summaryrefslogtreecommitdiff
path: root/src/lib/libssl/man (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Remove SSL_add_compression_methodtb2024-08-312-23/+7
|
* Document SSL_CTX_set_cert_storetb2024-08-031-2/+18
| | | | From Kenjiro Nakayama
* Fix .Ox for SSL_CIPHER_get_handshake_digest()tb2024-07-161-3/+3
|
* ocurred -> occurredjsg2024-07-151-3/+3
|
* Document SSL_CIPHER_get_handshake_digest(3)tb2024-07-141-2/+22
|
* ssl2.h and ssl23.h join the party in the attictb2024-07-131-17/+2
| | | | | | | Now that the SSL2 client hello support is gone, nothing uses this anymore, except that a few ports still need SSL2_VERSION. ok beck
* Adjust documentation for SSL_select_next_proto()tb2024-07-111-30/+48
| | | | | | | | Use better argument names, add a link to the relevant standards and add CAVEATS and BUGS sections pointing out a few pitfalls. discussed with davidben ok beck
* The ALPN callback should really ignore the out parameter if there'stb2024-06-281-3/+13
| | | | | | | no overlap. Document that explicitly. Also make it more explicit that that the caller must work with a copy of out. ok jsing
* Make signature of SSL_COMP_add_compression_method(3) match realitytb2024-05-231-3/+3
|
* SSL_CTX_set_keylog_callback: copy-paste error _set_ -> _get_tb2024-05-161-3/+3
|
* sync the SSL text; ok tbjmc2024-05-091-3/+3
|
* Avoid OpenSSL SSL repetitionstb2024-05-081-7/+8
| | | | with the help of jmc
* Remove mention of a refcount bugtb2024-01-131-18/+1
| | | | | | Said bug was fixed in OpenSSL 1.0.0, released 14 years ago. It is of course unsurprising that you may accidentally increment the refcount if your idiom for decrementing it is CRYPTO_add(&bio-references, -1, CRYPTO_LOCK_BIO)).
* BIO_f_ssl.3: Remove explicit library initializationtb2024-01-131-8/+2
|
* Mention a subtle difference between PEM_def_callback(3) and the example.schwarze2023-09-191-2/+9
| | | | | | | | It's relevant not only for the example, but also because the functions documented here use PEM_def_callback(3) by default, and that exhibits surprising and potentially dangerous behaviour by not NUL-terminating. OK tb@
* Remove the duplicate documentation of pem_password_cb(3).schwarze2023-09-191-56/+94
| | | | | | | | | | | | | | | | | | | While here, also: * Avoid the misleading term "default password callback" because none of the functions in SSL_CTX_use_certificate(3) support overriding it. * Do not talk about "storing", "writing", and "encryption" since the cb passed to SSL_CTX_set_default_passwd_cb(3) is never used for any of that. * List the functions using cb. * Document what happens by default. * Remove the misleading words "which must be provided by the application" because all this is actually optional. * Make several wordings more precise. * Below EXAMPLES, fix argument naming to agree with pem_password_cb(3), clarify the description of what the example does, and, as suggested by tb@, use strlcpy(3). OK tb@
* Document the RETURN VALUES of BIO_method_type(3) and BIO_method_name(3)schwarze2023-04-111-2/+11
| | | | for the various BIO types.
* document the interaction with BIO_dup_chain(3)schwarze2022-12-181-2/+14
|
* Add a small blurb on @SECLEVEL=nlibressl-v3.7.0tb2022-12-111-2/+8
|
* Link to SSL_read_early_data(3)kn2022-09-171-3/+3
| | | | OK tb
* fix repeated wordsjsg2022-09-101-3/+3
| | | | ok ok miod@ ack ack jmc@
* AESCGM -> AESGCMjsg2022-07-171-4/+4
|
* add .Xr links to SSL_CTX_set_security_level(3)schwarze2022-07-135-15/+20
|
* Start documenting our new pet octopus, SSL_CTX_set_security_level(3).schwarze2022-07-132-1/+161
| | | | | | | Or should we call it a centipede? Feedback and OK on a previous version from jsing@ and from our chief myriapodologist, tb@.
* man pages: add missing commas between subordinate and main clausesnaddy2022-03-314-18/+18
| | | | | | | jmc@ dislikes a comma before "then" in a conditional, so leave those untouched. ok jmc@
* man pages: add missing word, The foo() ... -> The foo() function ...naddy2022-03-291-5/+6
| | | | ok jmc@ schwarze@
* man pages: add missing commas in enumerationsnaddy2022-03-291-3/+3
|
* Avoid gendered language in man pages when not referring to a specificjsg2022-02-181-4/+4
| | | | | | | | person. Rewrite or use singular they. ok thfr@ sthen@ daniel@ ian@ job@ kmos@ jcs@ ratchov@ phessler@ and others I'm likely missing on an earlier version. feedback tj@, feedback and ok jmc@
* remove please from manual pagesjsg2022-02-061-3/+3
| | | | ok jmc@ sthen@ millert@
* Rewrite paragraph to refer to EVP_CIPHER_CTX_new() and HMAC_CTX_new()tb2022-01-251-6/+6
| | | | | | to match reality. spotted by/ok jmc
* spellingjsg2022-01-152-6/+6
| | | | ok tb@
* s/ECDHE/ECDH/jsing2021-11-301-3/+3
| | | | | | | If we can provide an EC key that is used, then it is by definition non-ephemeral. ok tb@
* spellingjsg2021-11-261-3/+3
| | | | ok schwarze@
* Fix HISTORY section: 6.9 -> 7.0tb2021-10-271-3/+3
|
* sort. alphanumerics have lower ASCII values than '_'tb2021-10-251-5/+5
|
* Install SSL_read_early_data.3. I should have done this during the lasttb2021-10-251-4/+2
| | | | libssl bump.
* merge documentation for SSL_read_ex(3), SSL_peek_ex(3), and SSL_write_ex(3)schwarze2021-10-242-61/+130
| | | | from the OpenSSL 1.1.1 branch, which is still under a free license
* fix wrong and missing return types and wrong macros in the SYNOPSIS;schwarze2021-10-231-10/+18
| | | | while here, also apply some minor wording improvements
* Add new OpenSSL API SSL_CTX_set_num_tickets and friends.beck2021-10-231-0/+55
| | | | | | | | | Since we don't support session tickets in LibreSSL at the moment these functions currently do not have any effect. Again, symbols will appear with tb@'s reptar sized bump.. ok tb@
* oops, wrong dir.tb2021-10-232-301/+0
| | | | pointed out by schwarze
* Import documentation for X509_get_extension_flags, X509_get_key_usage,tb2021-10-231-0/+211
| | | | | | | X509_get_extended_key_usage from OpenSSL. Will be linked to the build after the bump. input/lgtm schwarze
* Import documentation for X509_SIG_get{0,m} from OpenSSL. Will be linkedtb2021-10-231-0/+90
| | | | | | to the build after the bump. tweak & lgtm schwarze
* tweak previous: properly mark up function pointer typedefschwarze2021-10-231-6/+18
| | | | plus .Dv NULL, SEE ALSO, HISTORY
* Add SSL_CTX_set_keylog_callback and SSL_CTX_get_keylog_callbackbeck2021-10-232-1/+46
| | | | | | | | Some things in ports care about calling these functions. Since we will not provide private key logging functionality they are documented as being for compatibility and that they don't do anything. ok tb@
* provide a small manual page for the SSL_set_psk_use_session_callback(3)schwarze2021-09-142-1/+88
| | | | | stub, written from scratch; OK tb@ on SSL_set_psk_use_session_callback.3
* Merge the stub SSL_SESSION_is_resumable(3) manual page from theschwarze2021-09-143-3/+86
| | | | | | OpenSSL 1.1.1 branch, which is still under a free license. A few tweaks to wording and structure by me. OK tb@ on SSL_SESSION_is_resumable.3
* merge the description of SSL_get_tlsext_status_type(3)schwarze2021-09-111-3/+35
| | | | from the OpenSSL 1.1.1 branch, which is still under a free license
* Do not ignore SSL_TLSEXT_ERR_FATAL from the ALPN callbacktb2021-09-101-3/+7
| | | | | | | | | | | | | | | | | | | As reported by Jeremy Harris, we inherited a strange behavior from OpenSSL, in that we ignore the SSL_TLSEXT_ERR_FATAL return from the ALPN callback. RFC 7301, 3.2 states: 'In the event that the server supports no protocols that the client advertises, then the server SHALL respond with a fatal "no_application_protocol" alert.' Honor this requirement and succeed only on SSL_TLSEXT_ERR_{OK,NOACK} which is the current behavior of OpenSSL. The documentation change is taken from OpenSSL 1.1.1 as well. As pointed out by jsing, there is more to be fixed here: - ensure that the same protocol is selected on session resumption - should the callback be called even if no ALPN extension was sent? - ensure for TLSv1.2 and earlier that the SNI has already been processed ok beck jsing
* comment out the detailed description of SSL_get_servername(3),schwarze2021-09-011-7/+9
| | | | | | leaving only the basic description in the RETURN VALUES section; tb@ pointed out LibreSSL does not currently provide all those guarantees, and he also OK'ed this diff
* sync with OpenSSL 1.1.1, which is still under a free license;schwarze2021-08-301-15/+107
| | | | | | | in particular, this includes new text by Matt Caswell from OpenSSL commit 721eb8f6 Nov 28 12:03:00 2019 +0000 and corrects a wrong argument type that i introduced into the SYNOPSIS; requested by tb@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-19 17:12:37 +0000