD *SSLv3_client_method(void);" Constructor for the SSLv3 \s-1SSL_METHOD\s0 structure for a dedicated client. -.Ip "\s-1SSL_METHOD\s0 *\fBSSLv3_server_method\fR(void);" 4 +.IP "\s-1SSL_METHOD\s0 *\fBSSLv3_server_method\fR(void);" 4 .IX Item "SSL_METHOD *SSLv3_server_method(void);" Constructor for the SSLv3 \s-1SSL_METHOD\s0 structure for a dedicated server. -.Ip "\s-1SSL_METHOD\s0 *\fBSSLv3_method\fR(void);" 4 +.IP "\s-1SSL_METHOD\s0 *\fBSSLv3_method\fR(void);" 4 .IX Item "SSL_METHOD *SSLv3_method(void);" Constructor for the SSLv3 \s-1SSL_METHOD\s0 structure for combined client and server. -.Ip "\s-1SSL_METHOD\s0 *\fBTLSv1_client_method\fR(void);" 4 +.IP "\s-1SSL_METHOD\s0 *\fBTLSv1_client_method\fR(void);" 4 .IX Item "SSL_METHOD *TLSv1_client_method(void);" Constructor for the TLSv1 \s-1SSL_METHOD\s0 structure for a dedicated client. -.Ip "\s-1SSL_METHOD\s0 *\fBTLSv1_server_method\fR(void);" 4 +.IP "\s-1SSL_METHOD\s0 *\fBTLSv1_server_method\fR(void);" 4 .IX Item "SSL_METHOD *TLSv1_server_method(void);" Constructor for the TLSv1 \s-1SSL_METHOD\s0 structure for a dedicated server. -.Ip "\s-1SSL_METHOD\s0 *\fBTLSv1_method\fR(void);" 4 +.IP "\s-1SSL_METHOD\s0 *\fBTLSv1_method\fR(void);" 4 .IX Item "SSL_METHOD *TLSv1_method(void);" Constructor for the TLSv1 \s-1SSL_METHOD\s0 structure for combined client and server. .Sh "\s-1DEALING\s0 \s-1WITH\s0 \s-1CIPHERS\s0" .IX Subsection "DEALING WITH CIPHERS" Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 ciphers defined in \fB\s-1SSL_CIPHER\s0\fR structures. -.Ip "char *\fBSSL_CIPHER_description\fR(\s-1SSL_CIPHER\s0 *cipher, char *buf, int len);" 4 +.IP "char *\fBSSL_CIPHER_description\fR(\s-1SSL_CIPHER\s0 *cipher, char *buf, int len);" 4 .IX Item "char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len);" Write a string to \fIbuf\fR (with a maximum size of \fIlen\fR) containing a human readable description of \fIcipher\fR. Returns \fIbuf\fR. -.Ip "int \fBSSL_CIPHER_get_bits\fR(\s-1SSL_CIPHER\s0 *cipher, int *alg_bits);" 4 +.IP "int \fBSSL_CIPHER_get_bits\fR(\s-1SSL_CIPHER\s0 *cipher, int *alg_bits);" 4 .IX Item "int SSL_CIPHER_get_bits(SSL_CIPHER *cipher, int *alg_bits);" Determine the number of bits in \fIcipher\fR. Because of export crippled ciphers there are two bits: The bits the algorithm supports in general (stored to \&\fIalg_bits\fR) and the bits which are actually used (the return value). -.Ip "const char *\fBSSL_CIPHER_get_name\fR(\s-1SSL_CIPHER\s0 *cipher);" 4 +.IP "const char *\fBSSL_CIPHER_get_name\fR(\s-1SSL_CIPHER\s0 *cipher);" 4 .IX Item "const char *SSL_CIPHER_get_name(SSL_CIPHER *cipher);" Return the internal name of \fIcipher\fR as a string. These are the various strings defined by the \fISSL2_TXT_xxx\fR, \fISSL3_TXT_xxx\fR and \fITLS1_TXT_xxx\fR definitions in the header files. -.Ip "char *\fBSSL_CIPHER_get_version\fR(\s-1SSL_CIPHER\s0 *cipher);" 4 +.IP "char *\fBSSL_CIPHER_get_version\fR(\s-1SSL_CIPHER\s0 *cipher);" 4 .IX Item "char *SSL_CIPHER_get_version(SSL_CIPHER *cipher);" Returns a string like "\f(CW\*(C`TLSv1/SSLv3\*(C'\fR\*(L" or \*(R"\f(CW\*(C`SSLv2\*(C'\fR" which indicates the \&\s-1SSL/TLS\s0 protocol version to which \fIcipher\fR belongs (i.e. where it was defined @@ -295,138 +285,138 @@ in the specification the first time). .IX Subsection "DEALING WITH PROTOCOL CONTEXTS" Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 protocol context defined in the \fB\s-1SSL_CTX\s0\fR structure. -.Ip "int \fBSSL_CTX_add_client_CA\fR(\s-1SSL_CTX\s0 *ctx, X509 *x);" 4 +.IP "int \fBSSL_CTX_add_client_CA\fR(\s-1SSL_CTX\s0 *ctx, X509 *x);" 4 .IX Item "int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x);" .PD 0 -.Ip "long \fBSSL_CTX_add_extra_chain_cert\fR(\s-1SSL_CTX\s0 *ctx, X509 *x509);" 4 +.IP "long \fBSSL_CTX_add_extra_chain_cert\fR(\s-1SSL_CTX\s0 *ctx, X509 *x509);" 4 .IX Item "long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509);" -.Ip "int \fBSSL_CTX_add_session\fR(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *c);" 4 +.IP "int \fBSSL_CTX_add_session\fR(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *c);" 4 .IX Item "int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c);" -.Ip "int \fBSSL_CTX_check_private_key\fR(\s-1SSL_CTX\s0 *ctx);" 4 -.IX Item "int SSL_CTX_check_private_key(SSL_CTX *ctx);" -.Ip "long \fBSSL_CTX_ctrl\fR(\s-1SSL_CTX\s0 *ctx, int cmd, long larg, char *parg);" 4 +.IP "int \fBSSL_CTX_check_private_key\fR(const \s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_check_private_key(const SSL_CTX *ctx);" +.IP "long \fBSSL_CTX_ctrl\fR(\s-1SSL_CTX\s0 *ctx, int cmd, long larg, char *parg);" 4 .IX Item "long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg);" -.Ip "void \fBSSL_CTX_flush_sessions\fR(\s-1SSL_CTX\s0 *s, long t);" 4 +.IP "void \fBSSL_CTX_flush_sessions\fR(\s-1SSL_CTX\s0 *s, long t);" 4 .IX Item "void SSL_CTX_flush_sessions(SSL_CTX *s, long t);" -.Ip "void \fBSSL_CTX_free\fR(\s-1SSL_CTX\s0 *a);" 4 +.IP "void \fBSSL_CTX_free\fR(\s-1SSL_CTX\s0 *a);" 4 .IX Item "void SSL_CTX_free(SSL_CTX *a);" -.Ip "char *\fBSSL_CTX_get_app_data\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IP "char *\fBSSL_CTX_get_app_data\fR(\s-1SSL_CTX\s0 *ctx);" 4 .IX Item "char *SSL_CTX_get_app_data(SSL_CTX *ctx);" -.Ip "X509_STORE *\fBSSL_CTX_get_cert_store\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IP "X509_STORE *\fBSSL_CTX_get_cert_store\fR(\s-1SSL_CTX\s0 *ctx);" 4 .IX Item "X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *ctx);" -.Ip "\s-1STACK\s0 *\fBSSL_CTX_get_client_CA_list\fR(\s-1SSL_CTX\s0 *ctx);" 4 -.IX Item "STACK *SSL_CTX_get_client_CA_list(SSL_CTX *ctx);" -.Ip "int (*\fBSSL_CTX_get_client_cert_cb\fR(\s-1SSL_CTX\s0 *ctx))(\s-1SSL\s0 *ssl, X509 **x509, \s-1EVP_PKEY\s0 **pkey);" 4 +.IP "\s-1STACK\s0 *\fBSSL_CTX_get_client_CA_list\fR(const \s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "STACK *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx);" +.IP "int (*\fBSSL_CTX_get_client_cert_cb\fR(\s-1SSL_CTX\s0 *ctx))(\s-1SSL\s0 *ssl, X509 **x509, \s-1EVP_PKEY\s0 **pkey);" 4 .IX Item "int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);" -.Ip "char *\fBSSL_CTX_get_ex_data\fR(\s-1SSL_CTX\s0 *s, int idx);" 4 -.IX Item "char *SSL_CTX_get_ex_data(SSL_CTX *s, int idx);" -.Ip "int \fBSSL_CTX_get_ex_new_index\fR(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" 4 +.IP "char *\fBSSL_CTX_get_ex_data\fR(const \s-1SSL_CTX\s0 *s, int idx);" 4 +.IX Item "char *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx);" +.IP "int \fBSSL_CTX_get_ex_new_index\fR(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" 4 .IX Item "int SSL_CTX_get_ex_new_index(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" -.Ip "void (*\fBSSL_CTX_get_info_callback\fR(\s-1SSL_CTX\s0 *ctx))(\s-1SSL\s0 *ssl, int cb, int ret);" 4 +.IP "void (*\fBSSL_CTX_get_info_callback\fR(\s-1SSL_CTX\s0 *ctx))(\s-1SSL\s0 *ssl, int cb, int ret);" 4 .IX Item "void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(SSL *ssl, int cb, int ret);" -.Ip "int \fBSSL_CTX_get_quiet_shutdown\fR(\s-1SSL_CTX\s0 *ctx);" 4 -.IX Item "int SSL_CTX_get_quiet_shutdown(SSL_CTX *ctx);" -.Ip "int \fBSSL_CTX_get_session_cache_mode\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IP "int \fBSSL_CTX_get_quiet_shutdown\fR(const \s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);" +.IP "int \fBSSL_CTX_get_session_cache_mode\fR(\s-1SSL_CTX\s0 *ctx);" 4 .IX Item "int SSL_CTX_get_session_cache_mode(SSL_CTX *ctx);" -.Ip "long \fBSSL_CTX_get_timeout\fR(\s-1SSL_CTX\s0 *ctx);" 4 -.IX Item "long SSL_CTX_get_timeout(SSL_CTX *ctx);" -.Ip "int (*\fBSSL_CTX_get_verify_callback\fR(\s-1SSL_CTX\s0 *ctx))(int ok, X509_STORE_CTX *ctx);" 4 -.IX Item "int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(int ok, X509_STORE_CTX *ctx);" -.Ip "int \fBSSL_CTX_get_verify_mode\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IP "long \fBSSL_CTX_get_timeout\fR(const \s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "long SSL_CTX_get_timeout(const SSL_CTX *ctx);" +.IP "int (*\fBSSL_CTX_get_verify_callback\fR(const \s-1SSL_CTX\s0 *ctx))(int ok, X509_STORE_CTX *ctx);" 4 +.IX Item "int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int ok, X509_STORE_CTX *ctx);" +.IP "int \fBSSL_CTX_get_verify_mode\fR(\s-1SSL_CTX\s0 *ctx);" 4 .IX Item "int SSL_CTX_get_verify_mode(SSL_CTX *ctx);" -.Ip "int \fBSSL_CTX_load_verify_locations\fR(\s-1SSL_CTX\s0 *ctx, char *CAfile, char *CApath);" 4 +.IP "int \fBSSL_CTX_load_verify_locations\fR(\s-1SSL_CTX\s0 *ctx, char *CAfile, char *CApath);" 4 .IX Item "int SSL_CTX_load_verify_locations(SSL_CTX *ctx, char *CAfile, char *CApath);" -.Ip "long \fBSSL_CTX_need_tmp_RSA\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IP "long \fBSSL_CTX_need_tmp_RSA\fR(\s-1SSL_CTX\s0 *ctx);" 4 .IX Item "long SSL_CTX_need_tmp_RSA(SSL_CTX *ctx);" -.Ip "\s-1SSL_CTX\s0 *\fBSSL_CTX_new\fR(\s-1SSL_METHOD\s0 *meth);" 4 +.IP "\s-1SSL_CTX\s0 *\fBSSL_CTX_new\fR(\s-1SSL_METHOD\s0 *meth);" 4 .IX Item "SSL_CTX *SSL_CTX_new(SSL_METHOD *meth);" -.Ip "int \fBSSL_CTX_remove_session\fR(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *c);" 4 +.IP "int \fBSSL_CTX_remove_session\fR(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *c);" 4 .IX Item "int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c);" -.Ip "int \fBSSL_CTX_sess_accept\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IP "int \fBSSL_CTX_sess_accept\fR(\s-1SSL_CTX\s0 *ctx);" 4 .IX Item "int SSL_CTX_sess_accept(SSL_CTX *ctx);" -.Ip "int \fBSSL_CTX_sess_accept_good\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IP "int \fBSSL_CTX_sess_accept_good\fR(\s-1SSL_CTX\s0 *ctx);" 4 .IX Item "int SSL_CTX_sess_accept_good(SSL_CTX *ctx);" -.Ip "int \fBSSL_CTX_sess_accept_renegotiate\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IP "int \fBSSL_CTX_sess_accept_renegotiate\fR(\s-1SSL_CTX\s0 *ctx);" 4 .IX Item "int SSL_CTX_sess_accept_renegotiate(SSL_CTX *ctx);" -.Ip "int \fBSSL_CTX_sess_cache_full\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IP "int \fBSSL_CTX_sess_cache_full\fR(\s-1SSL_CTX\s0 *ctx);" 4 .IX Item "int SSL_CTX_sess_cache_full(SSL_CTX *ctx);" -.Ip "int \fBSSL_CTX_sess_cb_hits\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IP "int \fBSSL_CTX_sess_cb_hits\fR(\s-1SSL_CTX\s0 *ctx);" 4 .IX Item "int SSL_CTX_sess_cb_hits(SSL_CTX *ctx);" -.Ip "int \fBSSL_CTX_sess_connect\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IP "int \fBSSL_CTX_sess_connect\fR(\s-1SSL_CTX\s0 *ctx);" 4 .IX Item "int SSL_CTX_sess_connect(SSL_CTX *ctx);" -.Ip "int \fBSSL_CTX_sess_connect_good\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IP "int \fBSSL_CTX_sess_connect_good\fR(\s-1SSL_CTX\s0 *ctx);" 4 .IX Item "int SSL_CTX_sess_connect_good(SSL_CTX *ctx);" -.Ip "int \fBSSL_CTX_sess_connect_renegotiate\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IP "int \fBSSL_CTX_sess_connect_renegotiate\fR(\s-1SSL_CTX\s0 *ctx);" 4 .IX Item "int SSL_CTX_sess_connect_renegotiate(SSL_CTX *ctx);" -.Ip "int \fBSSL_CTX_sess_get_cache_size\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IP "int \fBSSL_CTX_sess_get_cache_size\fR(\s-1SSL_CTX\s0 *ctx);" 4 .IX Item "int SSL_CTX_sess_get_cache_size(SSL_CTX *ctx);" -.Ip "\s-1SSL_SESSION\s0 *(*\fBSSL_CTX_sess_get_get_cb\fR(\s-1SSL_CTX\s0 *ctx))(\s-1SSL\s0 *ssl, unsigned char *data, int len, int *copy);" 4 +.IP "\s-1SSL_SESSION\s0 *(*\fBSSL_CTX_sess_get_get_cb\fR(\s-1SSL_CTX\s0 *ctx))(\s-1SSL\s0 *ssl, unsigned char *data, int len, int *copy);" 4 .IX Item "SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, unsigned char *data, int len, int *copy);" -.Ip "int (*\fBSSL_CTX_sess_get_new_cb\fR(\s-1SSL_CTX\s0 *ctx)(\s-1SSL\s0 *ssl, \s-1SSL_SESSION\s0 *sess);" 4 +.IP "int (*\fBSSL_CTX_sess_get_new_cb\fR(\s-1SSL_CTX\s0 *ctx)(\s-1SSL\s0 *ssl, \s-1SSL_SESSION\s0 *sess);" 4 .IX Item "int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)(SSL *ssl, SSL_SESSION *sess);" -.Ip "void (*\fBSSL_CTX_sess_get_remove_cb\fR(\s-1SSL_CTX\s0 *ctx)(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *sess);" 4 +.IP "void (*\fBSSL_CTX_sess_get_remove_cb\fR(\s-1SSL_CTX\s0 *ctx)(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *sess);" 4 .IX Item "void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)(SSL_CTX *ctx, SSL_SESSION *sess);" -.Ip "int \fBSSL_CTX_sess_hits\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IP "int \fBSSL_CTX_sess_hits\fR(\s-1SSL_CTX\s0 *ctx);" 4 .IX Item "int SSL_CTX_sess_hits(SSL_CTX *ctx);" -.Ip "int \fBSSL_CTX_sess_misses\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IP "int \fBSSL_CTX_sess_misses\fR(\s-1SSL_CTX\s0 *ctx);" 4 .IX Item "int SSL_CTX_sess_misses(SSL_CTX *ctx);" -.Ip "int \fBSSL_CTX_sess_number\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IP "int \fBSSL_CTX_sess_number\fR(\s-1SSL_CTX\s0 *ctx);" 4 .IX Item "int SSL_CTX_sess_number(SSL_CTX *ctx);" -.Ip "void \fBSSL_CTX_sess_set_cache_size\fR(\s-1SSL_CTX\s0 *ctx,t);" 4 +.IP "void \fBSSL_CTX_sess_set_cache_size\fR(\s-1SSL_CTX\s0 *ctx,t);" 4 .IX Item "void SSL_CTX_sess_set_cache_size(SSL_CTX *ctx,t);" -.Ip "void \fBSSL_CTX_sess_set_get_cb\fR(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *(*cb)(\s-1SSL\s0 *ssl, unsigned char *data, int len, int *copy));" 4 +.IP "void \fBSSL_CTX_sess_set_get_cb\fR(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *(*cb)(\s-1SSL\s0 *ssl, unsigned char *data, int len, int *copy));" 4 .IX Item "void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*cb)(SSL *ssl, unsigned char *data, int len, int *copy));" -.Ip "void \fBSSL_CTX_sess_set_new_cb\fR(\s-1SSL_CTX\s0 *ctx, int (*cb)(\s-1SSL\s0 *ssl, \s-1SSL_SESSION\s0 *sess));" 4 +.IP "void \fBSSL_CTX_sess_set_new_cb\fR(\s-1SSL_CTX\s0 *ctx, int (*cb)(\s-1SSL\s0 *ssl, \s-1SSL_SESSION\s0 *sess));" 4 .IX Item "void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, SSL_SESSION *sess));" -.Ip "void \fBSSL_CTX_sess_set_remove_cb\fR(\s-1SSL_CTX\s0 *ctx, void (*cb)(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *sess));" 4 +.IP "void \fBSSL_CTX_sess_set_remove_cb\fR(\s-1SSL_CTX\s0 *ctx, void (*cb)(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *sess));" 4 .IX Item "void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess));" -.Ip "int \fBSSL_CTX_sess_timeouts\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IP "int \fBSSL_CTX_sess_timeouts\fR(\s-1SSL_CTX\s0 *ctx);" 4 .IX Item "int SSL_CTX_sess_timeouts(SSL_CTX *ctx);" -.Ip "\s-1LHASH\s0 *\fBSSL_CTX_sessions\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IP "\s-1LHASH\s0 *\fBSSL_CTX_sessions\fR(\s-1SSL_CTX\s0 *ctx);" 4 .IX Item "LHASH *SSL_CTX_sessions(SSL_CTX *ctx);" -.Ip "void \fBSSL_CTX_set_app_data\fR(\s-1SSL_CTX\s0 *ctx, void *arg);" 4 +.IP "void \fBSSL_CTX_set_app_data\fR(\s-1SSL_CTX\s0 *ctx, void *arg);" 4 .IX Item "void SSL_CTX_set_app_data(SSL_CTX *ctx, void *arg);" -.Ip "void \fBSSL_CTX_set_cert_store\fR(\s-1SSL_CTX\s0 *ctx, X509_STORE *cs);" 4 +.IP "void \fBSSL_CTX_set_cert_store\fR(\s-1SSL_CTX\s0 *ctx, X509_STORE *cs);" 4 .IX Item "void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *cs);" -.Ip "void \fBSSL_CTX_set_cert_verify_cb\fR(\s-1SSL_CTX\s0 *ctx, int (*cb)(), char *arg)" 4 +.IP "void \fBSSL_CTX_set_cert_verify_cb\fR(\s-1SSL_CTX\s0 *ctx, int (*cb)(), char *arg)" 4 .IX Item "void SSL_CTX_set_cert_verify_cb(SSL_CTX *ctx, int (*cb)(), char *arg)" -.Ip "int \fBSSL_CTX_set_cipher_list\fR(\s-1SSL_CTX\s0 *ctx, char *str);" 4 +.IP "int \fBSSL_CTX_set_cipher_list\fR(\s-1SSL_CTX\s0 *ctx, char *str);" 4 .IX Item "int SSL_CTX_set_cipher_list(SSL_CTX *ctx, char *str);" -.Ip "void \fBSSL_CTX_set_client_CA_list\fR(\s-1SSL_CTX\s0 *ctx, \s-1STACK\s0 *list);" 4 +.IP "void \fBSSL_CTX_set_client_CA_list\fR(\s-1SSL_CTX\s0 *ctx, \s-1STACK\s0 *list);" 4 .IX Item "void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK *list);" -.Ip "void \fBSSL_CTX_set_client_cert_cb\fR(\s-1SSL_CTX\s0 *ctx, int (*cb)(\s-1SSL\s0 *ssl, X509 **x509, \s-1EVP_PKEY\s0 **pkey));" 4 +.IP "void \fBSSL_CTX_set_client_cert_cb\fR(\s-1SSL_CTX\s0 *ctx, int (*cb)(\s-1SSL\s0 *ssl, X509 **x509, \s-1EVP_PKEY\s0 **pkey));" 4 .IX Item "void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));" -.Ip "void \fBSSL_CTX_set_default_passwd_cb\fR(\s-1SSL_CTX\s0 *ctx, int (*cb);(void))" 4 +.IP "void \fBSSL_CTX_set_default_passwd_cb\fR(\s-1SSL_CTX\s0 *ctx, int (*cb);(void))" 4 .IX Item "void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, int (*cb);(void))" -.Ip "void \fBSSL_CTX_set_default_read_ahead\fR(\s-1SSL_CTX\s0 *ctx, int m);" 4 +.IP "void \fBSSL_CTX_set_default_read_ahead\fR(\s-1SSL_CTX\s0 *ctx, int m);" 4 .IX Item "void SSL_CTX_set_default_read_ahead(SSL_CTX *ctx, int m);" -.Ip "int \fBSSL_CTX_set_default_verify_paths\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IP "int \fBSSL_CTX_set_default_verify_paths\fR(\s-1SSL_CTX\s0 *ctx);" 4 .IX Item "int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);" -.Ip "int \fBSSL_CTX_set_ex_data\fR(\s-1SSL_CTX\s0 *s, int idx, char *arg);" 4 +.IP "int \fBSSL_CTX_set_ex_data\fR(\s-1SSL_CTX\s0 *s, int idx, char *arg);" 4 .IX Item "int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, char *arg);" -.Ip "void \fBSSL_CTX_set_info_callback\fR(\s-1SSL_CTX\s0 *ctx, void (*cb)(\s-1SSL\s0 *ssl, int cb, int ret));" 4 +.IP "void \fBSSL_CTX_set_info_callback\fR(\s-1SSL_CTX\s0 *ctx, void (*cb)(\s-1SSL\s0 *ssl, int cb, int ret));" 4 .IX Item "void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(SSL *ssl, int cb, int ret));" -.Ip "void \fBSSL_CTX_set_msg_callback\fR(\s-1SSL_CTX\s0 *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, \s-1SSL\s0 *ssl, void *arg));" 4 +.IP "void \fBSSL_CTX_set_msg_callback\fR(\s-1SSL_CTX\s0 *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, \s-1SSL\s0 *ssl, void *arg));" 4 .IX Item "void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));" -.Ip "void \fBSSL_CTX_set_msg_callback_arg\fR(\s-1SSL_CTX\s0 *ctx, void *arg);" 4 +.IP "void \fBSSL_CTX_set_msg_callback_arg\fR(\s-1SSL_CTX\s0 *ctx, void *arg);" 4 .IX Item "void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg);" -.Ip "void \fBSSL_CTX_set_options\fR(\s-1SSL_CTX\s0 *ctx, unsigned long op);" 4 +.IP "void \fBSSL_CTX_set_options\fR(\s-1SSL_CTX\s0 *ctx, unsigned long op);" 4 .IX Item "void SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op);" -.Ip "void \fBSSL_CTX_set_quiet_shutdown\fR(\s-1SSL_CTX\s0 *ctx, int mode);" 4 +.IP "void \fBSSL_CTX_set_quiet_shutdown\fR(\s-1SSL_CTX\s0 *ctx, int mode);" 4 .IX Item "void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode);" -.Ip "void \fBSSL_CTX_set_session_cache_mode\fR(\s-1SSL_CTX\s0 *ctx, int mode);" 4 +.IP "void \fBSSL_CTX_set_session_cache_mode\fR(\s-1SSL_CTX\s0 *ctx, int mode);" 4 .IX Item "void SSL_CTX_set_session_cache_mode(SSL_CTX *ctx, int mode);" -.Ip "int \fBSSL_CTX_set_ssl_version\fR(\s-1SSL_CTX\s0 *ctx, \s-1SSL_METHOD\s0 *meth);" 4 +.IP "int \fBSSL_CTX_set_ssl_version\fR(\s-1SSL_CTX\s0 *ctx, \s-1SSL_METHOD\s0 *meth);" 4 .IX Item "int SSL_CTX_set_ssl_version(SSL_CTX *ctx, SSL_METHOD *meth);" -.Ip "void \fBSSL_CTX_set_timeout\fR(\s-1SSL_CTX\s0 *ctx, long t);" 4 +.IP "void \fBSSL_CTX_set_timeout\fR(\s-1SSL_CTX\s0 *ctx, long t);" 4 .IX Item "void SSL_CTX_set_timeout(SSL_CTX *ctx, long t);" -.Ip "long \fBSSL_CTX_set_tmp_dh\fR(SSL_CTX* ctx, \s-1DH\s0 *dh);" 4 +.IP "long \fBSSL_CTX_set_tmp_dh\fR(SSL_CTX* ctx, \s-1DH\s0 *dh);" 4 .IX Item "long SSL_CTX_set_tmp_dh(SSL_CTX* ctx, DH *dh);" -.Ip "long \fBSSL_CTX_set_tmp_dh_callback\fR(\s-1SSL_CTX\s0 *ctx, \s-1DH\s0 *(*cb)(void));" 4 +.IP "long \fBSSL_CTX_set_tmp_dh_callback\fR(\s-1SSL_CTX\s0 *ctx, \s-1DH\s0 *(*cb)(void));" 4 .IX Item "long SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*cb)(void));" -.Ip "long \fBSSL_CTX_set_tmp_rsa\fR(\s-1SSL_CTX\s0 *ctx, \s-1RSA\s0 *rsa);" 4 +.IP "long \fBSSL_CTX_set_tmp_rsa\fR(\s-1SSL_CTX\s0 *ctx, \s-1RSA\s0 *rsa);" 4 .IX Item "long SSL_CTX_set_tmp_rsa(SSL_CTX *ctx, RSA *rsa);" -.Ip "SSL_CTX_set_tmp_rsa_callback" 4 +.IP "SSL_CTX_set_tmp_rsa_callback" 4 .IX Item "SSL_CTX_set_tmp_rsa_callback" .PD \&\f(CW\*(C`long \f(CBSSL_CTX_set_tmp_rsa_callback\f(CW(SSL_CTX *\f(CBctx\f(CW, RSA *(*\f(CBcb\f(CW)(SSL *\f(CBssl\f(CW, int \f(CBexport\f(CW, int \f(CBkeylength\f(CW));\*(C'\fR @@ -436,379 +426,379 @@ required. The \fB\f(CB\*(C`export\*(C'\fB\fR flag will be set if the reason for a temp key is that an export ciphersuite is in use, in which case, \&\fB\f(CB\*(C`keylength\*(C'\fB\fR will contain the required keylength in bits. Generate a key of appropriate size (using ???) and return it. -.Ip "SSL_set_tmp_rsa_callback" 4 +.IP "SSL_set_tmp_rsa_callback" 4 .IX Item "SSL_set_tmp_rsa_callback" long \fBSSL_set_tmp_rsa_callback\fR(\s-1SSL\s0 *ssl, \s-1RSA\s0 *(*cb)(\s-1SSL\s0 *ssl, int export, int keylength)); .Sp The same as \fBSSL_CTX_set_tmp_rsa_callback\fR, except it operates on an \s-1SSL\s0 session instead of a context. -.Ip "void \fBSSL_CTX_set_verify\fR(\s-1SSL_CTX\s0 *ctx, int mode, int (*cb);(void))" 4 +.IP "void \fBSSL_CTX_set_verify\fR(\s-1SSL_CTX\s0 *ctx, int mode, int (*cb);(void))" 4 .IX Item "void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*cb);(void))" .PD 0 -.Ip "int \fBSSL_CTX_use_PrivateKey\fR(\s-1SSL_CTX\s0 *ctx, \s-1EVP_PKEY\s0 *pkey);" 4 +.IP "int \fBSSL_CTX_use_PrivateKey\fR(\s-1SSL_CTX\s0 *ctx, \s-1EVP_PKEY\s0 *pkey);" 4 .IX Item "int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);" -.Ip "int \fBSSL_CTX_use_PrivateKey_ASN1\fR(int type, \s-1SSL_CTX\s0 *ctx, unsigned char *d, long len);" 4 +.IP "int \fBSSL_CTX_use_PrivateKey_ASN1\fR(int type, \s-1SSL_CTX\s0 *ctx, unsigned char *d, long len);" 4 .IX Item "int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, unsigned char *d, long len);" -.Ip "int \fBSSL_CTX_use_PrivateKey_file\fR(\s-1SSL_CTX\s0 *ctx, char *file, int type);" 4 +.IP "int \fBSSL_CTX_use_PrivateKey_file\fR(\s-1SSL_CTX\s0 *ctx, char *file, int type);" 4 .IX Item "int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, char *file, int type);" -.Ip "int \fBSSL_CTX_use_RSAPrivateKey\fR(\s-1SSL_CTX\s0 *ctx, \s-1RSA\s0 *rsa);" 4 +.IP "int \fBSSL_CTX_use_RSAPrivateKey\fR(\s-1SSL_CTX\s0 *ctx, \s-1RSA\s0 *rsa);" 4 .IX Item "int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);" -.Ip "int \fBSSL_CTX_use_RSAPrivateKey_ASN1\fR(\s-1SSL_CTX\s0 *ctx, unsigned char *d, long len);" 4 +.IP "int \fBSSL_CTX_use_RSAPrivateKey_ASN1\fR(\s-1SSL_CTX\s0 *ctx, unsigned char *d, long len);" 4 .IX Item "int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len);" -.Ip "int \fBSSL_CTX_use_RSAPrivateKey_file\fR(\s-1SSL_CTX\s0 *ctx, char *file, int type);" 4 +.IP "int \fBSSL_CTX_use_RSAPrivateKey_file\fR(\s-1SSL_CTX\s0 *ctx, char *file, int type);" 4 .IX Item "int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, char *file, int type);" -.Ip "int \fBSSL_CTX_use_certificate\fR(\s-1SSL_CTX\s0 *ctx, X509 *x);" 4 +.IP "int \fBSSL_CTX_use_certificate\fR(\s-1SSL_CTX\s0 *ctx, X509 *x);" 4 .IX Item "int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);" -.Ip "int \fBSSL_CTX_use_certificate_ASN1\fR(\s-1SSL_CTX\s0 *ctx, int len, unsigned char *d);" 4 +.IP "int \fBSSL_CTX_use_certificate_ASN1\fR(\s-1SSL_CTX\s0 *ctx, int len, unsigned char *d);" 4 .IX Item "int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d);" -.Ip "int \fBSSL_CTX_use_certificate_file\fR(\s-1SSL_CTX\s0 *ctx, char *file, int type);" 4 +.IP "int \fBSSL_CTX_use_certificate_file\fR(\s-1SSL_CTX\s0 *ctx, char *file, int type);" 4 .IX Item "int SSL_CTX_use_certificate_file(SSL_CTX *ctx, char *file, int type);" .PD .Sh "\s-1DEALING\s0 \s-1WITH\s0 \s-1SESSIONS\s0" .IX Subsection "DEALING WITH SESSIONS" Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 sessions defined in the \fB\s-1SSL_SESSION\s0\fR structures. -.Ip "int \fBSSL_SESSION_cmp\fR(\s-1SSL_SESSION\s0 *a, \s-1SSL_SESSION\s0 *b);" 4 -.IX Item "int SSL_SESSION_cmp(SSL_SESSION *a, SSL_SESSION *b);" +.IP "int \fBSSL_SESSION_cmp\fR(const \s-1SSL_SESSION\s0 *a, const \s-1SSL_SESSION\s0 *b);" 4 +.IX Item "int SSL_SESSION_cmp(const SSL_SESSION *a, const SSL_SESSION *b);" .PD 0 -.Ip "void \fBSSL_SESSION_free\fR(\s-1SSL_SESSION\s0 *ss);" 4 +.IP "void \fBSSL_SESSION_free\fR(\s-1SSL_SESSION\s0 *ss);" 4 .IX Item "void SSL_SESSION_free(SSL_SESSION *ss);" -.Ip "char *\fBSSL_SESSION_get_app_data\fR(\s-1SSL_SESSION\s0 *s);" 4 +.IP "char *\fBSSL_SESSION_get_app_data\fR(\s-1SSL_SESSION\s0 *s);" 4 .IX Item "char *SSL_SESSION_get_app_data(SSL_SESSION *s);" -.Ip "char *\fBSSL_SESSION_get_ex_data\fR(\s-1SSL_SESSION\s0 *s, int idx);" 4 -.IX Item "char *SSL_SESSION_get_ex_data(SSL_SESSION *s, int idx);" -.Ip "int \fBSSL_SESSION_get_ex_new_index\fR(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" 4 +.IP "char *\fBSSL_SESSION_get_ex_data\fR(const \s-1SSL_SESSION\s0 *s, int idx);" 4 +.IX Item "char *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx);" +.IP "int \fBSSL_SESSION_get_ex_new_index\fR(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" 4 .IX Item "int SSL_SESSION_get_ex_new_index(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" -.Ip "long \fBSSL_SESSION_get_time\fR(\s-1SSL_SESSION\s0 *s);" 4 -.IX Item "long SSL_SESSION_get_time(SSL_SESSION *s);" -.Ip "long \fBSSL_SESSION_get_timeout\fR(\s-1SSL_SESSION\s0 *s);" 4 -.IX Item "long SSL_SESSION_get_timeout(SSL_SESSION *s);" -.Ip "unsigned long \fBSSL_SESSION_hash\fR(\s-1SSL_SESSION\s0 *a);" 4 -.IX Item "unsigned long SSL_SESSION_hash(SSL_SESSION *a);" -.Ip "\s-1SSL_SESSION\s0 *\fBSSL_SESSION_new\fR(void);" 4 +.IP "long \fBSSL_SESSION_get_time\fR(const \s-1SSL_SESSION\s0 *s);" 4 +.IX Item "long SSL_SESSION_get_time(const SSL_SESSION *s);" +.IP "long \fBSSL_SESSION_get_timeout\fR(const \s-1SSL_SESSION\s0 *s);" 4 +.IX Item "long SSL_SESSION_get_timeout(const SSL_SESSION *s);" +.IP "unsigned long \fBSSL_SESSION_hash\fR(const \s-1SSL_SESSION\s0 *a);" 4 +.IX Item "unsigned long SSL_SESSION_hash(const SSL_SESSION *a);" +.IP "\s-1SSL_SESSION\s0 *\fBSSL_SESSION_new\fR(void);" 4 .IX Item "SSL_SESSION *SSL_SESSION_new(void);" -.Ip "int \fBSSL_SESSION_print\fR(\s-1BIO\s0 *bp, \s-1SSL_SESSION\s0 *x);" 4 -.IX Item "int SSL_SESSION_print(BIO *bp, SSL_SESSION *x);" -.Ip "int \fBSSL_SESSION_print_fp\fR(\s-1FILE\s0 *fp, \s-1SSL_SESSION\s0 *x);" 4 -.IX Item "int SSL_SESSION_print_fp(FILE *fp, SSL_SESSION *x);" -.Ip "void \fBSSL_SESSION_set_app_data\fR(\s-1SSL_SESSION\s0 *s, char *a);" 4 +.IP "int \fBSSL_SESSION_print\fR(\s-1BIO\s0 *bp, const \s-1SSL_SESSION\s0 *x);" 4 +.IX Item "int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x);" +.IP "int \fBSSL_SESSION_print_fp\fR(\s-1FILE\s0 *fp, const \s-1SSL_SESSION\s0 *x);" 4 +.IX Item "int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x);" +.IP "void \fBSSL_SESSION_set_app_data\fR(\s-1SSL_SESSION\s0 *s, char *a);" 4 .IX Item "void SSL_SESSION_set_app_data(SSL_SESSION *s, char *a);" -.Ip "int \fBSSL_SESSION_set_ex_data\fR(\s-1SSL_SESSION\s0 *s, int idx, char *arg);" 4 +.IP "int \fBSSL_SESSION_set_ex_data\fR(\s-1SSL_SESSION\s0 *s, int idx, char *arg);" 4 .IX Item "int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, char *arg);" -.Ip "long \fBSSL_SESSION_set_time\fR(\s-1SSL_SESSION\s0 *s, long t);" 4 +.IP "long \fBSSL_SESSION_set_time\fR(\s-1SSL_SESSION\s0 *s, long t);" 4 .IX Item "long SSL_SESSION_set_time(SSL_SESSION *s, long t);" -.Ip "long \fBSSL_SESSION_set_timeout\fR(\s-1SSL_SESSION\s0 *s, long t);" 4 +.IP "long \fBSSL_SESSION_set_timeout\fR(\s-1SSL_SESSION\s0 *s, long t);" 4 .IX Item "long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);" .PD .Sh "\s-1DEALING\s0 \s-1WITH\s0 \s-1CONNECTIONS\s0" .IX Subsection "DEALING WITH CONNECTIONS" Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 connection defined in the \fB\s-1SSL\s0\fR structure. -.Ip "int \fBSSL_accept\fR(\s-1SSL\s0 *ssl);" 4 +.IP "int \fBSSL_accept\fR(\s-1SSL\s0 *ssl);" 4 .IX Item "int SSL_accept(SSL *ssl);" .PD 0 -.Ip "int \fBSSL_add_dir_cert_subjects_to_stack\fR(\s-1STACK\s0 *stack, const char *dir);" 4 +.IP "int \fBSSL_add_dir_cert_subjects_to_stack\fR(\s-1STACK\s0 *stack, const char *dir);" 4 .IX Item "int SSL_add_dir_cert_subjects_to_stack(STACK *stack, const char *dir);" -.Ip "int \fBSSL_add_file_cert_subjects_to_stack\fR(\s-1STACK\s0 *stack, const char *file);" 4 +.IP "int \fBSSL_add_file_cert_subjects_to_stack\fR(\s-1STACK\s0 *stack, const char *file);" 4 .IX Item "int SSL_add_file_cert_subjects_to_stack(STACK *stack, const char *file);" -.Ip "int \fBSSL_add_client_CA\fR(\s-1SSL\s0 *ssl, X509 *x);" 4 +.IP "int \fBSSL_add_client_CA\fR(\s-1SSL\s0 *ssl, X509 *x);" 4 .IX Item "int SSL_add_client_CA(SSL *ssl, X509 *x);" -.Ip "char *\fBSSL_alert_desc_string\fR(int value);" 4 +.IP "char *\fBSSL_alert_desc_string\fR(int value);" 4 .IX Item "char *SSL_alert_desc_string(int value);" -.Ip "char *\fBSSL_alert_desc_string_long\fR(int value);" 4 +.IP "char *\fBSSL_alert_desc_string_long\fR(int value);" 4 .IX Item "char *SSL_alert_desc_string_long(int value);" -.Ip "char *\fBSSL_alert_type_string\fR(int value);" 4 +.IP "char *\fBSSL_alert_type_string\fR(int value);" 4 .IX Item "char *SSL_alert_type_string(int value);" -.Ip "char *\fBSSL_alert_type_string_long\fR(int value);" 4 +.IP "char *\fBSSL_alert_type_string_long\fR(int value);" 4 .IX Item "char *SSL_alert_type_string_long(int value);" -.Ip "int \fBSSL_check_private_key\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_check_private_key(SSL *ssl);" -.Ip "void \fBSSL_clear\fR(\s-1SSL\s0 *ssl);" 4 +.IP "int \fBSSL_check_private_key\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_check_private_key(const SSL *ssl);" +.IP "void \fBSSL_clear\fR(\s-1SSL\s0 *ssl);" 4 .IX Item "void SSL_clear(SSL *ssl);" -.Ip "long \fBSSL_clear_num_renegotiations\fR(\s-1SSL\s0 *ssl);" 4 +.IP "long \fBSSL_clear_num_renegotiations\fR(\s-1SSL\s0 *ssl);" 4 .IX Item "long SSL_clear_num_renegotiations(SSL *ssl);" -.Ip "int \fBSSL_connect\fR(\s-1SSL\s0 *ssl);" 4 +.IP "int \fBSSL_connect\fR(\s-1SSL\s0 *ssl);" 4 .IX Item "int SSL_connect(SSL *ssl);" -.Ip "void \fBSSL_copy_session_id\fR(\s-1SSL\s0 *t, \s-1SSL\s0 *f);" 4 -.IX Item "void SSL_copy_session_id(SSL *t, SSL *f);" -.Ip "long \fBSSL_ctrl\fR(\s-1SSL\s0 *ssl, int cmd, long larg, char *parg);" 4 +.IP "void \fBSSL_copy_session_id\fR(\s-1SSL\s0 *t, const \s-1SSL\s0 *f);" 4 +.IX Item "void SSL_copy_session_id(SSL *t, const SSL *f);" +.IP "long \fBSSL_ctrl\fR(\s-1SSL\s0 *ssl, int cmd, long larg, char *parg);" 4 .IX Item "long SSL_ctrl(SSL *ssl, int cmd, long larg, char *parg);" -.Ip "int \fBSSL_do_handshake\fR(\s-1SSL\s0 *ssl);" 4 +.IP "int \fBSSL_do_handshake\fR(\s-1SSL\s0 *ssl);" 4 .IX Item "int SSL_do_handshake(SSL *ssl);" -.Ip "\s-1SSL\s0 *\fBSSL_dup\fR(\s-1SSL\s0 *ssl);" 4 +.IP "\s-1SSL\s0 *\fBSSL_dup\fR(\s-1SSL\s0 *ssl);" 4 .IX Item "SSL *SSL_dup(SSL *ssl);" -.Ip "\s-1STACK\s0 *\fBSSL_dup_CA_list\fR(\s-1STACK\s0 *sk);" 4 +.IP "\s-1STACK\s0 *\fBSSL_dup_CA_list\fR(\s-1STACK\s0 *sk);" 4 .IX Item "STACK *SSL_dup_CA_list(STACK *sk);" -.Ip "void \fBSSL_free\fR(\s-1SSL\s0 *ssl);" 4 +.IP "void \fBSSL_free\fR(\s-1SSL\s0 *ssl);" 4 .IX Item "void SSL_free(SSL *ssl);" -.Ip "\s-1SSL_CTX\s0 *\fBSSL_get_SSL_CTX\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "SSL_CTX *SSL_get_SSL_CTX(SSL *ssl);" -.Ip "char *\fBSSL_get_app_data\fR(\s-1SSL\s0 *ssl);" 4 +.IP "\s-1SSL_CTX\s0 *\fBSSL_get_SSL_CTX\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);" +.IP "char *\fBSSL_get_app_data\fR(\s-1SSL\s0 *ssl);" 4 .IX Item "char *SSL_get_app_data(SSL *ssl);" -.Ip "X509 *\fBSSL_get_certificate\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "X509 *SSL_get_certificate(SSL *ssl);" -.Ip "const char *\fBSSL_get_cipher\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "const char *SSL_get_cipher(SSL *ssl);" -.Ip "int \fBSSL_get_cipher_bits\fR(\s-1SSL\s0 *ssl, int *alg_bits);" 4 -.IX Item "int SSL_get_cipher_bits(SSL *ssl, int *alg_bits);" -.Ip "char *\fBSSL_get_cipher_list\fR(\s-1SSL\s0 *ssl, int n);" 4 -.IX Item "char *SSL_get_cipher_list(SSL *ssl, int n);" -.Ip "char *\fBSSL_get_cipher_name\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "char *SSL_get_cipher_name(SSL *ssl);" -.Ip "char *\fBSSL_get_cipher_version\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "char *SSL_get_cipher_version(SSL *ssl);" -.Ip "\s-1STACK\s0 *\fBSSL_get_ciphers\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "STACK *SSL_get_ciphers(SSL *ssl);" -.Ip "\s-1STACK\s0 *\fBSSL_get_client_CA_list\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "STACK *SSL_get_client_CA_list(SSL *ssl);" -.Ip "\s-1SSL_CIPHER\s0 *\fBSSL_get_current_cipher\fR(\s-1SSL\s0 *ssl);" 4 +.IP "X509 *\fBSSL_get_certificate\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "X509 *SSL_get_certificate(const SSL *ssl);" +.IP "const char *\fBSSL_get_cipher\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "const char *SSL_get_cipher(const SSL *ssl);" +.IP "int \fBSSL_get_cipher_bits\fR(const \s-1SSL\s0 *ssl, int *alg_bits);" 4 +.IX Item "int SSL_get_cipher_bits(const SSL *ssl, int *alg_bits);" +.IP "char *\fBSSL_get_cipher_list\fR(const \s-1SSL\s0 *ssl, int n);" 4 +.IX Item "char *SSL_get_cipher_list(const SSL *ssl, int n);" +.IP "char *\fBSSL_get_cipher_name\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "char *SSL_get_cipher_name(const SSL *ssl);" +.IP "char *\fBSSL_get_cipher_version\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "char *SSL_get_cipher_version(const SSL *ssl);" +.IP "\s-1STACK\s0 *\fBSSL_get_ciphers\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "STACK *SSL_get_ciphers(const SSL *ssl);" +.IP "\s-1STACK\s0 *\fBSSL_get_client_CA_list\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "STACK *SSL_get_client_CA_list(const SSL *ssl);" +.IP "\s-1SSL_CIPHER\s0 *\fBSSL_get_current_cipher\fR(\s-1SSL\s0 *ssl);" 4 .IX Item "SSL_CIPHER *SSL_get_current_cipher(SSL *ssl);" -.Ip "long \fBSSL_get_default_timeout\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "long SSL_get_default_timeout(SSL *ssl);" -.Ip "int \fBSSL_get_error\fR(\s-1SSL\s0 *ssl, int i);" 4 -.IX Item "int SSL_get_error(SSL *ssl, int i);" -.Ip "char *\fBSSL_get_ex_data\fR(\s-1SSL\s0 *ssl, int idx);" 4 -.IX Item "char *SSL_get_ex_data(SSL *ssl, int idx);" -.Ip "int \fBSSL_get_ex_data_X509_STORE_CTX_idx\fR(void);" 4 +.IP "long \fBSSL_get_default_timeout\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "long SSL_get_default_timeout(const SSL *ssl);" +.IP "int \fBSSL_get_error\fR(const \s-1SSL\s0 *ssl, int i);" 4 +.IX Item "int SSL_get_error(const SSL *ssl, int i);" +.IP "char *\fBSSL_get_ex_data\fR(const \s-1SSL\s0 *ssl, int idx);" 4 +.IX Item "char *SSL_get_ex_data(const SSL *ssl, int idx);" +.IP "int \fBSSL_get_ex_data_X509_STORE_CTX_idx\fR(void);" 4 .IX Item "int SSL_get_ex_data_X509_STORE_CTX_idx(void);" -.Ip "int \fBSSL_get_ex_new_index\fR(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" 4 +.IP "int \fBSSL_get_ex_new_index\fR(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" 4 .IX Item "int SSL_get_ex_new_index(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" -.Ip "int \fBSSL_get_fd\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_get_fd(SSL *ssl);" -.Ip "void (*\fBSSL_get_info_callback\fR(\s-1SSL\s0 *ssl);)(void)" 4 -.IX Item "void (*SSL_get_info_callback(SSL *ssl);)(void)" -.Ip "\s-1STACK\s0 *\fBSSL_get_peer_cert_chain\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "STACK *SSL_get_peer_cert_chain(SSL *ssl);" -.Ip "X509 *\fBSSL_get_peer_certificate\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "X509 *SSL_get_peer_certificate(SSL *ssl);" -.Ip "\s-1EVP_PKEY\s0 *\fBSSL_get_privatekey\fR(\s-1SSL\s0 *ssl);" 4 +.IP "int \fBSSL_get_fd\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_get_fd(const SSL *ssl);" +.IP "void (*\fBSSL_get_info_callback\fR(const \s-1SSL\s0 *ssl);)()" 4 +.IX Item "void (*SSL_get_info_callback(const SSL *ssl);)()" +.IP "\s-1STACK\s0 *\fBSSL_get_peer_cert_chain\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "STACK *SSL_get_peer_cert_chain(const SSL *ssl);" +.IP "X509 *\fBSSL_get_peer_certificate\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "X509 *SSL_get_peer_certificate(const SSL *ssl);" +.IP "\s-1EVP_PKEY\s0 *\fBSSL_get_privatekey\fR(\s-1SSL\s0 *ssl);" 4 .IX Item "EVP_PKEY *SSL_get_privatekey(SSL *ssl);" -.Ip "int \fBSSL_get_quiet_shutdown\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_get_quiet_shutdown(SSL *ssl);" -.Ip "\s-1BIO\s0 *\fBSSL_get_rbio\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "BIO *SSL_get_rbio(SSL *ssl);" -.Ip "int \fBSSL_get_read_ahead\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_get_read_ahead(SSL *ssl);" -.Ip "\s-1SSL_SESSION\s0 *\fBSSL_get_session\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "SSL_SESSION *SSL_get_session(SSL *ssl);" -.Ip "char *\fBSSL_get_shared_ciphers\fR(\s-1SSL\s0 *ssl, char *buf, int len);" 4 -.IX Item "char *SSL_get_shared_ciphers(SSL *ssl, char *buf, int len);" -.Ip "int \fBSSL_get_shutdown\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_get_shutdown(SSL *ssl);" -.Ip "\s-1SSL_METHOD\s0 *\fBSSL_get_ssl_method\fR(\s-1SSL\s0 *ssl);" 4 +.IP "int \fBSSL_get_quiet_shutdown\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_get_quiet_shutdown(const SSL *ssl);" +.IP "\s-1BIO\s0 *\fBSSL_get_rbio\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "BIO *SSL_get_rbio(const SSL *ssl);" +.IP "int \fBSSL_get_read_ahead\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_get_read_ahead(const SSL *ssl);" +.IP "\s-1SSL_SESSION\s0 *\fBSSL_get_session\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "SSL_SESSION *SSL_get_session(const SSL *ssl);" +.IP "char *\fBSSL_get_shared_ciphers\fR(const \s-1SSL\s0 *ssl, char *buf, int len);" 4 +.IX Item "char *SSL_get_shared_ciphers(const SSL *ssl, char *buf, int len);" +.IP "int \fBSSL_get_shutdown\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_get_shutdown(const SSL *ssl);" +.IP "\s-1SSL_METHOD\s0 *\fBSSL_get_ssl_method\fR(\s-1SSL\s0 *ssl);" 4 .IX Item "SSL_METHOD *SSL_get_ssl_method(SSL *ssl);" -.Ip "int \fBSSL_get_state\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_get_state(SSL *ssl);" -.Ip "long \fBSSL_get_time\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "long SSL_get_time(SSL *ssl);" -.Ip "long \fBSSL_get_timeout\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "long SSL_get_timeout(SSL *ssl);" -.Ip "int (*\fBSSL_get_verify_callback\fR(\s-1SSL\s0 *ssl);)(void)" 4 -.IX Item "int (*SSL_get_verify_callback(SSL *ssl);)(void)" -.Ip "int \fBSSL_get_verify_mode\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_get_verify_mode(SSL *ssl);" -.Ip "long \fBSSL_get_verify_result\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "long SSL_get_verify_result(SSL *ssl);" -.Ip "char *\fBSSL_get_version\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "char *SSL_get_version(SSL *ssl);" -.Ip "\s-1BIO\s0 *\fBSSL_get_wbio\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "BIO *SSL_get_wbio(SSL *ssl);" -.Ip "int \fBSSL_in_accept_init\fR(\s-1SSL\s0 *ssl);" 4 +.IP "int \fBSSL_get_state\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_get_state(const SSL *ssl);" +.IP "long \fBSSL_get_time\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "long SSL_get_time(const SSL *ssl);" +.IP "long \fBSSL_get_timeout\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "long SSL_get_timeout(const SSL *ssl);" +.IP "int (*\fBSSL_get_verify_callback\fR(const \s-1SSL\s0 *ssl))(int,X509_STORE_CTX *)" 4 +.IX Item "int (*SSL_get_verify_callback(const SSL *ssl))(int,X509_STORE_CTX *)" +.IP "int \fBSSL_get_verify_mode\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_get_verify_mode(const SSL *ssl);" +.IP "long \fBSSL_get_verify_result\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "long SSL_get_verify_result(const SSL *ssl);" +.IP "char *\fBSSL_get_version\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "char *SSL_get_version(const SSL *ssl);" +.IP "\s-1BIO\s0 *\fBSSL_get_wbio\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "BIO *SSL_get_wbio(const SSL *ssl);" +.IP "int \fBSSL_in_accept_init\fR(\s-1SSL\s0 *ssl);" 4 .IX Item "int SSL_in_accept_init(SSL *ssl);" -.Ip "int \fBSSL_in_before\fR(\s-1SSL\s0 *ssl);" 4 +.IP "int \fBSSL_in_before\fR(\s-1SSL\s0 *ssl);" 4 .IX Item "int SSL_in_before(SSL *ssl);" -.Ip "int \fBSSL_in_connect_init\fR(\s-1SSL\s0 *ssl);" 4 +.IP "int \fBSSL_in_connect_init\fR(\s-1SSL\s0 *ssl);" 4 .IX Item "int SSL_in_connect_init(SSL *ssl);" -.Ip "int \fBSSL_in_init\fR(\s-1SSL\s0 *ssl);" 4 +.IP "int \fBSSL_in_init\fR(\s-1SSL\s0 *ssl);" 4 .IX Item "int SSL_in_init(SSL *ssl);" -.Ip "int \fBSSL_is_init_finished\fR(\s-1SSL\s0 *ssl);" 4 +.IP "int \fBSSL_is_init_finished\fR(\s-1SSL\s0 *ssl);" 4 .IX Item "int SSL_is_init_finished(SSL *ssl);" -.Ip "\s-1STACK\s0 *\fBSSL_load_client_CA_file\fR(char *file);" 4 +.IP "\s-1STACK\s0 *\fBSSL_load_client_CA_file\fR(char *file);" 4 .IX Item "STACK *SSL_load_client_CA_file(char *file);" -.Ip "void \fBSSL_load_error_strings\fR(void);" 4 +.IP "void \fBSSL_load_error_strings\fR(void);" 4 .IX Item "void SSL_load_error_strings(void);" -.Ip "\s-1SSL\s0 *\fBSSL_new\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IP "\s-1SSL\s0 *\fBSSL_new\fR(\s-1SSL_CTX\s0 *ctx);" 4 .IX Item "SSL *SSL_new(SSL_CTX *ctx);" -.Ip "long \fBSSL_num_renegotiations\fR(\s-1SSL\s0 *ssl);" 4 +.IP "long \fBSSL_num_renegotiations\fR(\s-1SSL\s0 *ssl);" 4 .IX Item "long SSL_num_renegotiations(SSL *ssl);" -.Ip "int \fBSSL_peek\fR(\s-1SSL\s0 *ssl, void *buf, int num);" 4 +.IP "int \fBSSL_peek\fR(\s-1SSL\s0 *ssl, void *buf, int num);" 4 .IX Item "int SSL_peek(SSL *ssl, void *buf, int num);" -.Ip "int \fBSSL_pending\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_pending(SSL *ssl);" -.Ip "int \fBSSL_read\fR(\s-1SSL\s0 *ssl, void *buf, int num);" 4 +.IP "int \fBSSL_pending\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_pending(const SSL *ssl);" +.IP "int \fBSSL_read\fR(\s-1SSL\s0 *ssl, void *buf, int num);" 4 .IX Item "int SSL_read(SSL *ssl, void *buf, int num);" -.Ip "int \fBSSL_renegotiate\fR(\s-1SSL\s0 *ssl);" 4 +.IP "int \fBSSL_renegotiate\fR(\s-1SSL\s0 *ssl);" 4 .IX Item "int SSL_renegotiate(SSL *ssl);" -.Ip "char *\fBSSL_rstate_string\fR(\s-1SSL\s0 *ssl);" 4 +.IP "char *\fBSSL_rstate_string\fR(\s-1SSL\s0 *ssl);" 4 .IX Item "char *SSL_rstate_string(SSL *ssl);" -.Ip "char *\fBSSL_rstate_string_long\fR(\s-1SSL\s0 *ssl);" 4 +.IP "char *\fBSSL_rstate_string_long\fR(\s-1SSL\s0 *ssl);" 4 .IX Item "char *SSL_rstate_string_long(SSL *ssl);" -.Ip "long \fBSSL_session_reused\fR(\s-1SSL\s0 *ssl);" 4 +.IP "long \fBSSL_session_reused\fR(\s-1SSL\s0 *ssl);" 4 .IX Item "long SSL_session_reused(SSL *ssl);" -.Ip "void \fBSSL_set_accept_state\fR(\s-1SSL\s0 *ssl);" 4 +.IP "void \fBSSL_set_accept_state\fR(\s-1SSL\s0 *ssl);" 4 .IX Item "void SSL_set_accept_state(SSL *ssl);" -.Ip "void \fBSSL_set_app_data\fR(\s-1SSL\s0 *ssl, char *arg);" 4 +.IP "void \fBSSL_set_app_data\fR(\s-1SSL\s0 *ssl, char *arg);" 4 .IX Item "void SSL_set_app_data(SSL *ssl, char *arg);" -.Ip "void \fBSSL_set_bio\fR(\s-1SSL\s0 *ssl, \s-1BIO\s0 *rbio, \s-1BIO\s0 *wbio);" 4 +.IP "void \fBSSL_set_bio\fR(\s-1SSL\s0 *ssl, \s-1BIO\s0 *rbio, \s-1BIO\s0 *wbio);" 4 .IX Item "void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio);" -.Ip "int \fBSSL_set_cipher_list\fR(\s-1SSL\s0 *ssl, char *str);" 4 +.IP "int \fBSSL_set_cipher_list\fR(\s-1SSL\s0 *ssl, char *str);" 4 .IX Item "int SSL_set_cipher_list(SSL *ssl, char *str);" -.Ip "void \fBSSL_set_client_CA_list\fR(\s-1SSL\s0 *ssl, \s-1STACK\s0 *list);" 4 +.IP "void \fBSSL_set_client_CA_list\fR(\s-1SSL\s0 *ssl, \s-1STACK\s0 *list);" 4 .IX Item "void SSL_set_client_CA_list(SSL *ssl, STACK *list);" -.Ip "void \fBSSL_set_connect_state\fR(\s-1SSL\s0 *ssl);" 4 +.IP "void \fBSSL_set_connect_state\fR(\s-1SSL\s0 *ssl);" 4 .IX Item "void SSL_set_connect_state(SSL *ssl);" -.Ip "int \fBSSL_set_ex_data\fR(\s-1SSL\s0 *ssl, int idx, char *arg);" 4 +.IP "int \fBSSL_set_ex_data\fR(\s-1SSL\s0 *ssl, int idx, char *arg);" 4 .IX Item "int SSL_set_ex_data(SSL *ssl, int idx, char *arg);" -.Ip "int \fBSSL_set_fd\fR(\s-1SSL\s0 *ssl, int fd);" 4 +.IP "int \fBSSL_set_fd\fR(\s-1SSL\s0 *ssl, int fd);" 4 .IX Item "int SSL_set_fd(SSL *ssl, int fd);" -.Ip "void \fBSSL_set_info_callback\fR(\s-1SSL\s0 *ssl, void (*cb);(void))" 4 +.IP "void \fBSSL_set_info_callback\fR(\s-1SSL\s0 *ssl, void (*cb);(void))" 4 .IX Item "void SSL_set_info_callback(SSL *ssl, void (*cb);(void))" -.Ip "void \fBSSL_set_msg_callback\fR(\s-1SSL\s0 *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, \s-1SSL\s0 *ssl, void *arg));" 4 +.IP "void \fBSSL_set_msg_callback\fR(\s-1SSL\s0 *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, \s-1SSL\s0 *ssl, void *arg));" 4 .IX Item "void SSL_set_msg_callback(SSL *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));" -.Ip "void \fBSSL_set_msg_callback_arg\fR(\s-1SSL\s0 *ctx, void *arg);" 4 +.IP "void \fBSSL_set_msg_callback_arg\fR(\s-1SSL\s0 *ctx, void *arg);" 4 .IX Item "void SSL_set_msg_callback_arg(SSL *ctx, void *arg);" -.Ip "void \fBSSL_set_options\fR(\s-1SSL\s0 *ssl, unsigned long op);" 4 +.IP "void \fBSSL_set_options\fR(\s-1SSL\s0 *ssl, unsigned long op);" 4 .IX Item "void SSL_set_options(SSL *ssl, unsigned long op);" -.Ip "void \fBSSL_set_quiet_shutdown\fR(\s-1SSL\s0 *ssl, int mode);" 4 +.IP "void \fBSSL_set_quiet_shutdown\fR(\s-1SSL\s0 *ssl, int mode);" 4 .IX Item "void SSL_set_quiet_shutdown(SSL *ssl, int mode);" -.Ip "void \fBSSL_set_read_ahead\fR(\s-1SSL\s0 *ssl, int yes);" 4 +.IP "void \fBSSL_set_read_ahead\fR(\s-1SSL\s0 *ssl, int yes);" 4 .IX Item "void SSL_set_read_ahead(SSL *ssl, int yes);" -.Ip "int \fBSSL_set_rfd\fR(\s-1SSL\s0 *ssl, int fd);" 4 +.IP "int \fBSSL_set_rfd\fR(\s-1SSL\s0 *ssl, int fd);" 4 .IX Item "int SSL_set_rfd(SSL *ssl, int fd);" -.Ip "int \fBSSL_set_session\fR(\s-1SSL\s0 *ssl, \s-1SSL_SESSION\s0 *session);" 4 +.IP "int \fBSSL_set_session\fR(\s-1SSL\s0 *ssl, \s-1SSL_SESSION\s0 *session);" 4 .IX Item "int SSL_set_session(SSL *ssl, SSL_SESSION *session);" -.Ip "void \fBSSL_set_shutdown\fR(\s-1SSL\s0 *ssl, int mode);" 4 +.IP "void \fBSSL_set_shutdown\fR(\s-1SSL\s0 *ssl, int mode);" 4 .IX Item "void SSL_set_shutdown(SSL *ssl, int mode);" -.Ip "int \fBSSL_set_ssl_method\fR(\s-1SSL\s0 *ssl, \s-1SSL_METHOD\s0 *meth);" 4 +.IP "int \fBSSL_set_ssl_method\fR(\s-1SSL\s0 *ssl, \s-1SSL_METHOD\s0 *meth);" 4 .IX Item "int SSL_set_ssl_method(SSL *ssl, SSL_METHOD *meth);" -.Ip "void \fBSSL_set_time\fR(\s-1SSL\s0 *ssl, long t);" 4 +.IP "void \fBSSL_set_time\fR(\s-1SSL\s0 *ssl, long t);" 4 .IX Item "void SSL_set_time(SSL *ssl, long t);" -.Ip "void \fBSSL_set_timeout\fR(\s-1SSL\s0 *ssl, long t);" 4 +.IP "void \fBSSL_set_timeout\fR(\s-1SSL\s0 *ssl, long t);" 4 .IX Item "void SSL_set_timeout(SSL *ssl, long t);" -.Ip "void \fBSSL_set_verify\fR(\s-1SSL\s0 *ssl, int mode, int (*callback);(void))" 4 +.IP "void \fBSSL_set_verify\fR(\s-1SSL\s0 *ssl, int mode, int (*callback);(void))" 4 .IX Item "void SSL_set_verify(SSL *ssl, int mode, int (*callback);(void))" -.Ip "void \fBSSL_set_verify_result\fR(\s-1SSL\s0 *ssl, long arg);" 4 +.IP "void \fBSSL_set_verify_result\fR(\s-1SSL\s0 *ssl, long arg);" 4 .IX Item "void SSL_set_verify_result(SSL *ssl, long arg);" -.Ip "int \fBSSL_set_wfd\fR(\s-1SSL\s0 *ssl, int fd);" 4 +.IP "int \fBSSL_set_wfd\fR(\s-1SSL\s0 *ssl, int fd);" 4 .IX Item "int SSL_set_wfd(SSL *ssl, int fd);" -.Ip "int \fBSSL_shutdown\fR(\s-1SSL\s0 *ssl);" 4 +.IP "int \fBSSL_shutdown\fR(\s-1SSL\s0 *ssl);" 4 .IX Item "int SSL_shutdown(SSL *ssl);" -.Ip "int \fBSSL_state\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_state(SSL *ssl);" -.Ip "char *\fBSSL_state_string\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "char *SSL_state_string(SSL *ssl);" -.Ip "char *\fBSSL_state_string_long\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "char *SSL_state_string_long(SSL *ssl);" -.Ip "long \fBSSL_total_renegotiations\fR(\s-1SSL\s0 *ssl);" 4 +.IP "int \fBSSL_state\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_state(const SSL *ssl);" +.IP "char *\fBSSL_state_string\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "char *SSL_state_string(const SSL *ssl);" +.IP "char *\fBSSL_state_string_long\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "char *SSL_state_string_long(const SSL *ssl);" +.IP "long \fBSSL_total_renegotiations\fR(\s-1SSL\s0 *ssl);" 4 .IX Item "long SSL_total_renegotiations(SSL *ssl);" -.Ip "int \fBSSL_use_PrivateKey\fR(\s-1SSL\s0 *ssl, \s-1EVP_PKEY\s0 *pkey);" 4 +.IP "int \fBSSL_use_PrivateKey\fR(\s-1SSL\s0 *ssl, \s-1EVP_PKEY\s0 *pkey);" 4 .IX Item "int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);" -.Ip "int \fBSSL_use_PrivateKey_ASN1\fR(int type, \s-1SSL\s0 *ssl, unsigned char *d, long len);" 4 +.IP "int \fBSSL_use_PrivateKey_ASN1\fR(int type, \s-1SSL\s0 *ssl, unsigned char *d, long len);" 4 .IX Item "int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, unsigned char *d, long len);" -.Ip "int \fBSSL_use_PrivateKey_file\fR(\s-1SSL\s0 *ssl, char *file, int type);" 4 +.IP "int \fBSSL_use_PrivateKey_file\fR(\s-1SSL\s0 *ssl, char *file, int type);" 4 .IX Item "int SSL_use_PrivateKey_file(SSL *ssl, char *file, int type);" -.Ip "int \fBSSL_use_RSAPrivateKey\fR(\s-1SSL\s0 *ssl, \s-1RSA\s0 *rsa);" 4 +.IP "int \fBSSL_use_RSAPrivateKey\fR(\s-1SSL\s0 *ssl, \s-1RSA\s0 *rsa);" 4 .IX Item "int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);" -.Ip "int \fBSSL_use_RSAPrivateKey_ASN1\fR(\s-1SSL\s0 *ssl, unsigned char *d, long len);" 4 +.IP "int \fBSSL_use_RSAPrivateKey_ASN1\fR(\s-1SSL\s0 *ssl, unsigned char *d, long len);" 4 .IX Item "int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);" -.Ip "int \fBSSL_use_RSAPrivateKey_file\fR(\s-1SSL\s0 *ssl, char *file, int type);" 4 +.IP "int \fBSSL_use_RSAPrivateKey_file\fR(\s-1SSL\s0 *ssl, char *file, int type);" 4 .IX Item "int SSL_use_RSAPrivateKey_file(SSL *ssl, char *file, int type);" -.Ip "int \fBSSL_use_certificate\fR(\s-1SSL\s0 *ssl, X509 *x);" 4 +.IP "int \fBSSL_use_certificate\fR(\s-1SSL\s0 *ssl, X509 *x);" 4 .IX Item "int SSL_use_certificate(SSL *ssl, X509 *x);" -.Ip "int \fBSSL_use_certificate_ASN1\fR(\s-1SSL\s0 *ssl, int len, unsigned char *d);" 4 +.IP "int \fBSSL_use_certificate_ASN1\fR(\s-1SSL\s0 *ssl, int len, unsigned char *d);" 4 .IX Item "int SSL_use_certificate_ASN1(SSL *ssl, int len, unsigned char *d);" -.Ip "int \fBSSL_use_certificate_file\fR(\s-1SSL\s0 *ssl, char *file, int type);" 4 +.IP "int \fBSSL_use_certificate_file\fR(\s-1SSL\s0 *ssl, char *file, int type);" 4 .IX Item "int SSL_use_certificate_file(SSL *ssl, char *file, int type);" -.Ip "int \fBSSL_version\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_version(SSL *ssl);" -.Ip "int \fBSSL_want\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_want(SSL *ssl);" -.Ip "int \fBSSL_want_nothing\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_want_nothing(SSL *ssl);" -.Ip "int \fBSSL_want_read\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_want_read(SSL *ssl);" -.Ip "int \fBSSL_want_write\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "int SSL_want_write(SSL *ssl);" -.Ip "int \fBSSL_want_x509_lookup\fR(s);" 4 -.IX Item "int SSL_want_x509_lookup(s);" -.Ip "int \fBSSL_write\fR(\s-1SSL\s0 *ssl, const void *buf, int num);" 4 +.IP "int \fBSSL_version\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_version(const SSL *ssl);" +.IP "int \fBSSL_want\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_want(const SSL *ssl);" +.IP "int \fBSSL_want_nothing\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_want_nothing(const SSL *ssl);" +.IP "int \fBSSL_want_read\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_want_read(const SSL *ssl);" +.IP "int \fBSSL_want_write\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_want_write(const SSL *ssl);" +.IP "int \fBSSL_want_x509_lookup\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_want_x509_lookup(const SSL *ssl);" +.IP "int \fBSSL_write\fR(\s-1SSL\s0 *ssl, const void *buf, int num);" 4 .IX Item "int SSL_write(SSL *ssl, const void *buf, int num);" .PD .SH "SEE ALSO" .IX Header "SEE ALSO" -openssl(1), crypto(3), -SSL_accept(3), SSL_clear(3), -SSL_connect(3), -SSL_CIPHER_get_name(3), -SSL_COMP_add_compression_method(3), -SSL_CTX_add_extra_chain_cert(3), -SSL_CTX_add_session(3), -SSL_CTX_ctrl(3), -SSL_CTX_flush_sessions(3), -SSL_CTX_get_ex_new_index(3), -SSL_CTX_get_verify_mode(3), -SSL_CTX_load_verify_locations(3) -SSL_CTX_new(3), -SSL_CTX_sess_number(3), -SSL_CTX_sess_set_cache_size(3), -SSL_CTX_sess_set_get_cb(3), -SSL_CTX_sessions(3), -SSL_CTX_set_cert_store(3), -SSL_CTX_set_cert_verify_callback(3), -SSL_CTX_set_cipher_list(3), -SSL_CTX_set_client_CA_list(3), -SSL_CTX_set_client_cert_cb(3), -SSL_CTX_set_default_passwd_cb(3), -SSL_CTX_set_generate_session_id(3), -SSL_CTX_set_info_callback(3), -SSL_CTX_set_max_cert_list(3), -SSL_CTX_set_mode(3), -SSL_CTX_set_msg_callback(3), -SSL_CTX_set_options(3), -SSL_CTX_set_quiet_shutdown(3), -SSL_CTX_set_session_cache_mode(3), -SSL_CTX_set_session_id_context(3), -SSL_CTX_set_ssl_version(3), -SSL_CTX_set_timeout(3), -SSL_CTX_set_tmp_rsa_callback(3), -SSL_CTX_set_tmp_dh_callback(3), -SSL_CTX_set_verify(3), -SSL_CTX_use_certificate(3), -SSL_alert_type_string(3), -SSL_do_handshake(3), -SSL_get_SSL_CTX(3), -SSL_get_ciphers(3), -SSL_get_client_CA_list(3), -SSL_get_default_timeout(3), -SSL_get_error(3), -SSL_get_ex_data_X509_STORE_CTX_idx(3), -SSL_get_ex_new_index(3), -SSL_get_fd(3), -SSL_get_peer_cert_chain(3), -SSL_get_rbio(3), -SSL_get_session(3), -SSL_get_verify_result(3), -SSL_get_version(3), -SSL_library_init(3), -SSL_load_client_CA_file(3), -SSL_new(3), -SSL_pending(3), -SSL_read(3), -SSL_rstate_string(3), -SSL_session_reused(3), -SSL_set_bio(3), -SSL_set_connect_state(3), -SSL_set_fd(3), -SSL_set_session(3), -SSL_set_shutdown(3), -SSL_shutdown(3), -SSL_state_string(3), -SSL_want(3), -SSL_write(3), -SSL_SESSION_free(3), -SSL_SESSION_get_ex_new_index(3), -SSL_SESSION_get_time(3), -d2i_SSL_SESSION(3) +\&\fIopenssl\fR\|(1), \fIcrypto\fR\|(3), +\&\fISSL_accept\fR\|(3), \fISSL_clear\fR\|(3), +\&\fISSL_connect\fR\|(3), +\&\fISSL_CIPHER_get_name\fR\|(3), +\&\fISSL_COMP_add_compression_method\fR\|(3), +\&\fISSL_CTX_add_extra_chain_cert\fR\|(3), +\&\fISSL_CTX_add_session\fR\|(3), +\&\fISSL_CTX_ctrl\fR\|(3), +\&\fISSL_CTX_flush_sessions\fR\|(3), +\&\fISSL_CTX_get_ex_new_index\fR\|(3), +\&\fISSL_CTX_get_verify_mode\fR\|(3), +\&\fISSL_CTX_load_verify_locations\fR\|(3) +\&\fISSL_CTX_new\fR\|(3), +\&\fISSL_CTX_sess_number\fR\|(3), +\&\fISSL_CTX_sess_set_cache_size\fR\|(3), +\&\fISSL_CTX_sess_set_get_cb\fR\|(3), +\&\fISSL_CTX_sessions\fR\|(3), +\&\fISSL_CTX_set_cert_store\fR\|(3), +\&\fISSL_CTX_set_cert_verify_callback\fR\|(3), +\&\fISSL_CTX_set_cipher_list\fR\|(3), +\&\fISSL_CTX_set_client_CA_list\fR\|(3), +\&\fISSL_CTX_set_client_cert_cb\fR\|(3), +\&\fISSL_CTX_set_default_passwd_cb\fR\|(3), +\&\fISSL_CTX_set_generate_session_id\fR\|(3), +\&\fISSL_CTX_set_info_callback\fR\|(3), +\&\fISSL_CTX_set_max_cert_list\fR\|(3), +\&\fISSL_CTX_set_mode\fR\|(3), +\&\fISSL_CTX_set_msg_callback\fR\|(3), +\&\fISSL_CTX_set_options\fR\|(3), +\&\fISSL_CTX_set_quiet_shutdown\fR\|(3), +\&\fISSL_CTX_set_session_cache_mode\fR\|(3), +\&\fISSL_CTX_set_session_id_context\fR\|(3), +\&\fISSL_CTX_set_ssl_version\fR\|(3), +\&\fISSL_CTX_set_timeout\fR\|(3), +\&\fISSL_CTX_set_tmp_rsa_callback\fR\|(3), +\&\fISSL_CTX_set_tmp_dh_callback\fR\|(3), +\&\fISSL_CTX_set_verify\fR\|(3), +\&\fISSL_CTX_use_certificate\fR\|(3), +\&\fISSL_alert_type_string\fR\|(3), +\&\fISSL_do_handshake\fR\|(3), +\&\fISSL_get_SSL_CTX\fR\|(3), +\&\fISSL_get_ciphers\fR\|(3), +\&\fISSL_get_client_CA_list\fR\|(3), +\&\fISSL_get_default_timeout\fR\|(3), +\&\fISSL_get_error\fR\|(3), +\&\fISSL_get_ex_data_X509_STORE_CTX_idx\fR\|(3), +\&\fISSL_get_ex_new_index\fR\|(3), +\&\fISSL_get_fd\fR\|(3), +\&\fISSL_get_peer_cert_chain\fR\|(3), +\&\fISSL_get_rbio\fR\|(3), +\&\fISSL_get_session\fR\|(3), +\&\fISSL_get_verify_result\fR\|(3), +\&\fISSL_get_version\fR\|(3), +\&\fISSL_library_init\fR\|(3), +\&\fISSL_load_client_CA_file\fR\|(3), +\&\fISSL_new\fR\|(3), +\&\fISSL_pending\fR\|(3), +\&\fISSL_read\fR\|(3), +\&\fISSL_rstate_string\fR\|(3), +\&\fISSL_session_reused\fR\|(3), +\&\fISSL_set_bio\fR\|(3), +\&\fISSL_set_connect_state\fR\|(3), +\&\fISSL_set_fd\fR\|(3), +\&\fISSL_set_session\fR\|(3), +\&\fISSL_set_shutdown\fR\|(3), +\&\fISSL_shutdown\fR\|(3), +\&\fISSL_state_string\fR\|(3), +\&\fISSL_want\fR\|(3), +\&\fISSL_write\fR\|(3), +\&\fISSL_SESSION_free\fR\|(3), +\&\fISSL_SESSION_get_ex_new_index\fR\|(3), +\&\fISSL_SESSION_get_time\fR\|(3), +\&\fId2i_SSL_SESSION\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -The ssl(3) document appeared in OpenSSL 0.9.2 +The \fIssl\fR\|(3) document appeared in OpenSSL 0.9.2 |
