summaryrefslogtreecommitdiff
path: root/src/lib/libssl/man (follow)
Commit message (Collapse)AuthorAgeFilesLines
* provide a small manual page for the SSL_set_psk_use_session_callback(3)schwarze2021-09-142-1/+88
| | | | | stub, written from scratch; OK tb@ on SSL_set_psk_use_session_callback.3
* Merge the stub SSL_SESSION_is_resumable(3) manual page from theschwarze2021-09-143-3/+86
| | | | | | OpenSSL 1.1.1 branch, which is still under a free license. A few tweaks to wording and structure by me. OK tb@ on SSL_SESSION_is_resumable.3
* merge the description of SSL_get_tlsext_status_type(3)schwarze2021-09-111-3/+35
| | | | from the OpenSSL 1.1.1 branch, which is still under a free license
* Do not ignore SSL_TLSEXT_ERR_FATAL from the ALPN callbacktb2021-09-101-3/+7
| | | | | | | | | | | | | | | | | | | As reported by Jeremy Harris, we inherited a strange behavior from OpenSSL, in that we ignore the SSL_TLSEXT_ERR_FATAL return from the ALPN callback. RFC 7301, 3.2 states: 'In the event that the server supports no protocols that the client advertises, then the server SHALL respond with a fatal "no_application_protocol" alert.' Honor this requirement and succeed only on SSL_TLSEXT_ERR_{OK,NOACK} which is the current behavior of OpenSSL. The documentation change is taken from OpenSSL 1.1.1 as well. As pointed out by jsing, there is more to be fixed here: - ensure that the same protocol is selected on session resumption - should the callback be called even if no ALPN extension was sent? - ensure for TLSv1.2 and earlier that the SNI has already been processed ok beck jsing
* comment out the detailed description of SSL_get_servername(3),schwarze2021-09-011-7/+9
| | | | | | leaving only the basic description in the RETURN VALUES section; tb@ pointed out LibreSSL does not currently provide all those guarantees, and he also OK'ed this diff
* sync with OpenSSL 1.1.1, which is still under a free license;schwarze2021-08-301-15/+107
| | | | | | | in particular, this includes new text by Matt Caswell from OpenSSL commit 721eb8f6 Nov 28 12:03:00 2019 +0000 and corrects a wrong argument type that i introduced into the SYNOPSIS; requested by tb@
* Fix .Xr order. From mandoc -Tlint.tb2021-06-262-7/+7
|
* space between macro args and punctuation;jmc2021-06-121-10/+10
|
* RFC 4507bis can refer to various RFCs but this instance is abouttb2021-06-121-4/+5
| | | | | | | RFC 5077. Note that session resumption via session tickets is only for TLSv1.2 and earlier. prompted by a question by/ok jmc
* space between RFC and number;jmc2021-06-116-26/+26
|
* add AES-GCM constants from RFC 7714 for SRTPlandry2021-06-111-2/+6
| | | | | | | | | | SRTP_AEAD_AES_128_GCM/SRTP_AEAD_AES_256_GCM can be used as DTLS-SRTP protection profiles - seen with an update of telephony/baresip i'm working on. adapted from openssl commit 43e5faa2539ae8aae6ef55be2239b9b1a77fea45 ok tb@ jsing@
* Merge documentation for SSL_CIPHER_find(3) from OpenSSL 1.1.1.tb2021-05-121-2/+29
|
* Install SSL_SESSION_get0_cipher.3tb2021-05-121-1/+2
|
* Document SSL_SESSION_get0_cipher(3)tb2021-05-121-0/+94
| | | | | | | Based on the OpenSSL 1.1.1 manual written by Rich Salz with a healthy dose of improvements by schwarze. ok schwarze
* Document SSL_CTX_get_ssl_method(3)tb2021-05-111-4/+15
|
* mention DTLS1_2_VERSIONtb2021-04-151-3/+4
|
* Mention DTLS1_2_VERSION here, tootb2021-04-151-6/+8
|
* Document SSL_OP_NO_DTLSv1{,_2}tb2021-04-151-2/+15
|
* Document DTLSv1_2_{,client_,server_}method(3)tb2021-04-151-4/+36
|
* Merge documentation for SSL_is_dtls() from OpenSSLtb2021-04-151-5/+21
|
* Update for DTLSv1.2 support.tb2021-03-311-2/+4
|
* Document SSL_set_hostflags(3) and SSL_get0_peername(3)tb2021-03-311-18/+4
| | | | ok bcook inoguchi jsing
* Document SSL_use_certificate_chain_file(3)tb2021-03-311-11/+3
| | | | ok bcook inoguchi jsing
* Prepare documenting SSL_use_certificate_chain_filetb2021-03-191-2/+19
|
* missing word in commenttb2021-01-301-3/+3
|
* Link SSL_get_finished.3 to build.tb2021-01-271-1/+2
|
* Write SSL_get_finished() documentation from scratch.tb2021-01-271-0/+77
| | | | ok beck
* Merge SSL_set_hostflags documentation from OpenSSL 1.1.1i andtb2021-01-271-3/+20
| | | | | | add HISTORY section. This is currently ignored input next to SSL_get0_peername() and will be unignored once the symbols are made publicly visible in libssl.
* Update SSL_get_shared_ciphers() documentation for ssl_lib.c r1.240tb2021-01-091-17/+47
| | | | | | | | | | | | | | | | | | | | | | | From schwarze, who explains: * Even though i wrote the original version of our documentation for this function, i now think the design of this function is so atrocious that it is better to call out the main limitations up front (server side only and silent truncation) rather than first giving the impression that it achieves something it actually doesn't and then later try to row back in a piece-meal manner. * Using a .Bl list for failure conditions in the RETURN VALUES section is no doubt unusual, but the conditions are so numerous and some of them are so surprising that i think it makes sense in this case. If a function is badly designed and has surprising properties, precision and clarity in the description are even more important than usual, and conciseness is better sacrificed. * Adding .Xr SSL_get_ciphers 3 seems helpful. ok beck inoguchi jsing tb
* grammar fixes from Varik "The Genuine Article!!!" Valefor;jmc2020-12-031-3/+3
|
* drop references to the SSL protocol because support was removed long ago;schwarze2020-10-121-6/+6
| | | | suggested by tb@
* List and describe the recommended methods first and relegate theschwarze2020-10-121-27/+26
| | | | | | deprecated methods to a separate table. Simplify and shorten the surrounding verbiage. Joint work with tb@.
* In ssl_methods.c rev. 1.18, jsing@ deprecated *_server_method(3)schwarze2020-10-111-11/+18
| | | | | | | and *_client_method(3). Adjust the documentation. While here, delete most of the verbiage regarding the deprecated functions SSLv23_*(3) and add the missing entry to RETURN VALUES. OK tb@
* A void function has no return value, so zap RETURN VALUES sectiontb2020-10-081-5/+2
| | | | | documenting that SSL_set_bio(3) cannot fail. A similar commit was made by schwarze a while ago for a few functions in libcrypto.
* grammar fix: if/when a renegotiation takeS placetb2020-10-082-6/+6
|
* Comment out SSL_get0_peername(3) for the OpenBSD 6.8 releaseschwarze2020-09-221-4/+18
| | | | | because tb@ decided to not enable it before the release. OK tb@
* reword ambiguous title line;schwarze2020-09-221-3/+3
| | | | issue noticed by and patch OK by jsing@
* s/before the handshake is complete/during the handshake/gschwarze2020-09-211-8/+7
| | | | | because that is both shorter and more precise; wording suggested by jsing@
* two wording tweaks suggested by jsing@, adding clarityschwarze2020-09-211-5/+4
|
* In ssl.h rev. 1.174 to 1.176, tb@ added some stubs related to 0-RTT data.schwarze2020-09-213-4/+183
| | | | | | | | | | Write documentation from scratch explaining why we don't support 0-RTT but how we stub it out instead. Tweaks and OK tb@. ... and beck@ pointed out that this OpenSSL API is akin to adding a laser sighting system to a giant blackpowder cannon that one keeps blowing one's own feet to mangled scraps with ...
* Document the public function SSL_set_SSL_CTX(3) from scratch,schwarze2020-09-203-3/+72
| | | | | | | which is undocumented in OpenSSL but mentioned in passing in one OpenSSL manual page, and which was recently mentioned by jsing@ when working on SSL_set_ciphersuites(3). With corrections from and OK inoguchi@.
* add forgotten link to newish page SSL_set1_host(3)schwarze2020-09-181-3/+4
| | | | and update merge notice
* Install the new page SSL_set1_host(3), link to it from relevant places,schwarze2020-09-174-12/+17
| | | | | | | and add two other .Xrs that might help readers find their way. Update the merge notices of all files touched and merge a few trivial changes from the OpenSSL 1.1.1 branch. OK tb@
* Import a manual page for SSL_set1_host(3), which we already have since 6.5,schwarze2020-09-171-0/+155
| | | | | | | and for SSL_get0_peername(3), which tb@ will soon make available, from the OpenSSL 1.1.1 branch, which is still under a free license, deleting parts that do not apply to OpenBSD, and tweaked by me. Several improvements and OK by tb@.
* Let SSL_CTX_get_ciphers(NULL) return NULL rather than crashschwarze2020-09-161-5/+4
| | | | | | | for compatibility with OpenSSL and for consistency with neighbouring functions; suggested by jsing@ after i documented the crash; OK jsing@.
* Mark SSL_get_cipher_list(3) as deprecated; it is badly misnamed, and thereschwarze2020-09-161-4/+6
| | | | | | is already a comment above it in ssl_lib.c in both OpenSSL and LibreSSL: /* The old interface to get the same thing as SSL_get_ciphers(). */ Suggested by and OK jsing@.
* The undocumented public function SSL_set_SSL_CTX(3) changes theschwarze2020-09-151-4/+4
| | | | | | context used by an SSL object, so do not talk about the SSL_CTX that "an SSL object was created from"; fixing an inaccuracy pointed out by jsing@.
* Create the missing RETURN VALUES section and move the appropriateschwarze2020-09-151-57/+103
| | | | | | | | content there. Clarify when the returned pointers become invalid, which is far from obvious but sets surprising traps for the user. For three of the functions, correct statements about when they fail. Also improve a number of wordings while here. OK beck@
* mention that TLS_method(3) also supports TLSv1.3;schwarze2020-06-041-3/+3
| | | | tb@ OKed this part of a larger diff from inoguchi@
* minor cleanup ahead of the following work:schwarze2020-05-261-12/+14
| | | | | remove references to the SSL protocol which is no longer supported and use .Xr rather than .Fn for functions documented elsewhere
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-03 01:26:33 +0000