4 files changed, 18 insertions, 18 deletions
diff --git a/src/lib/libssl/man/BIO_f_ssl.3 b/src/lib/libssl/man/BIO_f_ssl.3
index 8643200285..5e18a85bd1 100644
--- a/src/lib/libssl/man/BIO_f_ssl.3
+++ b/src/lib/libssl/man/BIO_f_ssl.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: BIO_f_ssl.3,v 1.11 2019/06/12 09:36:30 schwarze Exp $
+.\" $OpenBSD: BIO_f_ssl.3,v 1.12 2022/03/31 17:27:18 naddy Exp $
 .\" full merge up to: OpenSSL f672aee4 Feb 9 11:52:40 2016 -0500
 .\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800
 .\"
@@ -50,7 +50,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: June 12 2019 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt BIO_F_SSL 3
 .Os
 .Sh NAME
@@ -147,7 +147,7 @@ is appended to an
 .Vt SSL
 .Vt BIO
 using
-.Xr BIO_push 3
+.Xr BIO_push 3 ,
 it is automatically used as the
 .Vt SSL
 .Vt BIO Ns 's read and write
@@ -213,7 +213,7 @@ is 0, server mode is set.
 .Fn BIO_set_ssl_renegotiate_bytes
 sets the renegotiate byte count to
 .Fa num .
-When set after every
+When set, after every
 .Fa num
 bytes of I/O (read and write) the SSL session is automatically renegotiated.
 .Fa num
@@ -222,7 +222,7 @@ must be at least 512 bytes.
 .Fn BIO_set_ssl_renegotiate_timeout
 sets the renegotiate timeout to
 .Fa seconds .
-When the renegotiate timeout elapses the session is automatically renegotiated.
+When the renegotiate timeout elapses, the session is automatically renegotiated.
 .Pp
 .Fn BIO_get_num_renegotiates
 returns the total number of session renegotiations due to I/O or timeout.
@@ -303,7 +303,7 @@ established; the call
 should be used for non blocking connect
 .Vt BIO Ns s
 to determine if the call should be retried.
-If an SSL connection has already been established this call has no effect.
+If an SSL connection has already been established, this call has no effect.
 .Pp
 .Vt SSL
 .Vt BIO Ns s
@@ -325,7 +325,7 @@ using a blocking transport will never request a retry.
 Since unknown
 .Xr BIO_ctrl 3
 operations are sent through filter
-.Vt BIO Ns s
+.Vt BIO Ns s ,
 the server name and port can be set using
 .Xr BIO_set_conn_hostname 3
 and
diff --git a/src/lib/libssl/man/SSL_CTX_set_options.3 b/src/lib/libssl/man/SSL_CTX_set_options.3
index 34c3a1adfd..5df0b07785 100644
--- a/src/lib/libssl/man/SSL_CTX_set_options.3
+++ b/src/lib/libssl/man/SSL_CTX_set_options.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: SSL_CTX_set_options.3,v 1.15 2021/06/12 11:02:20 tb Exp $
+.\" $OpenBSD: SSL_CTX_set_options.3,v 1.16 2022/03/31 17:27:18 naddy Exp $
 .\" full merge up to: OpenSSL 7946ab33 Dec 6 17:56:41 2015 +0100
 .\" selective merge up to: OpenSSL edb79c3a Mar 29 10:07:14 2017 +1000
 .\"
@@ -52,7 +52,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: June 12 2021 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt SSL_CTX_SET_OPTIONS 3
 .Os
 .Sh NAME
@@ -206,7 +206,7 @@ Normally clients and servers using TLSv1.2 and earlier will, where possible,
 transparently make use of
 RFC 5077 tickets for stateless session resumption.
 .Pp
-If this option is set this functionality is disabled and tickets will not be
+If this option is set, this functionality is disabled and tickets will not be
 used by clients or servers.
 .It Dv SSL_OP_NO_TLSv1
 Do not use the TLSv1.0 protocol.
@@ -273,7 +273,7 @@ server with a
 .Em no_renegotiation
 warning alert.
 .Pp
-If the patched OpenSSL server attempts to renegotiate a fatal
+If the patched OpenSSL server attempts to renegotiate, a fatal
 .Em handshake_failure
 alert is sent.
 This is because the server code may be unaware of the unpatched nature of the
@@ -306,7 +306,7 @@ them initially) and this is clearly not acceptable.
 Renegotiation is permitted because this does not add any additional security
 issues: during an attack clients do not see any renegotiations anyway.
 .Pp
-As more servers become patched the option
+As more servers become patched, the option
 .Dv SSL_OP_LEGACY_SERVER_CONNECT
 will
 .Em not
diff --git a/src/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 b/src/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
index ae0349584a..8be504d3b3 100644
--- a/src/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
+++ b/src/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: SSL_CTX_set_tmp_dh_callback.3,v 1.9 2022/02/18 23:17:15 jsg Exp $
+.\"     $OpenBSD: SSL_CTX_set_tmp_dh_callback.3,v 1.10 2022/03/31 17:27:18 naddy Exp $
 .\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\"
 .\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: February 18 2022 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt SSL_CTX_SET_TMP_DH_CALLBACK 3
 .Os
 .Sh NAME
@@ -117,7 +117,7 @@ when the application is left, it becomes impossible for attackers to decrypt
 past sessions, even if they get hold of the normal (certified) key,
 as this key was only used for signing.
 .Pp
-In order to perform a DH key exchange the server must use a DH group
+In order to perform a DH key exchange, the server must use a DH group
 (DH parameters) and generate a DH key.
 The server will always generate a new DH key during the negotiation.
 .Pp
diff --git a/src/lib/libssl/man/SSL_get_session.3 b/src/lib/libssl/man/SSL_get_session.3
index 4cde129bc2..2ab43fdd3e 100644
--- a/src/lib/libssl/man/SSL_get_session.3
+++ b/src/lib/libssl/man/SSL_get_session.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: SSL_get_session.3,v 1.7 2018/03/27 17:35:50 schwarze Exp $
+.\"     $OpenBSD: SSL_get_session.3,v 1.8 2022/03/31 17:27:18 naddy Exp $
 .\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\"
 .\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 27 2018 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt SSL_GET_SESSION 3
 .Os
 .Sh NAME
@@ -109,7 +109,7 @@ If the data is to be kept,
 .Fn SSL_get1_session
 will increment the reference count, so that the session will not be implicitly
 removed by other operations but stays in memory.
-In order to remove the session
+In order to remove the session,
 .Xr SSL_SESSION_free 3
 must be explicitly called once to decrement the reference count again.
 .Pp

diff --git a/src/lib/libssl/man/BIO_f_ssl.3 b/src/lib/libssl/man/BIO_f_ssl.3 index 8643200285..5e18a85bd1 100644 --- a/src/lib/libssl/man/BIO_f_ssl.3 +++ b/src/lib/libssl/man/BIO_f_ssl.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: BIO_f_ssl.3,v 1.11 2019/06/12 09:36:30 schwarze Exp $	1	.\" $OpenBSD: BIO_f_ssl.3,v 1.12 2022/03/31 17:27:18 naddy Exp $
2	.\" full merge up to: OpenSSL f672aee4 Feb 9 11:52:40 2016 -0500	2	.\" full merge up to: OpenSSL f672aee4 Feb 9 11:52:40 2016 -0500
3	.\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800	3	.\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800
4	.\"	4	.\"
@@ -50,7 +50,7 @@
50	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	50	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	51	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
52	.\"	52	.\"
53	.Dd $Mdocdate: June 12 2019 $	53	.Dd $Mdocdate: March 31 2022 $
54	.Dt BIO_F_SSL 3	54	.Dt BIO_F_SSL 3
55	.Os	55	.Os
56	.Sh NAME	56	.Sh NAME
@@ -147,7 +147,7 @@ is appended to an
147	.Vt SSL	147	.Vt SSL
148	.Vt BIO	148	.Vt BIO
149	using	149	using
150	.Xr BIO_push 3	150	.Xr BIO_push 3 ,
151	it is automatically used as the	151	it is automatically used as the
152	.Vt SSL	152	.Vt SSL
153	.Vt BIO Ns 's read and write	153	.Vt BIO Ns 's read and write
@@ -213,7 +213,7 @@ is 0, server mode is set.
213	.Fn BIO_set_ssl_renegotiate_bytes	213	.Fn BIO_set_ssl_renegotiate_bytes
214	sets the renegotiate byte count to	214	sets the renegotiate byte count to
215	.Fa num .	215	.Fa num .
216	When set after every	216	When set, after every
217	.Fa num	217	.Fa num
218	bytes of I/O (read and write) the SSL session is automatically renegotiated.	218	bytes of I/O (read and write) the SSL session is automatically renegotiated.
219	.Fa num	219	.Fa num
@@ -222,7 +222,7 @@ must be at least 512 bytes.
222	.Fn BIO_set_ssl_renegotiate_timeout	222	.Fn BIO_set_ssl_renegotiate_timeout
223	sets the renegotiate timeout to	223	sets the renegotiate timeout to
224	.Fa seconds .	224	.Fa seconds .
225	When the renegotiate timeout elapses the session is automatically renegotiated.	225	When the renegotiate timeout elapses, the session is automatically renegotiated.
226	.Pp	226	.Pp
227	.Fn BIO_get_num_renegotiates	227	.Fn BIO_get_num_renegotiates
228	returns the total number of session renegotiations due to I/O or timeout.	228	returns the total number of session renegotiations due to I/O or timeout.
@@ -303,7 +303,7 @@ established; the call
303	should be used for non blocking connect	303	should be used for non blocking connect
304	.Vt BIO Ns s	304	.Vt BIO Ns s
305	to determine if the call should be retried.	305	to determine if the call should be retried.
306	If an SSL connection has already been established this call has no effect.	306	If an SSL connection has already been established, this call has no effect.
307	.Pp	307	.Pp
308	.Vt SSL	308	.Vt SSL
309	.Vt BIO Ns s	309	.Vt BIO Ns s
@@ -325,7 +325,7 @@ using a blocking transport will never request a retry.
325	Since unknown	325	Since unknown
326	.Xr BIO_ctrl 3	326	.Xr BIO_ctrl 3
327	operations are sent through filter	327	operations are sent through filter
328	.Vt BIO Ns s	328	.Vt BIO Ns s ,
329	the server name and port can be set using	329	the server name and port can be set using
330	.Xr BIO_set_conn_hostname 3	330	.Xr BIO_set_conn_hostname 3
331	and	331	and


diff --git a/src/lib/libssl/man/SSL_CTX_set_options.3 b/src/lib/libssl/man/SSL_CTX_set_options.3 index 34c3a1adfd..5df0b07785 100644 --- a/src/lib/libssl/man/SSL_CTX_set_options.3 +++ b/src/lib/libssl/man/SSL_CTX_set_options.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: SSL_CTX_set_options.3,v 1.15 2021/06/12 11:02:20 tb Exp $	1	.\" $OpenBSD: SSL_CTX_set_options.3,v 1.16 2022/03/31 17:27:18 naddy Exp $
2	.\" full merge up to: OpenSSL 7946ab33 Dec 6 17:56:41 2015 +0100	2	.\" full merge up to: OpenSSL 7946ab33 Dec 6 17:56:41 2015 +0100
3	.\" selective merge up to: OpenSSL edb79c3a Mar 29 10:07:14 2017 +1000	3	.\" selective merge up to: OpenSSL edb79c3a Mar 29 10:07:14 2017 +1000
4	.\"	4	.\"
@@ -52,7 +52,7 @@
52	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	52	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
53	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	53	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
54	.\"	54	.\"
55	.Dd $Mdocdate: June 12 2021 $	55	.Dd $Mdocdate: March 31 2022 $
56	.Dt SSL_CTX_SET_OPTIONS 3	56	.Dt SSL_CTX_SET_OPTIONS 3
57	.Os	57	.Os
58	.Sh NAME	58	.Sh NAME
@@ -206,7 +206,7 @@ Normally clients and servers using TLSv1.2 and earlier will, where possible,
206	transparently make use of	206	transparently make use of
207	RFC 5077 tickets for stateless session resumption.	207	RFC 5077 tickets for stateless session resumption.
208	.Pp	208	.Pp
209	If this option is set this functionality is disabled and tickets will not be	209	If this option is set, this functionality is disabled and tickets will not be
210	used by clients or servers.	210	used by clients or servers.
211	.It Dv SSL_OP_NO_TLSv1	211	.It Dv SSL_OP_NO_TLSv1
212	Do not use the TLSv1.0 protocol.	212	Do not use the TLSv1.0 protocol.
@@ -273,7 +273,7 @@ server with a
273	.Em no_renegotiation	273	.Em no_renegotiation
274	warning alert.	274	warning alert.
275	.Pp	275	.Pp
276	If the patched OpenSSL server attempts to renegotiate a fatal	276	If the patched OpenSSL server attempts to renegotiate, a fatal
277	.Em handshake_failure	277	.Em handshake_failure
278	alert is sent.	278	alert is sent.
279	This is because the server code may be unaware of the unpatched nature of the	279	This is because the server code may be unaware of the unpatched nature of the
@@ -306,7 +306,7 @@ them initially) and this is clearly not acceptable.
306	Renegotiation is permitted because this does not add any additional security	306	Renegotiation is permitted because this does not add any additional security
307	issues: during an attack clients do not see any renegotiations anyway.	307	issues: during an attack clients do not see any renegotiations anyway.
308	.Pp	308	.Pp
309	As more servers become patched the option	309	As more servers become patched, the option
310	.Dv SSL_OP_LEGACY_SERVER_CONNECT	310	.Dv SSL_OP_LEGACY_SERVER_CONNECT
311	will	311	will
312	.Em not	312	.Em not


diff --git a/src/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 b/src/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 index ae0349584a..8be504d3b3 100644 --- a/src/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 +++ b/src/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: SSL_CTX_set_tmp_dh_callback.3,v 1.9 2022/02/18 23:17:15 jsg Exp $	1	.\" $OpenBSD: SSL_CTX_set_tmp_dh_callback.3,v 1.10 2022/03/31 17:27:18 naddy Exp $
2	.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100	2	.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
3	.\"	3	.\"
4	.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.	4	.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
@@ -48,7 +48,7 @@
48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
50	.\"	50	.\"
51	.Dd $Mdocdate: February 18 2022 $	51	.Dd $Mdocdate: March 31 2022 $
52	.Dt SSL_CTX_SET_TMP_DH_CALLBACK 3	52	.Dt SSL_CTX_SET_TMP_DH_CALLBACK 3
53	.Os	53	.Os
54	.Sh NAME	54	.Sh NAME
@@ -117,7 +117,7 @@ when the application is left, it becomes impossible for attackers to decrypt
117	past sessions, even if they get hold of the normal (certified) key,	117	past sessions, even if they get hold of the normal (certified) key,
118	as this key was only used for signing.	118	as this key was only used for signing.
119	.Pp	119	.Pp
120	In order to perform a DH key exchange the server must use a DH group	120	In order to perform a DH key exchange, the server must use a DH group
121	(DH parameters) and generate a DH key.	121	(DH parameters) and generate a DH key.
122	The server will always generate a new DH key during the negotiation.	122	The server will always generate a new DH key during the negotiation.
123	.Pp	123	.Pp


diff --git a/src/lib/libssl/man/SSL_get_session.3 b/src/lib/libssl/man/SSL_get_session.3 index 4cde129bc2..2ab43fdd3e 100644 --- a/src/lib/libssl/man/SSL_get_session.3 +++ b/src/lib/libssl/man/SSL_get_session.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: SSL_get_session.3,v 1.7 2018/03/27 17:35:50 schwarze Exp $	1	.\" $OpenBSD: SSL_get_session.3,v 1.8 2022/03/31 17:27:18 naddy Exp $
2	.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100	2	.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
3	.\"	3	.\"
4	.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.	4	.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
@@ -49,7 +49,7 @@
49	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	49	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	50	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
51	.\"	51	.\"
52	.Dd $Mdocdate: March 27 2018 $	52	.Dd $Mdocdate: March 31 2022 $
53	.Dt SSL_GET_SESSION 3	53	.Dt SSL_GET_SESSION 3
54	.Os	54	.Os
55	.Sh NAME	55	.Sh NAME
@@ -109,7 +109,7 @@ If the data is to be kept,
109	.Fn SSL_get1_session	109	.Fn SSL_get1_session
110	will increment the reference count, so that the session will not be implicitly	110	will increment the reference count, so that the session will not be implicitly
111	removed by other operations but stays in memory.	111	removed by other operations but stays in memory.
112	In order to remove the session	112	In order to remove the session,
113	.Xr SSL_SESSION_free 3	113	.Xr SSL_SESSION_free 3
114	must be explicitly called once to decrement the reference count again.	114	must be explicitly called once to decrement the reference count again.
115	.Pp	115	.Pp