Nils Larsch
ddac197404
add initial support for RFC 4279 PSK SSL ciphersuites
...
PR: 1191
Submitted by: Mika Kousa and Pasi Eronen of Nokia Corporation
Reviewed by: Nils Larsch
2006-03-10 23:06:27 +00:00
Bodo Möller
72dce7685e
Add fixes for CAN-2005-2969.
...
(This were in 0.9.7-stable and 0.9.8-stable, but not in HEAD so far.)
2005-10-26 19:40:45 +00:00
Nils Larsch
4ebb342fcd
Let the TLSv1_method() etc. functions return a const SSL_METHOD
...
pointer and make the SSL_METHOD parameter in SSL_CTX_new,
SSL_CTX_set_ssl_version and SSL_set_ssl_method const.
2005-08-14 21:48:33 +00:00
Nils Larsch
e248596bac
improve docu of SSL_CTX_use_PrivateKey()
2005-04-08 22:49:57 +00:00
Nils Larsch
c3e6402857
update docs (recent constification)
2005-03-30 11:50:14 +00:00
Dr. Stephen Henson
e27a259696
Doc fixes.
2005-03-22 17:55:33 +00:00
Dr. Stephen Henson
4a64f3d665
PR: 938
...
Typo.
2004-11-14 13:55:16 +00:00
Lutz Jänicke
9f6ea7163b
More precise explanation of session id context requirements.
2004-06-14 13:27:28 +00:00
Richard Levitte
6859bb1a22
Make sure the documentation matches reality.
...
PR: 755
Notified by: Jakub Bogusz <qboosh@pld-linux.org>
2003-11-29 10:33:25 +00:00
Lutz Jänicke
9d19fbc4fc
Clarify wording of verify_callback() behaviour.
2003-06-26 14:03:03 +00:00
Lutz Jänicke
db01746978
Clarify return value of SSL_connect() and SSL_accept() in case of the
...
WANT_READ and WANT_WRITE conditions.
2003-06-03 09:59:44 +00:00
Lutz Jänicke
02b95b7499
Clarify ordering of certificates when using certificate chains
2003-05-30 07:45:07 +00:00
Lutz Jänicke
423b1a840c
Add warning about unwanted side effect when calling SSL_CTX_free():
...
sessions in the external session cache might be removed.
Submitted by: "Nadav Har'El" <nyh@math.technion.ac.il>
PR: 547
2003-03-27 22:04:05 +00:00
Richard Levitte
d177e6180d
Spelling errors.
...
PR: 538
2003-03-20 11:41:59 +00:00
Lutz Jänicke
532215f2db
Missing ")"
...
Submitted by: Christian Hohnstaedt <chohnstaedt@innominate.com>
Reviewed by:
PR:
2002-12-04 13:30:58 +00:00
Lutz Jänicke
84d828ab70
No such reference to link to (found running pod2latex).
...
Submitted by:
Reviewed by:
PR:
2002-11-14 21:41:54 +00:00
Geoff Thorpe
769fedc3ad
Add a HISTORY section to the man page to mention the new flags.
2002-10-29 18:05:16 +00:00
Geoff Thorpe
d9ec9d990f
The last character of inconsistency in my recent commits is hereby
...
squashed.
2002-10-29 17:51:32 +00:00
Geoff Thorpe
e0db2eed8d
Correct and enhance the behaviour of "internal" session caching as it
...
relates to SSL_CTX flags and the use of "external" session caching. The
existing flag, "SSL_SESS_CACHE_NO_INTERNAL_LOOKUP" remains but is
supplemented with a complimentary flag, "SSL_SESS_CACHE_NO_INTERNAL_STORE".
The bitwise OR of the two flags is also defined as
"SSL_SESS_CACHE_NO_INTERNAL" and is the flag that should be used by most
applications wanting to implement session caching *entirely* by its own
provided callbacks. As the documented behaviour contradicted actual
behaviour up until recently, and since that point behaviour has itself been
inconsistent anyway, this change should not introduce any compatibility
problems. I've adjusted the relevant documentation to elaborate about how
this works.
Kudos to "Nadav Har'El" <nyh@math.technion.ac.il> for diagnosing these
anomalies and testing this patch for correctness.
PR: 311
2002-10-29 00:33:04 +00:00
Richard Levitte
37f5fcf85c
Missing =back.
...
Part of PR 196
2002-08-15 10:59:55 +00:00
Bodo Möller
02750ff56f
mention SSL_do_handshake()
2002-07-29 12:35:19 +00:00
Lutz Jänicke
20adcfa058
The behaviour is undefined when calling SSL_write() with num=0.
...
Submitted by:
Reviewed by:
PR: 141
2002-07-19 11:53:54 +00:00
Lutz Jänicke
02b7ec88bb
Manual page for SSL_do_handshake().
...
Submitted by: Martin Sjögren <martin@strakt.com>
PR: 137
2002-07-19 11:05:50 +00:00
Lutz Jänicke
2edcb4ac71
Typos in links between manual pages
...
Submitted by: Richard.Koenning@fujitsu-siemens.com
Reviewed by:
PR: 129
2002-07-10 19:35:54 +00:00
Bodo Möller
c21506ba02
New option SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS for disabling CBC
...
vulnerability workaround (included in SSL_OP_ALL).
PR: #90
2002-06-14 12:21:11 +00:00
Lutz Jänicke
8586df1efb
Correct wrong usage information.
...
PR: 95
2002-06-12 20:15:18 +00:00
Lutz Jänicke
a5200a1b8f
Typo.
...
PR: 72
2002-06-04 20:43:10 +00:00
Bodo Möller
023ec151df
Add 'void *' argument to app_verify_callback.
...
Submitted by: D. K. Smetters <smetters@parc.xerox.com>
Reviewed by: Bodo Moeller
2002-02-28 10:52:56 +00:00
Lutz Jänicke
ce4b274aa1
SSL_clear != SSL_free/SSL_new
2002-02-27 08:08:57 +00:00
Lutz Jänicke
f0d6ee6be8
Even though it is not really practical people should know about it.
2002-02-15 07:41:42 +00:00
Lutz Jänicke
a7ce69dbd7
Clarify reference count handling/removal of session
...
(shinagawa@star.zko.dec.com ).
2001-11-19 11:11:23 +00:00
Bodo Möller
65123f8064
remove incorrect 'callback' prototype
2001-11-10 02:12:56 +00:00
Bodo Möller
1d8634b110
msg_callback documentation
2001-11-10 02:12:09 +00:00
Bodo Möller
a661b65357
New functions SSL[_CTX]_set_msg_callback().
...
New macros SSL[_CTX]_set_msg_callback_arg().
Message callback imlementation for SSL 3.0/TLS 1.0 (no SSL 2.0 yet).
New '-msg' option for 'openssl s_client' and 'openssl s_server'
that enable a message callback that displays all protocol messages.
In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if
client_version is smaller than the protocol version in use.
Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0
if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the
client will at least see that alert.
Fix SSL[_CTX]_ctrl prototype (void * instead of char * for generic
pointer).
Add/update some OpenSSL copyright notices.
2001-10-20 17:56:36 +00:00
Bodo Möller
51008ffce1
document SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
2001-10-17 11:56:26 +00:00
Lutz Jänicke
56fa8e69cf
Update information as a partial response to the post
...
From: "Chris D. Peterson" <cpeterson@aventail.com>
Subject: Implementation Issues with OpenSSL
To: openssl-users@openssl.org
Date: Wed, 22 Aug 2001 16:13:17 -0700
The patch included in the original post may improve the internal session
list handling (and is therefore worth a seperate investigation).
No change to the list handling will however solve the problems of incorrect
SSL_SESSION_free() calls. The session list is only one possible point of
failure, dangling pointers would also occur for SSL object currently
using the session. The correct solution is to only use SSL_SESSION_free()
when applicable!
2001-10-12 12:29:16 +00:00
Lutz Jänicke
d300bcca7f
Typo.
2001-09-13 15:18:51 +00:00
Lutz Jänicke
d59c3e5046
One more manual page.
2001-09-13 15:05:42 +00:00
Lutz Jänicke
6d8566f2eb
Rework section about return values another time (based on hints from
...
Bodo Moeller).
2001-09-13 13:21:38 +00:00
Lutz Jänicke
c0f5dd070b
Make maximum certifcate chain size accepted from the peer application
...
settable (proposed by "Douglas E. Engert" <deengert@anl.gov>).
2001-09-11 13:08:51 +00:00
Ulf Möller
3b80e3aa9e
ispell
2001-09-07 06:13:40 +00:00
Lutz Jänicke
f1b2807478
More docs.
2001-08-24 14:29:48 +00:00
Lutz Jänicke
bfd7bb3eb6
Typo.
2001-08-23 17:41:20 +00:00
Lutz Jänicke
11c8f0b79d
More manual pages. Constify.
2001-08-23 17:22:43 +00:00
Lutz Jänicke
c4068186ac
As discussed recently on openssl-users.
2001-08-23 15:00:11 +00:00
Lutz Jänicke
0a93a68020
Make clear, that using the compression layer is currently not recommended.
2001-08-23 09:42:12 +00:00
Ulf Möller
f2ab7d1392
typo.
2001-08-22 18:35:17 +00:00
Lutz Jänicke
141e584998
One more manual page...
2001-08-21 14:54:54 +00:00
Lutz Jänicke
336736ef35
Documentation on how to handle compression methods.
...
Hopefully it is clear enough, that it is currently not recommended.
2001-08-21 13:02:58 +00:00
Lutz Jänicke
d93eb21c7c
More interdependencies with respect to shutdown behaviour.
2001-08-20 14:34:16 +00:00
Lutz Jänicke
a403188f92
Alert description strings for TLSv1 and documentation.
2001-08-19 16:20:42 +00:00
Lutz Jänicke
52129c0b0b
More details about session timeout settings.
2001-08-17 16:36:51 +00:00
Lutz Jänicke
a52877a2f1
One more function documented.
2001-08-17 15:54:50 +00:00
Lutz Jänicke
cdd7c3ce92
SSL_shutdown() has even more properties...
2001-08-17 15:09:31 +00:00
Lutz Jänicke
c1497b4d19
One more step on the way for complete documentation...
2001-08-17 14:32:38 +00:00
Lutz Jänicke
b2ed462934
Unidirectional shutdown is allowed according to the RFC.
2001-08-17 09:08:32 +00:00
Lutz Jänicke
9e09eebf94
Better description of the behaviour of SSL_shutdown() as it is now, broken
...
or not.
2001-08-16 14:27:55 +00:00
Lutz Jänicke
06da6e4977
Don't disable rollback attack detection as a recommended bug workaround.
2001-08-03 08:45:13 +00:00
Lutz Jänicke
37f599bcec
Reworked manual pages with a lot of input from Bodo Moeller.
2001-07-31 15:04:50 +00:00
Lutz Jänicke
7abe76e1bd
Fix wrong information about SSL_set_connect_state()...
2001-07-25 12:12:51 +00:00
Lutz Jänicke
3e3dac9f97
Additional inline reference.
2001-07-23 12:57:37 +00:00
Lutz Jänicke
397ba0f08a
Add missing reference.
2001-07-23 12:52:05 +00:00
Lutz Jänicke
4db48ec0bd
Documentation about ephemeral key exchange
2001-07-21 11:02:17 +00:00
Lutz Jänicke
6d3dec92fb
Updated explanation.
2001-07-20 19:23:43 +00:00
Lutz Jänicke
2d3b6a5be7
Some more documentation bits.
2001-07-20 18:57:15 +00:00
Lutz Jänicke
a1a63a4239
Clarify! (based on recent mailing-list discussions)
2001-07-11 15:10:28 +00:00
Lutz Jänicke
74daa124c2
Add missing item(s) SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT.
2001-05-16 09:43:51 +00:00
Lutz Jänicke
5892855c5f
Typos.
2001-05-14 09:52:44 +00:00
Lutz Jänicke
a6e859e9ec
One more point to clarify, pointed out by "Greg Stark" <ghstark@pobox.com>
2001-05-14 09:02:38 +00:00
Lutz Jänicke
33ab4699ba
Clarify behaviour with respect to SSL/TLS records.
2001-05-12 09:49:02 +00:00
Lutz Jänicke
4b3270f78e
Clarify behaviour of SSL_write() by mentioning SSL_MODE_ENABLE_PARTIAL_WRITE
...
flag as discussed on the mailing list.
2001-05-11 09:53:10 +00:00
Lutz Jänicke
197322455d
Clarify request of client certificates. This is a FAQ.
2001-04-17 13:18:56 +00:00
Lutz Jänicke
638b0d4277
Fix wrong information with respect to CAs listed to the client
...
(follows from technical discussion with Amit Chopra <amitc@pspl.co.in>).
2001-04-12 16:02:34 +00:00
Lutz Jänicke
f7181a9179
Typo (Jun-ichiro itojun Hagino <itojun@iijlab.net>)
2001-04-12 11:45:42 +00:00
Lutz Jänicke
eb272ac0b0
Forgot "cvs add", so only the surrounding changes made it... sigh.
2001-03-15 12:42:04 +00:00
Bodo Möller
e34cfcf7e1
Consistently use 'void *' for SSL read, peek and write functions.
2001-03-09 10:09:20 +00:00
Lutz Jänicke
b72ff47037
Add newly learned knowledge from yesterday's discussion.
2001-03-08 17:24:02 +00:00
Lutz Jänicke
3cdc8ad07a
Describe new callback for session id generation.
2001-02-23 21:38:42 +00:00
Lutz Jänicke
2c1571b4ff
SSL_get_version() was an easy one :-)
2001-02-23 21:05:56 +00:00
Ulf Möller
52d160d85d
ispell
2001-02-16 02:09:53 +00:00
Ulf Möller
54ff1e6ae5
pod format error
2001-02-16 01:44:24 +00:00
Lutz Jänicke
8e495e4ac7
Finish first round of session cache documentation.
2001-02-13 14:00:09 +00:00
Lutz Jänicke
f282ca7413
New manual page: SSL_CTX_set_mode.
2001-02-13 11:43:11 +00:00
Lutz Jänicke
41ecaba97e
More about session caching.
2001-02-11 17:01:36 +00:00
Lutz Jänicke
1b65ce7db3
Update for 0.9.7 with SSL_OP_CIPHER_SERVER_PREFERENCE.
2001-02-10 16:21:38 +00:00
Lutz Jänicke
7b9cb4a224
Manual page for SSL_CTX_set_options(). Unfortunately for some of the
...
options someone much longer working with OpenSSL/SSLeay is needed.
2001-02-10 16:18:35 +00:00
Lutz Jänicke
0bc6597d4d
Documenting session caching, 2nd step.
2001-02-04 18:05:27 +00:00
Lutz Jänicke
7403c34b0b
Clarify why SSL_CTX_use_certificate_chain_file() should be preferred.
2001-02-03 15:15:00 +00:00
Lutz Jänicke
9022f2403b
Typo: on my screen it nicely wrapped around at 80 :-)
2001-02-03 11:02:02 +00:00
Lutz Jänicke
8cbceba610
Document session caching, first step.
2001-02-02 14:40:52 +00:00
Lutz Jänicke
cd6aa710b5
New manual page for a hardly known but important item :-)
2001-01-31 14:14:20 +00:00
Geoff Thorpe
67c3cf0675
Insert a missing space to stop pod2man giving stroppy "malformed" warnings.
2001-01-25 02:26:58 +00:00
Lutz Jänicke
e58d808a4c
Copy over just written manpage to the ones still missing.
2001-01-23 11:04:52 +00:00
Lutz Jänicke
751b5e8ff2
Add entries for new manpages...
2001-01-23 10:47:41 +00:00
Lutz Jänicke
b5a6f0a92d
Documentation about SSL_get_ex_data_X509_STORE_CTX_idx and
...
SSL_get_ex_new_index() functionality. Extended verify_callback()
example to show the usage.
2001-01-20 16:22:43 +00:00
Bodo Möller
a0aae68cf6
Fix SSL_peek and SSL_pending.
2000-12-25 18:40:46 +00:00
Ulf Möller
4ce7894c4a
c&p error spotted by Martin Forssen
2000-12-13 23:00:33 +00:00
Lutz Jänicke
cc93ae3ef4
Add description of SSL_[CTX_]_check_private_key().
2000-12-12 21:06:29 +00:00
Lutz Jänicke
66ebbb6a56
Add manual pages for certficate/key loading and friends.
2000-12-08 14:29:13 +00:00
Lutz Jänicke
d766a23deb
Typo and additional information about cert-chain building.
2000-12-05 16:47:22 +00:00
Lutz Jänicke
b1e21f8fac
Add EXAMPLES for SSL_CIPHER_description() output.
2000-12-05 16:45:26 +00:00
Bodo Möller
b1d6e3f551
Documentation on using the SSL library with non-blocking I/O.
2000-11-17 10:25:46 +00:00
Lutz Jänicke
803e4e93d4
Fill in missing information about the string returned from
...
SSL_CIPHER_description(), as there is no other API function to find
out details about the cipher used besides the number of bits or protocol used.
2000-11-15 18:42:41 +00:00
Bodo Möller
2984b0ae24
Additional explanations for SSL_ERROR_WANT_READ/WRITE.
2000-11-12 19:17:22 +00:00
Ulf Möller
0fa504b68d
Correction from Tani Hosokawa <unknown@riverstyx.net>
2000-10-23 14:02:02 +00:00
Ulf Möller
11b62699a1
"DESCRIPTION" is required.
2000-10-19 19:40:35 +00:00
Ulf Möller
14a74a21f0
correction from Lutz
2000-10-19 15:19:41 +00:00
Ulf Möller
9bd3bd227f
Add short overview, move header files section further down.
2000-10-18 23:08:55 +00:00
Ulf Möller
d0ef53bd2d
cosmetic changes
2000-10-18 22:51:34 +00:00
Richard Levitte
553615f500
New docs and new facts in older docs.
...
Submitted by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
2000-10-12 09:56:36 +00:00
Richard Levitte
53fe8d5be5
A few small corrections to the SSL documentation.
...
Submitted by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
2000-10-10 09:15:47 +00:00
Richard Levitte
356c06c776
More SSL functions documented. Submitted by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
2000-10-03 22:02:28 +00:00
Bodo Möller
b7af080fb1
Add BUGS section.
2000-09-26 12:15:53 +00:00
Ulf Möller
69431c2998
more manpage links.
2000-09-23 07:16:17 +00:00
Richard Levitte
4aa4f333ed
Change IMPORTANT to WARNING for greater emphasis.
2000-09-21 17:21:15 +00:00
Richard Levitte
c19b6c922a
Clarifications and new documents.
...
Submitted by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
2000-09-21 06:46:15 +00:00
Richard Levitte
4759abc5f2
New documents. Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
2000-09-20 16:55:26 +00:00
Richard Levitte
e31e385ce3
Mistakes corrected. Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
2000-09-20 16:52:05 +00:00
Ulf Möller
c8973693ab
ispell.
2000-09-20 03:24:36 +00:00
Richard Levitte
933f32cc4d
Document SSL_library_init() and it's aliases. Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
2000-09-19 23:12:57 +00:00
Richard Levitte
c6def253b4
Type correction. Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
2000-09-19 23:11:42 +00:00
Richard Levitte
dd3430a6e9
Extend the docs on setting the cipher list. Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
2000-09-19 23:10:32 +00:00
Ulf Möller
c69c47b9fe
ispell
2000-09-18 22:58:02 +00:00
Richard Levitte
615513ba52
New documentation about things related to SSL_CIPHER. Submitted by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
2000-09-18 16:42:30 +00:00
Bodo Möller
37b08e8365
SSL => TLS/SSL
2000-09-16 16:05:34 +00:00
Bodo Möller
318f962928
TLS => TLS/SSL
2000-09-16 16:02:35 +00:00
Bodo Möller
acb5b34328
Change spelling back to "behaviour" and "flavour" instead of the
...
American variants.
2000-09-16 16:00:38 +00:00
Ulf Möller
1e4e549296
ispell and some other nit-picking
2000-09-16 15:39:28 +00:00
Ulf Möller
53e44d90c7
add links to the new BIO and SSL manpages to make them visible on the web.
2000-09-16 06:04:43 +00:00
Richard Levitte
cc99526db1
Add a number of documentation files, mostly for SSL routines, but also
...
for a few BIO routines.
Submitted by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
2000-09-14 13:11:56 +00:00
Bodo Möller
b894b13059
Clarification for SSL_ERROR_ZERO_RETURN
2000-09-06 07:56:03 +00:00
Bodo Möller
d49f3797a5
Minor corrections.
2000-04-12 23:04:13 +00:00
Ulf Möller
20ead2c6f7
link to SSL_get_error(3)
2000-02-01 15:05:11 +00:00
Ulf Möller
f5a8d67872
spelling
2000-02-01 01:35:52 +00:00
Richard Levitte
bb075f8833
Update all links so they will be rendered better.
2000-01-27 01:25:31 +00:00
Bodo Möller
ada3cc4a8f
Clarification.
2000-01-26 08:59:26 +00:00
Bodo Möller
a598cd1ab4
New manual page.
2000-01-25 22:35:20 +00:00
Ulf Möller
3604a4d3d1
Move ssl.pod to doc/ssl
2000-01-21 23:58:03 +00:00