| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This abomination of an API will be removed. Remove the hairy details of
its internals and make the documentation of X509_STORE_CTX_set_trust(3)
and X509_STORE_CTX_set_purpose(3) independent of it.
Neither of these two remaining APIs can be recommended. Once set, trust
and purpose are sticky. Setting the trust to a different (valid) value
will indicate success but leave the value unchanged. I suppose it means
the new trust value was successfully ignored. Also, setting the trust to
X509_TRUST_DEFAULT can succeed or fail depending on which OpenSSL
derivative you use. Setting the purpose will also set the trust (unless
it is already set). Setting some purposes may or may not fail depending
on the OpenSSL lib.
The only way you have a chance of knowing what will be set is by calling
only one of these functions directly after X509_STORE_CTX_init(). This
isn't really safe either because in some versions the user can override
the values stored in a global table by writing directly to it.
The actual contributions here are rather minimal. State more explicitly
that 0 is invalid (but results in success being returned), document the
error values to be accurate across implementations and call out some of
the nonsense in a CAVEATS section.
Many thanks to schwarze for the very helpful review with lots of input.
ok schwarze
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
This removes any mention of DSA_generate_parameters in the manuals apart
from a comment that it is intentionally undocumented and adapts cross
references to DSA_generate_parameters_ex. The file itself will be moved
in a second step.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
in particular s/inl/in_len/ and s/outl/out_len/ as suggested by tb@.
While here, also get rid of the "outm" placeholder that has been
around since the file was added to OpenSSL in 2000, replacing it
with the usual "out" in the four function prototypes affected; tb@
and myself suspect it was simply a typo followed by copy and paste.
Slightly improve variable naming in the examples, too, for clarity and
consistency, even though that doesn't turn the examples into good examples.
OK tb@
|
| |
|
|
|
| |
and describe EVP_CIPHER_CTX_init(3) in a less misleading way.
Joint work with and OK tb@.
|
| |
|
|
|
| |
While here, also switch the argument placeholder from *impl to *engine
as suggested by tb@.
|
| |
|
|
|
|
| |
This API was recently neutered and will be removed in the next major bump.
Mark it as intentionally undocumented in EVP_PKEY_asn1_new.3 and remove it
from all other manuals.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The ub_email_address upper bound, 128, returned for NID_pkcs9_emailAddress,
doesn't match the PKCS#9 specification where it is 255. This was adjusted
in RFC 5280:
The ASN.1 modules in Appendix A are unchanged from RFC 3280, except
that ub-emailaddress-length was changed from 128 to 255 in order to
align with PKCS #9 [RFC2985].
Nobody seems to have noticed so far, so leave it at an XXX and a BUGS
entry for now. It also clearly has the wrong name.
Another mystery is why the RFCs suffix some upper bounds with length, but
not others. Also, OpenSSL chose to be inconsistent with that, because
inconsistency is one of the few things this library is really good at.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
The unused ASN1_STRING_TABLE extensibility API will be removed in the next
major bump and the table itself will become immutable. Lightly adjust the
remaining text. In particular, update the RFC reference, stop talking about
defaults when nothing can be changed anymore, do not mention useless flags
that you will no longer be able to set and move the description of the only
remaining flag after the description of ASN1_STRING_TABLE_get().
The file will be renamed in a second step.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Remove some lies and some irrelevant historical information
about the non_ex variants and waste fewer words deprecating them.
Telling people to type longer function names and to pass an
ignored NULL argument doesn't really help anything.
Also talk less about those ignored ENGINE arguments.
OK tb@
|
| |
|
|
|
|
|
|
| |
but it is still excessively long and complicated. To reduce the amount
of distractions a bit, split out three deprecated functions into a new
manual page EVP_CIPHER_CTX_init(3). No text change.
In part suggested by tb@, who agrees with the direction.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
They document functionality that no longer exists.
|
| | |
|
| |
|
|
|
| |
There's probably more that needs to be updated here, but that can be done
another day.
|
| | |
|
| |
|
|
| |
remove two Xr to ENGINE manuals.
|
| | |
|
| | |
|
| |
|
|
| |
In particular, do not use an uninitialized engine, simply pass NULL.
|
| |
|
|
| |
where that information was missing.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
I was told not to look since it will magically get fixed. Fine. I'd still
have expected a minimal amount of care so that the manpage isn't totally
dysfunctional and missing text in the right places. Sigh.
|
| |
|
|
|
|
|
|
|
|
|
| |
This matches when BoringSSL has done, and allows for getting
rid of the dependency on system timegm() and gmtime() in libtls.
which will make life easier for portable, and remove our
dependency on the potentially very slow system versions.
ok tb@ - tb will handle the minor bump bits and expose
on the next minor bump
CVS :----------------------------------------------------------------------
|
| | |
|
| |
|
|
| |
OK tb@
|
| |
|
|
|
| |
This matches what other pages use. Also rewrite the definition of the
modular inverse to be less ugly.
|
| | |
|
| |
|
|
|
| |
The old description was vague, but strictly speaking a lie, so make it
more precise and turn the lie into a truth.
|
| | |
|
| | |
|
