| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Remove their documentation and mark some associated constants as
intentionally undocumented until they will be removed from public
headers.
|
| |
|
|
| |
be added in the upcoming bump.
|
| | |
|
| | |
|
| |
|
|
| |
openssl.cnf.5 will need a major overhaul. But that isn't new...
|
| | |
|
| | |
|
| |
|
|
|
| |
These will be made internal and will likely go away. The OBJ_add_sigid.3
manual should probably be renamed; this can be done in a second step.
|
| |
|
|
| |
This function will be made internal-only and likely be renamed/rewritten.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
ENGINE_get_default_{ECDH,ECDSA} will go away and won't come back. Replace
their documentation with the missing ENGINE_get_defaulT_EC. In the unlikely
event that we will need to bring back ENGINE after the next bump, this
manual will not be outdated and incomplete.
|
| |
|
|
|
|
|
| |
ENGINE_{get,set}_{ECDH,ECDSA} will go away and won't come back. Replace
their documentation with the missing ENGINE_{get,set}_EC. In the unlikely
event that we will need to bring back ENGINE after the next bump, this
manual will not be outdated and incomplete.
|
| |
|
|
|
| |
This way we will have a manual corresponding to an existing function after
the next bump.
|
| |
|
|
|
|
| |
Their BN_get_rfc*_prime_* aliases from the OpenSSL 1.1 API will remain.
Perhaps the manual should be moved to BN_get_rfc3526_prime_8192.3; that
can be done in a second step.
|
| |
|
|
|
| |
These very poorly designed interfaces will go away, so stop documenting
them.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
As usual, this has a lot of room for improvement, but it is better than
nothing at all. It leaves a dangling reference to EVP_MD_CTX_md_data(),
which I leave for schwarze to document. This is a terrible API and the
way it is used in the wild is terrifying.
|
| |
|
|
|
|
|
| |
After the GF2m removal, this function always returns 0, so adjust the
documentation and remove EC_GROUP_get_{trinomial,pentanomial}_basis()
that were left behind. Also add a tiny grammar tweak in the HISTORY
section.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
of the X509_CRL_INFO object. It should have been called "thisUpdate"
like in RFC 5280 section 5.1 (and in its precursor RFC 2459). Then again,
RFC 2459 was only published in 1999, so maybe the terminology wasn't
firmly established yet when Young wrote his code several years earlier -
just guessing, neither we nor the OpenSSL folks appear to know the real
reasons...
Anyway, we have been stuck with the "lastUpdate" names in the API for
more than two decades now, so clarify in the documentation what they
refer to and what they really mean.
Requested by and OK tb@.
|
| |
|
|
|
|
|
|
|
|
| |
Suggestion from Małgorzata Olszówka, they noted:
"The original wording suggests that it is required to execute
CMS_get0_signers() after CMS_verify(), while it is CMS_get0_signers()
that requires prior successful invocation of CMS_verify()."
OK tb@
|
| |
|
|
|
|
|
|
|
|
| |
- move a sentence out of a Bd block
- add some .Pp for spacing
- avoid a double colon on a sentence and the usage of second person
- mark STORE_CTX with .Vt
- change one Vt -> Dv (done after this has been ok'd by beck)
ok beck@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is an un-revert with nits of the previously landed change
to do this which broke libtls. libtls has now been changed to
not use this function.
This change ensures that if something is returned it is "text"
(UTF-8) and a C string not containing a NUL byte. Historically
callers to this function assume the result is text and a C string
however the OpenSSL version simply hands them the bytes from an
ASN1_STRING and expects them to know bad things can happen which
they almost universally do not check for. Partly inspired by
goings on in boringssl.
ok jsing@ tb@
|
| |
|
|
|
|
|
|
|
|
| |
This takes much of the language that boring uses to document
the verify callback, and corrects the historical horror that
OpenSSL introduced years ago by suggesting people ignore expiry
dates using the callback instead of the verify flags.
nits by jsg@ and tb@
ok tb@
|
| |
|
|
| |
in x509_vpm.c r1.39.
|
| | |
|
| |
|
|
|
| |
With this the only -Tlint warnings are about Xr to undocumented functions:
EVP_CIPHER_CTX_copy, EVP_CIPHER_CTX_get_cipher_data, X509V3_EXT_get_nid.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
ok tb@
|
| | |
|
| |
|
|
| |
With input from beck and jsing
|
| |
|
|
| |
Pointed out and ok by dlg
|
| | |
|
| |
|
|
|
|
|
| |
regress for the moment. this will come back after we rethink
the failure versus not there case.
ok tb@ jsing@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently these functions return raw ASN1_STRING bytes as
a C string and ignore the encoding in a "hold my beer I am
a toolkit not a functioning API surely it's just for testing
and you'd never send nasty bytes" kind of way.
Sadly some callers seem to use them to fetch things liks
subject name components for comparisons, and often just
use the result as a C string.
Instead, encode the resulting bytes as UTF-8 so it is
something like "text",
Add a failure case if the length provided is inadequate
or if the resulting text would contain an nul byte.
based on boringssl.
nits by dlg@
ok tb@
|
| |
|
|
|
| |
This was the last public API explicitly named ndef/NDEF for indefinite
length encoding, so remove that explanation as well.
|
| | |
|
