summaryrefslogtreecommitdiff
path: root/src/lib/libssl/man (follow)
Commit message (Collapse)AuthorAgeFilesLines
* s/ECDHE/ECDH/jsing2021-11-301-3/+3
| | | | | | | If we can provide an EC key that is used, then it is by definition non-ephemeral. ok tb@
* spellingjsg2021-11-261-3/+3
| | | | ok schwarze@
* Fix HISTORY section: 6.9 -> 7.0tb2021-10-271-3/+3
|
* sort. alphanumerics have lower ASCII values than '_'tb2021-10-251-5/+5
|
* Install SSL_read_early_data.3. I should have done this during the lasttb2021-10-251-4/+2
| | | | libssl bump.
* merge documentation for SSL_read_ex(3), SSL_peek_ex(3), and SSL_write_ex(3)schwarze2021-10-242-61/+130
| | | | from the OpenSSL 1.1.1 branch, which is still under a free license
* fix wrong and missing return types and wrong macros in the SYNOPSIS;schwarze2021-10-231-10/+18
| | | | while here, also apply some minor wording improvements
* Add new OpenSSL API SSL_CTX_set_num_tickets and friends.beck2021-10-231-0/+55
| | | | | | | | | Since we don't support session tickets in LibreSSL at the moment these functions currently do not have any effect. Again, symbols will appear with tb@'s reptar sized bump.. ok tb@
* oops, wrong dir.tb2021-10-232-301/+0
| | | | pointed out by schwarze
* Import documentation for X509_get_extension_flags, X509_get_key_usage,tb2021-10-231-0/+211
| | | | | | | X509_get_extended_key_usage from OpenSSL. Will be linked to the build after the bump. input/lgtm schwarze
* Import documentation for X509_SIG_get{0,m} from OpenSSL. Will be linkedtb2021-10-231-0/+90
| | | | | | to the build after the bump. tweak & lgtm schwarze
* tweak previous: properly mark up function pointer typedefschwarze2021-10-231-6/+18
| | | | plus .Dv NULL, SEE ALSO, HISTORY
* Add SSL_CTX_set_keylog_callback and SSL_CTX_get_keylog_callbackbeck2021-10-232-1/+46
| | | | | | | | Some things in ports care about calling these functions. Since we will not provide private key logging functionality they are documented as being for compatibility and that they don't do anything. ok tb@
* provide a small manual page for the SSL_set_psk_use_session_callback(3)schwarze2021-09-142-1/+88
| | | | | stub, written from scratch; OK tb@ on SSL_set_psk_use_session_callback.3
* Merge the stub SSL_SESSION_is_resumable(3) manual page from theschwarze2021-09-143-3/+86
| | | | | | OpenSSL 1.1.1 branch, which is still under a free license. A few tweaks to wording and structure by me. OK tb@ on SSL_SESSION_is_resumable.3
* merge the description of SSL_get_tlsext_status_type(3)schwarze2021-09-111-3/+35
| | | | from the OpenSSL 1.1.1 branch, which is still under a free license
* Do not ignore SSL_TLSEXT_ERR_FATAL from the ALPN callbacktb2021-09-101-3/+7
| | | | | | | | | | | | | | | | | | | As reported by Jeremy Harris, we inherited a strange behavior from OpenSSL, in that we ignore the SSL_TLSEXT_ERR_FATAL return from the ALPN callback. RFC 7301, 3.2 states: 'In the event that the server supports no protocols that the client advertises, then the server SHALL respond with a fatal "no_application_protocol" alert.' Honor this requirement and succeed only on SSL_TLSEXT_ERR_{OK,NOACK} which is the current behavior of OpenSSL. The documentation change is taken from OpenSSL 1.1.1 as well. As pointed out by jsing, there is more to be fixed here: - ensure that the same protocol is selected on session resumption - should the callback be called even if no ALPN extension was sent? - ensure for TLSv1.2 and earlier that the SNI has already been processed ok beck jsing
* comment out the detailed description of SSL_get_servername(3),schwarze2021-09-011-7/+9
| | | | | | leaving only the basic description in the RETURN VALUES section; tb@ pointed out LibreSSL does not currently provide all those guarantees, and he also OK'ed this diff
* sync with OpenSSL 1.1.1, which is still under a free license;schwarze2021-08-301-15/+107
| | | | | | | in particular, this includes new text by Matt Caswell from OpenSSL commit 721eb8f6 Nov 28 12:03:00 2019 +0000 and corrects a wrong argument type that i introduced into the SYNOPSIS; requested by tb@
* Fix .Xr order. From mandoc -Tlint.tb2021-06-262-7/+7
|
* space between macro args and punctuation;jmc2021-06-121-10/+10
|
* RFC 4507bis can refer to various RFCs but this instance is abouttb2021-06-121-4/+5
| | | | | | | RFC 5077. Note that session resumption via session tickets is only for TLSv1.2 and earlier. prompted by a question by/ok jmc
* space between RFC and number;jmc2021-06-116-26/+26
|
* add AES-GCM constants from RFC 7714 for SRTPlandry2021-06-111-2/+6
| | | | | | | | | | SRTP_AEAD_AES_128_GCM/SRTP_AEAD_AES_256_GCM can be used as DTLS-SRTP protection profiles - seen with an update of telephony/baresip i'm working on. adapted from openssl commit 43e5faa2539ae8aae6ef55be2239b9b1a77fea45 ok tb@ jsing@
* Merge documentation for SSL_CIPHER_find(3) from OpenSSL 1.1.1.tb2021-05-121-2/+29
|
* Install SSL_SESSION_get0_cipher.3tb2021-05-121-1/+2
|
* Document SSL_SESSION_get0_cipher(3)tb2021-05-121-0/+94
| | | | | | | Based on the OpenSSL 1.1.1 manual written by Rich Salz with a healthy dose of improvements by schwarze. ok schwarze
* Document SSL_CTX_get_ssl_method(3)tb2021-05-111-4/+15
|
* mention DTLS1_2_VERSIONtb2021-04-151-3/+4
|
* Mention DTLS1_2_VERSION here, tootb2021-04-151-6/+8
|
* Document SSL_OP_NO_DTLSv1{,_2}tb2021-04-151-2/+15
|
* Document DTLSv1_2_{,client_,server_}method(3)tb2021-04-151-4/+36
|
* Merge documentation for SSL_is_dtls() from OpenSSLtb2021-04-151-5/+21
|
* Update for DTLSv1.2 support.tb2021-03-311-2/+4
|
* Document SSL_set_hostflags(3) and SSL_get0_peername(3)tb2021-03-311-18/+4
| | | | ok bcook inoguchi jsing
* Document SSL_use_certificate_chain_file(3)tb2021-03-311-11/+3
| | | | ok bcook inoguchi jsing
* Prepare documenting SSL_use_certificate_chain_filetb2021-03-191-2/+19
|
* missing word in commenttb2021-01-301-3/+3
|
* Link SSL_get_finished.3 to build.tb2021-01-271-1/+2
|
* Write SSL_get_finished() documentation from scratch.tb2021-01-271-0/+77
| | | | ok beck
* Merge SSL_set_hostflags documentation from OpenSSL 1.1.1i andtb2021-01-271-3/+20
| | | | | | add HISTORY section. This is currently ignored input next to SSL_get0_peername() and will be unignored once the symbols are made publicly visible in libssl.
* Update SSL_get_shared_ciphers() documentation for ssl_lib.c r1.240tb2021-01-091-17/+47
| | | | | | | | | | | | | | | | | | | | | | | From schwarze, who explains: * Even though i wrote the original version of our documentation for this function, i now think the design of this function is so atrocious that it is better to call out the main limitations up front (server side only and silent truncation) rather than first giving the impression that it achieves something it actually doesn't and then later try to row back in a piece-meal manner. * Using a .Bl list for failure conditions in the RETURN VALUES section is no doubt unusual, but the conditions are so numerous and some of them are so surprising that i think it makes sense in this case. If a function is badly designed and has surprising properties, precision and clarity in the description are even more important than usual, and conciseness is better sacrificed. * Adding .Xr SSL_get_ciphers 3 seems helpful. ok beck inoguchi jsing tb
* grammar fixes from Varik "The Genuine Article!!!" Valefor;jmc2020-12-031-3/+3
|
* drop references to the SSL protocol because support was removed long ago;schwarze2020-10-121-6/+6
| | | | suggested by tb@
* List and describe the recommended methods first and relegate theschwarze2020-10-121-27/+26
| | | | | | deprecated methods to a separate table. Simplify and shorten the surrounding verbiage. Joint work with tb@.
* In ssl_methods.c rev. 1.18, jsing@ deprecated *_server_method(3)schwarze2020-10-111-11/+18
| | | | | | | and *_client_method(3). Adjust the documentation. While here, delete most of the verbiage regarding the deprecated functions SSLv23_*(3) and add the missing entry to RETURN VALUES. OK tb@
* A void function has no return value, so zap RETURN VALUES sectiontb2020-10-081-5/+2
| | | | | documenting that SSL_set_bio(3) cannot fail. A similar commit was made by schwarze a while ago for a few functions in libcrypto.
* grammar fix: if/when a renegotiation takeS placetb2020-10-082-6/+6
|
* Comment out SSL_get0_peername(3) for the OpenBSD 6.8 releaseschwarze2020-09-221-4/+18
| | | | | because tb@ decided to not enable it before the release. OK tb@
* reword ambiguous title line;schwarze2020-09-221-3/+3
| | | | issue noticed by and patch OK by jsing@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-28 17:58:20 +0000