diff options
Diffstat (limited to 'secure/lib/libssl')
80 files changed, 17250 insertions, 8 deletions
diff --git a/secure/lib/libssl/Makefile b/secure/lib/libssl/Makefile index 22050fb..a75ad79 100644 --- a/secure/lib/libssl/Makefile +++ b/secure/lib/libssl/Makefile @@ -1,23 +1,54 @@ # $FreeBSD$ LIB= ssl -SHLIB_MAJOR= 2 +SHLIB_MAJOR= 3 NOLINT= true +.include "../libcrypto/Makefile.inc" + SRCS= bio_ssl.c s23_clnt.c s23_lib.c s23_meth.c s23_pkt.c s23_srvr.c \ s2_clnt.c s2_enc.c s2_lib.c s2_meth.c s2_pkt.c s2_srvr.c \ s3_both.c s3_clnt.c s3_enc.c s3_lib.c s3_meth.c s3_pkt.c \ s3_srvr.c ssl_algs.c ssl_asn1.c ssl_cert.c ssl_ciph.c \ ssl_err.c ssl_err2.c ssl_lib.c ssl_rsa.c ssl_sess.c ssl_stat.c \ - ssl_txt.c t1_clnt.c t1_enc.c t1_lib.c t1_meth.c t1_srvr.o \ + ssl_txt.c t1_clnt.c t1_enc.c t1_lib.c t1_meth.c t1_srvr.c -INCS= ssl.h ssl2.h ssl23.h ssl3.h tls1.h -INCSDIR=${INCLUDEDIR}/openssl -HDRS= ${INCS:S;^;../ssl/;} +MAN3= SSL_CIPHER_get_name.3 SSL_COMP_add_compression_method.3 \ + SSL_CTX_add_extra_chain_cert.3 SSL_CTX_add_session.3 SSL_CTX_ctrl.3 \ + SSL_CTX_flush_sessions.3 SSL_CTX_free.3 SSL_CTX_get_ex_new_index.3 \ + SSL_CTX_get_verify_mode.3 SSL_CTX_load_verify_locations.3 \ + SSL_CTX_new.3 SSL_CTX_sess_number.3 SSL_CTX_sess_set_cache_size.3 \ + SSL_CTX_sess_set_get_cb.3 SSL_CTX_sessions.3 SSL_CTX_set_cert_store.3 \ + SSL_CTX_set_cert_verify_callback.3 SSL_CTX_set_cipher_list.3 \ + SSL_CTX_set_client_CA_list.3 SSL_CTX_set_client_cert_cb.3 \ + SSL_CTX_set_default_passwd_cb.3 SSL_CTX_set_generate_session_id.3 \ + SSL_CTX_set_info_callback.3 SSL_CTX_set_max_cert_list.3 \ + SSL_CTX_set_mode.3 SSL_CTX_set_msg_callback.3 SSL_CTX_set_options.3 \ + SSL_CTX_set_quiet_shutdown.3 SSL_CTX_set_session_cache_mode.3 \ + SSL_CTX_set_session_id_context.3 SSL_CTX_set_ssl_version.3 \ + SSL_CTX_set_timeout.3 SSL_CTX_set_tmp_dh_callback.3 \ + SSL_CTX_set_tmp_rsa_callback.3 SSL_CTX_set_verify.3 \ + SSL_CTX_use_certificate.3 SSL_SESSION_free.3 \ + SSL_SESSION_get_ex_new_index.3 SSL_SESSION_get_time.3 SSL_accept.3 \ + SSL_alert_type_string.3 SSL_clear.3 SSL_connect.3 SSL_do_handshake.3 \ + SSL_free.3 SSL_get_SSL_CTX.3 SSL_get_ciphers.3 \ + SSL_get_client_CA_list.3 SSL_get_current_cipher.3 \ + SSL_get_default_timeout.3 SSL_get_error.3 \ + SSL_get_ex_data_X509_STORE_CTX_idx.3 SSL_get_ex_new_index.3 \ + SSL_get_fd.3 SSL_get_peer_cert_chain.3 SSL_get_peer_certificate.3 \ + SSL_get_rbio.3 SSL_get_session.3 SSL_get_verify_result.3 \ + SSL_get_version.3 SSL_library_init.3 SSL_load_client_CA_file.3 \ + SSL_new.3 SSL_pending.3 SSL_read.3 SSL_rstate_string.3 \ + SSL_session_reused.3 SSL_set_bio.3 SSL_set_connect_state.3 \ + SSL_set_fd.3 SSL_set_session.3 SSL_set_shutdown.3 \ + SSL_set_verify_result.3 SSL_shutdown.3 SSL_state_string.3 \ + SSL_want.3 SSL_write.3 d2i_SSL_SESSION.3 ssl.3 -.include "../libcrypto/Makefile.inc" - -.PATH: ${LCRYPTO_SRC}/../ssl +INCS= kssl.h ssl.h ssl2.h ssl23.h ssl3.h tls1.h +INCSDIR=${INCLUDEDIR}/openssl .include <bsd.lib.mk> + +.PATH: ${LCRYPTO_SRC}/ssl \ + ${.CURDIR}/man diff --git a/secure/lib/libssl/man/SSL_CIPHER_get_name.3 b/secure/lib/libssl/man/SSL_CIPHER_get_name.3 new file mode 100644 index 0000000..a8b1303 --- /dev/null +++ b/secure/lib/libssl/man/SSL_CIPHER_get_name.3 @@ -0,0 +1,236 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:34:25 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CIPHER_get_name 3" +.TH SSL_CIPHER_get_name 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, SSL_CIPHER_description \- get \s-1SSL_CIPHER\s0 properties +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 4 +\& const char *SSL_CIPHER_get_name(SSL_CIPHER *cipher); +\& int SSL_CIPHER_get_bits(SSL_CIPHER *cipher, int *alg_bits); +\& char *SSL_CIPHER_get_version(SSL_CIPHER *cipher); +\& char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int size); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CIPHER_get_name()\fR returns a pointer to the name of \fBcipher\fR. If the +argument is the \s-1NULL\s0 pointer, a pointer to the constant value \*(L"\s-1NONE\s0\*(R" is +returned. +.PP +\&\fISSL_CIPHER_get_bits()\fR returns the number of secret bits used for \fBcipher\fR. If +\&\fBalg_bits\fR is not \s-1NULL\s0, it contains the number of bits processed by the +chosen algorithm. If \fBcipher\fR is \s-1NULL\s0, 0 is returned. +.PP +\&\fISSL_CIPHER_get_version()\fR returns the protocol version for \fBcipher\fR, currently +\&\*(L"SSLv2\*(R", \*(L"SSLv3\*(R", or \*(L"TLSv1\*(R". If \fBcipher\fR is \s-1NULL\s0, \*(L"(\s-1NONE\s0)\*(R" is returned. +.PP +\&\fISSL_CIPHER_description()\fR returns a textual description of the cipher used +into the buffer \fBbuf\fR of length \fBlen\fR provided. \fBlen\fR must be at least +128 bytes, otherwise a pointer to the the string \*(L"Buffer too small\*(R" is +returned. If \fBbuf\fR is \s-1NULL\s0, a buffer of 128 bytes is allocated using +\&\fIOPENSSL_malloc()\fR. If the allocation fails, a pointer to the string +\&\*(L"OPENSSL_malloc Error\*(R" is returned. +.SH "NOTES" +.IX Header "NOTES" +The number of bits processed can be different from the secret bits. An +export cipher like e.g. \s-1EXP-RC4\-MD5\s0 has only 40 secret bits. The algorithm +does use the full 128 bits (which would be returned for \fBalg_bits\fR), of +which however 88bits are fixed. The search space is hence only 40 bits. +.PP +The string returned by \fISSL_CIPHER_description()\fR in case of success consists +of cleartext information separated by one or more blanks in the following +sequence: +.Ip "<ciphername>" 4 +.IX Item "<ciphername>" +Textual representation of the cipher name. +.Ip "<protocol version>" 4 +.IX Item "<protocol version>" +Protocol version: \fBSSLv2\fR, \fBSSLv3\fR. The TLSv1 ciphers are flagged with SSLv3. +.Ip "Kx=<key exchange>" 4 +.IX Item "Kx=<key exchange>" +Key exchange method: \fB\s-1RSA\s0\fR (for export ciphers as \fBRSA(512)\fR or +\&\fBRSA(1024)\fR), \fB\s-1DH\s0\fR (for export ciphers as \fBDH(512)\fR or \fBDH(1024)\fR), +\&\fB\s-1DH/RSA\s0\fR, \fB\s-1DH/DSS\s0\fR, \fBFortezza\fR. +.Ip "Au=<authentication>" 4 +.IX Item "Au=<authentication>" +Authentication method: \fB\s-1RSA\s0\fR, \fB\s-1DSS\s0\fR, \fB\s-1DH\s0\fR, \fBNone\fR. None is the +representation of anonymous ciphers. +.Ip "Enc=<symmetric encryption method>" 4 +.IX Item "Enc=<symmetric encryption method>" +Encryption method with number of secret bits: \fBDES(40)\fR, \fBDES(56)\fR, +\&\fB3DES(168)\fR, \fBRC4(40)\fR, \fBRC4(56)\fR, \fBRC4(64)\fR, \fBRC4(128)\fR, +\&\fBRC2(40)\fR, \fBRC2(56)\fR, \fBRC2(128)\fR, \fBIDEA(128)\fR, \fBFortezza\fR, \fBNone\fR. +.Ip "Mac=<message authentication code>" 4 +.IX Item "Mac=<message authentication code>" +Message digest: \fB\s-1MD5\s0\fR, \fB\s-1SHA1\s0\fR. +.Ip "<export flag>" 4 +.IX Item "<export flag>" +If the cipher is flagged exportable with respect to old \s-1US\s0 crypto +regulations, the word "\fBexport\fR" is printed. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Some examples for the output of \fISSL_CIPHER_description()\fR: +.PP +.Vb 4 +\& EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1 +\& EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1 +\& RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 +\& EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export +.Ve +.SH "BUGS" +.IX Header "BUGS" +If \fISSL_CIPHER_description()\fR is called with \fBcipher\fR being \s-1NULL\s0, the +library crashes. +.PP +If \fISSL_CIPHER_description()\fR cannot handle a built-in cipher, the according +description of the cipher property is \fBunknown\fR. This case should not +occur. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +See \s-1DESCRIPTION\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_get_current_cipher(3), +SSL_get_ciphers(3), ciphers(1) diff --git a/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 b/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 new file mode 100644 index 0000000..a71b9a8 --- /dev/null +++ b/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 @@ -0,0 +1,197 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:34:26 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_COMP_add_compression_method 3" +.TH SSL_COMP_add_compression_method 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_COMP_add_compression_method \- handle \s-1SSL/TLS\s0 integrated compression methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_COMP_add_compression_method()\fR adds the compression method \fBcm\fR with +the identifier \fBid\fR to the list of available compression methods. This +list is globally maintained for all \s-1SSL\s0 operations within this application. +It cannot be set for specific \s-1SSL_CTX\s0 or \s-1SSL\s0 objects. +.SH "NOTES" +.IX Header "NOTES" +The \s-1TLS\s0 standard (or SSLv3) allows the integration of compression methods +into the communication. The \s-1TLS\s0 \s-1RFC\s0 does however not specify compression +methods or their corresponding identifiers, so there is currently no compatible +way to integrate compression with unknown peers. It is therefore currently not +recommended to integrate compression into applications. Applications for +non-public use may agree on certain compression methods. Using different +compression methods with the same identifier will lead to connection failure. +.PP +An OpenSSL client speaking a protocol that allows compression (SSLv3, TLSv1) +will unconditionally send the list of all compression methods enabled with +\&\fISSL_COMP_add_compression_method()\fR to the server during the handshake. +Unlike the mechanisms to set a cipher list, there is no method available to +restrict the list of compression method on a per connection basis. +.PP +An OpenSSL server will match the identifiers listed by a client against +its own compression methods and will unconditionally activate compression +when a matching identifier is found. There is no way to restrict the list +of compression methods supported on a per connection basis. +.PP +The OpenSSL library has the compression methods \fB\f(BICOMP_rle()\fB\fR and (when +especially enabled during compilation) \fB\f(BICOMP_zlib()\fB\fR available. +.SH "WARNINGS" +.IX Header "WARNINGS" +Once the identities of the compression methods for the \s-1TLS\s0 protocol have +been standardized, the compression \s-1API\s0 will most likely be changed. Using +it in the current state is not recommended. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_COMP_add_compression_method()\fR may return the following values: +.Ip "1" 4 +.IX Item "1" +The operation succeeded. +.Ip "0" 4 +The operation failed. Check the error queue to find out the reason. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3) diff --git a/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 b/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 new file mode 100644 index 0000000..b50d3db --- /dev/null +++ b/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 @@ -0,0 +1,174 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:34:27 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_add_extra_chain_cert 3" +.TH SSL_CTX_add_extra_chain_cert 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_CTX_add_extra_chain_cert \- add certificate to chain +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& long SSL_CTX_add_extra_chain_cert(SSL_CTX ctx, X509 *x509) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_add_extra_chain_cert()\fR adds the certificate \fBx509\fR to the certificate +chain presented together with the certificate. Several certificates +can be added one after the other. +.SH "NOTES" +.IX Header "NOTES" +When constructing the certificate chain, the chain will be formed from +these certificates explicitly specified. If no chain is specified, +the library will try to complete the chain from the available \s-1CA\s0 +certificates in the trusted \s-1CA\s0 storage, see +SSL_CTX_load_verify_locations(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_add_extra_chain_cert()\fR returns 1 on success. Check out the +error stack to find out the reason for failure otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), +SSL_CTX_use_certificate(3), +SSL_CTX_set_client_cert_cb(3), +SSL_CTX_load_verify_locations(3) diff --git a/secure/lib/libssl/man/SSL_CTX_add_session.3 b/secure/lib/libssl/man/SSL_CTX_add_session.3 new file mode 100644 index 0000000..8e36ab4 --- /dev/null +++ b/secure/lib/libssl/man/SSL_CTX_add_session.3 @@ -0,0 +1,205 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:34:28 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_add_session 3" +.TH SSL_CTX_add_session 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_CTX_add_session, SSL_add_session, SSL_CTX_remove_session, SSL_remove_session \- manipulate session cache +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 2 +\& int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c); +\& int SSL_add_session(SSL_CTX *ctx, SSL_SESSION *c); +.Ve +.Vb 2 +\& int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c); +\& int SSL_remove_session(SSL_CTX *ctx, SSL_SESSION *c); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_add_session()\fR adds the session \fBc\fR to the context \fBctx\fR. The +reference count for session \fBc\fR is incremented by 1. If a session with +the same session id already exists, the old session is removed by calling +SSL_SESSION_free(3). +.PP +\&\fISSL_CTX_remove_session()\fR removes the session \fBc\fR from the context \fBctx\fR. +SSL_SESSION_free(3) is called once for \fBc\fR. +.PP +\&\fISSL_add_session()\fR and \fISSL_remove_session()\fR are synonyms for their +SSL_CTX_*() counterparts. +.SH "NOTES" +.IX Header "NOTES" +When adding a new session to the internal session cache, it is examined +whether a session with the same session id already exists. In this case +it is assumed that both sessions are identical. If the same session is +stored in a different \s-1SSL_SESSION\s0 object, The old session is +removed and replaced by the new session. If the session is actually +identical (the \s-1SSL_SESSION\s0 object is identical), \fISSL_CTX_add_session()\fR +is a no-op, and the return value is 0. +.PP +If a server \s-1SSL_CTX\s0 is configured with the \s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0 +flag then the internal cache will not be populated automatically by new +sessions negotiated by the \s-1SSL/TLS\s0 implementation, even though the internal +cache will be searched automatically for session-resume requests (the +latter can be surpressed by \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0). So the +application can use \fISSL_CTX_add_session()\fR directly to have full control +over the sessions that can be resumed if desired. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following values are returned by all functions: +.Ip "0" 4 +.Vb 3 +\& The operation failed. In case of the add operation, it was tried to add +\& the same (identical) session twice. In case of the remove operation, the +\& session was not found in the cache. +.Ve +.Ip "1" 4 +.IX Item "1" +.Vb 1 +\& The operation succeeded. +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), +SSL_CTX_set_session_cache_mode(3), +SSL_SESSION_free(3) diff --git a/secure/lib/libssl/man/SSL_CTX_ctrl.3 b/secure/lib/libssl/man/SSL_CTX_ctrl.3 new file mode 100644 index 0000000..0a4099c --- /dev/null +++ b/secure/lib/libssl/man/SSL_CTX_ctrl.3 @@ -0,0 +1,171 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:34:29 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_ctrl 3" +.TH SSL_CTX_ctrl 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_CTX_ctrl, SSL_CTX_callback_ctrl, SSL_ctrl, SSL_callback_ctrl \- internal handling functions for \s-1SSL_CTX\s0 and \s-1SSL\s0 objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 2 +\& long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); +\& long SSL_CTX_callback_ctrl(SSL_CTX *, int cmd, void (*fp)()); +.Ve +.Vb 2 +\& long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); +\& long SSL_callback_ctrl(SSL *, int cmd, void (*fp)()); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The SSL_*\fI_ctrl()\fR family of functions is used to manipulate settings of +the \s-1SSL_CTX\s0 and \s-1SSL\s0 objects. Depending on the command \fBcmd\fR the arguments +\&\fBlarg\fR, \fBparg\fR, or \fBfp\fR are evaluated. These functions should never +be called directly. All functionalities needed are made available via +other functions or macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The return values of the SSL*\fI_ctrl()\fR functions depend on the command +supplied via the \fBcmd\fR parameter. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3) diff --git a/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 b/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 new file mode 100644 index 0000000..e5ff102 --- /dev/null +++ b/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 @@ -0,0 +1,185 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:34:29 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_flush_sessions 3" +.TH SSL_CTX_flush_sessions 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_CTX_flush_sessions, SSL_flush_sessions \- remove expired sessions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 2 +\& void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); +\& void SSL_flush_sessions(SSL_CTX *ctx, long tm); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_flush_sessions()\fR causes a run through the session cache of +\&\fBctx\fR to remove sessions expired at time \fBtm\fR. +.PP +\&\fISSL_flush_sessions()\fR is a synonym for \fISSL_CTX_flush_sessions()\fR. +.SH "NOTES" +.IX Header "NOTES" +If enabled, the internal session cache will collect all sessions established +up to the specified maximum number (see \fISSL_CTX_sess_set_cache_size()\fR). +As sessions will not be reused ones they are expired, they should be +removed from the cache to save resources. This can either be done + automatically whenever 255 new sessions were established (see +SSL_CTX_set_session_cache_mode(3)) +or manually by calling \fISSL_CTX_flush_sessions()\fR. +.PP +The parameter \fBtm\fR specifies the time which should be used for the +expiration test, in most cases the actual time given by \fItime\fR\|(0) +will be used. +.PP +\&\fISSL_CTX_flush_sessions()\fR will only check sessions stored in the internal +cache. When a session is found and removed, the remove_session_cb is however +called to synchronize with the external cache (see +SSL_CTX_sess_set_get_cb(3)). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), +SSL_CTX_set_session_cache_mode(3), +SSL_CTX_set_timeout(3), +SSL_CTX_sess_set_get_cb(3) diff --git a/secure/lib/libssl/man/SSL_CTX_free.3 b/secure/lib/libssl/man/SSL_CTX_free.3 new file mode 100644 index 0000000..2b69931 --- /dev/null +++ b/secure/lib/libssl/man/SSL_CTX_free.3 @@ -0,0 +1,167 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:34:30 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_free 3" +.TH SSL_CTX_free 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_CTX_free \- free an allocated \s-1SSL_CTX\s0 object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& void SSL_CTX_free(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_free()\fR decrements the reference count of \fBctx\fR, and removes the +\&\s-1SSL_CTX\s0 object pointed to by \fBctx\fR and frees up the allocated memory if the +the reference count has reached 0. +.PP +It also calls the \fIfree()\fRing procedures for indirectly affected items, if +applicable: the session cache, the list of ciphers, the list of Client CAs, +the certificates and keys. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_free()\fR does not provide diagnostic information. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +SSL_CTX_new(3), ssl(3) diff --git a/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 b/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 new file mode 100644 index 0000000..c9f37e1 --- /dev/null +++ b/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 @@ -0,0 +1,193 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:34:31 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_get_ex_new_index 3" +.TH SSL_CTX_get_ex_new_index 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_CTX_get_ex_new_index, SSL_CTX_set_ex_data, SSL_CTX_get_ex_data \- internal application specific data functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 4 +\& int SSL_CTX_get_ex_new_index(long argl, void *argp, +\& CRYPTO_EX_new *new_func, +\& CRYPTO_EX_dup *dup_func, +\& CRYPTO_EX_free *free_func); +.Ve +.Vb 1 +\& int SSL_CTX_set_ex_data(SSL_CTX *ctx, int idx, void *arg); +.Ve +.Vb 1 +\& void *SSL_CTX_get_ex_data(SSL_CTX *ctx, int idx); +.Ve +.Vb 6 +\& typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, +\& int idx, long argl, void *argp); +\& typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, +\& int idx, long argl, void *argp); +\& typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, +\& int idx, long argl, void *argp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Several OpenSSL structures can have application specific data attached to them. +These functions are used internally by OpenSSL to manipulate application +specific data attached to a specific structure. +.PP +\&\fISSL_CTX_get_ex_new_index()\fR is used to register a new index for application +specific data. +.PP +\&\fISSL_CTX_set_ex_data()\fR is used to store application data at \fBarg\fR for \fBidx\fR +into the \fBctx\fR object. +.PP +\&\fISSL_CTX_get_ex_data()\fR is used to retrieve the information for \fBidx\fR from +\&\fBctx\fR. +.PP +A detailed description for the \fB*\f(BI_get_ex_new_index()\fB\fR functionality +can be found in RSA_get_ex_new_index(3). +The \fB*\f(BI_get_ex_data()\fB\fR and \fB*\f(BI_set_ex_data()\fB\fR functionality is described in +CRYPTO_set_ex_data(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), +RSA_get_ex_new_index(3), +CRYPTO_set_ex_data(3) diff --git a/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 b/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 new file mode 100644 index 0000000..69e2496 --- /dev/null +++ b/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 @@ -0,0 +1,186 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:34:32 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_get_verify_mode 3" +.TH SSL_CTX_get_verify_mode 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_CTX_get_verify_mode, SSL_get_verify_mode, SSL_CTX_get_verify_depth, SSL_get_verify_depth, SSL_get_verify_callback, SSL_CTX_get_verify_callback \- get currently set verification parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 6 +\& int SSL_CTX_get_verify_mode(SSL_CTX *ctx); +\& int SSL_get_verify_mode(SSL *ssl); +\& int SSL_CTX_get_verify_depth(SSL_CTX *ctx); +\& int SSL_get_verify_depth(SSL *ssl); +\& int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(int, X509_STORE_CTX *); +\& int (*SSL_get_verify_callback(SSL *ssl))(int, X509_STORE_CTX *); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_get_verify_mode()\fR returns the verification mode currently set in +\&\fBctx\fR. +.PP +\&\fISSL_get_verify_mode()\fR returns the verification mode currently set in +\&\fBssl\fR. +.PP +\&\fISSL_CTX_get_verify_depth()\fR returns the verification depth limit currently set +in \fBctx\fR. If no limit has been explicitly set, \-1 is returned and the +default value will be used. +.PP +\&\fISSL_get_verify_depth()\fR returns the verification depth limit currently set +in \fBssl\fR. If no limit has been explicitly set, \-1 is returned and the +default value will be used. +.PP +\&\fISSL_CTX_get_verify_callback()\fR returns a function pointer to the verification +callback currently set in \fBctx\fR. If no callback was explicitly set, the +\&\s-1NULL\s0 pointer is returned and the default callback will be used. +.PP +\&\fISSL_get_verify_callback()\fR returns a function pointer to the verification +callback currently set in \fBssl\fR. If no callback was explicitly set, the +\&\s-1NULL\s0 pointer is returned and the default callback will be used. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +See \s-1DESCRIPTION\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_CTX_set_verify(3) diff --git a/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 b/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 new file mode 100644 index 0000000..72d6180 --- /dev/null +++ b/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 @@ -0,0 +1,254 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:34:33 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_load_verify_locations 3" +.TH SSL_CTX_load_verify_locations 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_CTX_load_verify_locations \- set default locations for trusted \s-1CA\s0 +certificates +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 2 +\& int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, +\& const char *CApath); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_load_verify_locations()\fR specifies the locations for \fBctx\fR, at +which \s-1CA\s0 certificates for verification purposes are located. The certificates +available via \fBCAfile\fR and \fBCApath\fR are trusted. +.SH "NOTES" +.IX Header "NOTES" +If \fBCAfile\fR is not \s-1NULL\s0, it points to a file of \s-1CA\s0 certificates in \s-1PEM\s0 +format. The file can contain several \s-1CA\s0 certificates identified by +.PP +.Vb 3 +\& -----BEGIN CERTIFICATE----- +\& ... (CA certificate in base64 encoding) ... +\& -----END CERTIFICATE----- +.Ve +sequences. Before, between, and after the certificates text is allowed +which can be used e.g. for descriptions of the certificates. +.PP +The \fBCAfile\fR is processed on execution of the \fISSL_CTX_load_verify_locations()\fR +function. +.PP +If \fBCApath\fR is not \s-1NULL\s0, it points to a directory containing \s-1CA\s0 certificates +in \s-1PEM\s0 format. The files each contain one \s-1CA\s0 certificate. The files are +looked up by the \s-1CA\s0 subject name hash value, which must hence be available. +If more than one \s-1CA\s0 certificate with the same name hash value exist, the +extension must be different (e.g. 9d66eef0.0, 9d66eef0.1 etc). The search +is performed in the ordering of the extension number, regardless of other +properties of the certificates. +Use the \fBc_rehash\fR utility to create the necessary links. +.PP +The certificates in \fBCApath\fR are only looked up when required, e.g. when +building the certificate chain or when actually performing the verification +of a peer certificate. +.PP +When looking up \s-1CA\s0 certificates, the OpenSSL library will first search the +certificates in \fBCAfile\fR, then those in \fBCApath\fR. Certificate matching +is done based on the subject name, the key identifier (if present), and the +serial number as taken from the certificate to be verified. If these data +do not match, the next certificate will be tried. If a first certificate +matching the parameters is found, the verification process will be performed; +no other certificates for the same parameters will be searched in case of +failure. +.PP +In server mode, when requesting a client certificate, the server must send +the list of CAs of which it will accept client certificates. This list +is not influenced by the contents of \fBCAfile\fR or \fBCApath\fR and must +explicitly be set using the +SSL_CTX_set_client_CA_list(3) +family of functions. +.PP +When building its own certificate chain, an OpenSSL client/server will +try to fill in missing certificates from \fBCAfile\fR/\fBCApath\fR, if the +certificate chain was not explicitly specified (see +SSL_CTX_add_extra_chain_cert(3), +SSL_CTX_use_certificate(3). +.SH "WARNINGS" +.IX Header "WARNINGS" +If several \s-1CA\s0 certificates matching the name, key identifier, and serial +number condition are available, only the first one will be examined. This +may lead to unexpected results if the same \s-1CA\s0 certificate is available +with different expiration dates. If a \*(L"certificate expired\*(R" verification +error occurs, no other certificate will be searched. Make sure to not +have expired certificates mixed with valid ones. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Generate a \s-1CA\s0 certificate file with descriptive text from the \s-1CA\s0 certificates +ca1.pem ca2.pem ca3.pem: +.PP +.Vb 5 +\& #!/bin/sh +\& rm CAfile.pem +\& for i in ca1.pem ca2.pem ca3.pem ; do +\& openssl x509 -in $i -text >> CAfile.pem +\& done +.Ve +Prepare the directory /some/where/certs containing several \s-1CA\s0 certificates +for use as \fBCApath\fR: +.PP +.Vb 2 +\& cd /some/where/certs +\& c_rehash . +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.Ip "0" 4 +The operation failed because \fBCAfile\fR and \fBCApath\fR are \s-1NULL\s0 or the +processing at one of the locations specified failed. Check the error +stack to find out the reason. +.Ip "1" 4 +.IX Item "1" +The operation succeeded. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), +SSL_CTX_set_client_CA_list(3), +SSL_get_client_CA_list(3), +SSL_CTX_use_certificate(3), +SSL_CTX_add_extra_chain_cert(3), +SSL_CTX_set_cert_store(3) diff --git a/secure/lib/libssl/man/SSL_CTX_new.3 b/secure/lib/libssl/man/SSL_CTX_new.3 new file mode 100644 index 0000000..8373f64 --- /dev/null +++ b/secure/lib/libssl/man/SSL_CTX_new.3 @@ -0,0 +1,215 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:34:34 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_new 3" +.TH SSL_CTX_new 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_CTX_new \- create a new \s-1SSL_CTX\s0 object as framework for \s-1TLS/SSL\s0 enabled functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& SSL_CTX *SSL_CTX_new(SSL_METHOD *method); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_new()\fR creates a new \fB\s-1SSL_CTX\s0\fR object as framework to establish +\&\s-1TLS/SSL\s0 enabled connections. +.SH "NOTES" +.IX Header "NOTES" +The \s-1SSL_CTX\s0 object uses \fBmethod\fR as connection method. The methods exist +in a generic type (for client and server use), a server only type, and a +client only type. \fBmethod\fR can be of the following types: +.Ip "SSLv2_method(void), SSLv2_server_method(void), SSLv2_client_method(void)" 4 +.IX Item "SSLv2_method(void), SSLv2_server_method(void), SSLv2_client_method(void)" +A \s-1TLS/SSL\s0 connection established with these methods will only understand +the SSLv2 protocol. A client will send out SSLv2 client hello messages +and will also indicate that it only understand SSLv2. A server will only +understand SSLv2 client hello messages. +.Ip "SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void)" 4 +.IX Item "SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void)" +A \s-1TLS/SSL\s0 connection established with these methods will only understand the +SSLv3 protocol. A client will send out SSLv3 client hello messages +and will indicate that it only understands SSLv3. A server will only understand +SSLv3 client hello messages. This especially means, that it will +not understand SSLv2 client hello messages which are widely used for +compatibility reasons, see SSLv23_*\fI_method()\fR. +.Ip "TLSv1_method(void), TLSv1_server_method(void), TLSv1_client_method(void)" 4 +.IX Item "TLSv1_method(void), TLSv1_server_method(void), TLSv1_client_method(void)" +A \s-1TLS/SSL\s0 connection established with these methods will only understand the +TLSv1 protocol. A client will send out TLSv1 client hello messages +and will indicate that it only understands TLSv1. A server will only understand +TLSv1 client hello messages. This especially means, that it will +not understand SSLv2 client hello messages which are widely used for +compatibility reasons, see SSLv23_*\fI_method()\fR. It will also not understand +SSLv3 client hello messages. +.Ip "SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void)" 4 +.IX Item "SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void)" +A \s-1TLS/SSL\s0 connection established with these methods will understand the SSLv2, +SSLv3, and TLSv1 protocol. A client will send out SSLv2 client hello messages +and will indicate that it also understands SSLv3 and TLSv1. A server will +understand SSLv2, SSLv3, and TLSv1 client hello messages. This is the best +choice when compatibility is a concern. +.PP +The list of protocols available can later be limited using the SSL_OP_NO_SSLv2, +SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1 options of the \fB\f(BISSL_CTX_set_options()\fB\fR or +\&\fB\f(BISSL_set_options()\fB\fR functions. Using these options it is possible to choose +e.g. \fISSLv23_server_method()\fR and be able to negotiate with all possible +clients, but to only allow newer protocols like SSLv3 or TLSv1. +.PP +\&\fISSL_CTX_new()\fR initializes the list of ciphers, the session cache setting, +the callbacks, the keys and certificates, and the options to its default +values. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.Ip "\s-1NULL\s0" 4 +.IX Item "NULL" +The creation of a new \s-1SSL_CTX\s0 object failed. Check the error stack to +find out the reason. +.Ip "Pointer to an \s-1SSL_CTX\s0 object" 4 +.IX Item "Pointer to an SSL_CTX object" +The return value points to an allocated \s-1SSL_CTX\s0 object. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +SSL_CTX_free(3), SSL_accept(3), +ssl(3), SSL_set_connect_state(3) diff --git a/secure/lib/libssl/man/SSL_CTX_sess_number.3 b/secure/lib/libssl/man/SSL_CTX_sess_number.3 new file mode 100644 index 0000000..dabce64 --- /dev/null +++ b/secure/lib/libssl/man/SSL_CTX_sess_number.3 @@ -0,0 +1,212 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:34:35 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_sess_number 3" +.TH SSL_CTX_sess_number 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_CTX_sess_number, SSL_CTX_sess_connect, SSL_CTX_sess_connect_good, SSL_CTX_sess_connect_renegotiate, SSL_CTX_sess_accept, SSL_CTX_sess_accept_good, SSL_CTX_sess_accept_renegotiate, SSL_CTX_sess_hits, SSL_CTX_sess_cb_hits, SSL_CTX_sess_misses, SSL_CTX_sess_timeouts, SSL_CTX_sess_cache_full \- obtain session cache statistics +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 12 +\& long SSL_CTX_sess_number(SSL_CTX *ctx); +\& long SSL_CTX_sess_connect(SSL_CTX *ctx); +\& long SSL_CTX_sess_connect_good(SSL_CTX *ctx); +\& long SSL_CTX_sess_connect_renegotiate(SSL_CTX *ctx); +\& long SSL_CTX_sess_accept(SSL_CTX *ctx); +\& long SSL_CTX_sess_accept_good(SSL_CTX *ctx); +\& long SSL_CTX_sess_accept_renegotiate(SSL_CTX *ctx); +\& long SSL_CTX_sess_hits(SSL_CTX *ctx); +\& long SSL_CTX_sess_cb_hits(SSL_CTX *ctx); +\& long SSL_CTX_sess_misses(SSL_CTX *ctx); +\& long SSL_CTX_sess_timeouts(SSL_CTX *ctx); +\& long SSL_CTX_sess_cache_full(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_sess_number()\fR returns the current number of sessions in the internal +session cache. +.PP +\&\fISSL_CTX_sess_connect()\fR returns the number of started \s-1SSL/TLS\s0 handshakes in +client mode. +.PP +\&\fISSL_CTX_sess_connect_good()\fR returns the number of successfully established +\&\s-1SSL/TLS\s0 sessions in client mode. +.PP +\&\fISSL_CTX_sess_connect_renegotiate()\fR returns the number of start renegotiations +in client mode. +.PP +\&\fISSL_CTX_sess_accept()\fR returns the number of started \s-1SSL/TLS\s0 handshakes in +server mode. +.PP +\&\fISSL_CTX_sess_accept_good()\fR returns the number of successfully established +\&\s-1SSL/TLS\s0 sessions in server mode. +.PP +\&\fISSL_CTX_sess_accept_renegotiate()\fR returns the number of start renegotiations +in server mode. +.PP +\&\fISSL_CTX_sess_hits()\fR returns the number of successfully reused sessions. +In client mode a session set with SSL_set_session(3) +successfully reused is counted as a hit. In server mode a session successfully +retrieved from internal or external cache is counted as a hit. +.PP +\&\fISSL_CTX_sess_cb_hits()\fR returns the number of successfully retrieved sessions +from the external session cache in server mode. +.PP +\&\fISSL_CTX_sess_misses()\fR returns the number of sessions proposed by clients +that were not found in the internal session cache in server mode. +.PP +\&\fISSL_CTX_sess_timeouts()\fR returns the number of sessions proposed by clients +and either found in the internal or external session cache in server mode, + but that were invalid due to timeout. These sessions are not included in +the \fISSL_CTX_sess_hits()\fR count. +.PP +\&\fISSL_CTX_sess_cache_full()\fR returns the number of sessions that were removed +because the maximum session cache size was exceeded. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The functions return the values indicated in the \s-1DESCRIPTION\s0 section. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_set_session(3), +SSL_CTX_set_session_cache_mode(3) +SSL_CTX_sess_set_cache_size(3) diff --git a/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 b/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 new file mode 100644 index 0000000..f09b241 --- /dev/null +++ b/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 @@ -0,0 +1,186 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:34:36 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_sess_set_cache_size 3" +.TH SSL_CTX_sess_set_cache_size 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_CTX_sess_set_cache_size, SSL_CTX_sess_get_cache_size \- manipulate session cache size +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 2 +\& long SSL_CTX_sess_set_cache_size(SSL_CTX *ctx, long t); +\& long SSL_CTX_sess_get_cache_size(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_sess_set_cache_size()\fR sets the size of the internal session cache +of context \fBctx\fR to \fBt\fR. +.PP +\&\fISSL_CTX_sess_get_cache_size()\fR returns the currently valid session cache size. +.SH "NOTES" +.IX Header "NOTES" +The internal session cache size is \s-1SSL_SESSION_CACHE_MAX_SIZE_DEFAULT\s0, +currently 1024*20, so that up to 20000 sessions can be held. This size +can be modified using the \fISSL_CTX_sess_set_cache_size()\fR call. A special +case is the size 0, which is used for unlimited size. +.PP +When the maximum number of sessions is reached, no more new sessions are +added to the cache. New space may be added by calling +SSL_CTX_flush_sessions(3) to remove +expired sessions. +.PP +If the size of the session cache is reduced and more sessions are already +in the session cache, old session will be removed at the next time a +session shall be added. This removal is not synchronized with the +expiration of sessions. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_sess_set_cache_size()\fR returns the previously valid size. +.PP +\&\fISSL_CTX_sess_get_cache_size()\fR returns the currently valid size. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), +SSL_CTX_set_session_cache_mode(3), +SSL_CTX_sess_number(3), +SSL_CTX_flush_sessions(3) diff --git a/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 b/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 new file mode 100644 index 0000000..a7193f1 --- /dev/null +++ b/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 @@ -0,0 +1,223 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:34:37 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_sess_set_get_cb 3" +.TH SSL_CTX_sess_set_get_cb 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_CTX_sess_set_new_cb, SSL_CTX_sess_set_remove_cb, SSL_CTX_sess_set_get_cb, SSL_CTX_sess_get_new_cb, SSL_CTX_sess_get_remove_cb, SSL_CTX_sess_get_get_cb \- provide callback functions for server side external session caching +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 6 +\& void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, +\& int (*new_session_cb)(SSL *, SSL_SESSION *)); +\& void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, +\& void (*remove_session_cb)(SSL_CTX *ctx, SSL_SESSION *)); +\& void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, +\& SSL_SESSION (*get_session_cb)(SSL *, unsigned char *, int, int *)); +.Ve +.Vb 3 +\& int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess); +\& void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, SSL_SESSION *sess); +\& SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, unsigned char *data, int len, int *copy); +.Ve +.Vb 4 +\& int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess); +\& void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION *sess); +\& SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data, +\& int len, int *copy); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_sess_set_new_cb()\fR sets the callback function, which is automatically +called whenever a new session was negotiated. +.PP +\&\fISSL_CTX_sess_set_remove_cb()\fR sets the callback function, which is +automatically called whenever a session is removed by the \s-1SSL\s0 engine, +because it is considered faulty or the session has become obsolete because +of exceeding the timeout value. +.PP +\&\fISSL_CTX_sess_set_get_cb()\fR sets the callback function which is called, +whenever a \s-1SSL/TLS\s0 client proposed to resume a session but the session +could not be found in the internal session cache (see +SSL_CTX_set_session_cache_mode(3)). +(\s-1SSL/TLS\s0 server only.) +.PP +\&\fISSL_CTX_sess_get_new_cb()\fR, \fISSL_CTX_sess_get_remove_cb()\fR, and +\&\fISSL_CTX_sess_get_get_cb()\fR allow to retrieve the function pointers of the +provided callback functions. If a callback function has not been set, +the \s-1NULL\s0 pointer is returned. +.SH "NOTES" +.IX Header "NOTES" +In order to allow external session caching, synchronization with the internal +session cache is realized via callback functions. Inside these callback +functions, session can be saved to disk or put into a database using the +d2i_SSL_SESSION(3) interface. +.PP +The \fInew_session_cb()\fR is called, whenever a new session has been negotiated +and session caching is enabled (see +SSL_CTX_set_session_cache_mode(3)). +The \fInew_session_cb()\fR is passed the \fBssl\fR connection and the ssl session +\&\fBsess\fR. If the callback returns \fB0\fR, the session will be immediately +removed again. +.PP +The \fIremove_session_cb()\fR is called, whenever the \s-1SSL\s0 engine removes a session +from the internal cache. This happens if the session is removed because +it is expired or when a connection was not shutdown cleanly. The +\&\fIremove_session_cb()\fR is passed the \fBctx\fR and the ssl session \fBsess\fR. +It does not provide any feedback. +.PP +The \fIget_session_cb()\fR is only called on \s-1SSL/TLS\s0 servers with the session id +proposed by the client. The \fIget_session_cb()\fR is always called, also when +session caching was disabled. The \fIget_session_cb()\fR is passed the +\&\fBssl\fR connection, the session id of length \fBlength\fR at the memory location +\&\fBdata\fR. With the parameter \fBcopy\fR the callback can require the +\&\s-1SSL\s0 engine to increment the reference count of the \s-1SSL_SESSION\s0 object, +Normally the reference count is not incremented and therefore the +session must not be explicitly freed with +SSL_SESSION_free(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), d2i_SSL_SESSION(3), +SSL_CTX_set_session_cache_mode(3), +SSL_CTX_flush_sessions(3), +SSL_SESSION_free(3) diff --git a/secure/lib/libssl/man/SSL_CTX_sessions.3 b/secure/lib/libssl/man/SSL_CTX_sessions.3 new file mode 100644 index 0000000..f60fcaf --- /dev/null +++ b/secure/lib/libssl/man/SSL_CTX_sessions.3 @@ -0,0 +1,170 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:34:38 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_sessions 3" +.TH SSL_CTX_sessions 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_CTX_sessions \- access internal session cache +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_sessions()\fR returns a pointer to the lhash databases containing the +internal session cache for \fBctx\fR. +.SH "NOTES" +.IX Header "NOTES" +The sessions in the internal session cache are kept in an +lhash(3) type database. It is possible to directly +access this database e.g. for searching. In parallel, the sessions +form a linked list which is maintained separately from the +lhash(3) operations, so that the database must not be +modified directly but by using the +SSL_CTX_add_session(3) family of functions. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), lhash(3), +SSL_CTX_add_session(3), +SSL_CTX_set_session_cache_mode(3) diff --git a/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 b/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 new file mode 100644 index 0000000..ea9c213 --- /dev/null +++ b/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 @@ -0,0 +1,192 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:34:39 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_set_cert_store 3" +.TH SSL_CTX_set_cert_store 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_CTX_set_cert_store, SSL_CTX_get_cert_store \- manipulate X509 certificate verification storage +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 2 +\& void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store); +\& X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_cert_store()\fR sets/replaces the certificate verification storage +of \fBctx\fR to/with \fBstore\fR. If another X509_STORE object is currently +set in \fBctx\fR, it will be \fIX509_STORE_free()\fRed. +.PP +\&\fISSL_CTX_get_cert_store()\fR returns a pointer to the current certificate +verification storage. +.SH "NOTES" +.IX Header "NOTES" +In order to verify the certificates presented by the peer, trusted \s-1CA\s0 +certificates must be accessed. These \s-1CA\s0 certificates are made available +via lookup methods, handled inside the X509_STORE. From the X509_STORE +the X509_STORE_CTX used when verifying certificates is created. +.PP +Typically the trusted certificate store is handled indirectly via using +SSL_CTX_load_verify_locations(3). +Using the \fISSL_CTX_set_cert_store()\fR and \fISSL_CTX_get_cert_store()\fR functions +it is possible to manipulate the X509_STORE object beyond the +SSL_CTX_load_verify_locations(3) +call. +.PP +Currently no detailed documentation on how to use the X509_STORE +object is available. Not all members of the X509_STORE are used when +the verification takes place. So will e.g. the \fIverify_callback()\fR be +overridden with the \fIverify_callback()\fR set via the +SSL_CTX_set_verify(3) family of functions. +This document must therefore be updated when documentation about the +X509_STORE object and its handling becomes available. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_cert_store()\fR does not return diagnostic output. +.PP +\&\fISSL_CTX_get_cert_store()\fR returns the current setting. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), +SSL_CTX_load_verify_locations(3), +SSL_CTX_set_verify(3) diff --git a/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 new file mode 100644 index 0000000..fbba61d --- /dev/null +++ b/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 @@ -0,0 +1,208 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:34:40 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_set_cert_verify_callback 3" +.TH SSL_CTX_set_cert_verify_callback 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_CTX_set_cert_verify_callback \- set peer certificate verification procedure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*callback)(X509_STORE_CTX *,void *), void *arg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_cert_verify_callback()\fR sets the verification callback function for +\&\fIctx\fR. \s-1SSL\s0 objects that are created from \fIctx\fR inherit the setting valid at +the time when SSL_new(3) is called. +.SH "NOTES" +.IX Header "NOTES" +Whenever a certificate is verified during a \s-1SSL/TLS\s0 handshake, a verification +function is called. If the application does not explicitly specify a +verification callback function, the built-in verification function is used. +If a verification callback \fIcallback\fR is specified via +\&\fISSL_CTX_set_cert_verify_callback()\fR, the supplied callback function is called +instead. By setting \fIcallback\fR to \s-1NULL\s0, the default behaviour is restored. +.PP +When the verification must be performed, \fIcallback\fR will be called with +the arguments callback(X509_STORE_CTX *x509_store_ctx, void *arg). The +argument \fIarg\fR is specified by the application when setting \fIcallback\fR. +.PP +\&\fIcallback\fR should return 1 to indicate verification success and 0 to +indicate verification failure. If \s-1SSL_VERIFY_PEER\s0 is set and \fIcallback\fR +returns 0, the handshake will fail. As the verification procedure may +allow to continue the connection in case of failure (by always returning 1) +the verification result must be set in any case using the \fBerror\fR +member of \fIx509_store_ctx\fR so that the calling application will be informed +about the detailed result of the verification procedure! +.PP +Within \fIx509_store_ctx\fR, \fIcallback\fR has access to the \fIverify_callback\fR +function set using SSL_CTX_set_verify(3). +.SH "WARNINGS" +.IX Header "WARNINGS" +Do not mix the verification callback described in this function with the +\&\fBverify_callback\fR function called during the verification process. The +latter is set using the SSL_CTX_set_verify(3) +family of functions. +.PP +Providing a complete verification procedure including certificate purpose +settings etc is a complex task. The built-in procedure is quite powerful +and in most cases it should be sufficient to modify its behaviour using +the \fBverify_callback\fR function. +.SH "BUGS" +.IX Header "BUGS" +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_cert_verify_callback()\fR does not provide diagnostic information. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_CTX_set_verify(3), +SSL_get_verify_result(3), +SSL_CTX_load_verify_locations(3) +.SH "HISTORY" +.IX Header "HISTORY" +Previous to OpenSSL 0.9.7, the \fIarg\fR argument to \fBSSL_CTX_set_cert_verify_callback\fR +was ignored, and \fIcallback\fR was called simply as + int (*callback)(X509_STORE_CTX *) +To compile software written for previous versions of OpenSSL, a dummy +argument will have to be added to \fIcallback\fR. diff --git a/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 b/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 new file mode 100644 index 0000000..0fe89b0 --- /dev/null +++ b/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 @@ -0,0 +1,205 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:34:41 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_set_cipher_list 3" +.TH SSL_CTX_set_cipher_list 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_CTX_set_cipher_list, SSL_set_cipher_list \- choose list of available SSL_CIPHERs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 2 +\& int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str); +\& int SSL_set_cipher_list(SSL *ssl, const char *str); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_cipher_list()\fR sets the list of available ciphers for \fBctx\fR +using the control string \fBstr\fR. The format of the string is described +in ciphers(1). The list of ciphers is inherited by all +\&\fBssl\fR objects created from \fBctx\fR. +.PP +\&\fISSL_set_cipher_list()\fR sets the list of ciphers only for \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +The control string \fBstr\fR should be universally usable and not depend +on details of the library configuration (ciphers compiled in). Thus no +syntax checking takes place. Items that are not recognized, because the +corresponding ciphers are not compiled in or because they are mistyped, +are simply ignored. Failure is only flagged if no ciphers could be collected +at all. +.PP +It should be noted, that inclusion of a cipher to be used into the list is +a necessary condition. On the client side, the inclusion into the list is +also sufficient. On the server side, additional restrictions apply. All ciphers +have additional requirements. \s-1ADH\s0 ciphers don't need a certificate, but +DH-parameters must have been set. All other ciphers need a corresponding +certificate and key. +.PP +A \s-1RSA\s0 cipher can only be chosen, when a \s-1RSA\s0 certificate is available. +\&\s-1RSA\s0 export ciphers with a keylength of 512 bits for the \s-1RSA\s0 key require +a temporary 512 bit \s-1RSA\s0 key, as typically the supplied key has a length +of 1024 bit (see +SSL_CTX_set_tmp_rsa_callback(3)). +\&\s-1RSA\s0 ciphers using \s-1EDH\s0 need a certificate and key and additional DH-parameters +(see SSL_CTX_set_tmp_dh_callback(3)). +.PP +A \s-1DSA\s0 cipher can only be chosen, when a \s-1DSA\s0 certificate is available. +\&\s-1DSA\s0 ciphers always use \s-1DH\s0 key exchange and therefore need DH-parameters +(see SSL_CTX_set_tmp_dh_callback(3)). +.PP +When these conditions are not met for any cipher in the list (e.g. a +client only supports export \s-1RSA\s0 ciphers with a asymmetric key length +of 512 bits and the server is not configured to use temporary \s-1RSA\s0 +keys), the \*(L"no shared cipher\*(R" (\s-1SSL_R_NO_SHARED_CIPHER\s0) error is generated +and the handshake will fail. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_cipher_list()\fR and \fISSL_set_cipher_list()\fR return 1 if any cipher +could be selected and 0 on complete failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_get_ciphers(3), +SSL_CTX_use_certificate(3), +SSL_CTX_set_tmp_rsa_callback(3), +SSL_CTX_set_tmp_dh_callback(3), +ciphers(1) diff --git a/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 b/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 new file mode 100644 index 0000000..d46da03 --- /dev/null +++ b/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 @@ -0,0 +1,223 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:34:42 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_set_client_CA_list 3" +.TH SSL_CTX_set_client_CA_list 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_CTX_set_client_CA_list, SSL_set_client_CA_list, SSL_CTX_add_client_CA, +SSL_add_client_CA \- set list of CAs sent to the client when requesting a +client certificate +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 4 +\& void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list); +\& void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list); +\& int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *cacert); +\& int SSL_add_client_CA(SSL *ssl, X509 *cacert); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_client_CA_list()\fR sets the \fBlist\fR of CAs sent to the client when +requesting a client certificate for \fBctx\fR. +.PP +\&\fISSL_set_client_CA_list()\fR sets the \fBlist\fR of CAs sent to the client when +requesting a client certificate for the chosen \fBssl\fR, overriding the +setting valid for \fBssl\fR's \s-1SSL_CTX\s0 object. +.PP +\&\fISSL_CTX_add_client_CA()\fR adds the \s-1CA\s0 name extracted from \fBcacert\fR to the +list of CAs sent to the client when requesting a client certificate for +\&\fBctx\fR. +.PP +\&\fISSL_add_client_CA()\fR adds the \s-1CA\s0 name extracted from \fBcacert\fR to the +list of CAs sent to the client when requesting a client certificate for +the chosen \fBssl\fR, overriding the setting valid for \fBssl\fR's \s-1SSL_CTX\s0 object. +.SH "NOTES" +.IX Header "NOTES" +When a \s-1TLS/SSL\s0 server requests a client certificate (see +\&\fB\f(BISSL_CTX_set_verify_options()\fB\fR), it sends a list of CAs, for which +it will accept certificates, to the client. +.PP +This list must explicitly be set using \fISSL_CTX_set_client_CA_list()\fR for +\&\fBctx\fR and \fISSL_set_client_CA_list()\fR for the specific \fBssl\fR. The list +specified overrides the previous setting. The CAs listed do not become +trusted (\fBlist\fR only contains the names, not the complete certificates); use +SSL_CTX_load_verify_locations(3) +to additionally load them for verification. +.PP +If the list of acceptable CAs is compiled in a file, the +SSL_load_client_CA_file(3) +function can be used to help importing the necessary data. +.PP +\&\fISSL_CTX_add_client_CA()\fR and \fISSL_add_client_CA()\fR can be used to add additional +items the list of client CAs. If no list was specified before using +\&\fISSL_CTX_set_client_CA_list()\fR or \fISSL_set_client_CA_list()\fR, a new client +\&\s-1CA\s0 list for \fBctx\fR or \fBssl\fR (as appropriate) is opened. +.PP +These functions are only useful for \s-1TLS/SSL\s0 servers. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_client_CA_list()\fR and \fISSL_set_client_CA_list()\fR do not return +diagnostic information. +.PP +\&\fISSL_CTX_add_client_CA()\fR and \fISSL_add_client_CA()\fR have the following return +values: +.Ip "1" 4 +.IX Item "1" +The operation succeeded. +.Ip "0" 4 +A failure while manipulating the STACK_OF(X509_NAME) object occurred or +the X509_NAME could not be extracted from \fBcacert\fR. Check the error stack +to find out the reason. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Scan all certificates in \fBCAfile\fR and list them as acceptable CAs: +.PP +.Vb 1 +\& SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile)); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), +SSL_get_client_CA_list(3), +SSL_load_client_CA_file(3), +SSL_CTX_load_verify_locations(3) diff --git a/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 new file mode 100644 index 0000000..73a04c1 --- /dev/null +++ b/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 @@ -0,0 +1,229 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:34:43 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_set_client_cert_cb 3" +.TH SSL_CTX_set_client_cert_cb 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb \- handle client certificate callback function +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 3 +\& void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)); +\& int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey); +\& int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_client_cert_cb()\fR sets the \fB\f(BIclient_cert_cb()\fB\fR callback, that is +called when a client certificate is requested by a server and no certificate +was yet set for the \s-1SSL\s0 object. +.PP +When \fB\f(BIclient_cert_cb()\fB\fR is \s-1NULL\s0, no callback function is used. +.PP +\&\fISSL_CTX_get_client_cert_cb()\fR returns a pointer to the currently set callback +function. +.PP +\&\fIclient_cert_cb()\fR is the application defined callback. If it wants to +set a certificate, a certificate/private key combination must be set +using the \fBx509\fR and \fBpkey\fR arguments and \*(L"1\*(R" must be returned. The +certificate will be installed into \fBssl\fR, see the \s-1NOTES\s0 and \s-1BUGS\s0 sections. +If no certificate should be set, \*(L"0\*(R" has to be returned and no certificate +will be sent. A negative return value will suspend the handshake and the +handshake function will return immediatly. SSL_get_error(3) +will return \s-1SSL_ERROR_WANT_X509_LOOKUP\s0 to indicate, that the handshake was +suspended. The next call to the handshake function will again lead to the call +of \fIclient_cert_cb()\fR. It is the job of the \fIclient_cert_cb()\fR to store information +about the state of the last call, if required to continue. +.SH "NOTES" +.IX Header "NOTES" +During a handshake (or renegotiation) a server may request a certificate +from the client. A client certificate must only be sent, when the server +did send the request. +.PP +When a certificate was set using the +SSL_CTX_use_certificate(3) family of functions, +it will be sent to the server. The \s-1TLS\s0 standard requires that only a +certificate is sent, if it matches the list of acceptable CAs sent by the +server. This constraint is violated by the default behavior of the OpenSSL +library. Using the callback function it is possible to implement a proper +selection routine or to allow a user interaction to choose the certificate to +be sent. +.PP +If a callback function is defined and no certificate was yet defined for the +\&\s-1SSL\s0 object, the callback function will be called. +If the callback function returns a certificate, the OpenSSL library +will try to load the private key and certificate data into the \s-1SSL\s0 +object using the \fISSL_use_certificate()\fR and \fISSL_use_private_key()\fR functions. +Thus it will permanently install the certificate and key for this \s-1SSL\s0 +object. It will not be reset by calling SSL_clear(3). +If the callback returns no certificate, the OpenSSL library will not send +a certificate. +.SH "BUGS" +.IX Header "BUGS" +The \fIclient_cert_cb()\fR cannot return a complete certificate chain, it can +only return one client certificate. If the chain only has a length of 2, +the root \s-1CA\s0 certificate may be omitted according to the \s-1TLS\s0 standard and +thus a standard conforming answer can be sent to the server. For a +longer chain, the client must send the complete chain (with the option +to leave out the root \s-1CA\s0 certificate). This can only be accomplished by +either adding the intermediate \s-1CA\s0 certificates into the trusted +certificate store for the \s-1SSL_CTX\s0 object (resulting in having to add +\&\s-1CA\s0 certificates that otherwise maybe would not be trusted), or by adding +the chain certificates using the +SSL_CTX_add_extra_chain_cert(3) +function, which is only available for the \s-1SSL_CTX\s0 object as a whole and that +therefore probably can only apply for one client certificate, making +the concept of the callback function (to allow the choice from several +certificates) questionable. +.PP +Once the \s-1SSL\s0 object has been used in conjunction with the callback function, +the certificate will be set for the \s-1SSL\s0 object and will not be cleared +even when SSL_clear(3) is being called. It is therefore +mandatory to destroy the \s-1SSL\s0 object using SSL_free(3) +and create a new one to return to the previous state. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_CTX_use_certificate(3), +SSL_CTX_add_extra_chain_cert(3), +SSL_get_client_CA_list(3), +SSL_clear(3), SSL_free(3) diff --git a/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 new file mode 100644 index 0000000..c165532 --- /dev/null +++ b/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 @@ -0,0 +1,213 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:34:44 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_set_default_passwd_cb 3" +.TH SSL_CTX_set_default_passwd_cb 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata \- set passwd callback for encrypted \s-1PEM\s0 file handling +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 2 +\& void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); +\& void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); +.Ve +.Vb 1 +\& int pem_passwd_cb(char *buf, int size, int rwflag, void *userdata); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_default_passwd_cb()\fR sets the default password callback called +when loading/storing a \s-1PEM\s0 certificate with encryption. +.PP +\&\fISSL_CTX_set_default_passwd_cb_userdata()\fR sets a pointer to \fBuserdata\fR which +will be provided to the password callback on invocation. +.PP +The \fIpem_passwd_cb()\fR, which must be provided by the application, hands back the +password to be used during decryption. On invocation a pointer to \fBuserdata\fR +is provided. The pem_passwd_cb must write the password into the provided buffer +\&\fBbuf\fR which is of size \fBsize\fR. The actual length of the password must +be returned to the calling function. \fBrwflag\fR indicates whether the +callback is used for reading/decryption (rwflag=0) or writing/encryption +(rwflag=1). +.SH "NOTES" +.IX Header "NOTES" +When loading or storing private keys, a password might be supplied to +protect the private key. The way this password can be supplied may depend +on the application. If only one private key is handled, it can be practical +to have \fIpem_passwd_cb()\fR handle the password dialog interactively. If several +keys have to be handled, it can be practical to ask for the password once, +then keep it in memory and use it several times. In the last case, the +password could be stored into the \fBuserdata\fR storage and the +\&\fIpem_passwd_cb()\fR only returns the password already stored. +.PP +When asking for the password interactively, \fIpem_passwd_cb()\fR can use +\&\fBrwflag\fR to check, whether an item shall be encrypted (rwflag=1). +In this case the password dialog may ask for the same password twice +for comparison in order to catch typos, that would make decryption +impossible. +.PP +Other items in \s-1PEM\s0 formatting (certificates) can also be encrypted, it is +however not usual, as certificate information is considered public. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_default_passwd_cb()\fR and \fISSL_CTX_set_default_passwd_cb_userdata()\fR +do not provide diagnostic information. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The following example returns the password provided as \fBuserdata\fR to the +calling function. The password is considered to be a '\e0' terminated +string. If the password does not fit into the buffer, the password is +truncated. +.PP +.Vb 6 +\& int pem_passwd_cb(char *buf, int size, int rwflag, void *password) +\& { +\& strncpy(buf, (char *)(password), size); +\& buf[size - 1] = '\e0'; +\& return(strlen(buf)); +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), +SSL_CTX_use_certificate(3) diff --git a/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 b/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 new file mode 100644 index 0000000..2eb467d --- /dev/null +++ b/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 @@ -0,0 +1,288 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:34:45 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_set_generate_session_id 3" +.TH SSL_CTX_set_generate_session_id 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_CTX_set_generate_session_id, SSL_set_generate_session_id, SSL_has_matching_session_id \- manipulate generation of \s-1SSL\s0 session IDs (server only) +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 2 +\& typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id, +\& unsigned int *id_len); +.Ve +.Vb 4 +\& int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb); +\& int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB, cb); +\& int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, +\& unsigned int id_len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_generate_session_id()\fR sets the callback function for generating +new session ids for \s-1SSL/TLS\s0 sessions for \fBctx\fR to be \fBcb\fR. +.PP +\&\fISSL_set_generate_session_id()\fR sets the callback function for generating +new session ids for \s-1SSL/TLS\s0 sessions for \fBssl\fR to be \fBcb\fR. +.PP +\&\fISSL_has_matching_session_id()\fR checks, whether a session with id \fBid\fR +(of length \fBid_len\fR) is already contained in the internal session cache +of the parent context of \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +When a new session is established between client and server, the server +generates a session id. The session id is an arbitrary sequence of bytes. +The length of the session id is 16 bytes for SSLv2 sessions and between +1 and 32 bytes for SSLv3/TLSv1. The session id is not security critical +but must be unique for the server. Additionally, the session id is +transmitted in the clear when reusing the session so it must not contain +sensitive information. +.PP +Without a callback being set, an OpenSSL server will generate a unique +session id from pseudo random numbers of the maximum possible length. +Using the callback function, the session id can be changed to contain +additional information like e.g. a host id in order to improve load balancing +or external caching techniques. +.PP +The callback function receives a pointer to the memory location to put +\&\fBid\fR into and a pointer to the maximum allowed length \fBid_len\fR. The +buffer at location \fBid\fR is only guaranteed to have the size \fBid_len\fR. +The callback is only allowed to generate a shorter id and reduce \fBid_len\fR; +the callback \fBmust never\fR increase \fBid_len\fR or write to the location +\&\fBid\fR exceeding the given limit. +.PP +If a SSLv2 session id is generated and \fBid_len\fR is reduced, it will be +restored after the callback has finished and the session id will be padded +with 0x00. It is not recommended to change the \fBid_len\fR for SSLv2 sessions. +The callback can use the SSL_get_version(3) function +to check, whether the session is of type SSLv2. +.PP +The location \fBid\fR is filled with 0x00 before the callback is called, so the +callback may only fill part of the possible length and leave \fBid_len\fR +untouched while maintaining reproducibility. +.PP +Since the sessions must be distinguished, session ids must be unique. +Without the callback a random number is used, so that the probability +of generating the same session id is extremely small (2^128 possible ids +for an SSLv2 session, 2^256 for SSLv3/TLSv1). In order to assure the +uniqueness of the generated session id, the callback must call +\&\fISSL_has_matching_session_id()\fR and generate another id if a conflict occurs. +If an id conflict is not resolved, the handshake will fail. +If the application codes e.g. a unique host id, a unique process number, and +a unique sequence number into the session id, uniqueness could easily be +achieved without randomness added (it should however be taken care that +no confidential information is leaked this way). If the application can not +guarantee uniqueness, it is recommended to use the maximum \fBid_len\fR and +fill in the bytes not used to code special information with random data +to avoid collisions. +.PP +\&\fISSL_has_matching_session_id()\fR will only query the internal session cache, +not the external one. Since the session id is generated before the +handshake is completed, it is not immediately added to the cache. If +another thread is using the same internal session cache, a race condition +can occur in that another thread generates the same session id. +Collisions can also occur when using an external session cache, since +the external cache is not tested with \fISSL_has_matching_session_id()\fR +and the same race condition applies. +.PP +When calling \fISSL_has_matching_session_id()\fR for an SSLv2 session with +reduced \fBid_len\fR, the match operation will be performed using the +fixed length required and with a 0x00 padded id. +.PP +The callback must return 0 if it cannot generate a session id for whatever +reason and return 1 on success. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The callback function listed will generate a session id with the +server id given, and will fill the rest with pseudo random bytes: +.PP +.Vb 1 +\& const char session_id_prefix = "www-18"; +.Ve +.Vb 6 +\& #define MAX_SESSION_ID_ATTEMPTS 10 +\& static int generate_session_id(const SSL *ssl, unsigned char *id, +\& unsigned int *id_len) +\& { +\& unsigned int count = 0; +\& const char *version; +.Ve +.Vb 3 +\& version = SSL_get_version(ssl); +\& if (!strcmp(version, "SSLv2")) +\& /* we must not change id_len */; +.Ve +.Vb 17 +\& do { +\& RAND_pseudo_bytes(id, *id_len); +\& /* Prefix the session_id with the required prefix. NB: If our +\& * prefix is too long, clip it - but there will be worse effects +\& * anyway, eg. the server could only possibly create 1 session +\& * ID (ie. the prefix!) so all future session negotiations will +\& * fail due to conflicts. */ +\& memcpy(id, session_id_prefix, +\& (strlen(session_id_prefix) < *id_len) ? +\& strlen(session_id_prefix) : *id_len); +\& } +\& while(SSL_has_matching_session_id(ssl, id, *id_len) && +\& (++count < MAX_SESSION_ID_ATTEMPTS)); +\& if(count >= MAX_SESSION_ID_ATTEMPTS) +\& return 0; +\& return 1; +\& } +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_generate_session_id()\fR and \fISSL_set_generate_session_id()\fR +always return 1. +.PP +\&\fISSL_has_matching_session_id()\fR returns 1 if another session with the +same id is already in the cache. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_get_version(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fISSL_CTX_set_generate_session_id()\fR, \fISSL_set_generate_session_id()\fR +and \fISSL_has_matching_session_id()\fR have been introduced in +OpenSSL 0.9.7. diff --git a/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 new file mode 100644 index 0000000..52c455f --- /dev/null +++ b/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 @@ -0,0 +1,284 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:34:46 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_set_info_callback 3" +.TH SSL_CTX_set_info_callback 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_CTX_set_info_callback, SSL_CTX_get_info_callback, SSL_set_info_callback, SSL_get_info_callback \- handle information callback for \s-1SSL\s0 connections +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 2 +\& void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*callback)()); +\& void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(); +.Ve +.Vb 2 +\& void SSL_set_info_callback(SSL *ssl, void (*callback)()); +\& void (*SSL_get_info_callback(SSL *ssl))(); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_info_callback()\fR sets the \fBcallback\fR function, that can be used to +obtain state information for \s-1SSL\s0 objects created from \fBctx\fR during connection +setup and use. The setting for \fBctx\fR is overridden from the setting for +a specific \s-1SSL\s0 object, if specified. +When \fBcallback\fR is \s-1NULL\s0, not callback function is used. +.PP +\&\fISSL_set_info_callback()\fR sets the \fBcallback\fR function, that can be used to +obtain state information for \fBssl\fR during connection setup and use. +When \fBcallback\fR is \s-1NULL\s0, the callback setting currently valid for +\&\fBctx\fR is used. +.PP +\&\fISSL_CTX_get_info_callback()\fR returns a pointer to the currently set information +callback function for \fBctx\fR. +.PP +\&\fISSL_get_info_callback()\fR returns a pointer to the currently set information +callback function for \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +When setting up a connection and during use, it is possible to obtain state +information from the \s-1SSL/TLS\s0 engine. When set, an information callback function +is called whenever the state changes, an alert appears, or an error occurs. +.PP +The callback function is called as \fBcallback(\s-1SSL\s0 *ssl, int where, int ret)\fR. +The \fBwhere\fR argument specifies information about where (in which context) +the callback function was called. If \fBret\fR is 0, an error condition occurred. +If an alert is handled, \s-1SSL_CB_ALERT\s0 is set and \fBret\fR specifies the alert +information. +.PP +\&\fBwhere\fR is a bitmask made up of the following bits: +.Ip "\s-1SSL_CB_LOOP\s0" 4 +.IX Item "SSL_CB_LOOP" +Callback has been called to indicate state change inside a loop. +.Ip "\s-1SSL_CB_EXIT\s0" 4 +.IX Item "SSL_CB_EXIT" +Callback has been called to indicate error exit of a handshake function. +(May be soft error with retry option for non-blocking setups.) +.Ip "\s-1SSL_CB_READ\s0" 4 +.IX Item "SSL_CB_READ" +Callback has been called during read operation. +.Ip "\s-1SSL_CB_WRITE\s0" 4 +.IX Item "SSL_CB_WRITE" +Callback has been called during write operation. +.Ip "\s-1SSL_CB_ALERT\s0" 4 +.IX Item "SSL_CB_ALERT" +Callback has been called due to an alert being sent or received. +.Ip "\s-1SSL_CB_READ_ALERT\s0 (SSL_CB_ALERT|SSL_CB_READ)" 4 +.IX Item "SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ)" +.PD 0 +.Ip "\s-1SSL_CB_WRITE_ALERT\s0 (SSL_CB_ALERT|SSL_CB_WRITE)" 4 +.IX Item "SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE)" +.Ip "\s-1SSL_CB_ACCEPT_LOOP\s0 (SSL_ST_ACCEPT|SSL_CB_LOOP)" 4 +.IX Item "SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP)" +.Ip "\s-1SSL_CB_ACCEPT_EXIT\s0 (SSL_ST_ACCEPT|SSL_CB_EXIT)" 4 +.IX Item "SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT)" +.Ip "\s-1SSL_CB_CONNECT_LOOP\s0 (SSL_ST_CONNECT|SSL_CB_LOOP)" 4 +.IX Item "SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP)" +.Ip "\s-1SSL_CB_CONNECT_EXIT\s0 (SSL_ST_CONNECT|SSL_CB_EXIT)" 4 +.IX Item "SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT)" +.Ip "\s-1SSL_CB_HANDSHAKE_START\s0" 4 +.IX Item "SSL_CB_HANDSHAKE_START" +.PD +Callback has been called because a new handshake is started. +.Ip "\s-1SSL_CB_HANDSHAKE_DONE\s0 0x20" 4 +.IX Item "SSL_CB_HANDSHAKE_DONE 0x20" +Callback has been called because a handshake is finished. +.PP +The current state information can be obtained using the +SSL_state_string(3) family of functions. +.PP +The \fBret\fR information can be evaluated using the +SSL_alert_type_string(3) family of functions. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_set_info_callback()\fR does not provide diagnostic information. +.PP +\&\fISSL_get_info_callback()\fR returns the current setting. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The following example callback function prints state strings, information +about alerts being handled and error messages to the \fBbio_err\fR \s-1BIO\s0. +.PP +.Vb 4 +\& void apps_ssl_info_callback(SSL *s, int where, int ret) +\& { +\& const char *str; +\& int w; +.Ve +.Vb 1 +\& w=where& ~SSL_ST_MASK; +.Ve +.Vb 3 +\& if (w & SSL_ST_CONNECT) str="SSL_connect"; +\& else if (w & SSL_ST_ACCEPT) str="SSL_accept"; +\& else str="undefined"; +.Ve +.Vb 24 +\& if (where & SSL_CB_LOOP) +\& { +\& BIO_printf(bio_err,"%s:%s\en",str,SSL_state_string_long(s)); +\& } +\& else if (where & SSL_CB_ALERT) +\& { +\& str=(where & SSL_CB_READ)?"read":"write"; +\& BIO_printf(bio_err,"SSL3 alert %s:%s:%s\en", +\& str, +\& SSL_alert_type_string_long(ret), +\& SSL_alert_desc_string_long(ret)); +\& } +\& else if (where & SSL_CB_EXIT) +\& { +\& if (ret == 0) +\& BIO_printf(bio_err,"%s:failed in %s\en", +\& str,SSL_state_string_long(s)); +\& else if (ret < 0) +\& { +\& BIO_printf(bio_err,"%s:error in %s\en", +\& str,SSL_state_string_long(s)); +\& } +\& } +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_state_string(3), +SSL_alert_type_string(3) diff --git a/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 b/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 new file mode 100644 index 0000000..6d65001 --- /dev/null +++ b/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 @@ -0,0 +1,212 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:34:47 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_set_max_cert_list 3" +.TH SSL_CTX_set_max_cert_list 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_CTX_set_max_cert_list, SSL_CTX_get_max_cert_list, SSL_set_max_cert_list, SSL_get_max_cert_list, \- manipulate allowed for the peer's certificate chain +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 2 +\& long SSL_CTX_set_max_cert_list(SSL_CTX *ctx, long size); +\& long SSL_CTX_get_max_cert_list(SSL_CTX *ctx); +.Ve +.Vb 2 +\& long SSL_set_max_cert_list(SSL *ssl, long size); +\& long SSL_get_max_cert_list(SSL *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_max_cert_list()\fR sets the maximum size allowed for the peer's +certificate chain for all \s-1SSL\s0 objects created from \fBctx\fR to be <size> bytes. +The \s-1SSL\s0 objects inherit the setting valid for \fBctx\fR at the time +SSL_new(3) is being called. +.PP +\&\fISSL_CTX_get_max_cert_list()\fR returns the currently set maximum size for \fBctx\fR. +.PP +\&\fISSL_set_max_cert_list()\fR sets the maximum size allowed for the peer's +certificate chain for \fBssl\fR to be <size> bytes. This setting stays valid +until a new value is set. +.PP +\&\fISSL_get_max_cert_list()\fR returns the currently set maximum size for \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +During the handshake process, the peer may send a certificate chain. +The \s-1TLS/SSL\s0 standard does not give any maximum size of the certificate chain. +The OpenSSL library handles incoming data by a dynamically allocated buffer. +In order to prevent this buffer from growing without bounds due to data +received from a faulty or malicious peer, a maximum size for the certificate +chain is set. +.PP +The default value for the maximum certificate chain size is 100kB (30kB +on the 16bit \s-1DOS\s0 platform). This should be sufficient for usual certificate +chains (OpenSSL's default maximum chain length is 10, see +SSL_CTX_set_verify(3), and certificates +without special extensions have a typical size of 1\-2kB). +.PP +For special applications it can be necessary to extend the maximum certificate +chain size allowed to be sent by the peer, see e.g. the work on +\&\*(L"Internet X.509 Public Key Infrastructure Proxy Certificate Profile\*(R" +and \*(L"\s-1TLS\s0 Delegation Protocol\*(R" at http://www.ietf.org/ and +http://www.globus.org/ . +.PP +Under normal conditions it should never be necessary to set a value smaller +than the default, as the buffer is handled dynamically and only uses the +memory actually required by the data sent by the peer. +.PP +If the maximum certificate chain size allowed is exceeded, the handshake will +fail with a \s-1SSL_R_EXCESSIVE_MESSAGE_SIZE\s0 error. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_max_cert_list()\fR and \fISSL_set_max_cert_list()\fR return the previously +set value. +.PP +\&\fISSL_CTX_get_max_cert_list()\fR and \fISSL_get_max_cert_list()\fR return the currently +set value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_new(3), +SSL_CTX_set_verify(3) +.SH "HISTORY" +.IX Header "HISTORY" +SSL*_set/\fIget_max_cert_list()\fR have been introduced in OpenSSL 0.9.7. diff --git a/secure/lib/libssl/man/SSL_CTX_set_mode.3 b/secure/lib/libssl/man/SSL_CTX_set_mode.3 new file mode 100644 index 0000000..bf13cde --- /dev/null +++ b/secure/lib/libssl/man/SSL_CTX_set_mode.3 @@ -0,0 +1,209 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:34:48 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_set_mode 3" +.TH SSL_CTX_set_mode 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_CTX_set_mode, SSL_set_mode, SSL_CTX_get_mode, SSL_get_mode \- manipulate \s-1SSL\s0 engine mode +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 2 +\& long SSL_CTX_set_mode(SSL_CTX *ctx, long mode); +\& long SSL_set_mode(SSL *ssl, long mode); +.Ve +.Vb 2 +\& long SSL_CTX_get_mode(SSL_CTX *ctx); +\& long SSL_get_mode(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_mode()\fR adds the mode set via bitmask in \fBmode\fR to \fBctx\fR. +Options already set before are not cleared. +.PP +\&\fISSL_set_mode()\fR adds the mode set via bitmask in \fBmode\fR to \fBssl\fR. +Options already set before are not cleared. +.PP +\&\fISSL_CTX_get_mode()\fR returns the mode set for \fBctx\fR. +.PP +\&\fISSL_get_mode()\fR returns the mode set for \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +The following mode changes are available: +.Ip "\s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0" 4 +.IX Item "SSL_MODE_ENABLE_PARTIAL_WRITE" +Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success +when just a single record has been written). When not set (the default), +\&\fISSL_write()\fR will only report success once the complete chunk was written. +Once \fISSL_write()\fR returns with r, r bytes have been successfully written +and the next call to \fISSL_write()\fR must only send the n-r bytes left, +imitating the behaviour of \fIwrite()\fR. +.Ip "\s-1SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER\s0" 4 +.IX Item "SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER" +Make it possible to retry \fISSL_write()\fR with changed buffer location +(the buffer contents must stay the same). This is not the default to avoid +the misconception that non-blocking \fISSL_write()\fR behaves like +non-blocking \fIwrite()\fR. +.Ip "\s-1SSL_MODE_AUTO_RETRY\s0" 4 +.IX Item "SSL_MODE_AUTO_RETRY" +Never bother the application with retries if the transport is blocking. +If a renegotiation take place during normal operation, a +SSL_read(3) or SSL_write(3) would return +with \-1 and indicate the need to retry with \s-1SSL_ERROR_WANT_READ\s0. +In a non-blocking environment applications must be prepared to handle +incomplete read/write operations. +In a blocking environment, applications are not always prepared to +deal with read/write operations returning without success report. The +flag \s-1SSL_MODE_AUTO_RETRY\s0 will cause read/write operations to only +return after the handshake and successful completion. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_mode()\fR and \fISSL_set_mode()\fR return the new mode bitmask +after adding \fBmode\fR. +.PP +\&\fISSL_CTX_get_mode()\fR and \fISSL_get_mode()\fR return the current bitmask. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_read(3), SSL_write(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1SSL_MODE_AUTO_RETRY\s0 as been added in OpenSSL 0.9.6. diff --git a/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 new file mode 100644 index 0000000..666c346 --- /dev/null +++ b/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 @@ -0,0 +1,225 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:34:49 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_set_msg_callback 3" +.TH SSL_CTX_set_msg_callback 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_CTX_set_msg_callback, SSL_CTX_set_msg_callback_arg, SSL_set_msg_callback, SSL_get_msg_callback_arg \- install callback for observing protocol messages +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 2 +\& void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); +\& void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg); +.Ve +.Vb 2 +\& void SSL_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); +\& void SSL_set_msg_callback_arg(SSL_CTX *ctx, void *arg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_msg_callback()\fR or \fISSL_set_msg_callback()\fR can be used to +define a message callback function \fIcb\fR for observing all \s-1SSL/TLS\s0 +protocol messages (such as handshake messages) that are received or +sent. \fISSL_CTX_set_msg_callback_arg()\fR and \fISSL_set_msg_callback_arg()\fR +can be used to set argument \fIarg\fR to the callback function, which is +available for arbitrary application use. +.PP +\&\fISSL_CTX_set_msg_callback()\fR and \fISSL_CTX_set_msg_callback_arg()\fR specify +default settings that will be copied to new \fB\s-1SSL\s0\fR objects by +SSL_new(3). \fISSL_set_msg_callback()\fR and +\&\fISSL_set_msg_callback_arg()\fR modify the actual settings of an \fB\s-1SSL\s0\fR +object. Using a \fB0\fR pointer for \fIcb\fR disables the message callback. +.PP +When \fIcb\fR is called by the \s-1SSL/TLS\s0 library for a protocol message, +the function arguments have the following meaning: +.Ip "\fIwrite_p\fR" 4 +.IX Item "write_p" +This flag is \fB0\fR when a protocol message has been received and \fB1\fR +when a protocol message has been sent. +.Ip "\fIversion\fR" 4 +.IX Item "version" +The protocol version according to which the protocol message is +interpreted by the library. Currently, this is one of +\&\fB\s-1SSL2_VERSION\s0\fR, \fB\s-1SSL3_VERSION\s0\fR and \fB\s-1TLS1_VERSION\s0\fR (for \s-1SSL\s0 2.0, \s-1SSL\s0 +3.0 and \s-1TLS\s0 1.0, respectively). +.Ip "\fIcontent_type\fR" 4 +.IX Item "content_type" +In the case of \s-1SSL\s0 2.0, this is always \fB0\fR. In the case of \s-1SSL\s0 3.0 +or \s-1TLS\s0 1.0, this is one of the \fBContentType\fR values defined in the +protocol specification (\fBchange_cipher_spec(20)\fR, \fBalert(21)\fR, +\&\fBhandshake(22)\fR; but never \fBapplication_data(23)\fR because the +callback will only be called for protocol messages). +.Ip "\fIbuf\fR, \fIlen\fR" 4 +.IX Item "buf, len" +\&\fIbuf\fR points to a buffer containing the protocol message, which +consists of \fIlen\fR bytes. The buffer is no longer valid after the +callback function has returned. +.Ip "\fIssl\fR" 4 +.IX Item "ssl" +The \fB\s-1SSL\s0\fR object that received or sent the message. +.Ip "\fIarg\fR" 4 +.IX Item "arg" +The user-defined argument optionally defined by +\&\fISSL_CTX_set_msg_callback_arg()\fR or \fISSL_set_msg_callback_arg()\fR. +.SH "NOTES" +.IX Header "NOTES" +Protocol messages are passed to the callback function after decryption +and fragment collection where applicable. (Thus record boundaries are +not visible.) +.PP +If processing a received protocol message results in an error, +the callback function may not be called. For example, the callback +function will never see messages that are considered too large to be +processed. +.PP +Due to automatic protocol version negotiation, \fIversion\fR is not +necessarily the protocol version used by the sender of the message: If +a \s-1TLS\s0 1.0 ClientHello message is received by an \s-1SSL\s0 3.0\-only server, +\&\fIversion\fR will be \fB\s-1SSL3_VERSION\s0\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_new(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fISSL_CTX_set_msg_callback()\fR, \fISSL_CTX_set_msg_callback_arg()\fR, +\&\fISSL_set_msg_callback()\fR and \fISSL_get_msg_callback_arg()\fR were added in OpenSSL 0.9.7. diff --git a/secure/lib/libssl/man/SSL_CTX_set_options.3 b/secure/lib/libssl/man/SSL_CTX_set_options.3 new file mode 100644 index 0000000..bc31819 --- /dev/null +++ b/secure/lib/libssl/man/SSL_CTX_set_options.3 @@ -0,0 +1,339 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:34:50 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_set_options 3" +.TH SSL_CTX_set_options 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_CTX_set_options, SSL_set_options, SSL_CTX_get_options, SSL_get_options \- manipulate \s-1SSL\s0 engine options +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 2 +\& long SSL_CTX_set_options(SSL_CTX *ctx, long options); +\& long SSL_set_options(SSL *ssl, long options); +.Ve +.Vb 2 +\& long SSL_CTX_get_options(SSL_CTX *ctx); +\& long SSL_get_options(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_options()\fR adds the options set via bitmask in \fBoptions\fR to \fBctx\fR. +Options already set before are not cleared! +.PP +\&\fISSL_set_options()\fR adds the options set via bitmask in \fBoptions\fR to \fBssl\fR. +Options already set before are not cleared! +.PP +\&\fISSL_CTX_get_options()\fR returns the options set for \fBctx\fR. +.PP +\&\fISSL_get_options()\fR returns the options set for \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +The behaviour of the \s-1SSL\s0 library can be changed by setting several options. +The options are coded as bitmasks and can be combined by a logical \fBor\fR +operation (|). Options can only be added but can never be reset. +.PP +\&\fISSL_CTX_set_options()\fR and \fISSL_set_options()\fR affect the (external) +protocol behaviour of the \s-1SSL\s0 library. The (internal) behaviour of +the \s-1API\s0 can be changed by using the similar +SSL_CTX_set_mode(3) and \fISSL_set_mode()\fR functions. +.PP +During a handshake, the option settings of the \s-1SSL\s0 object are used. When +a new \s-1SSL\s0 object is created from a context using \fISSL_new()\fR, the current +option setting is copied. Changes to \fBctx\fR do not affect already created +\&\s-1SSL\s0 objects. \fISSL_clear()\fR does not affect the settings. +.PP +The following \fBbug workaround\fR options are available: +.Ip "\s-1SSL_OP_MICROSOFT_SESS_ID_BUG\s0" 4 +.IX Item "SSL_OP_MICROSOFT_SESS_ID_BUG" +www.microsoft.com \- when talking SSLv2, if session-id reuse is +performed, the session-id passed back in the server-finished message +is different from the one decided upon. +.Ip "\s-1SSL_OP_NETSCAPE_CHALLENGE_BUG\s0" 4 +.IX Item "SSL_OP_NETSCAPE_CHALLENGE_BUG" +Netscape-Commerce/1.12, when talking SSLv2, accepts a 32 byte +challenge but then appears to only use 16 bytes when generating the +encryption keys. Using 16 bytes is ok but it should be ok to use 32. +According to the SSLv3 spec, one should use 32 bytes for the challenge +when operating in SSLv2/v3 compatibility mode, but as mentioned above, +this breaks this server so 16 bytes is the way to go. +.Ip "\s-1SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG\s0" 4 +.IX Item "SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG" +ssl3.netscape.com:443, first a connection is established with \s-1RC4\-MD5\s0. +If it is then resumed, we end up using \s-1DES-CBC3\-SHA\s0. It should be +\&\s-1RC4\-MD5\s0 according to 7.6.1.3, 'cipher_suite'. +.Sp +Netscape-Enterprise/2.01 (https://merchant.netscape.com) has this bug. +It only really shows up when connecting via SSLv2/v3 then reconnecting +via SSLv3. The cipher list changes.... +.Sp +\&\s-1NEW\s0 \s-1INFORMATION\s0. Try connecting with a cipher list of just +\&\s-1DES-CBC-SHA:RC4\-MD5\s0. For some weird reason, each new connection uses +\&\s-1RC4\-MD5\s0, but a re-connect tries to use \s-1DES-CBC-SHA\s0. So netscape, when +doing a re-connect, always takes the first cipher in the cipher list. +.Ip "\s-1SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG\s0" 4 +.IX Item "SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG" +\&... +.Ip "\s-1SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER\s0" 4 +.IX Item "SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER" +\&... +.Ip "\s-1SSL_OP_MSIE_SSLV2_RSA_PADDING\s0" 4 +.IX Item "SSL_OP_MSIE_SSLV2_RSA_PADDING" +\&... +.Ip "\s-1SSL_OP_SSLEAY_080_CLIENT_DH_BUG\s0" 4 +.IX Item "SSL_OP_SSLEAY_080_CLIENT_DH_BUG" +\&... +.Ip "\s-1SSL_OP_TLS_D5_BUG\s0" 4 +.IX Item "SSL_OP_TLS_D5_BUG" +\&... +.Ip "\s-1SSL_OP_TLS_BLOCK_PADDING_BUG\s0" 4 +.IX Item "SSL_OP_TLS_BLOCK_PADDING_BUG" +\&... +.Ip "\s-1SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS\s0" 4 +.IX Item "SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS" +Disables a countermeasure against a \s-1SSL\s0 3.0/TLS 1.0 protocol +vulnerability affecting \s-1CBC\s0 ciphers, which cannot be handled by some +broken \s-1SSL\s0 implementations. This option has no effect for connections +using other ciphers. +.Ip "\s-1SSL_OP_ALL\s0" 4 +.IX Item "SSL_OP_ALL" +All of the above bug workarounds. +.PP +It is usually safe to use \fB\s-1SSL_OP_ALL\s0\fR to enable the bug workaround +options if compatibility with somewhat broken implementations is +desired. +.PP +The following \fBmodifying\fR options are available: +.Ip "\s-1SSL_OP_TLS_ROLLBACK_BUG\s0" 4 +.IX Item "SSL_OP_TLS_ROLLBACK_BUG" +Disable version rollback attack detection. +.Sp +During the client key exchange, the client must send the same information +about acceptable \s-1SSL/TLS\s0 protocol levels as during the first hello. Some +clients violate this rule by adapting to the server's answer. (Example: +the client sends a SSLv2 hello and accepts up to SSLv3.1=TLSv1, the server +only understands up to SSLv3. In this case the client must still use the +same SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect +to the server's answer and violate the version rollback protection.) +.Ip "\s-1SSL_OP_SINGLE_DH_USE\s0" 4 +.IX Item "SSL_OP_SINGLE_DH_USE" +Always create a new key when using temporary/ephemeral \s-1DH\s0 parameters +(see SSL_CTX_set_tmp_dh_callback(3)). +This option must be used to prevent small subgroup attacks, when +the \s-1DH\s0 parameters were not generated using \*(L"strong\*(R" primes +(e.g. when using DSA-parameters, see dhparam(1)). +If \*(L"strong\*(R" primes were used, it is not strictly necessary to generate +a new \s-1DH\s0 key during each handshake but it is also recommended. +\&\fB\s-1SSL_OP_SINGLE_DH_USE\s0\fR should therefore be enabled whenever +temporary/ephemeral \s-1DH\s0 parameters are used. +.Ip "\s-1SSL_OP_EPHEMERAL_RSA\s0" 4 +.IX Item "SSL_OP_EPHEMERAL_RSA" +Always use ephemeral (temporary) \s-1RSA\s0 key when doing \s-1RSA\s0 operations +(see SSL_CTX_set_tmp_rsa_callback(3)). +According to the specifications this is only done, when a \s-1RSA\s0 key +can only be used for signature operations (namely under export ciphers +with restricted \s-1RSA\s0 keylength). By setting this option, ephemeral +\&\s-1RSA\s0 keys are always used. This option breaks compatibility with the +\&\s-1SSL/TLS\s0 specifications and may lead to interoperability problems with +clients and should therefore never be used. Ciphers with \s-1EDH\s0 (ephemeral +Diffie-Hellman) key exchange should be used instead. +.Ip "\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0" 4 +.IX Item "SSL_OP_CIPHER_SERVER_PREFERENCE" +When choosing a cipher, use the server's preferences instead of the client +preferences. When not set, the \s-1SSL\s0 server will always follow the clients +preferences. When set, the SSLv3/TLSv1 server will choose following its +own preferences. Because of the different protocol, for SSLv2 the server +will send his list of preferences to the client and the client chooses. +.Ip "\s-1SSL_OP_PKCS1_CHECK_1\s0" 4 +.IX Item "SSL_OP_PKCS1_CHECK_1" +\&... +.Ip "\s-1SSL_OP_PKCS1_CHECK_2\s0" 4 +.IX Item "SSL_OP_PKCS1_CHECK_2" +\&... +.Ip "\s-1SSL_OP_NETSCAPE_CA_DN_BUG\s0" 4 +.IX Item "SSL_OP_NETSCAPE_CA_DN_BUG" +If we accept a netscape connection, demand a client cert, have a +non-self-sighed \s-1CA\s0 which does not have it's \s-1CA\s0 in netscape, and the +browser has a cert, it will crash/hang. Works for 3.x and 4.xbeta +.Ip "\s-1SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG\s0" 4 +.IX Item "SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG" +\&... +.Ip "SSL_OP_NO_SSLv2" 4 +.IX Item "SSL_OP_NO_SSLv2" +Do not use the SSLv2 protocol. +.Ip "SSL_OP_NO_SSLv3" 4 +.IX Item "SSL_OP_NO_SSLv3" +Do not use the SSLv3 protocol. +.Ip "SSL_OP_NO_TLSv1" 4 +.IX Item "SSL_OP_NO_TLSv1" +Do not use the TLSv1 protocol. +.Ip "\s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0" 4 +.IX Item "SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION" +When performing renegotiation as a server, always start a new session +(i.e., session resumption requests are only accepted in the initial +handshake). This option is not needed for clients. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_options()\fR and \fISSL_set_options()\fR return the new options bitmask +after adding \fBoptions\fR. +.PP +\&\fISSL_CTX_get_options()\fR and \fISSL_get_options()\fR return the current bitmask. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_new(3), SSL_clear(3), +SSL_CTX_set_tmp_dh_callback(3), +SSL_CTX_set_tmp_rsa_callback(3), +dhparam(1) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fB\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0\fR and +\&\fB\s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0\fR have been added in +OpenSSL 0.9.7. +.PP +\&\fB\s-1SSL_OP_TLS_ROLLBACK_BUG\s0\fR has been added in OpenSSL 0.9.6 and was automatically +enabled with \fB\s-1SSL_OP_ALL\s0\fR. As of 0.9.7, it is no longer included in \fB\s-1SSL_OP_ALL\s0\fR +and must be explicitly set. +.PP +\&\fB\s-1SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS\s0\fR has been added in OpenSSL 0.9.6e. +Versions up to OpenSSL 0.9.6c do not include the countermeasure that +can be disabled with this option (in OpenSSL 0.9.6d, it was always +enabled). diff --git a/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 b/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 new file mode 100644 index 0000000..27dc385 --- /dev/null +++ b/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 @@ -0,0 +1,199 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:34:51 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_set_quiet_shutdown 3" +.TH SSL_CTX_set_quiet_shutdown 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_CTX_set_quiet_shutdown, SSL_CTX_get_quiet_shutdown, SSL_set_quiet_shutdown, SSL_get_quiet_shutdown \- manipulate shutdown behaviour +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 2 +\& void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode); +\& int SSL_CTX_get_quiet_shutdown(SSL_CTX *ctx); +.Ve +.Vb 2 +\& void SSL_set_quiet_shutdown(SSL *ssl, int mode); +\& int SSL_get_quiet_shutdown(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_quiet_shutdown()\fR sets the \*(L"quiet shutdown\*(R" flag for \fBctx\fR to be +\&\fBmode\fR. \s-1SSL\s0 objects created from \fBctx\fR inherit the \fBmode\fR valid at the time +SSL_new(3) is called. \fBmode\fR may be 0 or 1. +.PP +\&\fISSL_CTX_get_quiet_shutdown()\fR returns the \*(L"quiet shutdown\*(R" setting of \fBctx\fR. +.PP +\&\fISSL_set_quiet_shutdown()\fR sets the \*(L"quiet shutdown\*(R" flag for \fBssl\fR to be +\&\fBmode\fR. The setting stays valid until \fBssl\fR is removed with +SSL_free(3) or \fISSL_set_quiet_shutdown()\fR is called again. +It is not changed when SSL_clear(3) is called. +\&\fBmode\fR may be 0 or 1. +.PP +\&\fISSL_get_quiet_shutdown()\fR returns the \*(L"quiet shutdown\*(R" setting of \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +Normally when a \s-1SSL\s0 connection is finished, the parties must send out +\&\*(L"close notify\*(R" alert messages using SSL_shutdown(3) +for a clean shutdown. +.PP +When setting the \*(L"quiet shutdown\*(R" flag to 1, SSL_shutdown(3) +will set the internal flags to SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN. +(SSL_shutdown(3) then behaves like +SSL_set_shutdown(3) called with +SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.) +The session is thus considered to be shutdown, but no \*(L"close notify\*(R" alert +is sent to the peer. This behaviour violates the \s-1TLS\s0 standard. +.PP +The default is normal shutdown behaviour as described by the \s-1TLS\s0 standard. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_quiet_shutdown()\fR and \fISSL_set_quiet_shutdown()\fR do not return +diagnostic information. +.PP +\&\fISSL_CTX_get_quiet_shutdown()\fR and SSL_get_quiet_shutdown return the current +setting. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_shutdown(3), +SSL_set_shutdown(3), SSL_new(3), +SSL_clear(3), SSL_free(3) diff --git a/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 b/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 new file mode 100644 index 0000000..76b9d59 --- /dev/null +++ b/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 @@ -0,0 +1,257 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:34:52 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_set_session_cache_mode 3" +.TH SSL_CTX_set_session_cache_mode 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_CTX_set_session_cache_mode, SSL_CTX_get_session_cache_mode \- enable/disable session caching +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 2 +\& long SSL_CTX_set_session_cache_mode(SSL_CTX ctx, long mode); +\& long SSL_CTX_get_session_cache_mode(SSL_CTX ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_session_cache_mode()\fR enables/disables session caching +by setting the operational mode for \fBctx\fR to <mode>. +.PP +\&\fISSL_CTX_get_session_cache_mode()\fR returns the currently used cache mode. +.SH "NOTES" +.IX Header "NOTES" +The OpenSSL library can store/retrieve \s-1SSL/TLS\s0 sessions for later reuse. +The sessions can be held in memory for each \fBctx\fR, if more than one +\&\s-1SSL_CTX\s0 object is being maintained, the sessions are unique for each \s-1SSL_CTX\s0 +object. +.PP +In order to reuse a session, a client must send the session's id to the +server. It can only send exactly one id. The server then either +agrees to reuse the session or it starts a full handshake (to create a new +session). +.PP +A server will lookup up the session in its internal session storage. If the +session is not found in internal storage or lookups for the internal storage +have been deactivated (\s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0), the server will try +the external storage if available. +.PP +Since a client may try to reuse a session intended for use in a different +context, the session id context must be set by the server (see +SSL_CTX_set_session_id_context(3)). +.PP +The following session cache modes and modifiers are available: +.Ip "\s-1SSL_SESS_CACHE_OFF\s0" 4 +.IX Item "SSL_SESS_CACHE_OFF" +No session caching for client or server takes place. +.Ip "\s-1SSL_SESS_CACHE_CLIENT\s0" 4 +.IX Item "SSL_SESS_CACHE_CLIENT" +Client sessions are added to the session cache. As there is no reliable way +for the OpenSSL library to know whether a session should be reused or which +session to choose (due to the abstract \s-1BIO\s0 layer the \s-1SSL\s0 engine does not +have details about the connection), the application must select the session +to be reused by using the SSL_set_session(3) +function. This option is not activated by default. +.Ip "\s-1SSL_SESS_CACHE_SERVER\s0" 4 +.IX Item "SSL_SESS_CACHE_SERVER" +Server sessions are added to the session cache. When a client proposes a +session to be reused, the server looks for the corresponding session in (first) +the internal session cache (unless \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0 is set), +then (second) in the external cache if available. If the session is found, the +server will try to reuse the session. This is the default. +.Ip "\s-1SSL_SESS_CACHE_BOTH\s0" 4 +.IX Item "SSL_SESS_CACHE_BOTH" +Enable both \s-1SSL_SESS_CACHE_CLIENT\s0 and \s-1SSL_SESS_CACHE_SERVER\s0 at the same time. +.Ip "\s-1SSL_SESS_CACHE_NO_AUTO_CLEAR\s0" 4 +.IX Item "SSL_SESS_CACHE_NO_AUTO_CLEAR" +Normally the session cache is checked for expired sessions every +255 connections using the +SSL_CTX_flush_sessions(3) function. Since +this may lead to a delay which cannot be controlled, the automatic +flushing may be disabled and +SSL_CTX_flush_sessions(3) can be called +explicitly by the application. +.Ip "\s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0" 4 +.IX Item "SSL_SESS_CACHE_NO_INTERNAL_LOOKUP" +By setting this flag, session-resume operations in an \s-1SSL/TLS\s0 server will not +automatically look up sessions in the internal cache, even if sessions are +automatically stored there. If external session caching callbacks are in use, +this flag guarantees that all lookups are directed to the external cache. +As automatic lookup only applies for \s-1SSL/TLS\s0 servers, the flag has no effect on +clients. +.Ip "\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0" 4 +.IX Item "SSL_SESS_CACHE_NO_INTERNAL_STORE" +Depending on the presence of \s-1SSL_SESS_CACHE_CLIENT\s0 and/or \s-1SSL_SESS_CACHE_SERVER\s0, +sessions negotiated in an \s-1SSL/TLS\s0 handshake may be cached for possible reuse. +Normally a new session is added to the internal cache as well as any external +session caching (callback) that is configured for the \s-1SSL_CTX\s0. This flag will +prevent sessions being stored in the internal cache (though the application can +add them manually using SSL_CTX_add_session(3)). Note: +in any \s-1SSL/TLS\s0 servers where external caching is configured, any successful +session lookups in the external cache (ie. for session-resume requests) would +normally be copied into the local cache before processing continues \- this flag +prevents these additions to the internal cache as well. +.Ip "\s-1SSL_SESS_CACHE_NO_INTERNAL\s0" 4 +.IX Item "SSL_SESS_CACHE_NO_INTERNAL" +Enable both \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0 and +\&\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0 at the same time. +.PP +The default mode is \s-1SSL_SESS_CACHE_SERVER\s0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_session_cache_mode()\fR returns the previously set cache mode. +.PP +\&\fISSL_CTX_get_session_cache_mode()\fR returns the currently set cache mode. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_set_session(3), +SSL_session_reused(3), +SSL_CTX_add_session(3), +SSL_CTX_sess_number(3), +SSL_CTX_sess_set_cache_size(3), +SSL_CTX_sess_set_get_cb(3), +SSL_CTX_set_session_id_context(3), +SSL_CTX_set_timeout(3), +SSL_CTX_flush_sessions(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0 and \s-1SSL_SESS_CACHE_NO_INTERNAL\s0 +were introduced in OpenSSL 0.9.6h. diff --git a/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 b/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 new file mode 100644 index 0000000..28eb5c5 --- /dev/null +++ b/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 @@ -0,0 +1,209 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:34:53 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_set_session_id_context 3" +.TH SSL_CTX_set_session_id_context 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_CTX_set_session_id_context, SSL_set_session_id_context \- set context within which session can be reused (server side only) +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 4 +\& int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, +\& unsigned int sid_ctx_len); +\& int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, +\& unsigned int sid_ctx_len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_session_id_context()\fR sets the context \fBsid_ctx\fR of length +\&\fBsid_ctx_len\fR within which a session can be reused for the \fBctx\fR object. +.PP +\&\fISSL_set_session_id_context()\fR sets the context \fBsid_ctx\fR of length +\&\fBsid_ctx_len\fR within which a session can be reused for the \fBssl\fR object. +.SH "NOTES" +.IX Header "NOTES" +Sessions are generated within a certain context. When exporting/importing +sessions with \fBi2d_SSL_SESSION\fR/\fBd2i_SSL_SESSION\fR it would be possible, +to re-import a session generated from another context (e.g. another +application), which might lead to malfunctions. Therefore each application +must set its own session id context \fBsid_ctx\fR which is used to distinguish +the contexts and is stored in exported sessions. The \fBsid_ctx\fR can be +any kind of binary data with a given length, it is therefore possible +to use e.g. the name of the application and/or the hostname and/or service +name ... +.PP +The session id context becomes part of the session. The session id context +is set by the \s-1SSL/TLS\s0 server. The \fISSL_CTX_set_session_id_context()\fR and +\&\fISSL_set_session_id_context()\fR functions are therefore only useful on the +server side. +.PP +OpenSSL clients will check the session id context returned by the server +when reusing a session. +.PP +The maximum length of the \fBsid_ctx\fR is limited to +\&\fB\s-1SSL_MAX_SSL_SESSION_ID_LENGTH\s0\fR. +.SH "WARNINGS" +.IX Header "WARNINGS" +If the session id context is not set on an \s-1SSL/TLS\s0 server, stored sessions +will not be reused but a fatal error will be flagged and the handshake +will fail. +.PP +If a server returns a different session id context to an OpenSSL client +when reusing a session, an error will be flagged and the handshake will +fail. OpenSSL servers will always return the correct session id context, +as an OpenSSL server checks the session id context itself before reusing +a session as described above. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_session_id_context()\fR and \fISSL_set_session_id_context()\fR +return the following values: +.Ip "0" 4 +The length \fBsid_ctx_len\fR of the session id context \fBsid_ctx\fR exceeded +the maximum allowed length of \fB\s-1SSL_MAX_SSL_SESSION_ID_LENGTH\s0\fR. The error +is logged to the error stack. +.Ip "1" 4 +.IX Item "1" +The operation succeeded. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3) diff --git a/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 b/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 new file mode 100644 index 0000000..58a7f3e --- /dev/null +++ b/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 @@ -0,0 +1,189 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:34:54 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_set_ssl_version 3" +.TH SSL_CTX_set_ssl_version 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method +\&\- choose a new \s-1TLS/SSL\s0 method +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 3 +\& int SSL_CTX_set_ssl_version(SSL_CTX *ctx, SSL_METHOD *method); +\& int SSL_set_ssl_method(SSL *s, SSL_METHOD *method); +\& SSL_METHOD *SSL_get_ssl_method(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_ssl_version()\fR sets a new default \s-1TLS/SSL\s0 \fBmethod\fR for \s-1SSL\s0 objects +newly created from this \fBctx\fR. \s-1SSL\s0 objects already created with +SSL_new(3) are not affected, except when +SSL_clear(3) is being called. +.PP +\&\fISSL_set_ssl_method()\fR sets a new \s-1TLS/SSL\s0 \fBmethod\fR for a particular \fBssl\fR +object. It may be reset, when \fISSL_clear()\fR is called. +.PP +\&\fISSL_get_ssl_method()\fR returns a function pointer to the \s-1TLS/SSL\s0 method +set in \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +The available \fBmethod\fR choices are described in +SSL_CTX_new(3). +.PP +When SSL_clear(3) is called and no session is connected to +an \s-1SSL\s0 object, the method of the \s-1SSL\s0 object is reset to the method currently +set in the corresponding \s-1SSL_CTX\s0 object. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur for \fISSL_CTX_set_ssl_version()\fR +and \fISSL_set_ssl_method()\fR: +.Ip "0" 4 +The new choice failed, check the error stack to find out the reason. +.Ip "1" 4 +.IX Item "1" +The operation succeeded. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +SSL_CTX_new(3), SSL_new(3), +SSL_clear(3), ssl(3), +SSL_set_connect_state(3) diff --git a/secure/lib/libssl/man/SSL_CTX_set_timeout.3 b/secure/lib/libssl/man/SSL_CTX_set_timeout.3 new file mode 100644 index 0000000..1c0d406 --- /dev/null +++ b/secure/lib/libssl/man/SSL_CTX_set_timeout.3 @@ -0,0 +1,194 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:34:55 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_set_timeout 3" +.TH SSL_CTX_set_timeout 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_CTX_set_timeout, SSL_CTX_get_timeout \- manipulate timeout values for session caching +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 2 +\& long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); +\& long SSL_CTX_get_timeout(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_timeout()\fR sets the timeout for newly created sessions for +\&\fBctx\fR to \fBt\fR. The timeout value \fBt\fR must be given in seconds. +.PP +\&\fISSL_CTX_get_timeout()\fR returns the currently set timeout value for \fBctx\fR. +.SH "NOTES" +.IX Header "NOTES" +Whenever a new session is created, it is assigned a maximum lifetime. This +lifetime is specified by storing the creation time of the session and the +timeout value valid at this time. If the actual time is later than creation +time plus timeout, the session is not reused. +.PP +Due to this realization, all sessions behave according to the timeout value +valid at the time of the session negotiation. Changes of the timeout value +do not affect already established sessions. +.PP +The expiration time of a single session can be modified using the +SSL_SESSION_get_time(3) family of functions. +.PP +Expired sessions are removed from the internal session cache, whenever +SSL_CTX_flush_sessions(3) is called, either +directly by the application or automatically (see +SSL_CTX_set_session_cache_mode(3)) +.PP +The default value for session timeout is decided on a per protocol +basis, see SSL_get_default_timeout(3). +All currently supported protocols have the same default timeout value +of 300 seconds. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_timeout()\fR returns the previously set timeout value. +.PP +\&\fISSL_CTX_get_timeout()\fR returns the currently set timeout value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), +SSL_CTX_set_session_cache_mode(3), +SSL_SESSION_get_time(3), +SSL_CTX_flush_sessions(3), +SSL_get_default_timeout(3) diff --git a/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 new file mode 100644 index 0000000..fb0d6a6 --- /dev/null +++ b/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 @@ -0,0 +1,312 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:34:55 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_set_tmp_dh_callback 3" +.TH SSL_CTX_set_tmp_dh_callback 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_set_tmp_dh \- handle \s-1DH\s0 keys for ephemeral key exchange +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 3 +\& void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, +\& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)); +\& long SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh); +.Ve +.Vb 3 +\& void SSL_set_tmp_dh_callback(SSL_CTX *ctx, +\& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)); +\& long SSL_set_tmp_dh(SSL *ssl, DH *dh) +.Ve +.Vb 1 +\& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_tmp_dh_callback()\fR sets the callback function for \fBctx\fR to be +used when a \s-1DH\s0 parameters are required to \fBtmp_dh_callback\fR. +The callback is inherited by all \fBssl\fR objects created from \fBctx\fR. +.PP +\&\fISSL_CTX_set_tmp_dh()\fR sets \s-1DH\s0 parameters to be used to be \fBdh\fR. +The key is inherited by all \fBssl\fR objects created from \fBctx\fR. +.PP +\&\fISSL_set_tmp_dh_callback()\fR sets the callback only for \fBssl\fR. +.PP +\&\fISSL_set_tmp_dh()\fR sets the parameters only for \fBssl\fR. +.PP +These functions apply to \s-1SSL/TLS\s0 servers only. +.SH "NOTES" +.IX Header "NOTES" +When using a cipher with \s-1RSA\s0 authentication, an ephemeral \s-1DH\s0 key exchange +can take place. Ciphers with \s-1DSA\s0 keys always use ephemeral \s-1DH\s0 keys as well. +In these cases, the session data are negotiated using the +ephemeral/temporary \s-1DH\s0 key and the key supplied and certified +by the certificate chain is only used for signing. +Anonymous ciphers (without a permanent server key) also use ephemeral \s-1DH\s0 keys. +.PP +Using ephemeral \s-1DH\s0 key exchange yields forward secrecy, as the connection +can only be decrypted, when the \s-1DH\s0 key is known. By generating a temporary +\&\s-1DH\s0 key inside the server application that is lost when the application +is left, it becomes impossible for an attacker to decrypt past sessions, +even if he gets hold of the normal (certified) key, as this key was +only used for signing. +.PP +In order to perform a \s-1DH\s0 key exchange the server must use a \s-1DH\s0 group +(\s-1DH\s0 parameters) and generate a \s-1DH\s0 key. The server will always generate a new +\&\s-1DH\s0 key during the negotiation, when the \s-1DH\s0 parameters are supplied via +callback and/or when the \s-1SSL_OP_SINGLE_DH_USE\s0 option of +SSL_CTX_set_options(3) is set. It will +immediately create a \s-1DH\s0 key, when \s-1DH\s0 parameters are supplied via +\&\fISSL_CTX_set_tmp_dh()\fR and \s-1SSL_OP_SINGLE_DH_USE\s0 is not set. In this case, +it may happen that a key is generated on initialization without later +being needed, while on the other hand the computer time during the +negotiation is being saved. +.PP +If \*(L"strong\*(R" primes were used to generate the \s-1DH\s0 parameters, it is not strictly +necessary to generate a new key for each handshake but it does improve forward +secrecy. If it is not assured, that \*(L"strong\*(R" primes were used (see especially +the section about \s-1DSA\s0 parameters below), \s-1SSL_OP_SINGLE_DH_USE\s0 must be used +in order to prevent small subgroup attacks. Always using \s-1SSL_OP_SINGLE_DH_USE\s0 +has an impact on the computer time needed during negotiation, but it is not +very large, so application authors/users should consider to always enable +this option. +.PP +As generating \s-1DH\s0 parameters is extremely time consuming, an application +should not generate the parameters on the fly but supply the parameters. +\&\s-1DH\s0 parameters can be reused, as the actual key is newly generated during +the negotiation. The risk in reusing \s-1DH\s0 parameters is that an attacker +may specialize on a very often used \s-1DH\s0 group. Applications should therefore +generate their own \s-1DH\s0 parameters during the installation process using the +openssl dhparam(1) application. In order to reduce the computer +time needed for this generation, it is possible to use \s-1DSA\s0 parameters +instead (see dhparam(1)), but in this case \s-1SSL_OP_SINGLE_DH_USE\s0 +is mandatory. +.PP +Application authors may compile in \s-1DH\s0 parameters. Files dh512.pem, +dh1024.pem, dh2048.pem, and dh4096 in the 'apps' directory of current +version of the OpenSSL distribution contain the '\s-1SKIP\s0' \s-1DH\s0 parameters, +which use safe primes and were generated verifiably pseudo-randomly. +These files can be converted into C code using the \fB\-C\fR option of the +dhparam(1) application. +Authors may also generate their own set of parameters using +dhparam(1), but a user may not be sure how the parameters were +generated. The generation of \s-1DH\s0 parameters during installation is therefore +recommended. +.PP +An application may either directly specify the \s-1DH\s0 parameters or +can supply the \s-1DH\s0 parameters via a callback function. The callback approach +has the advantage, that the callback may supply \s-1DH\s0 parameters for different +key lengths. +.PP +The \fBtmp_dh_callback\fR is called with the \fBkeylength\fR needed and +the \fBis_export\fR information. The \fBis_export\fR flag is set, when the +ephemeral \s-1DH\s0 key exchange is performed with an export cipher. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Handle \s-1DH\s0 parameters for key lengths of 512 and 1024 bits. (Error handling +partly left out.) +.PP +.Vb 5 +\& ... +\& /* Set up ephemeral DH stuff */ +\& DH *dh_512 = NULL; +\& DH *dh_1024 = NULL; +\& FILE *paramfile; +.Ve +.Vb 14 +\& ... +\& /* "openssl dhparam -out dh_param_512.pem -2 512" */ +\& paramfile = fopen("dh_param_512.pem", "r"); +\& if (paramfile) { +\& dh_512 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); +\& fclose(paramfile); +\& } +\& /* "openssl dhparam -out dh_param_1024.pem -2 1024" */ +\& paramfile = fopen("dh_param_1024.pem", "r"); +\& if (paramfile) { +\& dh_1024 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); +\& fclose(paramfile); +\& } +\& ... +.Ve +.Vb 3 +\& /* "openssl dhparam -C -2 512" etc... */ +\& DH *get_dh512() { ... } +\& DH *get_dh1024() { ... } +.Ve +.Vb 3 +\& DH *tmp_dh_callback(SSL *s, int is_export, int keylength) +\& { +\& DH *dh_tmp=NULL; +.Ve +.Vb 17 +\& switch (keylength) { +\& case 512: +\& if (!dh_512) +\& dh_512 = get_dh512(); +\& dh_tmp = dh_512; +\& break; +\& case 1024: +\& if (!dh_1024) +\& dh_1024 = get_dh1024(); +\& dh_tmp = dh_1024; +\& break; +\& default: +\& /* Generating a key on the fly is very costly, so use what is there */ +\& setup_dh_parameters_like_above(); +\& } +\& return(dh_tmp); +\& } +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_tmp_dh_callback()\fR and \fISSL_set_tmp_dh_callback()\fR do not return +diagnostic output. +.PP +\&\fISSL_CTX_set_tmp_dh()\fR and \fISSL_set_tmp_dh()\fR do return 1 on success and 0 +on failure. Check the error queue to find out the reason of failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_CTX_set_cipher_list(3), +SSL_CTX_set_tmp_rsa_callback(3), +SSL_CTX_set_options(3), +ciphers(1), dhparam(1) diff --git a/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 new file mode 100644 index 0000000..7f66c07 --- /dev/null +++ b/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 @@ -0,0 +1,309 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:34:56 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_set_tmp_rsa_callback 3" +.TH SSL_CTX_set_tmp_rsa_callback 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_CTX_set_tmp_rsa_callback, SSL_CTX_set_tmp_rsa, SSL_CTX_need_tmp_rsa, SSL_set_tmp_rsa_callback, SSL_set_tmp_rsa, SSL_need_tmp_rsa \- handle \s-1RSA\s0 keys for ephemeral key exchange +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 4 +\& void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, +\& RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength)); +\& long SSL_CTX_set_tmp_rsa(SSL_CTX *ctx, RSA *rsa); +\& long SSL_CTX_need_tmp_rsa(SSL_CTX *ctx); +.Ve +.Vb 4 +\& void SSL_set_tmp_rsa_callback(SSL_CTX *ctx, +\& RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength)); +\& long SSL_set_tmp_rsa(SSL *ssl, RSA *rsa) +\& long SSL_need_tmp_rsa(SSL *ssl) +.Ve +.Vb 1 +\& RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength)); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_tmp_rsa_callback()\fR sets the callback function for \fBctx\fR to be +used when a temporary/ephemeral \s-1RSA\s0 key is required to \fBtmp_rsa_callback\fR. +The callback is inherited by all \s-1SSL\s0 objects newly created from \fBctx\fR +with <\fISSL_new\fR\|(3)|\fISSL_new\fR\|(3)>. Already created \s-1SSL\s0 objects are not affected. +.PP +\&\fISSL_CTX_set_tmp_rsa()\fR sets the temporary/ephemeral \s-1RSA\s0 key to be used to be +\&\fBrsa\fR. The key is inherited by all \s-1SSL\s0 objects newly created from \fBctx\fR +with <\fISSL_new\fR\|(3)|\fISSL_new\fR\|(3)>. Already created \s-1SSL\s0 objects are not affected. +.PP +\&\fISSL_CTX_need_tmp_rsa()\fR returns 1, if a temporary/ephemeral \s-1RSA\s0 key is needed +for RSA-based strength-limited 'exportable' ciphersuites because a \s-1RSA\s0 key +with a keysize larger than 512 bits is installed. +.PP +\&\fISSL_set_tmp_rsa_callback()\fR sets the callback only for \fBssl\fR. +.PP +\&\fISSL_set_tmp_rsa()\fR sets the key only for \fBssl\fR. +.PP +\&\fISSL_need_tmp_rsa()\fR returns 1, if a temporary/ephemeral \s-1RSA\s0 key is needed, +for RSA-based strength-limited 'exportable' ciphersuites because a \s-1RSA\s0 key +with a keysize larger than 512 bits is installed. +.PP +These functions apply to \s-1SSL/TLS\s0 servers only. +.SH "NOTES" +.IX Header "NOTES" +When using a cipher with \s-1RSA\s0 authentication, an ephemeral \s-1RSA\s0 key exchange +can take place. In this case the session data are negotiated using the +ephemeral/temporary \s-1RSA\s0 key and the \s-1RSA\s0 key supplied and certified +by the certificate chain is only used for signing. +.PP +Under previous export restrictions, ciphers with \s-1RSA\s0 keys shorter (512 bits) +than the usual key length of 1024 bits were created. To use these ciphers +with \s-1RSA\s0 keys of usual length, an ephemeral key exchange must be performed, +as the normal (certified) key cannot be directly used. +.PP +Using ephemeral \s-1RSA\s0 key exchange yields forward secrecy, as the connection +can only be decrypted, when the \s-1RSA\s0 key is known. By generating a temporary +\&\s-1RSA\s0 key inside the server application that is lost when the application +is left, it becomes impossible for an attacker to decrypt past sessions, +even if he gets hold of the normal (certified) \s-1RSA\s0 key, as this key was +used for signing only. The downside is that creating a \s-1RSA\s0 key is +computationally expensive. +.PP +Additionally, the use of ephemeral \s-1RSA\s0 key exchange is only allowed in +the \s-1TLS\s0 standard, when the \s-1RSA\s0 key can be used for signing only, that is +for export ciphers. Using ephemeral \s-1RSA\s0 key exchange for other purposes +violates the standard and can break interoperability with clients. +It is therefore strongly recommended to not use ephemeral \s-1RSA\s0 key +exchange and use \s-1EDH\s0 (Ephemeral Diffie-Hellman) key exchange instead +in order to achieve forward secrecy (see +SSL_CTX_set_tmp_dh_callback(3)). +.PP +On OpenSSL servers ephemeral \s-1RSA\s0 key exchange is therefore disabled by default +and must be explicitly enabled using the \s-1SSL_OP_EPHEMERAL_RSA\s0 option of +SSL_CTX_set_options(3), violating the \s-1TLS/SSL\s0 +standard. When ephemeral \s-1RSA\s0 key exchange is required for export ciphers, +it will automatically be used without this option! +.PP +An application may either directly specify the key or can supply the key via +a callback function. The callback approach has the advantage, that the +callback may generate the key only in case it is actually needed. As the +generation of a \s-1RSA\s0 key is however costly, it will lead to a significant +delay in the handshake procedure. Another advantage of the callback function +is that it can supply keys of different size (e.g. for \s-1SSL_OP_EPHEMERAL_RSA\s0 +usage) while the explicit setting of the key is only useful for key size of +512 bits to satisfy the export restricted ciphers and does give away key length +if a longer key would be allowed. +.PP +The \fBtmp_rsa_callback\fR is called with the \fBkeylength\fR needed and +the \fBis_export\fR information. The \fBis_export\fR flag is set, when the +ephemeral \s-1RSA\s0 key exchange is performed with an export cipher. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Generate temporary \s-1RSA\s0 keys to prepare ephemeral \s-1RSA\s0 key exchange. As the +generation of a \s-1RSA\s0 key costs a lot of computer time, they saved for later +reuse. For demonstration purposes, two keys for 512 bits and 1024 bits +respectively are generated. +.PP +.Vb 4 +\& ... +\& /* Set up ephemeral RSA stuff */ +\& RSA *rsa_512 = NULL; +\& RSA *rsa_1024 = NULL; +.Ve +.Vb 3 +\& rsa_512 = RSA_generate_key(512,RSA_F4,NULL,NULL); +\& if (rsa_512 == NULL) +\& evaluate_error_queue(); +.Ve +.Vb 3 +\& rsa_1024 = RSA_generate_key(1024,RSA_F4,NULL,NULL); +\& if (rsa_1024 == NULL) +\& evaluate_error_queue(); +.Ve +.Vb 1 +\& ... +.Ve +.Vb 3 +\& RSA *tmp_rsa_callback(SSL *s, int is_export, int keylength) +\& { +\& RSA *rsa_tmp=NULL; +.Ve +.Vb 24 +\& switch (keylength) { +\& case 512: +\& if (rsa_512) +\& rsa_tmp = rsa_512; +\& else { /* generate on the fly, should not happen in this example */ +\& rsa_tmp = RSA_generate_key(keylength,RSA_F4,NULL,NULL); +\& rsa_512 = rsa_tmp; /* Remember for later reuse */ +\& } +\& break; +\& case 1024: +\& if (rsa_1024) +\& rsa_tmp=rsa_1024; +\& else +\& should_not_happen_in_this_example(); +\& break; +\& default: +\& /* Generating a key on the fly is very costly, so use what is there */ +\& if (rsa_1024) +\& rsa_tmp=rsa_1024; +\& else +\& rsa_tmp=rsa_512; /* Use at least a shorter key */ +\& } +\& return(rsa_tmp); +\& } +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_tmp_rsa_callback()\fR and \fISSL_set_tmp_rsa_callback()\fR do not return +diagnostic output. +.PP +\&\fISSL_CTX_set_tmp_rsa()\fR and \fISSL_set_tmp_rsa()\fR do return 1 on success and 0 +on failure. Check the error queue to find out the reason of failure. +.PP +\&\fISSL_CTX_need_tmp_rsa()\fR and \fISSL_need_tmp_rsa()\fR return 1 if a temporary +\&\s-1RSA\s0 key is needed and 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_CTX_set_cipher_list(3), +SSL_CTX_set_options(3), +SSL_CTX_set_tmp_dh_callback(3), +SSL_new(3), ciphers(1) diff --git a/secure/lib/libssl/man/SSL_CTX_set_verify.3 b/secure/lib/libssl/man/SSL_CTX_set_verify.3 new file mode 100644 index 0000000..7d220f3 --- /dev/null +++ b/secure/lib/libssl/man/SSL_CTX_set_verify.3 @@ -0,0 +1,434 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:34:57 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_set_verify 3" +.TH SSL_CTX_set_verify 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_CTX_set_verify, SSL_set_verify, SSL_CTX_set_verify_depth, SSL_set_verify_depth \- set peer certificate verification parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 6 +\& void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, +\& int (*verify_callback)(int, X509_STORE_CTX *)); +\& void SSL_set_verify(SSL *s, int mode, +\& int (*verify_callback)(int, X509_STORE_CTX *)); +\& void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth); +\& void SSL_set_verify_depth(SSL *s, int depth); +.Ve +.Vb 1 +\& int verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_verify()\fR sets the verification flags for \fBctx\fR to be \fBmode\fR and +specifies the \fBverify_callback\fR function to be used. If no callback function +shall be specified, the \s-1NULL\s0 pointer can be used for \fBverify_callback\fR. +.PP +\&\fISSL_set_verify()\fR sets the verification flags for \fBssl\fR to be \fBmode\fR and +specifies the \fBverify_callback\fR function to be used. If no callback function +shall be specified, the \s-1NULL\s0 pointer can be used for \fBverify_callback\fR. In +this case last \fBverify_callback\fR set specifically for this \fBssl\fR remains. If +no special \fBcallback\fR was set before, the default callback for the underlying +\&\fBctx\fR is used, that was valid at the the time \fBssl\fR was created with +SSL_new(3). +.PP +\&\fISSL_CTX_set_verify_depth()\fR sets the maximum \fBdepth\fR for the certificate chain +verification that shall be allowed for \fBctx\fR. (See the \s-1BUGS\s0 section.) +.PP +\&\fISSL_set_verify_depth()\fR sets the maximum \fBdepth\fR for the certificate chain +verification that shall be allowed for \fBssl\fR. (See the \s-1BUGS\s0 section.) +.SH "NOTES" +.IX Header "NOTES" +The verification of certificates can be controlled by a set of logically +or'ed \fBmode\fR flags: +.Ip "\s-1SSL_VERIFY_NONE\s0" 4 +.IX Item "SSL_VERIFY_NONE" +\&\fBServer mode:\fR the server will not send a client certificate request to the +client, so the client will not send a certificate. +.Sp +\&\fBClient mode:\fR if not using an anonymous cipher (by default disabled), the +server will send a certificate which will be checked. The result of the +certificate verification process can be checked after the \s-1TLS/SSL\s0 handshake +using the SSL_get_verify_result(3) function. +The handshake will be continued regardless of the verification result. +.Ip "\s-1SSL_VERIFY_PEER\s0" 4 +.IX Item "SSL_VERIFY_PEER" +\&\fBServer mode:\fR the server sends a client certificate request to the client. +The certificate returned (if any) is checked. If the verification process +fails, the \s-1TLS/SSL\s0 handshake is +immediately terminated with an alert message containing the reason for +the verification failure. +The behaviour can be controlled by the additional +\&\s-1SSL_VERIFY_FAIL_IF_NO_PEER_CERT\s0 and \s-1SSL_VERIFY_CLIENT_ONCE\s0 flags. +.Sp +\&\fBClient mode:\fR the server certificate is verified. If the verification process +fails, the \s-1TLS/SSL\s0 handshake is +immediately terminated with an alert message containing the reason for +the verification failure. If no server certificate is sent, because an +anonymous cipher is used, \s-1SSL_VERIFY_PEER\s0 is ignored. +.Ip "\s-1SSL_VERIFY_FAIL_IF_NO_PEER_CERT\s0" 4 +.IX Item "SSL_VERIFY_FAIL_IF_NO_PEER_CERT" +\&\fBServer mode:\fR if the client did not return a certificate, the \s-1TLS/SSL\s0 +handshake is immediately terminated with a \*(L"handshake failure\*(R" alert. +This flag must be used together with \s-1SSL_VERIFY_PEER\s0. +.Sp +\&\fBClient mode:\fR ignored +.Ip "\s-1SSL_VERIFY_CLIENT_ONCE\s0" 4 +.IX Item "SSL_VERIFY_CLIENT_ONCE" +\&\fBServer mode:\fR only request a client certificate on the initial \s-1TLS/SSL\s0 +handshake. Do not ask for a client certificate again in case of a +renegotiation. This flag must be used together with \s-1SSL_VERIFY_PEER\s0. +.Sp +\&\fBClient mode:\fR ignored +.PP +Exactly one of the \fBmode\fR flags \s-1SSL_VERIFY_NONE\s0 and \s-1SSL_VERIFY_PEER\s0 must be +set at any time. +.PP +The actual verification procedure is performed either using the built-in +verification procedure or using another application provided verification +function set with +SSL_CTX_set_cert_verify_callback(3). +The following descriptions apply in the case of the built-in procedure. An +application provided procedure also has access to the verify depth information +and the \fIverify_callback()\fR function, but the way this information is used +may be different. +.PP +\&\fISSL_CTX_set_verify_depth()\fR and \fISSL_set_verify_depth()\fR set the limit up +to which depth certificates in a chain are used during the verification +procedure. If the certificate chain is longer than allowed, the certificates +above the limit are ignored. Error messages are generated as if these +certificates would not be present, most likely a +X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY will be issued. +The depth count is \*(L"level 0:peer certificate\*(R", \*(L"level 1: \s-1CA\s0 certificate\*(R", +\&\*(L"level 2: higher level \s-1CA\s0 certificate\*(R", and so on. Setting the maximum +depth to 2 allows the levels 0, 1, and 2. The default depth limit is 9, +allowing for the peer certificate and additional 9 \s-1CA\s0 certificates. +.PP +The \fBverify_callback\fR function is used to control the behaviour when the +\&\s-1SSL_VERIFY_PEER\s0 flag is set. It must be supplied by the application and +receives two arguments: \fBpreverify_ok\fR indicates, whether the verification of +the certificate in question was passed (preverify_ok=1) or not +(preverify_ok=0). \fBx509_ctx\fR is a pointer to the complete context used +for the certificate chain verification. +.PP +The certificate chain is checked starting with the deepest nesting level +(the root \s-1CA\s0 certificate) and worked upward to the peer's certificate. +At each level signatures and issuer attributes are checked. Whenever +a verification error is found, the error number is stored in \fBx509_ctx\fR +and \fBverify_callback\fR is called with \fBpreverify_ok\fR=0. By applying +X509_CTX_store_* functions \fBverify_callback\fR can locate the certificate +in question and perform additional steps (see \s-1EXAMPLES\s0). If no error is +found for a certificate, \fBverify_callback\fR is called with \fBpreverify_ok\fR=1 +before advancing to the next level. +.PP +The return value of \fBverify_callback\fR controls the strategy of the further +verification process. If \fBverify_callback\fR returns 0, the verification +process is immediately stopped with \*(L"verification failed\*(R" state. If +\&\s-1SSL_VERIFY_PEER\s0 is set, a verification failure alert is sent to the peer and +the \s-1TLS/SSL\s0 handshake is terminated. If \fBverify_callback\fR returns 1, +the verification process is continued. If \fBverify_callback\fR always returns +1, the \s-1TLS/SSL\s0 handshake will never be terminated because of this application +experiencing a verification failure. The calling process can however +retrieve the error code of the last verification error using +SSL_get_verify_result(3) or by maintaining its +own error storage managed by \fBverify_callback\fR. +.PP +If no \fBverify_callback\fR is specified, the default callback will be used. +Its return value is identical to \fBpreverify_ok\fR, so that any verification +failure will lead to a termination of the \s-1TLS/SSL\s0 handshake with an +alert message, if \s-1SSL_VERIFY_PEER\s0 is set. +.SH "BUGS" +.IX Header "BUGS" +In client mode, it is not checked whether the \s-1SSL_VERIFY_PEER\s0 flag +is set, but whether \s-1SSL_VERIFY_NONE\s0 is not set. This can lead to +unexpected behaviour, if the \s-1SSL_VERIFY_PEER\s0 and \s-1SSL_VERIFY_NONE\s0 are not +used as required (exactly one must be set at any time). +.PP +The certificate verification depth set with SSL[_CTX]\fI_verify_depth()\fR +stops the verification at a certain depth. The error message produced +will be that of an incomplete certificate chain and not +X509_V_ERR_CERT_CHAIN_TOO_LONG as may be expected. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The SSL*_set_verify*() functions do not provide diagnostic information. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The following code sequence realizes an example \fBverify_callback\fR function +that will always continue the \s-1TLS/SSL\s0 handshake regardless of verification +failure, if wished. The callback realizes a verification depth limit with +more informational output. +.PP +All verification errors are printed, informations about the certificate chain +are printed on request. +The example is realized for a server that does allow but not require client +certificates. +.PP +The example makes use of the ex_data technique to store application data +into/retrieve application data from the \s-1SSL\s0 structure +(see SSL_get_ex_new_index(3), +SSL_get_ex_data_X509_STORE_CTX_idx(3)). +.PP +.Vb 15 +\& ... +\& typedef struct { +\& int verbose_mode; +\& int verify_depth; +\& int always_continue; +\& } mydata_t; +\& int mydata_index; +\& ... +\& static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx) +\& { +\& char buf[256]; +\& X509 *err_cert; +\& int err, depth; +\& SSL *ssl; +\& mydata_t *mydata; +.Ve +.Vb 3 +\& err_cert = X509_STORE_CTX_get_current_cert(ctx); +\& err = X509_STORE_CTX_get_error(ctx); +\& depth = X509_STORE_CTX_get_error_depth(ctx); +.Ve +.Vb 6 +\& /* +\& * Retrieve the pointer to the SSL of the connection currently treated +\& * and the application specific data stored into the SSL object. +\& */ +\& ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); +\& mydata = SSL_get_ex_data(ssl, mydata_index); +.Ve +.Vb 1 +\& X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256); +.Ve +.Vb 22 +\& /* +\& * Catch a too long certificate chain. The depth limit set using +\& * SSL_CTX_set_verify_depth() is by purpose set to "limit+1" so +\& * that whenever the "depth>verify_depth" condition is met, we +\& * have violated the limit and want to log this error condition. +\& * We must do it here, because the CHAIN_TOO_LONG error would not +\& * be found explicitly; only errors introduced by cutting off the +\& * additional certificates would be logged. +\& */ +\& if (depth > mydata->verify_depth) { +\& preverify_ok = 0; +\& err = X509_V_ERR_CERT_CHAIN_TOO_LONG; +\& X509_STORE_CTX_set_error(ctx, err); +\& } +\& if (!preverify_ok) { +\& printf("verify error:num=%d:%s:depth=%d:%s\en", err, +\& X509_verify_cert_error_string(err), depth, buf); +\& } +\& else if (mydata->verbose_mode) +\& { +\& printf("depth=%d:%s\en", depth, buf); +\& } +.Ve +.Vb 9 +\& /* +\& * At this point, err contains the last verification error. We can use +\& * it for something special +\& */ +\& if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)) +\& { +\& X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, 256); +\& printf("issuer= %s\en", buf); +\& } +.Ve +.Vb 6 +\& if (mydata->always_continue) +\& return 1; +\& else +\& return preverify_ok; +\& } +\& ... +.Ve +.Vb 1 +\& mydata_t mydata; +.Ve +.Vb 2 +\& ... +\& mydata_index = SSL_get_ex_new_index(0, "mydata index", NULL, NULL, NULL); +.Ve +.Vb 3 +\& ... +\& SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE, +\& verify_callback); +.Ve +.Vb 5 +\& /* +\& * Let the verify_callback catch the verify_depth error so that we get +\& * an appropriate error in the logfile. +\& */ +\& SSL_CTX_set_verify_depth(verify_depth + 1); +.Ve +.Vb 6 +\& /* +\& * Set up the SSL specific data into "mydata" and store it into th SSL +\& * structure. +\& */ +\& mydata.verify_depth = verify_depth; ... +\& SSL_set_ex_data(ssl, mydata_index, &mydata); +.Ve +.Vb 9 +\& ... +\& SSL_accept(ssl); /* check of success left out for clarity */ +\& if (peer = SSL_get_peer_certificate(ssl)) +\& { +\& if (SSL_get_verify_result(ssl) == X509_V_OK) +\& { +\& /* The client sent a certificate which verified OK */ +\& } +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_new(3), +SSL_CTX_get_verify_mode(3), +SSL_get_verify_result(3), +SSL_CTX_load_verify_locations(3), +SSL_get_peer_certificate(3), +SSL_CTX_set_cert_verify_callback(3), +SSL_get_ex_data_X509_STORE_CTX_idx(3), +SSL_get_ex_new_index(3) diff --git a/secure/lib/libssl/man/SSL_CTX_use_certificate.3 b/secure/lib/libssl/man/SSL_CTX_use_certificate.3 new file mode 100644 index 0000000..09d4fee --- /dev/null +++ b/secure/lib/libssl/man/SSL_CTX_use_certificate.3 @@ -0,0 +1,293 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:34:59 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_use_certificate 3" +.TH SSL_CTX_use_certificate 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, SSL_CTX_use_certificate_file, SSL_use_certificate, SSL_use_certificate_ASN1, SSL_use_certificate_file, SSL_CTX_use_certificate_chain_file, SSL_CTX_use_PrivateKey, SSL_CTX_use_PrivateKey_ASN1, SSL_CTX_use_PrivateKey_file, SSL_CTX_use_RSAPrivateKey, SSL_CTX_use_RSAPrivateKey_ASN1, SSL_CTX_use_RSAPrivateKey_file, SSL_use_PrivateKey_file, SSL_use_PrivateKey_ASN1, SSL_use_PrivateKey, SSL_use_RSAPrivateKey, SSL_use_RSAPrivateKey_ASN1, SSL_use_RSAPrivateKey_file, SSL_CTX_check_private_key, SSL_check_private_key \- load certificate and key data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 6 +\& int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); +\& int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d); +\& int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); +\& int SSL_use_certificate(SSL *ssl, X509 *x); +\& int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len); +\& int SSL_use_certificate_file(SSL *ssl, const char *file, int type); +.Ve +.Vb 1 +\& int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); +.Ve +.Vb 13 +\& int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); +\& int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, unsigned char *d, +\& long len); +\& int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); +\& int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); +\& int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len); +\& int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); +\& int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); +\& int SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, unsigned char *d, long len); +\& int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); +\& int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); +\& int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); +\& int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); +.Ve +.Vb 2 +\& int SSL_CTX_check_private_key(SSL_CTX *ctx); +\& int SSL_check_private_key(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions load the certificates and private keys into the \s-1SSL_CTX\s0 +or \s-1SSL\s0 object, respectively. +.PP +The SSL_CTX_* class of functions loads the certificates and keys into the +\&\s-1SSL_CTX\s0 object \fBctx\fR. The information is passed to \s-1SSL\s0 objects \fBssl\fR +created from \fBctx\fR with SSL_new(3) by copying, so that +changes applied to \fBctx\fR do not propagate to already existing \s-1SSL\s0 objects. +.PP +The SSL_* class of functions only loads certificates and keys into a +specific \s-1SSL\s0 object. The specific information is kept, when +SSL_clear(3) is called for this \s-1SSL\s0 object. +.PP +\&\fISSL_CTX_use_certificate()\fR loads the certificate \fBx\fR into \fBctx\fR, +\&\fISSL_use_certificate()\fR loads \fBx\fR into \fBssl\fR. The rest of the +certificates needed to form the complete certificate chain can be +specified using the +SSL_CTX_add_extra_chain_cert(3) +function. +.PP +\&\fISSL_CTX_use_certificate_ASN1()\fR loads the \s-1ASN1\s0 encoded certificate from +the memory location \fBd\fR (with length \fBlen\fR) into \fBctx\fR, +\&\fISSL_use_certificate_ASN1()\fR loads the \s-1ASN1\s0 encoded certificate into \fBssl\fR. +.PP +\&\fISSL_CTX_use_certificate_file()\fR loads the first certificate stored in \fBfile\fR +into \fBctx\fR. The formatting \fBtype\fR of the certificate must be specified +from the known types \s-1SSL_FILETYPE_PEM\s0, \s-1SSL_FILETYPE_ASN1\s0. +\&\fISSL_use_certificate_file()\fR loads the certificate from \fBfile\fR into \fBssl\fR. +See the \s-1NOTES\s0 section on why \fISSL_CTX_use_certificate_chain_file()\fR +should be preferred. +.PP +\&\fISSL_CTX_use_certificate_chain_file()\fR loads a certificate chain from +\&\fBfile\fR into \fBctx\fR. The certificates must be in \s-1PEM\s0 format and must +be sorted starting with the certificate to the highest level (root \s-1CA\s0). +There is no corresponding function working on a single \s-1SSL\s0 object. +.PP +\&\fISSL_CTX_use_PrivateKey()\fR adds \fBpkey\fR as private key to \fBctx\fR. +\&\fISSL_CTX_use_RSAPrivateKey()\fR adds the private key \fBrsa\fR of type \s-1RSA\s0 +to \fBctx\fR. \fISSL_use_PrivateKey()\fR adds \fBpkey\fR as private key to \fBssl\fR; +\&\fISSL_use_RSAPrivateKey()\fR adds \fBrsa\fR as private key of type \s-1RSA\s0 to \fBssl\fR. +.PP +\&\fISSL_CTX_use_PrivateKey_ASN1()\fR adds the private key of type \fBpk\fR +stored at memory location \fBd\fR (length \fBlen\fR) to \fBctx\fR. +\&\fISSL_CTX_use_RSAPrivateKey_ASN1()\fR adds the private key of type \s-1RSA\s0 +stored at memory location \fBd\fR (length \fBlen\fR) to \fBctx\fR. +\&\fISSL_use_PrivateKey_ASN1()\fR and \fISSL_use_RSAPrivateKey_ASN1()\fR add the private +key to \fBssl\fR. +.PP +\&\fISSL_CTX_use_PrivateKey_file()\fR adds the first private key found in +\&\fBfile\fR to \fBctx\fR. The formatting \fBtype\fR of the certificate must be specified +from the known types \s-1SSL_FILETYPE_PEM\s0, \s-1SSL_FILETYPE_ASN1\s0. +\&\fISSL_CTX_use_RSAPrivateKey_file()\fR adds the first private \s-1RSA\s0 key found in +\&\fBfile\fR to \fBctx\fR. \fISSL_use_PrivateKey_file()\fR adds the first private key found +in \fBfile\fR to \fBssl\fR; \fISSL_use_RSAPrivateKey_file()\fR adds the first private +\&\s-1RSA\s0 key found to \fBssl\fR. +.PP +\&\fISSL_CTX_check_private_key()\fR checks the consistency of a private key with +the corresponding certificate loaded into \fBctx\fR. If more than one +key/certificate pair (\s-1RSA/DSA\s0) is installed, the last item installed will +be checked. If e.g. the last item was a \s-1RSA\s0 certificate or key, the \s-1RSA\s0 +key/certificate pair will be checked. \fISSL_check_private_key()\fR performs +the same check for \fBssl\fR. If no key/certificate was explicitly added for +this \fBssl\fR, the last item added into \fBctx\fR will be checked. +.SH "NOTES" +.IX Header "NOTES" +The internal certificate store of OpenSSL can hold two private key/certificate +pairs at a time: one key/certificate of type \s-1RSA\s0 and one key/certificate +of type \s-1DSA\s0. The certificate used depends on the cipher select, see +also SSL_CTX_set_cipher_list(3). +.PP +When reading certificates and private keys from file, files of type +\&\s-1SSL_FILETYPE_ASN1\s0 (also known as \fB\s-1DER\s0\fR, binary encoding) can only contain +one certificate or private key, consequently +\&\fISSL_CTX_use_certificate_chain_file()\fR is only applicable to \s-1PEM\s0 formatting. +Files of type \s-1SSL_FILETYPE_PEM\s0 can contain more than one item. +.PP +\&\fISSL_CTX_use_certificate_chain_file()\fR adds the first certificate found +in the file to the certificate store. The other certificates are added +to the store of chain certificates using +SSL_CTX_add_extra_chain_cert(3). +There exists only one extra chain store, so that the same chain is appended +to both types of certificates, \s-1RSA\s0 and \s-1DSA\s0! If it is not intended to use +both type of certificate at the same time, it is recommended to use the +\&\fISSL_CTX_use_certificate_chain_file()\fR instead of the +\&\fISSL_CTX_use_certificate_file()\fR function in order to allow the use of +complete certificate chains even when no trusted \s-1CA\s0 storage is used or +when the \s-1CA\s0 issuing the certificate shall not be added to the trusted +\&\s-1CA\s0 storage. +.PP +If additional certificates are needed to complete the chain during the +\&\s-1TLS\s0 negotiation, \s-1CA\s0 certificates are additionally looked up in the +locations of trusted \s-1CA\s0 certificates, see +SSL_CTX_load_verify_locations(3). +.PP +The private keys loaded from file can be encrypted. In order to successfully +load encrypted keys, a function returning the passphrase must have been +supplied, see +SSL_CTX_set_default_passwd_cb(3). +(Certificate files might be encrypted as well from the technical point +of view, it however does not make sense as the data in the certificate +is considered public anyway.) +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +On success, the functions return 1. +Otherwise check out the error stack to find out the reason. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_new(3), SSL_clear(3), +SSL_CTX_load_verify_locations(3), +SSL_CTX_set_default_passwd_cb(3), +SSL_CTX_set_cipher_list(3), +SSL_CTX_set_client_cert_cb(3), +SSL_CTX_add_extra_chain_cert(3) diff --git a/secure/lib/libssl/man/SSL_SESSION_free.3 b/secure/lib/libssl/man/SSL_SESSION_free.3 new file mode 100644 index 0000000..bf03d05 --- /dev/null +++ b/secure/lib/libssl/man/SSL_SESSION_free.3 @@ -0,0 +1,190 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:35:00 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_SESSION_free 3" +.TH SSL_SESSION_free 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_SESSION_free \- free an allocated \s-1SSL_SESSION\s0 structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& void SSL_SESSION_free(SSL_SESSION *session); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_SESSION_free()\fR decrements the reference count of \fBsession\fR and removes +the \fB\s-1SSL_SESSION\s0\fR structure pointed to by \fBsession\fR and frees up the allocated +memory, if the the reference count has reached 0. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1SSL_SESSION\s0 objects are allocated, when a \s-1TLS/SSL\s0 handshake operation +is successfully completed. Depending on the settings, see +SSL_CTX_set_session_cache_mode(3), +the \s-1SSL_SESSION\s0 objects are internally referenced by the \s-1SSL_CTX\s0 and +linked into its session cache. \s-1SSL\s0 objects may be using the \s-1SSL_SESSION\s0 object; +as a session may be reused, several \s-1SSL\s0 objects may be using one \s-1SSL_SESSION\s0 +object at the same time. It is therefore crucial to keep the reference +count (usage information) correct and not delete a \s-1SSL_SESSION\s0 object +that is still used, as this may lead to program failures due to +dangling pointers. These failures may also appear delayed, e.g. +when an \s-1SSL_SESSION\s0 object was completely freed as the reference count +incorrectly became 0, but it is still referenced in the internal +session cache and the cache list is processed during a +SSL_CTX_flush_sessions(3) operation. +.PP +\&\fISSL_SESSION_free()\fR must only be called for \s-1SSL_SESSION\s0 objects, for +which the reference count was explicitly incremented (e.g. +by calling \fISSL_get1_session()\fR, see SSL_get_session(3)) +or when the \s-1SSL_SESSION\s0 object was generated outside a \s-1TLS\s0 handshake +operation, e.g. by using d2i_SSL_SESSION(3). +It must not be called on other \s-1SSL_SESSION\s0 objects, as this would cause +incorrect reference counts and therefore program failures. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_SESSION_free()\fR does not provide diagnostic information. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_get_session(3), +SSL_CTX_set_session_cache_mode(3), +SSL_CTX_flush_sessions(3), + d2i_SSL_SESSION(3) diff --git a/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 b/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 new file mode 100644 index 0000000..d603f51 --- /dev/null +++ b/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:35:01 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_SESSION_get_ex_new_index 3" +.TH SSL_SESSION_get_ex_new_index 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_SESSION_get_ex_new_index, SSL_SESSION_set_ex_data, SSL_SESSION_get_ex_data \- internal application specific data functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 4 +\& int SSL_SESSION_get_ex_new_index(long argl, void *argp, +\& CRYPTO_EX_new *new_func, +\& CRYPTO_EX_dup *dup_func, +\& CRYPTO_EX_free *free_func); +.Ve +.Vb 1 +\& int SSL_SESSION_set_ex_data(SSL_SESSION *session, int idx, void *arg); +.Ve +.Vb 1 +\& void *SSL_SESSION_get_ex_data(SSL_SESSION *session, int idx); +.Ve +.Vb 6 +\& typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, +\& int idx, long argl, void *argp); +\& typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, +\& int idx, long argl, void *argp); +\& typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, +\& int idx, long argl, void *argp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Several OpenSSL structures can have application specific data attached to them. +These functions are used internally by OpenSSL to manipulate application +specific data attached to a specific structure. +.PP +\&\fISSL_SESSION_get_ex_new_index()\fR is used to register a new index for application +specific data. +.PP +\&\fISSL_SESSION_set_ex_data()\fR is used to store application data at \fBarg\fR for \fBidx\fR +into the \fBsession\fR object. +.PP +\&\fISSL_SESSION_get_ex_data()\fR is used to retrieve the information for \fBidx\fR from +\&\fBsession\fR. +.PP +A detailed description for the \fB*\f(BI_get_ex_new_index()\fB\fR functionality +can be found in RSA_get_ex_new_index(3). +The \fB*\f(BI_get_ex_data()\fB\fR and \fB*\f(BI_set_ex_data()\fB\fR functionality is described in +CRYPTO_set_ex_data(3). +.SH "WARNINGS" +.IX Header "WARNINGS" +The application data is only maintained for sessions held in memory. The +application data is not included when dumping the session with +\&\fIi2d_SSL_SESSION()\fR (and all functions indirectly calling the dump functions +like \fIPEM_write_SSL_SESSION()\fR and \fIPEM_write_bio_SSL_SESSION()\fR) and can +therefore not be restored. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), +RSA_get_ex_new_index(3), +CRYPTO_set_ex_data(3) diff --git a/secure/lib/libssl/man/SSL_SESSION_get_time.3 b/secure/lib/libssl/man/SSL_SESSION_get_time.3 new file mode 100644 index 0000000..b347df5 --- /dev/null +++ b/secure/lib/libssl/man/SSL_SESSION_get_time.3 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:35:02 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_SESSION_get_time 3" +.TH SSL_SESSION_get_time 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_SESSION_get_time, SSL_SESSION_set_time, SSL_SESSION_get_timeout, SSL_SESSION_get_timeout \- retrieve and manipulate session time and timeout settings +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 4 +\& long SSL_SESSION_get_time(SSL_SESSION *s); +\& long SSL_SESSION_set_time(SSL_SESSION *s, long tm); +\& long SSL_SESSION_get_timeout(SSL_SESSION *s); +\& long SSL_SESSION_set_timeout(SSL_SESSION *s, long tm); +.Ve +.Vb 4 +\& long SSL_get_time(SSL_SESSION *s); +\& long SSL_set_time(SSL_SESSION *s, long tm); +\& long SSL_get_timeout(SSL_SESSION *s); +\& long SSL_set_timeout(SSL_SESSION *s, long tm); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_SESSION_get_time()\fR returns the time at which the session \fBs\fR was +established. The time is given in seconds since the Epoch and therefore +compatible to the time delivered by the \fItime()\fR call. +.PP +\&\fISSL_SESSION_set_time()\fR replaces the creation time of the session \fBs\fR with +the chosen value \fBtm\fR. +.PP +\&\fISSL_SESSION_get_timeout()\fR returns the timeout value set for session \fBs\fR +in seconds. +.PP +\&\fISSL_SESSION_set_timeout()\fR sets the timeout value for session \fBs\fR in seconds +to \fBtm\fR. +.PP +The \fISSL_get_time()\fR, \fISSL_set_time()\fR, \fISSL_get_timeout()\fR, and \fISSL_set_timeout()\fR +functions are synonyms for the SSL_SESSION_*() counterparts. +.SH "NOTES" +.IX Header "NOTES" +Sessions are expired by examining the creation time and the timeout value. +Both are set at creation time of the session to the actual time and the +default timeout value at creation, respectively, as set by +SSL_CTX_set_timeout(3). +Using these functions it is possible to extend or shorten the lifetime +of the session. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_SESSION_get_time()\fR and \fISSL_SESSION_get_timeout()\fR return the currently +valid values. +.PP +\&\fISSL_SESSION_set_time()\fR and \fISSL_SESSION_set_timeout()\fR return 1 on success. +.PP +If any of the function is passed the \s-1NULL\s0 pointer for the session \fBs\fR, +0 is returned. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), +SSL_CTX_set_timeout(3), +SSL_get_default_timeout(3) diff --git a/secure/lib/libssl/man/SSL_accept.3 b/secure/lib/libssl/man/SSL_accept.3 new file mode 100644 index 0000000..3990be6 --- /dev/null +++ b/secure/lib/libssl/man/SSL_accept.3 @@ -0,0 +1,202 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:35:03 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_accept 3" +.TH SSL_accept 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_accept \- wait for a \s-1TLS/SSL\s0 client to initiate a \s-1TLS/SSL\s0 handshake +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& int SSL_accept(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_accept()\fR waits for a \s-1TLS/SSL\s0 client to initiate the \s-1TLS/SSL\s0 handshake. +The communication channel must already have been set and assigned to the +\&\fBssl\fR by setting an underlying \fB\s-1BIO\s0\fR. +.SH "NOTES" +.IX Header "NOTES" +The behaviour of \fISSL_accept()\fR depends on the underlying \s-1BIO\s0. +.PP +If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_accept()\fR will only return once the +handshake has been finished or an error occurred, except for \s-1SGC\s0 (Server +Gated Cryptography). For \s-1SGC\s0, \fISSL_accept()\fR may return with \-1, but +\&\fISSL_get_error()\fR will yield \fB\s-1SSL_ERROR_WANT_READ/WRITE\s0\fR and \fISSL_accept()\fR +should be called again. +.PP +If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_accept()\fR will also return +when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_accept()\fR +to continue the handshake. In this case a call to \fISSL_get_error()\fR with the +return value of \fISSL_accept()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after +taking appropriate action to satisfy the needs of \fISSL_accept()\fR. +The action depends on the underlying \s-1BIO\s0. When using a non-blocking socket, +nothing is to be done, but \fIselect()\fR can be used to check for the required +condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data must be written +into or retrieved out of the \s-1BIO\s0 before being able to continue. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.Ip "1" 4 +.IX Item "1" +The \s-1TLS/SSL\s0 handshake was successfully completed, a \s-1TLS/SSL\s0 connection has been +established. +.Ip "0" 4 +The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and +by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fISSL_get_error()\fR with the +return value \fBret\fR to find out the reason. +.Ip "<0" 4 +.IX Item "<0" +The \s-1TLS/SSL\s0 handshake was not successful because a fatal error occurred either +at the protocol level or a connection failure occurred. The shutdown was +not clean. It can also occur of action is need to continue the operation +for non-blocking BIOs. Call \fISSL_get_error()\fR with the return value \fBret\fR +to find out the reason. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +SSL_get_error(3), SSL_connect(3), +SSL_shutdown(3), ssl(3), bio(3), +SSL_set_connect_state(3), +SSL_do_handshake(3), +SSL_CTX_new(3) diff --git a/secure/lib/libssl/man/SSL_alert_type_string.3 b/secure/lib/libssl/man/SSL_alert_type_string.3 new file mode 100644 index 0000000..87d9b37 --- /dev/null +++ b/secure/lib/libssl/man/SSL_alert_type_string.3 @@ -0,0 +1,360 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:35:03 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_alert_type_string 3" +.TH SSL_alert_type_string 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_alert_type_string, SSL_alert_type_string_long, SSL_alert_desc_string, SSL_alert_desc_string_long \- get textual description of alert information +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 2 +\& const char *SSL_alert_type_string(int value); +\& const char *SSL_alert_type_string_long(int value); +.Ve +.Vb 2 +\& const char *SSL_alert_desc_string(int value); +\& const char *SSL_alert_desc_string_long(int value); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_alert_type_string()\fR returns a one letter string indicating the +type of the alert specified by \fBvalue\fR. +.PP +\&\fISSL_alert_type_string_long()\fR returns a string indicating the type of the alert +specified by \fBvalue\fR. +.PP +\&\fISSL_alert_desc_string()\fR returns a two letter string as a short form +describing the reason of the alert specified by \fBvalue\fR. +.PP +\&\fISSL_alert_desc_string_long()\fR returns a string describing the reason +of the alert specified by \fBvalue\fR. +.SH "NOTES" +.IX Header "NOTES" +When one side of an \s-1SSL/TLS\s0 communication wants to inform the peer about +a special situation, it sends an alert. The alert is sent as a special message +and does not influence the normal data stream (unless its contents results +in the communication being canceled). +.PP +A warning alert is sent, when a non-fatal error condition occurs. The +\&\*(L"close notify\*(R" alert is sent as a warning alert. Other examples for +non-fatal errors are certificate errors (\*(L"certificate expired\*(R", +\&\*(L"unsupported certificate\*(R"), for which a warning alert may be sent. +(The sending party may however decide to send a fatal error.) The +receiving side may cancel the connection on reception of a warning +alert on it discretion. +.PP +Several alert messages must be sent as fatal alert messages as specified +by the \s-1TLS\s0 \s-1RFC\s0. A fatal alert always leads to a connection abort. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following strings can occur for \fISSL_alert_type_string()\fR or +\&\fISSL_alert_type_string_long()\fR: +.if n .Ip """""W""""/""""warning""""" 4 +.el .Ip "``W''/``warning''" 4 +.IX Item ""W/warning" +.PD 0 +.if n .Ip """""F""""/""""fatal""""" 4 +.el .Ip "``F''/``fatal''" 4 +.IX Item ""F/fatal" +.if n .Ip """""U""""/""""unknown""""" 4 +.el .Ip "``U''/``unknown''" 4 +.IX Item ""U/unknown" +.PD +This indicates that no support is available for this alert type. +Probably \fBvalue\fR does not contain a correct alert message. +.PP +The following strings can occur for \fISSL_alert_desc_string()\fR or +\&\fISSL_alert_desc_string_long()\fR: +.if n .Ip """""\s-1CN\s0""""/""""close notify""""" 4 +.el .Ip "``\s-1CN\s0''/``close notify''" 4 +.IX Item ""CN/close notify" +The connection shall be closed. This is a warning alert. +.if n .Ip """""\s-1UM\s0""""/""""unexpected message""""" 4 +.el .Ip "``\s-1UM\s0''/``unexpected message''" 4 +.IX Item ""UM/unexpected message" +An inappropriate message was received. This alert is always fatal +and should never be observed in communication between proper +implementations. +.if n .Ip """""\s-1BM\s0""""/""""bad record mac""""" 4 +.el .Ip "``\s-1BM\s0''/``bad record mac''" 4 +.IX Item ""BM/bad record mac" +This alert is returned if a record is received with an incorrect +\&\s-1MAC\s0. This message is always fatal. +.if n .Ip """""\s-1DF\s0""""/""""decompression failure""""" 4 +.el .Ip "``\s-1DF\s0''/``decompression failure''" 4 +.IX Item ""DF/decompression failure" +The decompression function received improper input (e.g. data +that would expand to excessive length). This message is always +fatal. +.if n .Ip """""\s-1HF\s0""""/""""handshake failure""""" 4 +.el .Ip "``\s-1HF\s0''/``handshake failure''" 4 +.IX Item ""HF/handshake failure" +Reception of a handshake_failure alert message indicates that the +sender was unable to negotiate an acceptable set of security +parameters given the options available. This is a fatal error. +.if n .Ip """""\s-1NC\s0""""/""""no certificate""""" 4 +.el .Ip "``\s-1NC\s0''/``no certificate''" 4 +.IX Item ""NC/no certificate" +A client, that was asked to send a certificate, does not send a certificate +(SSLv3 only). +.if n .Ip """""\s-1BC\s0""""/""""bad certificate""""" 4 +.el .Ip "``\s-1BC\s0''/``bad certificate''" 4 +.IX Item ""BC/bad certificate" +A certificate was corrupt, contained signatures that did not +verify correctly, etc +.if n .Ip """""\s-1UC\s0""""/""""unsupported certificate""""" 4 +.el .Ip "``\s-1UC\s0''/``unsupported certificate''" 4 +.IX Item ""UC/unsupported certificate" +A certificate was of an unsupported type. +.if n .Ip """""\s-1CR\s0""""/""""certificate revoked""""" 4 +.el .Ip "``\s-1CR\s0''/``certificate revoked''" 4 +.IX Item ""CR/certificate revoked" +A certificate was revoked by its signer. +.if n .Ip """""\s-1CE\s0""""/""""certificate expired""""" 4 +.el .Ip "``\s-1CE\s0''/``certificate expired''" 4 +.IX Item ""CE/certificate expired" +A certificate has expired or is not currently valid. +.if n .Ip """""\s-1CU\s0""""/""""certificate unknown""""" 4 +.el .Ip "``\s-1CU\s0''/``certificate unknown''" 4 +.IX Item ""CU/certificate unknown" +Some other (unspecified) issue arose in processing the +certificate, rendering it unacceptable. +.if n .Ip """""\s-1IP\s0""""/""""illegal parameter""""" 4 +.el .Ip "``\s-1IP\s0''/``illegal parameter''" 4 +.IX Item ""IP/illegal parameter" +A field in the handshake was out of range or inconsistent with +other fields. This is always fatal. +.if n .Ip """""\s-1DC\s0""""/""""decryption failed""""" 4 +.el .Ip "``\s-1DC\s0''/``decryption failed''" 4 +.IX Item ""DC/decryption failed" +A TLSCiphertext decrypted in an invalid way: either it wasn't an +even multiple of the block length or its padding values, when +checked, weren't correct. This message is always fatal. +.if n .Ip """""\s-1RO\s0""""/""""record overflow""""" 4 +.el .Ip "``\s-1RO\s0''/``record overflow''" 4 +.IX Item ""RO/record overflow" +A TLSCiphertext record was received which had a length more than +2^14+2048 bytes, or a record decrypted to a TLSCompressed record +with more than 2^14+1024 bytes. This message is always fatal. +.if n .Ip """""\s-1CA\s0""""/""""unknown \s-1CA\s0""""" 4 +.el .Ip "``\s-1CA\s0''/``unknown \s-1CA\s0''" 4 +.IX Item ""CA/unknown CA" +A valid certificate chain or partial chain was received, but the +certificate was not accepted because the \s-1CA\s0 certificate could not +be located or couldn't be matched with a known, trusted \s-1CA\s0. This +message is always fatal. +.if n .Ip """""\s-1AD\s0""""/""""access denied""""" 4 +.el .Ip "``\s-1AD\s0''/``access denied''" 4 +.IX Item ""AD/access denied" +A valid certificate was received, but when access control was +applied, the sender decided not to proceed with negotiation. +This message is always fatal. +.if n .Ip """""\s-1DE\s0""""/""""decode error""""" 4 +.el .Ip "``\s-1DE\s0''/``decode error''" 4 +.IX Item ""DE/decode error" +A message could not be decoded because some field was out of the +specified range or the length of the message was incorrect. This +message is always fatal. +.if n .Ip """""\s-1CY\s0""""/""""decrypt error""""" 4 +.el .Ip "``\s-1CY\s0''/``decrypt error''" 4 +.IX Item ""CY/decrypt error" +A handshake cryptographic operation failed, including being +unable to correctly verify a signature, decrypt a key exchange, +or validate a finished message. +.if n .Ip """""\s-1ER\s0""""/""""export restriction""""" 4 +.el .Ip "``\s-1ER\s0''/``export restriction''" 4 +.IX Item ""ER/export restriction" +A negotiation not in compliance with export restrictions was +detected; for example, attempting to transfer a 1024 bit +ephemeral \s-1RSA\s0 key for the \s-1RSA_EXPORT\s0 handshake method. This +message is always fatal. +.if n .Ip """""\s-1PV\s0""""/""""protocol version""""" 4 +.el .Ip "``\s-1PV\s0''/``protocol version''" 4 +.IX Item ""PV/protocol version" +The protocol version the client has attempted to negotiate is +recognized, but not supported. (For example, old protocol +versions might be avoided for security reasons). This message is +always fatal. +.if n .Ip """""\s-1IS\s0""""/""""insufficient security""""" 4 +.el .Ip "``\s-1IS\s0''/``insufficient security''" 4 +.IX Item ""IS/insufficient security" +Returned instead of handshake_failure when a negotiation has +failed specifically because the server requires ciphers more +secure than those supported by the client. This message is always +fatal. +.if n .Ip """""\s-1IE\s0""""/""""internal error""""" 4 +.el .Ip "``\s-1IE\s0''/``internal error''" 4 +.IX Item ""IE/internal error" +An internal error unrelated to the peer or the correctness of the +protocol makes it impossible to continue (such as a memory +allocation failure). This message is always fatal. +.if n .Ip """""\s-1US\s0""""/""""user canceled""""" 4 +.el .Ip "``\s-1US\s0''/``user canceled''" 4 +.IX Item ""US/user canceled" +This handshake is being canceled for some reason unrelated to a +protocol failure. If the user cancels an operation after the +handshake is complete, just closing the connection by sending a +close_notify is more appropriate. This alert should be followed +by a close_notify. This message is generally a warning. +.if n .Ip """""\s-1NR\s0""""/""""no renegotiation""""" 4 +.el .Ip "``\s-1NR\s0''/``no renegotiation''" 4 +.IX Item ""NR/no renegotiation" +Sent by the client in response to a hello request or by the +server in response to a client hello after initial handshaking. +Either of these would normally lead to renegotiation; when that +is not appropriate, the recipient should respond with this alert; +at that point, the original requester can decide whether to +proceed with the connection. One case where this would be +appropriate would be where a server has spawned a process to +satisfy a request; the process might receive security parameters +(key length, authentication, etc.) at startup and it might be +difficult to communicate changes to these parameters after that +point. This message is always a warning. +.if n .Ip """""\s-1UK\s0""""/""""unknown""""" 4 +.el .Ip "``\s-1UK\s0''/``unknown''" 4 +.IX Item ""UK/unknown" +This indicates that no description is available for this alert type. +Probably \fBvalue\fR does not contain a correct alert message. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_CTX_set_info_callback(3) diff --git a/secure/lib/libssl/man/SSL_clear.3 b/secure/lib/libssl/man/SSL_clear.3 new file mode 100644 index 0000000..657be53 --- /dev/null +++ b/secure/lib/libssl/man/SSL_clear.3 @@ -0,0 +1,197 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:35:05 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_clear 3" +.TH SSL_clear 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_clear \- reset \s-1SSL\s0 object to allow another connection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& int SSL_clear(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Reset \fBssl\fR to allow another connection. All settings (method, ciphers, +BIOs) are kept. +.SH "NOTES" +.IX Header "NOTES" +SSL_clear is used to prepare an \s-1SSL\s0 object for a new connection. While all +settings are kept, a side effect is the handling of the current \s-1SSL\s0 session. +If a session is still \fBopen\fR, it is considered bad and will be removed +from the session cache, as required by \s-1RFC2246\s0. A session is considered open, +if SSL_shutdown(3) was not called for the connection +or at least SSL_set_shutdown(3) was used to +set the \s-1SSL_SENT_SHUTDOWN\s0 state. +.PP +If a session was closed cleanly, the session object will be kept and all +settings corresponding. This explicitly means, that e.g. the special method +used during the session will be kept for the next handshake. So if the +session was a TLSv1 session, a \s-1SSL\s0 client object will use a TLSv1 client +method for the next handshake and a \s-1SSL\s0 server object will use a TLSv1 +server method, even if SSLv23_*_methods were chosen on startup. This +will might lead to connection failures (see SSL_new(3)) +for a description of the method's properties. +.SH "WARNINGS" +.IX Header "WARNINGS" +\&\fISSL_clear()\fR resets the \s-1SSL\s0 object to allow for another connection. The +reset operation however keeps several settings of the last sessions +(some of these settings were made automatically during the last +handshake). It only makes sense when opening a new session (or reusing +an old one) with the same peer that shares these settings. +\&\fISSL_clear()\fR is not a short form for the sequence +SSL_free(3); SSL_new(3); . +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.Ip "0" 4 +The \fISSL_clear()\fR operation could not be performed. Check the error stack to +find out the reason. +.Ip "1" 4 +.IX Item "1" +The \fISSL_clear()\fR operation was successful. +.PP +SSL_new(3), SSL_free(3), +SSL_shutdown(3), SSL_set_shutdown(3), +SSL_CTX_set_options(3), ssl(3), +SSL_CTX_set_client_cert_cb(3) diff --git a/secure/lib/libssl/man/SSL_connect.3 b/secure/lib/libssl/man/SSL_connect.3 new file mode 100644 index 0000000..12b3bb0 --- /dev/null +++ b/secure/lib/libssl/man/SSL_connect.3 @@ -0,0 +1,199 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:35:06 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_connect 3" +.TH SSL_connect 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_connect \- initiate the \s-1TLS/SSL\s0 handshake with an \s-1TLS/SSL\s0 server +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& int SSL_connect(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_connect()\fR initiates the \s-1TLS/SSL\s0 handshake with a server. The communication +channel must already have been set and assigned to the \fBssl\fR by setting an +underlying \fB\s-1BIO\s0\fR. +.SH "NOTES" +.IX Header "NOTES" +The behaviour of \fISSL_connect()\fR depends on the underlying \s-1BIO\s0. +.PP +If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_connect()\fR will only return once the +handshake has been finished or an error occurred. +.PP +If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_connect()\fR will also return +when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_connect()\fR +to continue the handshake. In this case a call to \fISSL_get_error()\fR with the +return value of \fISSL_connect()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after +taking appropriate action to satisfy the needs of \fISSL_connect()\fR. +The action depends on the underlying \s-1BIO\s0. When using a non-blocking socket, +nothing is to be done, but \fIselect()\fR can be used to check for the required +condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data must be written +into or retrieved out of the \s-1BIO\s0 before being able to continue. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.Ip "1" 4 +.IX Item "1" +The \s-1TLS/SSL\s0 handshake was successfully completed, a \s-1TLS/SSL\s0 connection has been +established. +.Ip "0" 4 +The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and +by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fISSL_get_error()\fR with the +return value \fBret\fR to find out the reason. +.Ip "<0" 4 +.IX Item "<0" +The \s-1TLS/SSL\s0 handshake was not successful, because a fatal error occurred either +at the protocol level or a connection failure occurred. The shutdown was +not clean. It can also occur of action is need to continue the operation +for non-blocking BIOs. Call \fISSL_get_error()\fR with the return value \fBret\fR +to find out the reason. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +SSL_get_error(3), SSL_accept(3), +SSL_shutdown(3), ssl(3), bio(3), +SSL_set_connect_state(3), +SSL_do_handshake(3), +SSL_CTX_new(3) diff --git a/secure/lib/libssl/man/SSL_do_handshake.3 b/secure/lib/libssl/man/SSL_do_handshake.3 new file mode 100644 index 0000000..d9c5db9 --- /dev/null +++ b/secure/lib/libssl/man/SSL_do_handshake.3 @@ -0,0 +1,202 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:35:06 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_do_handshake 3" +.TH SSL_do_handshake 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_do_handshake \- perform a \s-1TLS/SSL\s0 handshake +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& int SSL_do_handshake(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_do_handshake()\fR will wait for a \s-1SSL/TLS\s0 handshake to take place. If the +connection is in client mode, the handshake will be started. The handshake +routines may have to be explicitly set in advance using either +SSL_set_connect_state(3) or +SSL_set_accept_state(3). +.SH "NOTES" +.IX Header "NOTES" +The behaviour of \fISSL_do_handshake()\fR depends on the underlying \s-1BIO\s0. +.PP +If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_do_handshake()\fR will only return +once the handshake has been finished or an error occurred, except for \s-1SGC\s0 +(Server Gated Cryptography). For \s-1SGC\s0, \fISSL_do_handshake()\fR may return with \-1, +but \fISSL_get_error()\fR will yield \fB\s-1SSL_ERROR_WANT_READ/WRITE\s0\fR and +\&\fISSL_do_handshake()\fR should be called again. +.PP +If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_do_handshake()\fR will also return +when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_do_handshake()\fR +to continue the handshake. In this case a call to \fISSL_get_error()\fR with the +return value of \fISSL_do_handshake()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after +taking appropriate action to satisfy the needs of \fISSL_do_handshake()\fR. +The action depends on the underlying \s-1BIO\s0. When using a non-blocking socket, +nothing is to be done, but \fIselect()\fR can be used to check for the required +condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data must be written +into or retrieved out of the \s-1BIO\s0 before being able to continue. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.Ip "1" 4 +.IX Item "1" +The \s-1TLS/SSL\s0 handshake was successfully completed, a \s-1TLS/SSL\s0 connection has been +established. +.Ip "0" 4 +The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and +by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fISSL_get_error()\fR with the +return value \fBret\fR to find out the reason. +.Ip "<0" 4 +.IX Item "<0" +The \s-1TLS/SSL\s0 handshake was not successful because a fatal error occurred either +at the protocol level or a connection failure occurred. The shutdown was +not clean. It can also occur of action is need to continue the operation +for non-blocking BIOs. Call \fISSL_get_error()\fR with the return value \fBret\fR +to find out the reason. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +SSL_get_error(3), SSL_connect(3), +SSL_accept(3), ssl(3), bio(3), +SSL_set_connect_state(3) diff --git a/secure/lib/libssl/man/SSL_free.3 b/secure/lib/libssl/man/SSL_free.3 new file mode 100644 index 0000000..65a6b8f --- /dev/null +++ b/secure/lib/libssl/man/SSL_free.3 @@ -0,0 +1,180 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:35:07 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_free 3" +.TH SSL_free 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_free \- free an allocated \s-1SSL\s0 structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& void SSL_free(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_free()\fR decrements the reference count of \fBssl\fR, and removes the \s-1SSL\s0 +structure pointed to by \fBssl\fR and frees up the allocated memory if the +the reference count has reached 0. +.SH "NOTES" +.IX Header "NOTES" +\&\fISSL_free()\fR also calls the \fIfree()\fRing procedures for indirectly affected items, if +applicable: the buffering \s-1BIO\s0, the read and write BIOs, +cipher lists specially created for this \fBssl\fR, the \fB\s-1SSL_SESSION\s0\fR. +Do not explicitly free these indirectly freed up items before or after +calling \fISSL_free()\fR, as trying to free things twice may lead to program +failure. +.PP +The ssl session has reference counts from two users: the \s-1SSL\s0 object, for +which the reference count is removed by \fISSL_free()\fR and the internal +session cache. If the session is considered bad, because +SSL_shutdown(3) was not called for the connection +and SSL_set_shutdown(3) was not used to set the +\&\s-1SSL_SENT_SHUTDOWN\s0 state, the session will also be removed +from the session cache as required by \s-1RFC2246\s0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_free()\fR does not provide diagnostic information. +.PP +SSL_new(3), SSL_clear(3), +SSL_shutdown(3), SSL_set_shutdown(3), +ssl(3) diff --git a/secure/lib/libssl/man/SSL_get_SSL_CTX.3 b/secure/lib/libssl/man/SSL_get_SSL_CTX.3 new file mode 100644 index 0000000..b8f2a94 --- /dev/null +++ b/secure/lib/libssl/man/SSL_get_SSL_CTX.3 @@ -0,0 +1,162 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:35:08 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_get_SSL_CTX 3" +.TH SSL_get_SSL_CTX 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_get_SSL_CTX \- get the \s-1SSL_CTX\s0 from which an \s-1SSL\s0 is created +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& SSL_CTX *SSL_get_SSL_CTX(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_SSL_CTX()\fR returns a pointer to the \s-1SSL_CTX\s0 object, from which +\&\fBssl\fR was created with SSL_new(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The pointer to the \s-1SSL_CTX\s0 object is returned. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_new(3) diff --git a/secure/lib/libssl/man/SSL_get_ciphers.3 b/secure/lib/libssl/man/SSL_get_ciphers.3 new file mode 100644 index 0000000..54dccf3 --- /dev/null +++ b/secure/lib/libssl/man/SSL_get_ciphers.3 @@ -0,0 +1,177 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:35:09 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_get_ciphers 3" +.TH SSL_get_ciphers 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_get_ciphers, SSL_get_cipher_list \- get list of available SSL_CIPHERs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 2 +\& STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *ssl); +\& const char *SSL_get_cipher_list(SSL *ssl, int priority); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_ciphers()\fR returns the stack of available SSL_CIPHERs for \fBssl\fR, +sorted by preference. If \fBssl\fR is \s-1NULL\s0 or no ciphers are available, \s-1NULL\s0 +is returned. +.PP +\&\fISSL_get_cipher_list()\fR returns a pointer to the name of the \s-1SSL_CIPHER\s0 +listed for \fBssl\fR with \fBpriority\fR. If \fBssl\fR is \s-1NULL\s0, no ciphers are +available, or there are less ciphers than \fBpriority\fR available, \s-1NULL\s0 +is returned. +.SH "NOTES" +.IX Header "NOTES" +The details of the ciphers obtained by \fISSL_get_ciphers()\fR can be obtained using +the SSL_CIPHER_get_name(3) family of functions. +.PP +Call \fISSL_get_cipher_list()\fR with \fBpriority\fR starting from 0 to obtain the +sorted list of available ciphers, until \s-1NULL\s0 is returned. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +See \s-1DESCRIPTION\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_CTX_set_cipher_list(3), +SSL_CIPHER_get_name(3) diff --git a/secure/lib/libssl/man/SSL_get_client_CA_list.3 b/secure/lib/libssl/man/SSL_get_client_CA_list.3 new file mode 100644 index 0000000..9221575 --- /dev/null +++ b/secure/lib/libssl/man/SSL_get_client_CA_list.3 @@ -0,0 +1,183 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:35:10 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_get_client_CA_list 3" +.TH SSL_get_client_CA_list 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_get_client_CA_list, SSL_CTX_get_client_CA_list \- get list of client CAs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 2 +\& STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s); +\& STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_get_client_CA_list()\fR returns the list of client CAs explicitly set for +\&\fBctx\fR using SSL_CTX_set_client_CA_list(3). +.PP +\&\fISSL_get_client_CA_list()\fR returns the list of client CAs explicitly +set for \fBssl\fR using \fISSL_set_client_CA_list()\fR or \fBssl\fR's \s-1SSL_CTX\s0 object with +SSL_CTX_set_client_CA_list(3), when in +server mode. In client mode, SSL_get_client_CA_list returns the list of +client CAs sent from the server, if any. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_client_CA_list()\fR and \fISSL_set_client_CA_list()\fR do not return +diagnostic information. +.PP +\&\fISSL_CTX_add_client_CA()\fR and \fISSL_add_client_CA()\fR have the following return +values: +.Ip "STACK_OF(X509_NAMES)" 4 +.IX Item "STACK_OF(X509_NAMES)" +List of \s-1CA\s0 names explicitly set (for \fBctx\fR or in server mode) or send +by the server (client mode). +.Ip "\s-1NULL\s0" 4 +.IX Item "NULL" +No client \s-1CA\s0 list was explicitly set (for \fBctx\fR or in server mode) or +the server did not send a list of CAs (client mode). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), +SSL_CTX_set_client_CA_list(3), +SSL_CTX_set_client_cert_cb(3) diff --git a/secure/lib/libssl/man/SSL_get_current_cipher.3 b/secure/lib/libssl/man/SSL_get_current_cipher.3 new file mode 100644 index 0000000..22e8bd3 --- /dev/null +++ b/secure/lib/libssl/man/SSL_get_current_cipher.3 @@ -0,0 +1,179 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:35:11 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_get_current_cipher 3" +.TH SSL_get_current_cipher 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_get_current_cipher, SSL_get_cipher, SSL_get_cipher_name, +SSL_get_cipher_bits, SSL_get_cipher_version \- get \s-1SSL_CIPHER\s0 of a connection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 9 +\& SSL_CIPHER *SSL_get_current_cipher(SSL *ssl); +\& #define SSL_get_cipher(s) \e +\& SSL_CIPHER_get_name(SSL_get_current_cipher(s)) +\& #define SSL_get_cipher_name(s) \e +\& SSL_CIPHER_get_name(SSL_get_current_cipher(s)) +\& #define SSL_get_cipher_bits(s,np) \e +\& SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np) +\& #define SSL_get_cipher_version(s) \e +\& SSL_CIPHER_get_version(SSL_get_current_cipher(s)) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_current_cipher()\fR returns a pointer to an \s-1SSL_CIPHER\s0 object containing +the description of the actually used cipher of a connection established with +the \fBssl\fR object. +.PP +\&\fISSL_get_cipher()\fR and \fISSL_get_cipher_name()\fR are identical macros to obtain the +name of the currently used cipher. \fISSL_get_cipher_bits()\fR is a +macro to obtain the number of secret/algorithm bits used and +\&\fISSL_get_cipher_version()\fR returns the protocol name. +See SSL_CIPHER_get_name(3) for more details. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_get_current_cipher()\fR returns the cipher actually used or \s-1NULL\s0, when +no session has been established. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_CIPHER_get_name(3) diff --git a/secure/lib/libssl/man/SSL_get_default_timeout.3 b/secure/lib/libssl/man/SSL_get_default_timeout.3 new file mode 100644 index 0000000..037b17e --- /dev/null +++ b/secure/lib/libssl/man/SSL_get_default_timeout.3 @@ -0,0 +1,176 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:35:12 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_get_default_timeout 3" +.TH SSL_get_default_timeout 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_get_default_timeout \- get default session timeout value +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& long SSL_get_default_timeout(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_default_timeout()\fR returns the default timeout value assigned to +\&\s-1SSL_SESSION\s0 objects negotiated for the protocol valid for \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +Whenever a new session is negotiated, it is assigned a timeout value, +after which it will not be accepted for session reuse. If the timeout +value was not explicitly set using +SSL_CTX_set_timeout(3), the hardcoded default +timeout for the protocol will be used. +.PP +\&\fISSL_get_default_timeout()\fR return this hardcoded value, which is 300 seconds +for all currently supported protocols (SSLv2, SSLv3, and TLSv1). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +See description. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), +SSL_CTX_set_session_cache_mode(3), +SSL_SESSION_get_time(3), +SSL_CTX_flush_sessions(3), +SSL_get_default_timeout(3) diff --git a/secure/lib/libssl/man/SSL_get_error.3 b/secure/lib/libssl/man/SSL_get_error.3 new file mode 100644 index 0000000..745ae3a --- /dev/null +++ b/secure/lib/libssl/man/SSL_get_error.3 @@ -0,0 +1,238 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:35:13 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_get_error 3" +.TH SSL_get_error 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_get_error \- obtain result code for \s-1TLS/SSL\s0 I/O operation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& int SSL_get_error(SSL *ssl, int ret); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_error()\fR returns a result code (suitable for the C \*(L"switch\*(R" +statement) for a preceding call to \fISSL_connect()\fR, \fISSL_accept()\fR, \fISSL_do_handshake()\fR, +\&\fISSL_read()\fR, \fISSL_peek()\fR, or \fISSL_write()\fR on \fBssl\fR. The value returned by +that \s-1TLS/SSL\s0 I/O function must be passed to \fISSL_get_error()\fR in parameter +\&\fBret\fR. +.PP +In addition to \fBssl\fR and \fBret\fR, \fISSL_get_error()\fR inspects the +current thread's OpenSSL error queue. Thus, \fISSL_get_error()\fR must be +used in the same thread that performed the \s-1TLS/SSL\s0 I/O operation, and no +other OpenSSL function calls should appear in between. The current +thread's error queue must be empty before the \s-1TLS/SSL\s0 I/O operation is +attempted, or \fISSL_get_error()\fR will not work reliably. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can currently occur: +.Ip "\s-1SSL_ERROR_NONE\s0" 4 +.IX Item "SSL_ERROR_NONE" +The \s-1TLS/SSL\s0 I/O operation completed. This result code is returned +if and only if \fBret > 0\fR. +.Ip "\s-1SSL_ERROR_ZERO_RETURN\s0" 4 +.IX Item "SSL_ERROR_ZERO_RETURN" +The \s-1TLS/SSL\s0 connection has been closed. If the protocol version is \s-1SSL\s0 3.0 +or \s-1TLS\s0 1.0, this result code is returned only if a closure +alert has occurred in the protocol, i.e. if the connection has been +closed cleanly. Note that in this case \fB\s-1SSL_ERROR_ZERO_RETURN\s0\fR +does not necessarily indicate that the underlying transport +has been closed. +.Ip "\s-1SSL_ERROR_WANT_READ\s0, \s-1SSL_ERROR_WANT_WRITE\s0" 4 +.IX Item "SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE" +The operation did not complete; the same \s-1TLS/SSL\s0 I/O function should be +called again later. If, by then, the underlying \fB\s-1BIO\s0\fR has data +available for reading (if the result code is \fB\s-1SSL_ERROR_WANT_READ\s0\fR) +or allows writing data (\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR), then some \s-1TLS/SSL\s0 +protocol progress will take place, i.e. at least part of an \s-1TLS/SSL\s0 +record will be read or written. Note that the retry may again lead to +a \fB\s-1SSL_ERROR_WANT_READ\s0\fR or \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR condition. +There is no fixed upper limit for the number of iterations that +may be necessary until progress becomes visible at application +protocol level. +.Sp +For socket \fB\s-1BIO\s0\fRs (e.g. when \fISSL_set_fd()\fR was used), \fIselect()\fR or +\&\fIpoll()\fR on the underlying socket can be used to find out when the +\&\s-1TLS/SSL\s0 I/O function should be retried. +.Sp +Caveat: Any \s-1TLS/SSL\s0 I/O function can lead to either of +\&\fB\s-1SSL_ERROR_WANT_READ\s0\fR and \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. In particular, +\&\fISSL_read()\fR or \fISSL_peek()\fR may want to write data and \fISSL_write()\fR may want +to read data. This is mainly because \s-1TLS/SSL\s0 handshakes may occur at any +time during the protocol (initiated by either the client or the server); +\&\fISSL_read()\fR, \fISSL_peek()\fR, and \fISSL_write()\fR will handle any pending handshakes. +.Ip "\s-1SSL_ERROR_WANT_CONNECT\s0, \s-1SSL_ERROR_WANT_ACCEPT\s0" 4 +.IX Item "SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT" +The operation did not complete; the same \s-1TLS/SSL\s0 I/O function should be +called again later. The underlying \s-1BIO\s0 was not connected yet to the peer +and the call would block in \fIconnect()\fR/\fIaccept()\fR. The \s-1SSL\s0 function should be +called again when the connection is established. These messages can only +appear with a \fIBIO_s_connect()\fR or \fIBIO_s_accept()\fR \s-1BIO\s0, respectively. +In order to find out, when the connection has been successfully established, +on many platforms \fIselect()\fR or \fIpoll()\fR for writing on the socket file descriptor +can be used. +.Ip "\s-1SSL_ERROR_WANT_X509_LOOKUP\s0" 4 +.IX Item "SSL_ERROR_WANT_X509_LOOKUP" +The operation did not complete because an application callback set by +\&\fISSL_CTX_set_client_cert_cb()\fR has asked to be called again. +The \s-1TLS/SSL\s0 I/O function should be called again later. +Details depend on the application. +.Ip "\s-1SSL_ERROR_SYSCALL\s0" 4 +.IX Item "SSL_ERROR_SYSCALL" +Some I/O error occurred. The OpenSSL error queue may contain more +information on the error. If the error queue is empty +(i.e. \fIERR_get_error()\fR returns 0), \fBret\fR can be used to find out more +about the error: If \fBret == 0\fR, an \s-1EOF\s0 was observed that violates +the protocol. If \fBret == \-1\fR, the underlying \fB\s-1BIO\s0\fR reported an +I/O error (for socket I/O on Unix systems, consult \fBerrno\fR for details). +.Ip "\s-1SSL_ERROR_SSL\s0" 4 +.IX Item "SSL_ERROR_SSL" +A failure in the \s-1SSL\s0 library occurred, usually a protocol error. The +OpenSSL error queue contains more information on the error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), err(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fISSL_get_error()\fR was added in SSLeay 0.8. diff --git a/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 b/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 new file mode 100644 index 0000000..1810c9e --- /dev/null +++ b/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 @@ -0,0 +1,190 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:35:14 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_get_ex_data_X509_STORE_CTX_idx 3" +.TH SSL_get_ex_data_X509_STORE_CTX_idx 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_get_ex_data_X509_STORE_CTX_idx \- get ex_data index to access \s-1SSL\s0 structure +from X509_STORE_CTX +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& int SSL_get_ex_data_X509_STORE_CTX_idx(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_ex_data_X509_STORE_CTX_idx()\fR returns the index number under which +the pointer to the \s-1SSL\s0 object is stored into the X509_STORE_CTX object. +.SH "NOTES" +.IX Header "NOTES" +Whenever a X509_STORE_CTX object is created for the verification of the +peers certificate during a handshake, a pointer to the \s-1SSL\s0 object is +stored into the X509_STORE_CTX object to identify the connection affected. +To retrieve this pointer the \fIX509_STORE_CTX_get_ex_data()\fR function can +be used with the correct index. This index is globally the same for all +X509_STORE_CTX objects and can be retrieved using +\&\fISSL_get_ex_data_X509_STORE_CTX_idx()\fR. The index value is set when +\&\fISSL_get_ex_data_X509_STORE_CTX_idx()\fR is first called either by the application +program directly or indirectly during other \s-1SSL\s0 setup functions or during +the handshake. +.PP +The value depends on other index values defined for X509_STORE_CTX objects +before the \s-1SSL\s0 index is created. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +.Ip ">=0" 4 +.IX Item ">=0" +The index value to access the pointer. +.Ip "<0" 4 +.IX Item "<0" +An error occurred, check the error stack for a detailed error message. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The index returned from \fISSL_get_ex_data_X509_STORE_CTX_idx()\fR allows to +access the \s-1SSL\s0 object for the connection to be accessed during the +\&\fIverify_callback()\fR when checking the peers certificate. Please check +the example in SSL_CTX_set_verify(3), +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_CTX_set_verify(3), +CRYPTO_set_ex_data(3) diff --git a/secure/lib/libssl/man/SSL_get_ex_new_index.3 b/secure/lib/libssl/man/SSL_get_ex_new_index.3 new file mode 100644 index 0000000..da51320 --- /dev/null +++ b/secure/lib/libssl/man/SSL_get_ex_new_index.3 @@ -0,0 +1,198 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:35:15 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_get_ex_new_index 3" +.TH SSL_get_ex_new_index 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_get_ex_new_index, SSL_set_ex_data, SSL_get_ex_data \- internal application specific data functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 4 +\& int SSL_get_ex_new_index(long argl, void *argp, +\& CRYPTO_EX_new *new_func, +\& CRYPTO_EX_dup *dup_func, +\& CRYPTO_EX_free *free_func); +.Ve +.Vb 1 +\& int SSL_set_ex_data(SSL *ssl, int idx, void *arg); +.Ve +.Vb 1 +\& void *SSL_get_ex_data(SSL *ssl, int idx); +.Ve +.Vb 6 +\& typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, +\& int idx, long argl, void *argp); +\& typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, +\& int idx, long argl, void *argp); +\& typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, +\& int idx, long argl, void *argp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Several OpenSSL structures can have application specific data attached to them. +These functions are used internally by OpenSSL to manipulate application +specific data attached to a specific structure. +.PP +\&\fISSL_get_ex_new_index()\fR is used to register a new index for application +specific data. +.PP +\&\fISSL_set_ex_data()\fR is used to store application data at \fBarg\fR for \fBidx\fR into +the \fBssl\fR object. +.PP +\&\fISSL_get_ex_data()\fR is used to retrieve the information for \fBidx\fR from +\&\fBssl\fR. +.PP +A detailed description for the \fB*\f(BI_get_ex_new_index()\fB\fR functionality +can be found in RSA_get_ex_new_index(3). +The \fB*\f(BI_get_ex_data()\fB\fR and \fB*\f(BI_set_ex_data()\fB\fR functionality is described in +CRYPTO_set_ex_data(3). +.SH "EXAMPLES" +.IX Header "EXAMPLES" +An example on how to use the functionality is included in the example +\&\fIverify_callback()\fR in SSL_CTX_set_verify(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), +RSA_get_ex_new_index(3), +CRYPTO_set_ex_data(3), +SSL_CTX_set_verify(3) diff --git a/secure/lib/libssl/man/SSL_get_fd.3 b/secure/lib/libssl/man/SSL_get_fd.3 new file mode 100644 index 0000000..75f9557 --- /dev/null +++ b/secure/lib/libssl/man/SSL_get_fd.3 @@ -0,0 +1,174 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:35:16 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_get_fd 3" +.TH SSL_get_fd 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_get_fd \- get file descriptor linked to an \s-1SSL\s0 object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 3 +\& int SSL_get_fd(SSL *ssl); +\& int SSL_get_rfd(SSL *ssl); +\& int SSL_get_wfd(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_fd()\fR returns the file descriptor which is linked to \fBssl\fR. +\&\fISSL_get_rfd()\fR and \fISSL_get_wfd()\fR return the file descriptors for the +read or the write channel, which can be different. If the read and the +write channel are different, \fISSL_get_fd()\fR will return the file descriptor +of the read channel. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.Ip "\-1" 4 +.IX Item "-1" +The operation failed, because the underlying \s-1BIO\s0 is not of the correct type +(suitable for file descriptors). +.Ip ">=0" 4 +.IX Item ">=0" +The file descriptor linked to \fBssl\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +SSL_set_fd(3), ssl(3) , bio(3) diff --git a/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 b/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 new file mode 100644 index 0000000..ab3d7af --- /dev/null +++ b/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 @@ -0,0 +1,181 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:35:17 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_get_peer_cert_chain 3" +.TH SSL_get_peer_cert_chain 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_get_peer_cert_chain \- get the X509 certificate chain of the peer +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& STACKOF(X509) *SSL_get_peer_cert_chain(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_peer_cert_chain()\fR returns a pointer to STACKOF(X509) certificates +forming the certificate chain of the peer. If called on the client side, +the stack also contains the peer's certificate; if called on the server +side, the peer's certificate must be obtained separately using +SSL_get_peer_certificate(3). +If the peer did not present a certificate, \s-1NULL\s0 is returned. +.SH "NOTES" +.IX Header "NOTES" +The peer certificate chain is not necessarily available after reusing +a session, in which case a \s-1NULL\s0 pointer is returned. +.PP +The reference count of the STACKOF(X509) object is not incremented. +If the corresponding session is freed, the pointer must not be used +any longer. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.Ip "\s-1NULL\s0" 4 +.IX Item "NULL" +No certificate was presented by the peer or no connection was established +or the certificate chain is no longer available when a session is reused. +.Ip "Pointer to a STACKOF(X509)" 4 +.IX Item "Pointer to a STACKOF(X509)" +The return value points to the certificate chain presented by the peer. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_get_peer_certificate(3) diff --git a/secure/lib/libssl/man/SSL_get_peer_certificate.3 b/secure/lib/libssl/man/SSL_get_peer_certificate.3 new file mode 100644 index 0000000..471b5ba --- /dev/null +++ b/secure/lib/libssl/man/SSL_get_peer_certificate.3 @@ -0,0 +1,184 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:35:18 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_get_peer_certificate 3" +.TH SSL_get_peer_certificate 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_get_peer_certificate \- get the X509 certificate of the peer +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& X509 *SSL_get_peer_certificate(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_peer_certificate()\fR returns a pointer to the X509 certificate the +peer presented. If the peer did not present a certificate, \s-1NULL\s0 is returned. +.SH "NOTES" +.IX Header "NOTES" +Due to the protocol definition, a \s-1TLS/SSL\s0 server will always send a +certificate, if present. A client will only send a certificate when +explicitly requested to do so by the server (see +SSL_CTX_set_verify(3)). If an anonymous cipher +is used, no certificates are sent. +.PP +That a certificate is returned does not indicate information about the +verification state, use SSL_get_verify_result(3) +to check the verification state. +.PP +The reference count of the X509 object is incremented by one, so that it +will not be destroyed when the session containing the peer certificate is +freed. The X509 object must be explicitly freed using \fIX509_free()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.Ip "\s-1NULL\s0" 4 +.IX Item "NULL" +No certificate was presented by the peer or no connection was established. +.Ip "Pointer to an X509 certificate" 4 +.IX Item "Pointer to an X509 certificate" +The return value points to the certificate presented by the peer. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_get_verify_result(3), +SSL_CTX_set_verify(3) diff --git a/secure/lib/libssl/man/SSL_get_rbio.3 b/secure/lib/libssl/man/SSL_get_rbio.3 new file mode 100644 index 0000000..cc3f416 --- /dev/null +++ b/secure/lib/libssl/man/SSL_get_rbio.3 @@ -0,0 +1,170 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:35:18 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_get_rbio 3" +.TH SSL_get_rbio 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_get_rbio \- get \s-1BIO\s0 linked to an \s-1SSL\s0 object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 2 +\& BIO *SSL_get_rbio(SSL *ssl); +\& BIO *SSL_get_wbio(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_rbio()\fR and \fISSL_get_wbio()\fR return pointers to the BIOs for the +read or the write channel, which can be different. The reference count +of the \s-1BIO\s0 is not incremented. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.Ip "\s-1NULL\s0" 4 +.IX Item "NULL" +No \s-1BIO\s0 was connected to the \s-1SSL\s0 object +.Ip "Any other pointer" 4 +.IX Item "Any other pointer" +The \s-1BIO\s0 linked to \fBssl\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +SSL_set_bio(3), ssl(3) , bio(3) diff --git a/secure/lib/libssl/man/SSL_get_session.3 b/secure/lib/libssl/man/SSL_get_session.3 new file mode 100644 index 0000000..49b5342 --- /dev/null +++ b/secure/lib/libssl/man/SSL_get_session.3 @@ -0,0 +1,202 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:35:19 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_get_session 3" +.TH SSL_get_session 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_get_session \- retrieve \s-1TLS/SSL\s0 session data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 3 +\& SSL_SESSION *SSL_get_session(SSL *ssl); +\& SSL_SESSION *SSL_get0_session(SSL *ssl); +\& SSL_SESSION *SSL_get1_session(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_session()\fR returns a pointer to the \fB\s-1SSL_SESSION\s0\fR actually used in +\&\fBssl\fR. The reference count of the \fB\s-1SSL_SESSION\s0\fR is not incremented, so +that the pointer can become invalid by other operations. +.PP +\&\fISSL_get0_session()\fR is the same as \fISSL_get_session()\fR. +.PP +\&\fISSL_get1_session()\fR is the same as \fISSL_get_session()\fR, but the reference +count of the \fB\s-1SSL_SESSION\s0\fR is incremented by one. +.SH "NOTES" +.IX Header "NOTES" +The ssl session contains all information required to re-establish the +connection without a new handshake. +.PP +\&\fISSL_get0_session()\fR returns a pointer to the actual session. As the +reference counter is not incremented, the pointer is only valid while +the connection is in use. If SSL_clear(3) or +SSL_free(3) is called, the session may be removed completely +(if considered bad), and the pointer obtained will become invalid. Even +if the session is valid, it can be removed at any time due to timeout +during SSL_CTX_flush_sessions(3). +.PP +If the data is to be kept, \fISSL_get1_session()\fR will increment the reference +count, so that the session will not be implicitly removed by other operations +but stays in memory. In order to remove the session +SSL_SESSION_free(3) must be explicitly called once +to decrement the reference count again. +.PP +\&\s-1SSL_SESSION\s0 objects keep internal link information about the session cache +list, when being inserted into one \s-1SSL_CTX\s0 object's session cache. +One \s-1SSL_SESSION\s0 object, regardless of its reference count, must therefore +only be used with one \s-1SSL_CTX\s0 object (and the \s-1SSL\s0 objects created +from this \s-1SSL_CTX\s0 object). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.Ip "\s-1NULL\s0" 4 +.IX Item "NULL" +There is no session available in \fBssl\fR. +.Ip "Pointer to an \s-1SSL\s0" 4 +.IX Item "Pointer to an SSL" +The return value points to the data of an \s-1SSL\s0 session. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_free(3), +SSL_clear(3), +SSL_SESSION_free(3) diff --git a/secure/lib/libssl/man/SSL_get_verify_result.3 b/secure/lib/libssl/man/SSL_get_verify_result.3 new file mode 100644 index 0000000..8a3654d --- /dev/null +++ b/secure/lib/libssl/man/SSL_get_verify_result.3 @@ -0,0 +1,185 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:35:20 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_get_verify_result 3" +.TH SSL_get_verify_result 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_get_verify_result \- get result of peer certificate verification +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& long SSL_get_verify_result(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_verify_result()\fR returns the result of the verification of the +X509 certificate presented by the peer, if any. +.SH "NOTES" +.IX Header "NOTES" +\&\fISSL_get_verify_result()\fR can only return one error code while the verification +of a certificate can fail because of many reasons at the same time. Only +the last verification error that occurred during the processing is available +from \fISSL_get_verify_result()\fR. +.PP +The verification result is part of the established session and is restored +when a session is reused. +.SH "BUGS" +.IX Header "BUGS" +If no peer certificate was presented, the returned result code is +X509_V_OK. This is because no verification error occurred, it does however +not indicate success. \fISSL_get_verify_result()\fR is only useful in connection +with SSL_get_peer_certificate(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can currently occur: +.Ip "X509_V_OK" 4 +.IX Item "X509_V_OK" +The verification succeeded or no peer certificate was presented. +.Ip "Any other value" 4 +.IX Item "Any other value" +Documented in verify(1). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_set_verify_result(3), +SSL_get_peer_certificate(3), +verify(1) diff --git a/secure/lib/libssl/man/SSL_get_version.3 b/secure/lib/libssl/man/SSL_get_version.3 new file mode 100644 index 0000000..8ea668a --- /dev/null +++ b/secure/lib/libssl/man/SSL_get_version.3 @@ -0,0 +1,174 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:35:21 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_get_version 3" +.TH SSL_get_version 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_get_version \- get the protocol version of a connection. +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& const char *SSL_get_version(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_cipher_version()\fR returns the name of the protocol used for the +connection \fBssl\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following strings can occur: +.Ip "SSLv2" 4 +.IX Item "SSLv2" +The connection uses the SSLv2 protocol. +.Ip "SSLv3" 4 +.IX Item "SSLv3" +The connection uses the SSLv3 protocol. +.Ip "TLSv1" 4 +.IX Item "TLSv1" +The connection uses the TLSv1 protocol. +.Ip "unknown" 4 +.IX Item "unknown" +This indicates that no version has been set (no connection established). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3) diff --git a/secure/lib/libssl/man/SSL_library_init.3 b/secure/lib/libssl/man/SSL_library_init.3 new file mode 100644 index 0000000..28422c6 --- /dev/null +++ b/secure/lib/libssl/man/SSL_library_init.3 @@ -0,0 +1,187 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:35:22 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_library_init 3" +.TH SSL_library_init 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_library_init, OpenSSL_add_ssl_algorithms, SSLeay_add_ssl_algorithms +\&\- initialize \s-1SSL\s0 library by registering algorithms +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 3 +\& int SSL_library_init(void); +\& #define OpenSSL_add_ssl_algorithms() SSL_library_init() +\& #define SSLeay_add_ssl_algorithms() SSL_library_init() +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_library_init()\fR registers the available ciphers and digests. +.PP +\&\fIOpenSSL_add_ssl_algorithms()\fR and \fISSLeay_add_ssl_algorithms()\fR are synonyms +for \fISSL_library_init()\fR. +.SH "NOTES" +.IX Header "NOTES" +\&\fISSL_library_init()\fR must be called before any other action takes place. +.SH "WARNING" +.IX Header "WARNING" +\&\fISSL_library_init()\fR only registers ciphers. Another important initialization +is the seeding of the \s-1PRNG\s0 (Pseudo Random Number Generator), which has to +be performed separately. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +A typical \s-1TLS/SSL\s0 application will start with the library initialization, +will provide readable error messages and will seed the \s-1PRNG\s0. +.PP +.Vb 3 +\& SSL_load_error_strings(); /* readable error messages */ +\& SSL_library_init(); /* initialize library */ +\& actions_to_seed_PRNG(); +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_library_init()\fR always returns \*(L"1\*(R", so it is safe to discard the return +value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_load_error_strings(3), +RAND_add(3) diff --git a/secure/lib/libssl/man/SSL_load_client_CA_file.3 b/secure/lib/libssl/man/SSL_load_client_CA_file.3 new file mode 100644 index 0000000..aa545bc --- /dev/null +++ b/secure/lib/libssl/man/SSL_load_client_CA_file.3 @@ -0,0 +1,193 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:35:23 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_load_client_CA_file 3" +.TH SSL_load_client_CA_file 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_load_client_CA_file \- load certificate names from file +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_load_client_CA_file()\fR reads certificates from \fBfile\fR and returns +a STACK_OF(X509_NAME) with the subject names found. +.SH "NOTES" +.IX Header "NOTES" +\&\fISSL_load_client_CA_file()\fR reads a file of \s-1PEM\s0 formatted certificates and +extracts the X509_NAMES of the certificates found. While the name suggests +the specific usage as support function for +SSL_CTX_set_client_CA_list(3), +it is not limited to \s-1CA\s0 certificates. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Load names of CAs from file and use it as a client \s-1CA\s0 list: +.PP +.Vb 2 +\& SSL_CTX *ctx; +\& STACK_OF(X509_NAME) *cert_names; +.Ve +.Vb 7 +\& ... +\& cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem"); +\& if (cert_names != NULL) +\& SSL_CTX_set_client_CA_list(ctx, cert_names); +\& else +\& error_handling(); +\& ... +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.Ip "\s-1NULL\s0" 4 +.IX Item "NULL" +The operation failed, check out the error stack for the reason. +.Ip "Pointer to STACK_OF(X509_NAME)" 4 +.IX Item "Pointer to STACK_OF(X509_NAME)" +Pointer to the subject names of the successfully read certificates. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), +SSL_CTX_set_client_CA_list(3) diff --git a/secure/lib/libssl/man/SSL_new.3 b/secure/lib/libssl/man/SSL_new.3 new file mode 100644 index 0000000..588900c --- /dev/null +++ b/secure/lib/libssl/man/SSL_new.3 @@ -0,0 +1,174 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:35:24 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_new 3" +.TH SSL_new 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_new \- create a new \s-1SSL\s0 structure for a connection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& SSL *SSL_new(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_new()\fR creates a new \fB\s-1SSL\s0\fR structure which is needed to hold the +data for a \s-1TLS/SSL\s0 connection. The new structure inherits the settings +of the underlying context \fBctx\fR: connection method (SSLv2/v3/TLSv1), +options, verification settings, timeout settings. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.Ip "\s-1NULL\s0" 4 +.IX Item "NULL" +The creation of a new \s-1SSL\s0 structure failed. Check the error stack to +find out the reason. +.Ip "Pointer to an \s-1SSL\s0 structure" 4 +.IX Item "Pointer to an SSL structure" +The return value points to an allocated \s-1SSL\s0 structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +SSL_free(3), SSL_clear(3), +SSL_CTX_set_options(3), +SSL_get_SSL_CTX(3), +ssl(3) diff --git a/secure/lib/libssl/man/SSL_pending.3 b/secure/lib/libssl/man/SSL_pending.3 new file mode 100644 index 0000000..a5f0a0c --- /dev/null +++ b/secure/lib/libssl/man/SSL_pending.3 @@ -0,0 +1,177 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:35:25 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_pending 3" +.TH SSL_pending 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_pending \- obtain number of readable bytes buffered in an \s-1SSL\s0 object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& int SSL_pending(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_pending()\fR returns the number of bytes which are available inside +\&\fBssl\fR for immediate read. +.SH "NOTES" +.IX Header "NOTES" +Data are received in blocks from the peer. Therefore data can be buffered +inside \fBssl\fR and are ready for immediate retrieval with +SSL_read(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The number of bytes pending is returned. +.SH "BUGS" +.IX Header "BUGS" +\&\fISSL_pending()\fR takes into account only bytes from the \s-1TLS/SSL\s0 record +that is currently being processed (if any). If the \fB\s-1SSL\s0\fR object's +\&\fIread_ahead\fR flag is set, additional protocol bytes may have been +read containing more \s-1TLS/SSL\s0 records; these are ignored by +\&\fISSL_pending()\fR. +.PP +Up to OpenSSL 0.9.6, \fISSL_pending()\fR does not check if the record type +of pending data is application data. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +SSL_read(3), ssl(3) diff --git a/secure/lib/libssl/man/SSL_read.3 b/secure/lib/libssl/man/SSL_read.3 new file mode 100644 index 0000000..f94ed5e --- /dev/null +++ b/secure/lib/libssl/man/SSL_read.3 @@ -0,0 +1,244 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:35:26 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_read 3" +.TH SSL_read 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_read \- read bytes from a \s-1TLS/SSL\s0 connection. +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& int SSL_read(SSL *ssl, void *buf, int num); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_read()\fR tries to read \fBnum\fR bytes from the specified \fBssl\fR into the +buffer \fBbuf\fR. +.SH "NOTES" +.IX Header "NOTES" +If necessary, \fISSL_read()\fR will negotiate a \s-1TLS/SSL\s0 session, if +not already explicitly performed by SSL_connect(3) or +SSL_accept(3). If the +peer requests a re-negotiation, it will be performed transparently during +the \fISSL_read()\fR operation. The behaviour of \fISSL_read()\fR depends on the +underlying \s-1BIO\s0. +.PP +For the transparent negotiation to succeed, the \fBssl\fR must have been +initialized to client or server mode. This is being done by calling +SSL_set_connect_state(3) or \fISSL_set_accept_state()\fR +before the first call to an \fISSL_read()\fR or SSL_write(3) +function. +.PP +\&\fISSL_read()\fR works based on the \s-1SSL/TLS\s0 records. The data are received in +records (with a maximum record size of 16kB for SSLv3/TLSv1). Only when a +record has been completely received, it can be processed (decryption and +check of integrity). Therefore data that was not retrieved at the last +call of \fISSL_read()\fR can still be buffered inside the \s-1SSL\s0 layer and will be +retrieved on the next call to \fISSL_read()\fR. If \fBnum\fR is higher than the +number of bytes buffered, \fISSL_read()\fR will return with the bytes buffered. +If no more bytes are in the buffer, \fISSL_read()\fR will trigger the processing +of the next record. Only when the record has been received and processed +completely, \fISSL_read()\fR will return reporting success. At most the contents +of the record will be returned. As the size of an \s-1SSL/TLS\s0 record may exceed +the maximum packet size of the underlying transport (e.g. \s-1TCP\s0), it may +be necessary to read several packets from the transport layer before the +record is complete and \fISSL_read()\fR can succeed. +.PP +If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_read()\fR will only return, once the +read operation has been finished or an error occurred, except when a +renegotiation take place, in which case a \s-1SSL_ERROR_WANT_READ\s0 may occur. +This behaviour can be controlled with the \s-1SSL_MODE_AUTO_RETRY\s0 flag of the +SSL_CTX_set_mode(3) call. +.PP +If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_read()\fR will also return +when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_read()\fR +to continue the operation. In this case a call to +SSL_get_error(3) with the +return value of \fISSL_read()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. As at any time a re-negotiation is possible, a +call to \fISSL_read()\fR can also cause write operations! The calling process +then must repeat the call after taking appropriate action to satisfy the +needs of \fISSL_read()\fR. The action depends on the underlying \s-1BIO\s0. When using a +non-blocking socket, nothing is to be done, but \fIselect()\fR can be used to check +for the required condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data +must be written into or retrieved out of the \s-1BIO\s0 before being able to continue. +.SH "WARNING" +.IX Header "WARNING" +When an \fISSL_read()\fR operation has to be repeated because of +\&\fB\s-1SSL_ERROR_WANT_READ\s0\fR or \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR, it must be repeated +with the same arguments. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.Ip ">0" 4 +.IX Item ">0" +The read operation was successful; the return value is the number of +bytes actually read from the \s-1TLS/SSL\s0 connection. +.Ip "0" 4 +The read operation was not successful. The reason may either be a clean +shutdown due to a \*(L"close notify\*(R" alert sent by the peer (in which case +the \s-1SSL_RECEIVED_SHUTDOWN\s0 flag in the ssl shutdown state is set +(see SSL_shutdown(3), +SSL_set_shutdown(3)). It is also possible, that +the peer simply shut down the underlying transport and the shutdown is +incomplete. Call \fISSL_get_error()\fR with the return value \fBret\fR to find out, +whether an error occurred or the connection was shut down cleanly +(\s-1SSL_ERROR_ZERO_RETURN\s0). +.Sp +SSLv2 (deprecated) does not support a shutdown alert protocol, so it can +only be detected, whether the underlying connection was closed. It cannot +be checked, whether the closure was initiated by the peer or by something +else. +.Ip "<0" 4 +.IX Item "<0" +The read operation was not successful, because either an error occurred +or action must be taken by the calling process. Call \fISSL_get_error()\fR with the +return value \fBret\fR to find out the reason. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +SSL_get_error(3), SSL_write(3), +SSL_CTX_set_mode(3), SSL_CTX_new(3), +SSL_connect(3), SSL_accept(3) +SSL_set_connect_state(3), +SSL_shutdown(3), SSL_set_shutdown(3), +ssl(3), bio(3) diff --git a/secure/lib/libssl/man/SSL_rstate_string.3 b/secure/lib/libssl/man/SSL_rstate_string.3 new file mode 100644 index 0000000..3eabd62 --- /dev/null +++ b/secure/lib/libssl/man/SSL_rstate_string.3 @@ -0,0 +1,190 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:35:27 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_rstate_string 3" +.TH SSL_rstate_string 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_rstate_string, SSL_rstate_string_long \- get textual description of state of an \s-1SSL\s0 object during read operation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 2 +\& const char *SSL_rstate_string(SSL *ssl); +\& const char *SSL_rstate_string_long(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_rstate_string()\fR returns a 2 letter string indicating the current read state +of the \s-1SSL\s0 object \fBssl\fR. +.PP +\&\fISSL_rstate_string_long()\fR returns a string indicating the current read state of +the \s-1SSL\s0 object \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +When performing a read operation, the \s-1SSL/TLS\s0 engine must parse the record, +consisting of header and body. When working in a blocking environment, +SSL_rstate_string[_long]() should always return \*(L"\s-1RD\s0\*(R"/\*(L"read done\*(R". +.PP +This function should only seldom be needed in applications. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_rstate_string()\fR and \fISSL_rstate_string_long()\fR can return the following +values: +.if n .Ip """""\s-1RH\s0""""/""""read header""""" 4 +.el .Ip "``\s-1RH\s0''/``read header''" 4 +.IX Item ""RH/read header" +The header of the record is being evaluated. +.if n .Ip """""\s-1RB\s0""""/""""read body""""" 4 +.el .Ip "``\s-1RB\s0''/``read body''" 4 +.IX Item ""RB/read body" +The body of the record is being evaluated. +.if n .Ip """""\s-1RD\s0""""/""""read done""""" 4 +.el .Ip "``\s-1RD\s0''/``read done''" 4 +.IX Item ""RD/read done" +The record has been completely processed. +.if n .Ip """""unknown""""/""""unknown""""" 4 +.el .Ip "``unknown''/``unknown''" 4 +.IX Item ""unknown/unknown" +The read state is unknown. This should never happen. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3) diff --git a/secure/lib/libssl/man/SSL_session_reused.3 b/secure/lib/libssl/man/SSL_session_reused.3 new file mode 100644 index 0000000..3511b36 --- /dev/null +++ b/secure/lib/libssl/man/SSL_session_reused.3 @@ -0,0 +1,173 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:35:28 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_session_reused 3" +.TH SSL_session_reused 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_session_reused \- query whether a reused session was negotiated during handshake +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& int SSL_session_reused(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Query, whether a reused session was negotiated during the handshake. +.SH "NOTES" +.IX Header "NOTES" +During the negotiation, a client can propose to reuse a session. The server +then looks up the session in its cache. If both client and server agree +on the session, it will be reused and a flag is being set that can be +queried by the application. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.Ip "0" 4 +A new session was negotiated. +.Ip "1" 4 +.IX Item "1" +A session was reused. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_set_session(3), +SSL_CTX_set_session_cache_mode(3) diff --git a/secure/lib/libssl/man/SSL_set_bio.3 b/secure/lib/libssl/man/SSL_set_bio.3 new file mode 100644 index 0000000..6d59eae --- /dev/null +++ b/secure/lib/libssl/man/SSL_set_bio.3 @@ -0,0 +1,170 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:35:29 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_set_bio 3" +.TH SSL_set_bio 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_set_bio \- connect the \s-1SSL\s0 object with a \s-1BIO\s0 +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_set_bio()\fR connects the BIOs \fBrbio\fR and \fBwbio\fR for the read and write +operations of the \s-1TLS/SSL\s0 (encrypted) side of \fBssl\fR. +.PP +The \s-1SSL\s0 engine inherits the behaviour of \fBrbio\fR and \fBwbio\fR, respectively. +If a \s-1BIO\s0 is non-blocking, the \fBssl\fR will also have non-blocking behaviour. +.PP +If there was already a \s-1BIO\s0 connected to \fBssl\fR, \fIBIO_free()\fR will be called +(for both the reading and writing side, if different). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_set_bio()\fR cannot fail. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +SSL_get_rbio(3), +SSL_connect(3), SSL_accept(3), +SSL_shutdown(3), ssl(3), bio(3) diff --git a/secure/lib/libssl/man/SSL_set_connect_state.3 b/secure/lib/libssl/man/SSL_set_connect_state.3 new file mode 100644 index 0000000..0d0e063 --- /dev/null +++ b/secure/lib/libssl/man/SSL_set_connect_state.3 @@ -0,0 +1,191 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:35:30 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_set_connect_state 3" +.TH SSL_set_connect_state 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_set_connect_state, SSL_get_accept_state \- prepare \s-1SSL\s0 object to work in client or server mode +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& void SSL_set_connect_state(SSL *ssl); +.Ve +.Vb 1 +\& void SSL_set_accept_state(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_set_connect_state()\fR sets \fBssl\fR to work in client mode. +.PP +\&\fISSL_set_accept_state()\fR sets \fBssl\fR to work in server mode. +.SH "NOTES" +.IX Header "NOTES" +When the \s-1SSL_CTX\s0 object was created with SSL_CTX_new(3), +it was either assigned a dedicated client method, a dedicated server +method, or a generic method, that can be used for both client and +server connections. (The method might have been changed with +SSL_CTX_set_ssl_version(3) or +\&\fISSL_set_ssl_method()\fR.) +.PP +When beginning a new handshake, the \s-1SSL\s0 engine must know whether it must +call the connect (client) or accept (server) routines. Even though it may +be clear from the method chosen, whether client or server mode was +requested, the handshake routines must be explicitly set. +.PP +When using the SSL_connect(3) or +SSL_accept(3) routines, the correct handshake +routines are automatically set. When performing a transparent negotiation +using SSL_write(3) or SSL_read(3), the +handshake routines must be explicitly set in advance using either +\&\fISSL_set_connect_state()\fR or \fISSL_set_accept_state()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_set_connect_state()\fR and \fISSL_set_accept_state()\fR do not return diagnostic +information. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_new(3), SSL_CTX_new(3), +SSL_connect(3), SSL_accept(3), +SSL_write(3), SSL_read(3), +SSL_do_handshake(3), +SSL_CTX_set_ssl_version(3) diff --git a/secure/lib/libssl/man/SSL_set_fd.3 b/secure/lib/libssl/man/SSL_set_fd.3 new file mode 100644 index 0000000..fce5274 --- /dev/null +++ b/secure/lib/libssl/man/SSL_set_fd.3 @@ -0,0 +1,183 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:35:31 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_set_fd 3" +.TH SSL_set_fd 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_set_fd \- connect the \s-1SSL\s0 object with a file descriptor +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 3 +\& int SSL_set_fd(SSL *ssl, int fd); +\& int SSL_set_rfd(SSL *ssl, int fd); +\& int SSL_set_wfd(SSL *ssl, int fd); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_set_fd()\fR sets the file descriptor \fBfd\fR as the input/output facility +for the \s-1TLS/SSL\s0 (encrypted) side of \fBssl\fR. \fBfd\fR will typically be the +socket file descriptor of a network connection. +.PP +When performing the operation, a \fBsocket \s-1BIO\s0\fR is automatically created to +interface between the \fBssl\fR and \fBfd\fR. The \s-1BIO\s0 and hence the \s-1SSL\s0 engine +inherit the behaviour of \fBfd\fR. If \fBfd\fR is non-blocking, the \fBssl\fR will +also have non-blocking behaviour. +.PP +If there was already a \s-1BIO\s0 connected to \fBssl\fR, \fIBIO_free()\fR will be called +(for both the reading and writing side, if different). +.PP +\&\fISSL_set_rfd()\fR and \fISSL_set_wfd()\fR perform the respective action, but only +for the read channel or the write channel, which can be set independently. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.Ip "0" 4 +The operation failed. Check the error stack to find out why. +.Ip "1" 4 +.IX Item "1" +The operation succeeded. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +SSL_get_fd(3), SSL_set_bio(3), +SSL_connect(3), SSL_accept(3), +SSL_shutdown(3), ssl(3) , bio(3) diff --git a/secure/lib/libssl/man/SSL_set_session.3 b/secure/lib/libssl/man/SSL_set_session.3 new file mode 100644 index 0000000..d42f4d3 --- /dev/null +++ b/secure/lib/libssl/man/SSL_set_session.3 @@ -0,0 +1,185 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:35:31 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_set_session 3" +.TH SSL_set_session 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_set_session \- set a \s-1TLS/SSL\s0 session to be used during \s-1TLS/SSL\s0 connect +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& int SSL_set_session(SSL *ssl, SSL_SESSION *session); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_set_session()\fR sets \fBsession\fR to be used when the \s-1TLS/SSL\s0 connection +is to be established. \fISSL_set_session()\fR is only useful for \s-1TLS/SSL\s0 clients. +When the session is set, the reference count of \fBsession\fR is incremented +by 1. If the session is not reused, the reference count is decremented +again during \fISSL_connect()\fR. Whether the session was reused can be queried +with the SSL_session_reused(3) call. +.PP +If there is already a session set inside \fBssl\fR (because it was set with +\&\fISSL_set_session()\fR before or because the same \fBssl\fR was already used for +a connection), \fISSL_SESSION_free()\fR will be called for that session. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1SSL_SESSION\s0 objects keep internal link information about the session cache +list, when being inserted into one \s-1SSL_CTX\s0 object's session cache. +One \s-1SSL_SESSION\s0 object, regardless of its reference count, must therefore +only be used with one \s-1SSL_CTX\s0 object (and the \s-1SSL\s0 objects created +from this \s-1SSL_CTX\s0 object). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.Ip "0" 4 +The operation failed; check the error stack to find out the reason. +.Ip "1" 4 +.IX Item "1" +The operation succeeded. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_SESSION_free(3), +SSL_get_session(3), +SSL_session_reused(3), +SSL_CTX_set_session_cache_mode(3) diff --git a/secure/lib/libssl/man/SSL_set_shutdown.3 b/secure/lib/libssl/man/SSL_set_shutdown.3 new file mode 100644 index 0000000..0b14492 --- /dev/null +++ b/secure/lib/libssl/man/SSL_set_shutdown.3 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:35:32 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_set_shutdown 3" +.TH SSL_set_shutdown 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_set_shutdown, SSL_get_shutdown \- manipulate shutdown state of an \s-1SSL\s0 connection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& void SSL_set_shutdown(SSL *ssl, int mode); +.Ve +.Vb 1 +\& int SSL_get_shutdown(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_set_shutdown()\fR sets the shutdown state of \fBssl\fR to \fBmode\fR. +.PP +\&\fISSL_get_shutdown()\fR returns the shutdown mode of \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +The shutdown state of an ssl connection is a bitmask of: +.Ip "0" 4 +No shutdown setting, yet. +.Ip "\s-1SSL_SENT_SHUTDOWN\s0" 4 +.IX Item "SSL_SENT_SHUTDOWN" +A \*(L"close notify\*(R" shutdown alert was sent to the peer, the connection is being +considered closed and the session is closed and correct. +.Ip "\s-1SSL_RECEIVED_SHUTDOWN\s0" 4 +.IX Item "SSL_RECEIVED_SHUTDOWN" +A shutdown alert was received form the peer, either a normal \*(L"close notify\*(R" +or a fatal error. +.PP +\&\s-1SSL_SENT_SHUTDOWN\s0 and \s-1SSL_RECEIVED_SHUTDOWN\s0 can be set at the same time. +.PP +The shutdown state of the connection is used to determine the state of +the ssl session. If the session is still open, when +SSL_clear(3) or SSL_free(3) is called, +it is considered bad and removed according to \s-1RFC2246\s0. +The actual condition for a correctly closed session is \s-1SSL_SENT_SHUTDOWN\s0 +(according to the \s-1TLS\s0 \s-1RFC\s0, it is acceptable to only send the \*(L"close notify\*(R" +alert but to not wait for the peer's answer, when the underlying connection +is closed). +\&\fISSL_set_shutdown()\fR can be used to set this state without sending a +close alert to the peer (see SSL_shutdown(3)). +.PP +If a \*(L"close notify\*(R" was received, \s-1SSL_RECEIVED_SHUTDOWN\s0 will be set, +for setting \s-1SSL_SENT_SHUTDOWN\s0 the application must however still call +SSL_shutdown(3) or \fISSL_set_shutdown()\fR itself. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_set_shutdown()\fR does not return diagnostic information. +.PP +\&\fISSL_get_shutdown()\fR returns the current setting. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_shutdown(3), +SSL_CTX_set_quiet_shutdown(3), +SSL_clear(3), SSL_free(3) diff --git a/secure/lib/libssl/man/SSL_set_verify_result.3 b/secure/lib/libssl/man/SSL_set_verify_result.3 new file mode 100644 index 0000000..f4b7e34 --- /dev/null +++ b/secure/lib/libssl/man/SSL_set_verify_result.3 @@ -0,0 +1,173 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:35:33 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_set_verify_result 3" +.TH SSL_set_verify_result 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_set_verify_result \- override result of peer certificate verification +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& void SSL_set_verify_result(SSL *ssl, long verify_result); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_set_verify_result()\fR sets \fBverify_result\fR of the object \fBssl\fR to be the +result of the verification of the X509 certificate presented by the peer, +if any. +.SH "NOTES" +.IX Header "NOTES" +\&\fISSL_set_verify_result()\fR overrides the verification result. It only changes +the verification result of the \fBssl\fR object. It does not become part of the +established session, so if the session is to be reused later, the original +value will reappear. +.PP +The valid codes for \fBverify_result\fR are documented in verify(1). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_set_verify_result()\fR does not provide a return value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_get_verify_result(3), +SSL_get_peer_certificate(3), +verify(1) diff --git a/secure/lib/libssl/man/SSL_shutdown.3 b/secure/lib/libssl/man/SSL_shutdown.3 new file mode 100644 index 0000000..d83fe3c --- /dev/null +++ b/secure/lib/libssl/man/SSL_shutdown.3 @@ -0,0 +1,237 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:35:34 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_shutdown 3" +.TH SSL_shutdown 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_shutdown \- shut down a \s-1TLS/SSL\s0 connection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& int SSL_shutdown(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_shutdown()\fR shuts down an active \s-1TLS/SSL\s0 connection. It sends the +\&\*(L"close notify\*(R" shutdown alert to the peer. +.SH "NOTES" +.IX Header "NOTES" +\&\fISSL_shutdown()\fR tries to send the \*(L"close notify\*(R" shutdown alert to the peer. +Whether the operation succeeds or not, the \s-1SSL_SENT_SHUTDOWN\s0 flag is set and +a currently open session is considered closed and good and will be kept in the +session cache for further reuse. +.PP +The shutdown procedure consists of 2 steps: the sending of the \*(L"close notify\*(R" +shutdown alert and the reception of the peer's \*(L"close notify\*(R" shutdown +alert. According to the \s-1TLS\s0 standard, it is acceptable for an application +to only send its shutdown alert and then close the underlying connection +without waiting for the peer's response (this way resources can be saved, +as the process can already terminate or serve another connection). +When the underlying connection shall be used for more communications, the +complete shutdown procedure (bidirectional \*(L"close notify\*(R" alerts) must be +performed, so that the peers stay synchronized. +.PP +\&\fISSL_shutdown()\fR supports both uni- and bidirectional shutdown by its 2 step +behaviour. +.if n .Ip "When the application is the first party to send the """"close notify"""" alert, \fISSL_shutdown()\fR will only send the alert and the set the \s-1SSL_SENT_SHUTDOWN\s0 flag (so that the session is considered good and will be kept in cache). \fISSL_shutdown()\fR will then return with 0. If a unidirectional shutdown is enough (the underlying connection shall be closed anyway), this first call to \fISSL_shutdown()\fR is sufficient. In order to complete the bidirectional shutdown handshake, \fISSL_shutdown()\fR must be called again. The second call will make \fISSL_shutdown()\fR wait for the peer's """"close notify"""" shutdown alert. On success, the second call to \fISSL_shutdown()\fR will return with 1." 4 +.el .Ip "When the application is the first party to send the ``close notify'' alert, \fISSL_shutdown()\fR will only send the alert and the set the \s-1SSL_SENT_SHUTDOWN\s0 flag (so that the session is considered good and will be kept in cache). \fISSL_shutdown()\fR will then return with 0. If a unidirectional shutdown is enough (the underlying connection shall be closed anyway), this first call to \fISSL_shutdown()\fR is sufficient. In order to complete the bidirectional shutdown handshake, \fISSL_shutdown()\fR must be called again. The second call will make \fISSL_shutdown()\fR wait for the peer's ``close notify'' shutdown alert. On success, the second call to \fISSL_shutdown()\fR will return with 1." 4 +.IX Item "When the application is the first party to send the "close notify alert, SSL_shutdown() will only send the alert and the set the SSL_SENT_SHUTDOWN flag (so that the session is considered good and will be kept in cache). SSL_shutdown() will then return with 0. If a unidirectional shutdown is enough (the underlying connection shall be closed anyway), this first call to SSL_shutdown() is sufficient. In order to complete the bidirectional shutdown handshake, SSL_shutdown() must be called again. The second call will make SSL_shutdown() wait for the peer's close notify shutdown alert. On success, the second call to SSL_shutdown() will return with 1." +.PD 0 +.if n .Ip "If the peer already sent the """"close notify"""" alert \fBand\fR it was already processed implicitly inside another function (SSL_read(3)), the \s-1SSL_RECEIVED_SHUTDOWN\s0 flag is set. \fISSL_shutdown()\fR will send the """"close notify"""" alert, set the \s-1SSL_SENT_SHUTDOWN\s0 flag and will immediately return with 1. Whether \s-1SSL_RECEIVED_SHUTDOWN\s0 is already set can be checked using the \fISSL_get_shutdown()\fR (see also SSL_set_shutdown(3) call." 4 +.el .Ip "If the peer already sent the ``close notify'' alert \fBand\fR it was already processed implicitly inside another function (SSL_read(3)), the \s-1SSL_RECEIVED_SHUTDOWN\s0 flag is set. \fISSL_shutdown()\fR will send the ``close notify'' alert, set the \s-1SSL_SENT_SHUTDOWN\s0 flag and will immediately return with 1. Whether \s-1SSL_RECEIVED_SHUTDOWN\s0 is already set can be checked using the \fISSL_get_shutdown()\fR (see also SSL_set_shutdown(3) call." 4 +.IX Item "If the peer already sent the "close notify alert and it was already processed implicitly inside another function (SSL_read(3)), the SSL_RECEIVED_SHUTDOWN flag is set. SSL_shutdown() will send the close notify alert, set the SSL_SENT_SHUTDOWN flag and will immediately return with 1. Whether SSL_RECEIVED_SHUTDOWN is already set can be checked using the SSL_get_shutdown() (see also SSL_set_shutdown(3) call." +.PD +.PP +It is therefore recommended, to check the return value of \fISSL_shutdown()\fR +and call \fISSL_shutdown()\fR again, if the bidirectional shutdown is not yet +complete (return value of the first call is 0). As the shutdown is not +specially handled in the SSLv2 protocol, \fISSL_shutdown()\fR will succeed on +the first call. +.PP +The behaviour of \fISSL_shutdown()\fR additionally depends on the underlying \s-1BIO\s0. +.PP +If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_shutdown()\fR will only return once the +handshake step has been finished or an error occurred. +.PP +If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_shutdown()\fR will also return +when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_shutdown()\fR +to continue the handshake. In this case a call to \fISSL_get_error()\fR with the +return value of \fISSL_shutdown()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after +taking appropriate action to satisfy the needs of \fISSL_shutdown()\fR. +The action depends on the underlying \s-1BIO\s0. When using a non-blocking socket, +nothing is to be done, but \fIselect()\fR can be used to check for the required +condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data must be written +into or retrieved out of the \s-1BIO\s0 before being able to continue. +.PP +\&\fISSL_shutdown()\fR can be modified to only set the connection to \*(L"shutdown\*(R" +state but not actually send the \*(L"close notify\*(R" alert messages, +see SSL_CTX_set_quiet_shutdown(3). +When \*(L"quiet shutdown\*(R" is enabled, \fISSL_shutdown()\fR will always succeed +and return 1. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.Ip "1" 4 +.IX Item "1" +The shutdown was successfully completed. The \*(L"close notify\*(R" alert was sent +and the peer's \*(L"close notify\*(R" alert was received. +.Ip "0" 4 +The shutdown is not yet finished. Call \fISSL_shutdown()\fR for a second time, +if a bidirectional shutdown shall be performed. +The output of SSL_get_error(3) may be misleading, as an +erroneous \s-1SSL_ERROR_SYSCALL\s0 may be flagged even though no error occurred. +.Ip "\-1" 4 +.IX Item "-1" +The shutdown was not successful because a fatal error occurred either +at the protocol level or a connection failure occurred. It can also occur if +action is need to continue the operation for non-blocking BIOs. +Call SSL_get_error(3) with the return value \fBret\fR +to find out the reason. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +SSL_get_error(3), SSL_connect(3), +SSL_accept(3), SSL_set_shutdown(3), +SSL_CTX_set_quiet_shutdown(3), +SSL_clear(3), SSL_free(3), +ssl(3), bio(3) diff --git a/secure/lib/libssl/man/SSL_state_string.3 b/secure/lib/libssl/man/SSL_state_string.3 new file mode 100644 index 0000000..578ac6e --- /dev/null +++ b/secure/lib/libssl/man/SSL_state_string.3 @@ -0,0 +1,180 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:35:35 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_state_string 3" +.TH SSL_state_string 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_state_string, SSL_state_string_long \- get textual description of state of an \s-1SSL\s0 object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 2 +\& const char *SSL_state_string(SSL *ssl); +\& const char *SSL_state_string_long(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_state_string()\fR returns a 6 letter string indicating the current state +of the \s-1SSL\s0 object \fBssl\fR. +.PP +\&\fISSL_state_string_long()\fR returns a string indicating the current state of +the \s-1SSL\s0 object \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +During its use, an \s-1SSL\s0 objects passes several states. The state is internally +maintained. Querying the state information is not very informative before +or when a connection has been established. It however can be of significant +interest during the handshake. +.PP +When using non-blocking sockets, the function call performing the handshake +may return with \s-1SSL_ERROR_WANT_READ\s0 or \s-1SSL_ERROR_WANT_WRITE\s0 condition, +so that SSL_state_string[_long]() may be called. +.PP +For both blocking or non-blocking sockets, the details state information +can be used within the info_callback function set with the +\&\fISSL_set_info_callback()\fR call. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Detailed description of possible states to be included later. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_CTX_set_info_callback(3) diff --git a/secure/lib/libssl/man/SSL_want.3 b/secure/lib/libssl/man/SSL_want.3 new file mode 100644 index 0000000..a1cddcb --- /dev/null +++ b/secure/lib/libssl/man/SSL_want.3 @@ -0,0 +1,204 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:35:36 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_want 3" +.TH SSL_want 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, SSL_want_x509_lookup \- obtain state information \s-1TLS/SSL\s0 I/O operation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 5 +\& int SSL_want(SSL *ssl); +\& int SSL_want_nothing(SSL *ssl); +\& int SSL_want_read(SSL *ssl); +\& int SSL_want_write(SSL *ssl); +\& int SSL_want_x509_lookup(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_want()\fR returns state information for the \s-1SSL\s0 object \fBssl\fR. +.PP +The other SSL_want_*() calls are shortcuts for the possible states returned +by \fISSL_want()\fR. +.SH "NOTES" +.IX Header "NOTES" +\&\fISSL_want()\fR examines the internal state information of the \s-1SSL\s0 object. Its +return values are similar to that of SSL_get_error(3). +Unlike SSL_get_error(3), which also evaluates the +error queue, the results are obtained by examining an internal state flag +only. The information must therefore only be used for normal operation under +non-blocking I/O. Error conditions are not handled and must be treated +using SSL_get_error(3). +.PP +The result returned by \fISSL_want()\fR should always be consistent with +the result of SSL_get_error(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can currently occur for \fISSL_want()\fR: +.Ip "\s-1SSL_NOTHING\s0" 4 +.IX Item "SSL_NOTHING" +There is no data to be written or to be read. +.Ip "\s-1SSL_WRITING\s0" 4 +.IX Item "SSL_WRITING" +There are data in the \s-1SSL\s0 buffer that must be written to the underlying +\&\fB\s-1BIO\s0\fR layer in order to complete the actual SSL_*() operation. +A call to SSL_get_error(3) should return +\&\s-1SSL_ERROR_WANT_WRITE\s0. +.Ip "\s-1SSL_READING\s0" 4 +.IX Item "SSL_READING" +More data must be read from the underlying \fB\s-1BIO\s0\fR layer in order to +complete the actual SSL_*() operation. +A call to SSL_get_error(3) should return +\&\s-1SSL_ERROR_WANT_READ\s0. +.Ip "\s-1SSL_X509_LOOKUP\s0" 4 +.IX Item "SSL_X509_LOOKUP" +The operation did not complete because an application callback set by +\&\fISSL_CTX_set_client_cert_cb()\fR has asked to be called again. +A call to SSL_get_error(3) should return +\&\s-1SSL_ERROR_WANT_X509_LOOKUP\s0. +.PP +\&\fISSL_want_nothing()\fR, \fISSL_want_read()\fR, \fISSL_want_write()\fR, \fISSL_want_x509_lookup()\fR +return 1, when the corresponding condition is true or 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), err(3), SSL_get_error(3) diff --git a/secure/lib/libssl/man/SSL_write.3 b/secure/lib/libssl/man/SSL_write.3 new file mode 100644 index 0000000..0670668 --- /dev/null +++ b/secure/lib/libssl/man/SSL_write.3 @@ -0,0 +1,235 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:35:37 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_write 3" +.TH SSL_write 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_write \- write bytes to a \s-1TLS/SSL\s0 connection. +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& int SSL_write(SSL *ssl, const void *buf, int num); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_write()\fR writes \fBnum\fR bytes from the buffer \fBbuf\fR into the specified +\&\fBssl\fR connection. +.SH "NOTES" +.IX Header "NOTES" +If necessary, \fISSL_write()\fR will negotiate a \s-1TLS/SSL\s0 session, if +not already explicitly performed by SSL_connect(3) or +SSL_accept(3). If the +peer requests a re-negotiation, it will be performed transparently during +the \fISSL_write()\fR operation. The behaviour of \fISSL_write()\fR depends on the +underlying \s-1BIO\s0. +.PP +For the transparent negotiation to succeed, the \fBssl\fR must have been +initialized to client or server mode. This is being done by calling +SSL_set_connect_state(3) or \fISSL_set_accept_state()\fR +before the first call to an SSL_read(3) or \fISSL_write()\fR function. +.PP +If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_write()\fR will only return, once the +write operation has been finished or an error occurred, except when a +renegotiation take place, in which case a \s-1SSL_ERROR_WANT_READ\s0 may occur. +This behaviour can be controlled with the \s-1SSL_MODE_AUTO_RETRY\s0 flag of the +SSL_CTX_set_mode(3) call. +.PP +If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_write()\fR will also return, +when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_write()\fR +to continue the operation. In this case a call to +SSL_get_error(3) with the +return value of \fISSL_write()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. As at any time a re-negotiation is possible, a +call to \fISSL_write()\fR can also cause read operations! The calling process +then must repeat the call after taking appropriate action to satisfy the +needs of \fISSL_write()\fR. The action depends on the underlying \s-1BIO\s0. When using a +non-blocking socket, nothing is to be done, but \fIselect()\fR can be used to check +for the required condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data +must be written into or retrieved out of the \s-1BIO\s0 before being able to continue. +.PP +\&\fISSL_write()\fR will only return with success, when the complete contents +of \fBbuf\fR of length \fBnum\fR has been written. This default behaviour +can be changed with the \s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0 option of +SSL_CTX_set_mode(3). When this flag is set, +\&\fISSL_write()\fR will also return with success, when a partial write has been +successfully completed. In this case the \fISSL_write()\fR operation is considered +completed. The bytes are sent and a new \fISSL_write()\fR operation with a new +buffer (with the already sent bytes removed) must be started. +A partial write is performed with the size of a message block, which is +16kB for SSLv3/TLSv1. +.SH "WARNING" +.IX Header "WARNING" +When an \fISSL_write()\fR operation has to be repeated because of +\&\fB\s-1SSL_ERROR_WANT_READ\s0\fR or \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR, it must be repeated +with the same arguments. +.PP +When calling \fISSL_write()\fR with num=0 bytes to be sent the behaviour is +undefined. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.Ip ">0" 4 +.IX Item ">0" +The write operation was successful, the return value is the number of +bytes actually written to the \s-1TLS/SSL\s0 connection. +.Ip "0" 4 +The write operation was not successful. Probably the underlying connection +was closed. Call \fISSL_get_error()\fR with the return value \fBret\fR to find out, +whether an error occurred or the connection was shut down cleanly +(\s-1SSL_ERROR_ZERO_RETURN\s0). +.Sp +SSLv2 (deprecated) does not support a shutdown alert protocol, so it can +only be detected, whether the underlying connection was closed. It cannot +be checked, why the closure happened. +.Ip "<0" 4 +.IX Item "<0" +The write operation was not successful, because either an error occurred +or action must be taken by the calling process. Call \fISSL_get_error()\fR with the +return value \fBret\fR to find out the reason. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +SSL_get_error(3), SSL_read(3), +SSL_CTX_set_mode(3), SSL_CTX_new(3), +SSL_connect(3), SSL_accept(3) +SSL_set_connect_state(3), +ssl(3), bio(3) diff --git a/secure/lib/libssl/man/d2i_SSL_SESSION.3 b/secure/lib/libssl/man/d2i_SSL_SESSION.3 new file mode 100644 index 0000000..03c2239 --- /dev/null +++ b/secure/lib/libssl/man/d2i_SSL_SESSION.3 @@ -0,0 +1,201 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:35:38 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "d2i_SSL_SESSION 3" +.TH d2i_SSL_SESSION 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +d2i_SSL_SESSION, i2d_SSL_SESSION \- convert \s-1SSL_SESSION\s0 object from/to \s-1ASN1\s0 representation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 2 +\& SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp, long length); +\& int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fId2i_SSL_SESSION()\fR transforms the external \s-1ASN1\s0 representation of an \s-1SSL/TLS\s0 +session, stored as binary data at location \fBpp\fR with length \fBlength\fR, into +an \s-1SSL_SESSION\s0 object. +.PP +\&\fIi2d_SSL_SESSION()\fR transforms the \s-1SSL_SESSION\s0 object \fBin\fR into the \s-1ASN1\s0 +representation and stores it into the memory location pointed to by \fBpp\fR. +The length of the resulting \s-1ASN1\s0 representation is returned. If \fBpp\fR is +the \s-1NULL\s0 pointer, only the length is calculated and returned. +.SH "NOTES" +.IX Header "NOTES" +The \s-1SSL_SESSION\s0 object is built from several \fImalloc()\fRed parts, it can +therefore not be moved, copied or stored directly. In order to store +session data on disk or into a database, it must be transformed into +a binary \s-1ASN1\s0 representation. +.PP +When using \fId2i_SSL_SESSION()\fR, the \s-1SSL_SESSION\s0 object is automatically +allocated. The reference count is 1, so that the session must be +explicitly removed using SSL_SESSION_free(3), +unless the \s-1SSL_SESSION\s0 object is completely taken over, when being called +inside the \fIget_session_cb()\fR (see +SSL_CTX_sess_set_get_cb(3)). +.PP +\&\s-1SSL_SESSION\s0 objects keep internal link information about the session cache +list, when being inserted into one \s-1SSL_CTX\s0 object's session cache. +One \s-1SSL_SESSION\s0 object, regardless of its reference count, must therefore +only be used with one \s-1SSL_CTX\s0 object (and the \s-1SSL\s0 objects created +from this \s-1SSL_CTX\s0 object). +.PP +When using \fIi2d_SSL_SESSION()\fR, the memory location pointed to by \fBpp\fR must be +large enough to hold the binary representation of the session. There is no +known limit on the size of the created \s-1ASN1\s0 representation, so the necessary +amount of space should be obtained by first calling \fIi2d_SSL_SESSION()\fR with +\&\fBpp=NULL\fR, and obtain the size needed, then allocate the memory and +call \fIi2d_SSL_SESSION()\fR again. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fId2i_SSL_SESSION()\fR returns a pointer to the newly allocated \s-1SSL_SESSION\s0 +object. In case of failure the NULL-pointer is returned and the error message +can be retrieved from the error stack. +.PP +\&\fIi2d_SSL_SESSION()\fR returns the size of the \s-1ASN1\s0 representation in bytes. +When the session is not valid, \fB0\fR is returned and no operation is performed. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_SESSION_free(3), +SSL_CTX_sess_set_get_cb(3) diff --git a/secure/lib/libssl/man/ssl.3 b/secure/lib/libssl/man/ssl.3 new file mode 100644 index 0000000..cc05cd2 --- /dev/null +++ b/secure/lib/libssl/man/ssl.3 @@ -0,0 +1,814 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:35:39 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "ssl 3" +.TH ssl 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +\&\s-1SSL\s0 \- OpenSSL \s-1SSL/TLS\s0 library +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The OpenSSL \fBssl\fR library implements the Secure Sockets Layer (\s-1SSL\s0 v2/v3) and +Transport Layer Security (\s-1TLS\s0 v1) protocols. It provides a rich \s-1API\s0 which is +documented here. +.PP +At first the library must be initialized; see +SSL_library_init(3). +.PP +Then an \fB\s-1SSL_CTX\s0\fR object is created as a framework to establish +\&\s-1TLS/SSL\s0 enabled connections (see SSL_CTX_new(3)). +Various options regarding certificates, algorithms etc. can be set +in this object. +.PP +When a network connection has been created, it can be assigned to an +\&\fB\s-1SSL\s0\fR object. After the \fB\s-1SSL\s0\fR object has been created using +SSL_new(3), SSL_set_fd(3) or +SSL_set_bio(3) can be used to associate the network +connection with the object. +.PP +Then the \s-1TLS/SSL\s0 handshake is performed using +SSL_accept(3) or SSL_connect(3) +respectively. +SSL_read(3) and SSL_write(3) are used +to read and write data on the \s-1TLS/SSL\s0 connection. +SSL_shutdown(3) can be used to shut down the +\&\s-1TLS/SSL\s0 connection. +.SH "DATA STRUCTURES" +.IX Header "DATA STRUCTURES" +Currently the OpenSSL \fBssl\fR library functions deals with the following data +structures: +.Ip "\fB\s-1SSL_METHOD\s0\fR (\s-1SSL\s0 Method)" 4 +.IX Item "SSL_METHOD (SSL Method)" +That's a dispatch structure describing the internal \fBssl\fR library +methods/functions which implement the various protocol versions (SSLv1, SSLv2 +and TLSv1). It's needed to create an \fB\s-1SSL_CTX\s0\fR. +.Ip "\fB\s-1SSL_CIPHER\s0\fR (\s-1SSL\s0 Cipher)" 4 +.IX Item "SSL_CIPHER (SSL Cipher)" +This structure holds the algorithm information for a particular cipher which +are a core part of the \s-1SSL/TLS\s0 protocol. The available ciphers are configured +on a \fB\s-1SSL_CTX\s0\fR basis and the actually used ones are then part of the +\&\fB\s-1SSL_SESSION\s0\fR. +.Ip "\fB\s-1SSL_CTX\s0\fR (\s-1SSL\s0 Context)" 4 +.IX Item "SSL_CTX (SSL Context)" +That's the global context structure which is created by a server or client +once per program life-time and which holds mainly default values for the +\&\fB\s-1SSL\s0\fR structures which are later created for the connections. +.Ip "\fB\s-1SSL_SESSION\s0\fR (\s-1SSL\s0 Session)" 4 +.IX Item "SSL_SESSION (SSL Session)" +This is a structure containing the current \s-1TLS/SSL\s0 session details for a +connection: \fB\s-1SSL_CIPHER\s0\fRs, client and server certificates, keys, etc. +.Ip "\fB\s-1SSL\s0\fR (\s-1SSL\s0 Connection)" 4 +.IX Item "SSL (SSL Connection)" +That's the main \s-1SSL/TLS\s0 structure which is created by a server or client per +established connection. This actually is the core structure in the \s-1SSL\s0 \s-1API\s0. +Under run-time the application usually deals with this structure which has +links to mostly all other structures. +.SH "HEADER FILES" +.IX Header "HEADER FILES" +Currently the OpenSSL \fBssl\fR library provides the following C header files +containing the prototypes for the data structures and and functions: +.Ip "\fBssl.h\fR" 4 +.IX Item "ssl.h" +That's the common header file for the \s-1SSL/TLS\s0 \s-1API\s0. Include it into your +program to make the \s-1API\s0 of the \fBssl\fR library available. It internally +includes both more private \s-1SSL\s0 headers and headers from the \fBcrypto\fR library. +Whenever you need hard-core details on the internals of the \s-1SSL\s0 \s-1API\s0, look +inside this header file. +.Ip "\fBssl2.h\fR" 4 +.IX Item "ssl2.h" +That's the sub header file dealing with the SSLv2 protocol only. +\&\fIUsually you don't have to include it explicitly because +it's already included by ssl.h\fR. +.Ip "\fBssl3.h\fR" 4 +.IX Item "ssl3.h" +That's the sub header file dealing with the SSLv3 protocol only. +\&\fIUsually you don't have to include it explicitly because +it's already included by ssl.h\fR. +.Ip "\fBssl23.h\fR" 4 +.IX Item "ssl23.h" +That's the sub header file dealing with the combined use of the SSLv2 and +SSLv3 protocols. +\&\fIUsually you don't have to include it explicitly because +it's already included by ssl.h\fR. +.Ip "\fBtls1.h\fR" 4 +.IX Item "tls1.h" +That's the sub header file dealing with the TLSv1 protocol only. +\&\fIUsually you don't have to include it explicitly because +it's already included by ssl.h\fR. +.SH "API FUNCTIONS" +.IX Header "API FUNCTIONS" +Currently the OpenSSL \fBssl\fR library exports 214 \s-1API\s0 functions. +They are documented in the following: +.Sh "\s-1DEALING\s0 \s-1WITH\s0 \s-1PROTOCOL\s0 \s-1METHODS\s0" +.IX Subsection "DEALING WITH PROTOCOL METHODS" +Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 +protocol methods defined in \fB\s-1SSL_METHOD\s0\fR structures. +.Ip "\s-1SSL_METHOD\s0 *\fBSSLv2_client_method\fR(void);" 4 +.IX Item "SSL_METHOD *SSLv2_client_method(void);" +Constructor for the SSLv2 \s-1SSL_METHOD\s0 structure for a dedicated client. +.Ip "\s-1SSL_METHOD\s0 *\fBSSLv2_server_method\fR(void);" 4 +.IX Item "SSL_METHOD *SSLv2_server_method(void);" +Constructor for the SSLv2 \s-1SSL_METHOD\s0 structure for a dedicated server. +.Ip "\s-1SSL_METHOD\s0 *\fBSSLv2_method\fR(void);" 4 +.IX Item "SSL_METHOD *SSLv2_method(void);" +Constructor for the SSLv2 \s-1SSL_METHOD\s0 structure for combined client and server. +.Ip "\s-1SSL_METHOD\s0 *\fBSSLv3_client_method\fR(void);" 4 +.IX Item "SSL_METHOD *SSLv3_client_method(void);" +Constructor for the SSLv3 \s-1SSL_METHOD\s0 structure for a dedicated client. +.Ip "\s-1SSL_METHOD\s0 *\fBSSLv3_server_method\fR(void);" 4 +.IX Item "SSL_METHOD *SSLv3_server_method(void);" +Constructor for the SSLv3 \s-1SSL_METHOD\s0 structure for a dedicated server. +.Ip "\s-1SSL_METHOD\s0 *\fBSSLv3_method\fR(void);" 4 +.IX Item "SSL_METHOD *SSLv3_method(void);" +Constructor for the SSLv3 \s-1SSL_METHOD\s0 structure for combined client and server. +.Ip "\s-1SSL_METHOD\s0 *\fBTLSv1_client_method\fR(void);" 4 +.IX Item "SSL_METHOD *TLSv1_client_method(void);" +Constructor for the TLSv1 \s-1SSL_METHOD\s0 structure for a dedicated client. +.Ip "\s-1SSL_METHOD\s0 *\fBTLSv1_server_method\fR(void);" 4 +.IX Item "SSL_METHOD *TLSv1_server_method(void);" +Constructor for the TLSv1 \s-1SSL_METHOD\s0 structure for a dedicated server. +.Ip "\s-1SSL_METHOD\s0 *\fBTLSv1_method\fR(void);" 4 +.IX Item "SSL_METHOD *TLSv1_method(void);" +Constructor for the TLSv1 \s-1SSL_METHOD\s0 structure for combined client and server. +.Sh "\s-1DEALING\s0 \s-1WITH\s0 \s-1CIPHERS\s0" +.IX Subsection "DEALING WITH CIPHERS" +Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 +ciphers defined in \fB\s-1SSL_CIPHER\s0\fR structures. +.Ip "char *\fBSSL_CIPHER_description\fR(\s-1SSL_CIPHER\s0 *cipher, char *buf, int len);" 4 +.IX Item "char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len);" +Write a string to \fIbuf\fR (with a maximum size of \fIlen\fR) containing a human +readable description of \fIcipher\fR. Returns \fIbuf\fR. +.Ip "int \fBSSL_CIPHER_get_bits\fR(\s-1SSL_CIPHER\s0 *cipher, int *alg_bits);" 4 +.IX Item "int SSL_CIPHER_get_bits(SSL_CIPHER *cipher, int *alg_bits);" +Determine the number of bits in \fIcipher\fR. Because of export crippled ciphers +there are two bits: The bits the algorithm supports in general (stored to +\&\fIalg_bits\fR) and the bits which are actually used (the return value). +.Ip "const char *\fBSSL_CIPHER_get_name\fR(\s-1SSL_CIPHER\s0 *cipher);" 4 +.IX Item "const char *SSL_CIPHER_get_name(SSL_CIPHER *cipher);" +Return the internal name of \fIcipher\fR as a string. These are the various +strings defined by the \fISSL2_TXT_xxx\fR, \fISSL3_TXT_xxx\fR and \fITLS1_TXT_xxx\fR +definitions in the header files. +.Ip "char *\fBSSL_CIPHER_get_version\fR(\s-1SSL_CIPHER\s0 *cipher);" 4 +.IX Item "char *SSL_CIPHER_get_version(SSL_CIPHER *cipher);" +Returns a string like "\f(CW\*(C`TLSv1/SSLv3\*(C'\fR\*(L" or \*(R"\f(CW\*(C`SSLv2\*(C'\fR" which indicates the +\&\s-1SSL/TLS\s0 protocol version to which \fIcipher\fR belongs (i.e. where it was defined +in the specification the first time). +.Sh "\s-1DEALING\s0 \s-1WITH\s0 \s-1PROTOCOL\s0 \s-1CONTEXTS\s0" +.IX Subsection "DEALING WITH PROTOCOL CONTEXTS" +Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 +protocol context defined in the \fB\s-1SSL_CTX\s0\fR structure. +.Ip "int \fBSSL_CTX_add_client_CA\fR(\s-1SSL_CTX\s0 *ctx, X509 *x);" 4 +.IX Item "int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x);" +.PD 0 +.Ip "long \fBSSL_CTX_add_extra_chain_cert\fR(\s-1SSL_CTX\s0 *ctx, X509 *x509);" 4 +.IX Item "long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509);" +.Ip "int \fBSSL_CTX_add_session\fR(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *c);" 4 +.IX Item "int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c);" +.Ip "int \fBSSL_CTX_check_private_key\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_check_private_key(SSL_CTX *ctx);" +.Ip "long \fBSSL_CTX_ctrl\fR(\s-1SSL_CTX\s0 *ctx, int cmd, long larg, char *parg);" 4 +.IX Item "long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg);" +.Ip "void \fBSSL_CTX_flush_sessions\fR(\s-1SSL_CTX\s0 *s, long t);" 4 +.IX Item "void SSL_CTX_flush_sessions(SSL_CTX *s, long t);" +.Ip "void \fBSSL_CTX_free\fR(\s-1SSL_CTX\s0 *a);" 4 +.IX Item "void SSL_CTX_free(SSL_CTX *a);" +.Ip "char *\fBSSL_CTX_get_app_data\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "char *SSL_CTX_get_app_data(SSL_CTX *ctx);" +.Ip "X509_STORE *\fBSSL_CTX_get_cert_store\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *ctx);" +.Ip "\s-1STACK\s0 *\fBSSL_CTX_get_client_CA_list\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "STACK *SSL_CTX_get_client_CA_list(SSL_CTX *ctx);" +.Ip "int (*\fBSSL_CTX_get_client_cert_cb\fR(\s-1SSL_CTX\s0 *ctx))(\s-1SSL\s0 *ssl, X509 **x509, \s-1EVP_PKEY\s0 **pkey);" 4 +.IX Item "int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);" +.Ip "char *\fBSSL_CTX_get_ex_data\fR(\s-1SSL_CTX\s0 *s, int idx);" 4 +.IX Item "char *SSL_CTX_get_ex_data(SSL_CTX *s, int idx);" +.Ip "int \fBSSL_CTX_get_ex_new_index\fR(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" 4 +.IX Item "int SSL_CTX_get_ex_new_index(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" +.Ip "void (*\fBSSL_CTX_get_info_callback\fR(\s-1SSL_CTX\s0 *ctx))(\s-1SSL\s0 *ssl, int cb, int ret);" 4 +.IX Item "void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(SSL *ssl, int cb, int ret);" +.Ip "int \fBSSL_CTX_get_quiet_shutdown\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_get_quiet_shutdown(SSL_CTX *ctx);" +.Ip "int \fBSSL_CTX_get_session_cache_mode\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_get_session_cache_mode(SSL_CTX *ctx);" +.Ip "long \fBSSL_CTX_get_timeout\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "long SSL_CTX_get_timeout(SSL_CTX *ctx);" +.Ip "int (*\fBSSL_CTX_get_verify_callback\fR(\s-1SSL_CTX\s0 *ctx))(int ok, X509_STORE_CTX *ctx);" 4 +.IX Item "int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(int ok, X509_STORE_CTX *ctx);" +.Ip "int \fBSSL_CTX_get_verify_mode\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_get_verify_mode(SSL_CTX *ctx);" +.Ip "int \fBSSL_CTX_load_verify_locations\fR(\s-1SSL_CTX\s0 *ctx, char *CAfile, char *CApath);" 4 +.IX Item "int SSL_CTX_load_verify_locations(SSL_CTX *ctx, char *CAfile, char *CApath);" +.Ip "long \fBSSL_CTX_need_tmp_RSA\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "long SSL_CTX_need_tmp_RSA(SSL_CTX *ctx);" +.Ip "\s-1SSL_CTX\s0 *\fBSSL_CTX_new\fR(\s-1SSL_METHOD\s0 *meth);" 4 +.IX Item "SSL_CTX *SSL_CTX_new(SSL_METHOD *meth);" +.Ip "int \fBSSL_CTX_remove_session\fR(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *c);" 4 +.IX Item "int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c);" +.Ip "int \fBSSL_CTX_sess_accept\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_accept(SSL_CTX *ctx);" +.Ip "int \fBSSL_CTX_sess_accept_good\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_accept_good(SSL_CTX *ctx);" +.Ip "int \fBSSL_CTX_sess_accept_renegotiate\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_accept_renegotiate(SSL_CTX *ctx);" +.Ip "int \fBSSL_CTX_sess_cache_full\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_cache_full(SSL_CTX *ctx);" +.Ip "int \fBSSL_CTX_sess_cb_hits\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_cb_hits(SSL_CTX *ctx);" +.Ip "int \fBSSL_CTX_sess_connect\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_connect(SSL_CTX *ctx);" +.Ip "int \fBSSL_CTX_sess_connect_good\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_connect_good(SSL_CTX *ctx);" +.Ip "int \fBSSL_CTX_sess_connect_renegotiate\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_connect_renegotiate(SSL_CTX *ctx);" +.Ip "int \fBSSL_CTX_sess_get_cache_size\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_get_cache_size(SSL_CTX *ctx);" +.Ip "\s-1SSL_SESSION\s0 *(*\fBSSL_CTX_sess_get_get_cb\fR(\s-1SSL_CTX\s0 *ctx))(\s-1SSL\s0 *ssl, unsigned char *data, int len, int *copy);" 4 +.IX Item "SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, unsigned char *data, int len, int *copy);" +.Ip "int (*\fBSSL_CTX_sess_get_new_cb\fR(\s-1SSL_CTX\s0 *ctx)(\s-1SSL\s0 *ssl, \s-1SSL_SESSION\s0 *sess);" 4 +.IX Item "int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)(SSL *ssl, SSL_SESSION *sess);" +.Ip "void (*\fBSSL_CTX_sess_get_remove_cb\fR(\s-1SSL_CTX\s0 *ctx)(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *sess);" 4 +.IX Item "void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)(SSL_CTX *ctx, SSL_SESSION *sess);" +.Ip "int \fBSSL_CTX_sess_hits\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_hits(SSL_CTX *ctx);" +.Ip "int \fBSSL_CTX_sess_misses\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_misses(SSL_CTX *ctx);" +.Ip "int \fBSSL_CTX_sess_number\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_number(SSL_CTX *ctx);" +.Ip "void \fBSSL_CTX_sess_set_cache_size\fR(\s-1SSL_CTX\s0 *ctx,t);" 4 +.IX Item "void SSL_CTX_sess_set_cache_size(SSL_CTX *ctx,t);" +.Ip "void \fBSSL_CTX_sess_set_get_cb\fR(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *(*cb)(\s-1SSL\s0 *ssl, unsigned char *data, int len, int *copy));" 4 +.IX Item "void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*cb)(SSL *ssl, unsigned char *data, int len, int *copy));" +.Ip "void \fBSSL_CTX_sess_set_new_cb\fR(\s-1SSL_CTX\s0 *ctx, int (*cb)(\s-1SSL\s0 *ssl, \s-1SSL_SESSION\s0 *sess));" 4 +.IX Item "void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, SSL_SESSION *sess));" +.Ip "void \fBSSL_CTX_sess_set_remove_cb\fR(\s-1SSL_CTX\s0 *ctx, void (*cb)(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *sess));" 4 +.IX Item "void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess));" +.Ip "int \fBSSL_CTX_sess_timeouts\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_timeouts(SSL_CTX *ctx);" +.Ip "\s-1LHASH\s0 *\fBSSL_CTX_sessions\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "LHASH *SSL_CTX_sessions(SSL_CTX *ctx);" +.Ip "void \fBSSL_CTX_set_app_data\fR(\s-1SSL_CTX\s0 *ctx, void *arg);" 4 +.IX Item "void SSL_CTX_set_app_data(SSL_CTX *ctx, void *arg);" +.Ip "void \fBSSL_CTX_set_cert_store\fR(\s-1SSL_CTX\s0 *ctx, X509_STORE *cs);" 4 +.IX Item "void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *cs);" +.Ip "void \fBSSL_CTX_set_cert_verify_cb\fR(\s-1SSL_CTX\s0 *ctx, int (*cb)(), char *arg)" 4 +.IX Item "void SSL_CTX_set_cert_verify_cb(SSL_CTX *ctx, int (*cb)(), char *arg)" +.Ip "int \fBSSL_CTX_set_cipher_list\fR(\s-1SSL_CTX\s0 *ctx, char *str);" 4 +.IX Item "int SSL_CTX_set_cipher_list(SSL_CTX *ctx, char *str);" +.Ip "void \fBSSL_CTX_set_client_CA_list\fR(\s-1SSL_CTX\s0 *ctx, \s-1STACK\s0 *list);" 4 +.IX Item "void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK *list);" +.Ip "void \fBSSL_CTX_set_client_cert_cb\fR(\s-1SSL_CTX\s0 *ctx, int (*cb)(\s-1SSL\s0 *ssl, X509 **x509, \s-1EVP_PKEY\s0 **pkey));" 4 +.IX Item "void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));" +.Ip "void \fBSSL_CTX_set_default_passwd_cb\fR(\s-1SSL_CTX\s0 *ctx, int (*cb);(void))" 4 +.IX Item "void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, int (*cb);(void))" +.Ip "void \fBSSL_CTX_set_default_read_ahead\fR(\s-1SSL_CTX\s0 *ctx, int m);" 4 +.IX Item "void SSL_CTX_set_default_read_ahead(SSL_CTX *ctx, int m);" +.Ip "int \fBSSL_CTX_set_default_verify_paths\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);" +.Ip "int \fBSSL_CTX_set_ex_data\fR(\s-1SSL_CTX\s0 *s, int idx, char *arg);" 4 +.IX Item "int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, char *arg);" +.Ip "void \fBSSL_CTX_set_info_callback\fR(\s-1SSL_CTX\s0 *ctx, void (*cb)(\s-1SSL\s0 *ssl, int cb, int ret));" 4 +.IX Item "void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(SSL *ssl, int cb, int ret));" +.Ip "void \fBSSL_CTX_set_msg_callback\fR(\s-1SSL_CTX\s0 *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, \s-1SSL\s0 *ssl, void *arg));" 4 +.IX Item "void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));" +.Ip "void \fBSSL_CTX_set_msg_callback_arg\fR(\s-1SSL_CTX\s0 *ctx, void *arg);" 4 +.IX Item "void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg);" +.Ip "void \fBSSL_CTX_set_options\fR(\s-1SSL_CTX\s0 *ctx, unsigned long op);" 4 +.IX Item "void SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op);" +.Ip "void \fBSSL_CTX_set_quiet_shutdown\fR(\s-1SSL_CTX\s0 *ctx, int mode);" 4 +.IX Item "void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode);" +.Ip "void \fBSSL_CTX_set_session_cache_mode\fR(\s-1SSL_CTX\s0 *ctx, int mode);" 4 +.IX Item "void SSL_CTX_set_session_cache_mode(SSL_CTX *ctx, int mode);" +.Ip "int \fBSSL_CTX_set_ssl_version\fR(\s-1SSL_CTX\s0 *ctx, \s-1SSL_METHOD\s0 *meth);" 4 +.IX Item "int SSL_CTX_set_ssl_version(SSL_CTX *ctx, SSL_METHOD *meth);" +.Ip "void \fBSSL_CTX_set_timeout\fR(\s-1SSL_CTX\s0 *ctx, long t);" 4 +.IX Item "void SSL_CTX_set_timeout(SSL_CTX *ctx, long t);" +.Ip "long \fBSSL_CTX_set_tmp_dh\fR(SSL_CTX* ctx, \s-1DH\s0 *dh);" 4 +.IX Item "long SSL_CTX_set_tmp_dh(SSL_CTX* ctx, DH *dh);" +.Ip "long \fBSSL_CTX_set_tmp_dh_callback\fR(\s-1SSL_CTX\s0 *ctx, \s-1DH\s0 *(*cb)(void));" 4 +.IX Item "long SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*cb)(void));" +.Ip "long \fBSSL_CTX_set_tmp_rsa\fR(\s-1SSL_CTX\s0 *ctx, \s-1RSA\s0 *rsa);" 4 +.IX Item "long SSL_CTX_set_tmp_rsa(SSL_CTX *ctx, RSA *rsa);" +.Ip "SSL_CTX_set_tmp_rsa_callback" 4 +.IX Item "SSL_CTX_set_tmp_rsa_callback" +.PD +\&\f(CW\*(C`long \f(CBSSL_CTX_set_tmp_rsa_callback\f(CW(SSL_CTX *\f(CBctx\f(CW, RSA *(*\f(CBcb\f(CW)(SSL *\f(CBssl\f(CW, int \f(CBexport\f(CW, int \f(CBkeylength\f(CW));\*(C'\fR +.Sp +Sets the callback which will be called when a temporary private key is +required. The \fB\f(CB\*(C`export\*(C'\fB\fR flag will be set if the reason for needing +a temp key is that an export ciphersuite is in use, in which case, +\&\fB\f(CB\*(C`keylength\*(C'\fB\fR will contain the required keylength in bits. Generate a key of +appropriate size (using ???) and return it. +.Ip "SSL_set_tmp_rsa_callback" 4 +.IX Item "SSL_set_tmp_rsa_callback" +long \fBSSL_set_tmp_rsa_callback\fR(\s-1SSL\s0 *ssl, \s-1RSA\s0 *(*cb)(\s-1SSL\s0 *ssl, int export, int keylength)); +.Sp +The same as \fBSSL_CTX_set_tmp_rsa_callback\fR, except it operates on an \s-1SSL\s0 +session instead of a context. +.Ip "void \fBSSL_CTX_set_verify\fR(\s-1SSL_CTX\s0 *ctx, int mode, int (*cb);(void))" 4 +.IX Item "void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*cb);(void))" +.PD 0 +.Ip "int \fBSSL_CTX_use_PrivateKey\fR(\s-1SSL_CTX\s0 *ctx, \s-1EVP_PKEY\s0 *pkey);" 4 +.IX Item "int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);" +.Ip "int \fBSSL_CTX_use_PrivateKey_ASN1\fR(int type, \s-1SSL_CTX\s0 *ctx, unsigned char *d, long len);" 4 +.IX Item "int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, unsigned char *d, long len);" +.Ip "int \fBSSL_CTX_use_PrivateKey_file\fR(\s-1SSL_CTX\s0 *ctx, char *file, int type);" 4 +.IX Item "int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, char *file, int type);" +.Ip "int \fBSSL_CTX_use_RSAPrivateKey\fR(\s-1SSL_CTX\s0 *ctx, \s-1RSA\s0 *rsa);" 4 +.IX Item "int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);" +.Ip "int \fBSSL_CTX_use_RSAPrivateKey_ASN1\fR(\s-1SSL_CTX\s0 *ctx, unsigned char *d, long len);" 4 +.IX Item "int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len);" +.Ip "int \fBSSL_CTX_use_RSAPrivateKey_file\fR(\s-1SSL_CTX\s0 *ctx, char *file, int type);" 4 +.IX Item "int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, char *file, int type);" +.Ip "int \fBSSL_CTX_use_certificate\fR(\s-1SSL_CTX\s0 *ctx, X509 *x);" 4 +.IX Item "int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);" +.Ip "int \fBSSL_CTX_use_certificate_ASN1\fR(\s-1SSL_CTX\s0 *ctx, int len, unsigned char *d);" 4 +.IX Item "int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d);" +.Ip "int \fBSSL_CTX_use_certificate_file\fR(\s-1SSL_CTX\s0 *ctx, char *file, int type);" 4 +.IX Item "int SSL_CTX_use_certificate_file(SSL_CTX *ctx, char *file, int type);" +.PD +.Sh "\s-1DEALING\s0 \s-1WITH\s0 \s-1SESSIONS\s0" +.IX Subsection "DEALING WITH SESSIONS" +Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 +sessions defined in the \fB\s-1SSL_SESSION\s0\fR structures. +.Ip "int \fBSSL_SESSION_cmp\fR(\s-1SSL_SESSION\s0 *a, \s-1SSL_SESSION\s0 *b);" 4 +.IX Item "int SSL_SESSION_cmp(SSL_SESSION *a, SSL_SESSION *b);" +.PD 0 +.Ip "void \fBSSL_SESSION_free\fR(\s-1SSL_SESSION\s0 *ss);" 4 +.IX Item "void SSL_SESSION_free(SSL_SESSION *ss);" +.Ip "char *\fBSSL_SESSION_get_app_data\fR(\s-1SSL_SESSION\s0 *s);" 4 +.IX Item "char *SSL_SESSION_get_app_data(SSL_SESSION *s);" +.Ip "char *\fBSSL_SESSION_get_ex_data\fR(\s-1SSL_SESSION\s0 *s, int idx);" 4 +.IX Item "char *SSL_SESSION_get_ex_data(SSL_SESSION *s, int idx);" +.Ip "int \fBSSL_SESSION_get_ex_new_index\fR(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" 4 +.IX Item "int SSL_SESSION_get_ex_new_index(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" +.Ip "long \fBSSL_SESSION_get_time\fR(\s-1SSL_SESSION\s0 *s);" 4 +.IX Item "long SSL_SESSION_get_time(SSL_SESSION *s);" +.Ip "long \fBSSL_SESSION_get_timeout\fR(\s-1SSL_SESSION\s0 *s);" 4 +.IX Item "long SSL_SESSION_get_timeout(SSL_SESSION *s);" +.Ip "unsigned long \fBSSL_SESSION_hash\fR(\s-1SSL_SESSION\s0 *a);" 4 +.IX Item "unsigned long SSL_SESSION_hash(SSL_SESSION *a);" +.Ip "\s-1SSL_SESSION\s0 *\fBSSL_SESSION_new\fR(void);" 4 +.IX Item "SSL_SESSION *SSL_SESSION_new(void);" +.Ip "int \fBSSL_SESSION_print\fR(\s-1BIO\s0 *bp, \s-1SSL_SESSION\s0 *x);" 4 +.IX Item "int SSL_SESSION_print(BIO *bp, SSL_SESSION *x);" +.Ip "int \fBSSL_SESSION_print_fp\fR(\s-1FILE\s0 *fp, \s-1SSL_SESSION\s0 *x);" 4 +.IX Item "int SSL_SESSION_print_fp(FILE *fp, SSL_SESSION *x);" +.Ip "void \fBSSL_SESSION_set_app_data\fR(\s-1SSL_SESSION\s0 *s, char *a);" 4 +.IX Item "void SSL_SESSION_set_app_data(SSL_SESSION *s, char *a);" +.Ip "int \fBSSL_SESSION_set_ex_data\fR(\s-1SSL_SESSION\s0 *s, int idx, char *arg);" 4 +.IX Item "int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, char *arg);" +.Ip "long \fBSSL_SESSION_set_time\fR(\s-1SSL_SESSION\s0 *s, long t);" 4 +.IX Item "long SSL_SESSION_set_time(SSL_SESSION *s, long t);" +.Ip "long \fBSSL_SESSION_set_timeout\fR(\s-1SSL_SESSION\s0 *s, long t);" 4 +.IX Item "long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);" +.PD +.Sh "\s-1DEALING\s0 \s-1WITH\s0 \s-1CONNECTIONS\s0" +.IX Subsection "DEALING WITH CONNECTIONS" +Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 +connection defined in the \fB\s-1SSL\s0\fR structure. +.Ip "int \fBSSL_accept\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_accept(SSL *ssl);" +.PD 0 +.Ip "int \fBSSL_add_dir_cert_subjects_to_stack\fR(\s-1STACK\s0 *stack, const char *dir);" 4 +.IX Item "int SSL_add_dir_cert_subjects_to_stack(STACK *stack, const char *dir);" +.Ip "int \fBSSL_add_file_cert_subjects_to_stack\fR(\s-1STACK\s0 *stack, const char *file);" 4 +.IX Item "int SSL_add_file_cert_subjects_to_stack(STACK *stack, const char *file);" +.Ip "int \fBSSL_add_client_CA\fR(\s-1SSL\s0 *ssl, X509 *x);" 4 +.IX Item "int SSL_add_client_CA(SSL *ssl, X509 *x);" +.Ip "char *\fBSSL_alert_desc_string\fR(int value);" 4 +.IX Item "char *SSL_alert_desc_string(int value);" +.Ip "char *\fBSSL_alert_desc_string_long\fR(int value);" 4 +.IX Item "char *SSL_alert_desc_string_long(int value);" +.Ip "char *\fBSSL_alert_type_string\fR(int value);" 4 +.IX Item "char *SSL_alert_type_string(int value);" +.Ip "char *\fBSSL_alert_type_string_long\fR(int value);" 4 +.IX Item "char *SSL_alert_type_string_long(int value);" +.Ip "int \fBSSL_check_private_key\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_check_private_key(SSL *ssl);" +.Ip "void \fBSSL_clear\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "void SSL_clear(SSL *ssl);" +.Ip "long \fBSSL_clear_num_renegotiations\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "long SSL_clear_num_renegotiations(SSL *ssl);" +.Ip "int \fBSSL_connect\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_connect(SSL *ssl);" +.Ip "void \fBSSL_copy_session_id\fR(\s-1SSL\s0 *t, \s-1SSL\s0 *f);" 4 +.IX Item "void SSL_copy_session_id(SSL *t, SSL *f);" +.Ip "long \fBSSL_ctrl\fR(\s-1SSL\s0 *ssl, int cmd, long larg, char *parg);" 4 +.IX Item "long SSL_ctrl(SSL *ssl, int cmd, long larg, char *parg);" +.Ip "int \fBSSL_do_handshake\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_do_handshake(SSL *ssl);" +.Ip "\s-1SSL\s0 *\fBSSL_dup\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "SSL *SSL_dup(SSL *ssl);" +.Ip "\s-1STACK\s0 *\fBSSL_dup_CA_list\fR(\s-1STACK\s0 *sk);" 4 +.IX Item "STACK *SSL_dup_CA_list(STACK *sk);" +.Ip "void \fBSSL_free\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "void SSL_free(SSL *ssl);" +.Ip "\s-1SSL_CTX\s0 *\fBSSL_get_SSL_CTX\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "SSL_CTX *SSL_get_SSL_CTX(SSL *ssl);" +.Ip "char *\fBSSL_get_app_data\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "char *SSL_get_app_data(SSL *ssl);" +.Ip "X509 *\fBSSL_get_certificate\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "X509 *SSL_get_certificate(SSL *ssl);" +.Ip "const char *\fBSSL_get_cipher\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "const char *SSL_get_cipher(SSL *ssl);" +.Ip "int \fBSSL_get_cipher_bits\fR(\s-1SSL\s0 *ssl, int *alg_bits);" 4 +.IX Item "int SSL_get_cipher_bits(SSL *ssl, int *alg_bits);" +.Ip "char *\fBSSL_get_cipher_list\fR(\s-1SSL\s0 *ssl, int n);" 4 +.IX Item "char *SSL_get_cipher_list(SSL *ssl, int n);" +.Ip "char *\fBSSL_get_cipher_name\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "char *SSL_get_cipher_name(SSL *ssl);" +.Ip "char *\fBSSL_get_cipher_version\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "char *SSL_get_cipher_version(SSL *ssl);" +.Ip "\s-1STACK\s0 *\fBSSL_get_ciphers\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "STACK *SSL_get_ciphers(SSL *ssl);" +.Ip "\s-1STACK\s0 *\fBSSL_get_client_CA_list\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "STACK *SSL_get_client_CA_list(SSL *ssl);" +.Ip "\s-1SSL_CIPHER\s0 *\fBSSL_get_current_cipher\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "SSL_CIPHER *SSL_get_current_cipher(SSL *ssl);" +.Ip "long \fBSSL_get_default_timeout\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "long SSL_get_default_timeout(SSL *ssl);" +.Ip "int \fBSSL_get_error\fR(\s-1SSL\s0 *ssl, int i);" 4 +.IX Item "int SSL_get_error(SSL *ssl, int i);" +.Ip "char *\fBSSL_get_ex_data\fR(\s-1SSL\s0 *ssl, int idx);" 4 +.IX Item "char *SSL_get_ex_data(SSL *ssl, int idx);" +.Ip "int \fBSSL_get_ex_data_X509_STORE_CTX_idx\fR(void);" 4 +.IX Item "int SSL_get_ex_data_X509_STORE_CTX_idx(void);" +.Ip "int \fBSSL_get_ex_new_index\fR(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" 4 +.IX Item "int SSL_get_ex_new_index(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" +.Ip "int \fBSSL_get_fd\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_get_fd(SSL *ssl);" +.Ip "void (*\fBSSL_get_info_callback\fR(\s-1SSL\s0 *ssl);)(void)" 4 +.IX Item "void (*SSL_get_info_callback(SSL *ssl);)(void)" +.Ip "\s-1STACK\s0 *\fBSSL_get_peer_cert_chain\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "STACK *SSL_get_peer_cert_chain(SSL *ssl);" +.Ip "X509 *\fBSSL_get_peer_certificate\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "X509 *SSL_get_peer_certificate(SSL *ssl);" +.Ip "\s-1EVP_PKEY\s0 *\fBSSL_get_privatekey\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "EVP_PKEY *SSL_get_privatekey(SSL *ssl);" +.Ip "int \fBSSL_get_quiet_shutdown\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_get_quiet_shutdown(SSL *ssl);" +.Ip "\s-1BIO\s0 *\fBSSL_get_rbio\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "BIO *SSL_get_rbio(SSL *ssl);" +.Ip "int \fBSSL_get_read_ahead\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_get_read_ahead(SSL *ssl);" +.Ip "\s-1SSL_SESSION\s0 *\fBSSL_get_session\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "SSL_SESSION *SSL_get_session(SSL *ssl);" +.Ip "char *\fBSSL_get_shared_ciphers\fR(\s-1SSL\s0 *ssl, char *buf, int len);" 4 +.IX Item "char *SSL_get_shared_ciphers(SSL *ssl, char *buf, int len);" +.Ip "int \fBSSL_get_shutdown\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_get_shutdown(SSL *ssl);" +.Ip "\s-1SSL_METHOD\s0 *\fBSSL_get_ssl_method\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "SSL_METHOD *SSL_get_ssl_method(SSL *ssl);" +.Ip "int \fBSSL_get_state\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_get_state(SSL *ssl);" +.Ip "long \fBSSL_get_time\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "long SSL_get_time(SSL *ssl);" +.Ip "long \fBSSL_get_timeout\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "long SSL_get_timeout(SSL *ssl);" +.Ip "int (*\fBSSL_get_verify_callback\fR(\s-1SSL\s0 *ssl);)(void)" 4 +.IX Item "int (*SSL_get_verify_callback(SSL *ssl);)(void)" +.Ip "int \fBSSL_get_verify_mode\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_get_verify_mode(SSL *ssl);" +.Ip "long \fBSSL_get_verify_result\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "long SSL_get_verify_result(SSL *ssl);" +.Ip "char *\fBSSL_get_version\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "char *SSL_get_version(SSL *ssl);" +.Ip "\s-1BIO\s0 *\fBSSL_get_wbio\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "BIO *SSL_get_wbio(SSL *ssl);" +.Ip "int \fBSSL_in_accept_init\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_in_accept_init(SSL *ssl);" +.Ip "int \fBSSL_in_before\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_in_before(SSL *ssl);" +.Ip "int \fBSSL_in_connect_init\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_in_connect_init(SSL *ssl);" +.Ip "int \fBSSL_in_init\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_in_init(SSL *ssl);" +.Ip "int \fBSSL_is_init_finished\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_is_init_finished(SSL *ssl);" +.Ip "\s-1STACK\s0 *\fBSSL_load_client_CA_file\fR(char *file);" 4 +.IX Item "STACK *SSL_load_client_CA_file(char *file);" +.Ip "void \fBSSL_load_error_strings\fR(void);" 4 +.IX Item "void SSL_load_error_strings(void);" +.Ip "\s-1SSL\s0 *\fBSSL_new\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "SSL *SSL_new(SSL_CTX *ctx);" +.Ip "long \fBSSL_num_renegotiations\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "long SSL_num_renegotiations(SSL *ssl);" +.Ip "int \fBSSL_peek\fR(\s-1SSL\s0 *ssl, void *buf, int num);" 4 +.IX Item "int SSL_peek(SSL *ssl, void *buf, int num);" +.Ip "int \fBSSL_pending\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_pending(SSL *ssl);" +.Ip "int \fBSSL_read\fR(\s-1SSL\s0 *ssl, void *buf, int num);" 4 +.IX Item "int SSL_read(SSL *ssl, void *buf, int num);" +.Ip "int \fBSSL_renegotiate\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_renegotiate(SSL *ssl);" +.Ip "char *\fBSSL_rstate_string\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "char *SSL_rstate_string(SSL *ssl);" +.Ip "char *\fBSSL_rstate_string_long\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "char *SSL_rstate_string_long(SSL *ssl);" +.Ip "long \fBSSL_session_reused\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "long SSL_session_reused(SSL *ssl);" +.Ip "void \fBSSL_set_accept_state\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "void SSL_set_accept_state(SSL *ssl);" +.Ip "void \fBSSL_set_app_data\fR(\s-1SSL\s0 *ssl, char *arg);" 4 +.IX Item "void SSL_set_app_data(SSL *ssl, char *arg);" +.Ip "void \fBSSL_set_bio\fR(\s-1SSL\s0 *ssl, \s-1BIO\s0 *rbio, \s-1BIO\s0 *wbio);" 4 +.IX Item "void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio);" +.Ip "int \fBSSL_set_cipher_list\fR(\s-1SSL\s0 *ssl, char *str);" 4 +.IX Item "int SSL_set_cipher_list(SSL *ssl, char *str);" +.Ip "void \fBSSL_set_client_CA_list\fR(\s-1SSL\s0 *ssl, \s-1STACK\s0 *list);" 4 +.IX Item "void SSL_set_client_CA_list(SSL *ssl, STACK *list);" +.Ip "void \fBSSL_set_connect_state\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "void SSL_set_connect_state(SSL *ssl);" +.Ip "int \fBSSL_set_ex_data\fR(\s-1SSL\s0 *ssl, int idx, char *arg);" 4 +.IX Item "int SSL_set_ex_data(SSL *ssl, int idx, char *arg);" +.Ip "int \fBSSL_set_fd\fR(\s-1SSL\s0 *ssl, int fd);" 4 +.IX Item "int SSL_set_fd(SSL *ssl, int fd);" +.Ip "void \fBSSL_set_info_callback\fR(\s-1SSL\s0 *ssl, void (*cb);(void))" 4 +.IX Item "void SSL_set_info_callback(SSL *ssl, void (*cb);(void))" +.Ip "void \fBSSL_set_msg_callback\fR(\s-1SSL\s0 *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, \s-1SSL\s0 *ssl, void *arg));" 4 +.IX Item "void SSL_set_msg_callback(SSL *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));" +.Ip "void \fBSSL_set_msg_callback_arg\fR(\s-1SSL\s0 *ctx, void *arg);" 4 +.IX Item "void SSL_set_msg_callback_arg(SSL *ctx, void *arg);" +.Ip "void \fBSSL_set_options\fR(\s-1SSL\s0 *ssl, unsigned long op);" 4 +.IX Item "void SSL_set_options(SSL *ssl, unsigned long op);" +.Ip "void \fBSSL_set_quiet_shutdown\fR(\s-1SSL\s0 *ssl, int mode);" 4 +.IX Item "void SSL_set_quiet_shutdown(SSL *ssl, int mode);" +.Ip "void \fBSSL_set_read_ahead\fR(\s-1SSL\s0 *ssl, int yes);" 4 +.IX Item "void SSL_set_read_ahead(SSL *ssl, int yes);" +.Ip "int \fBSSL_set_rfd\fR(\s-1SSL\s0 *ssl, int fd);" 4 +.IX Item "int SSL_set_rfd(SSL *ssl, int fd);" +.Ip "int \fBSSL_set_session\fR(\s-1SSL\s0 *ssl, \s-1SSL_SESSION\s0 *session);" 4 +.IX Item "int SSL_set_session(SSL *ssl, SSL_SESSION *session);" +.Ip "void \fBSSL_set_shutdown\fR(\s-1SSL\s0 *ssl, int mode);" 4 +.IX Item "void SSL_set_shutdown(SSL *ssl, int mode);" +.Ip "int \fBSSL_set_ssl_method\fR(\s-1SSL\s0 *ssl, \s-1SSL_METHOD\s0 *meth);" 4 +.IX Item "int SSL_set_ssl_method(SSL *ssl, SSL_METHOD *meth);" +.Ip "void \fBSSL_set_time\fR(\s-1SSL\s0 *ssl, long t);" 4 +.IX Item "void SSL_set_time(SSL *ssl, long t);" +.Ip "void \fBSSL_set_timeout\fR(\s-1SSL\s0 *ssl, long t);" 4 +.IX Item "void SSL_set_timeout(SSL *ssl, long t);" +.Ip "void \fBSSL_set_verify\fR(\s-1SSL\s0 *ssl, int mode, int (*callback);(void))" 4 +.IX Item "void SSL_set_verify(SSL *ssl, int mode, int (*callback);(void))" +.Ip "void \fBSSL_set_verify_result\fR(\s-1SSL\s0 *ssl, long arg);" 4 +.IX Item "void SSL_set_verify_result(SSL *ssl, long arg);" +.Ip "int \fBSSL_set_wfd\fR(\s-1SSL\s0 *ssl, int fd);" 4 +.IX Item "int SSL_set_wfd(SSL *ssl, int fd);" +.Ip "int \fBSSL_shutdown\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_shutdown(SSL *ssl);" +.Ip "int \fBSSL_state\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_state(SSL *ssl);" +.Ip "char *\fBSSL_state_string\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "char *SSL_state_string(SSL *ssl);" +.Ip "char *\fBSSL_state_string_long\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "char *SSL_state_string_long(SSL *ssl);" +.Ip "long \fBSSL_total_renegotiations\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "long SSL_total_renegotiations(SSL *ssl);" +.Ip "int \fBSSL_use_PrivateKey\fR(\s-1SSL\s0 *ssl, \s-1EVP_PKEY\s0 *pkey);" 4 +.IX Item "int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);" +.Ip "int \fBSSL_use_PrivateKey_ASN1\fR(int type, \s-1SSL\s0 *ssl, unsigned char *d, long len);" 4 +.IX Item "int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, unsigned char *d, long len);" +.Ip "int \fBSSL_use_PrivateKey_file\fR(\s-1SSL\s0 *ssl, char *file, int type);" 4 +.IX Item "int SSL_use_PrivateKey_file(SSL *ssl, char *file, int type);" +.Ip "int \fBSSL_use_RSAPrivateKey\fR(\s-1SSL\s0 *ssl, \s-1RSA\s0 *rsa);" 4 +.IX Item "int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);" +.Ip "int \fBSSL_use_RSAPrivateKey_ASN1\fR(\s-1SSL\s0 *ssl, unsigned char *d, long len);" 4 +.IX Item "int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);" +.Ip "int \fBSSL_use_RSAPrivateKey_file\fR(\s-1SSL\s0 *ssl, char *file, int type);" 4 +.IX Item "int SSL_use_RSAPrivateKey_file(SSL *ssl, char *file, int type);" +.Ip "int \fBSSL_use_certificate\fR(\s-1SSL\s0 *ssl, X509 *x);" 4 +.IX Item "int SSL_use_certificate(SSL *ssl, X509 *x);" +.Ip "int \fBSSL_use_certificate_ASN1\fR(\s-1SSL\s0 *ssl, int len, unsigned char *d);" 4 +.IX Item "int SSL_use_certificate_ASN1(SSL *ssl, int len, unsigned char *d);" +.Ip "int \fBSSL_use_certificate_file\fR(\s-1SSL\s0 *ssl, char *file, int type);" 4 +.IX Item "int SSL_use_certificate_file(SSL *ssl, char *file, int type);" +.Ip "int \fBSSL_version\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_version(SSL *ssl);" +.Ip "int \fBSSL_want\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_want(SSL *ssl);" +.Ip "int \fBSSL_want_nothing\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_want_nothing(SSL *ssl);" +.Ip "int \fBSSL_want_read\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_want_read(SSL *ssl);" +.Ip "int \fBSSL_want_write\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_want_write(SSL *ssl);" +.Ip "int \fBSSL_want_x509_lookup\fR(s);" 4 +.IX Item "int SSL_want_x509_lookup(s);" +.Ip "int \fBSSL_write\fR(\s-1SSL\s0 *ssl, const void *buf, int num);" 4 +.IX Item "int SSL_write(SSL *ssl, const void *buf, int num);" +.PD +.SH "SEE ALSO" +.IX Header "SEE ALSO" +openssl(1), crypto(3), +SSL_accept(3), SSL_clear(3), +SSL_connect(3), +SSL_CIPHER_get_name(3), +SSL_COMP_add_compression_method(3), +SSL_CTX_add_extra_chain_cert(3), +SSL_CTX_add_session(3), +SSL_CTX_ctrl(3), +SSL_CTX_flush_sessions(3), +SSL_CTX_get_ex_new_index(3), +SSL_CTX_get_verify_mode(3), +SSL_CTX_load_verify_locations(3) +SSL_CTX_new(3), +SSL_CTX_sess_number(3), +SSL_CTX_sess_set_cache_size(3), +SSL_CTX_sess_set_get_cb(3), +SSL_CTX_sessions(3), +SSL_CTX_set_cert_store(3), +SSL_CTX_set_cert_verify_callback(3), +SSL_CTX_set_cipher_list(3), +SSL_CTX_set_client_CA_list(3), +SSL_CTX_set_client_cert_cb(3), +SSL_CTX_set_default_passwd_cb(3), +SSL_CTX_set_generate_session_id(3), +SSL_CTX_set_info_callback(3), +SSL_CTX_set_max_cert_list(3), +SSL_CTX_set_mode(3), +SSL_CTX_set_msg_callback(3), +SSL_CTX_set_options(3), +SSL_CTX_set_quiet_shutdown(3), +SSL_CTX_set_session_cache_mode(3), +SSL_CTX_set_session_id_context(3), +SSL_CTX_set_ssl_version(3), +SSL_CTX_set_timeout(3), +SSL_CTX_set_tmp_rsa_callback(3), +SSL_CTX_set_tmp_dh_callback(3), +SSL_CTX_set_verify(3), +SSL_CTX_use_certificate(3), +SSL_alert_type_string(3), +SSL_do_handshake(3), +SSL_get_SSL_CTX(3), +SSL_get_ciphers(3), +SSL_get_client_CA_list(3), +SSL_get_default_timeout(3), +SSL_get_error(3), +SSL_get_ex_data_X509_STORE_CTX_idx(3), +SSL_get_ex_new_index(3), +SSL_get_fd(3), +SSL_get_peer_cert_chain(3), +SSL_get_rbio(3), +SSL_get_session(3), +SSL_get_verify_result(3), +SSL_get_version(3), +SSL_library_init(3), +SSL_load_client_CA_file(3), +SSL_new(3), +SSL_pending(3), +SSL_read(3), +SSL_rstate_string(3), +SSL_session_reused(3), +SSL_set_bio(3), +SSL_set_connect_state(3), +SSL_set_fd(3), +SSL_set_session(3), +SSL_set_shutdown(3), +SSL_shutdown(3), +SSL_state_string(3), +SSL_want(3), +SSL_write(3), +SSL_SESSION_free(3), +SSL_SESSION_get_ex_new_index(3), +SSL_SESSION_get_time(3), +d2i_SSL_SESSION(3) +.SH "HISTORY" +.IX Header "HISTORY" +The ssl(3) document appeared in OpenSSL 0.9.2 |
