| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
from the OpenSSL manual and from code inspection.
Use my own Copyright and license because no Copyright-worthy amount
of text from OpenSSL remains.
And, no, these functions do *NOT* check private keys, not at all.
|
| |
|
|
| |
dropping the secmem stuff that we don't want
|
| |
|
|
| |
don't have, which implies renaming the file to EVP_PKEY_meth_get0_info.3
|
| |
|
|
|
|
|
|
|
| |
the OpenSSL manual page committed on July 27, 2017, and on source
code inspection. Use my own Copyright and license because no
copyright-worthy amount of text from OpenSSL remains.
NOTA BENE:
BUGS Most aspects of the semantics considerably differ from OpenSSL.
|
| |
|
|
| |
from Dr. Stephen Henson <steve@openssl.org>, OpenSSL commit d218f3c3
|
| | |
|
| |
|
|
| |
from Rich Salz <rsalz@openssl.org>, OpenSSL commit 3e5d9da5 etc.
|
| |
|
|
|
| |
from Emilia Kasper <emilia@openssl.org>, OpenSSL commit 80770da3,
tweaked by me
|
| |
|
|
|
| |
in commit 2ca2e917. Document it here, too, but do not use their
text. Be more concise and more precise at the same time.
|
| |
|
|
|
| |
and document ERR_asprintf_error_data as their replacement.
ok jsing@, ingo@
|
| |
|
|
| |
jsing@ confirmed that these are public and worth documenting.
|
| |
|
|
| |
jsing@ confirmed that these macros are public and worth documenting.
|
| |
|
|
|
|
|
|
|
|
|
| |
Not documented by OpenSSL, but listed in <openssl/x509_vfy.h>
and referenced from X509_LOOKUP_hash_dir(3), and clearly more
important than the latter. Fixes three dead links reported by jmc@.
Most of the information from SSL_CTX_load_verify_locations(3) should
probably be moved here, but not all, since the SSL page also talks
about SSL servers and clients and the like. As i'm not completely
sure regarding the boundaries, i'm leaving that as it is for now.
|
| |
|
|
|
|
| |
All 36 functions listed in <openssl/asn1.h>
and in OpenSSL doc/man3/d2i_X509.pod,
six of them with wrong prototypes.
|
| |
|
|
|
|
|
|
| |
All four functions are listed in <openssl/asn1.h>
and in OpenSSL doc/man3/d2i_X509.pod.
Note that in the OpenSSL documentation,
three of the four prototypes are incorrect.
|
| |
|
|
|
|
|
|
|
|
|
| |
Both functions are listed in <openssl/asn1.h>
and in OpenSSL doc/man3/d2i_X509.pod.
After reading the code, i'm not amused. You wouldn't think that
it might take eight stack levels to decode a constant sixteen bit
value that does not even allow a single content octet, or would
you? Nota bene, this is an average of four stack levels for each
non-zero bit decoded... :-(
|
| |
|
|
|
| |
encoding functions from scratch. All 46 functions are listed
in OpenSSL doc/man3/d2i_X509.pod.
|
| |
|
|
|
| |
from scratch. All six functions are listed in <openssl/x509.h>
and in OpenSSL doc/man3/d2i_X509.pod.
|
| |
|
|
|
| |
These six function are listed in <openssl/x509.h>
and in OpenSSL doc/man3/d2i_X509.pod.
|
| |
|
|
|
| |
from scratch. All these functions are listed in <openssl/ocsp.h>
and in OpenSSL doc/man3/d2i_X509.pod.
|
| |
|
|
|
| |
from scratch. All functions listed in <openssl/ts.h>
and in OpenSSL doc/man3/s2i_X509.pod.
|
| |
|
|
|
|
| |
It is already referenced by one other manual page.
All these functions are listed in <openssl/pkcs7.h>
and in OpenSSL doc/man3/d2i_X509.pod.
|
| |
|
|
|
|
| |
It is already referenced from some other manuals.
All these functions are listed in <openssl/pkcs12.h>
and in OpenSSL doc/man3/d2i_X509.pod.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ASN1_item_d2i(3) manual page from it. Enough text remains to keep
Stephen Henson's Copyright.
The eight functions documented in this new page are listed in
<openssl/asn1.h> and in Symbols.list, so they are public even though
OpenSSL does not document them. They are very important because
hundreds of documented, much-used public interface functions are
trivial wrappers around them, sharing their complicated semantics
and their copious CAVEATS and BUGS.
The plan is for the many pages documenting the wrappers to become
very concise, to focus on the few type-dependent specifics, and to
point to this new page for the details of the semantics, for the
CAVEATS, and for the BUGS.
While here, write a companion page ASN1_item_new(3) from scratch.
The user interface described in that page scares the hell out of
me, and i think people writing code to handle ASN.1 ought to be
aware of that dangerous user interface design, or they will sooner
or later get trapped.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
are listed in <openssl/x509v3.h> and in OpenSSL doc/man3/X509_dup.pod.
OpenSSL documentation specifies the wrong header file.
I consider the quotation from
http://www-03.ibm.com/security/library/wp_pki0730.shtml
fair use because
(1) it is a very brief extract from a long text,
(2) no other source of information is available,
(3) it is quoted for the purpose of education and research,
(4) republishing happens in a not-for-profit context.
I'm not including the URI into the manual page because large corporate
websites are notorious for changing URIs during each spring cleaning.
|
| |
|
|
|
|
|
| |
documenting the dubious RFC 3280 PrivateKeyUsagePeriod extension.
Both functions are listed in <openssl/x509v3.h>
and in OpenSSL doc/man3/X509_dup.pod.
OpenSSL documentation specifies the wrong header file.
|
| |
|
|
|
|
| |
These four functions are listed in <openssl/x509v3.h>
and in OpenSSL doc/man3/X509_dup.pod.
OpenSSL documentation specifies the wrong header file.
|
| |
|
|
|
|
| |
All four functions are listed in <openssl/x509v3.h>
and in OpenSSL doc/man3/X509_dup.pod.
OpenSSL documentation specifies the wrong header file.
|
| |
|
|
|
|
| |
Both functions are listed in <openssl/x509v3.h>
and in OpenSSL doc/man3/X509_dup.pod.
OpenSSL documentation specifies the wrong header file.
|
| |
|
|
|
|
| |
i particularly like these fourteen functions, but they are all listed
in <openssl/x509v3.h> and in OpenSSL doc/man3/X509_dup.pod.
OpenSSL documentation specifies the wrong header file.
|
| |
|
|
|
|
| |
These functions are listed in <openssl/x509v3.h>
and in OpenSSL doc/man3/X509_dup.pod.
OpenSSL documentation specifies the wrong header file.
|
| |
|
|
|
|
|
| |
the important point of how to distinguish CA certificates from end
entity certificates. Both functions are listed in <openssl/x509v3.h>
and in OpenSSL doc/man3/X509_dup.pod.
OpenSSL documentation specifies the wrong header file.
|
| |
|
|
|
|
| |
All functions documented here are listed in <openssl/x509v3.h>
and in OpenSSL doc/man3/X509_dup.pod.
OpenSSL documentation specifies the wrong header file.
|
| |
|
|
|
|
| |
Both functions are listed in <openssl/x509v3.h>
and in OpenSSL doc/man3/X509_dup.pod.
OpenSSL documentation specifies the wrong header file.
|
| |
|
|
|
|
|
| |
Name structures weren't already complicated enough, see X509_NAME_new(3).
All these functions are listed in <openssl/x509v3.h>
and in OpenSSL doc/man3/X509_dup.pod.
OpenSSL documentation specifies the wrong header file.
|
| |
|
|
|
|
|
|
|
|
|
| |
scratch. All these functions are listed in <openssl/pkcs12.h> and
in OpenSSL doc/man3/X509_dup.pod. As usual, OpenSSL documentation
specifies the wrong header file.
Note that PKCS#12 documentation is still scanty at best.
For example, out of 19 public functions handling PKCS12 objects,
five are now documented, and this commit documents the first two
out of 24 public functions handling PKCS12_SAFEBAG objects.
|
| |
|
|
|
| |
listed in <openssl/x509.h> and in OpenSSL doc/man3/X509_dup.pod.
OpenSSL documentation specifies the wrong header file.
|
| |
|
|
| |
into X509_new(3). Add information about STANDARDS.
|
| |
|
|
| |
The functions documented there are no longer public.
|
| |
|
|
|
|
| |
Both functions are listed in <openssl/x509.h>
and in OpenSSL doc/man3/X509_dup.pod.
Note that OpenSSL documentation specifies the wrong header file.
|
| |
|
|
|
|
|
|
|
|
| |
Both functions are listed in <openssl/x509.h>
and in OpenSSL doc/man3/X509_dup.pod.
OpenSSL documentation specifies the wrong header file.
The design and use of this data type feels horrific.
If you understand PKCS#8 or PKCS#10 and can explain why this was
designed as it is, your contribution to this manual page is welcome.
|
| |
|
|
|
|
| |
These four functions are listed in <openssl/x509.h>
and in OpenSSL doc/man3/X509_dup.pod.
OpenSSL documentation specifies the wrong header file.
|
| |
|
|
|
|
| |
X509_REVOKED_set_serialNumber(3) and X509_REVOKED_set_revocationDate(3)
into this new page. Replace irrelevant cross references with
relevant cross references to X509_CRL* pages.
|
| |
|
|
|
|
|
| |
are listed in <openssl/x509.h> and in OpenSSL doc/man3/X509_dup.pod.
Note that the OpenSSL documentation specifies the wrong header file.
Link to all pages dealing with X509_CRL objects.
|
| |
|
|
|
| |
are listed in <openssl/x509.h> and in OpenSSL doc/man3/X509_dup.pod.
Note that the OpenSSL documentation specifies the wrong header file.
|
| |
|
|
|
| |
listed in <openssl/x509.h> and in OpenSSL doc/man3/X509_dup.pod.
Note that the OpenSSL documentation specifies the wrong header file.
|
| |
|
|
|
|
| |
from scratch. All these functions are listed in <openssl/ts.h>
and in OpenSSL doc/man3/X509_dup.pod.
Note that the OpenSSL documentation specifies the wrong header file.
|
| |
|
|
|
|
| |
are listed in <openssl/rsa.h> and OpenSSL doc/man3/X509_dup.pod.
Note that the OpenSSL documentation specifies the wrong header file.
More could probably be said about PSS, but this is a start...
|
| |
|
|
|
| |
public: listed in <openssl/pkcs7.h> and OpenSSL doc/man3/X509_dup.pod.
Note that the OpenSSL documentation specifies the wrong header file.
|
| |
|
|
|
|
|
|
|
|
|
| |
These two and OCSP_CRLID_free(3) and OCSP_SERVICELOC_free(3) are
public by being in OpenSSL doc/man3/X509_dup.pod.
OCSP_crlID_new(3) and OCSP_url_svcloc_new(3) are related and,
even though completely undocumented in OpenSSL, obviously much
more important.
If you had told me a year ago that i would ever write such text,
i would have called you crazy.
|
