| Commit message (Collapse) | Author | Files | Lines |
|---|
|
because jsing@ points out that this follows a (dangerous) general
pattern in the library, and mentioning that everywhere would become
repetitive.
|
|
|
|
recently provided. Many minor improvements while here, and delete
ridiculous text about MS Windows.
|
|
EVP_PKEY_get0_{DH,DSA,RSA}(3), and RSA_{g,s}et0_key(3)
that tb@ just provided.
|
|
Rides previous minor bump.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
HMAC_CTX_get_md().
|
|
|
|
and BIO_meth_set_{puts,read,write}().
ok jsing
|
|
EVP_PKEY_get0_{DH,DSA,RSA}(), RSA_{g,s}et0_key().
ok jsing
|
|
The constant values do not map 1:1 to SSLeay_version(), so implement it
separately.
Issue noted by schwarze@
|
|
from Andrew Siplas <andrew at asiplas dot net>
via OpenSSL commit 36cf10cf Oct 4 02:11:08 2017 -0400
|
|
i found another page containing an .Xr to one of the functions that
were not in the NAME section. This manual page is ugly either way;
just ugly is better than broken links in addition to ugly.
|
|
from <xemdetia at 808inorganic dot com>.
Original commit message:
"Document default section and library configuration.
It is talked around but not explicitly stated in one part of the
documentation that you should put library configuration lines at the
start of the configuration file."
|
|
via OpenSSL commit 1f13ad31 Dec 25 17:50:39 2017 +0800 tweaked by me.
|
|
via OpenSSL commit 1f13ad31 Dec 25 17:50:39 2017 +0800, tweaked by me.
|
|
OpenSSL commit 1f13ad31 Dec 25 17:50:39 2017 +0800,
with a number of fixes by me.
Also include three earlier, minor improvements from OpenSSL.
|
|
via OpenSSL commit 1f13ad31 Dec 25 17:50:39 2017 +0800.
|
|
because i see no indication that a 2016 revision of this standard
might exist. Instead, use information from:
https://www.iso.org/standard/39876.html and
https://www.iso.org/standard/60475.html
|
|
with their random subsystem in 2017 rather than relying on the
operating system, which made me check the changes to their manual
pages, which caused me to notice that they document another public
function as non-deprecated that we neutered: RAND_poll(3).
Mention it briefly.
|
|
from Paul Yang via OpenSSL commit 1f13ad31 Dec 25 17:50:39 2017 +0800.
|
|
from David Cooper <david.cooper@nist.gov>
via OpenSSL commit cace14b8 Jan 24 11:47:23 2018 -0500.
|
|
removing parts that don't apply to OpenBSD.
|
|
lacked an argument; from Jakub Jelen <jjelen at redhat dot com>
via OpenSSL commit 9db6673a Jan 17 19:23:37 2018 -0500.
|
|
fixing half a dozen bugs and typos and also tweaking the wording a bit.
|
|
X509_STORE_CTX_set0_untrusted(3), X509_STORE_CTX_set0_trusted_stack(3),
X509_STORE_CTX_get0_untrusted(3), and X509_STORE_CTX_get0_cert(3).
Merge the related documentation from OpenSSL.
|
|
provided X509_get0_notBefore(3) and its three friends.
Write a manual page from scratch because what OpenSSL has
is confusing and incomplete.
By the way, providing two identical functions differing only
in the constness of the returned structure is crazy.
Are application programmers expected to be too stupid to write
const ASN1_TIME *notBefore = X509_getm_notBefore(x)
if that's what they want?
|
|
|
|
provided ASN1_STRING_get0_data(3).
Merge the corresponding documentation from OpenSSL.
|
|
Merge the documentation from OpenSSL commits 0c497e96 Dec 14 18:10:16
2015 +0000 and c5ebfcab Mar 7 22:45:58 2016 +0100 with tweaks by me.
|
|
X509_get_signature_nid(3). Add a new manual page for it
based on the relevant parts of OpenSSL X509_get0_signature.pod.
|
|
SSL_CTX_up_ref(3). Merge the related documentation from OpenSSL,
but tweak the wording to be less confusing and simplify the RETURN
VALUES section.
|
|
SSL_CTX_get0_param(3) and SSL_get0_param(3).
Merge the related documentation from OpenSSL, with small tweaks.
|
|
|
|
|
|
X509_STORE_CTX_set0_{trusted_stack,untrusted}().
|
|
|
|
|
|
|
|
This will ease the burden on ports and others trying to make software
work with LibreSSL, while avoiding #ifdef mazes. Note that we are not
removing 1.0.1 API or making things opaque, hence software written to
use the older APIs will continue to work, as will software written to
use the 1.1 API (as more functionality become available).
Discussed at length with deraadt@ and others.
|
|
|
|
Some applications that use X509_VERIFY_PARAM expect these to exist, since
they're also part of the OpenSSL 1.0.2 API.
|
|
Apparently I failed to commit this when I committed the libtls change...
|
|
via OpenSSL commit 751148e2 Oct 27 00:11:11 2017 +0200,
including only the parts related to functions that exist
in OpenBSD.
The design of these interfaces is not particularly pretty,
they are not particularly easy to document, and the manual
page does not look particularly good when formatted,
but what can we do, things are as they are...
|
