| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| |
|
|
| |
ok beck
|
| |
|
|
|
|
| |
add HISTORY section. This is currently ignored input next to
SSL_get0_peername() and will be unignored once the symbols are
made publicly visible in libssl.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From schwarze, who explains:
* Even though i wrote the original version of our documentation
for this function, i now think the design of this function is so
atrocious that it is better to call out the main limitations
up front (server side only and silent truncation) rather than
first giving the impression that it achieves something it
actually doesn't and then later try to row back in a piece-meal
manner.
* Using a .Bl list for failure conditions in the RETURN VALUES
section is no doubt unusual, but the conditions are so numerous
and some of them are so surprising that i think it makes sense
in this case. If a function is badly designed and has surprising
properties, precision and clarity in the description are even
more important than usual, and conciseness is better sacrificed.
* Adding .Xr SSL_get_ciphers 3 seems helpful.
ok beck inoguchi jsing tb
|
| | |
|
| |
|
|
| |
suggested by tb@
|
| |
|
|
|
|
| |
deprecated methods to a separate table. Simplify and shorten the
surrounding verbiage.
Joint work with tb@.
|
| |
|
|
|
|
|
| |
and *_client_method(3). Adjust the documentation.
While here, delete most of the verbiage regarding the deprecated
functions SSLv23_*(3) and add the missing entry to RETURN VALUES.
OK tb@
|
| |
|
|
|
| |
documenting that SSL_set_bio(3) cannot fail. A similar commit was
made by schwarze a while ago for a few functions in libcrypto.
|
| | |
|
| |
|
|
|
| |
because tb@ decided to not enable it before the release.
OK tb@
|
| |
|
|
| |
issue noticed by and patch OK by jsing@
|
| |
|
|
|
| |
because that is both shorter and more precise;
wording suggested by jsing@
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Write documentation from scratch explaining why we don't support 0-RTT
but how we stub it out instead.
Tweaks and OK tb@.
... and beck@ pointed out that this OpenSSL API is akin to adding a
laser sighting system to a giant blackpowder cannon that one keeps
blowing one's own feet to mangled scraps with ...
|
| |
|
|
|
|
|
| |
which is undocumented in OpenSSL but mentioned in passing in one
OpenSSL manual page, and which was recently mentioned by jsing@ when
working on SSL_set_ciphersuites(3).
With corrections from and OK inoguchi@.
|
| |
|
|
| |
and update merge notice
|
| |
|
|
|
|
|
| |
and add two other .Xrs that might help readers find their way.
Update the merge notices of all files touched and
merge a few trivial changes from the OpenSSL 1.1.1 branch.
OK tb@
|
| |
|
|
|
|
|
| |
and for SSL_get0_peername(3), which tb@ will soon make available,
from the OpenSSL 1.1.1 branch, which is still under a free license,
deleting parts that do not apply to OpenBSD, and tweaked by me.
Several improvements and OK by tb@.
|
| |
|
|
|
|
|
| |
for compatibility with OpenSSL
and for consistency with neighbouring functions;
suggested by jsing@ after i documented the crash;
OK jsing@.
|
| |
|
|
|
|
| |
is already a comment above it in ssl_lib.c in both OpenSSL and LibreSSL:
/* The old interface to get the same thing as SSL_get_ciphers(). */
Suggested by and OK jsing@.
|
| |
|
|
|
|
| |
context used by an SSL object, so do not talk about the SSL_CTX
that "an SSL object was created from";
fixing an inaccuracy pointed out by jsing@.
|
| |
|
|
|
|
|
|
| |
content there. Clarify when the returned pointers become invalid,
which is far from obvious but sets surprising traps for the user.
For three of the functions, correct statements about when they fail.
Also improve a number of wordings while here.
OK beck@
|
| |
|
|
| |
tb@ OKed this part of a larger diff from inoguchi@
|
| |
|
|
|
| |
remove references to the SSL protocol which is no longer supported
and use .Xr rather than .Fn for functions documented elsewhere
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
the main list of words to make it more readable, even though it
remains long.
Avoid using deprecated aliases in explanations what other words mean.
Stop documenting aDSS because it is *both* a deprecated alias *and*
no longer matches anything at all.
General direction discussed with jsing@ some time ago.
|
| |
|
|
|
| |
the TLSv1.3 cipher suites are made available, too;
related to ssl_ciph.c rev. 1.115
|
| |
|
|
|
|
|
|
| |
* mention TLSv1.3
* remove DSS, DES(56), RC4(64), and IDEA(128), which are no longer supported
* remove ChaCha20-Poly1305-Old and STREEBOG512 which don't exist in LibreSSL
* correct the instruction for printing the complete list
OK jsing@
|
| |
|
|
|
| |
cipher suites" to the DES entry and use the same wording for DSS;
OK jsing@
|
| |
|
|
|
|
|
|
|
| |
in LOW, MEDIUM, and HIGH. That's going to change repeatedly and
the extra maintenance effort for keeping it up to date is a waste
because people can trivially run "openssl ciphers -v LOW" to look
it up. Besides, updating it will usually be forgotten; the LOW
entry was already wrong.
Suggested by jsing@.
|
| |
|
|
|
|
|
| |
TLSv1 control word, and explain how TLSv1.3 cipher suites can be
configured in LibreSSL and in OpenSSL. While here, also mention
how users can inspect the DEFAULT list of cipher suites.
Stimulus, feedback and OK from jsing@.
|
| |
|
|
| |
Patch from Martin Vahlensieck <academicsolutions dot ch>.
|
| |
|
|
| |
Patch from Martin Vahlensieck <academicsolutions dot ch>.
|
| |
|
|
|
|
| |
advances the record layer, it only reports internal state.
ok jsing@ tb@
|
| |
|
|
|
|
|
|
| |
the new function SSL_CTX_get_extra_chain_certs_only(3) and changed
the semantics of the existing SSL_CTX_get_extra_chain_certs(3) API
from the former OpenSSL 1.0.1 behaviour to the new, incompatible
OpenSSL 1.0.2 behaviour. Adjust the documentation.
OK jsing@ beck@ inoguchi@
|
| | |
|
| |
|
|
| |
From Michael Forney, thanks!
|
| |
|
|
| |
OK kn@ tb@
|
| |
|
|
|
|
|
|
|
| |
Among other improvements:
* Use a uniform wording at the top of the DECSRIPTION for obsolete pages.
* Better explain how to use a non-standard configuration file.
* Remove obsolete functions from SEE ALSO.
Triggered by some suggestions from tb@.
Tweaks and OK tb@.
|
| | |
|
| |
|
|
|
|
| |
Split some excessively long lists into useful sub-categories.
Add a new, very short subsection "Obsolete functions" at the end.
OK tb@ jmc@
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
SSL_CTX_add_extra_chain_cert(3).
From Dr. Stephen Henson <steve at openssl dot org>
via OpenSSL commit a4339ea3 Jan 3 22:38:03 2014 +0000
which is still under a free license.
|
| |
|
|
|
|
|
| |
From Kurt Roeckx <kurt at roeckx dot be>
via OpenSSL commit 57fd5170 May 13 11:24:11 2018 +0200
which is still under a free license.
While here, polish awkward wording and reduce duplication.
|
| |
|
|
|
|
|
|
|
| |
under a free license, omitting functions we don't have and tweaked by me;
the functions were provided by jsing@ in ssl.h rev. 1.166.
While here, also document SSL_CTX_get_extra_chain_certs(3) because
it is closely related to companion functions are already documented
and the API is kind of incomplete without it.
|
| |
|
|
|
|
|
| |
* correct the description of "unknown"
(the previous are both from OpenSSL 1.1.1, still under a free license)
* add a comment saying that TLS1_get_version() and TLS1_get_client_version()
are intentionally undocumented (reasons provided by jsing@)
|
| |
|
|
| |
Document them.
|
| |
|
|
|
|
|
| |
The text comes from OpenSSL, where it was still published under a
free license.
from schwarze
|
