43 files changed, 160 insertions, 126 deletions
diff --git a/src/lib/libssl/src/doc/apps/asn1parse.pod b/src/lib/libssl/src/doc/apps/asn1parse.pod
index e76e9813ab..69ee4dfee6 100644
--- a/src/lib/libssl/src/doc/apps/asn1parse.pod
+++ b/src/lib/libssl/src/doc/apps/asn1parse.pod
@@ -123,7 +123,7 @@ C<1.2.3.4	shortName	A long name>
 =head1 BUGS
-There should be options to change the format of input lines. The output of some
+There should be options to change the format of output lines. The output of some
 ASN.1 types is not well handled (if at all).
 =cut
diff --git a/src/lib/libssl/src/doc/apps/dgst.pod b/src/lib/libssl/src/doc/apps/dgst.pod
index 1648742bcf..b0d198724c 100644
--- a/src/lib/libssl/src/doc/apps/dgst.pod
+++ b/src/lib/libssl/src/doc/apps/dgst.pod
@@ -14,6 +14,7 @@ B<openssl> B<dgst>
 [B<-binary>]
 [B<-out filename>]
 [B<-sign filename>]
+[B<-passin arg>]
 [B<-verify filename>]
 [B<-prverify filename>]
 [B<-signature filename>]
@@ -59,6 +60,11 @@ filename to output to, or standard output by default.
 digitally sign the digest using the private key in "filename".
+=item B<-passin arg>
+the private key password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
 =item B<-verify filename>
 verify the signature using the the public key in "filename".
diff --git a/src/lib/libssl/src/doc/apps/enc.pod b/src/lib/libssl/src/doc/apps/enc.pod
index ddf081617f..18fe7c81c7 100644
--- a/src/lib/libssl/src/doc/apps/enc.pod
+++ b/src/lib/libssl/src/doc/apps/enc.pod
@@ -86,7 +86,7 @@ versions of OpenSSL. Superseded by the B<-pass> argument.
 =item B<-kfile filename>
 read the password to derive the key from the first line of B<filename>.
-This is for computability with previous versions of OpenSSL. Superseded by
+This is for compatibility with previous versions of OpenSSL. Superseded by
 the B<-pass> argument.
 =item B<-S salt>
diff --git a/src/lib/libssl/src/doc/crypto/BN_num_bytes.pod b/src/lib/libssl/src/doc/crypto/BN_num_bytes.pod
index 61589fb9ac..a6a2e3f819 100644
--- a/src/lib/libssl/src/doc/crypto/BN_num_bytes.pod
+++ b/src/lib/libssl/src/doc/crypto/BN_num_bytes.pod
@@ -16,8 +16,14 @@ BN_num_bits, BN_num_bytes, BN_num_bits_word - get BIGNUM size
 =head1 DESCRIPTION
-These functions return the size of a B<BIGNUM> in bytes or bits,
+BN_num_bytes() returns the size of a B<BIGNUM> in bytes.
-and the size of an unsigned integer in bits.
+BN_num_bits_word() returns the number of significant bits in a word.
+If we take 0x00000432 as an example, it returns 11, not 16, not 32.
+Basically, except for a zero, it returns I<floor(log2(w))+1>.
+BN_num_bits() returns the number of significant bits in a B<BIGNUM>,
+following the same principle as BN_num_bits_word().
 BN_num_bytes() is a macro.
@@ -25,9 +31,23 @@ BN_num_bytes() is a macro.
 The size.
+=head1 NOTES
+Some have tried using BN_num_bits() on individual numbers in RSA keys,
+DH keys and DSA keys, and found that they don't always come up with
+the number of bits they expected (something like 512, 1024, 2048,
+...).  This is because generating a number with some specific number
+of bits doesn't always set the highest bits, thereby making the number
+of I<significant> bits a little lower.  If you want to know the "key
+size" of such a key, either use functions like RSA_size(), DH_size()
+and DSA_size(), or use BN_num_bytes() and multiply with 8 (although
+there's no real guarantee that will match the "key size", just a lot
+more probability).
 =head1 SEE ALSO
-L<bn(3)|bn(3)>
+L<bn(3)|bn(3)>, L<DH_size(3)|DH_size(3)>, L<DSA_size(3)|DSA_size(3)>,
+L<RSA_size(3)|RSA_size(3)>
 =head1 HISTORY
diff --git a/src/lib/libssl/src/doc/crypto/ERR_error_string.pod b/src/lib/libssl/src/doc/crypto/ERR_error_string.pod
index e01beb817a..cdfa7fe1fe 100644
--- a/src/lib/libssl/src/doc/crypto/ERR_error_string.pod
+++ b/src/lib/libssl/src/doc/crypto/ERR_error_string.pod
@@ -11,7 +11,7 @@ error message
 #include <openssl/err.h>
 char *ERR_error_string(unsigned long e, char *buf);
- char *ERR_error_string_n(unsigned long e, char *buf, size_t len);
+ void ERR_error_string_n(unsigned long e, char *buf, size_t len);
 const char *ERR_lib_error_string(unsigned long e);
 const char *ERR_func_error_string(unsigned long e);
diff --git a/src/lib/libssl/src/doc/crypto/EVP_EncryptInit.pod b/src/lib/libssl/src/doc/crypto/EVP_EncryptInit.pod
index daf57e5895..40e525dd56 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_EncryptInit.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_EncryptInit.pod
@@ -479,6 +479,7 @@ General encryption, decryption function example using FILE I/O and RC2 with an
                if(!EVP_CipherUpdate(&ctx, outbuf, &outlen, inbuf, inlen))
                        {
                        /* Error */
+                        EVP_CIPHER_CTX_cleanup(&ctx);
                        return 0;
                        }
                fwrite(outbuf, 1, outlen, out);
@@ -486,6 +487,7 @@ General encryption, decryption function example using FILE I/O and RC2 with an
        if(!EVP_CipherFinal_ex(&ctx, outbuf, &outlen))
                {
                /* Error */
+                EVP_CIPHER_CTX_cleanup(&ctx);
                return 0;
                }
        fwrite(outbuf, 1, outlen, out);
diff --git a/src/lib/libssl/src/doc/crypto/EVP_SealInit.pod b/src/lib/libssl/src/doc/crypto/EVP_SealInit.pod
index b5e477e294..48a0e29954 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_SealInit.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_SealInit.pod
@@ -8,8 +8,9 @@ EVP_SealInit, EVP_SealUpdate, EVP_SealFinal - EVP envelope encryption
 #include <openssl/evp.h>
- int EVP_SealInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char **ek,
+ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, 
-                int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk);
+                unsigned char **ek, int *ekl, unsigned char *iv,
+                EVP_PKEY **pubk, int npubk);
 int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
         int *outl, unsigned char *in, int inl);
 int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
diff --git a/src/lib/libssl/src/doc/crypto/EVP_SignInit.pod b/src/lib/libssl/src/doc/crypto/EVP_SignInit.pod
index e65e54ce52..0bace24938 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_SignInit.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_SignInit.pod
@@ -29,11 +29,10 @@ EVP_SignUpdate() hashes B<cnt> bytes of data at B<d> into the
 signature context B<ctx>. This function can be called several times on the
 same B<ctx> to include additional data.
-EVP_SignFinal() signs the data in B<ctx> using the private key B<pkey>
+EVP_SignFinal() signs the data in B<ctx> using the private key B<pkey> and
-and places the signature in B<sig>. If the B<s> parameter is not NULL
+places the signature in B<sig>. The number of bytes of data written (i.e. the
-then the number of bytes of data written (i.e. the length of the signature)
+length of the signature) will be written to the integer at B<s>, at most
-will be written to the integer at B<s>, at most EVP_PKEY_size(pkey) bytes
+EVP_PKEY_size(pkey) bytes will be written. 
-will be written. 
 EVP_SignInit() initializes a signing context B<ctx> to use the default
 implementation of digest B<type>.
diff --git a/src/lib/libssl/src/doc/crypto/RSA_public_encrypt.pod b/src/lib/libssl/src/doc/crypto/RSA_public_encrypt.pod
index d53e19d2b7..ab0fe3b2cd 100644
--- a/src/lib/libssl/src/doc/crypto/RSA_public_encrypt.pod
+++ b/src/lib/libssl/src/doc/crypto/RSA_public_encrypt.pod
@@ -47,9 +47,10 @@ Encrypting user data directly with RSA is insecure.
 =back
 B<flen> must be less than RSA_size(B<rsa>) - 11 for the PKCS #1 v1.5
-based padding modes, and less than RSA_size(B<rsa>) - 41 for
+based padding modes, less than RSA_size(B<rsa>) - 41 for
-RSA_PKCS1_OAEP_PADDING. The random number generator must be seeded
+RSA_PKCS1_OAEP_PADDING and exactly RSA_size(B<rsa>) for RSA_NO_PADDING.
-prior to calling RSA_public_encrypt().
+The random number generator must be seeded prior to calling
+RSA_public_encrypt().
 RSA_private_decrypt() decrypts the B<flen> bytes at B<from> using the
 private key B<rsa> and stores the plaintext in B<to>. B<to> must point
diff --git a/src/lib/libssl/src/doc/crypto/blowfish.pod b/src/lib/libssl/src/doc/crypto/blowfish.pod
index ed71334f56..5b2d274c15 100644
--- a/src/lib/libssl/src/doc/crypto/blowfish.pod
+++ b/src/lib/libssl/src/doc/crypto/blowfish.pod
@@ -32,7 +32,7 @@ by Counterpane (see http://www.counterpane.com/blowfish.html ).
 Blowfish is a block cipher that operates on 64 bit (8 byte) blocks of data.
 It uses a variable size key, but typically, 128 bit (16 byte) keys are
-a considered good for strong encryption.  Blowfish can be used in the same
+considered good for strong encryption.  Blowfish can be used in the same
 modes as DES (see L<des_modes(7)|des_modes(7)>).  Blowfish is currently one
 of the faster block ciphers.  It is quite a bit faster than DES, and much
 faster than IDEA or RC2.
diff --git a/src/lib/libssl/src/doc/crypto/pem.pod b/src/lib/libssl/src/doc/crypto/pem.pod
index 8613114452..4f9a27df0c 100644
--- a/src/lib/libssl/src/doc/crypto/pem.pod
+++ b/src/lib/libssl/src/doc/crypto/pem.pod
@@ -471,6 +471,6 @@ is guaranteed to work.
 =head1 RETURN CODES
 The read routines return either a pointer to the structure read or NULL
-is an error occurred.
+if an error occurred.
 The write routines return 1 for success or 0 for failure.
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CIPHER_get_name.pod b/src/lib/libssl/src/doc/ssl/SSL_CIPHER_get_name.pod
index 914eb7c9e3..f62a869a9b 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_CIPHER_get_name.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_CIPHER_get_name.pod
@@ -8,9 +8,9 @@ SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, SSL_CIPHER_des
 #include <openssl/ssl.h>
- const char *SSL_CIPHER_get_name(SSL_CIPHER *cipher);
+ const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher);
- int SSL_CIPHER_get_bits(SSL_CIPHER *cipher, int *alg_bits);
+ int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits);
- char *SSL_CIPHER_get_version(SSL_CIPHER *cipher);
+ char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher);
 char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int size);
 =head1 DESCRIPTION
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_get_ex_new_index.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_get_ex_new_index.pod
index 5686faf299..0c40a91f2f 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_CTX_get_ex_new_index.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_get_ex_new_index.pod
@@ -15,7 +15,7 @@ SSL_CTX_get_ex_new_index, SSL_CTX_set_ex_data, SSL_CTX_get_ex_data - internal ap
 int SSL_CTX_set_ex_data(SSL_CTX *ctx, int idx, void *arg);
- void *SSL_CTX_get_ex_data(SSL_CTX *ctx, int idx);
+ void *SSL_CTX_get_ex_data(const SSL_CTX *ctx, int idx);
 typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
                int idx, long argl, void *argp);
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_get_verify_mode.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_get_verify_mode.pod
index 7f10c6e945..2a3747e75c 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_CTX_get_verify_mode.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_get_verify_mode.pod
@@ -8,12 +8,12 @@ SSL_CTX_get_verify_mode, SSL_get_verify_mode, SSL_CTX_get_verify_depth, SSL_get_
 #include <openssl/ssl.h>
- int SSL_CTX_get_verify_mode(SSL_CTX *ctx);
+ int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);
- int SSL_get_verify_mode(SSL *ssl);
+ int SSL_get_verify_mode(const SSL *ssl);
- int SSL_CTX_get_verify_depth(SSL_CTX *ctx);
+ int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);
- int SSL_get_verify_depth(SSL *ssl);
+ int SSL_get_verify_depth(const SSL *ssl);
- int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(int, X509_STORE_CTX *);
+ int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *);
- int (*SSL_get_verify_callback(SSL *ssl))(int, X509_STORE_CTX *);
+ int (*SSL_get_verify_callback(const SSL *ssl))(int, X509_STORE_CTX *);
 =head1 DESCRIPTION
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_cert_store.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_cert_store.pod
index 3a240c4d37..6acf0d9f9b 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_cert_store.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_cert_store.pod
@@ -9,7 +9,7 @@ SSL_CTX_set_cert_store, SSL_CTX_get_cert_store - manipulate X509 certificate ver
 #include <openssl/ssl.h>
 void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store);
- X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *ctx);
+ X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx);
 =head1 DESCRIPTION
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_info_callback.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_info_callback.pod
index 63d0b8d33f..0b4affd5eb 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_info_callback.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_info_callback.pod
@@ -9,10 +9,10 @@ SSL_CTX_set_info_callback, SSL_CTX_get_info_callback, SSL_set_info_callback, SSL
 #include <openssl/ssl.h>
 void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*callback)());
- void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))();
+ void (*SSL_CTX_get_info_callback(const SSL_CTX *ctx))();
 void SSL_set_info_callback(SSL *ssl, void (*callback)());
- void (*SSL_get_info_callback(SSL *ssl))();
+ void (*SSL_get_info_callback(const SSL *ssl))();
 =head1 DESCRIPTION
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod
index 766f0c9200..5ab1b32f93 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod
@@ -163,7 +163,7 @@ When choosing a cipher, use the server's preferences instead of the client
 preferences. When not set, the SSL server will always follow the clients
 preferences. When set, the SSLv3/TLSv1 server will choose following its
 own preferences. Because of the different protocol, for SSLv2 the server
-will send his list of preferences to the client and the client chooses.
+will send its list of preferences to the client and the client chooses.
 =item SSL_OP_PKCS1_CHECK_1
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_quiet_shutdown.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_quiet_shutdown.pod
index 1d0526d59a..393f8ff0b4 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_quiet_shutdown.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_quiet_shutdown.pod
@@ -9,10 +9,10 @@ SSL_CTX_set_quiet_shutdown, SSL_CTX_get_quiet_shutdown, SSL_set_quiet_shutdown,
 #include <openssl/ssl.h>
 void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode);
- int SSL_CTX_get_quiet_shutdown(SSL_CTX *ctx);
+ int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
 void SSL_set_quiet_shutdown(SSL *ssl, int mode);
- int SSL_get_quiet_shutdown(SSL *ssl);
+ int SSL_get_quiet_shutdown(const SSL *ssl);
 =head1 DESCRIPTION
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_session_id_context.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_session_id_context.pod
index 5949395159..58fc685506 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_session_id_context.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_session_id_context.pod
@@ -46,7 +46,8 @@ B<SSL_MAX_SSL_SESSION_ID_LENGTH>.
 =head1 WARNINGS
-If the session id context is not set on an SSL/TLS server, stored sessions
+If the session id context is not set on an SSL/TLS server and client
+certificates are used, stored sessions
 will not be reused but a fatal error will be flagged and the handshake
 will fail.
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_use_certificate.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_use_certificate.pod
index ea2faba3ec..48c888c337 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_CTX_use_certificate.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_use_certificate.pod
@@ -31,8 +31,8 @@ SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, SSL_CTX_use_certificate_f
 int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
 int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
- int SSL_CTX_check_private_key(SSL_CTX *ctx);
+ int SSL_CTX_check_private_key(const SSL_CTX *ctx);
- int SSL_check_private_key(SSL *ssl);
+ int SSL_check_private_key(const SSL *ssl);
 =head1 DESCRIPTION
diff --git a/src/lib/libssl/src/doc/ssl/SSL_SESSION_get_ex_new_index.pod b/src/lib/libssl/src/doc/ssl/SSL_SESSION_get_ex_new_index.pod
index da0bcf1590..657cda931f 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_SESSION_get_ex_new_index.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_SESSION_get_ex_new_index.pod
@@ -15,7 +15,7 @@ SSL_SESSION_get_ex_new_index, SSL_SESSION_set_ex_data, SSL_SESSION_get_ex_data -
 int SSL_SESSION_set_ex_data(SSL_SESSION *session, int idx, void *arg);
- void *SSL_SESSION_get_ex_data(SSL_SESSION *session, int idx);
+ void *SSL_SESSION_get_ex_data(const SSL_SESSION *session, int idx);
 typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
                int idx, long argl, void *argp);
diff --git a/src/lib/libssl/src/doc/ssl/SSL_SESSION_get_time.pod b/src/lib/libssl/src/doc/ssl/SSL_SESSION_get_time.pod
index ea3c2bcfe6..00883ed2a0 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_SESSION_get_time.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_SESSION_get_time.pod
@@ -8,14 +8,14 @@ SSL_SESSION_get_time, SSL_SESSION_set_time, SSL_SESSION_get_timeout, SSL_SESSION
 #include <openssl/ssl.h>
- long SSL_SESSION_get_time(SSL_SESSION *s);
+ long SSL_SESSION_get_time(const SSL_SESSION *s);
 long SSL_SESSION_set_time(SSL_SESSION *s, long tm);
- long SSL_SESSION_get_timeout(SSL_SESSION *s);
+ long SSL_SESSION_get_timeout(const SSL_SESSION *s);
 long SSL_SESSION_set_timeout(SSL_SESSION *s, long tm);
- long SSL_get_time(SSL_SESSION *s);
+ long SSL_get_time(const SSL_SESSION *s);
 long SSL_set_time(SSL_SESSION *s, long tm);
- long SSL_get_timeout(SSL_SESSION *s);
+ long SSL_get_timeout(const SSL_SESSION *s);
 long SSL_set_timeout(SSL_SESSION *s, long tm);
 =head1 DESCRIPTION
diff --git a/src/lib/libssl/src/doc/ssl/SSL_get_SSL_CTX.pod b/src/lib/libssl/src/doc/ssl/SSL_get_SSL_CTX.pod
index 52d0227b19..659c482c79 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_get_SSL_CTX.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_get_SSL_CTX.pod
@@ -8,7 +8,7 @@ SSL_get_SSL_CTX - get the SSL_CTX from which an SSL is created
 #include <openssl/ssl.h>
- SSL_CTX *SSL_get_SSL_CTX(SSL *ssl);
+ SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
 =head1 DESCRIPTION
diff --git a/src/lib/libssl/src/doc/ssl/SSL_get_ciphers.pod b/src/lib/libssl/src/doc/ssl/SSL_get_ciphers.pod
index 2a57455c23..aecadd9138 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_get_ciphers.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_get_ciphers.pod
@@ -8,8 +8,8 @@ SSL_get_ciphers, SSL_get_cipher_list - get list of available SSL_CIPHERs
 #include <openssl/ssl.h>
- STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *ssl);
+ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl);
- const char *SSL_get_cipher_list(SSL *ssl, int priority);
+ const char *SSL_get_cipher_list(const SSL *ssl, int priority);
 =head1 DESCRIPTION
diff --git a/src/lib/libssl/src/doc/ssl/SSL_get_client_CA_list.pod b/src/lib/libssl/src/doc/ssl/SSL_get_client_CA_list.pod
index 5693fdebb2..68181b2407 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_get_client_CA_list.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_get_client_CA_list.pod
@@ -8,8 +8,8 @@ SSL_get_client_CA_list, SSL_CTX_get_client_CA_list - get list of client CAs
 #include <openssl/ssl.h>
- STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s);
+ STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);
- STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *ctx); 
+ STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx); 
 =head1 DESCRIPTION
diff --git a/src/lib/libssl/src/doc/ssl/SSL_get_current_cipher.pod b/src/lib/libssl/src/doc/ssl/SSL_get_current_cipher.pod
index 2dd7261d89..e5ab12491e 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_get_current_cipher.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_get_current_cipher.pod
@@ -9,7 +9,7 @@ SSL_get_cipher_bits, SSL_get_cipher_version - get SSL_CIPHER of a connection
 #include <openssl/ssl.h>
- SSL_CIPHER *SSL_get_current_cipher(SSL *ssl);
+ SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl);
 #define SSL_get_cipher(s) \
                SSL_CIPHER_get_name(SSL_get_current_cipher(s))
 #define SSL_get_cipher_name(s) \
diff --git a/src/lib/libssl/src/doc/ssl/SSL_get_default_timeout.pod b/src/lib/libssl/src/doc/ssl/SSL_get_default_timeout.pod
index 8d43b31345..a648a9b82d 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_get_default_timeout.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_get_default_timeout.pod
@@ -8,7 +8,7 @@ SSL_get_default_timeout - get default session timeout value
 #include <openssl/ssl.h>
- long SSL_get_default_timeout(SSL *ssl);
+ long SSL_get_default_timeout(const SSL *ssl);
 =head1 DESCRIPTION
diff --git a/src/lib/libssl/src/doc/ssl/SSL_get_error.pod b/src/lib/libssl/src/doc/ssl/SSL_get_error.pod
index fe28dd942a..48c6b15db7 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_get_error.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_get_error.pod
@@ -8,7 +8,7 @@ SSL_get_error - obtain result code for TLS/SSL I/O operation
 #include <openssl/ssl.h>
- int SSL_get_error(SSL *ssl, int ret);
+ int SSL_get_error(const SSL *ssl, int ret);
 =head1 DESCRIPTION
diff --git a/src/lib/libssl/src/doc/ssl/SSL_get_ex_new_index.pod b/src/lib/libssl/src/doc/ssl/SSL_get_ex_new_index.pod
index 6644ef8fbc..228d23d8c0 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_get_ex_new_index.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_get_ex_new_index.pod
@@ -15,7 +15,7 @@ SSL_get_ex_new_index, SSL_set_ex_data, SSL_get_ex_data - internal application sp
 int SSL_set_ex_data(SSL *ssl, int idx, void *arg);
- void *SSL_get_ex_data(SSL *ssl, int idx);
+ void *SSL_get_ex_data(const SSL *ssl, int idx);
 typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
                int idx, long argl, void *argp);
diff --git a/src/lib/libssl/src/doc/ssl/SSL_get_fd.pod b/src/lib/libssl/src/doc/ssl/SSL_get_fd.pod
index a3f7625931..89260b522c 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_get_fd.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_get_fd.pod
@@ -8,9 +8,9 @@ SSL_get_fd - get file descriptor linked to an SSL object
 #include <openssl/ssl.h>
- int SSL_get_fd(SSL *ssl);
+ int SSL_get_fd(const SSL *ssl);
- int SSL_get_rfd(SSL *ssl);
+ int SSL_get_rfd(const SSL *ssl);
- int SSL_get_wfd(SSL *ssl);
+ int SSL_get_wfd(const SSL *ssl);
 =head1 DESCRIPTION
diff --git a/src/lib/libssl/src/doc/ssl/SSL_get_peer_cert_chain.pod b/src/lib/libssl/src/doc/ssl/SSL_get_peer_cert_chain.pod
index 390ce0b41b..49fb88f86f 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_get_peer_cert_chain.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_get_peer_cert_chain.pod
@@ -8,7 +8,7 @@ SSL_get_peer_cert_chain - get the X509 certificate chain of the peer
 #include <openssl/ssl.h>
- STACKOF(X509) *SSL_get_peer_cert_chain(SSL *ssl);
+ STACKOF(X509) *SSL_get_peer_cert_chain(const SSL *ssl);
 =head1 DESCRIPTION
diff --git a/src/lib/libssl/src/doc/ssl/SSL_get_peer_certificate.pod b/src/lib/libssl/src/doc/ssl/SSL_get_peer_certificate.pod
index 60635a9660..ef7c8be180 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_get_peer_certificate.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_get_peer_certificate.pod
@@ -8,7 +8,7 @@ SSL_get_peer_certificate - get the X509 certificate of the peer
 #include <openssl/ssl.h>
- X509 *SSL_get_peer_certificate(SSL *ssl);
+ X509 *SSL_get_peer_certificate(const SSL *ssl);
 =head1 DESCRIPTION
diff --git a/src/lib/libssl/src/doc/ssl/SSL_get_session.pod b/src/lib/libssl/src/doc/ssl/SSL_get_session.pod
index dd9aba40b6..0c41caa922 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_get_session.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_get_session.pod
@@ -8,8 +8,8 @@ SSL_get_session - retrieve TLS/SSL session data
 #include <openssl/ssl.h>
- SSL_SESSION *SSL_get_session(SSL *ssl);
+ SSL_SESSION *SSL_get_session(const SSL *ssl);
- SSL_SESSION *SSL_get0_session(SSL *ssl);
+ SSL_SESSION *SSL_get0_session(const SSL *ssl);
 SSL_SESSION *SSL_get1_session(SSL *ssl);
 =head1 DESCRIPTION
diff --git a/src/lib/libssl/src/doc/ssl/SSL_get_verify_result.pod b/src/lib/libssl/src/doc/ssl/SSL_get_verify_result.pod
index e6bac9c35a..55b56a53f9 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_get_verify_result.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_get_verify_result.pod
@@ -8,7 +8,7 @@ SSL_get_verify_result - get result of peer certificate verification
 #include <openssl/ssl.h>
- long SSL_get_verify_result(SSL *ssl);
+ long SSL_get_verify_result(const SSL *ssl);
 =head1 DESCRIPTION
diff --git a/src/lib/libssl/src/doc/ssl/SSL_get_version.pod b/src/lib/libssl/src/doc/ssl/SSL_get_version.pod
index 24d5291256..cc271db2c5 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_get_version.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_get_version.pod
@@ -8,7 +8,7 @@ SSL_get_version - get the protocol version of a connection.
 #include <openssl/ssl.h>
- const char *SSL_get_version(SSL *ssl);
+ const char *SSL_get_version(const SSL *ssl);
 =head1 DESCRIPTION
diff --git a/src/lib/libssl/src/doc/ssl/SSL_pending.pod b/src/lib/libssl/src/doc/ssl/SSL_pending.pod
index b4c48598b2..43f2874e8b 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_pending.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_pending.pod
@@ -8,7 +8,7 @@ SSL_pending - obtain number of readable bytes buffered in an SSL object
 #include <openssl/ssl.h>
- int SSL_pending(SSL *ssl);
+ int SSL_pending(const SSL *ssl);
 =head1 DESCRIPTION
diff --git a/src/lib/libssl/src/doc/ssl/SSL_set_shutdown.pod b/src/lib/libssl/src/doc/ssl/SSL_set_shutdown.pod
index 6289e635d9..011a022a12 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_set_shutdown.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_set_shutdown.pod
@@ -10,7 +10,7 @@ SSL_set_shutdown, SSL_get_shutdown - manipulate shutdown state of an SSL connect
 void SSL_set_shutdown(SSL *ssl, int mode);
- int SSL_get_shutdown(SSL *ssl);
+ int SSL_get_shutdown(const SSL *ssl);
 =head1 DESCRIPTION
diff --git a/src/lib/libssl/src/doc/ssl/SSL_shutdown.pod b/src/lib/libssl/src/doc/ssl/SSL_shutdown.pod
index 6b5012be7a..89911acbca 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_shutdown.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_shutdown.pod
@@ -38,7 +38,7 @@ behaviour.
 =over 4
 =item When the application is the first party to send the "close notify"
-alert, SSL_shutdown() will only send the alert and the set the
+alert, SSL_shutdown() will only send the alert and then set the
 SSL_SENT_SHUTDOWN flag (so that the session is considered good and will
 be kept in cache). SSL_shutdown() will then return with 0. If a unidirectional
 shutdown is enough (the underlying connection shall be closed anyway), this
diff --git a/src/lib/libssl/src/doc/ssl/SSL_state_string.pod b/src/lib/libssl/src/doc/ssl/SSL_state_string.pod
index b4be1aaa48..fe25d47c71 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_state_string.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_state_string.pod
@@ -8,8 +8,8 @@ SSL_state_string, SSL_state_string_long - get textual description of state of an
 #include <openssl/ssl.h>
- const char *SSL_state_string(SSL *ssl);
+ const char *SSL_state_string(const SSL *ssl);
- const char *SSL_state_string_long(SSL *ssl);
+ const char *SSL_state_string_long(const SSL *ssl);
 =head1 DESCRIPTION
diff --git a/src/lib/libssl/src/doc/ssl/SSL_want.pod b/src/lib/libssl/src/doc/ssl/SSL_want.pod
index 50cc89db80..c0059c0d4a 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_want.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_want.pod
@@ -8,11 +8,11 @@ SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, SSL_want_x509_lookup
 #include <openssl/ssl.h>
- int SSL_want(SSL *ssl);
+ int SSL_want(const SSL *ssl);
- int SSL_want_nothing(SSL *ssl);
+ int SSL_want_nothing(const SSL *ssl);
- int SSL_want_read(SSL *ssl);
+ int SSL_want_read(const SSL *ssl);
- int SSL_want_write(SSL *ssl);
+ int SSL_want_write(const SSL *ssl);
- int SSL_want_x509_lookup(SSL *ssl);
+ int SSL_want_x509_lookup(const SSL *ssl);
 =head1 DESCRIPTION
diff --git a/src/lib/libssl/src/doc/ssl/d2i_SSL_SESSION.pod b/src/lib/libssl/src/doc/ssl/d2i_SSL_SESSION.pod
index 0321a5a36f..81d276477f 100644
--- a/src/lib/libssl/src/doc/ssl/d2i_SSL_SESSION.pod
+++ b/src/lib/libssl/src/doc/ssl/d2i_SSL_SESSION.pod
@@ -8,7 +8,7 @@ d2i_SSL_SESSION, i2d_SSL_SESSION - convert SSL_SESSION object from/to ASN1 repre
 #include <openssl/ssl.h>
- SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp, long length);
+ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length);
 int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
 =head1 DESCRIPTION
diff --git a/src/lib/libssl/src/doc/ssl/ssl.pod b/src/lib/libssl/src/doc/ssl/ssl.pod
index 4d7a6b7e2b..b41f3e3645 100644
--- a/src/lib/libssl/src/doc/ssl/ssl.pod
+++ b/src/lib/libssl/src/doc/ssl/ssl.pod
@@ -213,7 +213,7 @@ protocol context defined in the B<SSL_CTX> structure.
 =item int B<SSL_CTX_add_session>(SSL_CTX *ctx, SSL_SESSION *c);
-=item int B<SSL_CTX_check_private_key>(SSL_CTX *ctx);
+=item int B<SSL_CTX_check_private_key>(const SSL_CTX *ctx);
 =item long B<SSL_CTX_ctrl>(SSL_CTX *ctx, int cmd, long larg, char *parg);
@@ -225,23 +225,23 @@ protocol context defined in the B<SSL_CTX> structure.
 =item X509_STORE *B<SSL_CTX_get_cert_store>(SSL_CTX *ctx);
-=item STACK *B<SSL_CTX_get_client_CA_list>(SSL_CTX *ctx);
+=item STACK *B<SSL_CTX_get_client_CA_list>(const SSL_CTX *ctx);
 =item int (*B<SSL_CTX_get_client_cert_cb>(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
-=item char *B<SSL_CTX_get_ex_data>(SSL_CTX *s, int idx);
+=item char *B<SSL_CTX_get_ex_data>(const SSL_CTX *s, int idx);
 =item int B<SSL_CTX_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
 =item void (*B<SSL_CTX_get_info_callback>(SSL_CTX *ctx))(SSL *ssl, int cb, int ret);
-=item int B<SSL_CTX_get_quiet_shutdown>(SSL_CTX *ctx);
+=item int B<SSL_CTX_get_quiet_shutdown>(const SSL_CTX *ctx);
 =item int B<SSL_CTX_get_session_cache_mode>(SSL_CTX *ctx);
-=item long B<SSL_CTX_get_timeout>(SSL_CTX *ctx);
+=item long B<SSL_CTX_get_timeout>(const SSL_CTX *ctx);
-=item int (*B<SSL_CTX_get_verify_callback>(SSL_CTX *ctx))(int ok, X509_STORE_CTX *ctx);
+=item int (*B<SSL_CTX_get_verify_callback>(const SSL_CTX *ctx))(int ok, X509_STORE_CTX *ctx);
 =item int B<SSL_CTX_get_verify_mode>(SSL_CTX *ctx);
@@ -383,27 +383,27 @@ sessions defined in the B<SSL_SESSION> structures.
 =over 4
-=item int B<SSL_SESSION_cmp>(SSL_SESSION *a, SSL_SESSION *b);
+=item int B<SSL_SESSION_cmp>(const SSL_SESSION *a, const SSL_SESSION *b);
 =item void B<SSL_SESSION_free>(SSL_SESSION *ss);
 =item char *B<SSL_SESSION_get_app_data>(SSL_SESSION *s);
-=item char *B<SSL_SESSION_get_ex_data>(SSL_SESSION *s, int idx);
+=item char *B<SSL_SESSION_get_ex_data>(const SSL_SESSION *s, int idx);
 =item int B<SSL_SESSION_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
-=item long B<SSL_SESSION_get_time>(SSL_SESSION *s);
+=item long B<SSL_SESSION_get_time>(const SSL_SESSION *s);
-=item long B<SSL_SESSION_get_timeout>(SSL_SESSION *s);
+=item long B<SSL_SESSION_get_timeout>(const SSL_SESSION *s);
-=item unsigned long B<SSL_SESSION_hash>(SSL_SESSION *a);
+=item unsigned long B<SSL_SESSION_hash>(const SSL_SESSION *a);
 =item SSL_SESSION *B<SSL_SESSION_new>(void);
-=item int B<SSL_SESSION_print>(BIO *bp, SSL_SESSION *x);
+=item int B<SSL_SESSION_print>(BIO *bp, const SSL_SESSION *x);
-=item int B<SSL_SESSION_print_fp>(FILE *fp, SSL_SESSION *x);
+=item int B<SSL_SESSION_print_fp>(FILE *fp, const SSL_SESSION *x);
 =item void B<SSL_SESSION_set_app_data>(SSL_SESSION *s, char *a);
@@ -438,7 +438,7 @@ connection defined in the B<SSL> structure.
 =item char *B<SSL_alert_type_string_long>(int value);
-=item int B<SSL_check_private_key>(SSL *ssl);
+=item int B<SSL_check_private_key>(const SSL *ssl);
 =item void B<SSL_clear>(SSL *ssl);
@@ -446,7 +446,7 @@ connection defined in the B<SSL> structure.
 =item int B<SSL_connect>(SSL *ssl);
-=item void B<SSL_copy_session_id>(SSL *t, SSL *f);
+=item void B<SSL_copy_session_id>(SSL *t, const SSL *f);
 =item long B<SSL_ctrl>(SSL *ssl, int cmd, long larg, char *parg);
@@ -458,77 +458,77 @@ connection defined in the B<SSL> structure.
 =item void B<SSL_free>(SSL *ssl);
-=item SSL_CTX *B<SSL_get_SSL_CTX>(SSL *ssl);
+=item SSL_CTX *B<SSL_get_SSL_CTX>(const SSL *ssl);
 =item char *B<SSL_get_app_data>(SSL *ssl);
-=item X509 *B<SSL_get_certificate>(SSL *ssl);
+=item X509 *B<SSL_get_certificate>(const SSL *ssl);
-=item const char *B<SSL_get_cipher>(SSL *ssl);
+=item const char *B<SSL_get_cipher>(const SSL *ssl);
-=item int B<SSL_get_cipher_bits>(SSL *ssl, int *alg_bits);
+=item int B<SSL_get_cipher_bits>(const SSL *ssl, int *alg_bits);
-=item char *B<SSL_get_cipher_list>(SSL *ssl, int n);
+=item char *B<SSL_get_cipher_list>(const SSL *ssl, int n);
-=item char *B<SSL_get_cipher_name>(SSL *ssl);
+=item char *B<SSL_get_cipher_name>(const SSL *ssl);
-=item char *B<SSL_get_cipher_version>(SSL *ssl);
+=item char *B<SSL_get_cipher_version>(const SSL *ssl);
-=item STACK *B<SSL_get_ciphers>(SSL *ssl);
+=item STACK *B<SSL_get_ciphers>(const SSL *ssl);
-=item STACK *B<SSL_get_client_CA_list>(SSL *ssl);
+=item STACK *B<SSL_get_client_CA_list>(const SSL *ssl);
 =item SSL_CIPHER *B<SSL_get_current_cipher>(SSL *ssl);
-=item long B<SSL_get_default_timeout>(SSL *ssl);
+=item long B<SSL_get_default_timeout>(const SSL *ssl);
-=item int B<SSL_get_error>(SSL *ssl, int i);
+=item int B<SSL_get_error>(const SSL *ssl, int i);
-=item char *B<SSL_get_ex_data>(SSL *ssl, int idx);
+=item char *B<SSL_get_ex_data>(const SSL *ssl, int idx);
 =item int B<SSL_get_ex_data_X509_STORE_CTX_idx>(void);
 =item int B<SSL_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
-=item int B<SSL_get_fd>(SSL *ssl);
+=item int B<SSL_get_fd>(const SSL *ssl);
-=item void (*B<SSL_get_info_callback>(SSL *ssl);)(void)
+=item void (*B<SSL_get_info_callback>(const SSL *ssl);)()
-=item STACK *B<SSL_get_peer_cert_chain>(SSL *ssl);
+=item STACK *B<SSL_get_peer_cert_chain>(const SSL *ssl);
-=item X509 *B<SSL_get_peer_certificate>(SSL *ssl);
+=item X509 *B<SSL_get_peer_certificate>(const SSL *ssl);
 =item EVP_PKEY *B<SSL_get_privatekey>(SSL *ssl);
-=item int B<SSL_get_quiet_shutdown>(SSL *ssl);
+=item int B<SSL_get_quiet_shutdown>(const SSL *ssl);
-=item BIO *B<SSL_get_rbio>(SSL *ssl);
+=item BIO *B<SSL_get_rbio>(const SSL *ssl);
-=item int B<SSL_get_read_ahead>(SSL *ssl);
+=item int B<SSL_get_read_ahead>(const SSL *ssl);
-=item SSL_SESSION *B<SSL_get_session>(SSL *ssl);
+=item SSL_SESSION *B<SSL_get_session>(const SSL *ssl);
-=item char *B<SSL_get_shared_ciphers>(SSL *ssl, char *buf, int len);
+=item char *B<SSL_get_shared_ciphers>(const SSL *ssl, char *buf, int len);
-=item int B<SSL_get_shutdown>(SSL *ssl);
+=item int B<SSL_get_shutdown>(const SSL *ssl);
 =item SSL_METHOD *B<SSL_get_ssl_method>(SSL *ssl);
-=item int B<SSL_get_state>(SSL *ssl);
+=item int B<SSL_get_state>(const SSL *ssl);
-=item long B<SSL_get_time>(SSL *ssl);
+=item long B<SSL_get_time>(const SSL *ssl);
-=item long B<SSL_get_timeout>(SSL *ssl);
+=item long B<SSL_get_timeout>(const SSL *ssl);
-=item int (*B<SSL_get_verify_callback>(SSL *ssl);)(void)
+=item int (*B<SSL_get_verify_callback>(const SSL *ssl))(int,X509_STORE_CTX *)
-=item int B<SSL_get_verify_mode>(SSL *ssl);
+=item int B<SSL_get_verify_mode>(const SSL *ssl);
-=item long B<SSL_get_verify_result>(SSL *ssl);
+=item long B<SSL_get_verify_result>(const SSL *ssl);
-=item char *B<SSL_get_version>(SSL *ssl);
+=item char *B<SSL_get_version>(const SSL *ssl);
-=item BIO *B<SSL_get_wbio>(SSL *ssl);
+=item BIO *B<SSL_get_wbio>(const SSL *ssl);
 =item int B<SSL_in_accept_init>(SSL *ssl);
@@ -550,7 +550,7 @@ connection defined in the B<SSL> structure.
 =item int B<SSL_peek>(SSL *ssl, void *buf, int num);
-=item int B<SSL_pending>(SSL *ssl);
+=item int B<SSL_pending>(const SSL *ssl);
 =item int B<SSL_read>(SSL *ssl, void *buf, int num);
@@ -610,11 +610,11 @@ connection defined in the B<SSL> structure.
 =item int B<SSL_shutdown>(SSL *ssl);
-=item int B<SSL_state>(SSL *ssl);
+=item int B<SSL_state>(const SSL *ssl);
-=item char *B<SSL_state_string>(SSL *ssl);
+=item char *B<SSL_state_string>(const SSL *ssl);
-=item char *B<SSL_state_string_long>(SSL *ssl);
+=item char *B<SSL_state_string_long>(const SSL *ssl);
 =item long B<SSL_total_renegotiations>(SSL *ssl);
@@ -636,17 +636,17 @@ connection defined in the B<SSL> structure.
 =item int B<SSL_use_certificate_file>(SSL *ssl, char *file, int type);
-=item int B<SSL_version>(SSL *ssl);
+=item int B<SSL_version>(const SSL *ssl);
-=item int B<SSL_want>(SSL *ssl);
+=item int B<SSL_want>(const SSL *ssl);
-=item int B<SSL_want_nothing>(SSL *ssl);
+=item int B<SSL_want_nothing>(const SSL *ssl);
-=item int B<SSL_want_read>(SSL *ssl);
+=item int B<SSL_want_read>(const SSL *ssl);
-=item int B<SSL_want_write>(SSL *ssl);
+=item int B<SSL_want_write>(const SSL *ssl);
-=item int B<SSL_want_x509_lookup>(s);
+=item int B<SSL_want_x509_lookup>(const SSL *ssl);
 =item int B<SSL_write>(SSL *ssl, const void *buf, int num);
diff --git a/src/lib/libssl/src/doc/standards.txt b/src/lib/libssl/src/doc/standards.txt
index edbe2f3a57..f6675b574b 100644
--- a/src/lib/libssl/src/doc/standards.txt
+++ b/src/lib/libssl/src/doc/standards.txt
@@ -88,6 +88,10 @@ PKCS#12: Personal Information Exchange Syntax Standard, version 1.0.
     (Format: TXT=143173 bytes) (Obsoletes RFC2437) (Status:           
     INFORMATIONAL)                                         
+3820 Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate
+     Profile. S. Tuecke, V. Welch, D. Engert, L. Pearlman, M. Thompson.
+     June 2004. (Format: TXT=86374 bytes) (Status: PROPOSED STANDARD)
 Related:
 --------