mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-12 13:36:28 +08:00
Code Issues Packages Projects Releases Wiki Activity

doc: use the documented =item markers

Browse Source 
The generated lists[1] look weird when using a dash as the list item
character. Perlpod documents[2] '*' for unordered lists and '1.' (note
the period) for ordered lists. Use these characters instead.

[1] e.g. https://www.openssl.org/docs/manmaster/man7/migration_guide.html#New-Algorithms
[2] https://perldoc.perl.org/perlpod

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16190)
This commit is contained in:
Beat Bolli 2021-07-30 18:39:51 +02:00 committed by Pauli
parent 92c03668c0
commit 2fc02378ff
4 changed files with 265 additions and 262 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
doc/man1/openssl-verification-options.pod
View File

@ -274,50 +274,50 @@ among others, the following certificate well-formedness conditions are checked:
=over 4
=item -
=item *
The basicConstraints of CA certificates must be marked critical.
=item -
=item *
CA certificates must explicitly include the keyUsage extension.
=item -
=item *
If a pathlenConstraint is given the key usage keyCertSign must be allowed.
=item -
=item *
The pathlenConstraint must not be given for non-CA certificates.
=item -
=item *
The issuer name of any certificate must not be empty.
=item -
=item *
The subject name of CA certs, certs with keyUsage crlSign, and certs
without subjectAlternativeName must not be empty.
=item -
=item *
If a subjectAlternativeName extension is given it must not be empty.
=item -
=item *
The signatureAlgorithm field and the cert signature must be consistent.
=item -
=item *
Any given authorityKeyIdentifier and any given subjectKeyIdentifier
must not be marked critical.
=item -
=item *
The authorityKeyIdentifier must be given for X.509v3 certs unless they
are self-signed.
=item -
=item *
The subjectKeyIdentifier must be given for all X.509v3 CA certs.

14
doc/man7/fips_module.pod
View File

@ -22,15 +22,15 @@ legacy APIs or features that avoid the FIPS module. Specifically this includes:
=over 4
=item -
=item *
Low level cryptographic APIs (use the high level APIs, such as EVP, instead)
=item -
=item *
Engines
=item -
=item *
Any functions that create or modify custom "METHODS" (for example
EVP_MD_meth_new(), EVP_CIPHER_meth_new(), EVP_PKEY_meth_new(), RSA_meth_new(),
@ -110,21 +110,21 @@ some disadvantages to this approach:
=over 4
=item -
=item *
You may not want all applications to use the FIPS module.
It may be the case that some applications should and some should not use the
FIPS module.
=item -
=item *
If applications take explicit steps to not load the default config file or
set different settings.
This method will not work for these cases.
=item -
=item *
The algorithms available in the FIPS module are a subset of the algorithms
that are available in the default OpenSSL Provider.
@ -132,7 +132,7 @@ that are available in the default OpenSSL Provider.
If any applications attempt to use any algorithms that are not present,
then they will fail.
=item -
=item *
Usage of certain deprecated APIs avoids the use of the FIPS module.

487
doc/man7/migration_guide.pod
View File

File diff suppressed because it is too large Load Diff

4
util/perl/OpenSSL/Template.pm
View File

@ -22,12 +22,12 @@ following additions:
=over 4
=item -
=item *
The template perl code delimiters (given with the C<DELIMITER> option)
are set to C<{-> and C<-}> by default.
=item -
=item *
A few extra functions are offered to be used by the template perl code, see
L</Functions>.