Stop mentioning DSA/DSS

Support for this went away in 2017, but a few things still mentioned DSA in various contexts. Replace DSA with ECDSA where appropriate and otherwise delete this. It won't work. ok jsing
author: tb <> 2025-01-18 10:45:12 +0000
committer: tb <> 2025-01-18 10:45:12 +0000
commit: b2bc17032b7c138b1775ced5dafe9635bc29b99c (patch)
tree: bb9fcabf5f9d563e4a039ddfa987c9c45650c2de
parent: 00e03841df1e86468f659dfbed0a2fa7ae378896 (diff)
download: openbsd-b2bc17032b7c138b1775ced5dafe9635bc29b99c.tar.gz
openbsd-b2bc17032b7c138b1775ced5dafe9635bc29b99c.tar.bz2
openbsd-b2bc17032b7c138b1775ced5dafe9635bc29b99c.zip
6 files changed, 16 insertions, 23 deletions
diff --git a/src/lib/libssl/man/SSL_CTX_add1_chain_cert.3 b/src/lib/libssl/man/SSL_CTX_add1_chain_cert.3
index 1f60bad142..86eb27a523 100644
--- a/src/lib/libssl/man/SSL_CTX_add1_chain_cert.3
+++ b/src/lib/libssl/man/SSL_CTX_add1_chain_cert.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: SSL_CTX_add1_chain_cert.3,v 1.1 2019/04/05 18:29:43 schwarze Exp $
+.\" $OpenBSD: SSL_CTX_add1_chain_cert.3,v 1.2 2025/01/18 10:45:12 tb Exp $
 .\" selective merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: April 5 2019 $
+.Dd $Mdocdate: January 18 2025 $
 .Dt SSL_CTX_ADD1_CHAIN_CERT 3
 .Os
 .Sh NAME
@@ -203,7 +203,7 @@ in the parent
 .Vt SSL_CTX .
 .Pp
 One chain can be set for each key type supported by a server.
-So, for example, an RSA and a DSA certificate can (and often will) have
+So, for example, an RSA and an ECDSA certificate can have
 different chains.
 .Pp
 If any certificates are added using these functions, no certificates
diff --git a/src/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 b/src/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
index 4c731309e4..b9694b0cbc 100644
--- a/src/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
+++ b/src/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: SSL_CTX_add_extra_chain_cert.3,v 1.7 2020/01/02 09:09:16 schwarze Exp $
+.\" $OpenBSD: SSL_CTX_add_extra_chain_cert.3,v 1.8 2025/01/18 10:45:12 tb Exp $
 .\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\"
 .\" This file was written by Lutz Jaenicke <jaenicke@openssl.org> and
@@ -50,7 +50,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: January 2 2020 $
+.Dd $Mdocdate: January 18 2025 $
 .Dt SSL_CTX_ADD_EXTRA_CHAIN_CERT 3
 .Os
 .Sh NAME
@@ -152,7 +152,7 @@ Only one set of extra chain certificates can be specified per
 structure using
 .Fn SSL_CTX_add_extra_chain_cert .
 Different chains for different certificates (for example if both
-RSA and DSA certificates are specified by the same server) or
+RSA and ECDSA certificates are specified by the same server) or
 different SSL structures with the same parent
 .Vt SSL_CTX
 require using the functions documented in
diff --git a/src/lib/libssl/man/SSL_CTX_set_cipher_list.3 b/src/lib/libssl/man/SSL_CTX_set_cipher_list.3
index 9d24e00880..0d89bdc919 100644
--- a/src/lib/libssl/man/SSL_CTX_set_cipher_list.3
+++ b/src/lib/libssl/man/SSL_CTX_set_cipher_list.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: SSL_CTX_set_cipher_list.3,v 1.16 2022/12/11 20:53:27 tb Exp $
+.\" $OpenBSD: SSL_CTX_set_cipher_list.3,v 1.17 2025/01/18 10:45:12 tb Exp $
 .\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\"
 .\" This file is a derived work.
@@ -65,7 +65,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: December 11 2022 $
+.Dd $Mdocdate: January 18 2025 $
 .Dt SSL_CTX_SET_CIPHER_LIST 3
 .Os
 .Sh NAME
@@ -317,8 +317,6 @@ LibreSSL no longer provides any such cipher suites:
 .Bl -tag -width Ds -compact
 .It Cm DES
 Cipher suites using single DES for symmetric encryption.
-.It Cm DSS
-Cipher suites using DSS server authentication.
 .It Cm IDEA
 Cipher suites using IDEA for symmetric encryption.
 .El
@@ -350,10 +348,6 @@ RSA ciphers using DHE need a certificate and key and additional DH-parameters
 (see
 .Xr SSL_CTX_set_tmp_dh_callback 3 ) .
 .Pp
-A DSA cipher can only be chosen when a DSA certificate is available.
-DSA ciphers always use DH key exchange and therefore need DH-parameters (see
-.Xr SSL_CTX_set_tmp_dh_callback 3 ) .
-.Pp
 When these conditions are not met
 for any cipher suite in the list (for example, a
 client only supports export RSA ciphers with an asymmetric key length of 512
diff --git a/src/lib/libssl/man/SSL_CTX_set_security_level.3 b/src/lib/libssl/man/SSL_CTX_set_security_level.3
index 529352cf0f..89adb3d65d 100644
--- a/src/lib/libssl/man/SSL_CTX_set_security_level.3
+++ b/src/lib/libssl/man/SSL_CTX_set_security_level.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: SSL_CTX_set_security_level.3,v 1.1 2022/07/13 20:52:36 schwarze Exp $
+.\" $OpenBSD: SSL_CTX_set_security_level.3,v 1.2 2025/01/18 10:45:12 tb Exp $
 .\"
 .\" Copyright (c) 2022 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: July 13 2022 $
+.Dd $Mdocdate: January 18 2025 $
 .Dt SSL_CTX_SET_SECURITY_LEVEL 3
 .Os
 .Sh NAME
@@ -78,7 +78,7 @@ See SP800-57 below
 .Sx SEE ALSO
 for details on individual algorithms.
 .It RSA
-The minimum key length in bits for the RSA, DSA, and DH algorithms.
+The minimum key length in bits for the RSA and DH algorithms.
 .It ECC
 The minimum key length in bits for ECC algorithms.
 .It TLS
diff --git a/src/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 b/src/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
index 8be504d3b3..c6f5253431 100644
--- a/src/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
+++ b/src/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: SSL_CTX_set_tmp_dh_callback.3,v 1.10 2022/03/31 17:27:18 naddy Exp $
+.\"     $OpenBSD: SSL_CTX_set_tmp_dh_callback.3,v 1.11 2025/01/18 10:45:12 tb Exp $
 .\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\"
 .\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 31 2022 $
+.Dd $Mdocdate: January 18 2025 $
 .Dt SSL_CTX_SET_TMP_DH_CALLBACK 3
 .Os
 .Sh NAME
@@ -104,7 +104,6 @@ These functions apply to SSL/TLS servers only.
 .Pp
 When using a cipher with RSA authentication,
 an ephemeral DH key exchange can take place.
-Ciphers with DSA keys always use ephemeral DH keys as well.
 In these cases, the session data are negotiated using the ephemeral/temporary
 DH key and the key supplied and certified by the certificate chain is only used
 for signing.
diff --git a/src/lib/libssl/man/SSL_CTX_use_certificate.3 b/src/lib/libssl/man/SSL_CTX_use_certificate.3
index fac1245f1c..c88a6971b2 100644
--- a/src/lib/libssl/man/SSL_CTX_use_certificate.3
+++ b/src/lib/libssl/man/SSL_CTX_use_certificate.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: SSL_CTX_use_certificate.3,v 1.16 2021/03/31 16:53:30 tb Exp $
+.\" $OpenBSD: SSL_CTX_use_certificate.3,v 1.17 2025/01/18 10:45:12 tb Exp $
 .\" full merge up to: OpenSSL 3aaa1bd0 Mar 28 16:35:25 2017 +1000
 .\" selective merge up to: OpenSSL d1f7a1e6 Apr 26 14:05:40 2018 +0100
 .\"
@@ -50,7 +50,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 31 2021 $
+.Dd $Mdocdate: January 18 2025 $
 .Dt SSL_CTX_USE_CERTIFICATE 3
 .Os
 .Sh NAME
@@ -315,7 +315,7 @@ It compares the
 key components and parameters of an OpenSSL private key with the
 corresponding certificate loaded into
 .Fa ctx .
-If more than one key/certificate pair (RSA/DSA) is installed,
+If more than one key/certificate pair (RSA/ECDSA) is installed,
 the last item installed will be compared.
 If, e.g., the last item was an RSA certificate or key,
 the RSA key/certificate pair will be checked.
author	tb <>	2025-01-18 10:45:12 +0000
committer	tb <>	2025-01-18 10:45:12 +0000
commit	b2bc17032b7c138b1775ced5dafe9635bc29b99c (patch)
tree	bb9fcabf5f9d563e4a039ddfa987c9c45650c2de
parent	00e03841df1e86468f659dfbed0a2fa7ae378896 (diff)
download	openbsd-b2bc17032b7c138b1775ced5dafe9635bc29b99c.tar.gz openbsd-b2bc17032b7c138b1775ced5dafe9635bc29b99c.tar.bz2 openbsd-b2bc17032b7c138b1775ced5dafe9635bc29b99c.zip

diff --git a/src/lib/libssl/man/SSL_CTX_add1_chain_cert.3 b/src/lib/libssl/man/SSL_CTX_add1_chain_cert.3 index 1f60bad142..86eb27a523 100644 --- a/src/lib/libssl/man/SSL_CTX_add1_chain_cert.3 +++ b/src/lib/libssl/man/SSL_CTX_add1_chain_cert.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: SSL_CTX_add1_chain_cert.3,v 1.1 2019/04/05 18:29:43 schwarze Exp $	1	.\" $OpenBSD: SSL_CTX_add1_chain_cert.3,v 1.2 2025/01/18 10:45:12 tb Exp $
2	.\" selective merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100	2	.\" selective merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100
3	.\"	3	.\"
4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>	4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>
@@ -49,7 +49,7 @@
49	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	49	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	50	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
51	.\"	51	.\"
52	.Dd $Mdocdate: April 5 2019 $	52	.Dd $Mdocdate: January 18 2025 $
53	.Dt SSL_CTX_ADD1_CHAIN_CERT 3	53	.Dt SSL_CTX_ADD1_CHAIN_CERT 3
54	.Os	54	.Os
55	.Sh NAME	55	.Sh NAME
@@ -203,7 +203,7 @@ in the parent
203	.Vt SSL_CTX .	203	.Vt SSL_CTX .
204	.Pp	204	.Pp
205	One chain can be set for each key type supported by a server.	205	One chain can be set for each key type supported by a server.
206	So, for example, an RSA and a DSA certificate can (and often will) have	206	So, for example, an RSA and an ECDSA certificate can have
207	different chains.	207	different chains.
208	.Pp	208	.Pp
209	If any certificates are added using these functions, no certificates	209	If any certificates are added using these functions, no certificates


diff --git a/src/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 b/src/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 index 4c731309e4..b9694b0cbc 100644 --- a/src/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 +++ b/src/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: SSL_CTX_add_extra_chain_cert.3,v 1.7 2020/01/02 09:09:16 schwarze Exp $	1	.\" $OpenBSD: SSL_CTX_add_extra_chain_cert.3,v 1.8 2025/01/18 10:45:12 tb Exp $
2	.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100	2	.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
3	.\"	3	.\"
4	.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org> and	4	.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org> and
@@ -50,7 +50,7 @@
50	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	50	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	51	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
52	.\"	52	.\"
53	.Dd $Mdocdate: January 2 2020 $	53	.Dd $Mdocdate: January 18 2025 $
54	.Dt SSL_CTX_ADD_EXTRA_CHAIN_CERT 3	54	.Dt SSL_CTX_ADD_EXTRA_CHAIN_CERT 3
55	.Os	55	.Os
56	.Sh NAME	56	.Sh NAME
@@ -152,7 +152,7 @@ Only one set of extra chain certificates can be specified per
152	structure using	152	structure using
153	.Fn SSL_CTX_add_extra_chain_cert .	153	.Fn SSL_CTX_add_extra_chain_cert .
154	Different chains for different certificates (for example if both	154	Different chains for different certificates (for example if both
155	RSA and DSA certificates are specified by the same server) or	155	RSA and ECDSA certificates are specified by the same server) or
156	different SSL structures with the same parent	156	different SSL structures with the same parent
157	.Vt SSL_CTX	157	.Vt SSL_CTX
158	require using the functions documented in	158	require using the functions documented in


diff --git a/src/lib/libssl/man/SSL_CTX_set_cipher_list.3 b/src/lib/libssl/man/SSL_CTX_set_cipher_list.3 index 9d24e00880..0d89bdc919 100644 --- a/src/lib/libssl/man/SSL_CTX_set_cipher_list.3 +++ b/src/lib/libssl/man/SSL_CTX_set_cipher_list.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: SSL_CTX_set_cipher_list.3,v 1.16 2022/12/11 20:53:27 tb Exp $	1	.\" $OpenBSD: SSL_CTX_set_cipher_list.3,v 1.17 2025/01/18 10:45:12 tb Exp $
2	.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100	2	.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
3	.\"	3	.\"
4	.\" This file is a derived work.	4	.\" This file is a derived work.
@@ -65,7 +65,7 @@
65	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	65	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
66	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	66	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
67	.\"	67	.\"
68	.Dd $Mdocdate: December 11 2022 $	68	.Dd $Mdocdate: January 18 2025 $
69	.Dt SSL_CTX_SET_CIPHER_LIST 3	69	.Dt SSL_CTX_SET_CIPHER_LIST 3
70	.Os	70	.Os
71	.Sh NAME	71	.Sh NAME
@@ -317,8 +317,6 @@ LibreSSL no longer provides any such cipher suites:
317	.Bl -tag -width Ds -compact	317	.Bl -tag -width Ds -compact
318	.It Cm DES	318	.It Cm DES
319	Cipher suites using single DES for symmetric encryption.	319	Cipher suites using single DES for symmetric encryption.
320	.It Cm DSS
321	Cipher suites using DSS server authentication.
322	.It Cm IDEA	320	.It Cm IDEA
323	Cipher suites using IDEA for symmetric encryption.	321	Cipher suites using IDEA for symmetric encryption.
324	.El	322	.El
@@ -350,10 +348,6 @@ RSA ciphers using DHE need a certificate and key and additional DH-parameters
350	(see	348	(see
351	.Xr SSL_CTX_set_tmp_dh_callback 3 ) .	349	.Xr SSL_CTX_set_tmp_dh_callback 3 ) .
352	.Pp	350	.Pp
353	A DSA cipher can only be chosen when a DSA certificate is available.
354	DSA ciphers always use DH key exchange and therefore need DH-parameters (see
355	.Xr SSL_CTX_set_tmp_dh_callback 3 ) .
356	.Pp
357	When these conditions are not met	351	When these conditions are not met
358	for any cipher suite in the list (for example, a	352	for any cipher suite in the list (for example, a
359	client only supports export RSA ciphers with an asymmetric key length of 512	353	client only supports export RSA ciphers with an asymmetric key length of 512


diff --git a/src/lib/libssl/man/SSL_CTX_set_security_level.3 b/src/lib/libssl/man/SSL_CTX_set_security_level.3 index 529352cf0f..89adb3d65d 100644 --- a/src/lib/libssl/man/SSL_CTX_set_security_level.3 +++ b/src/lib/libssl/man/SSL_CTX_set_security_level.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: SSL_CTX_set_security_level.3,v 1.1 2022/07/13 20:52:36 schwarze Exp $	1	.\" $OpenBSD: SSL_CTX_set_security_level.3,v 1.2 2025/01/18 10:45:12 tb Exp $
2	.\"	2	.\"
3	.\" Copyright (c) 2022 Ingo Schwarze <schwarze@openbsd.org>	3	.\" Copyright (c) 2022 Ingo Schwarze <schwarze@openbsd.org>
4	.\"	4	.\"
@@ -14,7 +14,7 @@
14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF	14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.	15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	.\"	16	.\"
17	.Dd $Mdocdate: July 13 2022 $	17	.Dd $Mdocdate: January 18 2025 $
18	.Dt SSL_CTX_SET_SECURITY_LEVEL 3	18	.Dt SSL_CTX_SET_SECURITY_LEVEL 3
19	.Os	19	.Os
20	.Sh NAME	20	.Sh NAME
@@ -78,7 +78,7 @@ See SP800-57 below
78	.Sx SEE ALSO	78	.Sx SEE ALSO
79	for details on individual algorithms.	79	for details on individual algorithms.
80	.It RSA	80	.It RSA
81	The minimum key length in bits for the RSA, DSA, and DH algorithms.	81	The minimum key length in bits for the RSA and DH algorithms.
82	.It ECC	82	.It ECC
83	The minimum key length in bits for ECC algorithms.	83	The minimum key length in bits for ECC algorithms.
84	.It TLS	84	.It TLS


diff --git a/src/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 b/src/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 index 8be504d3b3..c6f5253431 100644 --- a/src/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 +++ b/src/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: SSL_CTX_set_tmp_dh_callback.3,v 1.10 2022/03/31 17:27:18 naddy Exp $	1	.\" $OpenBSD: SSL_CTX_set_tmp_dh_callback.3,v 1.11 2025/01/18 10:45:12 tb Exp $
2	.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100	2	.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
3	.\"	3	.\"
4	.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.	4	.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
@@ -48,7 +48,7 @@
48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
50	.\"	50	.\"
51	.Dd $Mdocdate: March 31 2022 $	51	.Dd $Mdocdate: January 18 2025 $
52	.Dt SSL_CTX_SET_TMP_DH_CALLBACK 3	52	.Dt SSL_CTX_SET_TMP_DH_CALLBACK 3
53	.Os	53	.Os
54	.Sh NAME	54	.Sh NAME
@@ -104,7 +104,6 @@ These functions apply to SSL/TLS servers only.
104	.Pp	104	.Pp
105	When using a cipher with RSA authentication,	105	When using a cipher with RSA authentication,
106	an ephemeral DH key exchange can take place.	106	an ephemeral DH key exchange can take place.
107	Ciphers with DSA keys always use ephemeral DH keys as well.
108	In these cases, the session data are negotiated using the ephemeral/temporary	107	In these cases, the session data are negotiated using the ephemeral/temporary
109	DH key and the key supplied and certified by the certificate chain is only used	108	DH key and the key supplied and certified by the certificate chain is only used
110	for signing.	109	for signing.


diff --git a/src/lib/libssl/man/SSL_CTX_use_certificate.3 b/src/lib/libssl/man/SSL_CTX_use_certificate.3 index fac1245f1c..c88a6971b2 100644 --- a/src/lib/libssl/man/SSL_CTX_use_certificate.3 +++ b/src/lib/libssl/man/SSL_CTX_use_certificate.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: SSL_CTX_use_certificate.3,v 1.16 2021/03/31 16:53:30 tb Exp $	1	.\" $OpenBSD: SSL_CTX_use_certificate.3,v 1.17 2025/01/18 10:45:12 tb Exp $
2	.\" full merge up to: OpenSSL 3aaa1bd0 Mar 28 16:35:25 2017 +1000	2	.\" full merge up to: OpenSSL 3aaa1bd0 Mar 28 16:35:25 2017 +1000
3	.\" selective merge up to: OpenSSL d1f7a1e6 Apr 26 14:05:40 2018 +0100	3	.\" selective merge up to: OpenSSL d1f7a1e6 Apr 26 14:05:40 2018 +0100
4	.\"	4	.\"
@@ -50,7 +50,7 @@
50	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	50	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	51	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
52	.\"	52	.\"
53	.Dd $Mdocdate: March 31 2021 $	53	.Dd $Mdocdate: January 18 2025 $
54	.Dt SSL_CTX_USE_CERTIFICATE 3	54	.Dt SSL_CTX_USE_CERTIFICATE 3
55	.Os	55	.Os
56	.Sh NAME	56	.Sh NAME
@@ -315,7 +315,7 @@ It compares the
315	key components and parameters of an OpenSSL private key with the	315	key components and parameters of an OpenSSL private key with the
316	corresponding certificate loaded into	316	corresponding certificate loaded into
317	.Fa ctx .	317	.Fa ctx .
318	If more than one key/certificate pair (RSA/DSA) is installed,	318	If more than one key/certificate pair (RSA/ECDSA) is installed,
319	the last item installed will be compared.	319	the last item installed will be compared.
320	If, e.g., the last item was an RSA certificate or key,	320	If, e.g., the last item was an RSA certificate or key,
321	the RSA key/certificate pair will be checked.	321	the RSA key/certificate pair will be checked.