| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
of the X509_CRL_INFO object. It should have been called "thisUpdate"
like in RFC 5280 section 5.1 (and in its precursor RFC 2459). Then again,
RFC 2459 was only published in 1999, so maybe the terminology wasn't
firmly established yet when Young wrote his code several years earlier -
just guessing, neither we nor the OpenSSL folks appear to know the real
reasons...
Anyway, we have been stuck with the "lastUpdate" names in the API for
more than two decades now, so clarify in the documentation what they
refer to and what they really mean.
Requested by and OK tb@.
|
| |
|
|
|
|
|
|
|
|
| |
Suggestion from Małgorzata Olszówka, they noted:
"The original wording suggests that it is required to execute
CMS_get0_signers() after CMS_verify(), while it is CMS_get0_signers()
that requires prior successful invocation of CMS_verify()."
OK tb@
|
| |
|
|
|
|
|
|
|
|
| |
- move a sentence out of a Bd block
- add some .Pp for spacing
- avoid a double colon on a sentence and the usage of second person
- mark STORE_CTX with .Vt
- change one Vt -> Dv (done after this has been ok'd by beck)
ok beck@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is an un-revert with nits of the previously landed change
to do this which broke libtls. libtls has now been changed to
not use this function.
This change ensures that if something is returned it is "text"
(UTF-8) and a C string not containing a NUL byte. Historically
callers to this function assume the result is text and a C string
however the OpenSSL version simply hands them the bytes from an
ASN1_STRING and expects them to know bad things can happen which
they almost universally do not check for. Partly inspired by
goings on in boringssl.
ok jsing@ tb@
|
| |
|
|
|
|
|
|
|
|
| |
This takes much of the language that boring uses to document
the verify callback, and corrects the historical horror that
OpenSSL introduced years ago by suggesting people ignore expiry
dates using the callback instead of the verify flags.
nits by jsg@ and tb@
ok tb@
|
| |
|
|
| |
in x509_vpm.c r1.39.
|
| | |
|
| |
|
|
|
| |
With this the only -Tlint warnings are about Xr to undocumented functions:
EVP_CIPHER_CTX_copy, EVP_CIPHER_CTX_get_cipher_data, X509V3_EXT_get_nid.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
ok tb@
|
| | |
|
| |
|
|
| |
With input from beck and jsing
|
| |
|
|
| |
Pointed out and ok by dlg
|
| | |
|
| |
|
|
|
|
|
| |
regress for the moment. this will come back after we rethink
the failure versus not there case.
ok tb@ jsing@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently these functions return raw ASN1_STRING bytes as
a C string and ignore the encoding in a "hold my beer I am
a toolkit not a functioning API surely it's just for testing
and you'd never send nasty bytes" kind of way.
Sadly some callers seem to use them to fetch things liks
subject name components for comparisons, and often just
use the result as a C string.
Instead, encode the resulting bytes as UTF-8 so it is
something like "text",
Add a failure case if the length provided is inadequate
or if the resulting text would contain an nul byte.
based on boringssl.
nits by dlg@
ok tb@
|
| |
|
|
|
| |
This was the last public API explicitly named ndef/NDEF for indefinite
length encoding, so remove that explanation as well.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Update EXFLAG_PROXY and X509_V_FLAG_ALLOW_PROXY_CERTS documentation since
we need to keep them for the time being.
|
| | |
|
| |
|
|
|
| |
which are no longer macros (and the latter is no longer deprecated and
no longer attempts to allocate memory).
|
| |
|
|
|
| |
Mop up documentation mentioning it or any of its numerous accessors that
almost nothing ever used.
|
| |
|
|
|
| |
more precise. Among other improvements, describe the three BIO_RR_*
constants serving as reason codes.
|
| |
|
|
| |
explicitly listing the valid arguments, i.e. the BIO_CB_* constants.
|
| |
|
|
|
| |
as the "state" argument. Document them here because connect BIOs are
the only built-in BIO type using these constants.
|
| |
|
|
|
|
| |
They are intended to be used by BIO_gethostbyname(), which is deprecated
in OpenSSL and already marked as intentionally undocumented in LibreSSL.
Besides, these constants are completely unused by anything.
|
| |
|
|
|
| |
that provide type-specific functionality here.
While here, fix some wrong return types in the SYNOPSIS.
|
| |
|
|
|
| |
that provide type-specific functionality here,
and add the missing return type to one function prototype.
|
| |
|
|
| |
in the manual pages of the respective BIO types.
|
| |
|
|
|
| |
in the manual pages of the respective BIO type.
While here, fix some wrong return types in the SYNOPSIS.
|
| |
|
|
| |
undocumented because they are NOOPs or deprecated.
|
| | |
|
| | |
|
| |
|
|
|
| |
Correct the return types of some macros.
Improve the RETURN VALUES section.
|
| |
|
|
|
|
| |
"Failure to re-encode on modification is a bug not a feature."
OK jsing@
|
| |
|
|
|
|
|
|
|
|
|
| |
instead of discussing some of them at two different places.
Also follow a more logical order: initialization first, then reading
and writing, then retrieving the digest and reinitialization.
Leave context handling and chain duplication at the end because
both are rarely needed.
While here, also tweak the wording of the shuffled text
and add some precision in a few places.
|
| |
|
|
| |
and point to their documentation.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
