summaryrefslogtreecommitdiff
path: root/src/lib/libssl/man (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Comment out SSL_get0_peername(3) for the OpenBSD 6.8 releaseschwarze2020-09-221-4/+18
| | | | | because tb@ decided to not enable it before the release. OK tb@
* reword ambiguous title line;schwarze2020-09-221-3/+3
| | | | issue noticed by and patch OK by jsing@
* s/before the handshake is complete/during the handshake/gschwarze2020-09-211-8/+7
| | | | | because that is both shorter and more precise; wording suggested by jsing@
* two wording tweaks suggested by jsing@, adding clarityschwarze2020-09-211-5/+4
|
* In ssl.h rev. 1.174 to 1.176, tb@ added some stubs related to 0-RTT data.schwarze2020-09-213-4/+183
| | | | | | | | | | Write documentation from scratch explaining why we don't support 0-RTT but how we stub it out instead. Tweaks and OK tb@. ... and beck@ pointed out that this OpenSSL API is akin to adding a laser sighting system to a giant blackpowder cannon that one keeps blowing one's own feet to mangled scraps with ...
* Document the public function SSL_set_SSL_CTX(3) from scratch,schwarze2020-09-203-3/+72
| | | | | | | which is undocumented in OpenSSL but mentioned in passing in one OpenSSL manual page, and which was recently mentioned by jsing@ when working on SSL_set_ciphersuites(3). With corrections from and OK inoguchi@.
* add forgotten link to newish page SSL_set1_host(3)schwarze2020-09-181-3/+4
| | | | and update merge notice
* Install the new page SSL_set1_host(3), link to it from relevant places,schwarze2020-09-174-12/+17
| | | | | | | and add two other .Xrs that might help readers find their way. Update the merge notices of all files touched and merge a few trivial changes from the OpenSSL 1.1.1 branch. OK tb@
* Import a manual page for SSL_set1_host(3), which we already have since 6.5,schwarze2020-09-171-0/+155
| | | | | | | and for SSL_get0_peername(3), which tb@ will soon make available, from the OpenSSL 1.1.1 branch, which is still under a free license, deleting parts that do not apply to OpenBSD, and tweaked by me. Several improvements and OK by tb@.
* Let SSL_CTX_get_ciphers(NULL) return NULL rather than crashschwarze2020-09-161-5/+4
| | | | | | | for compatibility with OpenSSL and for consistency with neighbouring functions; suggested by jsing@ after i documented the crash; OK jsing@.
* Mark SSL_get_cipher_list(3) as deprecated; it is badly misnamed, and thereschwarze2020-09-161-4/+6
| | | | | | is already a comment above it in ssl_lib.c in both OpenSSL and LibreSSL: /* The old interface to get the same thing as SSL_get_ciphers(). */ Suggested by and OK jsing@.
* The undocumented public function SSL_set_SSL_CTX(3) changes theschwarze2020-09-151-4/+4
| | | | | | context used by an SSL object, so do not talk about the SSL_CTX that "an SSL object was created from"; fixing an inaccuracy pointed out by jsing@.
* Create the missing RETURN VALUES section and move the appropriateschwarze2020-09-151-57/+103
| | | | | | | | content there. Clarify when the returned pointers become invalid, which is far from obvious but sets surprising traps for the user. For three of the functions, correct statements about when they fail. Also improve a number of wordings while here. OK beck@
* mention that TLS_method(3) also supports TLSv1.3;schwarze2020-06-041-3/+3
| | | | tb@ OKed this part of a larger diff from inoguchi@
* minor cleanup ahead of the following work:schwarze2020-05-261-12/+14
| | | | | remove references to the SSL protocol which is no longer supported and use .Xr rather than .Fn for functions documented elsewhere
* there should only be one i in gratuitoustb2020-05-121-3/+3
|
* Move unsupported, obsolete ciphers and deprecated aliases out ofschwarze2020-04-251-31/+29
| | | | | | | | | | | the main list of words to make it more readable, even though it remains long. Avoid using deprecated aliases in explanations what other words mean. Stop documenting aDSS because it is *both* a deprecated alias *and* no longer matches anything at all. General direction discussed with jsing@ some time ago.
* tweak the wording to make it clearer under which conditions exactlyschwarze2020-04-251-4/+4
| | | | | the TLSv1.3 cipher suites are made available, too; related to ssl_ciph.c rev. 1.115
* Update in several respects:schwarze2020-04-141-13/+11
| | | | | | | | * mention TLSv1.3 * remove DSS, DES(56), RC4(64), and IDEA(128), which are no longer supported * remove ChaCha20-Poly1305-Old and STREEBOG512 which don't exist in LibreSSL * correct the instruction for printing the complete list OK jsing@
* add the missing sentence "LibreSSL no longer provides any suchschwarze2020-04-141-2/+3
| | | | | cipher suites" to the DES entry and use the same wording for DSS; OK jsing@
* Delete the three sentences listing the ciphers currently includedschwarze2020-04-141-15/+2
| | | | | | | | | in LOW, MEDIUM, and HIGH. That's going to change repeatedly and the extra maintenance effort for keeping it up to date is a waste because people can trivially run "openssl ciphers -v LOW" to look it up. Besides, updating it will usually be forgotten; the LOW entry was already wrong. Suggested by jsing@.
* Document the TLSv1.3 control word, update the description of theschwarze2020-04-111-4/+30
| | | | | | | TLSv1 control word, and explain how TLSv1.3 cipher suites can be configured in LibreSSL and in OpenSSL. While here, also mention how users can inspect the DEFAULT list of cipher suites. Stimulus, feedback and OK from jsing@.
* Void functions obviously do not return values; no need to elaborate.schwarze2020-03-305-31/+10
| | | | Patch from Martin Vahlensieck <academicsolutions dot ch>.
* Void functions obviously do not return values; no need to elaborate.schwarze2020-03-291-5/+2
| | | | Patch from Martin Vahlensieck <academicsolutions dot ch>.
* Remove lies from the SSL_pending man page, Our implementation neverbeck2020-01-231-22/+3
| | | | | | advances the record layer, it only reports internal state. ok jsing@ tb@
* In ssl.h rev. 1.167 and s3_lib.c rev. 1.188, jsing@ providedschwarze2020-01-021-4/+21
| | | | | | | | the new function SSL_CTX_get_extra_chain_certs_only(3) and changed the semantics of the existing SSL_CTX_get_extra_chain_certs(3) API from the former OpenSSL 1.0.1 behaviour to the new, incompatible OpenSSL 1.0.2 behaviour. Adjust the documentation. OK jsing@ beck@ inoguchi@
* spelling; from bryan stensonjmc2019-12-191-3/+3
|
* Fix typo: ECHD -> ECDH.tb2019-12-031-4/+4
| | | | From Michael Forney, thanks!
* Add missing cross-reference to NOTES section.millert2019-11-141-3/+3
| | | | OK kn@ tb@
* Further improve the documentation of library initialization and configuration.schwarze2019-06-143-37/+37
| | | | | | | | | Among other improvements: * Use a uniform wording at the top of the DECSRIPTION for obsolete pages. * Better explain how to use a non-standard configuration file. * Remove obsolete functions from SEE ALSO. Triggered by some suggestions from tb@. Tweaks and OK tb@.
* add missing backlinks to ssl(3)schwarze2019-06-1231-64/+100
|
* List all 17 SSL pages that were missing.schwarze2019-06-121-51/+89
| | | | | | Split some excessively long lists into useful sub-categories. Add a new, very short subsection "Obsolete functions" at the end. OK tb@ jmc@
* remove pointless NOTES section header linesschwarze2019-06-089-27/+27
|
* *an* RSA;jmc2019-05-202-6/+6
|
* Recommend SSL_CTX_add1_chain_cert(3) rather thanschwarze2019-04-091-12/+11
| | | | | | | SSL_CTX_add_extra_chain_cert(3). From Dr. Stephen Henson <steve at openssl dot org> via OpenSSL commit a4339ea3 Jan 3 22:38:03 2014 +0000 which is still under a free license.
* Document SSL_CTX_clear_mode(3) and SSL_clear_mode(3).schwarze2019-04-091-22/+48
| | | | | | | From Kurt Roeckx <kurt at roeckx dot be> via OpenSSL commit 57fd5170 May 13 11:24:11 2018 +0200 which is still under a free license. While here, polish awkward wording and reduce duplication.
* Import SSL_CTX_add1_chain_cert(3) from OpenSSL branch 1.1.1, which is stillschwarze2019-04-055-17/+264
| | | | | | | | | under a free license, omitting functions we don't have and tweaked by me; the functions were provided by jsing@ in ssl.h rev. 1.166. While here, also document SSL_CTX_get_extra_chain_certs(3) because it is closely related to companion functions are already documented and the API is kind of incomplete without it.
* * note that the handshake must be completed firstschwarze2019-03-181-4/+15
| | | | | | | * correct the description of "unknown" (the previous are both from OpenSSL 1.1.1, still under a free license) * add a comment saying that TLS1_get_version() and TLS1_get_client_version() are intentionally undocumented (reasons provided by jsing@)
* In ssl.h rev. 1.165, tb@ provided version agnostic DTLS methods.schwarze2019-03-181-3/+26
| | | | Document them.
* Document SSL_get1_supported_ciphers(3) and SSL_get_client_ciphers(3).tb2019-01-221-7/+61
| | | | | | | The text comes from OpenSSL, where it was still published under a free license. from schwarze
* In ssl_lib.c rev. 1.197, jsing@ added TLSv1.3 support to SSL_get_version(3).schwarze2019-01-211-2/+4
| | | | Document it.
* Fix formatting and grammatical issues with the description of how to usejsing2018-08-271-19/+17
| | | | | | | i2d_SSL_SESSION. Also rework the example code so that it is clearer and uses more appropriate names. Input from and ok schwarze@, tb@
* tweak previous;jmc2018-08-241-3/+3
|
* Adjust documentation for SSL_copy_session_id()tb2018-08-241-8/+7
| | | | ok jsing
* In ssl.h rev. 1.158 2018/05/01 13:30:24, tb@ changed BIO_f_ssl(3)schwarze2018-05-011-3/+3
| | | | to return const. Update the documentation.
* Correct direction of SSL_ERROR_ZERO_RETURN caseguenther2018-04-291-3/+3
| | | | ok schwarze@
* Avoid talking about the innternal, undocumented data type "struct lhash_st",schwarze2018-04-251-3/+3
| | | | show the public data type name "LHASH_OF(SSL_SESSION)" instead.
* Document the callbacks as taking "SSL *" and "SSL_CTX *" argumentsschwarze2018-04-251-7/+7
| | | | | and avoid the internal, undocumented names "struct ssl_st *" and "struct ssl_ctx_st *".
* In ssl.h rev. 1.156 2018/04/25 07:10:39, tb@ added const qualifiersschwarze2018-04-255-16/+16
| | | | | to some parameters and return values of some functions. Update the documentation.
* In ssl.h rev. 1.155 2018/04/11 17:47:36, jsing@ changedschwarze2018-04-111-13/+3
| | | | | SSL_OP_TLS_ROLLBACK_BUG to no longer have any effect. Update the manual page.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 20:33:12 +0000