mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-24 13:55:42 +08:00
Code Issues Packages Projects Releases Wiki Activity
37933acbea
openssl/doc
History
Todd Short 37933acbea Add SSL/SSL_CTX_use_cert_and_key() 
Add functions that will do the work of assigning certificate, privatekey
and chain certs to an SSL or SSL_CTX. If no privatekey is given, use the
publickey. This will permit the keys to pass validation for both ECDSA
and RSA. If a private key has already been set for the certificate, it
is discarded. A real private key can be set later.

This is an all-or-nothing setting of these parameters. Unlike the
SSL/SSL_CTX_use_certificate() and SSL/SSL_CTX_use_PrivateKey() functions,
the existing cert or privatekey is not modified (i.e. parameters copied).
This permits the existing cert/privatekey to be replaced.

It replaces the sequence of:
* SSL_use_certificate()
* SSL_use_privatekey()
* SSL_set1_chain()
And may actually be faster, as multiple checks are consolidated.

The private key can be NULL, if so an ENGINE module needs to contain the
actual private key that is to be used.

Note that ECDH (using the certificate's ECDSA key) ciphers do not work
without the private key being present, based on how the private key is
used in ECDH. ECDH does not offer PFS; ECDHE ciphers should be used instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/1130)
2018-03-09 10:28:04 -06:00
..
HOWTO Update some documentation for X448/Ed448 2018-03-02 10:14:31 +00:00
man1 Implement multi-process OCSP responder. 2018-03-07 11:03:43 -05:00
man3 Add SSL/SSL_CTX_use_cert_and_key() 2018-03-09 10:28:04 -06:00
man5 Add support for .include directive in config files 2018-03-05 13:32:40 +00:00
man7 Add SSL/SSL_CTX_use_cert_and_key() 2018-03-09 10:28:04 -06:00
dir-locals.example.el Adjust the general fill-column in doc/dir-locals.example.el 2015-09-08 00:59:50 +02:00
fingerprints.txt RT3802: Fixes typos in doc/crypto/ 2015-05-03 08:51:23 -04:00
openssl-c-indent.el Fix typo in documents 2017-08-01 09:30:11 +10:00
README More typo fixes 2017-03-29 07:14:29 +02:00

README 

README  This file

fingerprints.txt
        PGP fingerprints of authorised release signers

standards.txt
        Moved to the web, https://www.openssl.org/docs/standards.html

HOWTO/
        A few how-to documents; not necessarily up-to-date

man1/
        The openssl command-line tools; start with openssl.pod

man3/
        The SSL library and the crypto library

man5/
        File formats

man7/
        Overviews; start with crypto.pod and ssl.pod, for example
        Algorithm specific EVP_PKEY documentation.

Formatted versions of the manpages (apps,ssl,crypto) can be found at
        https://www.openssl.org/docs/manpages.html