mirror of
https://github.com/openssl/openssl.git
synced 2024-11-27 05:21:51 +08:00
Merge branch 'rsalz-docfixes'
This commit is contained in:
commit
b5071dc2f6
@ -15,6 +15,8 @@ B<openssl> B<asn1parse>
|
||||
[B<-length number>]
|
||||
[B<-i>]
|
||||
[B<-oid filename>]
|
||||
[B<-dump>]
|
||||
[B<-dlimit num>]
|
||||
[B<-strparse offset>]
|
||||
[B<-genstr string>]
|
||||
[B<-genconf file>]
|
||||
@ -65,6 +67,14 @@ indents the output according to the "depth" of the structures.
|
||||
a file containing additional OBJECT IDENTIFIERs (OIDs). The format of this
|
||||
file is described in the NOTES section below.
|
||||
|
||||
=item B<-dump>
|
||||
|
||||
dump unknown data in hex format.
|
||||
|
||||
=item B<-dlimit num>
|
||||
|
||||
like B<-dump>, but only the first B<num> bytes are output.
|
||||
|
||||
=item B<-strparse offset>
|
||||
|
||||
parse the contents octets of the ASN.1 object starting at B<offset>. This
|
||||
|
@ -13,6 +13,8 @@ B<openssl> B<ca>
|
||||
[B<-name section>]
|
||||
[B<-gencrl>]
|
||||
[B<-revoke file>]
|
||||
[B<-status serial>]
|
||||
[B<-updatedb>]
|
||||
[B<-crl_reason reason>]
|
||||
[B<-crl_hold instruction>]
|
||||
[B<-crl_compromise time>]
|
||||
@ -26,6 +28,7 @@ B<openssl> B<ca>
|
||||
[B<-md arg>]
|
||||
[B<-policy arg>]
|
||||
[B<-keyfile arg>]
|
||||
[B<-keyform PEM|DER>]
|
||||
[B<-key arg>]
|
||||
[B<-passin arg>]
|
||||
[B<-cert file>]
|
||||
@ -83,7 +86,7 @@ a single self signed certificate to be signed by the CA.
|
||||
|
||||
a file containing a single Netscape signed public key and challenge
|
||||
and additional field values to be signed by the CA. See the B<SPKAC FORMAT>
|
||||
section for information on the required format.
|
||||
section for information on the required input and output format.
|
||||
|
||||
=item B<-infiles>
|
||||
|
||||
@ -94,7 +97,7 @@ are assumed to the the names of files containing certificate requests.
|
||||
|
||||
the output file to output certificates to. The default is standard
|
||||
output. The certificate details will also be printed out to this
|
||||
file.
|
||||
file in PEM format (except that B<-spkac> outputs DER format).
|
||||
|
||||
=item B<-outdir directory>
|
||||
|
||||
@ -110,6 +113,11 @@ the CA certificate file.
|
||||
|
||||
the private key to sign requests with.
|
||||
|
||||
=item B<-keyform PEM|DER>
|
||||
|
||||
the format of the data in the private key file.
|
||||
The default is PEM.
|
||||
|
||||
=item B<-key password>
|
||||
|
||||
the password used to encrypt the private key. Since on some
|
||||
@ -267,6 +275,15 @@ the number of hours before the next CRL is due.
|
||||
|
||||
a filename containing a certificate to revoke.
|
||||
|
||||
=item B<-status serial>
|
||||
|
||||
displays the revocation status of the certificate with the specified
|
||||
serial number and exits.
|
||||
|
||||
=item B<-updatedb>
|
||||
|
||||
Updates the database index to purge expired certificates.
|
||||
|
||||
=item B<-crl_reason reason>
|
||||
|
||||
revocation reason, where B<reason> is one of: B<unspecified>, B<keyCompromise>,
|
||||
@ -499,6 +516,10 @@ the SPKAC and also the required DN components as name value pairs.
|
||||
If you need to include the same component twice then it can be
|
||||
preceded by a number and a '.'.
|
||||
|
||||
When processing SPKAC format, the output is DER if the B<-out>
|
||||
flag is used, but PEM format if sending to stdout or the B<-outdir>
|
||||
flag is used.
|
||||
|
||||
=head1 EXAMPLES
|
||||
|
||||
Note: these examples assume that the B<ca> directory structure is
|
||||
|
@ -12,6 +12,7 @@ B<openssl> B<crl>
|
||||
[B<-text>]
|
||||
[B<-in filename>]
|
||||
[B<-out filename>]
|
||||
[B<-nameopt option>]
|
||||
[B<-noout>]
|
||||
[B<-hash>]
|
||||
[B<-issuer>]
|
||||
@ -53,6 +54,11 @@ default.
|
||||
|
||||
print out the CRL in text form.
|
||||
|
||||
=item B<-nameopt option>
|
||||
|
||||
option which determines how the subject or issuer names are displayed. See
|
||||
the description of B<-nameopt> in L<x509(1)|x509(1)>.
|
||||
|
||||
=item B<-noout>
|
||||
|
||||
don't output the encoded version of the CRL.
|
||||
|
@ -12,6 +12,7 @@ B<openssl dhparam>
|
||||
[B<-in> I<filename>]
|
||||
[B<-out> I<filename>]
|
||||
[B<-dsaparam>]
|
||||
[B<-check>]
|
||||
[B<-noout>]
|
||||
[B<-text>]
|
||||
[B<-C>]
|
||||
@ -64,6 +65,10 @@ exchange more efficient. Beware that with such DSA-style DH
|
||||
parameters, a fresh DH key should be created for each use to
|
||||
avoid small-subgroup attacks that may be possible otherwise.
|
||||
|
||||
=item B<-check>
|
||||
|
||||
check if the parameters are valid primes and generator.
|
||||
|
||||
=item B<-2>, B<-5>
|
||||
|
||||
The generator to use, either 2 or 5. 2 is the default. If present then the
|
||||
|
@ -13,6 +13,12 @@ B<openssl> B<dsa>
|
||||
[B<-passin arg>]
|
||||
[B<-out filename>]
|
||||
[B<-passout arg>]
|
||||
[B<-aes128>]
|
||||
[B<-aes192>]
|
||||
[B<-aes256>]
|
||||
[B<-camellia128>]
|
||||
[B<-camellia192>]
|
||||
[B<-camellia256>]
|
||||
[B<-des>]
|
||||
[B<-des3>]
|
||||
[B<-idea>]
|
||||
@ -74,10 +80,10 @@ filename.
|
||||
the output file password source. For more information about the format of B<arg>
|
||||
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
|
||||
|
||||
=item B<-des|-des3|-idea>
|
||||
=item B<-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea>
|
||||
|
||||
These options encrypt the private key with the DES, triple DES, or the
|
||||
IDEA ciphers respectively before outputting it. A pass phrase is prompted for.
|
||||
These options encrypt the private key with the specified
|
||||
cipher before outputting it. A pass phrase is prompted for.
|
||||
If none of these options is specified the key is written in plain text. This
|
||||
means that using the B<dsa> utility to read in an encrypted key with no
|
||||
encryption option can be used to remove the pass phrase from a key, or by
|
||||
|
@ -16,7 +16,7 @@ B<openssl ecparam>
|
||||
[B<-C>]
|
||||
[B<-check>]
|
||||
[B<-name arg>]
|
||||
[B<-list_curve>]
|
||||
[B<-list_curves>]
|
||||
[B<-conv_form arg>]
|
||||
[B<-param_enc arg>]
|
||||
[B<-no_seed>]
|
||||
|
@ -8,6 +8,12 @@ gendsa - generate a DSA private key from a set of parameters
|
||||
|
||||
B<openssl> B<gendsa>
|
||||
[B<-out filename>]
|
||||
[B<-aes128>]
|
||||
[B<-aes192>]
|
||||
[B<-aes256>]
|
||||
[B<-camellia128>]
|
||||
[B<-camellia192>]
|
||||
[B<-camellia256>]
|
||||
[B<-des>]
|
||||
[B<-des3>]
|
||||
[B<-idea>]
|
||||
@ -24,10 +30,10 @@ The B<gendsa> command generates a DSA private key from a DSA parameter file
|
||||
|
||||
=over 4
|
||||
|
||||
=item B<-des|-des3|-idea>
|
||||
=item B<-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea>
|
||||
|
||||
These options encrypt the private key with the DES, triple DES, or the
|
||||
IDEA ciphers respectively before outputting it. A pass phrase is prompted for.
|
||||
These options encrypt the private key with specified
|
||||
cipher before outputting it. A pass phrase is prompted for.
|
||||
If none of these options is specified no encryption is used.
|
||||
|
||||
=item B<-rand file(s)>
|
||||
|
@ -9,6 +9,18 @@ genrsa - generate an RSA private key
|
||||
B<openssl> B<genrsa>
|
||||
[B<-out filename>]
|
||||
[B<-passout arg>]
|
||||
[B<-aes128>]
|
||||
[B<-aes128>]
|
||||
[B<-aes192>]
|
||||
[B<-aes256>]
|
||||
[B<-camellia128>]
|
||||
[B<-camellia192>]
|
||||
[B<-camellia256>]
|
||||
[B<-aes192>]
|
||||
[B<-aes256>]
|
||||
[B<-camellia128>]
|
||||
[B<-camellia192>]
|
||||
[B<-camellia256>]
|
||||
[B<-des>]
|
||||
[B<-des3>]
|
||||
[B<-idea>]
|
||||
@ -36,10 +48,10 @@ used.
|
||||
the output file password source. For more information about the format of B<arg>
|
||||
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
|
||||
|
||||
=item B<-des|-des3|-idea>
|
||||
=item B<-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea>
|
||||
|
||||
These options encrypt the private key with the DES, triple DES, or the
|
||||
IDEA ciphers respectively before outputting it. If none of these options is
|
||||
These options encrypt the private key with specified
|
||||
cipher before outputting it. If none of these options is
|
||||
specified no encryption is used. If encryption is used a pass phrase is prompted
|
||||
for if it is not supplied via the B<-passout> argument.
|
||||
|
||||
|
@ -15,6 +15,12 @@ B<openssl> B<rsa>
|
||||
[B<-out filename>]
|
||||
[B<-passout arg>]
|
||||
[B<-sgckey>]
|
||||
[B<-aes128>]
|
||||
[B<-aes192>]
|
||||
[B<-aes256>]
|
||||
[B<-camellia128>]
|
||||
[B<-camellia192>]
|
||||
[B<-camellia256>]
|
||||
[B<-des>]
|
||||
[B<-des3>]
|
||||
[B<-idea>]
|
||||
@ -82,10 +88,10 @@ see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
|
||||
use the modified NET algorithm used with some versions of Microsoft IIS and SGC
|
||||
keys.
|
||||
|
||||
=item B<-des|-des3|-idea>
|
||||
=item B<-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea>
|
||||
|
||||
These options encrypt the private key with the DES, triple DES, or the
|
||||
IDEA ciphers respectively before outputting it. A pass phrase is prompted for.
|
||||
These options encrypt the private key with the specified
|
||||
cipher before outputting it. A pass phrase is prompted for.
|
||||
If none of these options is specified the key is written in plain text. This
|
||||
means that using the B<rsa> utility to read in an encrypted key with no
|
||||
encryption option can be used to remove the pass phrase from a key, or by
|
||||
|
@ -9,6 +9,7 @@ s_client - SSL/TLS client program
|
||||
|
||||
B<openssl> B<s_client>
|
||||
[B<-connect host:port>]
|
||||
[B<-servername name>]
|
||||
[B<-verify depth>]
|
||||
[B<-verify_return_error>]
|
||||
[B<-cert filename>]
|
||||
@ -55,6 +56,7 @@ B<openssl> B<s_client>
|
||||
[B<-nbio>]
|
||||
[B<-crlf>]
|
||||
[B<-ign_eof>]
|
||||
[B<-no_ign_eof>]
|
||||
[B<-quiet>]
|
||||
[B<-ssl2>]
|
||||
[B<-ssl3>]
|
||||
@ -64,6 +66,7 @@ B<openssl> B<s_client>
|
||||
[B<-no_tls1>]
|
||||
[B<-bugs>]
|
||||
[B<-cipher cipherlist>]
|
||||
[B<-serverpref>]
|
||||
[B<-starttls protocol>]
|
||||
[B<-xmpphost hostname>]
|
||||
[B<-engine id>]
|
||||
@ -96,6 +99,10 @@ manual page.
|
||||
This specifies the host and optional port to connect to. If not specified
|
||||
then an attempt is made to connect to the local host on port 4433.
|
||||
|
||||
=item B<-servername name>
|
||||
|
||||
Set the TLS SNI (Server Name Indication) extension in the ClientHello message.
|
||||
|
||||
=item B<-cert certname>
|
||||
|
||||
The certificate to use, if one is requested by the server. The default is
|
||||
@ -223,6 +230,11 @@ input.
|
||||
inhibit printing of session and certificate information. This implicitly
|
||||
turns on B<-ign_eof> as well.
|
||||
|
||||
=item B<-no_ign_eof>
|
||||
|
||||
shut down the connection when end of file is reached in the input.
|
||||
Can be used to override the implicit B<-ign_eof> after B<-quiet>.
|
||||
|
||||
=item B<-psk_identity identity>
|
||||
|
||||
Use the PSK identity B<identity> when using a PSK cipher suite.
|
||||
@ -261,6 +273,10 @@ the server determines which cipher suite is used it should take the first
|
||||
supported cipher in the list sent by the client. See the B<ciphers>
|
||||
command for more information.
|
||||
|
||||
=item B<-serverpref>
|
||||
|
||||
use the server's cipher preferences; only used for SSLV2.
|
||||
|
||||
=item B<-starttls protocol>
|
||||
|
||||
send the protocol-specific message(s) to switch to TLS for communication.
|
||||
|
@ -60,6 +60,7 @@ B<openssl> B<s_server>
|
||||
[B<-x509_strict>]
|
||||
[B<-nocert>]
|
||||
[B<-cipher cipherlist>]
|
||||
[B<-serverpref>]
|
||||
[B<-quiet>]
|
||||
[B<-no_tmp_rsa>]
|
||||
[B<-ssl2>]
|
||||
@ -293,6 +294,10 @@ also included in the server list is used. Because the client specifies
|
||||
the preference order, the order of the server cipherlist irrelevant. See
|
||||
the B<ciphers> command for more information.
|
||||
|
||||
=item B<-serverpref>
|
||||
|
||||
use the server's cipher preferences, rather than the client's preferences.
|
||||
|
||||
=item B<-tlsextdebug>
|
||||
|
||||
print out a hex dump of any TLS extensions received from the server.
|
||||
|
@ -11,6 +11,7 @@ B<openssl> B<verify>
|
||||
[B<-CApath directory>]
|
||||
[B<-attime timestamp>]
|
||||
[B<-check_ss_sig>]
|
||||
[B<-crlfile file>]
|
||||
[B<-crl_check>]
|
||||
[B<-crl_check_all>]
|
||||
[B<-explicit_policy>]
|
||||
@ -74,6 +75,10 @@ current system time. B<timestamp> is the number of seconds since
|
||||
Verify the signature on the self-signed root CA. This is disabled by default
|
||||
because it doesn't add any security.
|
||||
|
||||
=item B<-crlfile file>
|
||||
|
||||
File containing one or more CRL's (in PEM format) to load.
|
||||
|
||||
=item B<-crl_check>
|
||||
|
||||
Checks end entity certificate validity by attempting to look up a valid CRL.
|
||||
|
@ -19,6 +19,7 @@ B<openssl> B<x509>
|
||||
[B<-hash>]
|
||||
[B<-subject_hash>]
|
||||
[B<-issuer_hash>]
|
||||
[B<-ocspid>]
|
||||
[B<-subject>]
|
||||
[B<-issuer>]
|
||||
[B<-nameopt option>]
|
||||
@ -28,6 +29,7 @@ B<openssl> B<x509>
|
||||
[B<-enddate>]
|
||||
[B<-purpose>]
|
||||
[B<-dates>]
|
||||
[B<-checkend num>]
|
||||
[B<-modulus>]
|
||||
[B<-pubkey>]
|
||||
[B<-fingerprint>]
|
||||
@ -42,6 +44,7 @@ B<openssl> B<x509>
|
||||
[B<-days arg>]
|
||||
[B<-set_serial n>]
|
||||
[B<-signkey filename>]
|
||||
[B<-passin arg>]
|
||||
[B<-x509toreq>]
|
||||
[B<-req>]
|
||||
[B<-CA filename>]
|
||||
@ -50,6 +53,7 @@ B<openssl> B<x509>
|
||||
[B<-CAserial filename>]
|
||||
[B<-force_pubkey key>]
|
||||
[B<-text>]
|
||||
[B<-certopt option>]
|
||||
[B<-C>]
|
||||
[B<-md2|-md5|-sha1|-mdc2>]
|
||||
[B<-clrext>]
|
||||
@ -160,6 +164,10 @@ name.
|
||||
|
||||
outputs the "hash" of the certificate issuer name.
|
||||
|
||||
=item B<-ocspid>
|
||||
|
||||
outputs the OCSP hash values for the subject name and public key.
|
||||
|
||||
=item B<-hash>
|
||||
|
||||
synonym for "-subject_hash" for backward compatibility reasons.
|
||||
@ -209,6 +217,11 @@ prints out the expiry date of the certificate, that is the notAfter date.
|
||||
|
||||
prints out the start and expiry dates of a certificate.
|
||||
|
||||
=item B<-checkend arg>
|
||||
|
||||
checks if the certificate expires within the next B<arg> seconds and exits
|
||||
non-zero if yes it will expire or zero if not.
|
||||
|
||||
=item B<-fingerprint>
|
||||
|
||||
prints out the digest of the DER encoded version of the whole certificate
|
||||
@ -314,6 +327,11 @@ If the input is a certificate request then a self signed certificate
|
||||
is created using the supplied private key using the subject name in
|
||||
the request.
|
||||
|
||||
=item B<-passin arg>
|
||||
|
||||
the key password source. For more information about the format of B<arg>
|
||||
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
|
||||
|
||||
=item B<-clrext>
|
||||
|
||||
delete any extensions from a certificate. This option is used when a
|
||||
@ -478,7 +496,7 @@ using the format \UXXXX for 16 bits and \WXXXXXXXX for 32 bits.
|
||||
Also if this option is off any UTF8Strings will be converted to their
|
||||
character form first.
|
||||
|
||||
=item B<no_type>
|
||||
=item B<ignore_type>
|
||||
|
||||
this option does not attempt to interpret multibyte characters in any
|
||||
way. That is their content octets are merely dumped as though one octet
|
||||
|
@ -174,7 +174,7 @@ The IP address used in the B<IP> options can be in either IPv4 or IPv6 format.
|
||||
|
||||
The value of B<dirName> should point to a section containing the distinguished
|
||||
name to use as a set of name value pairs. Multi values AVAs can be formed by
|
||||
preceding the name with a B<+> character.
|
||||
prefacing the name with a B<+> character.
|
||||
|
||||
otherName can include arbitrary data associated with an OID: the value
|
||||
should be the OID followed by a semicolon and the content in standard
|
||||
|
@ -61,7 +61,7 @@ Encode the B<NULL> type, the B<value> string must not be present.
|
||||
=item B<INTEGER>, B<INT>
|
||||
|
||||
Encodes an ASN1 B<INTEGER> type. The B<value> string represents
|
||||
the value of the integer, it can be preceded by a minus sign and
|
||||
the value of the integer, it can be prefaced by a minus sign and
|
||||
is normally interpreted as a decimal value unless the prefix B<0x>
|
||||
is included.
|
||||
|
||||
|
@ -46,11 +46,11 @@ to standard output:
|
||||
|
||||
b64 = BIO_new(BIO_f_base64());
|
||||
bio = BIO_new_fp(stdout, BIO_NOCLOSE);
|
||||
bio = BIO_push(b64, bio);
|
||||
BIO_write(bio, message, strlen(message));
|
||||
BIO_flush(bio);
|
||||
BIO_push(b64, bio);
|
||||
BIO_write(b64, message, strlen(message));
|
||||
BIO_flush(b64);
|
||||
|
||||
BIO_free_all(bio);
|
||||
BIO_free_all(b64);
|
||||
|
||||
Read Base64 encoded data from standard input and write the decoded
|
||||
data to standard output:
|
||||
@ -62,11 +62,12 @@ data to standard output:
|
||||
b64 = BIO_new(BIO_f_base64());
|
||||
bio = BIO_new_fp(stdin, BIO_NOCLOSE);
|
||||
bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
|
||||
bio = BIO_push(b64, bio);
|
||||
while((inlen = BIO_read(bio, inbuf, 512)) > 0)
|
||||
BIO_push(b64, bio);
|
||||
while((inlen = BIO_read(b64, inbuf, 512)) > 0)
|
||||
BIO_write(bio_out, inbuf, inlen);
|
||||
|
||||
BIO_free_all(bio);
|
||||
BIO_flush(bio_out);
|
||||
BIO_free_all(b64);
|
||||
|
||||
=head1 BUGS
|
||||
|
||||
|
@ -20,6 +20,10 @@ RSA_sign() signs the message digest B<m> of size B<m_len> using the
|
||||
private key B<rsa> as specified in PKCS #1 v2.0. It stores the
|
||||
signature in B<sigret> and the signature size in B<siglen>. B<sigret>
|
||||
must point to RSA_size(B<rsa>) bytes of memory.
|
||||
Note that PKCS #1 adds meta-data, placing limits on the size of the
|
||||
key that can be used.
|
||||
See L<RSA_private_encrypt(3)|RSA_private_encrypt(3)> for lower-level
|
||||
operations.
|
||||
|
||||
B<type> denotes the message digest algorithm that was used to generate
|
||||
B<m>. It usually is one of B<NID_sha1>, B<NID_ripemd160> and B<NID_md5>;
|
||||
|
@ -171,7 +171,6 @@ ERR_get_string_table(void) respectively.
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
L<CRYPTO_set_id_callback(3)|CRYPTO_set_id_callback(3)>,
|
||||
L<CRYPTO_set_locking_callback(3)|CRYPTO_set_locking_callback(3)>,
|
||||
L<ERR_get_error(3)|ERR_get_error(3)>,
|
||||
L<ERR_GET_LIB(3)|ERR_GET_LIB(3)>,
|
||||
|
@ -23,8 +23,12 @@ SSL_CIPHER_get_bits() returns the number of secret bits used for B<cipher>. If
|
||||
B<alg_bits> is not NULL, it contains the number of bits processed by the
|
||||
chosen algorithm. If B<cipher> is NULL, 0 is returned.
|
||||
|
||||
SSL_CIPHER_get_version() returns the protocol version for B<cipher>, currently
|
||||
"SSLv2", "SSLv3", or "TLSv1". If B<cipher> is NULL, "(NONE)" is returned.
|
||||
SSL_CIPHER_get_version() returns string which indicates the SSL/TLS protocol
|
||||
version that first defined the cipher.
|
||||
This is currently B<SSLv2> or B<TLSv1/SSLv3>.
|
||||
In some cases it should possibly return "TLSv1.2" but does not;
|
||||
use SSL_CIPHER_description() instead.
|
||||
If B<cipher> is NULL, "(NONE)" is returned.
|
||||
|
||||
SSL_CIPHER_description() returns a textual description of the cipher used
|
||||
into the buffer B<buf> of length B<len> provided. B<len> must be at least
|
||||
@ -52,7 +56,8 @@ Textual representation of the cipher name.
|
||||
|
||||
=item <protocol version>
|
||||
|
||||
Protocol version: B<SSLv2>, B<SSLv3>. The TLSv1 ciphers are flagged with SSLv3.
|
||||
Protocol version: B<SSLv2>, B<SSLv3>, B<TLSv1.2>. The TLSv1.0 ciphers are
|
||||
flagged with SSLv3. No new ciphers were added by TLSv1.1.
|
||||
|
||||
=item Kx=<key exchange>
|
||||
|
||||
@ -91,6 +96,10 @@ Some examples for the output of SSL_CIPHER_description():
|
||||
RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
|
||||
EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
|
||||
|
||||
A comp[lete list can be retrieved by invoking the following command:
|
||||
|
||||
openssl ciphers -v ALL
|
||||
|
||||
=head1 BUGS
|
||||
|
||||
If SSL_CIPHER_description() is called with B<cipher> being NULL, the
|
||||
|
@ -14,12 +14,12 @@ SSL_CONF_CTX_set_ssl_ctx, SSL_CONF_CTX_set_ssl - set context to configure
|
||||
=head1 DESCRIPTION
|
||||
|
||||
SSL_CONF_CTX_set_ssl_ctx() sets the context associated with B<cctx> to the
|
||||
B<SSL_CTX> structure B<ctx>. Any previos B<SSL> or B<SSL_CTX> associated with
|
||||
B<SSL_CTX> structure B<ctx>. Any previous B<SSL> or B<SSL_CTX> associated with
|
||||
B<cctx> is cleared. Subsequent calls to SSL_CONF_cmd() will be sent to
|
||||
B<ctx>.
|
||||
|
||||
SSL_CONF_CTX_set_ssl() sets the context associated with B<cctx> to the
|
||||
B<SSL> structure B<ssl>. Any previos B<SSL> or B<SSL_CTX> associated with
|
||||
B<SSL> structure B<ssl>. Any previous B<SSL> or B<SSL_CTX> associated with
|
||||
B<cctx> is cleared. Subsequent calls to SSL_CONF_cmd() will be sent to
|
||||
B<ssl>.
|
||||
|
||||
|
@ -91,8 +91,8 @@ associated with B<cctx>.
|
||||
=item B<-cert>
|
||||
|
||||
Attempts to use the file B<value> as the certificate for the appropriate
|
||||
context. It currently uses SSL_CTX_use_cerificate_chain_file if an B<SSL_CTX>
|
||||
structure is set or SSL_use_certifcate_file with filetype PEM if an B<SSL>
|
||||
context. It currently uses SSL_CTX_use_certificate_chain_file() if an B<SSL_CTX>
|
||||
structure is set or SSL_use_certificate_file() with filetype PEM if an B<SSL>
|
||||
structure is set. This option is only supported if certificate operations
|
||||
are permitted.
|
||||
|
||||
@ -183,8 +183,8 @@ associated with B<cctx>.
|
||||
=item B<Certificate>
|
||||
|
||||
Attempts to use the file B<value> as the certificate for the appropriate
|
||||
context. It currently uses SSL_CTX_use_cerificate_chain_file if an B<SSL_CTX>
|
||||
structure is set or SSL_use_certifcate_file with filetype PEM if an B<SSL>
|
||||
context. It currently uses SSL_CTX_use_certificate_chain_file() if an B<SSL_CTX>
|
||||
structure is set or SSL_use_certificate_file() with filetype PEM if an B<SSL>
|
||||
structure is set. This option is only supported if certificate operations
|
||||
are permitted.
|
||||
|
||||
|
@ -14,7 +14,7 @@ SSL_CONF_cmd_argv - SSL configuration command line processing.
|
||||
|
||||
The function SSL_CONF_cmd_argv() processes at most two command line
|
||||
arguments from B<pargv> and B<pargc>. The values of B<pargv> and B<pargc>
|
||||
are updated to reflect the number of command options procesed. The B<pargc>
|
||||
are updated to reflect the number of command options processed. The B<pargc>
|
||||
argument can be set to B<NULL> is it is not used.
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
@ -41,7 +41,7 @@ If a server SSL_CTX is configured with the SSL_SESS_CACHE_NO_INTERNAL_STORE
|
||||
flag then the internal cache will not be populated automatically by new
|
||||
sessions negotiated by the SSL/TLS implementation, even though the internal
|
||||
cache will be searched automatically for session-resume requests (the
|
||||
latter can be surpressed by SSL_SESS_CACHE_NO_INTERNAL_LOOKUP). So the
|
||||
latter can be suppressed by SSL_SESS_CACHE_NO_INTERNAL_LOOKUP). So the
|
||||
application can use SSL_CTX_add_session() directly to have full control
|
||||
over the sessions that can be resumed if desired.
|
||||
|
||||
|
@ -26,7 +26,7 @@ the passed B<ssl> structure and set or clear any appropriate certificates. If
|
||||
the callback is successful it B<MUST> return 1 even if no certificates have
|
||||
been set. A zero is returned on error which will abort the handshake with a
|
||||
fatal internal error alert. A negative return value will suspend the handshake
|
||||
and the handshake function will return immediatly.
|
||||
and the handshake function will return immediately.
|
||||
L<SSL_get_error(3)|SSL_get_error(3)> will return SSL_ERROR_WANT_X509_LOOKUP to
|
||||
indicate, that the handshake was suspended. The next call to the handshake
|
||||
function will again lead to the call of cert_cb(). It is the job of the
|
||||
|
@ -35,7 +35,7 @@ the chosen B<ssl>, overriding the setting valid for B<ssl>'s SSL_CTX object.
|
||||
=head1 NOTES
|
||||
|
||||
When a TLS/SSL server requests a client certificate (see
|
||||
B<SSL_CTX_set_verify_options()>), it sends a list of CAs, for which
|
||||
B<SSL_CTX_set_verify(3)>), it sends a list of CAs, for which
|
||||
it will accept certificates, to the client.
|
||||
|
||||
This list must explicitly be set using SSL_CTX_set_client_CA_list() for
|
||||
|
@ -29,7 +29,7 @@ using the B<x509> and B<pkey> arguments and "1" must be returned. The
|
||||
certificate will be installed into B<ssl>, see the NOTES and BUGS sections.
|
||||
If no certificate should be set, "0" has to be returned and no certificate
|
||||
will be sent. A negative return value will suspend the handshake and the
|
||||
handshake function will return immediatly. L<SSL_get_error(3)|SSL_get_error(3)>
|
||||
handshake function will return immediately. L<SSL_get_error(3)|SSL_get_error(3)>
|
||||
will return SSL_ERROR_WANT_X509_LOOKUP to indicate, that the handshake was
|
||||
suspended. The next call to the handshake function will again lead to the call
|
||||
of client_cert_cb(). It is the job of the client_cert_cb() to store information
|
||||
|
@ -256,7 +256,7 @@ Connections and renegotiation are always permitted by OpenSSL implementations.
|
||||
|
||||
=head2 Unpatched client and patched OpenSSL server
|
||||
|
||||
The initial connection suceeds but client renegotiation is denied by the
|
||||
The initial connection succeeds but client renegotiation is denied by the
|
||||
server with a B<no_renegotiation> warning alert if TLS v1.0 is used or a fatal
|
||||
B<handshake_failure> alert in SSL v3.0.
|
||||
|
||||
|
@ -144,7 +144,7 @@ of security requires the use of RSA keys of at least 15360 bits in size.
|
||||
Some restrictions can be gracefully handled: for example ciphersuites
|
||||
offering insufficient security are not sent by the client and will not
|
||||
be selected by the server. Other restrictions such as the peer certificate
|
||||
key size or the DH pameter size will abort the handshake with a fatal
|
||||
key size or the DH parameter size will abort the handshake with a fatal
|
||||
alert.
|
||||
|
||||
Attempts to set certificates or parameters with insufficient security are
|
||||
|
182
doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod
Normal file
182
doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod
Normal file
@ -0,0 +1,182 @@
|
||||
=pod
|
||||
|
||||
=head1 NAME
|
||||
|
||||
SSL_CTX_set_tlsext_ticket_key_cb - set a callback for session ticket processing
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
#include <openssl/tls1.h>
|
||||
|
||||
long SSL_CTX_set_tlsext_ticket_key_cb(SSL_CTX sslctx,
|
||||
int (*cb)(SSL *s, unsigned char key_name[16],
|
||||
unsigned char iv[EVP_MAX_IV_LENGTH],
|
||||
EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc));
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
SSL_CTX_set_tlsext_ticket_key_cb() sets a callback fuction I<cb> for handling
|
||||
session tickets for the ssl context I<sslctx>. Session tickets, defined in
|
||||
RFC5077 provide an enhanced session resumption capability where the server
|
||||
implementation is not required to maintain per session state. It only applies
|
||||
to TLS and there is no SSLv3 implementation.
|
||||
|
||||
The callback is available when the OpenSSL library was built without
|
||||
I<OPENSSL_NO_TLSEXT> being defined.
|
||||
|
||||
The callback function I<cb> will be called for every client instigated TLS
|
||||
session when session ticket extension is presented in the TLS hello
|
||||
message. It is the responsibility of this function to create or retrieve the
|
||||
cryptographic parameters and to maintain their state.
|
||||
|
||||
The OpenSSL library uses your callback function to help implement a common TLS
|
||||
ticket construction state according to RFC5077 Section 4 such that per session
|
||||
state is unnecessary and a small set of cryptographic variables needs to be
|
||||
maintained by the callback function implementation.
|
||||
|
||||
In order to reuse a session, a TLS client must send the a session ticket
|
||||
extension to the server. The client can only send exactly one session ticket.
|
||||
The server, through the callback function, either agrees to reuse the session
|
||||
ticket information or it starts a full TLS handshake to create a new session
|
||||
ticket.
|
||||
|
||||
Before the callback function is started I<ctx> and I<hctx> have been
|
||||
initialised with EVP_CIPHER_CTX_init and HMAC_CTX_init respectively.
|
||||
|
||||
For new sessions tickets, when the client doesn't present a session ticket, or
|
||||
an attempted retreival of the ticket failed, or a renew option was indicated,
|
||||
the callback function will be called with I<enc> equal to 1. The OpenSSL
|
||||
library expects that the function will set an arbitary I<name>, initialize
|
||||
I<iv>, and set the cipher context I<ctx> and the hash context I<hctx>.
|
||||
|
||||
The I<name> is only 16 characters long. The I<iv> is of length
|
||||
L<EVP_MAX_IV_LENGTH> defined in B<evp.h>.
|
||||
|
||||
The initialization vector I<iv> should be a random value. The cipher context
|
||||
I<ctx> should use the initialisation vector I<iv>. The cipher context can be
|
||||
set using L<EVP_EncryptInit_ex>. The hmac context can be set using L<HMAC_Init_ex>.
|
||||
|
||||
When the client presents a session ticket, the callback function with be called
|
||||
with I<enc> set to 0 indicating that the I<cb> function should retreive a set
|
||||
of parameters. In this case I<name> and I<iv> have already been parsed out of
|
||||
the session ticket. The OpenSSL library expects that the I<name> will be used
|
||||
to retrieve a cryptographic parameters and that the cryptographic context
|
||||
I<ctx> will be set with the retreived parameters and the initialization vector
|
||||
I<iv>. using a function like L<EVP_DecryptInit_ex>. The I<hctx> needs to be set
|
||||
using L<HMAC_Init_ex>.
|
||||
|
||||
If the I<name> is still valid but a renewal of the ticket is required the
|
||||
callback function should return 2. The library will call the callback again
|
||||
with an arguement of enc equal to 1 to set the new ticket.
|
||||
|
||||
The return value of the I<cb> function is used by OpenSSL to determine what
|
||||
further processing will occur. The following return values have meaning:
|
||||
|
||||
=over 4
|
||||
|
||||
=item 2
|
||||
|
||||
This indicates that the I<ctx> and I<hctx> have been set and the session can
|
||||
continue on those parameters. Additionally it indicates that the session
|
||||
ticket is in a renewal period and should be replaced. The OpenSSL library will
|
||||
call I<cb> again with an enc argument of 1 to set the new ticket (see RFC5077
|
||||
3.3 paragraph 2).
|
||||
|
||||
=item 1
|
||||
|
||||
This indicates that the I<ctx> and I<hctx> have been set and the session can
|
||||
continue on those parameters.
|
||||
|
||||
=item 0
|
||||
|
||||
This indicates that it was not possible to set/retrieve a session ticket and
|
||||
the SSL/TLS session will continue by by negiotationing a set of cryptographic
|
||||
parameters or using the alternate SSL/TLS resumption mechanism, session ids.
|
||||
|
||||
If called with enc equal to 0 the library will call the I<cb> again to get
|
||||
a new set of parameters.
|
||||
|
||||
=item less than 0
|
||||
|
||||
This indicates an error.
|
||||
|
||||
=back
|
||||
|
||||
=head1 NOTES
|
||||
|
||||
Session resumption shortcuts the TLS so that the client certificate
|
||||
negiotation don't occur. It makes up for this by storing client certificate
|
||||
an all other negotiated state information encrypted within the ticket. In a
|
||||
resumed session the applications will have all this state information available
|
||||
exactly as if a full negiotation had occured.
|
||||
|
||||
=head1 EXAMPLES
|
||||
|
||||
Reference Implemention:
|
||||
SSL_CTX_set_tlsext_ticket_key_cb(SSL,ssl_tlsext_ticket_key_cb);
|
||||
....
|
||||
|
||||
static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], unsigned char *iv, EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc)
|
||||
{
|
||||
if (enc) { /* create new session */
|
||||
if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) ) {
|
||||
return -1; /* insufficient random */
|
||||
}
|
||||
|
||||
key = currentkey(); /* something that you need to implement */
|
||||
if ( !key ) {
|
||||
/* current key doesn't exist or isn't valid */
|
||||
key = createkey(); /* something that you need to implement.
|
||||
* createkey needs to initialise, a name,
|
||||
* an aes_key, a hmac_key and optionally
|
||||
* an expire time. */
|
||||
if ( !key ) { /* key couldn't be created */
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
memcpy(key_name, key->name, 16);
|
||||
|
||||
EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->aes_key, iv);
|
||||
HMAC_Init_ex(&hctx, key->hmac_key, 16, EVP_sha256(), NULL);
|
||||
|
||||
return 1;
|
||||
|
||||
} else { /* retrieve session */
|
||||
key = findkey(name);
|
||||
|
||||
if (!key || key->expire < now() ) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
HMAC_Init_ex(&hctx, key->hmac_key, 16, EVP_sha256(), NULL);
|
||||
EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->aes_key, iv );
|
||||
|
||||
if (key->expire < ( now() - RENEW_TIME ) ) {
|
||||
/* return 2 - this session will get a new ticket even though the current is still valid */
|
||||
return 2;
|
||||
}
|
||||
return 1;
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
||||
returns 0 to indicate the callback function was set.
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
L<ssl(3)|ssl(3)>, L<SSL_set_session(3)|SSL_set_session(3)>,
|
||||
L<SSL_session_reused(3)|SSL_session_reused(3)>,
|
||||
L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)>,
|
||||
L<SSL_CTX_sess_number(3)|SSL_CTX_sess_number(3)>,
|
||||
L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>,
|
||||
L<SSL_CTX_set_session_id_context(3)|SSL_CTX_set_session_id_context(3)>,
|
||||
|
||||
=head1 HISTORY
|
||||
|
||||
This function was introduced in OpenSSL 0.9.8h
|
||||
|
||||
=cut
|
@ -12,12 +12,10 @@ SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_se
|
||||
DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength));
|
||||
long SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh);
|
||||
|
||||
void SSL_set_tmp_dh_callback(SSL_CTX *ctx,
|
||||
void SSL_set_tmp_dh_callback(SSL *ctx,
|
||||
DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength));
|
||||
long SSL_set_tmp_dh(SSL *ssl, DH *dh)
|
||||
|
||||
DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength));
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
SSL_CTX_set_tmp_dh_callback() sets the callback function for B<ctx> to be
|
||||
@ -81,7 +79,7 @@ instead (see L<dhparam(1)|dhparam(1)>), but in this case SSL_OP_SINGLE_DH_USE
|
||||
is mandatory.
|
||||
|
||||
Application authors may compile in DH parameters. Files dh512.pem,
|
||||
dh1024.pem, dh2048.pem, and dh4096 in the 'apps' directory of current
|
||||
dh1024.pem, dh2048.pem, and dh4096.pem in the 'apps' directory of current
|
||||
version of the OpenSSL distribution contain the 'SKIP' DH parameters,
|
||||
which use safe primes and were generated verifiably pseudo-randomly.
|
||||
These files can be converted into C code using the B<-C> option of the
|
||||
|
@ -109,8 +109,8 @@ certificates would not be present, most likely a
|
||||
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY will be issued.
|
||||
The depth count is "level 0:peer certificate", "level 1: CA certificate",
|
||||
"level 2: higher level CA certificate", and so on. Setting the maximum
|
||||
depth to 2 allows the levels 0, 1, and 2. The default depth limit is 9,
|
||||
allowing for the peer certificate and additional 9 CA certificates.
|
||||
depth to 2 allows the levels 0, 1, and 2. The default depth limit is 100,
|
||||
allowing for the peer certificate and additional 100 CA certificates.
|
||||
|
||||
The B<verify_callback> function is used to control the behaviour when the
|
||||
SSL_VERIFY_PEER flag is set. It must be supplied by the application and
|
||||
|
@ -12,12 +12,12 @@ SSL_get_version - get the protocol version of a connection.
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
SSL_get_cipher_version() returns the name of the protocol used for the
|
||||
SSL_get_version() returns the name of the protocol used for the
|
||||
connection B<ssl>.
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
||||
The following strings can occur:
|
||||
The following strings can be returned:
|
||||
|
||||
=over 4
|
||||
|
||||
@ -31,7 +31,15 @@ The connection uses the SSLv3 protocol.
|
||||
|
||||
=item TLSv1
|
||||
|
||||
The connection uses the TLSv1 protocol.
|
||||
The connection uses the TLSv1.0 protocol.
|
||||
|
||||
=item TLSv1.1
|
||||
|
||||
The connection uses the TLSv1.1 protocol.
|
||||
|
||||
=item TLSv1.2
|
||||
|
||||
The connection uses the TLSv1.2 protocol.
|
||||
|
||||
=item unknown
|
||||
|
||||
|
@ -48,6 +48,16 @@ known limit on the size of the created ASN1 representation, so the necessary
|
||||
amount of space should be obtained by first calling i2d_SSL_SESSION() with
|
||||
B<pp=NULL>, and obtain the size needed, then allocate the memory and
|
||||
call i2d_SSL_SESSION() again.
|
||||
Note that this will advance the value contained in B<*pp> so it is necessary
|
||||
to save a copy of the original allocation.
|
||||
For example:
|
||||
int i,j;
|
||||
char *p, *temp;
|
||||
i = i2d_SSL_SESSION(sess, NULL);
|
||||
p = temp = malloc(i);
|
||||
j = i2d_SSL_SESSION(sess, &temp);
|
||||
assert(i == j);
|
||||
assert(p+i == temp);
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user