| Commit message (Collapse) | Author | Files | Lines |
|---|
|
DISPLAYTEXT_new(3), DISPLAYTEXT_free(3). These functions are clearly
public because OpenSSL documents them and they are in the public
<openssl/asn1.h> header.
OpenSSL documents these four functions in doc/man3/X509_dup.pod [sic],
but the information given is completely wrong: wrong header file,
wrong prototypes, misleading description. Why, oh why do people even
bother to write documentation if nothing of what they write is true?
|
|
below OpenBSD quality standards, but better than nothing...
|
|
Make sure EC_GROUP_new(3) points to all EC manuals and all EC manuals
point back to EC_GROUP_new(3), and add some other useful links as well.
Change all links to ec(3) to point to EC_GROUP_new(3) instead.
|
|
In this case, keep the text about individual struct fields
because it contains some actual information.
|
|
Make sure all RSA pages point back to RSA_new(3).
|
|
|
|
|
|
discard the rest of the text. There is no value in documenting
some of the fields of a structure and then going on to say that the
structure is intended as opaque. Besides, i doubt that we want
such strong marketing of ENGINE support.
|
|
Make sure all DSA pages point back to DSA_new(3).
|
|
discard the rest of the text. There is no value in documenting
some of the fields of a structure and then going on to say that the
structure is intended as opaque. Besides, i doubt that we want
such strong marketing of ENGINE support.
|
|
Make sure that all DH pages point back to DH_new(3).
|
|
Correct the header: It's <openssl/ui_compat.h>, not <openssl/des_old.h>.
Delete documentation of des_read_password(3) and des_read_2passwords(3)
which no longer exist.
Probably, the rest of this ought to be deleted as well...
|
|
|
|
OpenSSL removed bn(3) without replacement, but the introductory
text does seem helpful, and it is good for a sub-library to have a
central page pointing to all other pages and pointed at from all
other pages of the sub-library.
|
|
and make sure all BN*(3) pages point back to BN_new(3)
|
|
I'm not merging documentation for X509_STORE_set_verify_func(3)
from OpenSSL because their documentations does not appear to match
the code we have, and i don't understand what the code does.
|
|
|
|
Delete all the function prototypes.
They are all available from their individual manual pages.
Here, they were incomplete and nothing but a maintenance nightmare.
Add several missing cross reference, such that
this page now references all libssl manual pages.
Delete a sentence that said nothing and correct a typo.
Now all libssl manuals have proper Copyright notices and licenses,
and i have merged all improvements from OpenSSL that i could find.
|
|
where BUGS is longer than DESCRIPTION. The function is listed in
ssl(3) and <openssl/ssl.h>, so it's clearly public.
The code looks slightly mysterious to me, so it would be welcome if
somebody more familiar with TLS protocols could check factual accuracy.
|
|
SSL_num_renegotiations(3) written from scratch. These functions
are listed in ssl(3) and <openssl/ssl.h>, so they are clearly public.
|
|
so it's clearly a public interface.
|
|
|
|
|
|
|
|
From FreeBSD (glebius)
|
|
in ssl(3) and <openssl/ssl.h>, so it's clearly a public interface.
More could probably be said, the code looks somewhat mysterious to me,
but i think this stub is already better than nothing.
|
|
|
|
listed in ssl(3) and <openssl/ssl.h>, so it's clearly a public interface.
We might wish to merge the improved code from OpenSSL 1.1.0,
but that's major bump, so i'm documenting the BUGS for now.
|
|
in ssl(3) and <openssl/ssl.h>, so it is clearly public.
|
|
Mentioned in ssl(3) and <openssl/ssl.h>, so it is public.
|
|
SSL_add_dir_cert_subjects_to_stack(3), written from scratch.
Both functions are listed in ssl(3) and <openssl/ssl.h> and recommended
for the use by browsers in source code comments, so they are clearly
public interfaces.
Mention deduplication.
Purge some duplicate text and improve some wording while here.
Two additional cross references instead of the useless ssl(3).
Add HISTORY, AUTHORS, and BUGS.
It is depressing that BUGS (purely from code inspection) became
longer than the DESCRIPTION.
|
|
ok doug@
|
|
this contains the session master key.
ok deraadt@ doug@
|
|
this contains the session master key.
ok deraadt@ doug@
|
|
From Henri Kemppainen
|
|
a public interface since it's listed both in ssl(3) and in
<openssl/ssl.h>. Nothing to pilfer from OpenSSL in this case...
|
|
because that's what <openssl/ssl.h> #defines.
That's likely a typo in the header file because all the other
functions are called *tmp_rsa*(). But it would be a bad idea to
fix such a bug in interfaces that are only provided for backward
compatibility in the first place, so i'm adjusting the manual to
be bug-compatible with the code, for now.
But, pretty please, for the next major bump, somebody go get Bob's
flensing knife and excise this part of the interface. Like, export
ciphers? Really?
|
|
|
|
A specially crafted struct sockaddr_dl argument can trigger a stack
overflow of a static buffer in libc. An attacker may be able to
use this to write to arbitrary locations in the data segment.
From FreeBSD (glebius); OK deraadt@ mestre@
|
|
Garbage collect empty RETURN VALUES section.
Delete useless cross reference to ssl(3).
Add cross reference to SSL_SESSION_new(3).
|
|
The function prototype is listed in ssl(3) and <openssl/ssl.h>, so
it's clearly a public interface, but OpenSSL has no documentation
about it whatsoever.
|
|
|
|
|
|
we don't define preprocessor constants for the related NIDs,
so delete the subsection discussing them.
|
|
to be pointed to from random individual pages.
|
|
|
|
Mention AES, Chacha20, ECDSA, OCSP, OPENSSL_config.
Improve many cross references.
Convert the table into some real text and polish some wording.
Stop talking about SSL.
Drop vague references to undocumented internals (objects, stack, txt_db).
Delete verbiage that says nothing or is duplicate.
Ultimately, the content of this page should be merged into
OPENSSL_init_crypto(3), but we don't have that function yet,
so the merge has to wait.
|
|
|
|
ok doug@
|
|
handshake functions, we can remove more copied code from DTLS.
|
