From 8b3efb53027dd4f7d51b7ca9dd9658f02d6f1b1a Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Sat, 12 Oct 2019 17:45:56 -0400 Subject: [PATCH] Update the SSL/TLS connection options Refactor common flags for SSL/TLS connection options. Update SSL_CONF_cmd.pod to match ordering. Rewrite much of the documentation. Fixes #10160 Reviewed-by: Matt Caswell Reviewed-by: Dmitry Belyavskiy Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/10191) --- doc/man1/openssl-s_server.pod.in | 19 +- doc/man3/SSL_CONF_cmd.pod | 355 ++++++++++++++++--------------- doc/perlvars.pm | 17 +- 3 files changed, 201 insertions(+), 190 deletions(-) diff --git a/doc/man1/openssl-s_server.pod.in b/doc/man1/openssl-s_server.pod.in index 78119281db..b31d4f6a2c 100644 --- a/doc/man1/openssl-s_server.pod.in +++ b/doc/man1/openssl-s_server.pod.in @@ -41,6 +41,7 @@ B B [B<-no_resume_ephemeral>] [B<-www>] [B<-WWW>] +[B<-http_server_binmode>] [B<-servername>] [B<-servername_fatal>] [B<-cert2> I] @@ -88,7 +89,6 @@ B B [B<-no_comp>] [B<-comp>] [B<-no_ticket>] -[B<-num_tickets>] [B<-serverpref>] [B<-legacy_renegotiation>] [B<-no_renegotiation>] @@ -125,16 +125,17 @@ B B [B<-use_srtp> I] [B<-alpn> I] [B<-keylogfile> I] -[B<-max_early_data> I] [B<-recv_max_early_data> I] +[B<-max_early_data> I] [B<-early_data>] [B<-stateless>] [B<-anti_replay>] [B<-no_anti_replay>] -[B<-http_server_binmode>] +[B<-num_tickets>] {- $OpenSSL::safe::opt_name_synopsis -} {- $OpenSSL::safe::opt_version_synopsis -} {- $OpenSSL::safe::opt_v_synopsis -} +{- $OpenSSL::safe::opt_s_synopsis -} {- $OpenSSL::safe::opt_x_synopsis -} {- $OpenSSL::safe::opt_trust_synopsis -} {- $OpenSSL::safe::opt_r_synopsis -} @@ -371,6 +372,11 @@ In addition, the special URL C will return status information like the B<-www> option. Neither of these options can be used in conjunction with B<-early_data>. +=item B<-http_server_binmode> + +When acting as web-server (using option B<-WWW> or B<-HTTP>) open files requested +by the client in binary mode. + =item B<-id_prefix> I Generate SSL/TLS session IDs prefixed by I. This is mostly useful @@ -641,15 +647,12 @@ has been negotiated, and early data is enabled on the server. A full handshake is forced if a session ticket is used a second or subsequent time. Any early data that was sent will be rejected. -=item B<-http_server_binmode> - -When acting as web-server (using option B<-WWW> or B<-HTTP>) open files requested -by the client in binary mode. - {- $OpenSSL::safe::opt_name_item -} {- $OpenSSL::safe::opt_version_item -} +{- $OpenSSL::safe::opt_s_item -} + {- $OpenSSL::safe::opt_x_item -} {- $OpenSSL::safe::opt_trust_item -} diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod index ea1f1e8503..f1714084df 100644 --- a/doc/man3/SSL_CONF_cmd.pod +++ b/doc/man3/SSL_CONF_cmd.pod @@ -9,168 +9,38 @@ SSL_CONF_cmd - send configuration command #include - int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value); - int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd); + int SSL_CONF_cmd(SSL_CONF_CTX *ctx, const char *option, const char *value); + int SSL_CONF_cmd_value_type(SSL_CONF_CTX *ctx, const char *option); =head1 DESCRIPTION -The function SSL_CONF_cmd() performs configuration operation B with +The function SSL_CONF_cmd() performs configuration operation B