diff options
| author | Rich Salz <rsalz@akamai.com> | 2015-08-17 15:21:33 -0400 |
|---|---|---|
| committer | Rich Salz <rsalz@openssl.org> | 2015-08-21 15:11:50 -0400 |
| commit | 9b86974e0c705ea321ddbc9a9d8562c894809e5b (patch) | |
| tree | 69b6437896ca7728ebec6b7d3be7b217149d9862 | |
| parent | 3da9505dc02b0594633c73a11343f54bb5dbf536 (diff) | |
| download | openssl-9b86974e0c705ea321ddbc9a9d8562c894809e5b.tar.gz | |
Fix L<> content in manpages
L<foo|foo> is sub-optimal If the xref is the same as the title,
which is what we do, then you only need L<foo>. This fixes all
1457 occurrences in 349 files. Approximately. (And pod used to
need both.)
Reviewed-by: Richard Levitte <levitte@openssl.org>
349 files changed, 1468 insertions, 1468 deletions
diff --git a/doc/apps/CA.pl.pod b/doc/apps/CA.pl.pod index 92ae288748..35a40aae9d 100644 --- a/doc/apps/CA.pl.pod +++ b/doc/apps/CA.pl.pod @@ -128,7 +128,7 @@ the request and finally create a PKCS#12 file containing it. =head1 DSA CERTIFICATES Although the B<CA.pl> creates RSA CAs and requests it is still possible to -use it with DSA certificates and requests using the L<req(1)|req(1)> command +use it with DSA certificates and requests using the L<req(1)> command directly. The following example shows the steps that would typically be taken. Create some DSA parameters: @@ -184,7 +184,7 @@ configuration file, not just its directory. =head1 SEE ALSO -L<x509(1)|x509(1)>, L<ca(1)|ca(1)>, L<req(1)|req(1)>, L<pkcs12(1)|pkcs12(1)>, -L<config(5)|config(5)> +L<x509(1)>, L<ca(1)>, L<req(1)>, L<pkcs12(1)>, +L<config(5)> =cut diff --git a/doc/apps/asn1parse.pod b/doc/apps/asn1parse.pod index b44fb9fd3d..afe94b09d8 100644 --- a/doc/apps/asn1parse.pod +++ b/doc/apps/asn1parse.pod @@ -83,7 +83,7 @@ option can be used multiple times to "drill down" into a nested structure. =item B<-genstr string>, B<-genconf file> generate encoded data based on B<string>, B<file> or both using -L<ASN1_generate_nconf(3)|ASN1_generate_nconf(3)> format. If B<file> only is +L<ASN1_generate_nconf(3)> format. If B<file> only is present then the string is obtained from the default section using the name B<asn1>. The encoded data is passed through the ASN1 parser and printed out as though it came from a file, the contents can thus be examined and written to a @@ -189,6 +189,6 @@ ASN.1 types is not well handled (if at all). =head1 SEE ALSO -L<ASN1_generate_nconf(3)|ASN1_generate_nconf(3)> +L<ASN1_generate_nconf(3)> =cut diff --git a/doc/apps/c_rehash.pod b/doc/apps/c_rehash.pod index c3d98b678e..e0a3d1995b 100644 --- a/doc/apps/c_rehash.pod +++ b/doc/apps/c_rehash.pod @@ -109,6 +109,6 @@ Ignored if directories are listed on the command line. =head1 SEE ALSO -L<openssl(1)|openssl(1)>, -L<crl(1)|crl(1)>. -L<x509(1)|x509(1)>. +L<openssl(1)>, +L<crl(1)>. +L<x509(1)>. diff --git a/doc/apps/ca.pod b/doc/apps/ca.pod index 1d180706cc..be0153a4b0 100644 --- a/doc/apps/ca.pod +++ b/doc/apps/ca.pod @@ -141,7 +141,7 @@ self-signed certificate. =item B<-passin arg> the key password source. For more information about the format of B<arg> -see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. +see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>. =item B<-verbose> @@ -214,7 +214,7 @@ to be added when a certificate is issued (defaults to B<x509_extensions> unless the B<-extfile> option is used). If no extension section is present then, a V1 certificate is created. If the extension section is present (even if it is empty), then a V3 certificate is created. See the:w -L<x509v3_config(5)|x509v3_config(5)> manual page for details of the +L<x509v3_config(5)> manual page for details of the extension section format. =item B<-extfile file> @@ -319,7 +319,7 @@ created, if the CRL extension section is present (even if it is empty) then a V2 CRL is created. The CRL extensions specified are CRL extensions and B<not> CRL entry extensions. It should be noted that some software (for example Netscape) can't handle V2 CRLs. See -L<x509v3_config(5)|x509v3_config(5)> manual page for details of the +L<x509v3_config(5)> manual page for details of the extension section format. =back @@ -380,7 +380,7 @@ CA private key. Mandatory. =item B<RANDFILE> a file used to read and write random number seed information, or -an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>). +an EGD socket (see L<RAND_egd(3)>). =item B<default_days> @@ -690,7 +690,7 @@ then even if a certificate is issued with CA:TRUE it will not be valid. =head1 SEE ALSO -L<req(1)|req(1)>, L<spkac(1)|spkac(1)>, L<x509(1)|x509(1)>, L<CA.pl(1)|CA.pl(1)>, -L<config(5)|config(5)>, L<x509v3_config(5)|x509v3_config(5)> +L<req(1)>, L<spkac(1)>, L<x509(1)>, L<CA.pl(1)>, +L<config(5)>, L<x509v3_config(5)> =cut diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod index 3f146e8893..64f122ffed 100644 --- a/doc/apps/ciphers.pod +++ b/doc/apps/ciphers.pod @@ -721,7 +721,7 @@ Set security level to 2 and display all ciphers consistent with level 2: =head1 SEE ALSO -L<s_client(1)|s_client(1)>, L<s_server(1)|s_server(1)>, L<ssl(3)|ssl(3)> +L<s_client(1)>, L<s_server(1)>, L<ssl(3)> =head1 HISTORY diff --git a/doc/apps/cms.pod b/doc/apps/cms.pod index 9001371a63..6b4beb4c27 100644 --- a/doc/apps/cms.pod +++ b/doc/apps/cms.pod @@ -434,12 +434,12 @@ or to modify default parameters for ECDH. =item B<-passin arg> the private key password source. For more information about the format of B<arg> -see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. +see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>. =item B<-rand file(s)> a file or files containing random data used to seed the random number -generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>). +generator, or an EGD socket (see L<RAND_egd(3)>). Multiple files can be specified separated by a OS-dependent character. The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for all others. @@ -465,7 +465,7 @@ B<-use_deltas>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>, B<-verify_ip>, B<-verify_name>, B<-x509_strict> Set various certificate chain validation options. See the -L<B<verify>|verify(1)> manual page for details. +L<verify(1)> manual page for details. =back @@ -515,7 +515,7 @@ tried whether they succeed or not and if no recipients match the message is "decrypted" using a random key which will typically output garbage. The B<-debug_decrypt> option can be used to disable the MMA attack protection and return an error if no recipient can be found: this option should be used -with caution. For a fuller description see L<CMS_decrypt(3)|CMS_decrypt(3)>). +with caution. For a fuller description see L<CMS_decrypt(3)>). =head1 EXIT CODES diff --git a/doc/apps/config.pod b/doc/apps/config.pod index e12591528c..22bb6c50a8 100644 --- a/doc/apps/config.pod +++ b/doc/apps/config.pod @@ -345,6 +345,6 @@ file. =head1 SEE ALSO -L<x509(1)|x509(1)>, L<req(1)|req(1)>, L<ca(1)|ca(1)> +L<x509(1)>, L<req(1)>, L<ca(1)> =cut diff --git a/doc/apps/crl.pod b/doc/apps/crl.pod index 044a9da915..7dccbcc67f 100644 --- a/doc/apps/crl.pod +++ b/doc/apps/crl.pod @@ -57,7 +57,7 @@ print out the CRL in text form. =item B<-nameopt option> option which determines how the subject or issuer names are displayed. See -the description of B<-nameopt> in L<x509(1)|x509(1)>. +the description of B<-nameopt> in L<x509(1)>. =item B<-noout> @@ -123,6 +123,6 @@ and files too. =head1 SEE ALSO -L<crl2pkcs7(1)|crl2pkcs7(1)>, L<ca(1)|ca(1)>, L<x509(1)|x509(1)> +L<crl2pkcs7(1)>, L<ca(1)>, L<x509(1)> =cut diff --git a/doc/apps/crl2pkcs7.pod b/doc/apps/crl2pkcs7.pod index 3797bc0df4..1a6e362c6a 100644 --- a/doc/apps/crl2pkcs7.pod +++ b/doc/apps/crl2pkcs7.pod @@ -86,6 +86,6 @@ install user certificates and CAs in MSIE using the Xenroll control. =head1 SEE ALSO -L<pkcs7(1)|pkcs7(1)> +L<pkcs7(1)> =cut diff --git a/doc/apps/dgst.pod b/doc/apps/dgst.pod index 236e1b783a..8c416f26aa 100644 --- a/doc/apps/dgst.pod +++ b/doc/apps/dgst.pod @@ -101,7 +101,7 @@ Names and values of these options are algorithm-specific. =item B<-passin arg> the private key password source. For more information about the format of B<arg> -see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. +see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>. =item B<-verify filename> @@ -152,7 +152,7 @@ for example exactly 32 chars for gost-mac. =item B<-rand file(s)> a file or files containing random data used to seed the random number -generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>). +generator, or an EGD socket (see L<RAND_egd(3)>). Multiple files can be specified separated by a OS-dependent character. The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for all others. diff --git a/doc/apps/dhparam.pod b/doc/apps/dhparam.pod index 1cd4c76663..8bb196dea4 100644 --- a/doc/apps/dhparam.pod +++ b/doc/apps/dhparam.pod @@ -79,7 +79,7 @@ default generator 2. =item B<-rand> I<file(s)> a file or files containing random data used to seed the random number -generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>). +generator, or an EGD socket (see L<RAND_egd(3)>). Multiple files can be specified separated by a OS-dependent character. The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for all others. @@ -139,7 +139,7 @@ There should be a way to generate and manipulate DH keys. =head1 SEE ALSO -L<dsaparam(1)|dsaparam(1)> +L<dsaparam(1)> =head1 HISTORY diff --git a/doc/apps/dsa.pod b/doc/apps/dsa.pod index 8bf6cc9dca..4331cc379e 100644 --- a/doc/apps/dsa.pod +++ b/doc/apps/dsa.pod @@ -66,7 +66,7 @@ prompted for. =item B<-passin arg> the input file password source. For more information about the format of B<arg> -see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. +see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>. =item B<-out filename> @@ -78,7 +78,7 @@ filename. =item B<-passout arg> the output file password source. For more information about the format of B<arg> -see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. +see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>. =item B<-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea> @@ -158,7 +158,7 @@ To just output the public part of a private key: =head1 SEE ALSO -L<dsaparam(1)|dsaparam(1)>, L<gendsa(1)|gendsa(1)>, L<rsa(1)|rsa(1)>, -L<genrsa(1)|genrsa(1)> +L<dsaparam(1)>, L<gendsa(1)>, L<rsa(1)>, +L<genrsa(1)> =cut diff --git a/doc/apps/dsaparam.pod b/doc/apps/dsaparam.pod index ba5ec4d72c..1933857b6f 100644 --- a/doc/apps/dsaparam.pod +++ b/doc/apps/dsaparam.pod @@ -72,7 +72,7 @@ parameters. =item B<-rand file(s)> a file or files containing random data used to seed the random number -generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>). +generator, or an EGD socket (see L<RAND_egd(3)>). Multiple files can be specified separated by a OS-dependent character. The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for all others. @@ -104,7 +104,7 @@ DSA parameters is often used to generate several distinct keys. =head1 SEE ALSO -L<gendsa(1)|gendsa(1)>, L<dsa(1)|dsa(1)>, L<genrsa(1)|genrsa(1)>, -L<rsa(1)|rsa(1)> +L<gendsa(1)>, L<dsa(1)>, L<genrsa(1)>, +L<rsa(1)> =cut diff --git a/doc/apps/ec.pod b/doc/apps/ec.pod index 5c7b45d4e7..ebc49ea092 100644 --- a/doc/apps/ec.pod +++ b/doc/apps/ec.pod @@ -60,7 +60,7 @@ prompted for. =item B<-passin arg> the input file password source. For more information about the format of B<arg> -see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. +see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>. =item B<-out filename> @@ -72,7 +72,7 @@ filename. =item B<-passout arg> the output file password source. For more information about the format of B<arg> -see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. +see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>. =item B<-des|-des3|-idea> @@ -177,7 +177,7 @@ To change the point conversion form to B<compressed>: =head1 SEE ALSO -L<ecparam(1)|ecparam(1)>, L<dsa(1)|dsa(1)>, L<rsa(1)|rsa(1)> +L<ecparam(1)>, L<dsa(1)>, L<rsa(1)> =head1 HISTORY diff --git a/doc/apps/ecparam.pod b/doc/apps/ecparam.pod index 88e9d1e83d..bfb155a82a 100644 --- a/doc/apps/ecparam.pod +++ b/doc/apps/ecparam.pod @@ -114,7 +114,7 @@ This option will generate a EC private key using the specified parameters. =item B<-rand file(s)> a file or files containing random data used to seed the random number -generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>). +generator, or an EGD socket (see L<RAND_egd(3)>). Multiple files can be specified separated by a OS-dependent character. The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for all others. @@ -166,7 +166,7 @@ To print out the EC parameters to standard output: =head1 SEE ALSO -L<ec(1)|ec(1)>, L<dsaparam(1)|dsaparam(1)> +L<ec(1)>, L<dsaparam(1)> =head1 HISTORY diff --git a/doc/apps/enc.pod b/doc/apps/enc.pod index 8f4ef999b4..1d25cf3dfc 100644 --- a/doc/apps/enc.pod +++ b/doc/apps/enc.pod @@ -53,7 +53,7 @@ the output filename, standard output by default. =item B<-pass arg> the password source. For more information about the format of B<arg> -see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. +see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>. =item B<-salt> diff --git a/doc/apps/errstr.pod b/doc/apps/errstr.pod index b3c6ccfc9c..02bd3dcd7b 100644 --- a/doc/apps/errstr.pod +++ b/doc/apps/errstr.pod @@ -31,9 +31,9 @@ to produce the error message: =head1 SEE ALSO -L<err(3)|err(3)>, -L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)>, -L<SSL_load_error_strings(3)|SSL_load_error_strings(3)> +L<err(3)>, +L<ERR_load_crypto_strings(3)>, +L<SSL_load_error_strings(3)> =cut diff --git a/doc/apps/gendsa.pod b/doc/apps/gendsa.pod index d9f56be890..9a8278fdbd 100644 --- a/doc/apps/gendsa.pod +++ b/doc/apps/gendsa.pod @@ -39,7 +39,7 @@ If none of these options is specified no encryption is used. =item B<-rand file(s)> a file or files containing random data used to seed the random number -generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>). +generator, or an EGD socket (see L<RAND_egd(3)>). Multiple files can be specified separated by a OS-dependent character. The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for all others. @@ -66,7 +66,7 @@ much quicker that RSA key generation for example. =head1 SEE ALSO -L<dsaparam(1)|dsaparam(1)>, L<dsa(1)|dsa(1)>, L<genrsa(1)|genrsa(1)>, -L<rsa(1)|rsa(1)> +L<dsaparam(1)>, L<dsa(1)>, L<genrsa(1)>, +L<rsa(1)> =cut diff --git a/doc/apps/genpkey.pod b/doc/apps/genpkey.pod index 0bce0b520f..d574caa867 100644 --- a/doc/apps/genpkey.pod +++ b/doc/apps/genpkey.pod @@ -38,7 +38,7 @@ This specifies the output format DER or PEM. =item B<-pass arg> the output file password source. For more information about the format of B<arg> -see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. +see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>. =item B<-cipher> diff --git a/doc/apps/genrsa.pod b/doc/apps/genrsa.pod index cb03d09b95..c27f773b36 100644 --- a/doc/apps/genrsa.pod +++ b/doc/apps/genrsa.pod @@ -46,7 +46,7 @@ used. =item B<-passout arg> the output file password source. For more information about the format of B<arg> -see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. +see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>. =item B<-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea> @@ -62,7 +62,7 @@ the public exponent to use, either 65537 or 3. The default is 65537. =item B<-rand file(s)> a file or files containing random data used to seed the random number -generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>). +generator, or an EGD socket (see L<RAND_egd(3)>). Multiple files can be specified separated by a OS-dependent character. The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for all others. @@ -102,7 +102,7 @@ be much larger (typically 1024 bits). =head1 SEE ALSO -L<gendsa(1)|gendsa(1)> +L<gendsa(1)> =cut diff --git a/doc/apps/openssl.pod b/doc/apps/openssl.pod index 3e651b89d6..d996edaed8 100644 --- a/doc/apps/openssl.pod +++ b/doc/apps/openssl.pod @@ -396,19 +396,19 @@ read the password from standard input. =head1 SEE ALSO -L<asn1parse(1)|asn1parse(1)>, L<ca(1)|ca(1)>, L<config(5)|config(5)>, -L<crl(1)|crl(1)>, L<crl2pkcs7(1)|crl2pkcs7(1)>, L<dgst(1)|dgst(1)>, -L<dhparam(1)|dhparam(1)>, L<dsa(1)|dsa(1)>, L<dsaparam(1)|dsaparam(1)>, -L<enc(1)|enc(1)>, L<gendsa(1)|gendsa(1)>, L<genpkey(1)|genpkey(1)>, -L<genrsa(1)|genrsa(1)>, L<nseq(1)|nseq(1)>, L<openssl(1)|openssl(1)>, -L<passwd(1)|passwd(1)>, -L<pkcs12(1)|pkcs12(1)>, L<pkcs7(1)|pkcs7(1)>, L<pkcs8(1)|pkcs8(1)>, -L<rand(1)|rand(1)>, L<req(1)|req(1)>, L<rsa(1)|rsa(1)>, -L<rsautl(1)|rsautl(1)>, L<s_client(1)|s_client(1)>, -L<s_server(1)|s_server(1)>, L<s_time(1)|s_time(1)>, -L<smime(1)|smime(1)>, L<spkac(1)|spkac(1)>, -L<verify(1)|verify(1)>, L<version(1)|version(1)>, L<x509(1)|x509(1)>, -L<crypto(3)|crypto(3)>, L<ssl(3)|ssl(3)>, L<x509v3_config(5)|x509v3_config(5)> +L<asn1parse(1)>, L<ca(1)>, L<config(5)>, +L<crl(1)>, L<crl2pkcs7(1)>, L<dgst(1)>, +L<dhparam(1)>, L<dsa(1)>, L<dsaparam(1)>, +L<enc(1)>, L<gendsa(1)>, L<genpkey(1)>, +L<genrsa(1)>, L<nseq(1)>, L<openssl(1)>, +L<passwd(1)>, +L<pkcs12(1)>, L<pkcs7(1)>, L<pkcs8(1)>, +L<rand(1)>, L<req(1)>, L<rsa(1)>, +L<rsautl(1)>, L<s_client(1)>, +L<s_server(1)>, L<s_time(1)>, +L<smime(1)>, L<spkac(1)>, +L<verify(1)>, L<version(1)>, L<x509(1)>, +L<crypto(3)>, L<ssl(3)>, L<x509v3_config(5)> =head1 HISTORY diff --git a/doc/apps/pkcs12.pod b/doc/apps/pkcs12.pod index 744984838d..f956c8ed64 100644 --- a/doc/apps/pkcs12.pod +++ b/doc/apps/pkcs12.pod @@ -71,13 +71,13 @@ default. They are all written in PEM format. the PKCS#12 file (i.e. input file) password source. For more information about the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in -L<openssl(1)|openssl(1)>. +L<openssl(1)>. =item B<-passout arg> pass phrase source to encrypt any outputted private keys with. For more information about the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section -in L<openssl(1)|openssl(1)>. +in L<openssl(1)>. =item B<-password arg> @@ -192,13 +192,13 @@ displays them. the PKCS#12 file (i.e. output file) password source. For more information about the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in -L<openssl(1)|openssl(1)>. +L<openssl(1)>. =item B<-passin password> pass phrase source to decrypt any input private keys with. For more information about the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in -L<openssl(1)|openssl(1)>. +L<openssl(1)>. =item B<-chain> @@ -266,7 +266,7 @@ don't attempt to provide the MAC integrity. =item B<-rand file(s)> a file or files containing random data used to seed the random number -generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>). +generator, or an EGD socket (see L<RAND_egd(3)>). Multiple files can be specified separated by a OS-dependent character. The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for all others. @@ -364,5 +364,5 @@ file from the keys and certificates using a newer version of OpenSSL. For exampl =head1 SEE ALSO -L<pkcs8(1)|pkcs8(1)> +L<pkcs8(1)> diff --git a/doc/apps/pkcs7.pod b/doc/apps/pkcs7.pod index acfb8100f0..024175e1cb 100644 --- a/doc/apps/pkcs7.pod +++ b/doc/apps/pkcs7.pod @@ -100,6 +100,6 @@ cannot currently parse, for example, the new CMS as described in RFC2630. =head1 SEE ALSO -L<crl2pkcs7(1)|crl2pkcs7(1)> +L<crl2pkcs7(1)> =cut diff --git a/doc/apps/pkcs8.pod b/doc/apps/pkcs8.pod index 433e55c6fd..ed8c4ade62 100644 --- a/doc/apps/pkcs8.pod +++ b/doc/apps/pkcs8.pod @@ -67,7 +67,7 @@ prompted for. =item B<-passin arg> the input file password source. For more information about the format of B<arg> -see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. +see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>. =item B<-out filename> @@ -79,7 +79,7 @@ filename. =item B<-passout arg> the output file password source. For more information about the format of B<arg> -see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. +see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>. =item B<-iter count> @@ -276,8 +276,8 @@ the old format at present. =head1 SEE ALSO -L<dsa(1)|dsa(1)>, L<rsa(1)|rsa(1)>, L<genrsa(1)|genrsa(1)>, -L<gendsa(1)|gendsa(1)> +L<dsa(1)>, L<rsa(1)>, L<genrsa(1)>, +L<gendsa(1)> =head1 HISTORY diff --git a/doc/apps/pkey.pod b/doc/apps/pkey.pod index 4851223f3f..68f9409991 100644 --- a/doc/apps/pkey.pod +++ b/doc/apps/pkey.pod @@ -49,7 +49,7 @@ prompted for. =item B<-passin arg> the input file password source. For more information about the format of B<arg> -see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. +see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>. =item B<-out filename> @@ -61,7 +61,7 @@ filename. =item B<-passout password> the output file password source. For more information about the format of B<arg> -see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. +see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>. =item B<-cipher> @@ -129,7 +129,7 @@ To just output the public part of a private key: =head1 SEE ALSO -L<genpkey(1)|genpkey(1)>, L<rsa(1)|rsa(1)>, L<pkcs8(1)|pkcs8(1)>, -L<dsa(1)|dsa(1)>, L<genrsa(1)|genrsa(1)>, L<gendsa(1)|gendsa(1)> +L<genpkey(1)>, L<rsa(1)>, L<pkcs8(1)>, +L<dsa(1)>, L<genrsa(1)>, L<gendsa(1)> =cut diff --git a/doc/apps/pkeyparam.pod b/doc/apps/pkeyparam.pod index 154f6721af..acfe9f9eea 100644 --- a/doc/apps/pkeyparam.pod +++ b/doc/apps/pkeyparam.pod @@ -63,7 +63,7 @@ PEM format is supported because the key type is determined by the PEM headers. =head1 SEE ALSO -L<genpkey(1)|genpkey(1)>, L<rsa(1)|rsa(1)>, L<pkcs8(1)|pkcs8(1)>, -L<dsa(1)|dsa(1)>, L<genrsa(1)|genrsa(1)>, L<gendsa(1)|gendsa(1)> +L<genpkey(1)>, L<rsa(1)>, L<pkcs8(1)>, +L<dsa(1)>, L<genrsa(1)>, L<gendsa(1)> =cut diff --git a/doc/apps/pkeyutl.pod b/doc/apps/pkeyutl.pod index 1f7596da17..b43763554e 100644 --- a/doc/apps/pkeyutl.pod +++ b/doc/apps/pkeyutl.pod @@ -59,7 +59,7 @@ the key format PEM, DER or ENGINE. =item B<-passin arg> the input key password source. For more information about the format of B<arg> -see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. +see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>. =item B<-peerkey file> @@ -218,5 +218,5 @@ Derive a shared secret value: =head1 SEE ALSO -L<genpkey(1)|genpkey(1)>, L<pkey(1)|pkey(1)>, L<rsautl(1)|rsautl(1)> -L<dgst(1)|dgst(1)>, L<rsa(1)|rsa(1)>, L<genrsa(1)|genrsa(1)> +L<genpkey(1)>, L<pkey(1)>, L<rsautl(1)> +L<dgst(1)>, L<rsa(1)>, L<genrsa(1)> diff --git a/doc/apps/rand.pod b/doc/apps/rand.pod index d1d213ef43..3679e6bef0 100644 --- a/doc/apps/rand.pod +++ b/doc/apps/rand.pod @@ -32,7 +32,7 @@ Write to I<file> instead of standard output. =item B<-rand> I<file(s)> -Use specified file or files or EGD socket (see L<RAND_egd(3)|RAND_egd(3)>) +Use specified file or files or EGD socket (see L<RAND_egd(3)>) for seeding the random number generator. Multiple files can be specified separated by a OS-dependent character. The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for @@ -50,6 +50,6 @@ Show the output as a hex string. =head1 SEE ALSO -L<RAND_bytes(3)|RAND_bytes(3)> +L<RAND_bytes(3)> =cut diff --git a/doc/apps/req.pod b/doc/apps/req.pod index 2ce2bca2c3..ae884a209b 100644 --- a/doc/apps/req.pod +++ b/doc/apps/req.pod @@ -79,7 +79,7 @@ options (B<-new> and B<-newkey>) are not specified. =item B<-passin arg> the input file password source. For more information about the format of B<arg> -see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. +see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>. =item B<-out filename> @@ -89,7 +89,7 @@ default. =item B<-passout arg> the output file password source. For more information about the format of B<arg> -see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. +see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>. =item B<-text> @@ -137,7 +137,7 @@ characters may be escaped by \ (backslash), no spaces are skipped. =item B<-rand file(s)> a file or files containing random data used to seed the random number -generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>). +generator, or an EGD socket (see L<RAND_egd(3)>). Multiple files can be specified separated by a OS-dependent character. The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for all others. @@ -270,14 +270,14 @@ configuration file, must be valid UTF8 strings. option which determines how the subject or issuer names are displayed. The B<option> argument can be a single option or multiple options separated by commas. Alternatively the B<-nameopt> switch may be used more than once to -set multiple options. See the L<x509(1)|x509(1)> manual page for details. +set multiple options. See the L<x509(1)> manual page for details. =item B<-reqopt> customise the output format used with B<-text>. The B<option> argument can be a single option or multiple options separated by commas. -See discussion of the B<-certopt> parameter in the L<B<x509>|x509(1)> +See discussion of the B<-certopt> parameter in the L<x509(1)> command. @@ -374,7 +374,7 @@ and long names are the same when this option is used. =item B<RANDFILE> This specifies a filename in which random number seed information is -placed and read from, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>). +placed and read from, or an EGD socket (see L<RAND_egd(3)>). It is used for private key generation. =item B<encrypt_key> @@ -408,7 +408,7 @@ problems with BMPStrings and UTF8Strings: in particular Netscape. this specifies the configuration file section containing a list of extensions to add to the certificate request. It can be overridden by the B<-reqexts> command line switch. See the -L<x509v3_config(5)|x509v3_config(5)> manual page for details of the +L<x509v3_config(5)> manual page for details of the extension section format. =item B<x509_extensions> @@ -670,8 +670,8 @@ address in subjectAltName should be input by the user. =head1 SEE ALSO -L<x509(1)|x509(1)>, L<ca(1)|ca(1)>, L<genrsa(1)|genrsa(1)>, -L<gendsa(1)|gendsa(1)>, L<config(5)|config(5)>, -L<x509v3_config(5)|x509v3_config(5)> +L<x509(1)>, L<ca(1)>, L<genrsa(1)>, +L<gendsa(1)>, L<config(5)>, +L<x509v3_config(5)> =cut diff --git a/doc/apps/rsa.pod b/doc/apps/rsa.pod index 734c602f70..427c6c68a9 100644 --- a/doc/apps/rsa.pod +++ b/doc/apps/rsa.pod @@ -68,7 +68,7 @@ prompted for. =item B<-passin arg> the input file password source. For more information about the format of B<arg> -see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. +see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>. =item B<-out filename> @@ -80,7 +80,7 @@ filename. =item B<-passout password> the output file password source. For more information about the format of B<arg> -see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. +see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>. =item B<-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea> @@ -197,7 +197,7 @@ without having to manually edit them. =head1 SEE ALSO -L<pkcs8(1)|pkcs8(1)>, L<dsa(1)|dsa(1)>, L<genrsa(1)|genrsa(1)>, -L<gendsa(1)|gendsa(1)> +L<pkcs8(1)>, L<dsa(1)>, L<genrsa(1)>, +L<gendsa(1)> =cut diff --git a/doc/apps/rsautl.pod b/doc/apps/rsautl.pod index 1a498c2f62..bc87674641 100644 --- a/doc/apps/rsautl.pod +++ b/doc/apps/rsautl.pod @@ -180,4 +180,4 @@ which it can be seen agrees with the recovered value above. =head1 SEE ALSO -L<dgst(1)|dgst(1)>, L<rsa(1)|rsa(1)>, L<genrsa(1)|genrsa(1)> +L<dgst(1)>, L<rsa(1)>, L<genrsa(1)> diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod index e91b9f1334..04982e6414 100644 --- a/doc/apps/s_client.pod +++ b/doc/apps/s_client.pod @@ -132,7 +132,7 @@ The private format to use: DER or PEM. PEM is the default. =item B<-pass arg> the private key password source. For more information about the format of B<arg> -see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. +see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>. =item B<-verify depth> @@ -167,7 +167,7 @@ B<-use_deltas>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>, B<-verify_ip>, B<-verify_name>, B<-x509_strict> Set various certificate chain validation options. See the -L<B<verify>|verify(1)> manual page for details. +L<verify(1)> manual page for details. =item B<-reconnect> @@ -325,7 +325,7 @@ for all available algorithms. =item B<-rand file(s)> a file or files containing random data used to seed the random number -generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>). +generator, or an EGD socket (see L<RAND_egd(3)>). Multiple files can be specified separated by a OS-dependent character. The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for all others. @@ -417,7 +417,7 @@ information whenever a session is renegotiated. =head1 SEE ALSO -L<sess_id(1)|sess_id(1)>, L<s_server(1)|s_server(1)>, L<ciphers(1)|ciphers(1)> +L<sess_id(1)>, L<s_server(1)>, L<ciphers(1)> =head1 HISTORY diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod index b2c2907c35..567df2cfef 100644 --- a/doc/apps/s_server.pod +++ b/doc/apps/s_server.pod @@ -139,7 +139,7 @@ The private format to use: DER or PEM. PEM is the default. =item B<-pass arg> the private key password source. For more information about the format of B<arg> -see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. +see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>. =item B<-dcert filename>, B<-dkey keyname> @@ -222,7 +222,7 @@ B<-no_alt_chains>, B<-use_deltas>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>, B<-verify_ip>, B<-verify_name>, B<-x509_strict> Set different peer certificate verification options. -See the L<B<verify>|verify(1)> manual page for details. +See the L<verify(1)> manual page for details. =item B<-verify_return_error> @@ -356,7 +356,7 @@ IDs (eg. with a certain prefix). =item B<-rand file(s)> a file or files containing random data used to seed the random number -generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>). +generator, or an EGD socket (see L<RAND_egd(3)>). Multiple files can be specified separated by a OS-dependent character. The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for all others. @@ -474,7 +474,7 @@ unknown cipher suites a client says it supports. =head1 SEE ALSO -L<sess_id(1)|sess_id(1)>, L<s_client(1)|s_client(1)>, L<ciphers(1)|ciphers(1)> +L<sess_id(1)>, L<s_client(1)>, L<ciphers(1)> =head1 HISTORY diff --git a/doc/apps/s_time.pod b/doc/apps/s_time.pod index b8dad09a03..50ac0e09fa 100644 --- a/doc/apps/s_time.pod +++ b/doc/apps/s_time.pod @@ -97,7 +97,7 @@ these options disable the use of certain SSL or TLS protocols. By default the initial handshake uses a method which should be compatible with all servers and permit them to use SSL v3 or TLS as appropriate. The timing program is not as rich in options to turn protocols on and off as -the L<s_client(1)|s_client(1)> program and may not connect to all servers. +the L<s_client(1)> program and may not connect to all servers. Unfortunately there are a lot of ancient and broken servers in use which cannot handle this technique and will fail to connect. Some servers only @@ -113,7 +113,7 @@ option enables various workarounds. this allows the cipher list sent by the client to be modified. Although the server determines which cipher suite is used it should take the first supported cipher in the list sent by the client. -See the L<ciphers(1)|ciphers(1)> command for more information. +See the L<ciphers(1)> command for more information. =item B<-time length> @@ -131,7 +131,7 @@ To connect to an SSL HTTP server and get the default page the command openssl s_time -connect servername:443 -www / -CApath yourdir -CAfile yourfile.pem -cipher commoncipher [-ssl3] would typically be used (https uses port 443). 'commoncipher' is a cipher to -which both client and server can agree, see the L<ciphers(1)|ciphers(1)> command +which both client and server can agree, see the L<ciphers(1)> command for details. If the handshake fails then there are several possible causes, if it is @@ -144,10 +144,10 @@ A frequent problem when attempting to get client certificates working is that a web client complains it has no certificates or gives an empty list to choose from. This is normally because the server is not sending the clients certificate authority in its "acceptable CA list" when it -requests a certificate. By using L<s_client(1)|s_client(1)> the CA list can be +requests a certificate. By using L<s_client(1)> the CA list can be viewed and checked. However some servers only request client authentication after a specific URL is requested. To obtain the list in this case it -is necessary to use the B<-prexit> option of L<s_client(1)|s_client(1)> and +is necessary to use the B<-prexit> option of L<s_client(1)> and send an HTTP request for an appropriate page. If a certificate is specified on the command line using the B<-cert> @@ -158,7 +158,7 @@ on the command line is no guarantee that the certificate works. =head1 BUGS Because this program does not have all the options of the -L<s_client(1)|s_client(1)> program to turn protocols on and off, you may not be +L<s_client(1)> program to turn protocols on and off, you may not be able to measure the performance of all protocols with all servers. The B<-verify> option should really exit if the server verification @@ -166,6 +166,6 @@ fails. =head1 SEE ALSO -L<s_client(1)|s_client(1)>, L<s_server(1)|s_server(1)>, L<ciphers(1)|ciphers(1)> +L<s_client(1)>, L<s_server(1)>, L<ciphers(1)> =cut diff --git a/doc/apps/sess_id.pod b/doc/apps/sess_id.pod index a8b0ef09eb..391405787b 100644 --- a/doc/apps/sess_id.pod +++ b/doc/apps/sess_id.pod @@ -143,6 +143,6 @@ The cipher and start time should be printed out in human readable form. =head1 SEE ALSO -L<ciphers(1)|ciphers(1)>, L<s_server(1)|s_server(1)> +L<ciphers(1)>, L<s_server(1)> =cut diff --git a/doc/apps/smime.pod b/doc/apps/smime.pod index 31a85fbcc3..e9fbfda422 100644 --- a/doc/apps/smime.pod +++ b/doc/apps/smime.pod @@ -266,12 +266,12 @@ multiple times to specify successive keys. =item B<-passin arg> the private key password source. For more information about the format of B<arg> -see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. +see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>. =item B<-rand file(s)> a file or files containing random data used to seed the random number -generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>). +generator, or an EGD socket (see L<RAND_egd(3)>). Multiple files can be specified separated by a OS-dependent character. The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for all others. @@ -297,7 +297,7 @@ B<-use_deltas>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>, B<-verify_ip>, B<-verify_name>, B<-x509_strict> Set various options of certificate chain verification. See -L<B<verify>|verify(1)> manual page for details. +L<verify(1)> manual page for details. =back diff --git a/doc/apps/spkac.pod b/doc/apps/spkac.pod index 97fb80e401..553fd2d9e6 100644 --- a/doc/apps/spkac.pod +++ b/doc/apps/spkac.pod @@ -48,7 +48,7 @@ present. =item B<-passin password> the input file password source. For more information about the format of B<arg> -see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. +see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>. =item B<-challenge string> @@ -128,6 +128,6 @@ to be used in a "replay attack". =head1 SEE ALSO -L<ca(1)|ca(1)> +L<ca(1)> =cut diff --git a/doc/apps/ts.pod b/doc/apps/ts.pod index 5aab465505..ff086d8b2a 100644 --- a/doc/apps/ts.pod +++ b/doc/apps/ts.pod @@ -200,7 +200,7 @@ The name of the file containing a DER encoded time stamp request. (Optional) =item B<-passin> password_src Specifies the password source for the private key of the TSA. See -B<PASS PHRASE ARGUMENTS> in L<openssl(1)|openssl(1)>. (Optional) +B<PASS PHRASE ARGUMENTS> in L<openssl(1)>. (Optional) =item B<-signer> tsa_cert.pem @@ -312,7 +312,7 @@ of a time stamp response (TimeStampResp). (Optional) =item B<-CApath> trusted_cert_path The name of the directory containing the trusted CA certificates of the -client. See the similar option of L<verify(1)|verify(1)> for additional +client. See the similar option of L<verify(1)> for additional details. Either this option or B<-CAfile> must be specified. (Optional) @@ -320,7 +320,7 @@ details. Either this option or B<-CAfile> must be specified. (Optional) The name of the file containing a set of trusted self-signed CA certificates in PEM format. See the similar option of -L<verify(1)|verify(1)> for additional details. Either this option +L<verify(1)> for additional details. Either this option or B<-CApath> must be specified. (Optional) @@ -337,7 +337,7 @@ all intermediate CA certificates unless the response includes them. =head1 CONFIGURATION FILE OPTIONS The B<-query> and B<-reply> commands make use of a configuration file -defined by the B<OPENSSL_CONF> environment variable. See L<config(5)|config(5)> +defined by the B<OPENSSL_CONF> environment variable. See L<config(5)> for a general description of the syntax of the config file. The B<-query> command uses only the symbolic OID names section and it can work without it. However, the B<-reply> command needs the @@ -356,15 +356,15 @@ section can be overridden with the B<-section> command line switch. (Optional) =item B<oid_file> -See L<ca(1)|ca(1)> for description. (Optional) +See L<ca(1)> for description. (Optional) =item B<oid_section> -See L<ca(1)|ca(1)> for description. (Optional) +See L<ca(1)> for description. (Optional) =item B<RANDFILE> -See L<ca(1)|ca(1)> for description. (Optional) +See L<ca(1)> for description. (Optional) =item B<serial> @@ -493,8 +493,8 @@ Before generating a response a signing certificate must be created for the TSA that contains the B<timeStamping> critical extended key usage extension without any other key usage extensions. You can add the 'extendedKeyUsage = critical,timeStamping' line to the user certificate section -of the config file to generate a proper certificate. See L<req(1)|req(1)>, -L<ca(1)|ca(1)>, L<x509(1)|x509(1)> for instructions. The examples +of the config file to generate a proper certificate. See L<req(1)>, +L<ca(1)>, L<x509(1)> for instructions. The examples below assume that cacert.pem contains the certificate of the CA, tsacert.pem is the signing certificate issued by cacert.pem and tsakey.pem is the private key of the TSA. @@ -559,14 +559,14 @@ Zoltan Glozik <zglozik@opentsa.org>. Known issues: =over 4 =item * No support for time stamps over SMTP, though it is quite easy -to implement an automatic e-mail based TSA with L<procmail(1)|procmail(1)> -and L<perl(1)|perl(1)>. HTTP server support is provided in the form of +to implement an automatic e-mail based TSA with L<procmail(1)> +and L<perl(1)>. HTTP server support is provided in the form of a separate apache module. HTTP client support is provided by -L<tsget(1)|tsget(1)>. Pure TCP/IP protocol is not supported. +L<tsget(1)>. Pure TCP/IP protocol is not supported. =item * The file containing the last serial number of the TSA is not locked when being read or written. This is a problem if more than one -instance of L<openssl(1)|openssl(1)> is trying to create a time stamp +instance of L<openssl(1)> is trying to create a time stamp response at the same time. This is not an issue when using the apache server module, it does proper locking. @@ -587,8 +587,8 @@ Zoltan Glozik <zglozik@opentsa.org>, OpenTSA project (http://www.opentsa.org) =head1 SEE ALSO -L<tsget(1)|tsget(1)>, L<openssl(1)|openssl(1)>, L<req(1)|req(1)>, -L<x509(1)|x509(1)>, L<ca(1)|ca(1)>, L<genrsa(1)|genrsa(1)>, -L<config(5)|config(5)> +L<tsget(1)>, L<openssl(1)>, L<req(1)>, +L<x509(1)>, L<ca(1)>, L<genrsa(1)>, +L<config(5)> =cut diff --git a/doc/apps/tsget.pod b/doc/apps/tsget.pod index 56db985c4b..3452c63a16 100644 --- a/doc/apps/tsget.pod +++ b/doc/apps/tsget.pod @@ -188,7 +188,7 @@ Zoltan Glozik <zglozik@opentsa.org>, OpenTSA project (http://www.opentsa.org) =head1 SEE ALSO -L<openssl(1)|openssl(1)>, L<ts(1)|ts(1)>, L<curl(1)|curl(1)>, +L<openssl(1)>, L<ts(1)>, L<curl(1)>, B<RFC 3161> =cut diff --git a/doc/apps/verify.pod b/doc/apps/verify.pod index b1253da740..f7364f3e7d 100644 --- a/doc/apps/verify.pod +++ b/doc/apps/verify.pod @@ -498,7 +498,7 @@ B<20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY> error codes. =head1 SEE ALSO -L<x509(1)|x509(1)> +L<x509(1)> =head1 HISTORY diff --git a/doc/apps/x509.pod b/doc/apps/x509.pod index a0127fe0f6..0c6aaeffa5 100644 --- a/doc/apps/x509.pod +++ b/doc/apps/x509.pod @@ -330,7 +330,7 @@ the request. =item B<-passin arg> the key password source. For more information about the format of B<arg> -see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. +see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>. =item B<-clrext> @@ -416,7 +416,7 @@ the section to add certificate extensions from. If this option is not specified then the extensions should either be contained in the unnamed (default) section or the default section should contain a variable called "extensions" which contains the section to use. See the -L<x509v3_config(5)|x509v3_config(5)> manual page for details of the +L<x509v3_config(5)> manual page for details of the extension section format. =item B<-force_pubkey key> @@ -872,9 +872,9 @@ OpenSSL 0.9.5 and later. =head1 SEE ALSO -L<req(1)|req(1)>, L<ca(1)|ca(1)>, L<genrsa(1)|genrsa(1)>, -L<gendsa(1)|gendsa(1)>, L<verify(1)|verify(1)>, -L<x509v3_config(5)|x509v3_config(5)> +L<req(1)>, L<ca(1)>, L<genrsa(1)>, +L<gendsa(1)>, L<verify(1)>, +L<x509v3_config(5)> =head1 HISTORY diff --git a/doc/apps/x509v3_config.pod b/doc/apps/x509v3_config.pod index d1e67883d7..297cbaa440 100644 --- a/doc/apps/x509v3_config.pod +++ b/doc/apps/x509v3_config.pod @@ -176,7 +176,7 @@ prefacing the name with a B<+> character. otherName can include arbitrary data associated with an OID: the value should be the OID followed by a semicolon and the content in standard -L<ASN1_generate_nconf(3)|ASN1_generate_nconf(3)> format. +L<ASN1_generate_nconf(3)> format. Examples: @@ -439,7 +439,7 @@ the data is formatted correctly for the given extension type. There are two ways to encode arbitrary extensions. The first way is to use the word ASN1 followed by the extension content -using the same syntax as L<ASN1_generate_nconf(3)|ASN1_generate_nconf(3)>. +using the same syntax as L<ASN1_generate_nconf(3)>. For example: 1.2.3.4=critical,ASN1:UTF8String:Some random data @@ -520,8 +520,8 @@ for arbitrary extensions was added in OpenSSL 0.9.8 =head1 SEE ALSO -L<req(1)|req(1)>, L<ca(1)|ca(1)>, L<x509(1)|x509(1)>, -L<ASN1_generate_nconf(3)|ASN1_generate_nconf(3)> +L<req(1)>, L<ca(1)>, L<x509(1)>, +L<ASN1_generate_nconf(3)> =cut diff --git a/doc/crypto/ASN1_INTEGER_get_int64.pod b/doc/crypto/ASN1_INTEGER_get_int64.pod index 8911afdc2b..a9e38f8d57 100644 --- a/doc/crypto/ASN1_INTEGER_get_int64.pod +++ b/doc/crypto/ASN1_INTEGER_get_int64.pod @@ -111,7 +111,7 @@ of NULL if an error occurs. They can fail if the pased type is incorrect =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)> +L<ERR_get_error(3)> =head1 HISTORY diff --git a/doc/crypto/ASN1_OBJECT_new.pod b/doc/crypto/ASN1_OBJECT_new.pod index 36fc5716ec..4bdfe021bb 100644 --- a/doc/crypto/ASN1_OBJECT_new.pod +++ b/doc/crypto/ASN1_OBJECT_new.pod @@ -30,14 +30,14 @@ such as OBJ_nid2obj() are used instead. =head1 RETURN VALUES If the allocation fails, ASN1_OBJECT_new() returns B<NULL> and sets an error -code that can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. +code that can be obtained by L<ERR_get_error(3)>. Otherwise it returns a pointer to the newly allocated structure. ASN1_OBJECT_free() returns no value. =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)>, L<d2i_ASN1_OBJECT(3)|d2i_ASN1_OBJECT(3)> +L<ERR_get_error(3)>, L<d2i_ASN1_OBJECT(3)> =head1 HISTORY diff --git a/doc/crypto/ASN1_STRING_length.pod b/doc/crypto/ASN1_STRING_length.pod index 6fb9c949b6..4c9ad0a31c 100644 --- a/doc/crypto/ASN1_STRING_length.pod +++ b/doc/crypto/ASN1_STRING_length.pod @@ -76,7 +76,7 @@ when calling ASN1_STRING_set(). =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)> +L<ERR_get_error(3)> =head1 HISTORY diff --git a/doc/crypto/ASN1_STRING_new.pod b/doc/crypto/ASN1_STRING_new.pod index 6c0b303c27..76e983a820 100644 --- a/doc/crypto/ASN1_STRING_new.pod +++ b/doc/crypto/ASN1_STRING_new.pod @@ -38,7 +38,7 @@ ASN1_STRING_free() does not return a value. =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)> +L<ERR_get_error(3)> =head1 HISTORY diff --git a/doc/crypto/ASN1_STRING_print_ex.pod b/doc/crypto/ASN1_STRING_print_ex.pod index 19c82ff1e4..2be7f7caa2 100644 --- a/doc/crypto/ASN1_STRING_print_ex.pod +++ b/doc/crypto/ASN1_STRING_print_ex.pod @@ -86,8 +86,8 @@ equivalent to: =head1 SEE ALSO -L<X509_NAME_print_ex(3)|X509_NAME_print_ex(3)>, -L<ASN1_tag2str(3)|ASN1_tag2str(3)> +L<X509_NAME_print_ex(3)>, +L<ASN1_tag2str(3)> =head1 HISTORY diff --git a/doc/crypto/ASN1_generate_nconf.pod b/doc/crypto/ASN1_generate_nconf.pod index 5dc1091c88..8c845aca88 100644 --- a/doc/crypto/ASN1_generate_nconf.pod +++ b/doc/crypto/ASN1_generate_nconf.pod @@ -252,11 +252,11 @@ structure: ASN1_generate_nconf() and ASN1_generate_v3() return the encoded data as an B<ASN1_TYPE> structure or B<NULL> if an error occurred. -The error codes that can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. +The error codes that can be obtained by L<ERR_get_error(3)>. =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)> +L<ERR_get_error(3)> =head1 HISTORY diff --git a/doc/crypto/BIO_f_buffer.pod b/doc/crypto/BIO_f_buffer.pod index 4b525efda9..d07c41917f 100644 --- a/doc/crypto/BIO_f_buffer.pod +++ b/doc/crypto/BIO_f_buffer.pod @@ -66,8 +66,8 @@ there was an error. =head1 SEE ALSO -L<BIO(3)|BIO(3)>, -L<BIO_reset(3)|BIO_reset(3)>, -L<BIO_flush(3)|BIO_flush(3)>, -L<BIO_pop(3)|BIO_pop(3)>, -L<BIO_ctrl(3)|BIO_ctrl(3)>. +L<BIO(3)>, +L<BIO_reset(3)>, +L<BIO_flush(3)>, +L<BIO_pop(3)>, +L<BIO_ctrl(3)>. diff --git a/doc/crypto/BIO_f_ssl.pod b/doc/crypto/BIO_f_ssl.pod index a0531b0e0e..00b29bdeda 100644 --- a/doc/crypto/BIO_f_ssl.pod +++ b/doc/crypto/BIO_f_ssl.pod @@ -132,7 +132,7 @@ TBA This SSL/TLS client example, attempts to retrieve a page from an SSL/TLS web server. The I/O routines are identical to those of the -unencrypted example in L<BIO_s_connect(3)|BIO_s_connect(3)>. +unencrypted example in L<BIO_s_connect(3)>. BIO *sbio, *out; int len; diff --git a/doc/crypto/BIO_new_CMS.pod b/doc/crypto/BIO_new_CMS.pod index 9e3a4b7f89..0069b8d7f0 100644 --- a/doc/crypto/BIO_new_CMS.pod +++ b/doc/crypto/BIO_new_CMS.pod @@ -56,8 +56,8 @@ occurred. The error can be obtained from ERR_get_error(3). =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_sign(3)|CMS_sign(3)>, -L<CMS_encrypt(3)|CMS_encrypt(3)> +L<ERR_get_error(3)>, L<CMS_sign(3)>, +L<CMS_encrypt(3)> =head1 HISTORY diff --git a/doc/crypto/BIO_read.pod b/doc/crypto/BIO_read.pod index b34528104d..960ea45caa 100644 --- a/doc/crypto/BIO_read.pod +++ b/doc/crypto/BIO_read.pod @@ -52,15 +52,15 @@ I/O structure and may block as a result. Instead select() (or equivalent) should be combined with non blocking I/O so successive reads will request a retry instead of blocking. -See L<BIO_should_retry(3)|BIO_should_retry(3)> for details of how to +See L<BIO_should_retry(3)> for details of how to determine the cause of a retry and other I/O issues. If the BIO_gets() function is not supported by a BIO then it possible to -work around this by adding a buffering BIO L<BIO_f_buffer(3)|BIO_f_buffer(3)> +work around this by adding a buffering BIO L<BIO_f_buffer(3)> to the chain. =head1 SEE ALSO -L<BIO_should_retry(3)|BIO_should_retry(3)> +L<BIO_should_retry(3)> TBA diff --git a/doc/crypto/BIO_s_accept.pod b/doc/crypto/BIO_s_accept.pod index 45b73df770..8a23d42657 100644 --- a/doc/crypto/BIO_s_accept.pod +++ b/doc/crypto/BIO_s_accept.pod @@ -54,7 +54,7 @@ connection and reset the BIO into a state where it awaits another incoming connection. BIO_get_fd() and BIO_set_fd() can be called to retrieve or set -the accept socket. See L<BIO_s_fd(3)|BIO_s_fd(3)> +the accept socket. See L<BIO_s_fd(3)> BIO_set_accept_port() uses the string B<name> to set the accept port. The port is represented as a string of the form "host:port", diff --git a/doc/crypto/BIO_s_bio.pod b/doc/crypto/BIO_s_bio.pod index 0f15990562..998796b138 100644 --- a/doc/crypto/BIO_s_bio.pod +++ b/doc/crypto/BIO_s_bio.pod @@ -176,7 +176,7 @@ the peer might be waiting for the data before being able to continue. =head1 SEE ALSO -L<SSL_set_bio(3)|SSL_set_bio(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>, -L<BIO_should_retry(3)|BIO_should_retry(3)>, L<BIO_read(3)|BIO_read(3)> +L<SSL_set_bio(3)>, L<ssl(3)>, L<bio(3)>, +L<BIO_should_retry(3)>, L<BIO_read(3)> =cut diff --git a/doc/crypto/BIO_s_fd.pod b/doc/crypto/BIO_s_fd.pod index b1de1d1015..2f6b033f0a 100644 --- a/doc/crypto/BIO_s_fd.pod +++ b/doc/crypto/BIO_s_fd.pod @@ -48,7 +48,7 @@ BIO_new_fd() returns a file descriptor BIO using B<fd> and B<close_flag>. The behaviour of BIO_read() and BIO_write() depends on the behavior of the platforms read() and write() calls on the descriptor. If the underlying file descriptor is in a non blocking mode then the BIO will behave in the -manner described in the L<BIO_read(3)|BIO_read(3)> and L<BIO_should_retry(3)|BIO_should_retry(3)> +manner described in the L<BIO_read(3)> and L<BIO_should_retry(3)> manual pages. File descriptor BIOs should not be used for socket I/O. Use socket BIOs @@ -82,8 +82,8 @@ This is a file descriptor BIO version of "Hello World": =head1 SEE ALSO -L<BIO_seek(3)|BIO_seek(3)>, L<BIO_tell(3)|BIO_tell(3)>, -L<BIO_reset(3)|BIO_reset(3)>, L<BIO_read(3)|BIO_read(3)>, -L<BIO_write(3)|BIO_write(3)>, L<BIO_puts(3)|BIO_puts(3)>, -L<BIO_gets(3)|BIO_gets(3)>, L<BIO_printf(3)|BIO_printf(3)>, -L<BIO_set_close(3)|BIO_set_close(3)>, L<BIO_get_close(3)|BIO_get_close(3)> +L<BIO_seek(3)>, L<BIO_tell(3)>, +L<BIO_reset(3)>, L<BIO_read(3)>, +L<BIO_write(3)>, L<BIO_puts(3)>, +L<BIO_gets(3)>, L<BIO_printf(3)>, +L<BIO_set_close(3)>, L<BIO_get_close(3)> diff --git a/doc/crypto/BIO_s_file.pod b/doc/crypto/BIO_s_file.pod index 188aea347d..5adc569793 100644 --- a/doc/crypto/BIO_s_file.pod +++ b/doc/crypto/BIO_s_file.pod @@ -140,9 +140,9 @@ occurred this differs from other types of BIO which will typically return =head1 SEE ALSO -L<BIO_seek(3)|BIO_seek(3)>, L<BIO_tell(3)|BIO_tell(3)>, -L<BIO_reset(3)|BIO_reset(3)>, L<BIO_flush(3)|BIO_flush(3)>, -L<BIO_read(3)|BIO_read(3)>, -L<BIO_write(3)|BIO_write(3)>, L<BIO_puts(3)|BIO_puts(3)>, -L<BIO_gets(3)|BIO_gets(3)>, L<BIO_printf(3)|BIO_printf(3)>, -L<BIO_set_close(3)|BIO_set_close(3)>, L<BIO_get_close(3)|BIO_get_close(3)> +L<BIO_seek(3)>, L<BIO_tell(3)>, +L<BIO_reset(3)>, L<BIO_flush(3)>, +L<BIO_read(3)>, +L<BIO_write(3)>, L<BIO_puts(3)>, +L<BIO_gets(3)>, L<BIO_printf(3)>, +L<BIO_set_close(3)>, L<BIO_get_close(3)> diff --git a/doc/crypto/BN_BLINDING_new.pod b/doc/crypto/BN_BLINDING_new.pod index f8102ba765..65c6eab91d 100644 --- a/doc/crypto/BN_BLINDING_new.pod +++ b/doc/crypto/BN_BLINDING_new.pod @@ -98,7 +98,7 @@ parameters or NULL on error. =head1 SEE ALSO -L<bn(3)|bn(3)> +L<bn(3)> =head1 HISTORY diff --git a/doc/crypto/BN_CTX_new.pod b/doc/crypto/BN_CTX_new.pod index 958e551467..005c9f889a 100644 --- a/doc/crypto/BN_CTX_new.pod +++ b/doc/crypto/BN_CTX_new.pod @@ -28,8 +28,8 @@ B<BIGNUM>s. BN_CTX_free() frees the components of the B<BN_CTX>, and if it was created by BN_CTX_new(), also the structure itself. -If L<BN_CTX_start(3)|BN_CTX_start(3)> has been used on the B<BN_CTX>, -L<BN_CTX_end(3)|BN_CTX_end(3)> must be called before the B<BN_CTX> +If L<BN_CTX_start(3)> has been used on the B<BN_CTX>, +L<BN_CTX_end(3)> must be called before the B<BN_CTX> may be freed by BN_CTX_free(). If B<c> is NULL, nothing is done. @@ -38,7 +38,7 @@ If B<c> is NULL, nothing is done. BN_CTX_new() and BN_CTX_secure_new() return a pointer to the B<BN_CTX>. If the allocation fails, they return B<NULL> and sets an error code that can be obtained by -L<ERR_get_error(3)|ERR_get_error(3)>. +L<ERR_get_error(3)>. BN_CTX_free() has no return values. @@ -57,8 +57,8 @@ replace use of BN_CTX_init with BN_CTX_new instead: =head1 SEE ALSO -L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>, -L<BN_CTX_start(3)|BN_CTX_start(3)> +L<bn(3)>, L<ERR_get_error(3)>, L<BN_add(3)>, +L<BN_CTX_start(3)> =head1 HISTORY diff --git a/doc/crypto/BN_CTX_start.pod b/doc/crypto/BN_CTX_start.pod index dfcefe1a88..57ddff6561 100644 --- a/doc/crypto/BN_CTX_start.pod +++ b/doc/crypto/BN_CTX_start.pod @@ -17,7 +17,7 @@ BN_CTX_start, BN_CTX_get, BN_CTX_end - use temporary BIGNUM variables =head1 DESCRIPTION These functions are used to obtain temporary B<BIGNUM> variables from -a B<BN_CTX> (which can been created by using L<BN_CTX_new(3)|BN_CTX_new(3)>) +a B<BN_CTX> (which can been created by using L<BN_CTX_new(3)>) in order to save the overhead of repeatedly creating and freeing B<BIGNUM>s in functions that are called from inside a loop. @@ -38,12 +38,12 @@ BN_CTX_get() returns a pointer to the B<BIGNUM>, or B<NULL> on error. Once BN_CTX_get() has failed, the subsequent calls will return B<NULL> as well, so it is sufficient to check the return value of the last BN_CTX_get() call. In case of an error, an error code is set, which -can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. +can be obtained by L<ERR_get_error(3)>. =head1 SEE ALSO -L<BN_CTX_new(3)|BN_CTX_new(3)> +L<BN_CTX_new(3)> =head1 HISTORY diff --git a/doc/crypto/BN_add.pod b/doc/crypto/BN_add.pod index 88c7a799ee..38eeb3cd68 100644 --- a/doc/crypto/BN_add.pod +++ b/doc/crypto/BN_add.pod @@ -52,7 +52,7 @@ BN_sub() subtracts I<b> from I<a> and places the result in I<r> (C<r=a-b>). BN_mul() multiplies I<a> and I<b> and places the result in I<r> (C<r=a*b>). I<r> may be the same B<BIGNUM> as I<a> or I<b>. -For multiplication by powers of 2, use L<BN_lshift(3)|BN_lshift(3)>. +For multiplication by powers of 2, use L<BN_lshift(3)>. BN_sqr() takes the square of I<a> and places the result in I<r> (C<r=a^2>). I<r> and I<a> may be the same B<BIGNUM>. @@ -80,8 +80,8 @@ BN_mod_mul() multiplies I<a> by I<b> and finds the non-negative remainder respective to modulus I<m> (C<r=(a*b) mod m>). I<r> may be the same B<BIGNUM> as I<a> or I<b>. For more efficient algorithms for repeated computations using the same modulus, see -L<BN_mod_mul_montgomery(3)|BN_mod_mul_montgomery(3)> and -L<BN_mod_mul_reciprocal(3)|BN_mod_mul_reciprocal(3)>. +L<BN_mod_mul_montgomery(3)> and +L<BN_mod_mul_reciprocal(3)>. BN_mod_sqr() takes the square of I<a> modulo B<m> and places the result in I<r>. @@ -98,7 +98,7 @@ places the result in I<r>. I<r> may be the same B<BIGNUM> as I<a> or I<b>. For all functions, I<ctx> is a previously allocated B<BN_CTX> used for -temporary variables; see L<BN_CTX_new(3)|BN_CTX_new(3)>. +temporary variables; see L<BN_CTX_new(3)>. Unless noted otherwise, the result B<BIGNUM> must be different from the arguments. @@ -107,12 +107,12 @@ the arguments. For all functions, 1 is returned for success, 0 on error. The return value should always be checked (e.g., C<if (!BN_add(r,a,b)) goto err;>). -The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. +The error codes can be obtained by L<ERR_get_error(3)>. =head1 SEE ALSO -L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_CTX_new(3)|BN_CTX_new(3)>, -L<BN_add_word(3)|BN_add_word(3)>, L<BN_set_bit(3)|BN_set_bit(3)> +L<bn(3)>, L<ERR_get_error(3)>, L<BN_CTX_new(3)>, +L<BN_add_word(3)>, L<BN_set_bit(3)> =head1 HISTORY diff --git a/doc/crypto/BN_add_word.pod b/doc/crypto/BN_add_word.pod index 70667d2893..4f472adb8a 100644 --- a/doc/crypto/BN_add_word.pod +++ b/doc/crypto/BN_add_word.pod @@ -40,14 +40,14 @@ For BN_div_word() and BN_mod_word(), B<w> must not be 0. =head1 RETURN VALUES BN_add_word(), BN_sub_word() and BN_mul_word() return 1 for success, 0 -on error. The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. +on error. The error codes can be obtained by L<ERR_get_error(3)>. BN_mod_word() and BN_div_word() return B<a>%B<w> on success and B<(BN_ULONG)-1> if an error occurred. =head1 SEE ALSO -L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)> +L<bn(3)>, L<ERR_get_error(3)>, L<BN_add(3)> =head1 HISTORY diff --git a/doc/crypto/BN_bn2bin.pod b/doc/crypto/BN_bn2bin.pod index a4b17ca60a..dbcd11f0e5 100644 --- a/doc/crypto/BN_bn2bin.pod +++ b/doc/crypto/BN_bn2bin.pod @@ -76,13 +76,13 @@ BN_print_fp() and BN_print() return 1 on success, 0 on write errors. BN_bn2mpi() returns the length of the representation. BN_mpi2bn() returns the B<BIGNUM>, and NULL on error. -The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. +The error codes can be obtained by L<ERR_get_error(3)>. =head1 SEE ALSO -L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_zero(3)|BN_zero(3)>, -L<ASN1_INTEGER_to_BN(3)|ASN1_INTEGER_to_BN(3)>, -L<BN_num_bytes(3)|BN_num_bytes(3)> +L<bn(3)>, L<ERR_get_error(3)>, L<BN_zero(3)>, +L<ASN1_INTEGER_to_BN(3)>, +L<BN_num_bytes(3)> =head1 HISTORY diff --git a/doc/crypto/BN_cmp.pod b/doc/crypto/BN_cmp.pod index 23e9ed0b4f..6a9e341eb8 100644 --- a/doc/crypto/BN_cmp.pod +++ b/doc/crypto/BN_cmp.pod @@ -37,7 +37,7 @@ the condition is true, 0 otherwise. =head1 SEE ALSO -L<bn(3)|bn(3)> +L<bn(3)> =head1 HISTORY diff --git a/doc/crypto/BN_copy.pod b/doc/crypto/BN_copy.pod index 388dd7df26..834440fd35 100644 --- a/doc/crypto/BN_copy.pod +++ b/doc/crypto/BN_copy.pod @@ -21,11 +21,11 @@ containing the value B<from>. BN_copy() returns B<to> on success, NULL on error. BN_dup() returns the new B<BIGNUM>, and NULL on error. The error codes can be obtained -by L<ERR_get_error(3)|ERR_get_error(3)>. +by L<ERR_get_error(3)>. =head1 SEE ALSO -L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)> +L<bn(3)>, L<ERR_get_error(3)> =head1 HISTORY diff --git a/doc/crypto/BN_generate_prime.pod b/doc/crypto/BN_generate_prime.pod index 858eb0fcd7..316d12fca3 100644 --- a/doc/crypto/BN_generate_prime.pod +++ b/doc/crypto/BN_generate_prime.pod @@ -154,7 +154,7 @@ structure. Callback functions should return 1 on success or 0 on error. -The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. +The error codes can be obtained by L<ERR_get_error(3)>. =head1 REMOVED FUNCTIONALITY @@ -173,7 +173,7 @@ Instead applications should create a BN_GENCB structure using BN_GENCB_new: =head1 SEE ALSO -L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)> +L<bn(3)>, L<ERR_get_error(3)>, L<rand(3)> =head1 HISTORY diff --git a/doc/crypto/BN_mod_inverse.pod b/doc/crypto/BN_mod_inverse.pod index 3ea3975c74..97bb378558 100644 --- a/doc/crypto/BN_mod_inverse.pod +++ b/doc/crypto/BN_mod_inverse.pod @@ -23,11 +23,11 @@ variables. B<r> may be the same B<BIGNUM> as B<a> or B<n>. =head1 RETURN VALUES BN_mod_inverse() returns the B<BIGNUM> containing the inverse, and -NULL on error. The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. +NULL on error. The error codes can be obtained by L<ERR_get_error(3)>. =head1 SEE ALSO -L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)> +L<bn(3)>, L<ERR_get_error(3)>, L<BN_add(3)> =head1 HISTORY diff --git a/doc/crypto/BN_mod_mul_montgomery.pod b/doc/crypto/BN_mod_mul_montgomery.pod index d637e17d4c..9a18a09b74 100644 --- a/doc/crypto/BN_mod_mul_montgomery.pod +++ b/doc/crypto/BN_mod_mul_montgomery.pod @@ -28,7 +28,7 @@ BN_from_montgomery, BN_to_montgomery - Montgomery multiplication =head1 DESCRIPTION These functions implement Montgomery multiplication. They are used -automatically when L<BN_mod_exp(3)|BN_mod_exp(3)> is called with suitable input, +automatically when L<BN_mod_exp(3)> is called with suitable input, but they may be useful when several operations are to be performed using the same modulus. @@ -62,7 +62,7 @@ on error. BN_MONT_CTX_free() has no return value. For the other functions, 1 is returned for success, 0 on error. -The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. +The error codes can be obtained by L<ERR_get_error(3)>. =head1 WARNING @@ -91,8 +91,8 @@ BN_MONT_CTX_new: =head1 SEE ALSO -L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>, -L<BN_CTX_new(3)|BN_CTX_new(3)> +L<bn(3)>, L<ERR_get_error(3)>, L<BN_add(3)>, +L<BN_CTX_new(3)> =head1 HISTORY diff --git a/doc/crypto/BN_mod_mul_reciprocal.pod b/doc/crypto/BN_mod_mul_reciprocal.pod index 7a7d503c83..20357dcacf 100644 --- a/doc/crypto/BN_mod_mul_reciprocal.pod +++ b/doc/crypto/BN_mod_mul_reciprocal.pod @@ -24,7 +24,7 @@ reciprocal =head1 DESCRIPTION BN_mod_mul_reciprocal() can be used to perform an efficient -L<BN_mod_mul(3)|BN_mod_mul(3)> operation when the operation will be performed +L<BN_mod_mul(3)> operation when the operation will be performed repeatedly with the same modulus. It computes B<r>=(B<a>*B<b>)%B<m> using B<recp>=1/B<m>, which is set as described below. B<ctx> is a previously allocated B<BN_CTX> used for temporary variables. @@ -54,7 +54,7 @@ on error. BN_RECP_CTX_init() and BN_RECP_CTX_free() have no return values. For the other functions, 1 is returned for success, 0 on error. -The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. +The error codes can be obtained by L<ERR_get_error(3)>. =head1 REMOVED FUNCTIONALITY @@ -78,8 +78,8 @@ instead: =head1 SEE ALSO -L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>, -L<BN_CTX_new(3)|BN_CTX_new(3)> +L<bn(3)>, L<ERR_get_error(3)>, L<BN_add(3)>, +L<BN_CTX_new(3)> =head1 HISTORY diff --git a/doc/crypto/BN_new.pod b/doc/crypto/BN_new.pod index fa157d3c83..f5b5100083 100644 --- a/doc/crypto/BN_new.pod +++ b/doc/crypto/BN_new.pod @@ -33,7 +33,7 @@ If B<a> is NULL, nothing is done. BN_new() returns a pointer to the B<BIGNUM>. If the allocation fails, it returns B<NULL> and sets an error code that can be obtained -by L<ERR_get_error(3)|ERR_get_error(3)>. +by L<ERR_get_error(3)>. BN_clear(), BN_free() and BN_clear_free() have no return values. @@ -57,7 +57,7 @@ Applications should replace use of BN_init with BN_new instead: =head1 SEE ALSO -L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)> +L<bn(3)>, L<ERR_get_error(3)> =head1 HISTORY diff --git a/doc/crypto/BN_num_bytes.pod b/doc/crypto/BN_num_bytes.pod index a6a2e3f819..54f200b2da 100644 --- a/doc/crypto/BN_num_bytes.pod +++ b/doc/crypto/BN_num_bytes.pod @@ -46,8 +46,8 @@ more probability). =head1 SEE ALSO -L<bn(3)|bn(3)>, L<DH_size(3)|DH_size(3)>, L<DSA_size(3)|DSA_size(3)>, -L<RSA_size(3)|RSA_size(3)> +L<bn(3)>, L<DH_size(3)>, L<DSA_size(3)>, +L<RSA_size(3)> =head1 HISTORY diff --git a/doc/crypto/BN_rand.pod b/doc/crypto/BN_rand.pod index b3aec96cdc..06760637d4 100644 --- a/doc/crypto/BN_rand.pod +++ b/doc/crypto/BN_rand.pod @@ -42,12 +42,12 @@ The PRNG must be seeded prior to calling BN_rand() or BN_rand_range(). =head1 RETURN VALUES The functions return 1 on success, 0 on error. -The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. +The error codes can be obtained by L<ERR_get_error(3)>. =head1 SEE ALSO -L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, -L<RAND_add(3)|RAND_add(3)>, L<RAND_bytes(3)|RAND_bytes(3)> +L<bn(3)>, L<ERR_get_error(3)>, L<rand(3)>, +L<RAND_add(3)>, L<RAND_bytes(3)> =head1 HISTORY diff --git a/doc/crypto/BN_set_bit.pod b/doc/crypto/BN_set_bit.pod index a32cca2cee..20c24f0413 100644 --- a/doc/crypto/BN_set_bit.pod +++ b/doc/crypto/BN_set_bit.pod @@ -51,11 +51,11 @@ For the shift functions, B<r> and B<a> may be the same variable. BN_is_bit_set() returns 1 if the bit is set, 0 otherwise. All other functions return 1 for success, 0 on error. The error codes -can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. +can be obtained by L<ERR_get_error(3)>. =head1 SEE ALSO -L<bn(3)|bn(3)>, L<BN_num_bytes(3)|BN_num_bytes(3)>, L<BN_add(3)|BN_add(3)> +L<bn(3)>, L<BN_num_bytes(3)>, L<BN_add(3)> =head1 HISTORY diff --git a/doc/crypto/BN_swap.pod b/doc/crypto/BN_swap.pod index 79efaa1446..8e764e39a4 100644 --- a/doc/crypto/BN_swap.pod +++ b/doc/crypto/BN_swap.pod @@ -14,7 +14,7 @@ BN_swap - exchange BIGNUMs BN_swap() exchanges the values of I<a> and I<b>. -L<bn(3)|bn(3)> +L<bn(3)> =head1 HISTORY diff --git a/doc/crypto/BN_zero.pod b/doc/crypto/BN_zero.pod index b555ec3988..6b0c6392b4 100644 --- a/doc/crypto/BN_zero.pod +++ b/doc/crypto/BN_zero.pod @@ -45,7 +45,7 @@ unsigned long but this value is also returned on error. =head1 SEE ALSO -L<bn(3)|bn(3)>, L<BN_bn2bin(3)|BN_bn2bin(3)> +L<bn(3)>, L<BN_bn2bin(3)> =head1 HISTORY diff --git a/doc/crypto/CMS_add0_cert.pod b/doc/crypto/CMS_add0_cert.pod index 8678ca18a5..ec1280198e 100644 --- a/doc/crypto/CMS_add0_cert.pod +++ b/doc/crypto/CMS_add0_cert.pod @@ -54,9 +54,9 @@ in practice is if the B<cms> type is invalid. =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)>, -L<CMS_sign(3)|CMS_sign(3)>, -L<CMS_encrypt(3)|CMS_encrypt(3)> +L<ERR_get_error(3)>, +L<CMS_sign(3)>, +L<CMS_encrypt(3)> =head1 HISTORY diff --git a/doc/crypto/CMS_add1_recipient_cert.pod b/doc/crypto/CMS_add1_recipient_cert.pod index d7d8e2532c..4f947034bc 100644 --- a/doc/crypto/CMS_add1_recipient_cert.pod +++ b/doc/crypto/CMS_add1_recipient_cert.pod @@ -51,8 +51,8 @@ occurs. =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_decrypt(3)|CMS_decrypt(3)>, -L<CMS_final(3)|CMS_final(3)>, +L<ERR_get_error(3)>, L<CMS_decrypt(3)>, +L<CMS_final(3)>, =head1 HISTORY diff --git a/doc/crypto/CMS_add1_signer.pod b/doc/crypto/CMS_add1_signer.pod index a055b82695..2bcac66aad 100644 --- a/doc/crypto/CMS_add1_signer.pod +++ b/doc/crypto/CMS_add1_signer.pod @@ -91,8 +91,8 @@ structure just added or NULL if an error occurs. =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_sign(3)|CMS_sign(3)>, -L<CMS_final(3)|CMS_final(3)>, +L<ERR_get_error(3)>, L<CMS_sign(3)>, +L<CMS_final(3)>, =head1 HISTORY diff --git a/doc/crypto/CMS_compress.pod b/doc/crypto/CMS_compress.pod index 0a0715271d..583b1ecc89 100644 --- a/doc/crypto/CMS_compress.pod +++ b/doc/crypto/CMS_compress.pod @@ -63,7 +63,7 @@ occurred. The error can be obtained from ERR_get_error(3). =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_uncompress(3)|CMS_uncompress(3)> +L<ERR_get_error(3)>, L<CMS_uncompress(3)> =head1 HISTORY diff --git a/doc/crypto/CMS_decrypt.pod b/doc/crypto/CMS_decrypt.pod index 3fa9212af3..99e48117d2 100644 --- a/doc/crypto/CMS_decrypt.pod +++ b/doc/crypto/CMS_decrypt.pod @@ -70,7 +70,7 @@ mentioned in CMS_verify() also applies to CMS_decrypt(). =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_encrypt(3)|CMS_encrypt(3)> +L<ERR_get_error(3)>, L<CMS_encrypt(3)> =head1 HISTORY diff --git a/doc/crypto/CMS_encrypt.pod b/doc/crypto/CMS_encrypt.pod index 1ee5b275ec..4750942596 100644 --- a/doc/crypto/CMS_encrypt.pod +++ b/doc/crypto/CMS_encrypt.pod @@ -86,7 +86,7 @@ occurred. The error can be obtained from ERR_get_error(3). =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_decrypt(3)|CMS_decrypt(3)> +L<ERR_get_error(3)>, L<CMS_decrypt(3)> =head1 HISTORY diff --git a/doc/crypto/CMS_final.pod b/doc/crypto/CMS_final.pod index 36cf96b8a0..227ca839b2 100644 --- a/doc/crypto/CMS_final.pod +++ b/doc/crypto/CMS_final.pod @@ -31,8 +31,8 @@ CMS_final() returns 1 for success or 0 for failure. =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_sign(3)|CMS_sign(3)>, -L<CMS_encrypt(3)|CMS_encrypt(3)> +L<ERR_get_error(3)>, L<CMS_sign(3)>, +L<CMS_encrypt(3)> =head1 HISTORY diff --git a/doc/crypto/CMS_get0_RecipientInfos.pod b/doc/crypto/CMS_get0_RecipientInfos.pod index fe49772a86..cc14af7d3e 100644 --- a/doc/crypto/CMS_get0_RecipientInfos.pod +++ b/doc/crypto/CMS_get0_RecipientInfos.pod @@ -107,11 +107,11 @@ CMS_RecipientInfo_encrypt() return 1 for success or 0 if an error occurs. CMS_RecipientInfo_ktri_cert_cmp() and CMS_RecipientInfo_kekri_cmp() return 0 for a successful comparison and non zero otherwise. -Any error can be obtained from L<ERR_get_error(3)|ERR_get_error(3)>. +Any error can be obtained from L<ERR_get_error(3)>. =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_decrypt(3)|CMS_decrypt(3)> +L<ERR_get_error(3)>, L<CMS_decrypt(3)> =head1 HISTORY diff --git a/doc/crypto/CMS_get0_SignerInfos.pod b/doc/crypto/CMS_get0_SignerInfos.pod index b46c0e07ab..531c338c53 100644 --- a/doc/crypto/CMS_get0_SignerInfos.pod +++ b/doc/crypto/CMS_get0_SignerInfos.pod @@ -68,11 +68,11 @@ zero otherwise. CMS_SignerInfo_set1_signer_cert() does not return a value. -Any error can be obtained from L<ERR_get_error(3)|ERR_get_error(3)> +Any error can be obtained from L<ERR_get_error(3)> =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_verify(3)|CMS_verify(3)> +L<ERR_get_error(3)>, L<CMS_verify(3)> =head1 HISTORY diff --git a/doc/crypto/CMS_get0_type.pod b/doc/crypto/CMS_get0_type.pod index 3ed92bdbbe..75ef40ae05 100644 --- a/doc/crypto/CMS_get0_type.pod +++ b/doc/crypto/CMS_get0_type.pod @@ -67,7 +67,7 @@ error can be obtained from ERR_get_error(3). =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)> +L<ERR_get_error(3)> =head1 HISTORY diff --git a/doc/crypto/CMS_get1_ReceiptRequest.pod b/doc/crypto/CMS_get1_ReceiptRequest.pod index f546376a1e..f94baac24b 100644 --- a/doc/crypto/CMS_get1_ReceiptRequest.pod +++ b/doc/crypto/CMS_get1_ReceiptRequest.pod @@ -56,9 +56,9 @@ it is present but malformed. =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_sign(3)|CMS_sign(3)>, -L<CMS_sign_receipt(3)|CMS_sign_receipt(3)>, L<CMS_verify(3)|CMS_verify(3)> -L<CMS_verify_receipt(3)|CMS_verify_receipt(3)> +L<ERR_get_error(3)>, L<CMS_sign(3)>, +L<CMS_sign_receipt(3)>, L<CMS_verify(3)> +L<CMS_verify_receipt(3)> =head1 HISTORY diff --git a/doc/crypto/CMS_sign.pod b/doc/crypto/CMS_sign.pod index 2cc72de327..e05f854d86 100644 --- a/doc/crypto/CMS_sign.pod +++ b/doc/crypto/CMS_sign.pod @@ -109,7 +109,7 @@ occurred. The error can be obtained from ERR_get_error(3). =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_verify(3)|CMS_verify(3)> +L<ERR_get_error(3)>, L<CMS_verify(3)> =head1 HISTORY diff --git a/doc/crypto/CMS_sign_receipt.pod b/doc/crypto/CMS_sign_receipt.pod index cae1f83384..2083c88bb6 100644 --- a/doc/crypto/CMS_sign_receipt.pod +++ b/doc/crypto/CMS_sign_receipt.pod @@ -34,9 +34,9 @@ an error occurred. The error can be obtained from ERR_get_error(3). =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)>, -L<CMS_verify_receipt(3)|CMS_verify_receipt(3)>, -L<CMS_sign(3)|CMS_sign(3)> +L<ERR_get_error(3)>, +L<CMS_verify_receipt(3)>, +L<CMS_sign(3)> =head1 HISTORY diff --git a/doc/crypto/CMS_uncompress.pod b/doc/crypto/CMS_uncompress.pod index c6056b027d..c6943acb24 100644 --- a/doc/crypto/CMS_uncompress.pod +++ b/doc/crypto/CMS_uncompress.pod @@ -45,7 +45,7 @@ mentioned in CMS_verify() also applies to CMS_decompress(). =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_compress(3)|CMS_compress(3)> +L<ERR_get_error(3)>, L<CMS_compress(3)> =head1 HISTORY diff --git a/doc/crypto/CMS_verify.pod b/doc/crypto/CMS_verify.pod index 7a2c1ee251..47ca32b188 100644 --- a/doc/crypto/CMS_verify.pod +++ b/doc/crypto/CMS_verify.pod @@ -104,7 +104,7 @@ occurred. CMS_get0_signers() returns all signers or NULL if an error occurred. -The error can be obtained from L<ERR_get_error(3)|ERR_get_error(3)> +The error can be obtained from L<ERR_get_error(3)> =head1 BUGS @@ -117,7 +117,7 @@ be held in memory if it is not detached. =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_sign(3)|CMS_sign(3)> +L<ERR_get_error(3)>, L<CMS_sign(3)> =head1 HISTORY diff --git a/doc/crypto/CMS_verify_receipt.pod b/doc/crypto/CMS_verify_receipt.pod index 9283e0e04b..1dcc3b8edc 100644 --- a/doc/crypto/CMS_verify_receipt.pod +++ b/doc/crypto/CMS_verify_receipt.pod @@ -32,13 +32,13 @@ supported since they do not make sense in the context of signed receipts. CMS_verify_receipt() returns 1 for a successful verification and zero if an error occurred. -The error can be obtained from L<ERR_get_error(3)|ERR_get_error(3)> +The error can be obtained from L<ERR_get_error(3)> =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)>, -L<CMS_sign_receipt(3)|CMS_sign_receipt(3)>, -L<CMS_verify(3)|CMS_verify(3)>, +L<ERR_get_error(3)>, +L<CMS_sign_receipt(3)>, +L<CMS_verify(3)>, =head1 HISTORY diff --git a/doc/crypto/CONF_modules_free.pod b/doc/crypto/CONF_modules_free.pod index 347020c5fe..866bd3f1d7 100644 --- a/doc/crypto/CONF_modules_free.pod +++ b/doc/crypto/CONF_modules_free.pod @@ -36,8 +36,8 @@ None of the functions return a value. =head1 SEE ALSO -L<conf(5)|conf(5)>, L<OPENSSL_config(3)|OPENSSL_config(3)>, -L<CONF_modules_load_file(3)|CONF_modules_load_file(3)> +L<conf(5)>, L<OPENSSL_config(3)>, +L<CONF_modules_load_file(3)> =head1 HISTORY diff --git a/doc/crypto/CONF_modules_load_file.pod b/doc/crypto/CONF_modules_load_file.pod index 731911a40a..e9930fe78e 100644 --- a/doc/crypto/CONF_modules_load_file.pod +++ b/doc/crypto/CONF_modules_load_file.pod @@ -127,8 +127,8 @@ return value of the failing module (this will always be zero or negative). =head1 SEE ALSO -L<conf(5)|conf(5)>, L<OPENSSL_config(3)|OPENSSL_config(3)>, -L<CONF_free(3)|CONF_free(3)>, L<err(3)|err(3)> +L<conf(5)>, L<OPENSSL_config(3)>, +L<CONF_free(3)>, L<err(3)> =head1 HISTORY diff --git a/doc/crypto/CRYPTO_secure_malloc.pod b/doc/crypto/CRYPTO_secure_malloc.pod index a3b416ed08..5d233dbd77 100644 --- a/doc/crypto/CRYPTO_secure_malloc.pod +++ b/doc/crypto/CRYPTO_secure_malloc.pod @@ -80,8 +80,8 @@ return no values. =head1 SEE ALSO -L<BN_new(3)|BN_new(3)>, -L<bn_internal(3)|bn_internal(3)> +L<BN_new(3)>, +L<bn_internal(3)> =head1 HISTORY diff --git a/doc/crypto/CRYPTO_set_ex_data.pod b/doc/crypto/CRYPTO_set_ex_data.pod index 7409c02aac..8b6c3dee13 100644 --- a/doc/crypto/CRYPTO_set_ex_data.pod +++ b/doc/crypto/CRYPTO_set_ex_data.pod @@ -38,13 +38,13 @@ B<CRYPTO_get_ex_data()> returns the application data or 0 on failure. 0 may also be valid application data but currently it can only fail if given an invalid B<idx> parameter. -On failure an error code can be obtained from L<ERR_get_error(3)|ERR_get_error(3)>. +On failure an error code can be obtained from L<ERR_get_error(3)>. =head1 SEE ALSO -L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>, -L<DSA_get_ex_new_index(3)|DSA_get_ex_new_index(3)>, -L<DH_get_ex_new_index(3)|DH_get_ex_new_index(3)> +L<RSA_get_ex_new_index(3)>, +L<DSA_get_ex_new_index(3)>, +L<DH_get_ex_new_index(3)> =head1 HISTORY diff --git a/doc/crypto/DH_generate_key.pod b/doc/crypto/DH_generate_key.pod index 81f09fdf45..d787704bd2 100644 --- a/doc/crypto/DH_generate_key.pod +++ b/doc/crypto/DH_generate_key.pod @@ -36,11 +36,11 @@ DH_generate_key() returns 1 on success, 0 otherwise. DH_compute_key() returns the size of the shared secret on success, -1 on error. -The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. +The error codes can be obtained by L<ERR_get_error(3)>. =head1 SEE ALSO -L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<DH_size(3)|DH_size(3)> +L<dh(3)>, L<ERR_get_error(3)>, L<rand(3)>, L<DH_size(3)> =head1 HISTORY diff --git a/doc/crypto/DH_generate_parameters.pod b/doc/crypto/DH_generate_parameters.pod index 7f81a04d91..ebbb1848f9 100644 --- a/doc/crypto/DH_generate_parameters.pod +++ b/doc/crypto/DH_generate_parameters.pod @@ -31,9 +31,9 @@ B<generator> is a small number E<gt> 1, typically 2 or 5. A callback function may be used to provide feedback about the progress of the key generation. If B<cb> is not B<NULL>, it will be -called as described in L<BN_generate_prime(3)|BN_generate_prime(3)> while a random prime +called as described in L<BN_generate_prime(3)> while a random prime number is generated, and when a prime has been found, B<BN_GENCB_call(cb, 3, 0)> -is called. See L<BN_generate_prime(3)|BN_generate_prime(3)> for information on +is called. See L<BN_generate_prime(3)> for information on the BN_GENCB_call() function. DH_check() validates Diffie-Hellman parameters. It checks that B<p> is @@ -51,7 +51,7 @@ performed, 0 otherwise. DH_generate_parameters() (deprecated) returns a pointer to the DH structure, or NULL if the parameter generation fails. -The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. +The error codes can be obtained by L<ERR_get_error(3)>. =head1 NOTES @@ -68,8 +68,8 @@ a usable generator. =head1 SEE ALSO -L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, -L<DH_free(3)|DH_free(3)> +L<dh(3)>, L<ERR_get_error(3)>, L<rand(3)>, +L<DH_free(3)> =head1 HISTORY diff --git a/doc/crypto/DH_get_ex_new_index.pod b/doc/crypto/DH_get_ex_new_index.pod index fa5eab2650..18714633bc 100644 --- a/doc/crypto/DH_get_ex_new_index.pod +++ b/doc/crypto/DH_get_ex_new_index.pod @@ -26,7 +26,7 @@ as described in L<RSA_get_ex_new_index(3)>. =head1 SEE ALSO -L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>, L<dh(3)|dh(3)> +L<RSA_get_ex_new_index(3)>, L<dh(3)> =head1 HISTORY diff --git a/doc/crypto/DH_new.pod b/doc/crypto/DH_new.pod index 6245e4adaf..2d9fecdb5a 100644 --- a/doc/crypto/DH_new.pod +++ b/doc/crypto/DH_new.pod @@ -23,16 +23,16 @@ If B<dh> is NULL nothing is done. =head1 RETURN VALUES If the allocation fails, DH_new() returns B<NULL> and sets an error -code that can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. Otherwise it returns +code that can be obtained by L<ERR_get_error(3)>. Otherwise it returns a pointer to the newly allocated structure. DH_free() returns no value. =head1 SEE ALSO -L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, -L<DH_generate_parameters(3)|DH_generate_parameters(3)>, -L<DH_generate_key(3)|DH_generate_key(3)> +L<dh(3)>, L<ERR_get_error(3)>, +L<DH_generate_parameters(3)>, +L<DH_generate_key(3)> =head1 HISTORY diff --git a/doc/crypto/DH_set_method.pod b/doc/crypto/DH_set_method.pod index d5cdc3be0c..8b80f5cc8d 100644 --- a/doc/crypto/DH_set_method.pod +++ b/doc/crypto/DH_set_method.pod @@ -94,7 +94,7 @@ the method for B<dh> (including unloading the ENGINE handle if the previous method was supplied by an ENGINE). DH_new_method() returns NULL and sets an error code that can be obtained by -L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise it +L<ERR_get_error(3)> if the allocation fails. Otherwise it returns a pointer to the newly allocated structure. =head1 NOTES @@ -109,7 +109,7 @@ algorithms. =head1 SEE ALSO -L<dh(3)|dh(3)>, L<DH_new(3)|DH_new(3)> +L<dh(3)>, L<DH_new(3)> =head1 HISTORY diff --git a/doc/crypto/DH_size.pod b/doc/crypto/DH_size.pod index e73f32589a..ab28072e0b 100644 --- a/doc/crypto/DH_size.pod +++ b/doc/crypto/DH_size.pod @@ -28,8 +28,8 @@ The size. =head1 SEE ALSO -L<dh(3)|dh(3)>, L<DH_generate_key(3)|DH_generate_key(3)>, -L<BN_num_bits(3)|BN_num_bits(3)> +L<dh(3)>, L<DH_generate_key(3)>, +L<BN_num_bits(3)> =head1 HISTORY diff --git a/doc/crypto/DSA_SIG_new.pod b/doc/crypto/DSA_SIG_new.pod index 3ac6140038..aa2cb7d125 100644 --- a/doc/crypto/DSA_SIG_new.pod +++ b/doc/crypto/DSA_SIG_new.pod @@ -23,15 +23,15 @@ values are erased before the memory is returned to the system. If the allocation fails, DSA_SIG_new() returns B<NULL> and sets an error code that can be obtained by -L<ERR_get_error(3)|ERR_get_error(3)>. Otherwise it returns a pointer +L<ERR_get_error(3)>. Otherwise it returns a pointer to the newly allocated structure. DSA_SIG_free() returns no value. =head1 SEE ALSO -L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, -L<DSA_do_sign(3)|DSA_do_sign(3)> +L<dsa(3)>, L<ERR_get_error(3)>, +L<DSA_do_sign(3)> =head1 HISTORY diff --git a/doc/crypto/DSA_do_sign.pod b/doc/crypto/DSA_do_sign.pod index 5dfc733b20..7a1970b2aa 100644 --- a/doc/crypto/DSA_do_sign.pod +++ b/doc/crypto/DSA_do_sign.pod @@ -19,7 +19,7 @@ DSA_do_sign() computes a digital signature on the B<len> byte message digest B<dgst> using the private key B<dsa> and returns it in a newly allocated B<DSA_SIG> structure. -L<DSA_sign_setup(3)|DSA_sign_setup(3)> may be used to precompute part +L<DSA_sign_setup(3)> may be used to precompute part of the signing operation in case signature generation is time-critical. @@ -32,13 +32,13 @@ key. DSA_do_sign() returns the signature, NULL on error. DSA_do_verify() returns 1 for a valid signature, 0 for an incorrect signature and -1 on error. The error codes can be obtained by -L<ERR_get_error(3)|ERR_get_error(3)>. +L<ERR_get_error(3)>. =head1 SEE ALSO -L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, -L<DSA_SIG_new(3)|DSA_SIG_new(3)>, -L<DSA_sign(3)|DSA_sign(3)> +L<dsa(3)>, L<ERR_get_error(3)>, L<rand(3)>, +L<DSA_SIG_new(3)>, +L<DSA_sign(3)> =head1 HISTORY diff --git a/doc/crypto/DSA_dup_DH.pod b/doc/crypto/DSA_dup_DH.pod index 7f6f0d1115..b2e5325147 100644 --- a/doc/crypto/DSA_dup_DH.pod +++ b/doc/crypto/DSA_dup_DH.pod @@ -19,7 +19,7 @@ contain its length. =head1 RETURN VALUE DSA_dup_DH() returns the new B<DH> structure, and NULL on error. The -error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. +error codes can be obtained by L<ERR_get_error(3)>. =head1 NOTE @@ -27,7 +27,7 @@ Be careful to avoid small subgroup attacks when using this. =head1 SEE ALSO -L<dh(3)|dh(3)>, L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)> +L<dh(3)>, L<dsa(3)>, L<ERR_get_error(3)> =head1 HISTORY diff --git a/doc/crypto/DSA_generate_key.pod b/doc/crypto/DSA_generate_key.pod index af83ccfaa1..34a9efba30 100644 --- a/doc/crypto/DSA_generate_key.pod +++ b/doc/crypto/DSA_generate_key.pod @@ -20,12 +20,12 @@ The PRNG must be seeded prior to calling DSA_generate_key(). =head1 RETURN VALUE DSA_generate_key() returns 1 on success, 0 otherwise. -The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. +The error codes can be obtained by L<ERR_get_error(3)>. =head1 SEE ALSO -L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, -L<DSA_generate_parameters(3)|DSA_generate_parameters(3)> +L<dsa(3)>, L<ERR_get_error(3)>, L<rand(3)>, +L<DSA_generate_parameters(3)> =head1 HISTORY diff --git a/doc/crypto/DSA_generate_parameters.pod b/doc/crypto/DSA_generate_parameters.pod index 16a67f22b0..d2a0418b52 100644 --- a/doc/crypto/DSA_generate_parameters.pod +++ b/doc/crypto/DSA_generate_parameters.pod @@ -39,7 +39,7 @@ A callback function may be used to provide feedback about the progress of the key generation. If B<cb> is not B<NULL>, it will be called as shown below. For information on the BN_GENCB structure and the BN_GENCB_call function discussed below, refer to -L<BN_generate_prime(3)|BN_generate_prime(3)>. +L<BN_generate_prime(3)>. =over 4 @@ -89,7 +89,7 @@ When the generator has been found, B<BN_GENCB_call(cb, 3, 1)> is called. DSA_generate_parameters() (deprecated) works in much the same way as for DSA_generate_parameters_ex, except that no B<dsa> parameter is passed and instead a newly allocated B<DSA> structure is returned. Additionally "old style" callbacks are used instead of the newer BN_GENCB based approach. -Refer to L<BN_generate_prime(3)|BN_generate_prime(3)> for further information. +Refer to L<BN_generate_prime(3)> for further information. =head1 RETURN VALUE @@ -98,7 +98,7 @@ DSA_generate_parameters_ex() returns a 1 on success, or 0 otherwise. DSA_generate_parameters() returns a pointer to the DSA structure, or B<NULL> if the parameter generation fails. -The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. +The error codes can be obtained by L<ERR_get_error(3)>. =head1 BUGS @@ -106,8 +106,8 @@ Seed lengths E<gt> 20 are not supported. =head1 SEE ALSO -L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, -L<DSA_free(3)|DSA_free(3)>, L<BN_generate_prime(3)|BN_generate_prime(3)> +L<dsa(3)>, L<ERR_get_error(3)>, L<rand(3)>, +L<DSA_free(3)>, L<BN_generate_prime(3)> =head1 HISTORY diff --git a/doc/crypto/DSA_get_ex_new_index.pod b/doc/crypto/DSA_get_ex_new_index.pod index fb6efc1182..43b29b35cc 100644 --- a/doc/crypto/DSA_get_ex_new_index.pod +++ b/doc/crypto/DSA_get_ex_new_index.pod @@ -26,7 +26,7 @@ as described in L<RSA_get_ex_new_index(3)>. =head1 SEE ALSO -L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>, L<dsa(3)|dsa(3)> +L<RSA_get_ex_new_index(3)>, L<dsa(3)> =head1 HISTORY diff --git a/doc/crypto/DSA_new.pod b/doc/crypto/DSA_new.pod index 3a6d582465..766cfd3657 100644 --- a/doc/crypto/DSA_new.pod +++ b/doc/crypto/DSA_new.pod @@ -25,16 +25,16 @@ If B<dsa> is NULL nothing is done. If the allocation fails, DSA_new() returns B<NULL> and sets an error code that can be obtained by -L<ERR_get_error(3)|ERR_get_error(3)>. Otherwise it returns a pointer +L<ERR_get_error(3)>. Otherwise it returns a pointer to the newly allocated structure. DSA_free() returns no value. =head1 SEE ALSO -L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, -L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>, -L<DSA_generate_key(3)|DSA_generate_key(3)> +L<dsa(3)>, L<ERR_get_error(3)>, +L<DSA_generate_parameters(3)>, +L<DSA_generate_key(3)> =head1 HISTORY diff --git a/doc/crypto/DSA_set_method.pod b/doc/crypto/DSA_set_method.pod index 9c1434bd8d..fe0d6e3da9 100644 --- a/doc/crypto/DSA_set_method.pod +++ b/doc/crypto/DSA_set_method.pod @@ -108,7 +108,7 @@ the method for B<dsa> (including unloading the ENGINE handle if the previous method was supplied by an ENGINE). DSA_new_method() returns NULL and sets an error code that can be -obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation +obtained by L<ERR_get_error(3)> if the allocation fails. Otherwise it returns a pointer to the newly allocated structure. =head1 NOTES @@ -123,7 +123,7 @@ algorithms. =head1 SEE ALSO -L<dsa(3)|dsa(3)>, L<DSA_new(3)|DSA_new(3)> +L<dsa(3)>, L<DSA_new(3)> =head1 HISTORY diff --git a/doc/crypto/DSA_sign.pod b/doc/crypto/DSA_sign.pod index 97389e8ec8..da923abc85 100644 --- a/doc/crypto/DSA_sign.pod +++ b/doc/crypto/DSA_sign.pod @@ -46,7 +46,7 @@ is called. DSA_sign() and DSA_sign_setup() return 1 on success, 0 on error. DSA_verify() returns 1 for a valid signature, 0 for an incorrect signature and -1 on error. The error codes can be obtained by -L<ERR_get_error(3)|ERR_get_error(3)>. +L<ERR_get_error(3)>. =head1 CONFORMING TO @@ -55,8 +55,8 @@ Standard, DSS), ANSI X9.30 =head1 SEE ALSO -L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, -L<DSA_do_sign(3)|DSA_do_sign(3)> +L<dsa(3)>, L<ERR_get_error(3)>, L<rand(3)>, +L<DSA_do_sign(3)> =head1 HISTORY diff --git a/doc/crypto/DSA_size.pod b/doc/crypto/DSA_size.pod index ba4f650361..bc96cbdc5d 100644 --- a/doc/crypto/DSA_size.pod +++ b/doc/crypto/DSA_size.pod @@ -24,7 +24,7 @@ The size in bytes. =head1 SEE ALSO -L<dsa(3)|dsa(3)>, L<DSA_sign(3)|DSA_sign(3)> +L<dsa(3)>, L<DSA_sign(3)> =head1 HISTORY diff --git a/doc/crypto/EC_GFp_simple_method.pod b/doc/crypto/EC_GFp_simple_method.pod index aff20ac175..2a21c9393b 100644 --- a/doc/crypto/EC_GFp_simple_method.pod +++ b/doc/crypto/EC_GFp_simple_method.pod @@ -22,7 +22,7 @@ EC_GFp_simple_method, EC_GFp_mont_method, EC_GFp_nist_method, EC_GFp_nistp224_me =head1 DESCRIPTION The Elliptic Curve library provides a number of different implementations through a single common interface. -When constructing a curve using EC_GROUP_new (see L<EC_GROUP_new(3)|EC_GROUP_new(3)>) an +When constructing a curve using EC_GROUP_new (see L<EC_GROUP_new(3)>) an implementation method must be provided. The functions described here all return a const pointer to an B<EC_METHOD> structure that can be passed to EC_GROUP_NEW. It is important that the correct implementation type for the form of curve selected is used. @@ -31,9 +31,9 @@ For F2^m curves there is only one implementation choice, i.e. EC_GF2_simple_meth For Fp curves the lowest common denominator implementation is the EC_GFp_simple_method implementation. All other implementations are based on this one. EC_GFp_mont_method builds on EC_GFp_simple_method but adds the -use of montgomery multiplication (see L<BN_mod_mul_montgomery(3)|BN_mod_mul_montgomery(3)>). EC_GFp_nist_method +use of montgomery multiplication (see L<BN_mod_mul_montgomery(3)>). EC_GFp_nist_method offers an implementation optimised for use with NIST recommended curves (NIST curves are available through -EC_GROUP_new_by_curve_name as described in L<EC_GROUP_new(3)|EC_GROUP_new(3)>). +EC_GROUP_new_by_curve_name as described in L<EC_GROUP_new(3)>). The functions EC_GFp_nistp224_method, EC_GFp_nistp256_method and EC_GFp_nistp521_method offer 64 bit optimised implementations for the NIST P224, P256 and P521 curves respectively. Note, however, that these @@ -52,9 +52,9 @@ EC_METHOD_get_field_type returns an integer that identifies the type of field th =head1 SEE ALSO -L<crypto(3)|crypto(3)>, L<ec(3)|ec(3)>, L<EC_GROUP_new(3)|EC_GROUP_new(3)>, L<EC_GROUP_copy(3)|EC_GROUP_copy(3)>, -L<EC_POINT_new(3)|EC_POINT_new(3)>, L<EC_POINT_add(3)|EC_POINT_add(3)>, L<EC_KEY_new(3)|EC_KEY_new(3)>, -L<d2i_ECPKParameters(3)|d2i_ECPKParameters(3)>, -L<BN_mod_mul_montgomery(3)|BN_mod_mul_montgomery(3)> +L<crypto(3)>, L<ec(3)>, L<EC_GROUP_new(3)>, L<EC_GROUP_copy(3)>, +L<EC_POINT_new(3)>, L<EC_POINT_add(3)>, L<EC_KEY_new(3)>, +L<d2i_ECPKParameters(3)>, +L<BN_mod_mul_montgomery(3)> =cut diff --git a/doc/crypto/EC_GROUP_copy.pod b/doc/crypto/EC_GROUP_copy.pod index a13d2ad811..591ba90900 100644 --- a/doc/crypto/EC_GROUP_copy.pod +++ b/doc/crypto/EC_GROUP_copy.pod @@ -66,7 +66,7 @@ The functions EC_GROUP_get_order and EC_GROUP_get_cofactor populate the provided with the respective order and cofactors for the B<group>. The functions EC_GROUP_set_curve_name and EC_GROUP_get_curve_name, set and get the NID for the curve respectively -(see L<EC_GROUP_new(3)|EC_GROUP_new(3)>). If a curve does not have a NID associated with it, then EC_GROUP_get_curve_name +(see L<EC_GROUP_new(3)>). If a curve does not have a NID associated with it, then EC_GROUP_get_curve_name will return 0. The asn1_flag value is used to determine whether the curve encoding uses @@ -175,8 +175,8 @@ trinomial or pentanomial respectively. Alternatively in the event of an error a =head1 SEE ALSO -L<crypto(3)|crypto(3)>, L<ec(3)|ec(3)>, L<EC_GROUP_new(3)|EC_GROUP_new(3)>, -L<EC_POINT_new(3)|EC_POINT_new(3)>, L<EC_POINT_add(3)|EC_POINT_add(3)>, L<EC_KEY_new(3)|EC_KEY_new(3)>, -L<EC_GFp_simple_method(3)|EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)|d2i_ECPKParameters(3)> +L<crypto(3)>, L<ec(3)>, L<EC_GROUP_new(3)>, +L<EC_POINT_new(3)>, L<EC_POINT_add(3)>, L<EC_KEY_new(3)>, +L<EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)> =cut diff --git a/doc/crypto/EC_GROUP_new.pod b/doc/crypto/EC_GROUP_new.pod index 73d5219684..70d9955cfc 100644 --- a/doc/crypto/EC_GROUP_new.pod +++ b/doc/crypto/EC_GROUP_new.pod @@ -41,7 +41,7 @@ Operations in a binary field are performed relative to an B<irreducible polynomi use a trinomial or a pentanomial for this parameter. A new curve can be constructed by calling EC_GROUP_new, using the implementation provided by B<meth> (see -L<EC_GFp_simple_method(3)|EC_GFp_simple_method(3)>). It is then necessary to call either EC_GROUP_set_curve_GFp or +L<EC_GFp_simple_method(3)>). It is then necessary to call either EC_GROUP_set_curve_GFp or EC_GROUP_set_curve_GF2m as appropriate to create a curve defined over Fp or over F2^m respectively. EC_GROUP_set_curve_GFp sets the curve parameters B<p>, B<a> and B<b> for a curve over Fp stored in B<group>. @@ -90,8 +90,8 @@ EC_GROUP_set_curve_GFp, EC_GROUP_get_curve_GFp, EC_GROUP_set_curve_GF2m, EC_GROU =head1 SEE ALSO -L<crypto(3)|crypto(3)>, L<ec(3)|ec(3)>, L<EC_GROUP_copy(3)|EC_GROUP_copy(3)>, -L<EC_POINT_new(3)|EC_POINT_new(3)>, L<EC_POINT_add(3)|EC_POINT_add(3)>, L<EC_KEY_new(3)|EC_KEY_new(3)>, -L<EC_GFp_simple_method(3)|EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)|d2i_ECPKParameters(3)> +L<crypto(3)>, L<ec(3)>, L<EC_GROUP_copy(3)>, +L<EC_POINT_new(3)>, L<EC_POINT_add(3)>, L<EC_KEY_new(3)>, +L<EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)> =cut diff --git a/doc/crypto/EC_KEY_new.pod b/doc/crypto/EC_KEY_new.pod index fc42cbc7d4..71095e52c5 100644 --- a/doc/crypto/EC_KEY_new.pod +++ b/doc/crypto/EC_KEY_new.pod @@ -42,7 +42,7 @@ An EC_KEY represents a public key and (optionally) an associated private key. A The reference count for the newly created EC_KEY is initially set to 1. A curve can be associated with the EC_KEY by calling EC_KEY_set_group. -Alternatively a new EC_KEY can be constructed by calling EC_KEY_new_by_curve_name and supplying the nid of the associated curve. Refer to L<EC_GROUP_new(3)|EC_GROUP_new(3)> for a description of curve names. This function simply wraps calls to EC_KEY_new and +Alternatively a new EC_KEY can be constructed by calling EC_KEY_new_by_curve_name and supplying the nid of the associated curve. Refer to L<EC_GROUP_new(3)> for a description of curve names. This function simply wraps calls to EC_KEY_new and EC_GROUP_new_by_curve_name. Calling EC_KEY_free decrements the reference count for the EC_KEY object, and if it has dropped to zero then frees the memory associated @@ -69,16 +69,16 @@ on the key to confirm that it is valid. The functions EC_KEY_get0_group, EC_KEY_set_group, EC_KEY_get0_private_key, EC_KEY_set_private_key, EC_KEY_get0_public_key, and EC_KEY_set_public_key get and set the EC_GROUP object, the private key and the EC_POINT public key for the B<key> respectively. The functions EC_KEY_get_conv_form and EC_KEY_set_conv_form get and set the point_conversion_form for the B<key>. For a description -of point_conversion_forms please refer to L<EC_POINT_new(3)|EC_POINT_new(3)>. +of point_conversion_forms please refer to L<EC_POINT_new(3)>. EC_KEY_insert_key_method_data and EC_KEY_get_key_method_data enable the caller to associate arbitrary additional data specific to the elliptic curve scheme being used with the EC_KEY object. This data is treated as a "black box" by the ec library. The data to be stored by EC_KEY_insert_key_method_data is provided in the B<data> parameter, which must have have associated functions for duplicating, freeing and "clear_freeing" the data item. If a subsequent EC_KEY_get_key_method_data call is issued, the functions for duplicating, freeing and "clear_freeing" the data item must be provided again, and they must be the same as they were when the data item was inserted. EC_KEY_set_flags sets the flags in the B<flags> parameter on the EC_KEY object. Any flags that are already set are left set. The currently defined standard flags are EC_FLAG_NON_FIPS_ALLOW and EC_FLAG_FIPS_CHECKED. In addition there is the flag EC_FLAG_COFACTOR_ECDH which is specific to ECDH and is defined in ecdh.h. EC_KEY_get_flags returns the current flags that are set for this EC_KEY. EC_KEY_clear_flags clears the flags indicated by the B<flags> parameter. All other flags are left in their existing state. -EC_KEY_set_asn1_flag sets the asn1_flag on the underlying EC_GROUP object (if set). Refer to L<EC_GROUP_copy(3)|EC_GROUP_copy(3)> for further information on the asn1_flag. +EC_KEY_set_asn1_flag sets the asn1_flag on the underlying EC_GROUP object (if set). Refer to L<EC_GROUP_copy(3)> for further information on the asn1_flag. -EC_KEY_precompute_mult stores multiples of the underlying EC_GROUP generator for faster point multiplication. See also L<EC_POINT_add(3)|EC_POINT_add(3)>. +EC_KEY_precompute_mult stores multiples of the underlying EC_GROUP generator for faster point multiplication. See also L<EC_POINT_add(3)>. =head1 RETURN VALUES @@ -100,10 +100,10 @@ EC_KEY_get_conv_form return the point_conversion_form for the EC_KEY. =head1 SEE ALSO -L<crypto(3)|crypto(3)>, L<ec(3)|ec(3)>, L<EC_GROUP_new(3)|EC_GROUP_new(3)>, -L<EC_GROUP_copy(3)|EC_GROUP_copy(3)>, L<EC_POINT_new(3)|EC_POINT_new(3)>, -L<EC_POINT_add(3)|EC_POINT_add(3)>, -L<EC_GFp_simple_method(3)|EC_GFp_simple_method(3)>, -L<d2i_ECPKParameters(3)|d2i_ECPKParameters(3)> +L<crypto(3)>, L<ec(3)>, L<EC_GROUP_new(3)>, +L<EC_GROUP_copy(3)>, L<EC_POINT_new(3)>, +L<EC_POINT_add(3)>, +L<EC_GFp_simple_method(3)>, +L<d2i_ECPKParameters(3)> =cut diff --git a/doc/crypto/EC_POINT_add.pod b/doc/crypto/EC_POINT_add.pod index ae92640843..eaa7f52786 100644 --- a/doc/crypto/EC_POINT_add.pod +++ b/doc/crypto/EC_POINT_add.pod @@ -46,7 +46,7 @@ EC_POINTs_mul calculates the value generator * B<n> + B<q[0]> * B<m[0]> + ... + B<n> may be NULL. The function EC_GROUP_precompute_mult stores multiples of the generator for faster point multiplication, whilst -EC_GROUP_have_precompute_mult tests whether precomputation has already been done. See L<EC_GROUP_copy(3)|EC_GROUP_copy(3)> for information +EC_GROUP_have_precompute_mult tests whether precomputation has already been done. See L<EC_GROUP_copy(3)> for information about the generator. @@ -65,8 +65,8 @@ EC_GROUP_have_precompute_mult return 1 if a precomputation has been done, or 0 i =head1 SEE ALSO -L<crypto(3)|crypto(3)>, L<ec(3)|ec(3)>, L<EC_GROUP_new(3)|EC_GROUP_new(3)>, L<EC_GROUP_copy(3)|EC_GROUP_copy(3)>, -L<EC_POINT_new(3)|EC_POINT_new(3)>, L<EC_KEY_new(3)|EC_KEY_new(3)>, -L<EC_GFp_simple_method(3)|EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)|d2i_ECPKParameters(3)> +L<crypto(3)>, L<ec(3)>, L<EC_GROUP_new(3)>, L<EC_GROUP_copy(3)>, +L<EC_POINT_new(3)>, L<EC_KEY_new(3)>, +L<EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)> =cut diff --git a/doc/crypto/EC_POINT_new.pod b/doc/crypto/EC_POINT_new.pod index 0a20fced4e..122dccb975 100644 --- a/doc/crypto/EC_POINT_new.pod +++ b/doc/crypto/EC_POINT_new.pod @@ -123,8 +123,8 @@ EC_POINT_hex2point returns the pointer to the EC_POINT supplied, or NULL on erro =head1 SEE ALSO -L<crypto(3)|crypto(3)>, L<ec(3)|ec(3)>, L<EC_GROUP_new(3)|EC_GROUP_new(3)>, L<EC_GROUP_copy(3)|EC_GROUP_copy(3)>, -L<EC_POINT_add(3)|EC_POINT_add(3)>, L<EC_KEY_new(3)|EC_KEY_new(3)>, -L<EC_GFp_simple_method(3)|EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)|d2i_ECPKParameters(3)> +L<crypto(3)>, L<ec(3)>, L<EC_GROUP_new(3)>, L<EC_GROUP_copy(3)>, +L<EC_POINT_add(3)>, L<EC_KEY_new(3)>, +L<EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)> =cut diff --git a/doc/crypto/ERR_GET_LIB.pod b/doc/crypto/ERR_GET_LIB.pod index 2a129da036..fe31f03ee7 100644 --- a/doc/crypto/ERR_GET_LIB.pod +++ b/doc/crypto/ERR_GET_LIB.pod @@ -41,7 +41,7 @@ The library number, function code and reason code respectively. =head1 SEE ALSO -L<err(3)|err(3)>, L<ERR_get_error(3)|ERR_get_error(3)> +L<err(3)>, L<ERR_get_error(3)> =head1 HISTORY diff --git a/doc/crypto/ERR_clear_error.pod b/doc/crypto/ERR_clear_error.pod index 566e1f4e31..d1da2b68e8 100644 --- a/doc/crypto/ERR_clear_error.pod +++ b/doc/crypto/ERR_clear_error.pod @@ -20,7 +20,7 @@ ERR_clear_error() has no return value. =head1 SEE ALSO -L<err(3)|err(3)>, L<ERR_get_error(3)|ERR_get_error(3)> +L<err(3)>, L<ERR_get_error(3)> =head1 HISTORY diff --git a/doc/crypto/ERR_error_string.pod b/doc/crypto/ERR_error_string.pod index cdfa7fe1fe..b3f9a435aa 100644 --- a/doc/crypto/ERR_error_string.pod +++ b/doc/crypto/ERR_error_string.pod @@ -40,13 +40,13 @@ ERR_reason_error_string() return the library name, function name and reason string respectively. The OpenSSL error strings should be loaded by calling -L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)> or, for SSL -applications, L<SSL_load_error_strings(3)|SSL_load_error_strings(3)> +L<ERR_load_crypto_strings(3)> or, for SSL +applications, L<SSL_load_error_strings(3)> first. If there is no text string registered for the given error code, the error string will contain the numeric code. -L<ERR_print_errors(3)|ERR_print_errors(3)> can be used to print +L<ERR_print_errors(3)> can be used to print all error codes currently in the queue. =head1 RETURN VALUES @@ -60,10 +60,10 @@ none is registered for the error code. =head1 SEE ALSO -L<err(3)|err(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, -L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)>, -L<SSL_load_error_strings(3)|SSL_load_error_strings(3)> -L<ERR_print_errors(3)|ERR_print_errors(3)> +L<err(3)>, L<ERR_get_error(3)>, +L<ERR_load_crypto_strings(3)>, +L<SSL_load_error_strings(3)> +L<ERR_print_errors(3)> =head1 HISTORY diff --git a/doc/crypto/ERR_get_error.pod b/doc/crypto/ERR_get_error.pod index 01e196c95f..90b620c623 100644 --- a/doc/crypto/ERR_get_error.pod +++ b/doc/crypto/ERR_get_error.pod @@ -38,9 +38,9 @@ error queue without modifying it. ERR_peek_last_error() returns the latest error code from the thread's error queue without modifying it. -See L<ERR_GET_LIB(3)|ERR_GET_LIB(3)> for obtaining information about +See L<ERR_GET_LIB(3)> for obtaining information about location and reason of the error, and -L<ERR_error_string(3)|ERR_error_string(3)> for human-readable error +L<ERR_error_string(3)> for human-readable error messages. ERR_get_error_line(), ERR_peek_error_line() and @@ -64,8 +64,8 @@ The error code, or 0 if there is no error in the queue. =head1 SEE ALSO -L<err(3)|err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>, -L<ERR_GET_LIB(3)|ERR_GET_LIB(3)> +L<err(3)>, L<ERR_error_string(3)>, +L<ERR_GET_LIB(3)> =head1 HISTORY diff --git a/doc/crypto/ERR_load_crypto_strings.pod b/doc/crypto/ERR_load_crypto_strings.pod index 9bdec75a46..b5ff885efe 100644 --- a/doc/crypto/ERR_load_crypto_strings.pod +++ b/doc/crypto/ERR_load_crypto_strings.pod @@ -35,7 +35,7 @@ ERR_free_strings() return no values. =head1 SEE ALSO -L<err(3)|err(3)>, L<ERR_error_string(3)|ERR_error_string(3)> +L<err(3)>, L<ERR_error_string(3)> =head1 HISTORY diff --git a/doc/crypto/ERR_load_strings.pod b/doc/crypto/ERR_load_strings.pod index 5acdd0edbc..9edf7a3de3 100644 --- a/doc/crypto/ERR_load_strings.pod +++ b/doc/crypto/ERR_load_strings.pod @@ -43,7 +43,7 @@ ERR_get_next_error_library() returns a new library number. =head1 SEE ALSO -L<err(3)|err(3)>, L<ERR_load_strings(3)|ERR_load_strings(3)> +L<err(3)>, L<ERR_load_strings(3)> =head1 HISTORY diff --git a/doc/crypto/ERR_print_errors.pod b/doc/crypto/ERR_print_errors.pod index b100a5fa2b..db890a9cea 100644 --- a/doc/crypto/ERR_print_errors.pod +++ b/doc/crypto/ERR_print_errors.pod @@ -38,10 +38,10 @@ ERR_print_errors() and ERR_print_errors_fp() return no values. =head1 SEE ALSO -L<err(3)|err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>, -L<ERR_get_error(3)|ERR_get_error(3)>, -L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)>, -L<SSL_load_error_strings(3)|SSL_load_error_strings(3)> +L<err(3)>, L<ERR_error_string(3)>, +L<ERR_get_error(3)>, +L<ERR_load_crypto_strings(3)>, +L<SSL_load_error_strings(3)> =head1 HISTORY diff --git a/doc/crypto/ERR_put_error.pod b/doc/crypto/ERR_put_error.pod index acd241fbe4..a87dcae7de 100644 --- a/doc/crypto/ERR_put_error.pod +++ b/doc/crypto/ERR_put_error.pod @@ -23,7 +23,7 @@ This function is usually called by a macro. ERR_add_error_data() associates the concatenation of its B<num> string arguments with the error code added last. -L<ERR_load_strings(3)|ERR_load_strings(3)> can be used to register +L<ERR_load_strings(3)> can be used to register error strings so that the application can a generate human-readable error messages for the error code. @@ -34,7 +34,7 @@ no values. =head1 SEE ALSO -L<err(3)|err(3)>, L<ERR_load_strings(3)|ERR_load_strings(3)> +L<err(3)>, L<ERR_load_strings(3)> =head1 HISTORY diff --git a/doc/crypto/ERR_remove_state.pod b/doc/crypto/ERR_remove_state.pod index a4d38c17fd..236aeb4572 100644 --- a/doc/crypto/ERR_remove_state.pod +++ b/doc/crypto/ERR_remove_state.pod @@ -34,7 +34,7 @@ ERR_remove_thread_state and ERR_remove_state() return no value. =head1 SEE ALSO -L<err(3)|err(3)> +L<err(3)> =head1 HISTORY diff --git a/doc/crypto/ERR_set_mark.pod b/doc/crypto/ERR_set_mark.pod index d3ca4f2e77..122a81bf05 100644 --- a/doc/crypto/ERR_set_mark.pod +++ b/doc/crypto/ERR_set_mark.pod @@ -29,7 +29,7 @@ implies that the stack became empty, otherwise 1. =head1 SEE ALSO -L<err(3)|err(3)> +L<err(3)> =head1 HISTORY diff --git a/doc/crypto/EVP_BytesToKey.pod b/doc/crypto/EVP_BytesToKey.pod index dca5239ecc..c2470df202 100644 --- a/doc/crypto/EVP_BytesToKey.pod +++ b/doc/crypto/EVP_BytesToKey.pod @@ -62,9 +62,9 @@ or 0 on error. =head1 SEE ALSO -L<evp(3)|evp(3)>, L<rand(3)|rand(3)>, -L<PKCS5_PBKDF2_HMAC(3)|PKCS5_PBKDF2_HMAC(3)>, -L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> +L<evp(3)>, L<rand(3)>, +L<PKCS5_PBKDF2_HMAC(3)>, +L<EVP_EncryptInit(3)> =head1 HISTORY diff --git a/doc/crypto/EVP_DigestInit.pod b/doc/crypto/EVP_DigestInit.pod index 06e6d4f0ba..2d7f0dc558 100644 --- a/doc/crypto/EVP_DigestInit.pod +++ b/doc/crypto/EVP_DigestInit.pod @@ -255,8 +255,8 @@ digest name passed on the command line. =head1 SEE ALSO -L<dgst(1)|dgst(1)>, -L<evp(3)|evp(3)> +L<dgst(1)>, +L<evp(3)> =head1 HISTORY diff --git a/doc/crypto/EVP_DigestSignInit.pod b/doc/crypto/EVP_DigestSignInit.pod index 5ad192679c..caad7fa26f 100644 --- a/doc/crypto/EVP_DigestSignInit.pod +++ b/doc/crypto/EVP_DigestSignInit.pod @@ -42,7 +42,7 @@ EVP_DigestSignInit() EVP_DigestSignUpdate() and EVP_DigestSignaFinal() return value of -2 indicates the operation is not supported by the public key algorithm. -The error codes can be obtained from L<ERR_get_error(3)|ERR_get_error(3)>. +The error codes can be obtained from L<ERR_get_error(3)>. =head1 NOTES @@ -73,11 +73,11 @@ which indicates the maximum possible signature for any set of parameters. =head1 SEE ALSO -L<EVP_DigestVerifyInit(3)|EVP_DigestVerifyInit(3)>, -L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>, -L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>, -L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>, -L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)> +L<EVP_DigestVerifyInit(3)>, +L<EVP_DigestInit(3)>, L<err(3)>, +L<evp(3)>, L<hmac(3)>, L<md2(3)>, +L<md5(3)>, L<mdc2(3)>, L<ripemd(3)>, +L<sha(3)>, L<dgst(1)> =head1 HISTORY diff --git a/doc/crypto/EVP_DigestVerifyInit.pod b/doc/crypto/EVP_DigestVerifyInit.pod index e0217e40cb..2068ce71ef 100644 --- a/doc/crypto/EVP_DigestVerifyInit.pod +++ b/doc/crypto/EVP_DigestVerifyInit.pod @@ -42,7 +42,7 @@ indicates that the signature did not verify successfully (that is tbs did not match the original data or the signature was of invalid form) it is not an indication of a more serious error. -The error codes can be obtained from L<ERR_get_error(3)|ERR_get_error(3)>. +The error codes can be obtained from L<ERR_get_error(3)>. =head1 NOTES @@ -68,11 +68,11 @@ will occur. =head1 SEE ALSO -L<EVP_DigestSignInit(3)|EVP_DigestSignInit(3)>, -L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>, -L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>, -L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>, -L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)> +L<EVP_DigestSignInit(3)>, +L<EVP_DigestInit(3)>, L<err(3)>, +L<evp(3)>, L<hmac(3)>, L<md2(3)>, +L<md5(3)>, L<mdc2(3)>, L<ripemd(3)>, +L<sha(3)>, L<dgst(1)> =head1 HISTORY diff --git a/doc/crypto/EVP_EncryptInit.pod b/doc/crypto/EVP_EncryptInit.pod index 3dfc55d7ff..4a31686c3d 100644 --- a/doc/crypto/EVP_EncryptInit.pod +++ b/doc/crypto/EVP_EncryptInit.pod @@ -610,7 +610,7 @@ with a 128-bit key: =head1 SEE ALSO -L<evp(3)|evp(3)> +L<evp(3)> =head1 HISTORY diff --git a/doc/crypto/EVP_OpenInit.pod b/doc/crypto/EVP_OpenInit.pod index 2e710da945..e207b012e3 100644 --- a/doc/crypto/EVP_OpenInit.pod +++ b/doc/crypto/EVP_OpenInit.pod @@ -28,7 +28,7 @@ The IV is supplied in the B<iv> parameter. EVP_OpenUpdate() and EVP_OpenFinal() have exactly the same properties as the EVP_DecryptUpdate() and EVP_DecryptFinal() routines, as -documented on the L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> manual +documented on the L<EVP_EncryptInit(3)> manual page. =head1 NOTES @@ -54,9 +54,9 @@ EVP_OpenFinal() returns 0 if the decrypt failed or 1 for success. =head1 SEE ALSO -L<evp(3)|evp(3)>, L<rand(3)|rand(3)>, -L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>, -L<EVP_SealInit(3)|EVP_SealInit(3)> +L<evp(3)>, L<rand(3)>, +L<EVP_EncryptInit(3)>, +L<EVP_SealInit(3)> =head1 HISTORY diff --git a/doc/crypto/EVP_PKEY_CTX_ctrl.pod b/doc/crypto/EVP_PKEY_CTX_ctrl.pod index 026c10b0e5..5710cfb861 100644 --- a/doc/crypto/EVP_PKEY_CTX_ctrl.pod +++ b/doc/crypto/EVP_PKEY_CTX_ctrl.pod @@ -128,14 +128,14 @@ indicates the operation is not supported by the public key algorithm. =head1 SEE ALSO -L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, -L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>, -L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, -L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, -L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, -L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>, -L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> -L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)> +L<EVP_PKEY_CTX_new(3)>, +L<EVP_PKEY_encrypt(3)>, +L<EVP_PKEY_decrypt(3)>, +L<EVP_PKEY_sign(3)>, +L<EVP_PKEY_verify(3)>, +L<EVP_PKEY_verify_recover(3)>, +L<EVP_PKEY_derive(3)> +L<EVP_PKEY_keygen(3)> =head1 HISTORY diff --git a/doc/crypto/EVP_PKEY_CTX_new.pod b/doc/crypto/EVP_PKEY_CTX_new.pod index d30e007295..5fb5d58f09 100644 --- a/doc/crypto/EVP_PKEY_CTX_new.pod +++ b/doc/crypto/EVP_PKEY_CTX_new.pod @@ -44,7 +44,7 @@ EVP_PKEY_CTX_free() does not return a value. =head1 SEE ALSO -L<EVP_PKEY_new(3)|EVP_PKEY_new(3)> +L<EVP_PKEY_new(3)> =head1 HISTORY diff --git a/doc/crypto/EVP_PKEY_cmp.pod b/doc/crypto/EVP_PKEY_cmp.pod index 94fcf66ce1..9e0107fb0d 100644 --- a/doc/crypto/EVP_PKEY_cmp.pod +++ b/doc/crypto/EVP_PKEY_cmp.pod @@ -55,7 +55,7 @@ keys match, 0 if they don't match, -1 if the key types are different and =head1 SEE ALSO -L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, -L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)> +L<EVP_PKEY_CTX_new(3)>, +L<EVP_PKEY_keygen(3)> =cut diff --git a/doc/crypto/EVP_PKEY_decrypt.pod b/doc/crypto/EVP_PKEY_decrypt.pod index 847983237b..e94f3a8a02 100644 --- a/doc/crypto/EVP_PKEY_decrypt.pod +++ b/doc/crypto/EVP_PKEY_decrypt.pod @@ -79,12 +79,12 @@ Decrypt data using OAEP (for RSA keys): =head1 SEE ALSO -L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, -L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>, -L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, -L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, -L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>, -L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> +L<EVP_PKEY_CTX_new(3)>, +L<EVP_PKEY_encrypt(3)>, +L<EVP_PKEY_sign(3)>, +L<EVP_PKEY_verify(3)>, +L<EVP_PKEY_verify_recover(3)>, +L<EVP_PKEY_derive(3)> =head1 HISTORY diff --git a/doc/crypto/EVP_PKEY_derive.pod b/doc/crypto/EVP_PKEY_derive.pod index 27464be571..f6f3ac7786 100644 --- a/doc/crypto/EVP_PKEY_derive.pod +++ b/doc/crypto/EVP_PKEY_derive.pod @@ -79,12 +79,12 @@ Derive shared secret (for example DH or EC keys): =head1 SEE ALSO -L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, -L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>, -L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, -L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, -L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, -L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>, +L<EVP_PKEY_CTX_new(3)>, +L<EVP_PKEY_encrypt(3)>, +L<EVP_PKEY_decrypt(3)>, +L<EVP_PKEY_sign(3)>, +L<EVP_PKEY_verify(3)>, +L<EVP_PKEY_verify_recover(3)>, =head1 HISTORY diff --git a/doc/crypto/EVP_PKEY_encrypt.pod b/doc/crypto/EVP_PKEY_encrypt.pod index 6799ce1010..819d8643ca 100644 --- a/doc/crypto/EVP_PKEY_encrypt.pod +++ b/doc/crypto/EVP_PKEY_encrypt.pod @@ -43,8 +43,8 @@ indicates the operation is not supported by the public key algorithm. =head1 EXAMPLE -Encrypt data using OAEP (for RSA keys). See also L<PEM_read_PUBKEY(3)|pem(3)> or -L<d2i_X509(3)|d2i_X509(3)> for means to load a public key. You may also simply +Encrypt data using OAEP (for RSA keys). See also L<pem(3)> or +L<d2i_X509(3)> for means to load a public key. You may also simply set 'eng = NULL;' to start with the default OpenSSL RSA implementation: #include <openssl/evp.h> @@ -83,14 +83,14 @@ set 'eng = NULL;' to start with the default OpenSSL RSA implementation: =head1 SEE ALSO -L<d2i_X509(3)|d2i_X509(3)>, -L<engine(3)|engine(3)>, -L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, -L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, -L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, -L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, -L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>, -L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> +L<d2i_X509(3)>, +L<engine(3)>, +L<EVP_PKEY_CTX_new(3)>, +L<EVP_PKEY_decrypt(3)>, +L<EVP_PKEY_sign(3)>, +L<EVP_PKEY_verify(3)>, +L<EVP_PKEY_verify_recover(3)>, +L<EVP_PKEY_derive(3)> =head1 HISTORY diff --git a/doc/crypto/EVP_PKEY_get_default_digest.pod b/doc/crypto/EVP_PKEY_get_default_digest.pod index 8ff597d44a..8ac104efef 100644 --- a/doc/crypto/EVP_PKEY_get_default_digest.pod +++ b/doc/crypto/EVP_PKEY_get_default_digest.pod @@ -29,10 +29,10 @@ public key algorithm. =head1 SEE ALSO -L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, -L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, -L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, -L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>, +L<EVP_PKEY_CTX_new(3)>, +L<EVP_PKEY_sign(3)>, +L<EVP_PKEY_verify(3)>, +L<EVP_PKEY_verify_recover(3)>, =head1 HISTORY diff --git a/doc/crypto/EVP_PKEY_keygen.pod b/doc/crypto/EVP_PKEY_keygen.pod index 2f0256db41..c86e013523 100644 --- a/doc/crypto/EVP_PKEY_keygen.pod +++ b/doc/crypto/EVP_PKEY_keygen.pod @@ -146,13 +146,13 @@ Example of generation callback for OpenSSL public key implementations: =head1 SEE ALSO -L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, -L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>, -L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, -L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, -L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, -L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>, -L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> +L<EVP_PKEY_CTX_new(3)>, +L<EVP_PKEY_encrypt(3)>, +L<EVP_PKEY_decrypt(3)>, +L<EVP_PKEY_sign(3)>, +L<EVP_PKEY_verify(3)>, +L<EVP_PKEY_verify_recover(3)>, +L<EVP_PKEY_derive(3)> =head1 HISTORY diff --git a/doc/crypto/EVP_PKEY_new.pod b/doc/crypto/EVP_PKEY_new.pod index d26b03f36a..acdfd00849 100644 --- a/doc/crypto/EVP_PKEY_new.pod +++ b/doc/crypto/EVP_PKEY_new.pod @@ -28,7 +28,7 @@ particular algorithm. The structure returned by EVP_PKEY_new() is empty. To add a private key to this empty structure the functions described in -L<EVP_PKEY_set1_RSA(3)|EVP_PKEY_set1_RSA(3)> should be used. +L<EVP_PKEY_set1_RSA(3)> should be used. =head1 RETURN VALUES @@ -39,7 +39,7 @@ EVP_PKEY_free() does not return a value. =head1 SEE ALSO -L<EVP_PKEY_set1_RSA(3)|EVP_PKEY_set1_RSA(3)> +L<EVP_PKEY_set1_RSA(3)> =head1 HISTORY diff --git a/doc/crypto/EVP_PKEY_print_private.pod b/doc/crypto/EVP_PKEY_print_private.pod index ce9d70d7a7..8664c4926f 100644 --- a/doc/crypto/EVP_PKEY_print_private.pod +++ b/doc/crypto/EVP_PKEY_print_private.pod @@ -43,8 +43,8 @@ the public key algorithm. =head1 SEE ALSO -L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, -L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)> +L<EVP_PKEY_CTX_new(3)>, +L<EVP_PKEY_keygen(3)> =head1 HISTORY diff --git a/doc/crypto/EVP_PKEY_set1_RSA.pod b/doc/crypto/EVP_PKEY_set1_RSA.pod index 6f10175615..bb164ed141 100644 --- a/doc/crypto/EVP_PKEY_set1_RSA.pod +++ b/doc/crypto/EVP_PKEY_set1_RSA.pod @@ -71,7 +71,7 @@ and EVP_PKEY_assign_EC_KEY() return 1 for success and 0 for failure. =head1 SEE ALSO -L<EVP_PKEY_new(3)|EVP_PKEY_new(3)> +L<EVP_PKEY_new(3)> =head1 HISTORY diff --git a/doc/crypto/EVP_PKEY_sign.pod b/doc/crypto/EVP_PKEY_sign.pod index 21974b4b1a..f189206676 100644 --- a/doc/crypto/EVP_PKEY_sign.pod +++ b/doc/crypto/EVP_PKEY_sign.pod @@ -30,12 +30,12 @@ B<sig> and the amount of data written to B<siglen>. EVP_PKEY_sign() does not hash the data to be signed, and therefore is normally used to sign digests. For signing arbitrary messages, see the -L<EVP_DigestSignInit(3)|EVP_DigestSignInit(3)> and -L<EVP_SignInit(3)|EVP_SignInit(3)> signing interfaces instead. +L<EVP_DigestSignInit(3)> and +L<EVP_SignInit(3)> signing interfaces instead. After the call to EVP_PKEY_sign_init() algorithm specific control operations can be performed to set any appropriate parameters for the -operation (see L<EVP_PKEY_CTX_ctrl(3)|EVP_PKEY_CTX_ctrl(3)>). +operation (see L<EVP_PKEY_CTX_ctrl(3)>). The function EVP_PKEY_sign() can be called more than once on the same context if several operations are performed using the same parameters. @@ -91,13 +91,13 @@ Sign data using RSA with PKCS#1 padding and SHA256 digest: =head1 SEE ALSO -L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, -L<EVP_PKEY_CTX_ctrl(3)|EVP_PKEY_CTX_ctrl(3)>, -L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>, -L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, -L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, -L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>, -L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> +L<EVP_PKEY_CTX_new(3)>, +L<EVP_PKEY_CTX_ctrl(3)>, +L<EVP_PKEY_encrypt(3)>, +L<EVP_PKEY_decrypt(3)>, +L<EVP_PKEY_verify(3)>, +L<EVP_PKEY_verify_recover(3)>, +L<EVP_PKEY_derive(3)> =head1 HISTORY diff --git a/doc/crypto/EVP_PKEY_verify.pod b/doc/crypto/EVP_PKEY_verify.pod index 90612ba2f0..4952b7f416 100644 --- a/doc/crypto/EVP_PKEY_verify.pod +++ b/doc/crypto/EVP_PKEY_verify.pod @@ -77,12 +77,12 @@ Verify signature using PKCS#1 and SHA256 digest: =head1 SEE ALSO -L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, -L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>, -L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, -L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, -L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>, -L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> +L<EVP_PKEY_CTX_new(3)>, +L<EVP_PKEY_encrypt(3)>, +L<EVP_PKEY_decrypt(3)>, +L<EVP_PKEY_sign(3)>, +L<EVP_PKEY_verify_recover(3)>, +L<EVP_PKEY_derive(3)> =head1 HISTORY diff --git a/doc/crypto/EVP_PKEY_verify_recover.pod b/doc/crypto/EVP_PKEY_verify_recover.pod index 23a28a9c43..6c2287bbd6 100644 --- a/doc/crypto/EVP_PKEY_verify_recover.pod +++ b/doc/crypto/EVP_PKEY_verify_recover.pod @@ -89,12 +89,12 @@ Recover digest originally signed using PKCS#1 and SHA256 digest: =head1 SEE ALSO -L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, -L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>, -L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, -L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, -L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, -L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> +L<EVP_PKEY_CTX_new(3)>, +L<EVP_PKEY_encrypt(3)>, +L<EVP_PKEY_decrypt(3)>, +L<EVP_PKEY_sign(3)>, +L<EVP_PKEY_verify(3)>, +L<EVP_PKEY_derive(3)> =head1 HISTORY diff --git a/doc/crypto/EVP_SealInit.pod b/doc/crypto/EVP_SealInit.pod index 19112a542d..50271be39b 100644 --- a/doc/crypto/EVP_SealInit.pod +++ b/doc/crypto/EVP_SealInit.pod @@ -43,7 +43,7 @@ and can be B<NULL>. EVP_SealUpdate() and EVP_SealFinal() have exactly the same properties as the EVP_EncryptUpdate() and EVP_EncryptFinal() routines, as -documented on the L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> manual +documented on the L<EVP_EncryptInit(3)> manual page. =head1 RETURN VALUES @@ -74,9 +74,9 @@ with B<type> set to NULL. =head1 SEE ALSO -L<evp(3)|evp(3)>, L<rand(3)|rand(3)>, -L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>, -L<EVP_OpenInit(3)|EVP_OpenInit(3)> +L<evp(3)>, L<rand(3)>, +L<EVP_EncryptInit(3)>, +L<EVP_OpenInit(3)> =head1 HISTORY diff --git a/doc/crypto/EVP_SignInit.pod b/doc/crypto/EVP_SignInit.pod index 06d02a5fca..9a91b91a0e 100644 --- a/doc/crypto/EVP_SignInit.pod +++ b/doc/crypto/EVP_SignInit.pod @@ -49,7 +49,7 @@ for success and 0 for failure. EVP_PKEY_size() returns the maximum size of a signature in bytes. -The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. +The error codes can be obtained by L<ERR_get_error(3)>. =head1 NOTES @@ -60,7 +60,7 @@ transparent to the algorithm used and much more flexible. Due to the link between message digests and public key algorithms the correct digest algorithm must be used with the correct public key type. A list of algorithms and associated public key algorithms appears in -L<EVP_DigestInit(3)|EVP_DigestInit(3)>. +L<EVP_DigestInit(3)>. When signing with DSA private keys the random number generator must be seeded or the operation will fail. The random number generator does not need to be @@ -90,11 +90,11 @@ The previous two bugs are fixed in the newer EVP_SignDigest*() function. =head1 SEE ALSO -L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>, -L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>, -L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>, -L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>, -L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)> +L<EVP_VerifyInit(3)>, +L<EVP_DigestInit(3)>, L<err(3)>, +L<evp(3)>, L<hmac(3)>, L<md2(3)>, +L<md5(3)>, L<mdc2(3)>, L<ripemd(3)>, +L<sha(3)>, L<dgst(1)> =head1 HISTORY diff --git a/doc/crypto/EVP_VerifyInit.pod b/doc/crypto/EVP_VerifyInit.pod index 9097f09410..ee27de198b 100644 --- a/doc/crypto/EVP_VerifyInit.pod +++ b/doc/crypto/EVP_VerifyInit.pod @@ -41,7 +41,7 @@ failure. EVP_VerifyFinal() returns 1 for a correct signature, 0 for failure and -1 if some other error occurred. -The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. +The error codes can be obtained by L<ERR_get_error(3)>. =head1 NOTES @@ -52,7 +52,7 @@ transparent to the algorithm used and much more flexible. Due to the link between message digests and public key algorithms the correct digest algorithm must be used with the correct public key type. A list of algorithms and associated public key algorithms appears in -L<EVP_DigestInit(3)|EVP_DigestInit(3)>. +L<EVP_DigestInit(3)>. The call to EVP_VerifyFinal() internally finalizes a copy of the digest context. This means that calls to EVP_VerifyUpdate() and EVP_VerifyFinal() can be called @@ -78,12 +78,12 @@ The previous two bugs are fixed in the newer EVP_VerifyDigest*() function. =head1 SEE ALSO -L<evp(3)|evp(3)>, -L<EVP_SignInit(3)|EVP_SignInit(3)>, -L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>, -L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>, -L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>, -L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)> +L<evp(3)>, +L<EVP_SignInit(3)>, +L<EVP_DigestInit(3)>, L<err(3)>, +L<evp(3)>, L<hmac(3)>, L<md2(3)>, +L<md5(3)>, L<mdc2(3)>, L<ripemd(3)>, +L<sha(3)>, L<dgst(1)> =head1 HISTORY diff --git a/doc/crypto/OBJ_nid2obj.pod b/doc/crypto/OBJ_nid2obj.pod index 7acb4c4a6d..b2b815db65 100644 --- a/doc/crypto/OBJ_nid2obj.pod +++ b/doc/crypto/OBJ_nid2obj.pod @@ -156,7 +156,7 @@ a NID or B<NID_undef> on error. =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)> +L<ERR_get_error(3)> =head1 HISTORY diff --git a/doc/crypto/OCSP_REQUEST_new.pod b/doc/crypto/OCSP_REQUEST_new.pod index 563fed3c12..b74f56a232 100644 --- a/doc/crypto/OCSP_REQUEST_new.pod +++ b/doc/crypto/OCSP_REQUEST_new.pod @@ -97,11 +97,11 @@ B<issuer>: =head1 SEE ALSO -L<crypto(3)|crypto(3)>, -L<OCSP_cert_to_id(3)|OCSP_cert_to_id(3)>, -L<OCSP_request_add1_nonce(3)|OCSP_request_add1_nonce(3)>, -L<OCSP_response_find_status(3)|OCSP_response_find_status(3)>, -L<OCSP_response_status(3)|OCSP_response_status(3)>, -L<OCSP_sendreq_new(3)|OCSP_sendreq_new(3)> +L<crypto(3)>, +L<OCSP_cert_to_id(3)>, +L<OCSP_request_add1_nonce(3)>, +L<OCSP_response_find_status(3)>, +L<OCSP_response_status(3)>, +L<OCSP_sendreq_new(3)> =cut diff --git a/doc/crypto/OCSP_cert_to_id.pod b/doc/crypto/OCSP_cert_to_id.pod index 2eab1d3825..8eb1844611 100644 --- a/doc/crypto/OCSP_cert_to_id.pod +++ b/doc/crypto/OCSP_cert_to_id.pod @@ -68,11 +68,11 @@ B<OCSP_CERTID> structure is freed. =head1 SEE ALSO -L<crypto(3)|crypto(3)>, -L<OCSP_request_add1_nonce(3)|OCSP_request_add1_nonce(3)>, -L<OCSP_REQUEST_new(3)|OCSP_REQUEST_new(3)>, -L<OCSP_response_find_status(3)|OCSP_response_find_status(3)>, -L<OCSP_response_status(3)|OCSP_response_status(3)>, -L<OCSP_sendreq_new(3)|OCSP_sendreq_new(3)> +L<crypto(3)>, +L<OCSP_request_add1_nonce(3)>, +L<OCSP_REQUEST_new(3)>, +L<OCSP_response_find_status(3)>, +L<OCSP_response_status(3)>, +L<OCSP_sendreq_new(3)> =cut diff --git a/doc/crypto/OCSP_request_add1_nonce.pod b/doc/crypto/OCSP_request_add1_nonce.pod index 8fe319706a..a95000e2f7 100644 --- a/doc/crypto/OCSP_request_add1_nonce.pod +++ b/doc/crypto/OCSP_request_add1_nonce.pod @@ -63,11 +63,11 @@ condition. =head1 SEE ALSO -L<crypto(3)|crypto(3)>, -L<OCSP_cert_to_id(3)|OCSP_cert_to_id(3)>, -L<OCSP_REQUEST_new(3)|OCSP_REQUEST_new(3)>, -L<OCSP_response_find_status(3)|OCSP_response_find_status(3)>, -L<OCSP_response_status(3)|OCSP_response_status(3)>, -L<OCSP_sendreq_new(3)|OCSP_sendreq_new(3)> +L<crypto(3)>, +L<OCSP_cert_to_id(3)>, +L<OCSP_REQUEST_new(3)>, +L<OCSP_response_find_status(3)>, +L<OCSP_response_status(3)>, +L<OCSP_sendreq_new(3)> =cut diff --git a/doc/crypto/OCSP_response_find_status.pod b/doc/crypto/OCSP_response_find_status.pod index 1f4666a8fb..9ea2b7ca11 100644 --- a/doc/crypto/OCSP_response_find_status.pod +++ b/doc/crypto/OCSP_response_find_status.pod @@ -94,11 +94,11 @@ parameters can be set to NULL if their value is not required. =head1 SEE ALSO -L<crypto(3)|crypto(3)>, -L<OCSP_cert_to_id(3)|OCSP_cert_to_id(3)>, -L<OCSP_request_add1_nonce(3)|OCSP_request_add1_nonce(3)>, -L<OCSP_REQUEST_new(3)|OCSP_REQUEST_new(3)>, -L<OCSP_response_status(3)|OCSP_response_status(3)>, -L<OCSP_sendreq_new(3)|OCSP_sendreq_new(3)> +L<crypto(3)>, +L<OCSP_cert_to_id(3)>, +L<OCSP_request_add1_nonce(3)>, +L<OCSP_REQUEST_new(3)>, +L<OCSP_response_status(3)>, +L<OCSP_sendreq_new(3)> =cut diff --git a/doc/crypto/OCSP_response_status.pod b/doc/crypto/OCSP_response_status.pod index 7121872f23..5946734b43 100644 --- a/doc/crypto/OCSP_response_status.pod +++ b/doc/crypto/OCSP_response_status.pod @@ -47,11 +47,11 @@ B<OCSP_RESPONSE_STATUS_SUCCESSFUL>. =head1 SEE ALSO -L<crypto(3)|crypto(3)> -L<OCSP_cert_to_id(3)|OCSP_cert_to_id(3)> -L<OCSP_request_add1_nonce(3)|OCSP_request_add1_nonce(3)> -L<OCSP_REQUEST_new(3)|OCSP_REQUEST_new(3)> -L<OCSP_response_find_status(3)|OCSP_response_find_status(3)> -L<OCSP_sendreq_new(3)|OCSP_sendreq_new(3)> +L<crypto(3)> +L<OCSP_cert_to_id(3)> +L<OCSP_request_add1_nonce(3)> +L<OCSP_REQUEST_new(3)> +L<OCSP_response_find_status(3)> +L<OCSP_sendreq_new(3)> =cut diff --git a/doc/crypto/OCSP_sendreq_new.pod b/doc/crypto/OCSP_sendreq_new.pod index cab11f71c5..b0515120ef 100644 --- a/doc/crypto/OCSP_sendreq_new.pod +++ b/doc/crypto/OCSP_sendreq_new.pod @@ -103,11 +103,11 @@ applications is not recommended. =head1 SEE ALSO -L<crypto(3)|crypto(3)>, -L<OCSP_cert_to_id(3)|OCSP_cert_to_id(3)>, -L<OCSP_request_add1_nonce(3)|OCSP_request_add1_nonce(3)>, -L<OCSP_REQUEST_new(3)|OCSP_REQUEST_new(3)>, -L<OCSP_response_find_status(3)|OCSP_response_find_status(3)>, -L<OCSP_response_status(3)|OCSP_response_status(3)> +L<crypto(3)>, +L<OCSP_cert_to_id(3)>, +L<OCSP_request_add1_nonce(3)>, +L<OCSP_REQUEST_new(3)>, +L<OCSP_response_find_status(3)>, +L<OCSP_response_status(3)> =cut diff --git a/doc/crypto/OPENSSL_VERSION_NUMBER.pod b/doc/crypto/OPENSSL_VERSION_NUMBER.pod index f7ca7cb790..f76a9d3f37 100644 --- a/doc/crypto/OPENSSL_VERSION_NUMBER.pod +++ b/doc/crypto/OPENSSL_VERSION_NUMBER.pod @@ -90,7 +90,7 @@ The version number. =head1 SEE ALSO -L<crypto(3)|crypto(3)> +L<crypto(3)> =head1 HISTORY diff --git a/doc/crypto/OPENSSL_config.pod b/doc/crypto/OPENSSL_config.pod index 91d61f3f51..cc86f24f6e 100644 --- a/doc/crypto/OPENSSL_config.pod +++ b/doc/crypto/OPENSSL_config.pod @@ -58,9 +58,9 @@ Neither OPENSSL_config() nor OPENSSL_no_config() return a value. =head1 SEE ALSO -L<conf(5)|conf(5)>, -L<CONF_modules_load_file(3)|CONF_modules_load_file(3)>, -L<CONF_modules_free(3)|CONF_modules_free(3)> +L<conf(5)>, +L<CONF_modules_load_file(3)>, +L<CONF_modules_free(3)> =head1 HISTORY diff --git a/doc/crypto/OPENSSL_load_builtin_modules.pod b/doc/crypto/OPENSSL_load_builtin_modules.pod index de62912ff2..8ff3d79460 100644 --- a/doc/crypto/OPENSSL_load_builtin_modules.pod +++ b/doc/crypto/OPENSSL_load_builtin_modules.pod @@ -42,7 +42,7 @@ None of the functions return a value. =head1 SEE ALSO -L<conf(3)|conf(3)>, L<OPENSSL_config(3)|OPENSSL_config(3)> +L<conf(3)>, L<OPENSSL_config(3)> =head1 HISTORY diff --git a/doc/crypto/OpenSSL_add_all_algorithms.pod b/doc/crypto/OpenSSL_add_all_algorithms.pod index bcb79e5f6b..3ca0576da8 100644 --- a/doc/crypto/OpenSSL_add_all_algorithms.pod +++ b/doc/crypto/OpenSSL_add_all_algorithms.pod @@ -60,7 +60,7 @@ too much of a problem in practice. =head1 SEE ALSO -L<evp(3)|evp(3)>, L<EVP_DigestInit(3)|EVP_DigestInit(3)>, -L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> +L<evp(3)>, L<EVP_DigestInit(3)>, +L<EVP_EncryptInit(3)> =cut diff --git a/doc/crypto/PEM_write_bio_CMS_stream.pod b/doc/crypto/PEM_write_bio_CMS_stream.pod index e070c45c2e..35260c1e52 100644 --- a/doc/crypto/PEM_write_bio_CMS_stream.pod +++ b/doc/crypto/PEM_write_bio_CMS_stream.pod @@ -28,11 +28,11 @@ PEM_write_bio_CMS_stream() returns 1 for success or 0 for failure. =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_sign(3)|CMS_sign(3)>, -L<CMS_verify(3)|CMS_verify(3)>, L<CMS_encrypt(3)|CMS_encrypt(3)> -L<CMS_decrypt(3)|CMS_decrypt(3)>, -L<SMIME_write_CMS(3)|SMIME_write_CMS(3)>, -L<i2d_CMS_bio_stream(3)|i2d_CMS_bio_stream(3)> +L<ERR_get_error(3)>, L<CMS_sign(3)>, +L<CMS_verify(3)>, L<CMS_encrypt(3)> +L<CMS_decrypt(3)>, +L<SMIME_write_CMS(3)>, +L<i2d_CMS_bio_stream(3)> =head1 HISTORY diff --git a/doc/crypto/PEM_write_bio_PKCS7_stream.pod b/doc/crypto/PEM_write_bio_PKCS7_stream.pod index 16fc9b6845..121d418362 100644 --- a/doc/crypto/PEM_write_bio_PKCS7_stream.pod +++ b/doc/crypto/PEM_write_bio_PKCS7_stream.pod @@ -28,11 +28,11 @@ PEM_write_bio_PKCS7_stream() returns 1 for success or 0 for failure. =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_sign(3)|PKCS7_sign(3)>, -L<PKCS7_verify(3)|PKCS7_verify(3)>, L<PKCS7_encrypt(3)|PKCS7_encrypt(3)> -L<PKCS7_decrypt(3)|PKCS7_decrypt(3)>, -L<SMIME_write_PKCS7(3)|SMIME_write_PKCS7(3)>, -L<i2d_PKCS7_bio_stream(3)|i2d_PKCS7_bio_stream(3)> +L<ERR_get_error(3)>, L<PKCS7_sign(3)>, +L<PKCS7_verify(3)>, L<PKCS7_encrypt(3)> +L<PKCS7_decrypt(3)>, +L<SMIME_write_PKCS7(3)>, +L<i2d_PKCS7_bio_stream(3)> =head1 HISTORY diff --git a/doc/crypto/PKCS12_create.pod b/doc/crypto/PKCS12_create.pod index 88397fe450..76edc4800b 100644 --- a/doc/crypto/PKCS12_create.pod +++ b/doc/crypto/PKCS12_create.pod @@ -66,7 +66,7 @@ B<mac_iter> can be set to -1 and the MAC will then be omitted entirely. =head1 SEE ALSO -L<d2i_PKCS12(3)|d2i_PKCS12(3)> +L<d2i_PKCS12(3)> =head1 HISTORY diff --git a/doc/crypto/PKCS12_parse.pod b/doc/crypto/PKCS12_parse.pod index c54cf2ad61..3691a9b254 100644 --- a/doc/crypto/PKCS12_parse.pod +++ b/doc/crypto/PKCS12_parse.pod @@ -33,7 +33,7 @@ B<X509> structure. PKCS12_parse() returns 1 for success and zero if an error occurred. -The error can be obtained from L<ERR_get_error(3)|ERR_get_error(3)> +The error can be obtained from L<ERR_get_error(3)> =head1 BUGS @@ -48,7 +48,7 @@ Attributes currently cannot be stored in the private key B<EVP_PKEY> structure. =head1 SEE ALSO -L<d2i_PKCS12(3)|d2i_PKCS12(3)> +L<d2i_PKCS12(3)> =head1 HISTORY diff --git a/doc/crypto/PKCS5_PBKDF2_HMAC.pod b/doc/crypto/PKCS5_PBKDF2_HMAC.pod index 7287993360..b04e476a81 100644 --- a/doc/crypto/PKCS5_PBKDF2_HMAC.pod +++ b/doc/crypto/PKCS5_PBKDF2_HMAC.pod @@ -58,8 +58,8 @@ PKCS5_PBKDF2_HMAC() and PBKCS5_PBKDF2_HMAC_SHA1() return 1 on success or 0 on er =head1 SEE ALSO -L<evp(3)|evp(3)>, L<rand(3)|rand(3)>, -L<EVP_BytesToKey(3)|EVP_BytesToKey(3)> +L<evp(3)>, L<rand(3)>, +L<EVP_BytesToKey(3)> =head1 HISTORY diff --git a/doc/crypto/PKCS7_decrypt.pod b/doc/crypto/PKCS7_decrypt.pod index 325699d0b6..9bb367d800 100644 --- a/doc/crypto/PKCS7_decrypt.pod +++ b/doc/crypto/PKCS7_decrypt.pod @@ -46,7 +46,7 @@ mentioned in PKCS7_sign() also applies to PKCS7_verify(). =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_encrypt(3)|PKCS7_encrypt(3)> +L<ERR_get_error(3)>, L<PKCS7_encrypt(3)> =head1 HISTORY diff --git a/doc/crypto/PKCS7_encrypt.pod b/doc/crypto/PKCS7_encrypt.pod index 2cd925a7e0..71618d9c87 100644 --- a/doc/crypto/PKCS7_encrypt.pod +++ b/doc/crypto/PKCS7_encrypt.pod @@ -70,7 +70,7 @@ The error can be obtained from ERR_get_error(3). =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_decrypt(3)|PKCS7_decrypt(3)> +L<ERR_get_error(3)>, L<PKCS7_decrypt(3)> =head1 HISTORY diff --git a/doc/crypto/PKCS7_sign.pod b/doc/crypto/PKCS7_sign.pod index c788c4b234..f6fe3b6e71 100644 --- a/doc/crypto/PKCS7_sign.pod +++ b/doc/crypto/PKCS7_sign.pod @@ -103,7 +103,7 @@ occurred. The error can be obtained from ERR_get_error(3). =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_verify(3)|PKCS7_verify(3)> +L<ERR_get_error(3)>, L<PKCS7_verify(3)> =head1 HISTORY diff --git a/doc/crypto/PKCS7_sign_add_signer.pod b/doc/crypto/PKCS7_sign_add_signer.pod index f09a0f9439..580a9a14e3 100644 --- a/doc/crypto/PKCS7_sign_add_signer.pod +++ b/doc/crypto/PKCS7_sign_add_signer.pod @@ -77,8 +77,8 @@ structure just added or NULL if an error occurs. =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_sign(3)|PKCS7_sign(3)>, -L<PKCS7_final(3)|PKCS7_final(3)>, +L<ERR_get_error(3)>, L<PKCS7_sign(3)>, +L<PKCS7_final(3)>, =head1 HISTORY diff --git a/doc/crypto/PKCS7_verify.pod b/doc/crypto/PKCS7_verify.pod index cad304ee10..b440f4dcb3 100644 --- a/doc/crypto/PKCS7_verify.pod +++ b/doc/crypto/PKCS7_verify.pod @@ -96,7 +96,7 @@ if an error occurs. PKCS7_get0_signers() returns all signers or B<NULL> if an error occurred. -The error can be obtained from L<ERR_get_error(3)|ERR_get_error(3)> +The error can be obtained from L<ERR_get_error(3)> =head1 BUGS @@ -109,7 +109,7 @@ mentioned in PKCS7_sign() also applies to PKCS7_verify(). =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_sign(3)|PKCS7_sign(3)> +L<ERR_get_error(3)>, L<PKCS7_sign(3)> =head1 HISTORY diff --git a/doc/crypto/RAND_add.pod b/doc/crypto/RAND_add.pod index 67c66f3e0c..b160eeb699 100644 --- a/doc/crypto/RAND_add.pod +++ b/doc/crypto/RAND_add.pod @@ -37,8 +37,8 @@ OpenSSL makes sure that the PRNG state is unique for each thread. On systems that provide C</dev/urandom>, the randomness device is used to seed the PRNG transparently. However, on all other systems, the application is responsible for seeding the PRNG by calling RAND_add(), -L<RAND_egd(3)|RAND_egd(3)> -or L<RAND_load_file(3)|RAND_load_file(3)>. +L<RAND_egd(3)> +or L<RAND_load_file(3)>. RAND_seed() is equivalent to RAND_add() when B<num == entropy>. @@ -65,8 +65,8 @@ The other functions do not return values. =head1 SEE ALSO -L<rand(3)|rand(3)>, L<RAND_egd(3)|RAND_egd(3)>, -L<RAND_load_file(3)|RAND_load_file(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)> +L<rand(3)>, L<RAND_egd(3)>, +L<RAND_load_file(3)>, L<RAND_cleanup(3)> =head1 HISTORY diff --git a/doc/crypto/RAND_bytes.pod b/doc/crypto/RAND_bytes.pod index f3a5ed22f8..6a41c37103 100644 --- a/doc/crypto/RAND_bytes.pod +++ b/doc/crypto/RAND_bytes.pod @@ -34,15 +34,15 @@ the new pseudo-random bytes unless disabled at compile time (see FAQ). =head1 RETURN VALUES RAND_bytes() returns 1 on success, 0 otherwise. The error code can be -obtained by L<ERR_get_error(3)|ERR_get_error(3)>. RAND_pseudo_bytes() returns 1 if the +obtained by L<ERR_get_error(3)>. RAND_pseudo_bytes() returns 1 if the bytes generated are cryptographically strong, 0 otherwise. Both functions return -1 if they are not supported by the current RAND method. =head1 SEE ALSO -L<rand(3)|rand(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, -L<RAND_add(3)|RAND_add(3)> +L<rand(3)>, L<ERR_get_error(3)>, +L<RAND_add(3)> =head1 HISTORY diff --git a/doc/crypto/RAND_cleanup.pod b/doc/crypto/RAND_cleanup.pod index 3a8f0749a8..e9b3af934b 100644 --- a/doc/crypto/RAND_cleanup.pod +++ b/doc/crypto/RAND_cleanup.pod @@ -20,7 +20,7 @@ RAND_cleanup() returns no value. =head1 SEE ALSO -L<rand(3)|rand(3)> +L<rand(3)> =head1 HISTORY diff --git a/doc/crypto/RAND_egd.pod b/doc/crypto/RAND_egd.pod index 80fa734d18..5a28545986 100644 --- a/doc/crypto/RAND_egd.pod +++ b/doc/crypto/RAND_egd.pod @@ -16,12 +16,12 @@ RAND_egd, RAND_egd_bytes, RAND_query_egd_bytes - query entropy gathering daemon =head1 DESCRIPTION RAND_egd() queries the entropy gathering daemon EGD on socket B<path>. -It queries 255 bytes and uses L<RAND_add(3)|RAND_add(3)> to seed the +It queries 255 bytes and uses L<RAND_add(3)> to seed the OpenSSL built-in PRNG. RAND_egd(path) is a wrapper for RAND_egd_bytes(path, 255); RAND_egd_bytes() queries the entropy gathering daemon EGD on socket B<path>. -It queries B<bytes> bytes and uses L<RAND_add(3)|RAND_add(3)> to seed the +It queries B<bytes> bytes and uses L<RAND_add(3)> to seed the OpenSSL built-in PRNG. This function is more flexible than RAND_egd(). When only one secret key must @@ -32,7 +32,7 @@ that can be retrieved from EGD over time is limited. RAND_query_egd_bytes() performs the actual query of the EGD daemon on socket B<path>. If B<buf> is given, B<bytes> bytes are queried and written into B<buf>. If B<buf> is NULL, B<bytes> bytes are queried and used to seed the -OpenSSL built-in PRNG using L<RAND_add(3)|RAND_add(3)>. +OpenSSL built-in PRNG using L<RAND_add(3)>. =head1 NOTES @@ -72,8 +72,8 @@ success, and -1 if the connection failed. The PRNG state is not considered. =head1 SEE ALSO -L<rand(3)|rand(3)>, L<RAND_add(3)|RAND_add(3)>, -L<RAND_cleanup(3)|RAND_cleanup(3)> +L<rand(3)>, L<RAND_add(3)>, +L<RAND_cleanup(3)> =head1 HISTORY diff --git a/doc/crypto/RAND_load_file.pod b/doc/crypto/RAND_load_file.pod index d8c134e621..e19757e40e 100644 --- a/doc/crypto/RAND_load_file.pod +++ b/doc/crypto/RAND_load_file.pod @@ -43,7 +43,7 @@ error. =head1 SEE ALSO -L<rand(3)|rand(3)>, L<RAND_add(3)|RAND_add(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)> +L<rand(3)>, L<RAND_add(3)>, L<RAND_cleanup(3)> =head1 HISTORY diff --git a/doc/crypto/RAND_set_rand_method.pod b/doc/crypto/RAND_set_rand_method.pod index e5b780fad0..a2828e3d47 100644 --- a/doc/crypto/RAND_set_rand_method.pod +++ b/doc/crypto/RAND_set_rand_method.pod @@ -67,7 +67,7 @@ algorithms. =head1 SEE ALSO -L<rand(3)|rand(3)>, L<engine(3)|engine(3)> +L<rand(3)>, L<engine(3)> =head1 HISTORY diff --git a/doc/crypto/RSA_blinding_on.pod b/doc/crypto/RSA_blinding_on.pod index fd2c69abd8..e512bbfe88 100644 --- a/doc/crypto/RSA_blinding_on.pod +++ b/doc/crypto/RSA_blinding_on.pod @@ -34,7 +34,7 @@ RSA_blinding_off() returns no value. =head1 SEE ALSO -L<rsa(3)|rsa(3)>, L<rand(3)|rand(3)> +L<rsa(3)>, L<rand(3)> =head1 HISTORY diff --git a/doc/crypto/RSA_check_key.pod b/doc/crypto/RSA_check_key.pod index 522a6c2b5e..ec020635f7 100644 --- a/doc/crypto/RSA_check_key.pod +++ b/doc/crypto/RSA_check_key.pod @@ -29,7 +29,7 @@ Therefore, it cannot be used with any arbitrary RSA key object, even if it is otherwise fit for regular RSA operation. The B<cb> parameter is a callback that will be invoked in the same -manner as L<BN_is_prime_ex(3)|BN_is_prime_ex(3)>. +manner as L<BN_is_prime_ex(3)>. RSA_check_key() is equivalent to RSA_check_key_ex() with a NULL B<cb>. @@ -40,7 +40,7 @@ return 1 if B<rsa> is a valid RSA key, and 0 otherwise. They return -1 if an error occurs while checking the key. If the key is invalid or an error occurred, the reason code can be -obtained using L<ERR_get_error(3)|ERR_get_error(3)>. +obtained using L<ERR_get_error(3)>. =head1 NOTES @@ -65,9 +65,9 @@ provide their own verifiers. =head1 SEE ALSO -L<BN_is_prime_ex(3)|BN_is_prime_ex(3)>, -L<rsa(3)|rsa(3)>, -L<ERR_get_error(3)|ERR_get_error(3)> +L<BN_is_prime_ex(3)>, +L<rsa(3)>, +L<ERR_get_error(3)> =head1 HISTORY diff --git a/doc/crypto/RSA_generate_key.pod b/doc/crypto/RSA_generate_key.pod index 881391a045..130acf97d5 100644 --- a/doc/crypto/RSA_generate_key.pod +++ b/doc/crypto/RSA_generate_key.pod @@ -28,14 +28,14 @@ The exponent is an odd number, typically 3, 17 or 65537. A callback function may be used to provide feedback about the progress of the key generation. If B<cb> is not B<NULL>, it will be called as follows using the BN_GENCB_call() function -described on the L<BN_generate_prime(3)|BN_generate_prime(3)> page. +described on the L<BN_generate_prime(3)> page. =over 4 =item * While a random prime number is generated, it is called as -described in L<BN_generate_prime(3)|BN_generate_prime(3)>. +described in L<BN_generate_prime(3)>. =item * @@ -54,13 +54,13 @@ The process is then repeated for prime q with B<BN_GENCB_call(cb, 3, 1)>. RSA_generate_key is deprecated (new applications should use RSA_generate_key_ex instead). RSA_generate_key works in the same was as RSA_generate_key_ex except it uses "old style" call backs. See -L<BN_generate_prime(3)|BN_generate_prime(3)> for further details. +L<BN_generate_prime(3)> for further details. =head1 RETURN VALUE If key generation fails, RSA_generate_key() returns B<NULL>. -The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. +The error codes can be obtained by L<ERR_get_error(3)>. =head1 BUGS @@ -70,8 +70,8 @@ RSA_generate_key() goes into an infinite loop for illegal input values. =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, -L<RSA_free(3)|RSA_free(3)>, L<BN_generate_prime(3)|BN_generate_prime(3)> +L<ERR_get_error(3)>, L<rand(3)>, L<rsa(3)>, +L<RSA_free(3)>, L<BN_generate_prime(3)> =head1 HISTORY diff --git a/doc/crypto/RSA_get_ex_new_index.pod b/doc/crypto/RSA_get_ex_new_index.pod index 7d0fd1f91d..9b52559543 100644 --- a/doc/crypto/RSA_get_ex_new_index.pod +++ b/doc/crypto/RSA_get_ex_new_index.pod @@ -97,7 +97,7 @@ parameter. B<new_func()> and B<dup_func()> should return 0 for failure and 1 for success. -On failure an error code can be obtained from L<ERR_get_error(3)|ERR_get_error(3)>. +On failure an error code can be obtained from L<ERR_get_error(3)>. =head1 BUGS @@ -110,7 +110,7 @@ present in the parent RSA structure when it is called. =head1 SEE ALSO -L<rsa(3)|rsa(3)>, L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)> +L<rsa(3)>, L<CRYPTO_set_ex_data(3)> =head1 HISTORY diff --git a/doc/crypto/RSA_new.pod b/doc/crypto/RSA_new.pod index 70901a556b..0ce325d5b8 100644 --- a/doc/crypto/RSA_new.pod +++ b/doc/crypto/RSA_new.pod @@ -24,16 +24,16 @@ If B<rsa> is NULL nothing is done. =head1 RETURN VALUES If the allocation fails, RSA_new() returns B<NULL> and sets an error -code that can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. Otherwise it returns +code that can be obtained by L<ERR_get_error(3)>. Otherwise it returns a pointer to the newly allocated structure. RSA_free() returns no value. =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)>, L<rsa(3)|rsa(3)>, -L<RSA_generate_key(3)|RSA_generate_key(3)>, -L<RSA_new_method(3)|RSA_new_method(3)> +L<ERR_get_error(3)>, L<rsa(3)>, +L<RSA_generate_key(3)>, +L<RSA_new_method(3)> =head1 HISTORY diff --git a/doc/crypto/RSA_padding_add_PKCS1_type_1.pod b/doc/crypto/RSA_padding_add_PKCS1_type_1.pod index b8f678fe72..9389254c5d 100644 --- a/doc/crypto/RSA_padding_add_PKCS1_type_1.pod +++ b/doc/crypto/RSA_padding_add_PKCS1_type_1.pod @@ -102,13 +102,13 @@ of length B<pl>. B<p> may be B<NULL> if B<pl> is 0. The RSA_padding_add_xxx() functions return 1 on success, 0 on error. The RSA_padding_check_xxx() functions return the length of the recovered data, -1 on error. Error codes can be obtained by calling -L<ERR_get_error(3)|ERR_get_error(3)>. +L<ERR_get_error(3)>. =head1 SEE ALSO -L<RSA_public_encrypt(3)|RSA_public_encrypt(3)>, -L<RSA_private_decrypt(3)|RSA_private_decrypt(3)>, -L<RSA_sign(3)|RSA_sign(3)>, L<RSA_verify(3)|RSA_verify(3)> +L<RSA_public_encrypt(3)>, +L<RSA_private_decrypt(3)>, +L<RSA_sign(3)>, L<RSA_verify(3)> =head1 HISTORY diff --git a/doc/crypto/RSA_print.pod b/doc/crypto/RSA_print.pod index c971e91f4d..7690f31ac0 100644 --- a/doc/crypto/RSA_print.pod +++ b/doc/crypto/RSA_print.pod @@ -38,7 +38,7 @@ These functions return 1 on success, 0 on error. =head1 SEE ALSO -L<dh(3)|dh(3)>, L<dsa(3)|dsa(3)>, L<rsa(3)|rsa(3)>, L<BN_bn2bin(3)|BN_bn2bin(3)> +L<dh(3)>, L<dsa(3)>, L<rsa(3)>, L<BN_bn2bin(3)> =head1 HISTORY diff --git a/doc/crypto/RSA_private_encrypt.pod b/doc/crypto/RSA_private_encrypt.pod index 746a80c79e..8e4425c10b 100644 --- a/doc/crypto/RSA_private_encrypt.pod +++ b/doc/crypto/RSA_private_encrypt.pod @@ -31,7 +31,7 @@ B<padding> denotes one of the following modes: PKCS #1 v1.5 padding. This function does not handle the B<algorithmIdentifier> specified in PKCS #1. When generating or -verifying PKCS #1 signatures, L<RSA_sign(3)|RSA_sign(3)> and L<RSA_verify(3)|RSA_verify(3)> should be +verifying PKCS #1 signatures, L<RSA_sign(3)> and L<RSA_verify(3)> should be used. =item RSA_NO_PADDING @@ -55,12 +55,12 @@ RSA_size(rsa)). RSA_public_decrypt() returns the size of the recovered message digest. On error, -1 is returned; the error codes can be -obtained by L<ERR_get_error(3)|ERR_get_error(3)>. +obtained by L<ERR_get_error(3)>. =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)>, L<rsa(3)|rsa(3)>, -L<RSA_sign(3)|RSA_sign(3)>, L<RSA_verify(3)|RSA_verify(3)> +L<ERR_get_error(3)>, L<rsa(3)>, +L<RSA_sign(3)>, L<RSA_verify(3)> =head1 HISTORY diff --git a/doc/crypto/RSA_public_encrypt.pod b/doc/crypto/RSA_public_encrypt.pod index ab0fe3b2cd..35a0fb5b9f 100644 --- a/doc/crypto/RSA_public_encrypt.pod +++ b/doc/crypto/RSA_public_encrypt.pod @@ -65,7 +65,7 @@ RSA_size(B<rsa>)). RSA_private_decrypt() returns the size of the recovered plaintext. On error, -1 is returned; the error codes can be -obtained by L<ERR_get_error(3)|ERR_get_error(3)>. +obtained by L<ERR_get_error(3)>. =head1 CONFORMING TO @@ -73,8 +73,8 @@ SSL, PKCS #1 v2.0 =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, -L<RSA_size(3)|RSA_size(3)> +L<ERR_get_error(3)>, L<rand(3)>, L<rsa(3)>, +L<RSA_size(3)> =head1 HISTORY diff --git a/doc/crypto/RSA_set_method.pod b/doc/crypto/RSA_set_method.pod index 0ef0781186..7ccb216935 100644 --- a/doc/crypto/RSA_set_method.pod +++ b/doc/crypto/RSA_set_method.pod @@ -156,7 +156,7 @@ ENGINE). For this reason, the return type may be replaced with a B<void> declaration in a future release. RSA_new_method() returns NULL and sets an error code that can be obtained -by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise +by L<ERR_get_error(3)> if the allocation fails. Otherwise it returns a pointer to the newly allocated structure. =head1 NOTES @@ -183,7 +183,7 @@ not currently exist). =head1 SEE ALSO -L<rsa(3)|rsa(3)>, L<RSA_new(3)|RSA_new(3)> +L<rsa(3)>, L<RSA_new(3)> =head1 HISTORY diff --git a/doc/crypto/RSA_sign.pod b/doc/crypto/RSA_sign.pod index fc16b1f4f8..4e9892587c 100644 --- a/doc/crypto/RSA_sign.pod +++ b/doc/crypto/RSA_sign.pod @@ -22,12 +22,12 @@ signature in B<sigret> and the signature size in B<siglen>. B<sigret> must point to RSA_size(B<rsa>) bytes of memory. Note that PKCS #1 adds meta-data, placing limits on the size of the key that can be used. -See L<RSA_private_encrypt(3)|RSA_private_encrypt(3)> for lower-level +See L<RSA_private_encrypt(3)> for lower-level operations. B<type> denotes the message digest algorithm that was used to generate B<m>. It usually is one of B<NID_sha1>, B<NID_ripemd160> and B<NID_md5>; -see L<objects(3)|objects(3)> for details. If B<type> is B<NID_md5_sha1>, +see L<objects(3)> for details. If B<type> is B<NID_md5_sha1>, an SSL signature (MD5 and SHA1 message digests with PKCS #1 padding and no algorithm identifier) is created. @@ -41,7 +41,7 @@ B<rsa> is the signer's public key. RSA_sign() returns 1 on success, 0 otherwise. RSA_verify() returns 1 on successful verification, 0 otherwise. -The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. +The error codes can be obtained by L<ERR_get_error(3)>. =head1 BUGS @@ -54,9 +54,9 @@ SSL, PKCS #1 v2.0 =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)>, L<objects(3)|objects(3)>, -L<rsa(3)|rsa(3)>, L<RSA_private_encrypt(3)|RSA_private_encrypt(3)>, -L<RSA_public_decrypt(3)|RSA_public_decrypt(3)> +L<ERR_get_error(3)>, L<objects(3)>, +L<rsa(3)>, L<RSA_private_encrypt(3)>, +L<RSA_public_decrypt(3)> =head1 HISTORY diff --git a/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod b/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod index e70380bbfc..f505ddb590 100644 --- a/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod +++ b/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod @@ -39,7 +39,7 @@ RSA_sign_ASN1_OCTET_STRING() returns 1 on success, 0 otherwise. RSA_verify_ASN1_OCTET_STRING() returns 1 on successful verification, 0 otherwise. -The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. +The error codes can be obtained by L<ERR_get_error(3)>. =head1 BUGS @@ -47,9 +47,9 @@ These functions serve no recognizable purpose. =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)>, L<objects(3)|objects(3)>, -L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>, -L<RSA_verify(3)|RSA_verify(3)> +L<ERR_get_error(3)>, L<objects(3)>, +L<rand(3)>, L<rsa(3)>, L<RSA_sign(3)>, +L<RSA_verify(3)> =head1 HISTORY diff --git a/doc/crypto/RSA_size.pod b/doc/crypto/RSA_size.pod index f68d5e8e3c..dc57bd14e2 100644 --- a/doc/crypto/RSA_size.pod +++ b/doc/crypto/RSA_size.pod @@ -28,7 +28,7 @@ The size. =head1 SEE ALSO -L<rsa(3)|rsa(3)>, L<BN_num_bits(3)|BN_num_bits(3)> +L<rsa(3)>, L<BN_num_bits(3)> =head1 HISTORY diff --git a/doc/crypto/SMIME_read_CMS.pod b/doc/crypto/SMIME_read_CMS.pod index acc5524c14..15bec5927e 100644 --- a/doc/crypto/SMIME_read_CMS.pod +++ b/doc/crypto/SMIME_read_CMS.pod @@ -58,10 +58,10 @@ if an error occurred. The error can be obtained from ERR_get_error(3). =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_type(3)|CMS_type(3)> -L<SMIME_read_CMS(3)|SMIME_read_CMS(3)>, L<CMS_sign(3)|CMS_sign(3)>, -L<CMS_verify(3)|CMS_verify(3)>, L<CMS_encrypt(3)|CMS_encrypt(3)> -L<CMS_decrypt(3)|CMS_decrypt(3)> +L<ERR_get_error(3)>, L<CMS_type(3)> +L<SMIME_read_CMS(3)>, L<CMS_sign(3)>, +L<CMS_verify(3)>, L<CMS_encrypt(3)> +L<CMS_decrypt(3)> =head1 HISTORY diff --git a/doc/crypto/SMIME_read_PKCS7.pod b/doc/crypto/SMIME_read_PKCS7.pod index 9d46715941..40f950fc1e 100644 --- a/doc/crypto/SMIME_read_PKCS7.pod +++ b/doc/crypto/SMIME_read_PKCS7.pod @@ -61,10 +61,10 @@ is an error occurred. The error can be obtained from ERR_get_error(3). =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_type(3)|PKCS7_type(3)> -L<SMIME_read_PKCS7(3)|SMIME_read_PKCS7(3)>, L<PKCS7_sign(3)|PKCS7_sign(3)>, -L<PKCS7_verify(3)|PKCS7_verify(3)>, L<PKCS7_encrypt(3)|PKCS7_encrypt(3)> -L<PKCS7_decrypt(3)|PKCS7_decrypt(3)> +L<ERR_get_error(3)>, L<PKCS7_type(3)> +L<SMIME_read_PKCS7(3)>, L<PKCS7_sign(3)>, +L<PKCS7_verify(3)>, L<PKCS7_encrypt(3)> +L<PKCS7_decrypt(3)> =head1 HISTORY diff --git a/doc/crypto/SMIME_write_CMS.pod b/doc/crypto/SMIME_write_CMS.pod index 04bedfb429..1cd1baa362 100644 --- a/doc/crypto/SMIME_write_CMS.pod +++ b/doc/crypto/SMIME_write_CMS.pod @@ -53,9 +53,9 @@ SMIME_write_CMS() returns 1 for success or 0 for failure. =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_sign(3)|CMS_sign(3)>, -L<CMS_verify(3)|CMS_verify(3)>, L<CMS_encrypt(3)|CMS_encrypt(3)> -L<CMS_decrypt(3)|CMS_decrypt(3)> +L<ERR_get_error(3)>, L<CMS_sign(3)>, +L<CMS_verify(3)>, L<CMS_encrypt(3)> +L<CMS_decrypt(3)> =head1 HISTORY diff --git a/doc/crypto/SMIME_write_PKCS7.pod b/doc/crypto/SMIME_write_PKCS7.pod index 4a7cd08c42..85bc4786f7 100644 --- a/doc/crypto/SMIME_write_PKCS7.pod +++ b/doc/crypto/SMIME_write_PKCS7.pod @@ -54,9 +54,9 @@ SMIME_write_PKCS7() returns 1 for success or 0 for failure. =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_sign(3)|PKCS7_sign(3)>, -L<PKCS7_verify(3)|PKCS7_verify(3)>, L<PKCS7_encrypt(3)|PKCS7_encrypt(3)> -L<PKCS7_decrypt(3)|PKCS7_decrypt(3)> +L<ERR_get_error(3)>, L<PKCS7_sign(3)>, +L<PKCS7_verify(3)>, L<PKCS7_encrypt(3)> +L<PKCS7_decrypt(3)> =head1 HISTORY diff --git a/doc/crypto/SSLeay_version.pod b/doc/crypto/SSLeay_version.pod index 1500c2af91..c54c3fea6b 100644 --- a/doc/crypto/SSLeay_version.pod +++ b/doc/crypto/SSLeay_version.pod @@ -65,7 +65,7 @@ Textual description. =head1 SEE ALSO -L<crypto(3)|crypto(3)> +L<crypto(3)> =head1 HISTORY diff --git a/doc/crypto/X509_NAME_ENTRY_get_object.pod b/doc/crypto/X509_NAME_ENTRY_get_object.pod index 4716e7ee75..2cb96c5764 100644 --- a/doc/crypto/X509_NAME_ENTRY_get_object.pod +++ b/doc/crypto/X509_NAME_ENTRY_get_object.pod @@ -64,8 +64,8 @@ set first so the relevant field information can be looked up internally. =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)>, L<d2i_X509_NAME(3)|d2i_X509_NAME(3)>, -L<OBJ_nid2obj(3)|OBJ_nid2obj(3)> +L<ERR_get_error(3)>, L<d2i_X509_NAME(3)>, +L<OBJ_nid2obj(3)> =head1 HISTORY diff --git a/doc/crypto/X509_NAME_add_entry_by_txt.pod b/doc/crypto/X509_NAME_add_entry_by_txt.pod index 3bdc07fcfb..c10ea0fb77 100644 --- a/doc/crypto/X509_NAME_add_entry_by_txt.pod +++ b/doc/crypto/X509_NAME_add_entry_by_txt.pod @@ -109,7 +109,7 @@ can result in invalid field types its use is strongly discouraged. =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)>, L<d2i_X509_NAME(3)|d2i_X509_NAME(3)> +L<ERR_get_error(3)>, L<d2i_X509_NAME(3)> =head1 HISTORY diff --git a/doc/crypto/X509_NAME_get_index_by_NID.pod b/doc/crypto/X509_NAME_get_index_by_NID.pod index 380356e16c..e6dfff3713 100644 --- a/doc/crypto/X509_NAME_get_index_by_NID.pod +++ b/doc/crypto/X509_NAME_get_index_by_NID.pod @@ -110,7 +110,7 @@ requested entry or B<NULL> if the index is invalid. =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)>, L<d2i_X509_NAME(3)|d2i_X509_NAME(3)> +L<ERR_get_error(3)>, L<d2i_X509_NAME(3)> =head1 HISTORY diff --git a/doc/crypto/X509_NAME_print_ex.pod b/doc/crypto/X509_NAME_print_ex.pod index 2579a5dc9d..0d8e5fe641 100644 --- a/doc/crypto/X509_NAME_print_ex.pod +++ b/doc/crypto/X509_NAME_print_ex.pod @@ -40,7 +40,7 @@ applications. Although there are a large number of possible flags for most purposes B<XN_FLAG_ONELINE>, B<XN_FLAG_MULTILINE> or B<XN_FLAG_RFC2253> will suffice. -As noted on the L<ASN1_STRING_print_ex(3)|ASN1_STRING_print_ex(3)> manual page +As noted on the L<ASN1_STRING_print_ex(3)> manual page for UTF8 terminals the B<ASN1_STRFLGS_ESC_MSB> should be unset: so for example B<XN_FLAG_ONELINE & ~ASN1_STRFLGS_ESC_MSB> would be used. @@ -96,7 +96,7 @@ B<XN_FLAG_COMPAT> uses a format identical to X509_NAME_print(): in fact it calls =head1 SEE ALSO -L<ASN1_STRING_print_ex(3)|ASN1_STRING_print_ex(3)> +L<ASN1_STRING_print_ex(3)> =head1 HISTORY diff --git a/doc/crypto/X509_STORE_CTX_get_error.pod b/doc/crypto/X509_STORE_CTX_get_error.pod index 7748e9042c..75be45374e 100644 --- a/doc/crypto/X509_STORE_CTX_get_error.pod +++ b/doc/crypto/X509_STORE_CTX_get_error.pod @@ -296,7 +296,7 @@ thread safe but will never happen unless an invalid code is passed. =head1 SEE ALSO -L<X509_verify_cert(3)|X509_verify_cert(3)> +L<X509_verify_cert(3)> =head1 HISTORY diff --git a/doc/crypto/X509_STORE_CTX_get_ex_new_index.pod b/doc/crypto/X509_STORE_CTX_get_ex_new_index.pod index 8a9243d756..58368fd532 100644 --- a/doc/crypto/X509_STORE_CTX_get_ex_new_index.pod +++ b/doc/crypto/X509_STORE_CTX_get_ex_new_index.pod @@ -31,7 +31,7 @@ structure. =head1 SEE ALSO -L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)> +L<RSA_get_ex_new_index(3)> =head1 HISTORY diff --git a/doc/crypto/X509_STORE_CTX_new.pod b/doc/crypto/X509_STORE_CTX_new.pod index f8907d7ebb..1f3ded6d29 100644 --- a/doc/crypto/X509_STORE_CTX_new.pod +++ b/doc/crypto/X509_STORE_CTX_new.pod @@ -126,8 +126,8 @@ used. =head1 SEE ALSO -L<X509_verify_cert(3)|X509_verify_cert(3)> -L<X509_VERIFY_PARAM_set_flags(3)|X509_VERIFY_PARAM_set_flags(3)> +L<X509_verify_cert(3)> +L<X509_VERIFY_PARAM_set_flags(3)> =head1 HISTORY diff --git a/doc/crypto/X509_STORE_CTX_set_verify_cb.pod b/doc/crypto/X509_STORE_CTX_set_verify_cb.pod index b9787a6ca6..8ff47f64c0 100644 --- a/doc/crypto/X509_STORE_CTX_set_verify_cb.pod +++ b/doc/crypto/X509_STORE_CTX_set_verify_cb.pod @@ -149,9 +149,9 @@ B<ex_data>. =head1 SEE ALSO -L<X509_STORE_CTX_get_error(3)|X509_STORE_CTX_get_error(3)> -L<X509_STORE_set_verify_cb_func(3)|X509_STORE_set_verify_cb_func(3)> -L<X509_STORE_CTX_get_ex_new_index(3)|X509_STORE_CTX_get_ex_new_index(3)> +L<X509_STORE_CTX_get_error(3)> +L<X509_STORE_set_verify_cb_func(3)> +L<X509_STORE_CTX_get_ex_new_index(3)> =head1 HISTORY diff --git a/doc/crypto/X509_STORE_set_verify_cb_func.pod b/doc/crypto/X509_STORE_set_verify_cb_func.pod index 29e3bbe3bc..b5bc1eab36 100644 --- a/doc/crypto/X509_STORE_set_verify_cb_func.pod +++ b/doc/crypto/X509_STORE_set_verify_cb_func.pod @@ -41,8 +41,8 @@ a value. =head1 SEE ALSO -L<X509_STORE_CTX_set_verify_cb(3)|X509_STORE_CTX_set_verify_cb(3)> -L<CMS_verify(3)|CMS_verify(3)> +L<X509_STORE_CTX_set_verify_cb(3)> +L<CMS_verify(3)> =head1 HISTORY diff --git a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod index 066ce0fb3a..ec91d5dced 100644 --- a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod +++ b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod @@ -232,10 +232,10 @@ connections associated with an B<SSL_CTX> structure B<ctx>: =head1 SEE ALSO -L<X509_verify_cert(3)|X509_verify_cert(3)>, -L<X509_check_host(3)|X509_check_host(3)>, -L<X509_check_email(3)|X509_check_email(3)>, -L<X509_check_ip(3)|X509_check_ip(3)> +L<X509_verify_cert(3)>, +L<X509_check_host(3)>, +L<X509_check_email(3)>, +L<X509_check_ip(3)> =head1 HISTORY diff --git a/doc/crypto/X509_check_host.pod b/doc/crypto/X509_check_host.pod index 5804115548..23447f41f2 100644 --- a/doc/crypto/X509_check_host.pod +++ b/doc/crypto/X509_check_host.pod @@ -126,12 +126,12 @@ DANE support is added to OpenSSL. =head1 SEE ALSO -L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>, -L<X509_VERIFY_PARAM_set1_host(3)|X509_VERIFY_PARAM_set1_host(3)>, -L<X509_VERIFY_PARAM_add1_host(3)|X509_VERIFY_PARAM_add1_host(3)>, -L<X509_VERIFY_PARAM_set1_email(3)|X509_VERIFY_PARAM_set1_email(3)>, -L<X509_VERIFY_PARAM_set1_ip(3)|X509_VERIFY_PARAM_set1_ip(3)>, -L<X509_VERIFY_PARAM_set1_ipasc(3)|X509_VERIFY_PARAM_set1_ipasc(3)> +L<SSL_get_verify_result(3)>, +L<X509_VERIFY_PARAM_set1_host(3)>, +L<X509_VERIFY_PARAM_add1_host(3)>, +L<X509_VERIFY_PARAM_set1_email(3)>, +L<X509_VERIFY_PARAM_set1_ip(3)>, +L<X509_VERIFY_PARAM_set1_ipasc(3)> =head1 HISTORY diff --git a/doc/crypto/X509_new.pod b/doc/crypto/X509_new.pod index d6f3d3092f..2e49a6e0df 100644 --- a/doc/crypto/X509_new.pod +++ b/doc/crypto/X509_new.pod @@ -24,14 +24,14 @@ If B<a> is NULL nothing is done. =head1 RETURN VALUES If the allocation fails, X509_new() returns B<NULL> and sets an error -code that can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. +code that can be obtained by L<ERR_get_error(3)>. Otherwise it returns a pointer to the newly allocated structure. X509_free() returns no value. =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)>, L<d2i_X509(3)|d2i_X509(3)> +L<ERR_get_error(3)>, L<d2i_X509(3)> =head1 HISTORY diff --git a/doc/crypto/X509_verify_cert.pod b/doc/crypto/X509_verify_cert.pod index 48055b0f96..1780bfef19 100644 --- a/doc/crypto/X509_verify_cert.pod +++ b/doc/crypto/X509_verify_cert.pod @@ -14,7 +14,7 @@ X509_verify_cert - discover and verify X509 certificate chain The X509_verify_cert() function attempts to discover and validate a certificate chain based on parameters in B<ctx>. A complete description of -the process is contained in the L<verify(1)|verify(1)> manual page. +the process is contained in the L<verify(1)> manual page. =head1 RETURN VALUES @@ -45,7 +45,7 @@ functiosn which use B<x509_vfy.h>. =head1 SEE ALSO -L<X509_STORE_CTX_get_error(3)|X509_STORE_CTX_get_error(3)> +L<X509_STORE_CTX_get_error(3)> =head1 HISTORY diff --git a/doc/crypto/bio.pod b/doc/crypto/bio.pod index 9debe4f1b6..fc1da92fa7 100644 --- a/doc/crypto/bio.pod +++ b/doc/crypto/bio.pod @@ -39,17 +39,17 @@ BIO). =head1 SEE ALSO -L<BIO_ctrl(3)|BIO_ctrl(3)>, -L<BIO_f_base64(3)|BIO_f_base64(3)>, L<BIO_f_buffer(3)|BIO_f_buffer(3)>, -L<BIO_f_cipher(3)|BIO_f_cipher(3)>, L<BIO_f_md(3)|BIO_f_md(3)>, -L<BIO_f_null(3)|BIO_f_null(3)>, L<BIO_f_ssl(3)|BIO_f_ssl(3)>, -L<BIO_find_type(3)|BIO_find_type(3)>, L<BIO_new(3)|BIO_new(3)>, -L<BIO_new_bio_pair(3)|BIO_new_bio_pair(3)>, -L<BIO_push(3)|BIO_push(3)>, L<BIO_read(3)|BIO_read(3)>, -L<BIO_s_accept(3)|BIO_s_accept(3)>, L<BIO_s_bio(3)|BIO_s_bio(3)>, -L<BIO_s_connect(3)|BIO_s_connect(3)>, L<BIO_s_fd(3)|BIO_s_fd(3)>, -L<BIO_s_file(3)|BIO_s_file(3)>, L<BIO_s_mem(3)|BIO_s_mem(3)>, -L<BIO_s_secmem(3)|BIO_s_mem(3)>, -L<BIO_s_null(3)|BIO_s_null(3)>, L<BIO_s_socket(3)|BIO_s_socket(3)>, -L<BIO_set_callback(3)|BIO_set_callback(3)>, -L<BIO_should_retry(3)|BIO_should_retry(3)> +L<BIO_ctrl(3)>, +L<BIO_f_base64(3)>, L<BIO_f_buffer(3)>, +L<BIO_f_cipher(3)>, L<BIO_f_md(3)>, +L<BIO_f_null(3)>, L<BIO_f_ssl(3)>, +L<BIO_find_type(3)>, L<BIO_new(3)>, +L<BIO_new_bio_pair(3)>, +L<BIO_push(3)>, L<BIO_read(3)>, +L<BIO_s_accept(3)>, L<BIO_s_bio(3)>, +L<BIO_s_connect(3)>, L<BIO_s_fd(3)>, +L<BIO_s_file(3)>, L<BIO_s_mem(3)>, +L<BIO_s_mem(3)>, +L<BIO_s_null(3)>, L<BIO_s_socket(3)>, +L<BIO_set_callback(3)>, +L<BIO_should_retry(3)> diff --git a/doc/crypto/blowfish.pod b/doc/crypto/blowfish.pod index 31438ab73a..25b954c0cb 100644 --- a/doc/crypto/blowfish.pod +++ b/doc/crypto/blowfish.pod @@ -33,7 +33,7 @@ by Counterpane (see http://www.counterpane.com/blowfish.html ). Blowfish is a block cipher that operates on 64 bit (8 byte) blocks of data. It uses a variable size key, but typically, 128 bit (16 byte) keys are considered good for strong encryption. Blowfish can be used in the same -modes as DES (see L<des_modes(7)|des_modes(7)>). Blowfish is currently one +modes as DES (see L<des_modes(7)>). Blowfish is currently one of the faster block ciphers. It is quite a bit faster than DES, and much faster than IDEA or RC2. @@ -97,12 +97,12 @@ None of the functions presented here return any value. =head1 NOTE Applications should use the higher level functions -L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> etc. instead of calling these +L<EVP_EncryptInit(3)> etc. instead of calling these functions directly. =head1 SEE ALSO -L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>, -L<des_modes(7)|des_modes(7)> +L<EVP_EncryptInit(3)>, +L<des_modes(7)> =cut diff --git a/doc/crypto/bn.pod b/doc/crypto/bn.pod index ab809f95e4..37d638d9bb 100644 --- a/doc/crypto/bn.pod +++ b/doc/crypto/bn.pod @@ -163,26 +163,26 @@ The basic object in this library is a B<BIGNUM>. It is used to hold a single large integer. This type should be considered opaque and fields should not be modified or accessed directly. -The creation of B<BIGNUM> objects is described in L<BN_new(3)|BN_new(3)>; -L<BN_add(3)|BN_add(3)> describes most of the arithmetic operations. -Comparison is described in L<BN_cmp(3)|BN_cmp(3)>; L<BN_zero(3)|BN_zero(3)> -describes certain assignments, L<BN_rand(3)|BN_rand(3)> the generation of -random numbers, L<BN_generate_prime(3)|BN_generate_prime(3)> deals with prime -numbers and L<BN_set_bit(3)|BN_set_bit(3)> with bit operations. The conversion -of B<BIGNUM>s to external formats is described in L<BN_bn2bin(3)|BN_bn2bin(3)>. +The creation of B<BIGNUM> objects is described in L<BN_new(3)>; +L<BN_add(3)> describes most of the arithmetic operations. +Comparison is described in L<BN_cmp(3)>; L<BN_zero(3)> +describes certain assignments, L<BN_rand(3)> the generation of +random numbers, L<BN_generate_prime(3)> deals with prime +numbers and L<BN_set_bit(3)> with bit operations. The conversion +of B<BIGNUM>s to external formats is described in L<BN_bn2bin(3)>. =head1 SEE ALSO -L<bn_internal(3)|bn_internal(3)>, -L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, -L<BN_new(3)|BN_new(3)>, L<BN_CTX_new(3)|BN_CTX_new(3)>, -L<BN_copy(3)|BN_copy(3)>, L<BN_swap(3)|BN_swap(3)>, L<BN_num_bytes(3)|BN_num_bytes(3)>, -L<BN_add(3)|BN_add(3)>, L<BN_add_word(3)|BN_add_word(3)>, -L<BN_cmp(3)|BN_cmp(3)>, L<BN_zero(3)|BN_zero(3)>, L<BN_rand(3)|BN_rand(3)>, -L<BN_generate_prime(3)|BN_generate_prime(3)>, L<BN_set_bit(3)|BN_set_bit(3)>, -L<BN_bn2bin(3)|BN_bn2bin(3)>, L<BN_mod_inverse(3)|BN_mod_inverse(3)>, -L<BN_mod_mul_reciprocal(3)|BN_mod_mul_reciprocal(3)>, -L<BN_mod_mul_montgomery(3)|BN_mod_mul_montgomery(3)>, -L<BN_BLINDING_new(3)|BN_BLINDING_new(3)> +L<bn_internal(3)>, +L<dh(3)>, L<err(3)>, L<rand(3)>, L<rsa(3)>, +L<BN_new(3)>, L<BN_CTX_new(3)>, +L<BN_copy(3)>, L<BN_swap(3)>, L<BN_num_bytes(3)>, +L<BN_add(3)>, L<BN_add_word(3)>, +L<BN_cmp(3)>, L<BN_zero(3)>, L<BN_rand(3)>, +L<BN_generate_prime(3)>, L<BN_set_bit(3)>, +L<BN_bn2bin(3)>, L<BN_mod_inverse(3)>, +L<BN_mod_mul_reciprocal(3)>, +L<BN_mod_mul_montgomery(3)>, +L<BN_BLINDING_new(3)> =cut diff --git a/doc/crypto/bn_internal.pod b/doc/crypto/bn_internal.pod index 91840b0f0d..e609a0810c 100644 --- a/doc/crypto/bn_internal.pod +++ b/doc/crypto/bn_internal.pod @@ -105,7 +105,7 @@ B<BIGNUM> variables during their execution. Since dynamic memory allocation to create B<BIGNUM>s is rather expensive when used in conjunction with repeated subroutine calls, the B<BN_CTX> structure is used. This structure contains B<BN_CTX_NUM> B<BIGNUM>s, see -L<BN_CTX_start(3)|BN_CTX_start(3)>. +L<BN_CTX_start(3)>. =head2 Low-level arithmetic operations @@ -233,6 +233,6 @@ and bn_set_max() are defined as empty macros. =head1 SEE ALSO -L<bn(3)|bn(3)> +L<bn(3)> =cut diff --git a/doc/crypto/buffer.pod b/doc/crypto/buffer.pod index 3804c5649b..c56cc89ab6 100644 --- a/doc/crypto/buffer.pod +++ b/doc/crypto/buffer.pod @@ -71,7 +71,7 @@ BUF_MEM_grow() returns zero on error or the new size (i.e. B<len>). =head1 SEE ALSO -L<bio(3)|bio(3)>, +L<bio(3)>, L<CRYPTO_secure_malloc(3)>. =head1 HISTORY diff --git a/doc/crypto/crypto.pod b/doc/crypto/crypto.pod index f18edfe305..b8f4fb8df4 100644 --- a/doc/crypto/crypto.pod +++ b/doc/crypto/crypto.pod @@ -27,38 +27,38 @@ hash functions and a cryptographic pseudo-random number generator. =item SYMMETRIC CIPHERS -L<blowfish(3)|blowfish(3)>, L<cast(3)|cast(3)>, L<des(3)|des(3)>, -L<idea(3)|idea(3)>, L<rc2(3)|rc2(3)>, L<rc4(3)|rc4(3)>, L<rc5(3)|rc5(3)> +L<blowfish(3)>, L<cast(3)>, L<des(3)>, +L<idea(3)>, L<rc2(3)>, L<rc4(3)>, L<rc5(3)> =item PUBLIC KEY CRYPTOGRAPHY AND KEY AGREEMENT -L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>, L<rsa(3)|rsa(3)> +L<dsa(3)>, L<dh(3)>, L<rsa(3)> =item CERTIFICATES -L<x509(3)|x509(3)>, L<x509v3(3)|x509v3(3)> +L<x509(3)>, L<x509v3(3)> =item AUTHENTICATION CODES, HASH FUNCTIONS -L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>, L<md4(3)|md4(3)>, -L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>, -L<sha(3)|sha(3)> +L<hmac(3)>, L<md2(3)>, L<md4(3)>, +L<md5(3)>, L<mdc2(3)>, L<ripemd(3)>, +L<sha(3)> =item AUXILIARY FUNCTIONS -L<err(3)|err(3)>, L<threads(3)|threads(3)>, L<rand(3)|rand(3)>, -L<OPENSSL_VERSION_NUMBER(3)|OPENSSL_VERSION_NUMBER(3)> +L<err(3)>, L<threads(3)>, L<rand(3)>, +L<OPENSSL_VERSION_NUMBER(3)> =item INPUT/OUTPUT, DATA ENCODING -L<asn1(3)|asn1(3)>, L<bio(3)|bio(3)>, L<evp(3)|evp(3)>, L<pem(3)|pem(3)>, -L<pkcs7(3)|pkcs7(3)>, L<pkcs12(3)|pkcs12(3)> +L<asn1(3)>, L<bio(3)>, L<evp(3)>, L<pem(3)>, +L<pkcs7(3)>, L<pkcs12(3)> =item INTERNAL FUNCTIONS -L<bn(3)|bn(3)>, L<buffer(3)|buffer(3)>, L<ec(3)|ec(3)>, L<lhash(3)|lhash(3)>, -L<objects(3)|objects(3)>, L<stack(3)|stack(3)>, -L<txt_db(3)|txt_db(3)> +L<bn(3)>, L<buffer(3)>, L<ec(3)>, L<lhash(3)>, +L<objects(3)>, L<stack(3)>, +L<txt_db(3)> =back @@ -80,6 +80,6 @@ so both (B<x> and B<obj> above) should be freed up. =head1 SEE ALSO -L<openssl(1)|openssl(1)>, L<ssl(3)|ssl(3)> +L<openssl(1)>, L<ssl(3)> =cut diff --git a/doc/crypto/d2i_ASN1_OBJECT.pod b/doc/crypto/d2i_ASN1_OBJECT.pod index d9a691217d..32c6b05053 100644 --- a/doc/crypto/d2i_ASN1_OBJECT.pod +++ b/doc/crypto/d2i_ASN1_OBJECT.pod @@ -16,11 +16,11 @@ d2i_ASN1_OBJECT, i2d_ASN1_OBJECT - ASN1 OBJECT IDENTIFIER functions These functions decode and encode an ASN1 OBJECT IDENTIFIER. Otherwise these behave in a similar way to d2i_X509() and i2d_X509() -described in the L<d2i_X509(3)|d2i_X509(3)> manual page. +described in the L<d2i_X509(3)> manual page. =head1 SEE ALSO -L<d2i_X509(3)|d2i_X509(3)> +L<d2i_X509(3)> =head1 HISTORY diff --git a/doc/crypto/d2i_CMS_ContentInfo.pod b/doc/crypto/d2i_CMS_ContentInfo.pod index 6ddb2f6d05..463f617332 100644 --- a/doc/crypto/d2i_CMS_ContentInfo.pod +++ b/doc/crypto/d2i_CMS_ContentInfo.pod @@ -16,11 +16,11 @@ d2i_CMS_ContentInfo, i2d_CMS_ContentInfo - CMS ContentInfo functions These functions decode and encode an CMS ContentInfo structure. Otherwise they behave in a similar way to d2i_X509() and i2d_X509() -described in the L<d2i_X509(3)|d2i_X509(3)> manual page. +described in the L<d2i_X509(3)> manual page. =head1 SEE ALSO -L<d2i_X509(3)|d2i_X509(3)> +L<d2i_X509(3)> =head1 HISTORY diff --git a/doc/crypto/d2i_DHparams.pod b/doc/crypto/d2i_DHparams.pod index d8bdf220de..f13d0b59d2 100644 --- a/doc/crypto/d2i_DHparams.pod +++ b/doc/crypto/d2i_DHparams.pod @@ -17,11 +17,11 @@ These functions decode and encode PKCS#3 DH parameters using the DHparameter structure described in PKCS#3. Otherwise these behave in a similar way to d2i_X509() and i2d_X509() -described in the L<d2i_X509(3)|d2i_X509(3)> manual page. +described in the L<d2i_X509(3)> manual page. =head1 SEE ALSO -L<d2i_X509(3)|d2i_X509(3)> +L<d2i_X509(3)> =head1 HISTORY diff --git a/doc/crypto/d2i_DSAPublicKey.pod b/doc/crypto/d2i_DSAPublicKey.pod index 44451cfea5..549fab0f8e 100644 --- a/doc/crypto/d2i_DSAPublicKey.pod +++ b/doc/crypto/d2i_DSAPublicKey.pod @@ -49,7 +49,7 @@ d2i_DSA_SIG(), i2d_DSA_SIG() decode and encode a DSA signature using a B<Dss-Sig-Value> structure as defined in RFC2459. The usage of all of these functions is similar to the d2i_X509() and -i2d_X509() described in the L<d2i_X509(3)|d2i_X509(3)> manual page. +i2d_X509() described in the L<d2i_X509(3)> manual page. =head1 NOTES @@ -74,7 +74,7 @@ B<priv_key> fields respectively. =head1 SEE ALSO -L<d2i_X509(3)|d2i_X509(3)> +L<d2i_X509(3)> =head1 HISTORY diff --git a/doc/crypto/d2i_ECPKParameters.pod b/doc/crypto/d2i_ECPKParameters.pod index 704b4ab352..abb6f4f1a4 100644 --- a/doc/crypto/d2i_ECPKParameters.pod +++ b/doc/crypto/d2i_ECPKParameters.pod @@ -58,7 +58,7 @@ i2d_ECPKParameters_fp() is similar to i2d_ECPKParameters() except it writes the encoding of the structure B<x> to BIO B<bp> and it returns 1 for success and 0 for failure. -These functions are very similar to the X509 functions described in L<d2i_X509(3)|d2i_X509(3)>, +These functions are very similar to the X509 functions described in L<d2i_X509(3)>, where further notes and examples are available. The ECPKParameters_print and ECPKParameters_print_fp functions print a human-readable output @@ -77,8 +77,8 @@ return 1 for success and 0 if an error occurs. =head1 SEE ALSO -L<crypto(3)|crypto(3)>, L<ec(3)|ec(3)>, L<EC_GROUP_new(3)|EC_GROUP_new(3)>, L<EC_GROUP_copy(3)|EC_GROUP_copy(3)>, -L<EC_POINT_new(3)|EC_POINT_new(3)>, L<EC_POINT_add(3)|EC_POINT_add(3)>, L<EC_KEY_new(3)|EC_KEY_new(3)>, -L<EC_GFp_simple_method(3)|EC_GFp_simple_method(3)>, L<d2i_X509(3)|d2i_X509(3)> +L<crypto(3)>, L<ec(3)>, L<EC_GROUP_new(3)>, L<EC_GROUP_copy(3)>, +L<EC_POINT_new(3)>, L<EC_POINT_add(3)>, L<EC_KEY_new(3)>, +L<EC_GFp_simple_method(3)>, L<d2i_X509(3)> =cut diff --git a/doc/crypto/d2i_ECPrivateKey.pod b/doc/crypto/d2i_ECPrivateKey.pod index adeffe643c..0859579133 100644 --- a/doc/crypto/d2i_ECPrivateKey.pod +++ b/doc/crypto/d2i_ECPrivateKey.pod @@ -21,11 +21,11 @@ The ECPrivateKey encode and decode routines encode and parse an B<EC_KEY> structure into a binary format (ASN.1 DER) and back again. These functions are similar to the d2i_X509() functions, and you should refer to -that page for a detailed description (see L<d2i_X509(3)|d2i_X509(3)>). +that page for a detailed description (see L<d2i_X509(3)>). The format of the external representation of the public key written by i2d_ECPrivateKey (such as whether it is stored in a compressed form or not) is -described by the point_conversion_form. See L<EC_GROUP_copy(3)|EC_GROUP_copy(3)> +described by the point_conversion_form. See L<EC_GROUP_copy(3)> for a description of point_conversion_form. When reading a private key encoded without an associated public key (e.g. if @@ -46,22 +46,22 @@ set then the public key is not encoded along with the private key. d2i_ECPrivateKey() returns a valid B<EC_KEY> structure or B<NULL> if an error occurs. The error code that can be obtained by -L<ERR_get_error(3)|ERR_get_error(3)>. +L<ERR_get_error(3)>. i2d_ECPrivateKey() returns the number of bytes successfully encoded or a negative value if an error occurs. The error code can be obtained by -L<ERR_get_error(3)|ERR_get_error(3)>. +L<ERR_get_error(3)>. EC_KEY_get_enc_flags returns the value of the current encoding flags for the EC_KEY. =head1 SEE ALSO -L<crypto(3)|crypto(3)>, L<ec(3)|ec(3)>, L<EC_GROUP_new(3)|EC_GROUP_new(3)>, -L<EC_GROUP_copy(3)|EC_GROUP_copy(3)>, L<EC_POINT_new(3)|EC_POINT_new(3)>, -L<EC_POINT_add(3)|EC_POINT_add(3)>, -L<EC_GFp_simple_method(3)|EC_GFp_simple_method(3)>, -L<d2i_ECPKParameters(3)|d2i_ECPKParameters(3)>, -L<d2i_ECPrivateKey(3)|d2i_ECPrivateKey(3)> +L<crypto(3)>, L<ec(3)>, L<EC_GROUP_new(3)>, +L<EC_GROUP_copy(3)>, L<EC_POINT_new(3)>, +L<EC_POINT_add(3)>, +L<EC_GFp_simple_method(3)>, +L<d2i_ECPKParameters(3)>, +L<d2i_ECPrivateKey(3)> =cut diff --git a/doc/crypto/d2i_PKCS8PrivateKey.pod b/doc/crypto/d2i_PKCS8PrivateKey.pod index a54b779088..a4213faf69 100644 --- a/doc/crypto/d2i_PKCS8PrivateKey.pod +++ b/doc/crypto/d2i_PKCS8PrivateKey.pod @@ -35,11 +35,11 @@ The PKCS#8 functions encode and decode private keys in PKCS#8 format using both PKCS#5 v1.5 and PKCS#5 v2.0 password based encryption algorithms. Other than the use of DER as opposed to PEM these functions are identical to the -corresponding B<PEM> function as described in the L<pem(3)|pem(3)> manual page. +corresponding B<PEM> function as described in the L<pem(3)> manual page. =head1 NOTES -Before using these functions L<OpenSSL_add_all_algorithms(3)|OpenSSL_add_all_algorithms(3)> +Before using these functions L<OpenSSL_add_all_algorithms(3)> should be called to initialize the internal algorithm lookup tables otherwise errors about unknown algorithms will occur if an attempt is made to decrypt a private key. @@ -47,10 +47,10 @@ These functions are currently the only way to store encrypted private keys using Currently all the functions use BIOs or FILE pointers, there are no functions which work directly on memory: this can be readily worked around by converting the buffers -to memory BIOs, see L<BIO_s_mem(3)|BIO_s_mem(3)> for details. +to memory BIOs, see L<BIO_s_mem(3)> for details. =head1 SEE ALSO -L<pem(3)|pem(3)> +L<pem(3)> =cut diff --git a/doc/crypto/d2i_RSAPublicKey.pod b/doc/crypto/d2i_RSAPublicKey.pod index aa6078bcf6..9786d75201 100644 --- a/doc/crypto/d2i_RSAPublicKey.pod +++ b/doc/crypto/d2i_RSAPublicKey.pod @@ -42,7 +42,7 @@ d2i_Netscape_RSA(), i2d_Netscape_RSA() decode and encode an RSA private key in NET format. The usage of all of these functions is similar to the d2i_X509() and -i2d_X509() described in the L<d2i_X509(3)|d2i_X509(3)> manual page. +i2d_X509() described in the L<d2i_X509(3)> manual page. =head1 NOTES @@ -58,7 +58,7 @@ avoided if possible. =head1 SEE ALSO -L<d2i_X509(3)|d2i_X509(3)> +L<d2i_X509(3)> =head1 HISTORY diff --git a/doc/crypto/d2i_X509.pod b/doc/crypto/d2i_X509.pod index 5b7c16fd03..8a5a9c91fd 100644 --- a/doc/crypto/d2i_X509.pod +++ b/doc/crypto/d2i_X509.pod @@ -236,21 +236,21 @@ i2d_re_X509_tbs(). d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B<X509> structure or B<NULL> if an error occurs. The error code that can be obtained by -L<ERR_get_error(3)|ERR_get_error(3)>. If the "reuse" capability has been used +L<ERR_get_error(3)>. If the "reuse" capability has been used with a valid X509 structure being passed in via B<px> then the object is not freed in the event of error but may be in a potentially invalid or inconsistent state. i2d_X509() returns the number of bytes successfully encoded or a negative value if an error occurs. The error code can be obtained by -L<ERR_get_error(3)|ERR_get_error(3)>. +L<ERR_get_error(3)>. i2d_X509_bio() and i2d_X509_fp() return 1 for success and 0 if an error -occurs The error code can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. +occurs The error code can be obtained by L<ERR_get_error(3)>. =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)> +L<ERR_get_error(3)> =head1 HISTORY diff --git a/doc/crypto/d2i_X509_ALGOR.pod b/doc/crypto/d2i_X509_ALGOR.pod index 09849b53c8..fb8a75d26e 100644 --- a/doc/crypto/d2i_X509_ALGOR.pod +++ b/doc/crypto/d2i_X509_ALGOR.pod @@ -23,7 +23,7 @@ The functions d2i_X509() and i2d_X509() decode and encode an B<X509_ALGOR> structure which is equivalent to the B<AlgorithmIdentifier> structure. Otherwise they behave in a similar way to d2i_X509() and i2d_X509() -described in the L<d2i_X509(3)|d2i_X509(3)> manual page. +described in the L<d2i_X509(3)> manual page. X509_ALGOR_dup() returns a copy of B<alg>. @@ -46,7 +46,7 @@ encodings and non-zero otherwise. =head1 SEE ALSO -L<d2i_X509(3)|d2i_X509(3)> +L<d2i_X509(3)> =head1 HISTORY diff --git a/doc/crypto/d2i_X509_CRL.pod b/doc/crypto/d2i_X509_CRL.pod index 5ace93ae41..dfa33346b9 100644 --- a/doc/crypto/d2i_X509_CRL.pod +++ b/doc/crypto/d2i_X509_CRL.pod @@ -24,11 +24,11 @@ These functions decode and encode an X509 CRL (certificate revocation list). Otherwise the functions behave in a similar way to d2i_X509() and i2d_X509() -described in the L<d2i_X509(3)|d2i_X509(3)> manual page. +described in the L<d2i_X509(3)> manual page. =head1 SEE ALSO -L<d2i_X509(3)|d2i_X509(3)> +L<d2i_X509(3)> =head1 HISTORY diff --git a/doc/crypto/d2i_X509_NAME.pod b/doc/crypto/d2i_X509_NAME.pod index fe0b6c0999..69f3762236 100644 --- a/doc/crypto/d2i_X509_NAME.pod +++ b/doc/crypto/d2i_X509_NAME.pod @@ -18,11 +18,11 @@ the same as the B<Name> type defined in RFC2459 (and elsewhere) and used for example in certificate subject and issuer names. Otherwise the functions behave in a similar way to d2i_X509() and i2d_X509() -described in the L<d2i_X509(3)|d2i_X509(3)> manual page. +described in the L<d2i_X509(3)> manual page. =head1 SEE ALSO -L<d2i_X509(3)|d2i_X509(3)> +L<d2i_X509(3)> =head1 HISTORY diff --git a/doc/crypto/d2i_X509_REQ.pod b/doc/crypto/d2i_X509_REQ.pod index 3a52df4ce1..1b2a58871c 100644 --- a/doc/crypto/d2i_X509_REQ.pod +++ b/doc/crypto/d2i_X509_REQ.pod @@ -23,11 +23,11 @@ i2d_X509_REQ_bio, i2d_X509_REQ_fp - PKCS#10 certificate request functions. These functions decode and encode a PKCS#10 certificate request. Otherwise these behave in a similar way to d2i_X509() and i2d_X509() -described in the L<d2i_X509(3)|d2i_X509(3)> manual page. +described in the L<d2i_X509(3)> manual page. =head1 SEE ALSO -L<d2i_X509(3)|d2i_X509(3)> +L<d2i_X509(3)> =head1 HISTORY diff --git a/doc/crypto/d2i_X509_SIG.pod b/doc/crypto/d2i_X509_SIG.pod index 38a6f20d63..3efb556a06 100644 --- a/doc/crypto/d2i_X509_SIG.pod +++ b/doc/crypto/d2i_X509_SIG.pod @@ -17,11 +17,11 @@ These functions decode and encode an X509_SIG structure which is equivalent to the B<DigestInfo> structure defined in PKCS#1 and PKCS#7. Otherwise these behave in a similar way to d2i_X509() and i2d_X509() -described in the L<d2i_X509(3)|d2i_X509(3)> manual page. +described in the L<d2i_X509(3)> manual page. =head1 SEE ALSO -L<d2i_X509(3)|d2i_X509(3)> +L<d2i_X509(3)> =head1 HISTORY diff --git a/doc/crypto/des.pod b/doc/crypto/des.pod index 6742a4cfb6..a6938aa79a 100644 --- a/doc/crypto/des.pod +++ b/doc/crypto/des.pod @@ -111,7 +111,7 @@ each byte is the parity bit. The key schedule is an expanded form of the key; it is used to speed the encryption process. DES_random_key() generates a random key. The PRNG must be seeded -prior to using this function (see L<rand(3)|rand(3)>). If the PRNG +prior to using this function (see L<rand(3)>). If the PRNG could not generate a secure key, 0 is returned. Before a DES key can be used, it must be converted into the @@ -226,7 +226,7 @@ DES_cbc_cksum() produces an 8 byte checksum based on the input stream (via CBC encryption). The last 4 bytes of the checksum are returned and the complete 8 bytes are placed in I<output>. This function is used by Kerberos v4. Other applications should use -L<EVP_DigestInit(3)|EVP_DigestInit(3)> etc. instead. +L<EVP_DigestInit(3)> etc. instead. DES_quad_cksum() is a Kerberos v4 function. It returns a 4 byte checksum from the input bytes. The algorithm can be iterated over the @@ -306,11 +306,11 @@ the MIT Kerberos library. =head1 NOTES Applications should use the higher level functions -L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> etc. instead of calling these +L<EVP_EncryptInit(3)> etc. instead of calling these functions directly. Single-key DES is insecure due to its short key size. ECB mode is -not suitable for most applications; see L<des_modes(7)|des_modes(7)>. +not suitable for most applications; see L<des_modes(7)>. =head1 AUTHOR @@ -319,7 +319,7 @@ Eric Young (eay@cryptsoft.com). Modified for the OpenSSL project =head1 SEE ALSO -L<des_modes(7)|des_modes(7)>, -L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> +L<des_modes(7)>, +L<EVP_EncryptInit(3)> =cut diff --git a/doc/crypto/des_modes.pod b/doc/crypto/des_modes.pod index e883ca8fde..bd6a358aeb 100644 --- a/doc/crypto/des_modes.pod +++ b/doc/crypto/des_modes.pod @@ -248,8 +248,8 @@ it to: =head1 SEE ALSO -L<blowfish(3)|blowfish(3)>, L<des(3)|des(3)>, L<idea(3)|idea(3)>, -L<rc2(3)|rc2(3)> +L<blowfish(3)>, L<des(3)>, L<idea(3)>, +L<rc2(3)> =cut diff --git a/doc/crypto/dh.pod b/doc/crypto/dh.pod index 1c8a327458..6115e8c257 100644 --- a/doc/crypto/dh.pod +++ b/doc/crypto/dh.pod @@ -40,7 +40,7 @@ dh - Diffie-Hellman key agreement These functions implement the Diffie-Hellman key agreement protocol. The generation of shared DH parameters is described in -L<DH_generate_parameters(3)|DH_generate_parameters(3)>; L<DH_generate_key(3)|DH_generate_key(3)> describes how +L<DH_generate_parameters(3)>; L<DH_generate_key(3)> describes how to perform a key agreement. The B<DH> structure consists of several BIGNUM components. @@ -65,12 +65,12 @@ modify keys. =head1 SEE ALSO -L<dhparam(1)|dhparam(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, -L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<engine(3)|engine(3)>, -L<DH_set_method(3)|DH_set_method(3)>, L<DH_new(3)|DH_new(3)>, -L<DH_get_ex_new_index(3)|DH_get_ex_new_index(3)>, -L<DH_generate_parameters(3)|DH_generate_parameters(3)>, -L<DH_compute_key(3)|DH_compute_key(3)>, L<d2i_DHparams(3)|d2i_DHparams(3)>, -L<RSA_print(3)|RSA_print(3)> +L<dhparam(1)>, L<bn(3)>, L<dsa(3)>, L<err(3)>, +L<rand(3)>, L<rsa(3)>, L<engine(3)>, +L<DH_set_method(3)>, L<DH_new(3)>, +L<DH_get_ex_new_index(3)>, +L<DH_generate_parameters(3)>, +L<DH_compute_key(3)>, L<d2i_DHparams(3)>, +L<RSA_print(3)> =cut diff --git a/doc/crypto/dsa.pod b/doc/crypto/dsa.pod index da07d2b930..f0b74c1f4e 100644 --- a/doc/crypto/dsa.pod +++ b/doc/crypto/dsa.pod @@ -65,10 +65,10 @@ dsa - Digital Signature Algorithm These functions implement the Digital Signature Algorithm (DSA). The generation of shared DSA parameters is described in -L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>; -L<DSA_generate_key(3)|DSA_generate_key(3)> describes how to +L<DSA_generate_parameters(3)>; +L<DSA_generate_key(3)> describes how to generate a signature key. Signature generation and verification are -described in L<DSA_sign(3)|DSA_sign(3)>. +described in L<DSA_sign(3)>. The B<DSA> structure consists of several BIGNUM components. @@ -100,15 +100,15 @@ Standard, DSS), ANSI X9.30 =head1 SEE ALSO -L<bn(3)|bn(3)>, L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, -L<rsa(3)|rsa(3)>, L<sha(3)|sha(3)>, L<engine(3)|engine(3)>, -L<DSA_new(3)|DSA_new(3)>, -L<DSA_size(3)|DSA_size(3)>, -L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>, -L<DSA_dup_DH(3)|DSA_dup_DH(3)>, -L<DSA_generate_key(3)|DSA_generate_key(3)>, -L<DSA_sign(3)|DSA_sign(3)>, L<DSA_set_method(3)|DSA_set_method(3)>, -L<DSA_get_ex_new_index(3)|DSA_get_ex_new_index(3)>, -L<RSA_print(3)|RSA_print(3)> +L<bn(3)>, L<dh(3)>, L<err(3)>, L<rand(3)>, +L<rsa(3)>, L<sha(3)>, L<engine(3)>, +L<DSA_new(3)>, +L<DSA_size(3)>, +L<DSA_generate_parameters(3)>, +L<DSA_dup_DH(3)>, +L<DSA_generate_key(3)>, +L<DSA_sign(3)>, L<DSA_set_method(3)>, +L<DSA_get_ex_new_index(3)>, +L<RSA_print(3)> =cut diff --git a/doc/crypto/ec.pod b/doc/crypto/ec.pod index aee0fdf234..515dd2966e 100644 --- a/doc/crypto/ec.pod +++ b/doc/crypto/ec.pod @@ -180,22 +180,22 @@ for different scenarios. No matter which implementation is being used, the inter handles calling the correct implementation when an interface function is invoked. An implementation is represented by an B<EC_METHOD> structure. -The creation and destruction of B<EC_GROUP> objects is described in L<EC_GROUP_new(3)|EC_GROUP_new(3)>. Functions for -manipulating B<EC_GROUP> objects are described in L<EC_GROUP_copy(3)|EC_GROUP_copy(3)>. +The creation and destruction of B<EC_GROUP> objects is described in L<EC_GROUP_new(3)>. Functions for +manipulating B<EC_GROUP> objects are described in L<EC_GROUP_copy(3)>. -Functions for creating, destroying and manipulating B<EC_POINT> objects are explained in L<EC_POINT_new(3)|EC_POINT_new(3)>, -whilst functions for performing mathematical operations and tests on B<EC_POINTs> are covered in L<EC_POINT_add(3)|EC_POINT_add(3)>. +Functions for creating, destroying and manipulating B<EC_POINT> objects are explained in L<EC_POINT_new(3)>, +whilst functions for performing mathematical operations and tests on B<EC_POINTs> are covered in L<EC_POINT_add(3)>. -For working with private and public keys refer to L<EC_KEY_new(3)|EC_KEY_new(3)>. Implementations are covered in -L<EC_GFp_simple_method(3)|EC_GFp_simple_method(3)>. +For working with private and public keys refer to L<EC_KEY_new(3)>. Implementations are covered in +L<EC_GFp_simple_method(3)>. -For information on encoding and decoding curve parameters to and from ASN1 see L<d2i_ECPKParameters(3)|d2i_ECPKParameters(3)>. +For information on encoding and decoding curve parameters to and from ASN1 see L<d2i_ECPKParameters(3)>. =head1 SEE ALSO -L<crypto(3)|crypto(3)>, L<EC_GROUP_new(3)|EC_GROUP_new(3)>, L<EC_GROUP_copy(3)|EC_GROUP_copy(3)>, -L<EC_POINT_new(3)|EC_POINT_new(3)>, L<EC_POINT_add(3)|EC_POINT_add(3)>, L<EC_KEY_new(3)|EC_KEY_new(3)>, -L<EC_GFp_simple_method(3)|EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)|d2i_ECPKParameters(3)> +L<crypto(3)>, L<EC_GROUP_new(3)>, L<EC_GROUP_copy(3)>, +L<EC_POINT_new(3)>, L<EC_POINT_add(3)>, L<EC_KEY_new(3)>, +L<EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)> =cut diff --git a/doc/crypto/ecdsa.pod b/doc/crypto/ecdsa.pod index 46c071b733..f49d2cedaf 100644 --- a/doc/crypto/ecdsa.pod +++ b/doc/crypto/ecdsa.pod @@ -119,7 +119,7 @@ on error. ECDSA_verify() and ECDSA_do_verify() return 1 for a valid signature, 0 for an invalid signature and -1 on error. -The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. +The error codes can be obtained by L<ERR_get_error(3)>. =head1 EXAMPLES @@ -193,7 +193,7 @@ ANSI X9.62, US Federal Information Processing Standard FIPS 186-2 =head1 SEE ALSO -L<dsa(3)|dsa(3)>, L<rsa(3)|rsa(3)> +L<dsa(3)>, L<rsa(3)> =head1 HISTORY diff --git a/doc/crypto/engine.pod b/doc/crypto/engine.pod index 7f6cd43cff..c1be658319 100644 --- a/doc/crypto/engine.pod +++ b/doc/crypto/engine.pod @@ -594,6 +594,6 @@ implementations. =head1 SEE ALSO -L<rsa(3)|rsa(3)>, L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>, L<rand(3)|rand(3)> +L<rsa(3)>, L<dsa(3)>, L<dh(3)>, L<rand(3)> =cut diff --git a/doc/crypto/err.pod b/doc/crypto/err.pod index 1a19a19a80..1a3c223526 100644 --- a/doc/crypto/err.pod +++ b/doc/crypto/err.pod @@ -51,18 +51,18 @@ by the return value, and an error code is stored in an error queue associated with the current thread. The B<err> library provides functions to obtain these error codes and textual error messages. -The L<ERR_get_error(3)|ERR_get_error(3)> manpage describes how to +The L<ERR_get_error(3)> manpage describes how to access error codes. Error codes contain information about where the error occurred, and -what went wrong. L<ERR_GET_LIB(3)|ERR_GET_LIB(3)> describes how to +what went wrong. L<ERR_GET_LIB(3)> describes how to extract this information. A method to obtain human-readable error -messages is described in L<ERR_error_string(3)|ERR_error_string(3)>. +messages is described in L<ERR_error_string(3)>. -L<ERR_clear_error(3)|ERR_clear_error(3)> can be used to clear the +L<ERR_clear_error(3)> can be used to clear the error queue. -Note that L<ERR_remove_state(3)|ERR_remove_state(3)> should be used to +Note that L<ERR_remove_state(3)> should be used to avoid memory leaks when threads are terminated. =head1 ADDING NEW ERROR CODES TO OPENSSL @@ -171,16 +171,16 @@ ERR_get_string_table(void) respectively. =head1 SEE ALSO -L<CRYPTO_set_locking_callback(3)|CRYPTO_set_locking_callback(3)>, -L<ERR_get_error(3)|ERR_get_error(3)>, -L<ERR_GET_LIB(3)|ERR_GET_LIB(3)>, -L<ERR_clear_error(3)|ERR_clear_error(3)>, -L<ERR_error_string(3)|ERR_error_string(3)>, -L<ERR_print_errors(3)|ERR_print_errors(3)>, -L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)>, -L<ERR_remove_state(3)|ERR_remove_state(3)>, -L<ERR_put_error(3)|ERR_put_error(3)>, -L<ERR_load_strings(3)|ERR_load_strings(3)>, -L<SSL_get_error(3)|SSL_get_error(3)> +L<CRYPTO_set_locking_callback(3)>, +L<ERR_get_error(3)>, +L<ERR_GET_LIB(3)>, +L<ERR_clear_error(3)>, +L<ERR_error_string(3)>, +L<ERR_print_errors(3)>, +L<ERR_load_crypto_strings(3)>, +L<ERR_remove_state(3)>, +L<ERR_put_error(3)>, +L<ERR_load_strings(3)>, +L<SSL_get_error(3)> =cut diff --git a/doc/crypto/evp.pod b/doc/crypto/evp.pod index 29fab9fd51..58ce83de8c 100644 --- a/doc/crypto/evp.pod +++ b/doc/crypto/evp.pod @@ -27,44 +27,44 @@ functions. The L<B<EVP_Digest>I<...>|EVP_DigestInit(3)> functions provide messa The B<EVP_PKEY>I<...> functions provide a high level interface to asymmetric algorithms. To create a new EVP_PKEY see -L<EVP_PKEY_new(3)|EVP_PKEY_new(3)>. EVP_PKEYs can be associated +L<EVP_PKEY_new(3)>. EVP_PKEYs can be associated with a private key of a particular algorithm by using the functions -described on the L<EVP_PKEY_set1_RSA(3)|EVP_PKEY_set1_RSA(3)> page, or -new keys can be generated using L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)>. -EVP_PKEYs can be compared using L<EVP_PKEY_cmp(3)|EVP_PKEY_cmp(3)>, or printed using -L<EVP_PKEY_print_private(3)|EVP_PKEY_print_private(3)>. +described on the L<EVP_PKEY_set1_RSA(3)> page, or +new keys can be generated using L<EVP_PKEY_keygen(3)>. +EVP_PKEYs can be compared using L<EVP_PKEY_cmp(3)>, or printed using +L<EVP_PKEY_print_private(3)>. The EVP_PKEY functions support the full range of asymmetric algorithm operations: =over -=item For key agreement see L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> +=item For key agreement see L<EVP_PKEY_derive(3)> -=item For signing and verifying see L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, -L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)> and L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>. +=item For signing and verifying see L<EVP_PKEY_sign(3)>, +L<EVP_PKEY_verify(3)> and L<EVP_PKEY_verify_recover(3)>. However, note that these functions do not perform a digest of the data to be signed. Therefore -normally you would use the L<B<EVP_DigestSign>I<...>|EVP_DigestSignInit(3)> +normally you would use the L<EVP_DigestSignInit(3)> functions for this purpose. -=item For encryption and decryption see L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)> -and L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)> respectively. However, note that +=item For encryption and decryption see L<EVP_PKEY_encrypt(3)> +and L<EVP_PKEY_decrypt(3)> respectively. However, note that these functions perform encryption and decryption only. As public key encryption is an expensive operation, normally you would wrap -an encrypted message in a "digital envelope" using the L<B<EVP_Seal>I<...>|EVP_SealInit(3)> and -L<B<EVP_Open>I<...>|EVP_OpenInit(3)> functions. +an encrypted message in a "digital envelope" using the L<EVP_SealInit(3)> and +L<EVP_OpenInit(3)> functions. =back -The L<EVP_BytesToKey(3)|EVP_BytesToKey(3)> function provides some limited support for password +The L<EVP_BytesToKey(3)> function provides some limited support for password based encryption. Careful selection of the parameters will provide a PKCS#5 PBKDF1 compatible implementation. However, new applications should not typically use this (preferring, for example, PBKDF2 from PCKS#5). -Algorithms are loaded with L<OpenSSL_add_all_algorithms(3)|OpenSSL_add_all_algorithms(3)>. +Algorithms are loaded with L<OpenSSL_add_all_algorithms(3)>. All the symmetric algorithms (ciphers), digests and asymmetric algorithms -(public key algorithms) can be replaced by L<ENGINE|engine(3)> modules providing alternative +(public key algorithms) can be replaced by L<engine(3)> modules providing alternative implementations. If ENGINE implementations of ciphers or digests are registered as defaults, then the various EVP functions will automatically use those implementations automatically in preference to built in software @@ -79,25 +79,25 @@ using the high level interface. =head1 SEE ALSO -L<EVP_DigestInit(3)|EVP_DigestInit(3)>, -L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>, -L<EVP_OpenInit(3)|EVP_OpenInit(3)>, -L<EVP_SealInit(3)|EVP_SealInit(3)>, -L<EVP_DigestSignInit(3)|EVP_DigestSignInit(3)>, -L<EVP_SignInit(3)|EVP_SignInit(3)>, -L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>, -L<EVP_PKEY_new(3)|EVP_PKEY_new(3)>, -L<EVP_PKEY_set1_RSA(3)|EVP_PKEY_set1_RSA(3)>, -L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)>, -L<EVP_PKEY_print_private(3)|EVP_PKEY_print_private(3)>, -L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, -L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>, -L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, -L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, -L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>, -L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)>, -L<EVP_BytesToKey(3)|EVP_BytesToKey(3)>, -L<OpenSSL_add_all_algorithms(3)|OpenSSL_add_all_algorithms(3)>, -L<engine(3)|engine(3)> +L<EVP_DigestInit(3)>, +L<EVP_EncryptInit(3)>, +L<EVP_OpenInit(3)>, +L<EVP_SealInit(3)>, +L<EVP_DigestSignInit(3)>, +L<EVP_SignInit(3)>, +L<EVP_VerifyInit(3)>, +L<EVP_PKEY_new(3)>, +L<EVP_PKEY_set1_RSA(3)>, +L<EVP_PKEY_keygen(3)>, +L<EVP_PKEY_print_private(3)>, +L<EVP_PKEY_decrypt(3)>, +L<EVP_PKEY_encrypt(3)>, +L<EVP_PKEY_sign(3)>, +L<EVP_PKEY_verify(3)>, +L<EVP_PKEY_verify_recover(3)>, +L<EVP_PKEY_derive(3)>, +L<EVP_BytesToKey(3)>, +L<OpenSSL_add_all_algorithms(3)>, +L<engine(3)> =cut diff --git a/doc/crypto/hmac.pod b/doc/crypto/hmac.pod index 58a57f47bb..372a0f403e 100644 --- a/doc/crypto/hmac.pod +++ b/doc/crypto/hmac.pod @@ -90,7 +90,7 @@ RFC 2104 =head1 SEE ALSO -L<sha(3)|sha(3)>, L<evp(3)|evp(3)> +L<sha(3)>, L<evp(3)> =head1 HISTORY diff --git a/doc/crypto/i2d_CMS_bio_stream.pod b/doc/crypto/i2d_CMS_bio_stream.pod index 558bdd0812..42b06c2b9f 100644 --- a/doc/crypto/i2d_CMS_bio_stream.pod +++ b/doc/crypto/i2d_CMS_bio_stream.pod @@ -31,11 +31,11 @@ i2d_CMS_bio_stream() returns 1 for success or 0 for failure. =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_sign(3)|CMS_sign(3)>, -L<CMS_verify(3)|CMS_verify(3)>, L<CMS_encrypt(3)|CMS_encrypt(3)> -L<CMS_decrypt(3)|CMS_decrypt(3)>, -L<SMIME_write_CMS(3)|SMIME_write_CMS(3)>, -L<PEM_write_bio_CMS_stream(3)|PEM_write_bio_CMS_stream(3)> +L<ERR_get_error(3)>, L<CMS_sign(3)>, +L<CMS_verify(3)>, L<CMS_encrypt(3)> +L<CMS_decrypt(3)>, +L<SMIME_write_CMS(3)>, +L<PEM_write_bio_CMS_stream(3)> =head1 HISTORY diff --git a/doc/crypto/i2d_PKCS7_bio_stream.pod b/doc/crypto/i2d_PKCS7_bio_stream.pod index a37231e267..7a96cf9591 100644 --- a/doc/crypto/i2d_PKCS7_bio_stream.pod +++ b/doc/crypto/i2d_PKCS7_bio_stream.pod @@ -31,11 +31,11 @@ i2d_PKCS7_bio_stream() returns 1 for success or 0 for failure. =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_sign(3)|PKCS7_sign(3)>, -L<PKCS7_verify(3)|PKCS7_verify(3)>, L<PKCS7_encrypt(3)|PKCS7_encrypt(3)> -L<PKCS7_decrypt(3)|PKCS7_decrypt(3)>, -L<SMIME_write_PKCS7(3)|SMIME_write_PKCS7(3)>, -L<PEM_write_bio_PKCS7_stream(3)|PEM_write_bio_PKCS7_stream(3)> +L<ERR_get_error(3)>, L<PKCS7_sign(3)>, +L<PKCS7_verify(3)>, L<PKCS7_encrypt(3)> +L<PKCS7_decrypt(3)>, +L<SMIME_write_PKCS7(3)>, +L<PEM_write_bio_PKCS7_stream(3)> =head1 HISTORY diff --git a/doc/crypto/lh_stats.pod b/doc/crypto/lh_stats.pod index 3eeaa72e52..2a78c145bb 100644 --- a/doc/crypto/lh_stats.pod +++ b/doc/crypto/lh_stats.pod @@ -49,7 +49,7 @@ These functions do not return values. =head1 SEE ALSO -L<bio(3)|bio(3)>, L<lhash(3)|lhash(3)> +L<bio(3)>, L<lhash(3)> =head1 HISTORY diff --git a/doc/crypto/lhash.pod b/doc/crypto/lhash.pod index 73a19b6c7e..25410fa1b5 100644 --- a/doc/crypto/lhash.pod +++ b/doc/crypto/lhash.pod @@ -282,7 +282,7 @@ used in the function passed to lh_<type>_new(). =head1 SEE ALSO -L<lh_stats(3)|lh_stats(3)> +L<lh_stats(3)> =head1 HISTORY diff --git a/doc/crypto/md5.pod b/doc/crypto/md5.pod index 41a547898a..a8c0718ea2 100644 --- a/doc/crypto/md5.pod +++ b/doc/crypto/md5.pod @@ -64,7 +64,7 @@ MD4_Init(), MD4_Update(), MD4_Final(), MD5_Init(), MD5_Update(), and MD5_Final() are analogous using an B<MD4_CTX> and B<MD5_CTX> structure. Applications should use the higher level functions -L<EVP_DigestInit(3)|EVP_DigestInit(3)> +L<EVP_DigestInit(3)> etc. instead of calling the hash functions directly. =head1 NOTE @@ -87,6 +87,6 @@ RFC 1319, RFC 1320, RFC 1321 =head1 SEE ALSO -L<EVP_DigestInit(3)|EVP_DigestInit(3)> +L<EVP_DigestInit(3)> =cut diff --git a/doc/crypto/mdc2.pod b/doc/crypto/mdc2.pod index 2795868073..f7cc4257fe 100644 --- a/doc/crypto/mdc2.pod +++ b/doc/crypto/mdc2.pod @@ -39,7 +39,7 @@ MDC2_Final() places the message digest in B<md>, which must have space for MDC2_DIGEST_LENGTH == 16 bytes of output, and erases the B<MDC2_CTX>. Applications should use the higher level functions -L<EVP_DigestInit(3)|EVP_DigestInit(3)> etc. instead of calling the +L<EVP_DigestInit(3)> etc. instead of calling the hash functions directly. =head1 RETURN VALUES @@ -54,6 +54,6 @@ ISO/IEC 10118-2, with DES =head1 SEE ALSO -L<EVP_DigestInit(3)|EVP_DigestInit(3)> +L<EVP_DigestInit(3)> =cut diff --git a/doc/crypto/rand.pod b/doc/crypto/rand.pod index d102df2eee..25172d954d 100644 --- a/doc/crypto/rand.pod +++ b/doc/crypto/rand.pod @@ -55,11 +55,11 @@ need randomness. A cryptographic PRNG must be seeded with unpredictable data such as mouse movements or keys pressed at random by the user. This is -described in L<RAND_add(3)|RAND_add(3)>. Its state can be saved in a seed file -(see L<RAND_load_file(3)|RAND_load_file(3)>) to avoid having to go through the +described in L<RAND_add(3)>. Its state can be saved in a seed file +(see L<RAND_load_file(3)>) to avoid having to go through the seeding process whenever the application is started. -L<RAND_bytes(3)|RAND_bytes(3)> describes how to obtain random data from the +L<RAND_bytes(3)> describes how to obtain random data from the PRNG. =head1 INTERNALS @@ -162,14 +162,14 @@ overwritten) and 7 (by not using the 10 bytes given to the caller to update the 'state', but they are used to update 'md'). So of the points raised, only 2 is not addressed (but see -L<RAND_add(3)|RAND_add(3)>). +L<RAND_add(3)>). =head1 SEE ALSO -L<BN_rand(3)|BN_rand(3)>, L<RAND_add(3)|RAND_add(3)>, -L<RAND_load_file(3)|RAND_load_file(3)>, L<RAND_egd(3)|RAND_egd(3)>, -L<RAND_bytes(3)|RAND_bytes(3)>, -L<RAND_set_rand_method(3)|RAND_set_rand_method(3)>, -L<RAND_cleanup(3)|RAND_cleanup(3)> +L<BN_rand(3)>, L<RAND_add(3)>, +L<RAND_load_file(3)>, L<RAND_egd(3)>, +L<RAND_bytes(3)>, +L<RAND_set_rand_method(3)>, +L<RAND_cleanup(3)> =cut diff --git a/doc/crypto/rc4.pod b/doc/crypto/rc4.pod index bbf0f27f47..cbbf5ded2b 100644 --- a/doc/crypto/rc4.pod +++ b/doc/crypto/rc4.pod @@ -44,7 +44,7 @@ RC4_set_key() and RC4() do not return values. =head1 NOTE Applications should use the higher level functions -L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> etc. instead of calling these +L<EVP_EncryptInit(3)> etc. instead of calling these functions directly. It is difficult to securely use stream ciphers. For example, do not perform @@ -56,6 +56,6 @@ RC4_set_key() and RC4() are available in all versions of SSLeay and OpenSSL. =head1 SEE ALSO -L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> +L<EVP_EncryptInit(3)> =cut diff --git a/doc/crypto/ripemd.pod b/doc/crypto/ripemd.pod index e5ca3ad8d3..c7a94cc9ab 100644 --- a/doc/crypto/ripemd.pod +++ b/doc/crypto/ripemd.pod @@ -49,7 +49,7 @@ success, 0 otherwise. =head1 NOTE Applications should use the higher level functions -L<EVP_DigestInit(3)|EVP_DigestInit(3)> etc. instead of calling these +L<EVP_DigestInit(3)> etc. instead of calling these functions directly. =head1 CONFORMING TO @@ -58,6 +58,6 @@ ISO/IEC 10118-3 (draft) (??) =head1 SEE ALSO -L<EVP_DigestInit(3)|EVP_DigestInit(3)> +L<EVP_DigestInit(3)> =cut diff --git a/doc/crypto/rsa.pod b/doc/crypto/rsa.pod index 743334ff79..a1cec7f09b 100644 --- a/doc/crypto/rsa.pod +++ b/doc/crypto/rsa.pod @@ -105,17 +105,17 @@ RSA was covered by a US patent which expired in September 2000. =head1 SEE ALSO -L<rsa(1)|rsa(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>, -L<rand(3)|rand(3)>, L<engine(3)|engine(3)>, L<RSA_new(3)|RSA_new(3)>, -L<RSA_public_encrypt(3)|RSA_public_encrypt(3)>, -L<RSA_sign(3)|RSA_sign(3)>, L<RSA_size(3)|RSA_size(3)>, -L<RSA_generate_key(3)|RSA_generate_key(3)>, -L<RSA_check_key(3)|RSA_check_key(3)>, -L<RSA_blinding_on(3)|RSA_blinding_on(3)>, -L<RSA_set_method(3)|RSA_set_method(3)>, L<RSA_print(3)|RSA_print(3)>, -L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>, -L<RSA_private_encrypt(3)|RSA_private_encrypt(3)>, -L<RSA_sign_ASN1_OCTET_STRING(3)|RSA_sign_ASN1_OCTET_STRING(3)>, -L<RSA_padding_add_PKCS1_type_1(3)|RSA_padding_add_PKCS1_type_1(3)> +L<rsa(1)>, L<bn(3)>, L<dsa(3)>, L<dh(3)>, +L<rand(3)>, L<engine(3)>, L<RSA_new(3)>, +L<RSA_public_encrypt(3)>, +L<RSA_sign(3)>, L<RSA_size(3)>, +L<RSA_generate_key(3)>, +L<RSA_check_key(3)>, +L<RSA_blinding_on(3)>, +L<RSA_set_method(3)>, L<RSA_print(3)>, +L<RSA_get_ex_new_index(3)>, +L<RSA_private_encrypt(3)>, +L<RSA_sign_ASN1_OCTET_STRING(3)>, +L<RSA_padding_add_PKCS1_type_1(3)> =cut diff --git a/doc/crypto/sha.pod b/doc/crypto/sha.pod index 67a04610d5..26f1df3cea 100644 --- a/doc/crypto/sha.pod +++ b/doc/crypto/sha.pod @@ -44,7 +44,7 @@ SHA512_Final - Secure Hash Algorithm =head1 DESCRIPTION Applications should use the higher level functions -L<EVP_DigestInit(3)|EVP_DigestInit(3)> etc. instead of calling the hash +L<EVP_DigestInit(3)> etc. instead of calling the hash functions directly. SHA-1 (Secure Hash Algorithm) is a cryptographic hash function with a @@ -94,6 +94,6 @@ ANSI X9.30 =head1 SEE ALSO -L<EVP_DigestInit(3)|EVP_DigestInit(3)> +L<EVP_DigestInit(3)> =cut diff --git a/doc/crypto/threads.pod b/doc/crypto/threads.pod index 37be84fc39..fd43a2c15a 100644 --- a/doc/crypto/threads.pod +++ b/doc/crypto/threads.pod @@ -205,6 +205,6 @@ thread IDs to always be represented by 'unsigned long'. =head1 SEE ALSO -L<crypto(3)|crypto(3)> +L<crypto(3)> =cut diff --git a/doc/crypto/ui.pod b/doc/crypto/ui.pod index 9dbc2da87a..bb4a8a5f3b 100644 --- a/doc/crypto/ui.pod +++ b/doc/crypto/ui.pod @@ -69,7 +69,7 @@ UI_set_method, UI_OpenSSL, ERR_load_UI_strings - New User Interface UI stands for User Interface, and is general purpose set of routines to prompt the user for text-based information. Through user-written methods -(see L<ui_create(3)|ui_create(3)>), prompting can be done in any way +(see L<ui_create(3)>), prompting can be done in any way imaginable, be it plain text prompting, through dialog boxes or from a cell phone. @@ -181,7 +181,7 @@ UI_set_method() changes the UI method associated with a given UI. =head1 SEE ALSO -L<ui_create(3)|ui_create(3)>, L<ui_compat(3)|ui_compat(3)> +L<ui_create(3)>, L<ui_compat(3)> =head1 HISTORY diff --git a/doc/crypto/x509.pod b/doc/crypto/x509.pod index f9e58e0e41..8639525525 100644 --- a/doc/crypto/x509.pod +++ b/doc/crypto/x509.pod @@ -47,18 +47,18 @@ B<X509_EXTENSION_>I<...> handle certificate extensions. =head1 SEE ALSO -L<X509_NAME_ENTRY_get_object(3)|X509_NAME_ENTRY_get_object(3)>, -L<X509_NAME_add_entry_by_txt(3)|X509_NAME_add_entry_by_txt(3)>, -L<X509_NAME_add_entry_by_NID(3)|X509_NAME_add_entry_by_NID(3)>, -L<X509_NAME_print_ex(3)|X509_NAME_print_ex(3)>, -L<X509_NAME_new(3)|X509_NAME_new(3)>, -L<d2i_X509(3)|d2i_X509(3)>, -L<d2i_X509_ALGOR(3)|d2i_X509_ALGOR(3)>, -L<d2i_X509_CRL(3)|d2i_X509_CRL(3)>, -L<d2i_X509_NAME(3)|d2i_X509_NAME(3)>, -L<d2i_X509_REQ(3)|d2i_X509_REQ(3)>, -L<d2i_X509_SIG(3)|d2i_X509_SIG(3)>, -L<crypto(3)|crypto(3)>, -L<x509v3(3)|x509v3(3)> +L<X509_NAME_ENTRY_get_object(3)>, +L<X509_NAME_add_entry_by_txt(3)>, +L<X509_NAME_add_entry_by_NID(3)>, +L<X509_NAME_print_ex(3)>, +L<X509_NAME_new(3)>, +L<d2i_X509(3)>, +L<d2i_X509_ALGOR(3)>, +L<d2i_X509_CRL(3)>, +L<d2i_X509_NAME(3)>, +L<d2i_X509_REQ(3)>, +L<d2i_X509_SIG(3)>, +L<crypto(3)>, +L<x509v3(3)> =cut diff --git a/doc/ssl/SSL_CIPHER_get_name.pod b/doc/ssl/SSL_CIPHER_get_name.pod index baac900bc4..3ea94b849e 100644 --- a/doc/ssl/SSL_CIPHER_get_name.pod +++ b/doc/ssl/SSL_CIPHER_get_name.pod @@ -125,7 +125,7 @@ See DESCRIPTION =head1 SEE ALSO -L<ssl(3)|ssl(3)>, L<SSL_get_current_cipher(3)|SSL_get_current_cipher(3)>, -L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>, L<ciphers(1)|ciphers(1)> +L<ssl(3)>, L<SSL_get_current_cipher(3)>, +L<SSL_get_ciphers(3)>, L<ciphers(1)> =cut diff --git a/doc/ssl/SSL_COMP_add_compression_method.pod b/doc/ssl/SSL_COMP_add_compression_method.pod index 2bb440379f..6a0caffff9 100644 --- a/doc/ssl/SSL_COMP_add_compression_method.pod +++ b/doc/ssl/SSL_COMP_add_compression_method.pod @@ -71,6 +71,6 @@ The operation failed. Check the error queue to find out the reason. =head1 SEE ALSO -L<ssl(3)|ssl(3)> +L<ssl(3)> =cut diff --git a/doc/ssl/SSL_CONF_CTX_new.pod b/doc/ssl/SSL_CONF_CTX_new.pod index 79c8c94ee0..329e3c78e4 100644 --- a/doc/ssl/SSL_CONF_CTX_new.pod +++ b/doc/ssl/SSL_CONF_CTX_new.pod @@ -28,11 +28,11 @@ SSL_CONF_CTX_free() does not return a value. =head1 SEE ALSO -L<SSL_CONF_CTX_set_flags(3)|SSL_CONF_CTX_set_flags(3)>, -L<SSL_CONF_CTX_set_ssl_ctx(3)|SSL_CONF_CTX_set_ssl_ctx(3)>, -L<SSL_CONF_CTX_set1_prefix(3)|SSL_CONF_CTX_set1_prefix(3)>, -L<SSL_CONF_cmd(3)|SSL_CONF_cmd(3)>, -L<SSL_CONF_cmd_argv(3)|SSL_CONF_cmd_argv(3)> +L<SSL_CONF_CTX_set_flags(3)>, +L<SSL_CONF_CTX_set_ssl_ctx(3)>, +L<SSL_CONF_CTX_set1_prefix(3)>, +L<SSL_CONF_cmd(3)>, +L<SSL_CONF_cmd_argv(3)> =head1 HISTORY diff --git a/doc/ssl/SSL_CONF_CTX_set1_prefix.pod b/doc/ssl/SSL_CONF_CTX_set1_prefix.pod index 76990188d1..5083a73876 100644 --- a/doc/ssl/SSL_CONF_CTX_set1_prefix.pod +++ b/doc/ssl/SSL_CONF_CTX_set1_prefix.pod @@ -36,11 +36,11 @@ SSL_CONF_CTX_set1_prefix() returns 1 for success and 0 for failure. =head1 SEE ALSO -L<SSL_CONF_CTX_new(3)|SSL_CONF_CTX_new(3)>, -L<SSL_CONF_CTX_set_flags(3)|SSL_CONF_CTX_set_flags(3)>, -L<SSL_CONF_CTX_set_ssl_ctx(3)|SSL_CONF_CTX_set_ssl_ctx(3)>, -L<SSL_CONF_cmd(3)|SSL_CONF_cmd(3)>, -L<SSL_CONF_cmd_argv(3)|SSL_CONF_cmd_argv(3)> +L<SSL_CONF_CTX_new(3)>, +L<SSL_CONF_CTX_set_flags(3)>, +L<SSL_CONF_CTX_set_ssl_ctx(3)>, +L<SSL_CONF_cmd(3)>, +L<SSL_CONF_cmd_argv(3)> =head1 HISTORY diff --git a/doc/ssl/SSL_CONF_CTX_set_flags.pod b/doc/ssl/SSL_CONF_CTX_set_flags.pod index fdff4706c7..10cfc4d17f 100644 --- a/doc/ssl/SSL_CONF_CTX_set_flags.pod +++ b/doc/ssl/SSL_CONF_CTX_set_flags.pod @@ -62,11 +62,11 @@ value after setting or clearing flags. =head1 SEE ALSO -L<SSL_CONF_CTX_new(3)|SSL_CONF_CTX_new(3)>, -L<SSL_CONF_CTX_set_ssl_ctx(3)|SSL_CONF_CTX_set_ssl_ctx(3)>, -L<SSL_CONF_CTX_set1_prefix(3)|SSL_CONF_CTX_set1_prefix(3)>, -L<SSL_CONF_cmd(3)|SSL_CONF_cmd(3)>, -L<SSL_CONF_cmd_argv(3)|SSL_CONF_cmd_argv(3)> +L<SSL_CONF_CTX_new(3)>, +L<SSL_CONF_CTX_set_ssl_ctx(3)>, +L<SSL_CONF_CTX_set1_prefix(3)>, +L<SSL_CONF_cmd(3)>, +L<SSL_CONF_cmd_argv(3)> =head1 HISTORY diff --git a/doc/ssl/SSL_CONF_CTX_set_ssl_ctx.pod b/doc/ssl/SSL_CONF_CTX_set_ssl_ctx.pod index 2049a53362..e7ede4284a 100644 --- a/doc/ssl/SSL_CONF_CTX_set_ssl_ctx.pod +++ b/doc/ssl/SSL_CONF_CTX_set_ssl_ctx.pod @@ -34,11 +34,11 @@ SSL_CONF_CTX_set_ssl_ctx() and SSL_CTX_set_ssl() do not return a value. =head1 SEE ALSO -L<SSL_CONF_CTX_new(3)|SSL_CONF_CTX_new(3)>, -L<SSL_CONF_CTX_set_flags(3)|SSL_CONF_CTX_set_flags(3)>, -L<SSL_CONF_CTX_set1_prefix(3)|SSL_CONF_CTX_set1_prefix(3)>, -L<SSL_CONF_cmd(3)|SSL_CONF_cmd(3)>, -L<SSL_CONF_cmd_argv(3)|SSL_CONF_cmd_argv(3)> +L<SSL_CONF_CTX_new(3)>, +L<SSL_CONF_CTX_set_flags(3)>, +L<SSL_CONF_CTX_set1_prefix(3)>, +L<SSL_CONF_cmd(3)>, +L<SSL_CONF_cmd_argv(3)> =head1 HISTORY diff --git a/doc/ssl/SSL_CONF_cmd.pod b/doc/ssl/SSL_CONF_cmd.pod index 16b368a6f3..e8eeb15f15 100644 --- a/doc/ssl/SSL_CONF_cmd.pod +++ b/doc/ssl/SSL_CONF_cmd.pod @@ -457,11 +457,11 @@ SSL_CONF_finish() returns 1 for success and 0 for failure. =head1 SEE ALSO -L<SSL_CONF_CTX_new(3)|SSL_CONF_CTX_new(3)>, -L<SSL_CONF_CTX_set_flags(3)|SSL_CONF_CTX_set_flags(3)>, -L<SSL_CONF_CTX_set1_prefix(3)|SSL_CONF_CTX_set1_prefix(3)>, -L<SSL_CONF_CTX_set_ssl_ctx(3)|SSL_CONF_CTX_set_ssl_ctx(3)>, -L<SSL_CONF_cmd_argv(3)|SSL_CONF_cmd_argv(3)> +L<SSL_CONF_CTX_new(3)>, +L<SSL_CONF_CTX_set_flags(3)>, +L<SSL_CONF_CTX_set1_prefix(3)>, +L<SSL_CONF_CTX_set_ssl_ctx(3)>, +L<SSL_CONF_cmd_argv(3)> =head1 HISTORY diff --git a/doc/ssl/SSL_CONF_cmd_argv.pod b/doc/ssl/SSL_CONF_cmd_argv.pod index 6e66441cd1..c06b44f98c 100644 --- a/doc/ssl/SSL_CONF_cmd_argv.pod +++ b/doc/ssl/SSL_CONF_cmd_argv.pod @@ -29,11 +29,11 @@ to an error: for example a syntax error in the argument. =head1 SEE ALSO -L<SSL_CONF_CTX_new(3)|SSL_CONF_CTX_new(3)>, -L<SSL_CONF_CTX_set_flags(3)|SSL_CONF_CTX_set_flags(3)>, -L<SSL_CONF_CTX_set1_prefix(3)|SSL_CONF_CTX_set1_prefix(3)>, -L<SSL_CONF_CTX_set_ssl_ctx(3)|SSL_CONF_CTX_set_ssl_ctx(3)>, -L<SSL_CONF_cmd(3)|SSL_CONF_cmd(3)> +L<SSL_CONF_CTX_new(3)>, +L<SSL_CONF_CTX_set_flags(3)>, +L<SSL_CONF_CTX_set1_prefix(3)>, +L<SSL_CONF_CTX_set_ssl_ctx(3)>, +L<SSL_CONF_cmd(3)> =head1 HISTORY diff --git a/doc/ssl/SSL_CTX_add1_chain_cert.pod b/doc/ssl/SSL_CTX_add1_chain_cert.pod index 786f31e4f6..545b82ebcf 100644 --- a/doc/ssl/SSL_CTX_add1_chain_cert.pod +++ b/doc/ssl/SSL_CTX_add1_chain_cert.pod @@ -140,7 +140,7 @@ All other functions return 1 for success and 0 for failure. =head1 SEE ALSO -L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)> +L<SSL_CTX_add_extra_chain_cert(3)> =head1 HISTORY diff --git a/doc/ssl/SSL_CTX_add_extra_chain_cert.pod b/doc/ssl/SSL_CTX_add_extra_chain_cert.pod index 04300fbe6f..63cf2b2a96 100644 --- a/doc/ssl/SSL_CTX_add_extra_chain_cert.pod +++ b/doc/ssl/SSL_CTX_add_extra_chain_cert.pod @@ -30,7 +30,7 @@ following the end entity certificate. If no chain is specified, the library will try to complete the chain from the available CA certificates in the trusted CA storage, see -L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>. +L<SSL_CTX_load_verify_locations(3)>. The B<x509> certificate provided to SSL_CTX_add_extra_chain_cert() will be freed by the library when the B<SSL_CTX> is destroyed. An application @@ -53,19 +53,19 @@ reason for failure. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, -L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>, -L<SSL_CTX_set_client_cert_cb(3)|SSL_CTX_set_client_cert_cb(3)>, -L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)> -L<SSL_CTX_set0_chain(3)|SSL_CTX_set0_chain(3)> -L<SSL_CTX_set1_chain(3)|SSL_CTX_set1_chain(3)> -L<SSL_CTX_add0_chain_cert(3)|SSL_CTX_add0_chain_cert(3)> -L<SSL_CTX_add1_chain_cert(3)|SSL_CTX_add1_chain_cert(3)> -L<SSL_set0_chain(3)|SSL_set0_chain(3)> -L<SSL_set1_chain(3)|SSL_set1_chain(3)> -L<SSL_add0_chain_cert(3)|SSL_add0_chain_cert(3)> -L<SSL_add1_chain_cert(3)|SSL_add1_chain_cert(3)> -L<SSL_CTX_build_cert_chain(3)|SSL_CTX_build_cert_chain(3)> -L<SSL_build_cert_chain(3)|SSL_build_cert_chain(3)> +L<ssl(3)>, +L<SSL_CTX_use_certificate(3)>, +L<SSL_CTX_set_client_cert_cb(3)>, +L<SSL_CTX_load_verify_locations(3)> +L<SSL_CTX_set0_chain(3)> +L<SSL_CTX_set1_chain(3)> +L<SSL_CTX_add0_chain_cert(3)> +L<SSL_CTX_add1_chain_cert(3)> +L<SSL_set0_chain(3)> +L<SSL_set1_chain(3)> +L<SSL_add0_chain_cert(3)> +L<SSL_add1_chain_cert(3)> +L<SSL_CTX_build_cert_chain(3)> +L<SSL_build_cert_chain(3)> =cut diff --git a/doc/ssl/SSL_CTX_add_session.pod b/doc/ssl/SSL_CTX_add_session.pod index c660a18fc2..fb8cf6a9bf 100644 --- a/doc/ssl/SSL_CTX_add_session.pod +++ b/doc/ssl/SSL_CTX_add_session.pod @@ -19,10 +19,10 @@ SSL_CTX_add_session, SSL_add_session, SSL_CTX_remove_session, SSL_remove_session SSL_CTX_add_session() adds the session B<c> to the context B<ctx>. The reference count for session B<c> is incremented by 1. If a session with the same session id already exists, the old session is removed by calling -L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>. +L<SSL_SESSION_free(3)>. SSL_CTX_remove_session() removes the session B<c> from the context B<ctx>. -L<SSL_SESSION_free(3)|SSL_SESSION_free(3)> is called once for B<c>. +L<SSL_SESSION_free(3)> is called once for B<c>. SSL_add_session() and SSL_remove_session() are synonyms for their SSL_CTX_*() counterparts. @@ -66,8 +66,8 @@ The following values are returned by all functions: =head1 SEE ALSO -L<ssl(3)|ssl(3)>, -L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>, -L<SSL_SESSION_free(3)|SSL_SESSION_free(3)> +L<ssl(3)>, +L<SSL_CTX_set_session_cache_mode(3)>, +L<SSL_SESSION_free(3)> =cut diff --git a/doc/ssl/SSL_CTX_ctrl.pod b/doc/ssl/SSL_CTX_ctrl.pod index fb6adcf50c..b59d267bfc 100644 --- a/doc/ssl/SSL_CTX_ctrl.pod +++ b/doc/ssl/SSL_CTX_ctrl.pod @@ -29,6 +29,6 @@ supplied via the B<cmd> parameter. =head1 SEE ALSO -L<ssl(3)|ssl(3)> +L<ssl(3)> =cut diff --git a/doc/ssl/SSL_CTX_flush_sessions.pod b/doc/ssl/SSL_CTX_flush_sessions.pod index 148c36c871..103e13fc68 100644 --- a/doc/ssl/SSL_CTX_flush_sessions.pod +++ b/doc/ssl/SSL_CTX_flush_sessions.pod @@ -25,7 +25,7 @@ up to the specified maximum number (see SSL_CTX_sess_set_cache_size()). As sessions will not be reused ones they are expired, they should be removed from the cache to save resources. This can either be done automatically whenever 255 new sessions were established (see -L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>) +L<SSL_CTX_set_session_cache_mode(3)>) or manually by calling SSL_CTX_flush_sessions(). The parameter B<tm> specifies the time which should be used for the @@ -35,15 +35,15 @@ will be used. SSL_CTX_flush_sessions() will only check sessions stored in the internal cache. When a session is found and removed, the remove_session_cb is however called to synchronize with the external cache (see -L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>). +L<SSL_CTX_sess_set_get_cb(3)>). =head1 RETURN VALUES =head1 SEE ALSO -L<ssl(3)|ssl(3)>, -L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>, -L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>, -L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)> +L<ssl(3)>, +L<SSL_CTX_set_session_cache_mode(3)>, +L<SSL_CTX_set_timeout(3)>, +L<SSL_CTX_sess_set_get_cb(3)> =cut diff --git a/doc/ssl/SSL_CTX_free.pod b/doc/ssl/SSL_CTX_free.pod index f37617dcef..22ce5505dc 100644 --- a/doc/ssl/SSL_CTX_free.pod +++ b/doc/ssl/SSL_CTX_free.pod @@ -37,7 +37,7 @@ SSL_CTX_free() does not provide diagnostic information. =head1 SEE ALSO -L<SSL_CTX_new(3)|SSL_CTX_new(3)>, L<ssl(3)|ssl(3)>, -L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)> +L<SSL_CTX_new(3)>, L<ssl(3)>, +L<SSL_CTX_sess_set_get_cb(3)> =cut diff --git a/doc/ssl/SSL_CTX_get0_param.pod b/doc/ssl/SSL_CTX_get0_param.pod index ba16b50f08..6fdc2bd073 100644 --- a/doc/ssl/SSL_CTX_get0_param.pod +++ b/doc/ssl/SSL_CTX_get0_param.pod @@ -46,7 +46,7 @@ for failure. =head1 SEE ALSO -L<X509_VERIFY_PARAM_set_flags(3)|X509_VERIFY_PARAM_set_flags(3)> +L<X509_VERIFY_PARAM_set_flags(3)> =head1 HISTORY diff --git a/doc/ssl/SSL_CTX_get_ex_new_index.pod b/doc/ssl/SSL_CTX_get_ex_new_index.pod index 0c40a91f2f..fc72837731 100644 --- a/doc/ssl/SSL_CTX_get_ex_new_index.pod +++ b/doc/ssl/SSL_CTX_get_ex_new_index.pod @@ -40,14 +40,14 @@ SSL_CTX_get_ex_data() is used to retrieve the information for B<idx> from B<ctx>. A detailed description for the B<*_get_ex_new_index()> functionality -can be found in L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>. +can be found in L<RSA_get_ex_new_index(3)>. The B<*_get_ex_data()> and B<*_set_ex_data()> functionality is described in -L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>. +L<CRYPTO_set_ex_data(3)>. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, -L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>, -L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)> +L<ssl(3)>, +L<RSA_get_ex_new_index(3)>, +L<CRYPTO_set_ex_data(3)> =cut diff --git a/doc/ssl/SSL_CTX_get_verify_mode.pod b/doc/ssl/SSL_CTX_get_verify_mode.pod index 2a3747e75c..f75c2dae79 100644 --- a/doc/ssl/SSL_CTX_get_verify_mode.pod +++ b/doc/ssl/SSL_CTX_get_verify_mode.pod @@ -45,6 +45,6 @@ See DESCRIPTION =head1 SEE ALSO -L<ssl(3)|ssl(3)>, L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)> +L<ssl(3)>, L<SSL_CTX_set_verify(3)> =cut diff --git a/doc/ssl/SSL_CTX_load_verify_locations.pod b/doc/ssl/SSL_CTX_load_verify_locations.pod index d1d8977195..8f7d627690 100644 --- a/doc/ssl/SSL_CTX_load_verify_locations.pod +++ b/doc/ssl/SSL_CTX_load_verify_locations.pod @@ -59,14 +59,14 @@ In server mode, when requesting a client certificate, the server must send the list of CAs of which it will accept client certificates. This list is not influenced by the contents of B<CAfile> or B<CApath> and must explicitly be set using the -L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)> +L<SSL_CTX_set_client_CA_list(3)> family of functions. When building its own certificate chain, an OpenSSL client/server will try to fill in missing certificates from B<CAfile>/B<CApath>, if the certificate chain was not explicitly specified (see -L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>, -L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>. +L<SSL_CTX_add_extra_chain_cert(3)>, +L<SSL_CTX_use_certificate(3)>. =head1 WARNINGS @@ -114,11 +114,11 @@ The operation succeeded. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, -L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>, -L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>, -L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>, -L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>, -L<SSL_CTX_set_cert_store(3)|SSL_CTX_set_cert_store(3)> +L<ssl(3)>, +L<SSL_CTX_set_client_CA_list(3)>, +L<SSL_get_client_CA_list(3)>, +L<SSL_CTX_use_certificate(3)>, +L<SSL_CTX_add_extra_chain_cert(3)>, +L<SSL_CTX_set_cert_store(3)> =cut diff --git a/doc/ssl/SSL_CTX_new.pod b/doc/ssl/SSL_CTX_new.pod index c788b9b1ab..3cbf7a7aab 100644 --- a/doc/ssl/SSL_CTX_new.pod +++ b/doc/ssl/SSL_CTX_new.pod @@ -109,7 +109,7 @@ were introduced in OpenSSL 1.1.0. =head1 SEE ALSO -L<SSL_CTX_free(3)|SSL_CTX_free(3)>, L<SSL_accept(3)|SSL_accept(3)>, -L<ssl(3)|ssl(3)>, L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> +L<SSL_CTX_free(3)>, L<SSL_accept(3)>, +L<ssl(3)>, L<SSL_set_connect_state(3)> =cut diff --git a/doc/ssl/SSL_CTX_sess_number.pod b/doc/ssl/SSL_CTX_sess_number.pod index 19aa4e2902..aa82c30a51 100644 --- a/doc/ssl/SSL_CTX_sess_number.pod +++ b/doc/ssl/SSL_CTX_sess_number.pod @@ -45,7 +45,7 @@ SSL_CTX_sess_accept_renegotiate() returns the number of start renegotiations in server mode. SSL_CTX_sess_hits() returns the number of successfully reused sessions. -In client mode a session set with L<SSL_set_session(3)|SSL_set_session(3)> +In client mode a session set with L<SSL_set_session(3)> successfully reused is counted as a hit. In server mode a session successfully retrieved from internal or external cache is counted as a hit. @@ -69,8 +69,8 @@ The functions return the values indicated in the DESCRIPTION section. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, L<SSL_set_session(3)|SSL_set_session(3)>, -L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)> -L<SSL_CTX_sess_set_cache_size(3)|SSL_CTX_sess_set_cache_size(3)> +L<ssl(3)>, L<SSL_set_session(3)>, +L<SSL_CTX_set_session_cache_mode(3)> +L<SSL_CTX_sess_set_cache_size(3)> =cut diff --git a/doc/ssl/SSL_CTX_sess_set_cache_size.pod b/doc/ssl/SSL_CTX_sess_set_cache_size.pod index 4aeda096d6..32396759c3 100644 --- a/doc/ssl/SSL_CTX_sess_set_cache_size.pod +++ b/doc/ssl/SSL_CTX_sess_set_cache_size.pod @@ -29,7 +29,7 @@ case is the size 0, which is used for unlimited size. If adding the session makes the cache exceed its size, then unused sessions are dropped from the end of the cache. Cache space may also be reclaimed by calling -L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)> to remove +L<SSL_CTX_flush_sessions(3)> to remove expired sessions. If the size of the session cache is reduced and more sessions are already @@ -45,9 +45,9 @@ SSL_CTX_sess_get_cache_size() returns the currently valid size. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, -L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>, -L<SSL_CTX_sess_number(3)|SSL_CTX_sess_number(3)>, -L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)> +L<ssl(3)>, +L<SSL_CTX_set_session_cache_mode(3)>, +L<SSL_CTX_sess_number(3)>, +L<SSL_CTX_flush_sessions(3)> =cut diff --git a/doc/ssl/SSL_CTX_sess_set_get_cb.pod b/doc/ssl/SSL_CTX_sess_set_get_cb.pod index b9d54a40a1..edde048e77 100644 --- a/doc/ssl/SSL_CTX_sess_set_get_cb.pod +++ b/doc/ssl/SSL_CTX_sess_set_get_cb.pod @@ -37,7 +37,7 @@ of exceeding the timeout value. SSL_CTX_sess_set_get_cb() sets the callback function which is called, whenever a SSL/TLS client proposed to resume a session but the session could not be found in the internal session cache (see -L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>). +L<SSL_CTX_set_session_cache_mode(3)>). (SSL/TLS server only.) SSL_CTX_sess_get_new_cb(), SSL_CTX_sess_get_remove_cb(), and @@ -50,11 +50,11 @@ the NULL pointer is returned. In order to allow external session caching, synchronization with the internal session cache is realized via callback functions. Inside these callback functions, session can be saved to disk or put into a database using the -L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)> interface. +L<d2i_SSL_SESSION(3)> interface. The new_session_cb() is called, whenever a new session has been negotiated and session caching is enabled (see -L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>). +L<SSL_CTX_set_session_cache_mode(3)>). The new_session_cb() is passed the B<ssl> connection and the ssl session B<sess>. If the callback returns B<0>, the session will be immediately removed again. @@ -63,7 +63,7 @@ The remove_session_cb() is called, whenever the SSL engine removes a session from the internal cache. This happens when the session is removed because it is expired or when a connection was not shutdown cleanly. It also happens for all sessions in the internal session cache when -L<SSL_CTX_free(3)|SSL_CTX_free(3)> is called. The remove_session_cb() is passed +L<SSL_CTX_free(3)> is called. The remove_session_cb() is passed the B<ctx> and the ssl session B<sess>. It does not provide any feedback. The get_session_cb() is only called on SSL/TLS servers with the session id @@ -74,14 +74,14 @@ B<data>. With the parameter B<copy> the callback can require the SSL engine to increment the reference count of the SSL_SESSION object, Normally the reference count is not incremented and therefore the session must not be explicitly freed with -L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>. +L<SSL_SESSION_free(3)>. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)>, -L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>, -L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>, -L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>, -L<SSL_CTX_free(3)|SSL_CTX_free(3)> +L<ssl(3)>, L<d2i_SSL_SESSION(3)>, +L<SSL_CTX_set_session_cache_mode(3)>, +L<SSL_CTX_flush_sessions(3)>, +L<SSL_SESSION_free(3)>, +L<SSL_CTX_free(3)> =cut diff --git a/doc/ssl/SSL_CTX_sessions.pod b/doc/ssl/SSL_CTX_sessions.pod index e05aab3c1b..0099b31984 100644 --- a/doc/ssl/SSL_CTX_sessions.pod +++ b/doc/ssl/SSL_CTX_sessions.pod @@ -18,17 +18,17 @@ internal session cache for B<ctx>. =head1 NOTES The sessions in the internal session cache are kept in an -L<lhash(3)|lhash(3)> type database. It is possible to directly +L<lhash(3)> type database. It is possible to directly access this database e.g. for searching. In parallel, the sessions form a linked list which is maintained separately from the -L<lhash(3)|lhash(3)> operations, so that the database must not be +L<lhash(3)> operations, so that the database must not be modified directly but by using the -L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)> family of functions. +L<SSL_CTX_add_session(3)> family of functions. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, L<lhash(3)|lhash(3)>, -L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)>, -L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)> +L<ssl(3)>, L<lhash(3)>, +L<SSL_CTX_add_session(3)>, +L<SSL_CTX_set_session_cache_mode(3)> =cut diff --git a/doc/ssl/SSL_CTX_set1_curves.pod b/doc/ssl/SSL_CTX_set1_curves.pod index 18d0c9ac39..e2d4803e00 100644 --- a/doc/ssl/SSL_CTX_set1_curves.pod +++ b/doc/ssl/SSL_CTX_set1_curves.pod @@ -94,7 +94,7 @@ returns -1. =head1 SEE ALSO -L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)> +L<SSL_CTX_add_extra_chain_cert(3)> =head1 HISTORY diff --git a/doc/ssl/SSL_CTX_set1_sigalgs.pod b/doc/ssl/SSL_CTX_set1_sigalgs.pod index b263160f5b..5786ea1dc1 100644 --- a/doc/ssl/SSL_CTX_set1_sigalgs.pod +++ b/doc/ssl/SSL_CTX_set1_sigalgs.pod @@ -98,7 +98,7 @@ All these functions return 1 for success and 0 for failure. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, L<SSL_get_shared_sigalgs(3)|SSL_get_shared_sigalgs(3)>, -L<SSL_CONF_CTX_new(3)|SSL_CONF_CTX_new(3)> +L<ssl(3)>, L<SSL_get_shared_sigalgs(3)>, +L<SSL_CONF_CTX_new(3)> =cut diff --git a/doc/ssl/SSL_CTX_set1_verify_cert_store.pod b/doc/ssl/SSL_CTX_set1_verify_cert_store.pod index 493cca4819..af09f889f8 100644 --- a/doc/ssl/SSL_CTX_set1_verify_cert_store.pod +++ b/doc/ssl/SSL_CTX_set1_verify_cert_store.pod @@ -55,8 +55,8 @@ The chain store is used to build the certificate chain. If the mode B<SSL_MODE_NO_AUTO_CHAIN> is set or a certificate chain is configured already (for example using the functions such as -L<SSL_CTX_add1_chain_cert(3)|SSL_CTX_add1_chain_cert(3)> or -L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>) then +L<SSL_CTX_add1_chain_cert(3)> or +L<SSL_CTX_add_extra_chain_cert(3)>) then automatic chain building is disabled. If the mode B<SSL_MODE_NO_AUTO_CHAIN> is set then automatic chain building @@ -72,17 +72,17 @@ All these functions return 1 for success and 0 for failure. =head1 SEE ALSO -L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)> -L<SSL_CTX_set0_chain(3)|SSL_CTX_set0_chain(3)> -L<SSL_CTX_set1_chain(3)|SSL_CTX_set1_chain(3)> -L<SSL_CTX_add0_chain_cert(3)|SSL_CTX_add0_chain_cert(3)> -L<SSL_CTX_add1_chain_cert(3)|SSL_CTX_add1_chain_cert(3)> -L<SSL_set0_chain(3)|SSL_set0_chain(3)> -L<SSL_set1_chain(3)|SSL_set1_chain(3)> -L<SSL_add0_chain_cert(3)|SSL_add0_chain_cert(3)> -L<SSL_add1_chain_cert(3)|SSL_add1_chain_cert(3)> -L<SSL_CTX_build_cert_chain(3)|SSL_CTX_build_cert_chain(3)> -L<SSL_build_cert_chain(3)|SSL_build_cert_chain(3)> +L<SSL_CTX_add_extra_chain_cert(3)> +L<SSL_CTX_set0_chain(3)> +L<SSL_CTX_set1_chain(3)> +L<SSL_CTX_add0_chain_cert(3)> +L<SSL_CTX_add1_chain_cert(3)> +L<SSL_set0_chain(3)> +L<SSL_set1_chain(3)> +L<SSL_add0_chain_cert(3)> +L<SSL_add1_chain_cert(3)> +L<SSL_CTX_build_cert_chain(3)> +L<SSL_build_cert_chain(3)> =head1 HISTORY diff --git a/doc/ssl/SSL_CTX_set_cert_cb.pod b/doc/ssl/SSL_CTX_set_cert_cb.pod index 1677ff0724..77fdb95a66 100644 --- a/doc/ssl/SSL_CTX_set_cert_cb.pod +++ b/doc/ssl/SSL_CTX_set_cert_cb.pod @@ -27,7 +27,7 @@ the callback is successful it B<MUST> return 1 even if no certificates have been set. A zero is returned on error which will abort the handshake with a fatal internal error alert. A negative return value will suspend the handshake and the handshake function will return immediately. -L<SSL_get_error(3)|SSL_get_error(3)> will return SSL_ERROR_WANT_X509_LOOKUP to +L<SSL_get_error(3)> will return SSL_ERROR_WANT_X509_LOOKUP to indicate, that the handshake was suspended. The next call to the handshake function will again lead to the call of cert_cb(). It is the job of the cert_cb() to store information about the state of the last call, @@ -60,9 +60,9 @@ support it will B<not> be used. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, L<SSL_use_certificate(3)|SSL_use_certificate(3)>, -L<SSL_add1_chain_cert(3)|SSL_add1_chain_cert(3)>, -L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>, -L<SSL_clear(3)|SSL_clear(3)>, L<SSL_free(3)|SSL_free(3)> +L<ssl(3)>, L<SSL_use_certificate(3)>, +L<SSL_add1_chain_cert(3)>, +L<SSL_get_client_CA_list(3)>, +L<SSL_clear(3)>, L<SSL_free(3)> =cut diff --git a/doc/ssl/SSL_CTX_set_cert_store.pod b/doc/ssl/SSL_CTX_set_cert_store.pod index 846416e069..03a0937d59 100644 --- a/doc/ssl/SSL_CTX_set_cert_store.pod +++ b/doc/ssl/SSL_CTX_set_cert_store.pod @@ -28,17 +28,17 @@ via lookup methods, handled inside the X509_STORE. From the X509_STORE the X509_STORE_CTX used when verifying certificates is created. Typically the trusted certificate store is handled indirectly via using -L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>. +L<SSL_CTX_load_verify_locations(3)>. Using the SSL_CTX_set_cert_store() and SSL_CTX_get_cert_store() functions it is possible to manipulate the X509_STORE object beyond the -L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)> +L<SSL_CTX_load_verify_locations(3)> call. Currently no detailed documentation on how to use the X509_STORE object is available. Not all members of the X509_STORE are used when the verification takes place. So will e.g. the verify_callback() be overridden with the verify_callback() set via the -L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)> family of functions. +L<SSL_CTX_set_verify(3)> family of functions. This document must therefore be updated when documentation about the X509_STORE object and its handling becomes available. @@ -57,8 +57,8 @@ SSL_CTX_get_cert_store() returns the current setting. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, -L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>, -L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)> +L<ssl(3)>, +L<SSL_CTX_load_verify_locations(3)>, +L<SSL_CTX_set_verify(3)> =cut diff --git a/doc/ssl/SSL_CTX_set_cert_verify_callback.pod b/doc/ssl/SSL_CTX_set_cert_verify_callback.pod index c0f4f85708..8b802ab3ac 100644 --- a/doc/ssl/SSL_CTX_set_cert_verify_callback.pod +++ b/doc/ssl/SSL_CTX_set_cert_verify_callback.pod @@ -14,7 +14,7 @@ SSL_CTX_set_cert_verify_callback - set peer certificate verification procedure SSL_CTX_set_cert_verify_callback() sets the verification callback function for I<ctx>. SSL objects that are created from I<ctx> inherit the setting valid at -the time when L<SSL_new(3)|SSL_new(3)> is called. +the time when L<SSL_new(3)> is called. =head1 NOTES @@ -38,13 +38,13 @@ member of I<x509_store_ctx> so that the calling application will be informed about the detailed result of the verification procedure! Within I<x509_store_ctx>, I<callback> has access to the I<verify_callback> -function set using L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>. +function set using L<SSL_CTX_set_verify(3)>. =head1 WARNINGS Do not mix the verification callback described in this function with the B<verify_callback> function called during the verification process. The -latter is set using the L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)> +latter is set using the L<SSL_CTX_set_verify(3)> family of functions. Providing a complete verification procedure including certificate purpose @@ -60,9 +60,9 @@ SSL_CTX_set_cert_verify_callback() does not provide diagnostic information. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>, -L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>, -L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)> +L<ssl(3)>, L<SSL_CTX_set_verify(3)>, +L<SSL_get_verify_result(3)>, +L<SSL_CTX_load_verify_locations(3)> =head1 HISTORY diff --git a/doc/ssl/SSL_CTX_set_cipher_list.pod b/doc/ssl/SSL_CTX_set_cipher_list.pod index c2c349f65e..ccd10c820a 100644 --- a/doc/ssl/SSL_CTX_set_cipher_list.pod +++ b/doc/ssl/SSL_CTX_set_cipher_list.pod @@ -15,7 +15,7 @@ SSL_CTX_set_cipher_list, SSL_set_cipher_list - choose list of available SSL_CIPH SSL_CTX_set_cipher_list() sets the list of available ciphers for B<ctx> using the control string B<str>. The format of the string is described -in L<ciphers(1)|ciphers(1)>. The list of ciphers is inherited by all +in L<ciphers(1)>. The list of ciphers is inherited by all B<ssl> objects created from B<ctx>. SSL_set_cipher_list() sets the list of ciphers only for B<ssl>. @@ -40,13 +40,13 @@ A RSA cipher can only be chosen, when a RSA certificate is available. RSA export ciphers with a keylength of 512 bits for the RSA key require a temporary 512 bit RSA key, as typically the supplied key has a length of 1024 bit (see -L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>). +L<SSL_CTX_set_tmp_rsa_callback(3)>). RSA ciphers using DHE need a certificate and key and additional DH-parameters -(see L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>). +(see L<SSL_CTX_set_tmp_dh_callback(3)>). A DSA cipher can only be chosen, when a DSA certificate is available. DSA ciphers always use DH key exchange and therefore need DH-parameters -(see L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>). +(see L<SSL_CTX_set_tmp_dh_callback(3)>). When these conditions are not met for any cipher in the list (e.g. a client only supports export RSA ciphers with a asymmetric key length @@ -61,10 +61,10 @@ could be selected and 0 on complete failure. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>, -L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>, -L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>, -L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>, -L<ciphers(1)|ciphers(1)> +L<ssl(3)>, L<SSL_get_ciphers(3)>, +L<SSL_CTX_use_certificate(3)>, +L<SSL_CTX_set_tmp_rsa_callback(3)>, +L<SSL_CTX_set_tmp_dh_callback(3)>, +L<ciphers(1)> =cut diff --git a/doc/ssl/SSL_CTX_set_client_CA_list.pod b/doc/ssl/SSL_CTX_set_client_CA_list.pod index 4965385e97..cc05d77bc2 100644 --- a/doc/ssl/SSL_CTX_set_client_CA_list.pod +++ b/doc/ssl/SSL_CTX_set_client_CA_list.pod @@ -42,11 +42,11 @@ This list must explicitly be set using SSL_CTX_set_client_CA_list() for B<ctx> and SSL_set_client_CA_list() for the specific B<ssl>. The list specified overrides the previous setting. The CAs listed do not become trusted (B<list> only contains the names, not the complete certificates); use -L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)> +L<SSL_CTX_load_verify_locations(3)> to additionally load them for verification. If the list of acceptable CAs is compiled in a file, the -L<SSL_load_client_CA_file(3)|SSL_load_client_CA_file(3)> +L<SSL_load_client_CA_file(3)> function can be used to help importing the necessary data. SSL_CTX_add_client_CA() and SSL_add_client_CA() can be used to add additional @@ -86,9 +86,9 @@ Scan all certificates in B<CAfile> and list them as acceptable CAs: =head1 SEE ALSO -L<ssl(3)|ssl(3)>, -L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>, -L<SSL_load_client_CA_file(3)|SSL_load_client_CA_file(3)>, -L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)> +L<ssl(3)>, +L<SSL_get_client_CA_list(3)>, +L<SSL_load_client_CA_file(3)>, +L<SSL_CTX_load_verify_locations(3)> =cut diff --git a/doc/ssl/SSL_CTX_set_client_cert_cb.pod b/doc/ssl/SSL_CTX_set_client_cert_cb.pod index d0df69a9bc..1b5f5f1a83 100644 --- a/doc/ssl/SSL_CTX_set_client_cert_cb.pod +++ b/doc/ssl/SSL_CTX_set_client_cert_cb.pod @@ -29,7 +29,7 @@ using the B<x509> and B<pkey> arguments and "1" must be returned. The certificate will be installed into B<ssl>, see the NOTES and BUGS sections. If no certificate should be set, "0" has to be returned and no certificate will be sent. A negative return value will suspend the handshake and the -handshake function will return immediately. L<SSL_get_error(3)|SSL_get_error(3)> +handshake function will return immediately. L<SSL_get_error(3)> will return SSL_ERROR_WANT_X509_LOOKUP to indicate, that the handshake was suspended. The next call to the handshake function will again lead to the call of client_cert_cb(). It is the job of the client_cert_cb() to store information @@ -42,7 +42,7 @@ from the client. A client certificate must only be sent, when the server did send the request. When a certificate was set using the -L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)> family of functions, +L<SSL_CTX_use_certificate(3)> family of functions, it will be sent to the server. The TLS standard requires that only a certificate is sent, if it matches the list of acceptable CAs sent by the server. This constraint is violated by the default behavior of the OpenSSL @@ -56,7 +56,7 @@ If the callback function returns a certificate, the OpenSSL library will try to load the private key and certificate data into the SSL object using the SSL_use_certificate() and SSL_use_private_key() functions. Thus it will permanently install the certificate and key for this SSL -object. It will not be reset by calling L<SSL_clear(3)|SSL_clear(3)>. +object. It will not be reset by calling L<SSL_clear(3)>. If the callback returns no certificate, the OpenSSL library will not send a certificate. @@ -72,7 +72,7 @@ either adding the intermediate CA certificates into the trusted certificate store for the SSL_CTX object (resulting in having to add CA certificates that otherwise maybe would not be trusted), or by adding the chain certificates using the -L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)> +L<SSL_CTX_add_extra_chain_cert(3)> function, which is only available for the SSL_CTX object as a whole and that therefore probably can only apply for one client certificate, making the concept of the callback function (to allow the choice from several @@ -80,15 +80,15 @@ certificates) questionable. Once the SSL object has been used in conjunction with the callback function, the certificate will be set for the SSL object and will not be cleared -even when L<SSL_clear(3)|SSL_clear(3)> is being called. It is therefore -mandatory to destroy the SSL object using L<SSL_free(3)|SSL_free(3)> +even when L<SSL_clear(3)> is being called. It is therefore +mandatory to destroy the SSL object using L<SSL_free(3)> and create a new one to return to the previous state. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>, -L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>, -L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>, -L<SSL_clear(3)|SSL_clear(3)>, L<SSL_free(3)|SSL_free(3)> +L<ssl(3)>, L<SSL_CTX_use_certificate(3)>, +L<SSL_CTX_add_extra_chain_cert(3)>, +L<SSL_get_client_CA_list(3)>, +L<SSL_clear(3)>, L<SSL_free(3)> =cut diff --git a/doc/ssl/SSL_CTX_set_default_passwd_cb.pod b/doc/ssl/SSL_CTX_set_default_passwd_cb.pod index 2b87f01ca1..945513984b 100644 --- a/doc/ssl/SSL_CTX_set_default_passwd_cb.pod +++ b/doc/ssl/SSL_CTX_set_default_passwd_cb.pod @@ -70,7 +70,7 @@ truncated. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, -L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)> +L<ssl(3)>, +L<SSL_CTX_use_certificate(3)> =cut diff --git a/doc/ssl/SSL_CTX_set_generate_session_id.pod b/doc/ssl/SSL_CTX_set_generate_session_id.pod index cd72572b27..f66e3149c5 100644 --- a/doc/ssl/SSL_CTX_set_generate_session_id.pod +++ b/doc/ssl/SSL_CTX_set_generate_session_id.pod @@ -121,7 +121,7 @@ same id is already in the cache. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, L<SSL_get_version(3)|SSL_get_version(3)> +L<ssl(3)>, L<SSL_get_version(3)> =head1 HISTORY diff --git a/doc/ssl/SSL_CTX_set_info_callback.pod b/doc/ssl/SSL_CTX_set_info_callback.pod index e1e96a9525..978ce265da 100644 --- a/doc/ssl/SSL_CTX_set_info_callback.pod +++ b/doc/ssl/SSL_CTX_set_info_callback.pod @@ -93,10 +93,10 @@ Callback has been called because a handshake is finished. =back The current state information can be obtained using the -L<SSL_state_string(3)|SSL_state_string(3)> family of functions. +L<SSL_state_string(3)> family of functions. The B<ret> information can be evaluated using the -L<SSL_alert_type_string(3)|SSL_alert_type_string(3)> family of functions. +L<SSL_alert_type_string(3)> family of functions. =head1 RETURN VALUES @@ -147,7 +147,7 @@ about alerts being handled and error messages to the B<bio_err> BIO. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, L<SSL_state_string(3)|SSL_state_string(3)>, -L<SSL_alert_type_string(3)|SSL_alert_type_string(3)> +L<ssl(3)>, L<SSL_state_string(3)>, +L<SSL_alert_type_string(3)> =cut diff --git a/doc/ssl/SSL_CTX_set_max_cert_list.pod b/doc/ssl/SSL_CTX_set_max_cert_list.pod index c2bbda3515..1f66b82f90 100644 --- a/doc/ssl/SSL_CTX_set_max_cert_list.pod +++ b/doc/ssl/SSL_CTX_set_max_cert_list.pod @@ -19,7 +19,7 @@ SSL_CTX_set_max_cert_list, SSL_CTX_get_max_cert_list, SSL_set_max_cert_list, SSL SSL_CTX_set_max_cert_list() sets the maximum size allowed for the peer's certificate chain for all SSL objects created from B<ctx> to be <size> bytes. The SSL objects inherit the setting valid for B<ctx> at the time -L<SSL_new(3)|SSL_new(3)> is being called. +L<SSL_new(3)> is being called. SSL_CTX_get_max_cert_list() returns the currently set maximum size for B<ctx>. @@ -41,7 +41,7 @@ chain is set. The default value for the maximum certificate chain size is 100kB (30kB on the 16bit DOS platform). This should be sufficient for usual certificate chains (OpenSSL's default maximum chain length is 10, see -L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>, and certificates +L<SSL_CTX_set_verify(3)>, and certificates without special extensions have a typical size of 1-2kB). For special applications it can be necessary to extend the maximum certificate @@ -67,8 +67,8 @@ set value. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, -L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)> +L<ssl(3)>, L<SSL_new(3)>, +L<SSL_CTX_set_verify(3)> =head1 HISTORY diff --git a/doc/ssl/SSL_CTX_set_mode.pod b/doc/ssl/SSL_CTX_set_mode.pod index a109f343ea..92706e5ef4 100644 --- a/doc/ssl/SSL_CTX_set_mode.pod +++ b/doc/ssl/SSL_CTX_set_mode.pod @@ -52,7 +52,7 @@ non-blocking write(). Never bother the application with retries if the transport is blocking. If a renegotiation take place during normal operation, a -L<SSL_read(3)|SSL_read(3)> or L<SSL_write(3)|SSL_write(3)> would return +L<SSL_read(3)> or L<SSL_write(3)> would return with -1 and indicate the need to retry with SSL_ERROR_WANT_READ. In a non-blocking environment applications must be prepared to handle incomplete read/write operations. @@ -90,7 +90,7 @@ SSL_CTX_get_mode() and SSL_get_mode() return the current bitmask. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, L<SSL_read(3)|SSL_read(3)>, L<SSL_write(3)|SSL_write(3)> +L<ssl(3)>, L<SSL_read(3)>, L<SSL_write(3)> =head1 HISTORY diff --git a/doc/ssl/SSL_CTX_set_msg_callback.pod b/doc/ssl/SSL_CTX_set_msg_callback.pod index 8b82d94a38..07498e3b8a 100644 --- a/doc/ssl/SSL_CTX_set_msg_callback.pod +++ b/doc/ssl/SSL_CTX_set_msg_callback.pod @@ -25,7 +25,7 @@ available for arbitrary application use. SSL_CTX_set_msg_callback() and SSL_CTX_set_msg_callback_arg() specify default settings that will be copied to new B<SSL> objects by -L<SSL_new(3)|SSL_new(3)>. SSL_set_msg_callback() and +L<SSL_new(3)>. SSL_set_msg_callback() and SSL_set_msg_callback_arg() modify the actual settings of an B<SSL> object. Using a B<0> pointer for I<cb> disables the message callback. @@ -89,7 +89,7 @@ I<version> will be B<SSL3_VERSION>. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)> +L<ssl(3)>, L<SSL_new(3)> =head1 HISTORY diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod index 84dde2805e..519d01f5e0 100644 --- a/doc/ssl/SSL_CTX_set_options.pod +++ b/doc/ssl/SSL_CTX_set_options.pod @@ -50,7 +50,7 @@ operation (|). SSL_CTX_set_options() and SSL_set_options() affect the (external) protocol behaviour of the SSL library. The (internal) behaviour of the API can be changed by using the similar -L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)> and SSL_set_mode() functions. +L<SSL_CTX_set_mode(3)> and SSL_set_mode() functions. During a handshake, the option settings of the SSL object are used. When a new SSL object is created from a context using SSL_new(), the current @@ -136,10 +136,10 @@ to the server's answer and violate the version rollback protection.) =item SSL_OP_SINGLE_DH_USE Always create a new key when using temporary/ephemeral DH parameters -(see L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>). +(see L<SSL_CTX_set_tmp_dh_callback(3)>). This option must be used to prevent small subgroup attacks, when the DH parameters were not generated using "strong" primes -(e.g. when using DSA-parameters, see L<dhparam(1)|dhparam(1)>). +(e.g. when using DSA-parameters, see L<dhparam(1)>). If "strong" primes were used, it is not strictly necessary to generate a new DH key during each handshake but it is also recommended. B<SSL_OP_SINGLE_DH_USE> should therefore be enabled whenever @@ -296,10 +296,10 @@ secure renegotiation and 0 if it does not. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_clear(3)|SSL_clear(3)>, -L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>, -L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>, -L<dhparam(1)|dhparam(1)> +L<ssl(3)>, L<SSL_new(3)>, L<SSL_clear(3)>, +L<SSL_CTX_set_tmp_dh_callback(3)>, +L<SSL_CTX_set_tmp_rsa_callback(3)>, +L<dhparam(1)> =head1 HISTORY diff --git a/doc/ssl/SSL_CTX_set_quiet_shutdown.pod b/doc/ssl/SSL_CTX_set_quiet_shutdown.pod index 393f8ff0b4..25bb664867 100644 --- a/doc/ssl/SSL_CTX_set_quiet_shutdown.pod +++ b/doc/ssl/SSL_CTX_set_quiet_shutdown.pod @@ -18,14 +18,14 @@ SSL_CTX_set_quiet_shutdown, SSL_CTX_get_quiet_shutdown, SSL_set_quiet_shutdown, SSL_CTX_set_quiet_shutdown() sets the "quiet shutdown" flag for B<ctx> to be B<mode>. SSL objects created from B<ctx> inherit the B<mode> valid at the time -L<SSL_new(3)|SSL_new(3)> is called. B<mode> may be 0 or 1. +L<SSL_new(3)> is called. B<mode> may be 0 or 1. SSL_CTX_get_quiet_shutdown() returns the "quiet shutdown" setting of B<ctx>. SSL_set_quiet_shutdown() sets the "quiet shutdown" flag for B<ssl> to be B<mode>. The setting stays valid until B<ssl> is removed with -L<SSL_free(3)|SSL_free(3)> or SSL_set_quiet_shutdown() is called again. -It is not changed when L<SSL_clear(3)|SSL_clear(3)> is called. +L<SSL_free(3)> or SSL_set_quiet_shutdown() is called again. +It is not changed when L<SSL_clear(3)> is called. B<mode> may be 0 or 1. SSL_get_quiet_shutdown() returns the "quiet shutdown" setting of B<ssl>. @@ -33,13 +33,13 @@ SSL_get_quiet_shutdown() returns the "quiet shutdown" setting of B<ssl>. =head1 NOTES Normally when a SSL connection is finished, the parties must send out -"close notify" alert messages using L<SSL_shutdown(3)|SSL_shutdown(3)> +"close notify" alert messages using L<SSL_shutdown(3)> for a clean shutdown. -When setting the "quiet shutdown" flag to 1, L<SSL_shutdown(3)|SSL_shutdown(3)> +When setting the "quiet shutdown" flag to 1, L<SSL_shutdown(3)> will set the internal flags to SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN. -(L<SSL_shutdown(3)|SSL_shutdown(3)> then behaves like -L<SSL_set_shutdown(3)|SSL_set_shutdown(3)> called with +(L<SSL_shutdown(3)> then behaves like +L<SSL_set_shutdown(3)> called with SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.) The session is thus considered to be shutdown, but no "close notify" alert is sent to the peer. This behaviour violates the TLS standard. @@ -56,8 +56,8 @@ setting. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, L<SSL_shutdown(3)|SSL_shutdown(3)>, -L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>, L<SSL_new(3)|SSL_new(3)>, -L<SSL_clear(3)|SSL_clear(3)>, L<SSL_free(3)|SSL_free(3)> +L<ssl(3)>, L<SSL_shutdown(3)>, +L<SSL_set_shutdown(3)>, L<SSL_new(3)>, +L<SSL_clear(3)>, L<SSL_free(3)> =cut diff --git a/doc/ssl/SSL_CTX_set_read_ahead.pod b/doc/ssl/SSL_CTX_set_read_ahead.pod index 527164b072..a904a85b67 100644 --- a/doc/ssl/SSL_CTX_set_read_ahead.pod +++ b/doc/ssl/SSL_CTX_set_read_ahead.pod @@ -46,6 +46,6 @@ and non zero otherwise. =head1 SEE ALSO -L<ssl(3)|ssl(3)> +L<ssl(3)> =cut diff --git a/doc/ssl/SSL_CTX_set_session_cache_mode.pod b/doc/ssl/SSL_CTX_set_session_cache_mode.pod index c5d2f43dff..0e0ea3c519 100644 --- a/doc/ssl/SSL_CTX_set_session_cache_mode.pod +++ b/doc/ssl/SSL_CTX_set_session_cache_mode.pod @@ -37,7 +37,7 @@ the external storage if available. Since a client may try to reuse a session intended for use in a different context, the session id context must be set by the server (see -L<SSL_CTX_set_session_id_context(3)|SSL_CTX_set_session_id_context(3)>). +L<SSL_CTX_set_session_id_context(3)>). The following session cache modes and modifiers are available: @@ -53,7 +53,7 @@ Client sessions are added to the session cache. As there is no reliable way for the OpenSSL library to know whether a session should be reused or which session to choose (due to the abstract BIO layer the SSL engine does not have details about the connection), the application must select the session -to be reused by using the L<SSL_set_session(3)|SSL_set_session(3)> +to be reused by using the L<SSL_set_session(3)> function. This option is not activated by default. =item SSL_SESS_CACHE_SERVER @@ -72,10 +72,10 @@ Enable both SSL_SESS_CACHE_CLIENT and SSL_SESS_CACHE_SERVER at the same time. Normally the session cache is checked for expired sessions every 255 connections using the -L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)> function. Since +L<SSL_CTX_flush_sessions(3)> function. Since this may lead to a delay which cannot be controlled, the automatic flushing may be disabled and -L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)> can be called +L<SSL_CTX_flush_sessions(3)> can be called explicitly by the application. =item SSL_SESS_CACHE_NO_INTERNAL_LOOKUP @@ -94,7 +94,7 @@ sessions negotiated in an SSL/TLS handshake may be cached for possible reuse. Normally a new session is added to the internal cache as well as any external session caching (callback) that is configured for the SSL_CTX. This flag will prevent sessions being stored in the internal cache (though the application can -add them manually using L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)>). Note: +add them manually using L<SSL_CTX_add_session(3)>). Note: in any SSL/TLS servers where external caching is configured, any successful session lookups in the external cache (ie. for session-resume requests) would normally be copied into the local cache before processing continues - this flag @@ -119,15 +119,15 @@ SSL_CTX_get_session_cache_mode() returns the currently set cache mode. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, L<SSL_set_session(3)|SSL_set_session(3)>, -L<SSL_session_reused(3)|SSL_session_reused(3)>, -L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)>, -L<SSL_CTX_sess_number(3)|SSL_CTX_sess_number(3)>, -L<SSL_CTX_sess_set_cache_size(3)|SSL_CTX_sess_set_cache_size(3)>, -L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>, -L<SSL_CTX_set_session_id_context(3)|SSL_CTX_set_session_id_context(3)>, -L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>, -L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)> +L<ssl(3)>, L<SSL_set_session(3)>, +L<SSL_session_reused(3)>, +L<SSL_CTX_add_session(3)>, +L<SSL_CTX_sess_number(3)>, +L<SSL_CTX_sess_set_cache_size(3)>, +L<SSL_CTX_sess_set_get_cb(3)>, +L<SSL_CTX_set_session_id_context(3)>, +L<SSL_CTX_set_timeout(3)>, +L<SSL_CTX_flush_sessions(3)> =head1 HISTORY diff --git a/doc/ssl/SSL_CTX_set_session_id_context.pod b/doc/ssl/SSL_CTX_set_session_id_context.pod index 7c9e515336..712b5180b8 100644 --- a/doc/ssl/SSL_CTX_set_session_id_context.pod +++ b/doc/ssl/SSL_CTX_set_session_id_context.pod @@ -78,6 +78,6 @@ The operation succeeded. =head1 SEE ALSO -L<ssl(3)|ssl(3)> +L<ssl(3)> =cut diff --git a/doc/ssl/SSL_CTX_set_ssl_version.pod b/doc/ssl/SSL_CTX_set_ssl_version.pod index e254f9657b..5bbc65ef10 100644 --- a/doc/ssl/SSL_CTX_set_ssl_version.pod +++ b/doc/ssl/SSL_CTX_set_ssl_version.pod @@ -17,8 +17,8 @@ SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method SSL_CTX_set_ssl_version() sets a new default TLS/SSL B<method> for SSL objects newly created from this B<ctx>. SSL objects already created with -L<SSL_new(3)|SSL_new(3)> are not affected, except when -L<SSL_clear(3)|SSL_clear(3)> is being called. +L<SSL_new(3)> are not affected, except when +L<SSL_clear(3)> is being called. SSL_set_ssl_method() sets a new TLS/SSL B<method> for a particular B<ssl> object. It may be reset, when SSL_clear() is called. @@ -29,9 +29,9 @@ set in B<ssl>. =head1 NOTES The available B<method> choices are described in -L<SSL_CTX_new(3)|SSL_CTX_new(3)>. +L<SSL_CTX_new(3)>. -When L<SSL_clear(3)|SSL_clear(3)> is called and no session is connected to +When L<SSL_clear(3)> is called and no session is connected to an SSL object, the method of the SSL object is reset to the method currently set in the corresponding SSL_CTX object. @@ -54,8 +54,8 @@ The operation succeeded. =head1 SEE ALSO -L<SSL_CTX_new(3)|SSL_CTX_new(3)>, L<SSL_new(3)|SSL_new(3)>, -L<SSL_clear(3)|SSL_clear(3)>, L<ssl(3)|ssl(3)>, -L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> +L<SSL_CTX_new(3)>, L<SSL_new(3)>, +L<SSL_clear(3)>, L<ssl(3)>, +L<SSL_set_connect_state(3)> =cut diff --git a/doc/ssl/SSL_CTX_set_timeout.pod b/doc/ssl/SSL_CTX_set_timeout.pod index e3de27c473..eb9f40460d 100644 --- a/doc/ssl/SSL_CTX_set_timeout.pod +++ b/doc/ssl/SSL_CTX_set_timeout.pod @@ -30,15 +30,15 @@ valid at the time of the session negotiation. Changes of the timeout value do not affect already established sessions. The expiration time of a single session can be modified using the -L<SSL_SESSION_get_time(3)|SSL_SESSION_get_time(3)> family of functions. +L<SSL_SESSION_get_time(3)> family of functions. Expired sessions are removed from the internal session cache, whenever -L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)> is called, either +L<SSL_CTX_flush_sessions(3)> is called, either directly by the application or automatically (see -L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>) +L<SSL_CTX_set_session_cache_mode(3)>) The default value for session timeout is decided on a per protocol -basis, see L<SSL_get_default_timeout(3)|SSL_get_default_timeout(3)>. +basis, see L<SSL_get_default_timeout(3)>. All currently supported protocols have the same default timeout value of 300 seconds. @@ -50,10 +50,10 @@ SSL_CTX_get_timeout() returns the currently set timeout value. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, -L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>, -L<SSL_SESSION_get_time(3)|SSL_SESSION_get_time(3)>, -L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>, -L<SSL_get_default_timeout(3)|SSL_get_default_timeout(3)> +L<ssl(3)>, +L<SSL_CTX_set_session_cache_mode(3)>, +L<SSL_SESSION_get_time(3)>, +L<SSL_CTX_flush_sessions(3)>, +L<SSL_get_default_timeout(3)> =cut diff --git a/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod b/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod index 4e9fd843fc..1169e9b2e2 100644 --- a/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod +++ b/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod @@ -178,12 +178,12 @@ returns 0 to indicate the callback function was set. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, L<SSL_set_session(3)|SSL_set_session(3)>, -L<SSL_session_reused(3)|SSL_session_reused(3)>, -L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)>, -L<SSL_CTX_sess_number(3)|SSL_CTX_sess_number(3)>, -L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>, -L<SSL_CTX_set_session_id_context(3)|SSL_CTX_set_session_id_context(3)>, +L<ssl(3)>, L<SSL_set_session(3)>, +L<SSL_session_reused(3)>, +L<SSL_CTX_add_session(3)>, +L<SSL_CTX_sess_number(3)>, +L<SSL_CTX_sess_set_get_cb(3)>, +L<SSL_CTX_set_session_id_context(3)>, =head1 HISTORY diff --git a/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod b/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod index 64c8b65276..3e08b88203 100644 --- a/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod +++ b/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod @@ -74,14 +74,14 @@ DH parameters can be reused, as the actual key is newly generated during the negotiation. The risk in reusing DH parameters is that an attacker may specialize on a very often used DH group. Applications should therefore generate their own DH parameters during the installation process using the -openssl L<dhparam(1)|dhparam(1)> application. This application +openssl L<dhparam(1)> application. This application guarantees that "strong" primes are used. Files dh2048.pem, and dh4096.pem in the 'apps' directory of the current version of the OpenSSL distribution contain the 'SKIP' DH parameters, which use safe primes and were generated verifiably pseudo-randomly. These files can be converted into C code using the B<-C> option of the -L<dhparam(1)|dhparam(1)> application. Generation of custom DH +L<dhparam(1)> application. Generation of custom DH parameters during installation should still be preferred to stop an attacker from specializing on a commonly used group. File dh1024.pem contains old parameters that must not be used by applications. @@ -140,9 +140,9 @@ on failure. Check the error queue to find out the reason of failure. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>, -L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>, -L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>, -L<ciphers(1)|ciphers(1)>, L<dhparam(1)|dhparam(1)> +L<ssl(3)>, L<SSL_CTX_set_cipher_list(3)>, +L<SSL_CTX_set_tmp_rsa_callback(3)>, +L<SSL_CTX_set_options(3)>, +L<ciphers(1)>, L<dhparam(1)> =cut diff --git a/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod b/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod index 94c55b8045..296699d8f0 100644 --- a/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod +++ b/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod @@ -72,7 +72,7 @@ violates the standard and can break interoperability with clients. It is therefore strongly recommended to not use ephemeral RSA key exchange and use DHE (Ephemeral Diffie-Hellman) key exchange instead in order to achieve forward secrecy (see -L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>). +L<SSL_CTX_set_tmp_dh_callback(3)>). An application may either directly specify the key or can supply the key via a callback function. The callback approach has the advantage, that the callback @@ -151,9 +151,9 @@ RSA key is needed and 0 otherwise. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>, -L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>, -L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>, -L<SSL_new(3)|SSL_new(3)>, L<ciphers(1)|ciphers(1)> +L<ssl(3)>, L<SSL_CTX_set_cipher_list(3)>, +L<SSL_CTX_set_options(3)>, +L<SSL_CTX_set_tmp_dh_callback(3)>, +L<SSL_new(3)>, L<ciphers(1)> =cut diff --git a/doc/ssl/SSL_CTX_set_verify.pod b/doc/ssl/SSL_CTX_set_verify.pod index b6ba6bb51c..5da4166949 100644 --- a/doc/ssl/SSL_CTX_set_verify.pod +++ b/doc/ssl/SSL_CTX_set_verify.pod @@ -29,7 +29,7 @@ shall be specified, the NULL pointer can be used for B<verify_callback>. In this case last B<verify_callback> set specifically for this B<ssl> remains. If no special B<callback> was set before, the default callback for the underlying B<ctx> is used, that was valid at the time B<ssl> was created with -L<SSL_new(3)|SSL_new(3)>. +L<SSL_new(3)>. SSL_CTX_set_verify_depth() sets the maximum B<depth> for the certificate chain verification that shall be allowed for B<ctx>. (See the BUGS section.) @@ -52,7 +52,7 @@ client, so the client will not send a certificate. B<Client mode:> if not using an anonymous cipher (by default disabled), the server will send a certificate which will be checked. The result of the certificate verification process can be checked after the TLS/SSL handshake -using the L<SSL_get_verify_result(3)|SSL_get_verify_result(3)> function. +using the L<SSL_get_verify_result(3)> function. The handshake will be continued regardless of the verification result. =item SSL_VERIFY_PEER @@ -95,7 +95,7 @@ set at any time. The actual verification procedure is performed either using the built-in verification procedure or using another application provided verification function set with -L<SSL_CTX_set_cert_verify_callback(3)|SSL_CTX_set_cert_verify_callback(3)>. +L<SSL_CTX_set_cert_verify_callback(3)>. The following descriptions apply in the case of the built-in procedure. An application provided procedure also has access to the verify depth information and the verify_callback() function, but the way this information is used @@ -138,7 +138,7 @@ the verification process is continued. If B<verify_callback> always returns 1, the TLS/SSL handshake will not be terminated with respect to verification failures and the connection will be established. The calling process can however retrieve the error code of the last verification error using -L<SSL_get_verify_result(3)|SSL_get_verify_result(3)> or by maintaining its +L<SSL_get_verify_result(3)> or by maintaining its own error storage managed by B<verify_callback>. If no B<verify_callback> is specified, the default callback will be used. @@ -176,8 +176,8 @@ certificates. The example makes use of the ex_data technique to store application data into/retrieve application data from the SSL structure -(see L<SSL_get_ex_new_index(3)|SSL_get_ex_new_index(3)>, -L<SSL_get_ex_data_X509_STORE_CTX_idx(3)|SSL_get_ex_data_X509_STORE_CTX_idx(3)>). +(see L<SSL_get_ex_new_index(3)>, +L<SSL_get_ex_data_X509_STORE_CTX_idx(3)>). ... typedef struct { @@ -282,13 +282,13 @@ L<SSL_get_ex_data_X509_STORE_CTX_idx(3)|SSL_get_ex_data_X509_STORE_CTX_idx(3)>). =head1 SEE ALSO -L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, -L<SSL_CTX_get_verify_mode(3)|SSL_CTX_get_verify_mode(3)>, -L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>, -L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>, -L<SSL_get_peer_certificate(3)|SSL_get_peer_certificate(3)>, -L<SSL_CTX_set_cert_verify_callback(3)|SSL_CTX_set_cert_verify_callback(3)>, -L<SSL_get_ex_data_X509_STORE_CTX_idx(3)|SSL_get_ex_data_X509_STORE_CTX_idx(3)>, -L<SSL_get_ex_new_index(3)|SSL_get_ex_new_index(3)> +L<ssl(3)>, L<SSL_new(3)>, +L<SSL_CTX_get_verify_mode(3)>, +L<SSL_get_verify_result(3)>, +L<SSL_CTX_load_verify_locations(3)>, +L<SSL_get_peer_certificate(3)>, +L<SSL_CTX_set_cert_verify_callback(3)>, +L<SSL_get_ex_data_X509_STORE_CTX_idx(3)>, +L<SSL_get_ex_new_index(3)> =cut diff --git a/doc/ssl/SSL_CTX_use_certificate.pod b/doc/ssl/SSL_CTX_use_certificate.pod index 6514d015f8..76c4883ad0 100644 --- a/doc/ssl/SSL_CTX_use_certificate.pod +++ b/doc/ssl/SSL_CTX_use_certificate.pod @@ -42,18 +42,18 @@ or SSL object, respectively. The SSL_CTX_* class of functions loads the certificates and keys into the SSL_CTX object B<ctx>. The information is passed to SSL objects B<ssl> -created from B<ctx> with L<SSL_new(3)|SSL_new(3)> by copying, so that +created from B<ctx> with L<SSL_new(3)> by copying, so that changes applied to B<ctx> do not propagate to already existing SSL objects. The SSL_* class of functions only loads certificates and keys into a specific SSL object. The specific information is kept, when -L<SSL_clear(3)|SSL_clear(3)> is called for this SSL object. +L<SSL_clear(3)> is called for this SSL object. SSL_CTX_use_certificate() loads the certificate B<x> into B<ctx>, SSL_use_certificate() loads B<x> into B<ssl>. The rest of the certificates needed to form the complete certificate chain can be specified using the -L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)> +L<SSL_CTX_add_extra_chain_cert(3)> function. SSL_CTX_use_certificate_ASN1() loads the ASN1 encoded certificate from @@ -112,7 +112,7 @@ this B<ssl>, the last item added into B<ctx> will be checked. The internal certificate store of OpenSSL can hold several private key/certificate pairs at a time. The certificate used depends on the -cipher selected, see also L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>. +cipher selected, see also L<SSL_CTX_set_cipher_list(3)>. When reading certificates and private keys from file, files of type SSL_FILETYPE_ASN1 (also known as B<DER>, binary encoding) can only contain @@ -122,7 +122,7 @@ Files of type SSL_FILETYPE_PEM can contain more than one item. SSL_CTX_use_certificate_chain_file() adds the first certificate found in the file to the certificate store. The other certificates are added -to the store of chain certificates using L<SSL_CTX_add1_chain_cert(3)|SSL_CTX_add1_chain_cert(3)>. Note: versions of OpenSSL before 1.0.2 only had a single +to the store of chain certificates using L<SSL_CTX_add1_chain_cert(3)>. Note: versions of OpenSSL before 1.0.2 only had a single certificate chain store for all certificate types, OpenSSL 1.0.2 and later have a separate chain store for each type. SSL_CTX_use_certificate_chain_file() should be used instead of the SSL_CTX_use_certificate_file() function in order @@ -133,12 +133,12 @@ the trusted CA storage. If additional certificates are needed to complete the chain during the TLS negotiation, CA certificates are additionally looked up in the locations of trusted CA certificates, see -L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>. +L<SSL_CTX_load_verify_locations(3)>. The private keys loaded from file can be encrypted. In order to successfully load encrypted keys, a function returning the passphrase must have been supplied, see -L<SSL_CTX_set_default_passwd_cb(3)|SSL_CTX_set_default_passwd_cb(3)>. +L<SSL_CTX_set_default_passwd_cb(3)>. (Certificate files might be encrypted as well from the technical point of view, it however does not make sense as the data in the certificate is considered public anyway.) @@ -150,12 +150,12 @@ Otherwise check out the error stack to find out the reason. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_clear(3)|SSL_clear(3)>, -L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>, -L<SSL_CTX_set_default_passwd_cb(3)|SSL_CTX_set_default_passwd_cb(3)>, -L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>, -L<SSL_CTX_set_client_cert_cb(3)|SSL_CTX_set_client_cert_cb(3)>, -L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)> +L<ssl(3)>, L<SSL_new(3)>, L<SSL_clear(3)>, +L<SSL_CTX_load_verify_locations(3)>, +L<SSL_CTX_set_default_passwd_cb(3)>, +L<SSL_CTX_set_cipher_list(3)>, +L<SSL_CTX_set_client_cert_cb(3)>, +L<SSL_CTX_add_extra_chain_cert(3)> =head1 HISTORY diff --git a/doc/ssl/SSL_SESSION_free.pod b/doc/ssl/SSL_SESSION_free.pod index f30fe13c7d..5791da1b59 100644 --- a/doc/ssl/SSL_SESSION_free.pod +++ b/doc/ssl/SSL_SESSION_free.pod @@ -21,7 +21,7 @@ If B<session> is NULL nothing is done. SSL_SESSION objects are allocated, when a TLS/SSL handshake operation is successfully completed. Depending on the settings, see -L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>, +L<SSL_CTX_set_session_cache_mode(3)>, the SSL_SESSION objects are internally referenced by the SSL_CTX and linked into its session cache. SSL objects may be using the SSL_SESSION object; as a session may be reused, several SSL objects may be using one SSL_SESSION @@ -32,13 +32,13 @@ dangling pointers. These failures may also appear delayed, e.g. when an SSL_SESSION object was completely freed as the reference count incorrectly became 0, but it is still referenced in the internal session cache and the cache list is processed during a -L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)> operation. +L<SSL_CTX_flush_sessions(3)> operation. SSL_SESSION_free() must only be called for SSL_SESSION objects, for which the reference count was explicitly incremented (e.g. -by calling SSL_get1_session(), see L<SSL_get_session(3)|SSL_get_session(3)>) +by calling SSL_get1_session(), see L<SSL_get_session(3)>) or when the SSL_SESSION object was generated outside a TLS handshake -operation, e.g. by using L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)>. +operation, e.g. by using L<d2i_SSL_SESSION(3)>. It must not be called on other SSL_SESSION objects, as this would cause incorrect reference counts and therefore program failures. @@ -48,9 +48,9 @@ SSL_SESSION_free() does not provide diagnostic information. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, L<SSL_get_session(3)|SSL_get_session(3)>, -L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>, -L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>, - L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)> +L<ssl(3)>, L<SSL_get_session(3)>, +L<SSL_CTX_set_session_cache_mode(3)>, +L<SSL_CTX_flush_sessions(3)>, +L<d2i_SSL_SESSION(3)> =cut diff --git a/doc/ssl/SSL_SESSION_get_ex_new_index.pod b/doc/ssl/SSL_SESSION_get_ex_new_index.pod index 657cda931f..f5390c1f3a 100644 --- a/doc/ssl/SSL_SESSION_get_ex_new_index.pod +++ b/doc/ssl/SSL_SESSION_get_ex_new_index.pod @@ -40,9 +40,9 @@ SSL_SESSION_get_ex_data() is used to retrieve the information for B<idx> from B<session>. A detailed description for the B<*_get_ex_new_index()> functionality -can be found in L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>. +can be found in L<RSA_get_ex_new_index(3)>. The B<*_get_ex_data()> and B<*_set_ex_data()> functionality is described in -L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>. +L<CRYPTO_set_ex_data(3)>. =head1 WARNINGS @@ -54,8 +54,8 @@ therefore not be restored. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, -L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>, -L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)> +L<ssl(3)>, +L<RSA_get_ex_new_index(3)>, +L<CRYPTO_set_ex_data(3)> =cut diff --git a/doc/ssl/SSL_SESSION_get_time.pod b/doc/ssl/SSL_SESSION_get_time.pod index 490337a32f..dbbf7bf6ae 100644 --- a/doc/ssl/SSL_SESSION_get_time.pod +++ b/doc/ssl/SSL_SESSION_get_time.pod @@ -41,7 +41,7 @@ functions are synonyms for the SSL_SESSION_*() counterparts. Sessions are expired by examining the creation time and the timeout value. Both are set at creation time of the session to the actual time and the default timeout value at creation, respectively, as set by -L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>. +L<SSL_CTX_set_timeout(3)>. Using these functions it is possible to extend or shorten the lifetime of the session. @@ -57,8 +57,8 @@ If any of the function is passed the NULL pointer for the session B<s>, =head1 SEE ALSO -L<ssl(3)|ssl(3)>, -L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>, -L<SSL_get_default_timeout(3)|SSL_get_default_timeout(3)> +L<ssl(3)>, +L<SSL_CTX_set_timeout(3)>, +L<SSL_get_default_timeout(3)> =cut diff --git a/doc/ssl/SSL_SESSION_has_ticket.pod b/doc/ssl/SSL_SESSION_has_ticket.pod index d9b2a06196..92d261f8bc 100644 --- a/doc/ssl/SSL_SESSION_has_ticket.pod +++ b/doc/ssl/SSL_SESSION_has_ticket.pod @@ -29,10 +29,10 @@ may also become invalid as a result of a call to SSL_CTX_flush_sessions(). =head1 SEE ALSO -L<ssl(3)|ssl(3)>, -L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)>, -L<SSL_SESSION_get_time(3)|SSL_SESSION_get_time(3)>, -L<SSL_SESSION_free(3)|SSL_SESSION_free(3)> +L<ssl(3)>, +L<d2i_SSL_SESSION(3)>, +L<SSL_SESSION_get_time(3)>, +L<SSL_SESSION_free(3)> =head1 HISTORY diff --git a/doc/ssl/SSL_accept.pod b/doc/ssl/SSL_accept.pod index 89ad6bd0ba..a827fb5991 100644 --- a/doc/ssl/SSL_accept.pod +++ b/doc/ssl/SSL_accept.pod @@ -64,10 +64,10 @@ to find out the reason. =head1 SEE ALSO -L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_connect(3)|SSL_connect(3)>, -L<SSL_shutdown(3)|SSL_shutdown(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>, -L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>, -L<SSL_do_handshake(3)|SSL_do_handshake(3)>, -L<SSL_CTX_new(3)|SSL_CTX_new(3)> +L<SSL_get_error(3)>, L<SSL_connect(3)>, +L<SSL_shutdown(3)>, L<ssl(3)>, L<bio(3)>, +L<SSL_set_connect_state(3)>, +L<SSL_do_handshake(3)>, +L<SSL_CTX_new(3)> =cut diff --git a/doc/ssl/SSL_alert_type_string.pod b/doc/ssl/SSL_alert_type_string.pod index 0329c34869..c61b61bfdc 100644 --- a/doc/ssl/SSL_alert_type_string.pod +++ b/doc/ssl/SSL_alert_type_string.pod @@ -228,6 +228,6 @@ Probably B<value> does not contain a correct alert message. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, L<SSL_CTX_set_info_callback(3)|SSL_CTX_set_info_callback(3)> +L<ssl(3)>, L<SSL_CTX_set_info_callback(3)> =cut diff --git a/doc/ssl/SSL_check_chain.pod b/doc/ssl/SSL_check_chain.pod index d3b7601909..da6d8ab8e4 100644 --- a/doc/ssl/SSL_check_chain.pod +++ b/doc/ssl/SSL_check_chain.pod @@ -79,7 +79,7 @@ for earlier versions of TLS or DTLS. =head1 SEE ALSO -L<SSL_CTX_set_cert_cb(3)|SSL_CTX_set_cert_cb(3)>, -L<ssl(3)|ssl(3)> +L<SSL_CTX_set_cert_cb(3)>, +L<ssl(3)> =cut diff --git a/doc/ssl/SSL_clear.pod b/doc/ssl/SSL_clear.pod index 1b9ea1f4fc..9a760b56d2 100644 --- a/doc/ssl/SSL_clear.pod +++ b/doc/ssl/SSL_clear.pod @@ -21,8 +21,8 @@ SSL_clear is used to prepare an SSL object for a new connection. While all settings are kept, a side effect is the handling of the current SSL session. If a session is still B<open>, it is considered bad and will be removed from the session cache, as required by RFC2246. A session is considered open, -if L<SSL_shutdown(3)|SSL_shutdown(3)> was not called for the connection -or at least L<SSL_set_shutdown(3)|SSL_set_shutdown(3)> was used to +if L<SSL_shutdown(3)> was not called for the connection +or at least L<SSL_set_shutdown(3)> was used to set the SSL_SENT_SHUTDOWN state. If a session was closed cleanly, the session object will be kept and all @@ -31,7 +31,7 @@ used during the session will be kept for the next handshake. So if the session was a TLSv1 session, a SSL client object will use a TLSv1 client method for the next handshake and a SSL server object will use a TLSv1 server method, even if TLS_*_methods were chosen on startup. This -will might lead to connection failures (see L<SSL_new(3)|SSL_new(3)>) +will might lead to connection failures (see L<SSL_new(3)>) for a description of the method's properties. =head1 WARNINGS @@ -42,12 +42,12 @@ reset operation however keeps several settings of the last sessions handshake). It only makes sense for a new connection with the exact same peer that shares these settings, and may fail if that peer changes its settings between connections. Use the sequence -L<SSL_get_session(3)|SSL_get_session(3)>; -L<SSL_new(3)|SSL_new(3)>; -L<SSL_set_session(3)|SSL_set_session(3)>; -L<SSL_free(3)|SSL_free(3)> +L<SSL_get_session(3)>; +L<SSL_new(3)>; +L<SSL_set_session(3)>; +L<SSL_free(3)> instead to avoid such failures -(or simply L<SSL_free(3)|SSL_free(3)>; L<SSL_new(3)|SSL_new(3)> +(or simply L<SSL_free(3)>; L<SSL_new(3)> if session reuse is not desired). =head1 RETURN VALUES @@ -67,9 +67,9 @@ The SSL_clear() operation was successful. =back -L<SSL_new(3)|SSL_new(3)>, L<SSL_free(3)|SSL_free(3)>, -L<SSL_shutdown(3)|SSL_shutdown(3)>, L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>, -L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>, L<ssl(3)|ssl(3)>, -L<SSL_CTX_set_client_cert_cb(3)|SSL_CTX_set_client_cert_cb(3)> +L<SSL_new(3)>, L<SSL_free(3)>, +L<SSL_shutdown(3)>, L<SSL_set_shutdown(3)>, +L<SSL_CTX_set_options(3)>, L<ssl(3)>, +L<SSL_CTX_set_client_cert_cb(3)> =cut diff --git a/doc/ssl/SSL_connect.pod b/doc/ssl/SSL_connect.pod index 68e2b82b8d..8101d4de91 100644 --- a/doc/ssl/SSL_connect.pod +++ b/doc/ssl/SSL_connect.pod @@ -64,10 +64,10 @@ to find out the reason. =head1 SEE ALSO -L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_accept(3)|SSL_accept(3)>, -L<SSL_shutdown(3)|SSL_shutdown(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>, -L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>, -L<SSL_do_handshake(3)|SSL_do_handshake(3)>, -L<SSL_CTX_new(3)|SSL_CTX_new(3)> +L<SSL_get_error(3)>, L<SSL_accept(3)>, +L<SSL_shutdown(3)>, L<ssl(3)>, L<bio(3)>, +L<SSL_set_connect_state(3)>, +L<SSL_do_handshake(3)>, +L<SSL_CTX_new(3)> =cut diff --git a/doc/ssl/SSL_do_handshake.pod b/doc/ssl/SSL_do_handshake.pod index 8b590c9f16..01b71ae45d 100644 --- a/doc/ssl/SSL_do_handshake.pod +++ b/doc/ssl/SSL_do_handshake.pod @@ -15,8 +15,8 @@ SSL_do_handshake - perform a TLS/SSL handshake SSL_do_handshake() will wait for a SSL/TLS handshake to take place. If the connection is in client mode, the handshake will be started. The handshake routines may have to be explicitly set in advance using either -L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> or -L<SSL_set_accept_state(3)|SSL_set_accept_state(3)>. +L<SSL_set_connect_state(3)> or +L<SSL_set_accept_state(3)>. =head1 NOTES @@ -65,8 +65,8 @@ to find out the reason. =head1 SEE ALSO -L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_connect(3)|SSL_connect(3)>, -L<SSL_accept(3)|SSL_accept(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>, -L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> +L<SSL_get_error(3)>, L<SSL_connect(3)>, +L<SSL_accept(3)>, L<ssl(3)>, L<bio(3)>, +L<SSL_set_connect_state(3)> =cut diff --git a/doc/ssl/SSL_free.pod b/doc/ssl/SSL_free.pod index e3e6f56dc4..2715443038 100644 --- a/doc/ssl/SSL_free.pod +++ b/doc/ssl/SSL_free.pod @@ -29,8 +29,8 @@ failure. The ssl session has reference counts from two users: the SSL object, for which the reference count is removed by SSL_free() and the internal session cache. If the session is considered bad, because -L<SSL_shutdown(3)|SSL_shutdown(3)> was not called for the connection -and L<SSL_set_shutdown(3)|SSL_set_shutdown(3)> was not used to set the +L<SSL_shutdown(3)> was not called for the connection +and L<SSL_set_shutdown(3)> was not used to set the SSL_SENT_SHUTDOWN state, the session will also be removed from the session cache as required by RFC2246. @@ -38,8 +38,8 @@ from the session cache as required by RFC2246. SSL_free() does not provide diagnostic information. -L<SSL_new(3)|SSL_new(3)>, L<SSL_clear(3)|SSL_clear(3)>, -L<SSL_shutdown(3)|SSL_shutdown(3)>, L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>, -L<ssl(3)|ssl(3)> +L<SSL_new(3)>, L<SSL_clear(3)>, +L<SSL_shutdown(3)>, L<SSL_set_shutdown(3)>, +L<ssl(3)> =cut diff --git a/doc/ssl/SSL_get_SSL_CTX.pod b/doc/ssl/SSL_get_SSL_CTX.pod index 659c482c79..ed3a3b208b 100644 --- a/doc/ssl/SSL_get_SSL_CTX.pod +++ b/doc/ssl/SSL_get_SSL_CTX.pod @@ -13,7 +13,7 @@ SSL_get_SSL_CTX - get the SSL_CTX from which an SSL is created =head1 DESCRIPTION SSL_get_SSL_CTX() returns a pointer to the SSL_CTX object, from which -B<ssl> was created with L<SSL_new(3)|SSL_new(3)>. +B<ssl> was created with L<SSL_new(3)>. =head1 RETURN VALUES @@ -21,6 +21,6 @@ The pointer to the SSL_CTX object is returned. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)> +L<ssl(3)>, L<SSL_new(3)> =cut diff --git a/doc/ssl/SSL_get_ciphers.pod b/doc/ssl/SSL_get_ciphers.pod index 341745436d..65781dae0b 100644 --- a/doc/ssl/SSL_get_ciphers.pod +++ b/doc/ssl/SSL_get_ciphers.pod @@ -30,7 +30,7 @@ is returned. =head1 NOTES The details of the ciphers obtained by SSL_get_ciphers() can be obtained using -the L<SSL_CIPHER_get_name(3)|SSL_CIPHER_get_name(3)> family of functions. +the L<SSL_CIPHER_get_name(3)> family of functions. Call SSL_get_cipher_list() with B<priority> starting from 0 to obtain the sorted list of available ciphers, until NULL is returned. @@ -46,7 +46,7 @@ See DESCRIPTION =head1 SEE ALSO -L<ssl(3)|ssl(3)>, L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>, -L<SSL_CIPHER_get_name(3)|SSL_CIPHER_get_name(3)> +L<ssl(3)>, L<SSL_CTX_set_cipher_list(3)>, +L<SSL_CIPHER_get_name(3)> =cut diff --git a/doc/ssl/SSL_get_client_CA_list.pod b/doc/ssl/SSL_get_client_CA_list.pod index 68181b2407..62be122e16 100644 --- a/doc/ssl/SSL_get_client_CA_list.pod +++ b/doc/ssl/SSL_get_client_CA_list.pod @@ -14,11 +14,11 @@ SSL_get_client_CA_list, SSL_CTX_get_client_CA_list - get list of client CAs =head1 DESCRIPTION SSL_CTX_get_client_CA_list() returns the list of client CAs explicitly set for -B<ctx> using L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>. +B<ctx> using L<SSL_CTX_set_client_CA_list(3)>. SSL_get_client_CA_list() returns the list of client CAs explicitly set for B<ssl> using SSL_set_client_CA_list() or B<ssl>'s SSL_CTX object with -L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>, when in +L<SSL_CTX_set_client_CA_list(3)>, when in server mode. In client mode, SSL_get_client_CA_list returns the list of client CAs sent from the server, if any. @@ -46,8 +46,8 @@ the server did not send a list of CAs (client mode). =head1 SEE ALSO -L<ssl(3)|ssl(3)>, -L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>, -L<SSL_CTX_set_client_cert_cb(3)|SSL_CTX_set_client_cert_cb(3)> +L<ssl(3)>, +L<SSL_CTX_set_client_CA_list(3)>, +L<SSL_CTX_set_client_cert_cb(3)> =cut diff --git a/doc/ssl/SSL_get_client_random.pod b/doc/ssl/SSL_get_client_random.pod index 2cddf73797..3db5a26b11 100644 --- a/doc/ssl/SSL_get_client_random.pod +++ b/doc/ssl/SSL_get_client_random.pod @@ -71,9 +71,9 @@ of bytes they would copy--that is, the length of the underlying field. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, -L<RAND_bytes(3)|RAND_bytes(3)>, -L<SSL_export_keying_material(3)|SSL_export_keying_material(3)> +L<ssl(3)>, +L<RAND_bytes(3)>, +L<SSL_export_keying_material(3)> =cut diff --git a/doc/ssl/SSL_get_current_cipher.pod b/doc/ssl/SSL_get_current_cipher.pod index e5ab12491e..9151203e57 100644 --- a/doc/ssl/SSL_get_current_cipher.pod +++ b/doc/ssl/SSL_get_current_cipher.pod @@ -29,7 +29,7 @@ SSL_get_cipher() and SSL_get_cipher_name() are identical macros to obtain the name of the currently used cipher. SSL_get_cipher_bits() is a macro to obtain the number of secret/algorithm bits used and SSL_get_cipher_version() returns the protocol name. -See L<SSL_CIPHER_get_name(3)|SSL_CIPHER_get_name(3)> for more details. +See L<SSL_CIPHER_get_name(3)> for more details. =head1 RETURN VALUES @@ -38,6 +38,6 @@ no session has been established. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, L<SSL_CIPHER_get_name(3)|SSL_CIPHER_get_name(3)> +L<ssl(3)>, L<SSL_CIPHER_get_name(3)> =cut diff --git a/doc/ssl/SSL_get_default_timeout.pod b/doc/ssl/SSL_get_default_timeout.pod index 3a067fe892..9bde2227e0 100644 --- a/doc/ssl/SSL_get_default_timeout.pod +++ b/doc/ssl/SSL_get_default_timeout.pod @@ -20,7 +20,7 @@ SSL_SESSION objects negotiated for the protocol valid for B<ssl>. Whenever a new session is negotiated, it is assigned a timeout value, after which it will not be accepted for session reuse. If the timeout value was not explicitly set using -L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>, the hardcoded default +L<SSL_CTX_set_timeout(3)>, the hardcoded default timeout for the protocol will be used. SSL_get_default_timeout() return this hardcoded value, which is 300 seconds @@ -32,10 +32,10 @@ See description. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, -L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>, -L<SSL_SESSION_get_time(3)|SSL_SESSION_get_time(3)>, -L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>, -L<SSL_get_default_timeout(3)|SSL_get_default_timeout(3)> +L<ssl(3)>, +L<SSL_CTX_set_session_cache_mode(3)>, +L<SSL_SESSION_get_time(3)>, +L<SSL_CTX_flush_sessions(3)>, +L<SSL_get_default_timeout(3)> =cut diff --git a/doc/ssl/SSL_get_error.pod b/doc/ssl/SSL_get_error.pod index 48c6b15db7..015f2c7c40 100644 --- a/doc/ssl/SSL_get_error.pod +++ b/doc/ssl/SSL_get_error.pod @@ -105,7 +105,7 @@ OpenSSL error queue contains more information on the error. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, L<err(3)|err(3)> +L<ssl(3)>, L<err(3)> =head1 HISTORY diff --git a/doc/ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod b/doc/ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod index 165c6a5b2c..2957a2a330 100644 --- a/doc/ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod +++ b/doc/ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod @@ -51,11 +51,11 @@ An error occurred, check the error stack for a detailed error message. The index returned from SSL_get_ex_data_X509_STORE_CTX_idx() allows to access the SSL object for the connection to be accessed during the verify_callback() when checking the peers certificate. Please check -the example in L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>, +the example in L<SSL_CTX_set_verify(3)>, =head1 SEE ALSO -L<ssl(3)|ssl(3)>, L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>, -L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)> +L<ssl(3)>, L<SSL_CTX_set_verify(3)>, +L<CRYPTO_set_ex_data(3)> =cut diff --git a/doc/ssl/SSL_get_ex_new_index.pod b/doc/ssl/SSL_get_ex_new_index.pod index 228d23d8c0..6c2e919dcc 100644 --- a/doc/ssl/SSL_get_ex_new_index.pod +++ b/doc/ssl/SSL_get_ex_new_index.pod @@ -40,20 +40,20 @@ SSL_get_ex_data() is used to retrieve the information for B<idx> from B<ssl>. A detailed description for the B<*_get_ex_new_index()> functionality -can be found in L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>. +can be found in L<RSA_get_ex_new_index(3)>. The B<*_get_ex_data()> and B<*_set_ex_data()> functionality is described in -L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>. +L<CRYPTO_set_ex_data(3)>. =head1 EXAMPLES An example on how to use the functionality is included in the example -verify_callback() in L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>. +verify_callback() in L<SSL_CTX_set_verify(3)>. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, -L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>, -L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>, -L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)> +L<ssl(3)>, +L<RSA_get_ex_new_index(3)>, +L<CRYPTO_set_ex_data(3)>, +L<SSL_CTX_set_verify(3)> =cut diff --git a/doc/ssl/SSL_get_extms_support.pod b/doc/ssl/SSL_get_extms_support.pod index 4e24824605..ecfd090c80 100644 --- a/doc/ssl/SSL_get_extms_support.pod +++ b/doc/ssl/SSL_get_extms_support.pod @@ -26,6 +26,6 @@ was used. =head1 SEE ALSO -L<ssl(3)|ssl(3)> +L<ssl(3)> =cut diff --git a/doc/ssl/SSL_get_fd.pod b/doc/ssl/SSL_get_fd.pod index 19e52d68d0..8895747cee 100644 --- a/doc/ssl/SSL_get_fd.pod +++ b/doc/ssl/SSL_get_fd.pod @@ -39,6 +39,6 @@ The file descriptor linked to B<ssl>. =head1 SEE ALSO -L<SSL_set_fd(3)|SSL_set_fd(3)>, L<ssl(3)|ssl(3)> , L<bio(3)|bio(3)> +L<SSL_set_fd(3)>, L<ssl(3)> , L<bio(3)> =cut diff --git a/doc/ssl/SSL_get_peer_cert_chain.pod b/doc/ssl/SSL_get_peer_cert_chain.pod index 059376c76b..4d3e6d5b09 100644 --- a/doc/ssl/SSL_get_peer_cert_chain.pod +++ b/doc/ssl/SSL_get_peer_cert_chain.pod @@ -16,7 +16,7 @@ SSL_get_peer_cert_chain() returns a pointer to STACK_OF(X509) certificates forming the certificate chain of the peer. If called on the client side, the stack also contains the peer's certificate; if called on the server side, the peer's certificate must be obtained separately using -L<SSL_get_peer_certificate(3)|SSL_get_peer_certificate(3)>. +L<SSL_get_peer_certificate(3)>. If the peer did not present a certificate, NULL is returned. =head1 NOTES @@ -47,6 +47,6 @@ The return value points to the certificate chain presented by the peer. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, L<SSL_get_peer_certificate(3)|SSL_get_peer_certificate(3)> +L<ssl(3)>, L<SSL_get_peer_certificate(3)> =cut diff --git a/doc/ssl/SSL_get_peer_certificate.pod b/doc/ssl/SSL_get_peer_certificate.pod index ef7c8be180..c605a7c6f6 100644 --- a/doc/ssl/SSL_get_peer_certificate.pod +++ b/doc/ssl/SSL_get_peer_certificate.pod @@ -20,11 +20,11 @@ peer presented. If the peer did not present a certificate, NULL is returned. Due to the protocol definition, a TLS/SSL server will always send a certificate, if present. A client will only send a certificate when explicitly requested to do so by the server (see -L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>). If an anonymous cipher +L<SSL_CTX_set_verify(3)>). If an anonymous cipher is used, no certificates are sent. That a certificate is returned does not indicate information about the -verification state, use L<SSL_get_verify_result(3)|SSL_get_verify_result(3)> +verification state, use L<SSL_get_verify_result(3)> to check the verification state. The reference count of the X509 object is incremented by one, so that it @@ -49,7 +49,7 @@ The return value points to the certificate presented by the peer. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>, -L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)> +L<ssl(3)>, L<SSL_get_verify_result(3)>, +L<SSL_CTX_set_verify(3)> =cut diff --git a/doc/ssl/SSL_get_rbio.pod b/doc/ssl/SSL_get_rbio.pod index 08dea6a6cd..4e91ce0643 100644 --- a/doc/ssl/SSL_get_rbio.pod +++ b/doc/ssl/SSL_get_rbio.pod @@ -35,6 +35,6 @@ The BIO linked to B<ssl>. =head1 SEE ALSO -L<SSL_set_bio(3)|SSL_set_bio(3)>, L<ssl(3)|ssl(3)> , L<bio(3)|bio(3)> +L<SSL_set_bio(3)>, L<ssl(3)> , L<bio(3)> =cut diff --git a/doc/ssl/SSL_get_session.pod b/doc/ssl/SSL_get_session.pod index 1a30f7bb5f..d360e8a3bb 100644 --- a/doc/ssl/SSL_get_session.pod +++ b/doc/ssl/SSL_get_session.pod @@ -30,16 +30,16 @@ connection without a new handshake. SSL_get0_session() returns a pointer to the actual session. As the reference counter is not incremented, the pointer is only valid while -the connection is in use. If L<SSL_clear(3)|SSL_clear(3)> or -L<SSL_free(3)|SSL_free(3)> is called, the session may be removed completely +the connection is in use. If L<SSL_clear(3)> or +L<SSL_free(3)> is called, the session may be removed completely (if considered bad), and the pointer obtained will become invalid. Even if the session is valid, it can be removed at any time due to timeout -during L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>. +during L<SSL_CTX_flush_sessions(3)>. If the data is to be kept, SSL_get1_session() will increment the reference count, so that the session will not be implicitly removed by other operations but stays in memory. In order to remove the session -L<SSL_SESSION_free(3)|SSL_SESSION_free(3)> must be explicitly called once +L<SSL_SESSION_free(3)> must be explicitly called once to decrement the reference count again. SSL_SESSION objects keep internal link information about the session cache @@ -66,8 +66,8 @@ The return value points to the data of an SSL session. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, L<SSL_free(3)|SSL_free(3)>, -L<SSL_clear(3)|SSL_clear(3)>, -L<SSL_SESSION_free(3)|SSL_SESSION_free(3)> +L<ssl(3)>, L<SSL_free(3)>, +L<SSL_clear(3)>, +L<SSL_SESSION_free(3)> =cut diff --git a/doc/ssl/SSL_get_shared_sigalgs.pod b/doc/ssl/SSL_get_shared_sigalgs.pod index 16f7d486fe..ad305e6b5c 100644 --- a/doc/ssl/SSL_get_shared_sigalgs.pod +++ b/doc/ssl/SSL_get_shared_sigalgs.pod @@ -71,7 +71,7 @@ or is not an appropriate combination (for example MD5 and DSA). =head1 SEE ALSO -L<SSL_CTX_set_cert_cb(3)|SSL_CTX_set_cert_cb(3)>, -L<ssl(3)|ssl(3)> +L<SSL_CTX_set_cert_cb(3)>, +L<ssl(3)> =cut diff --git a/doc/ssl/SSL_get_verify_result.pod b/doc/ssl/SSL_get_verify_result.pod index 55b56a53f9..8b25eb2fcb 100644 --- a/doc/ssl/SSL_get_verify_result.pod +++ b/doc/ssl/SSL_get_verify_result.pod @@ -30,7 +30,7 @@ when a session is reused. If no peer certificate was presented, the returned result code is X509_V_OK. This is because no verification error occurred, it does however not indicate success. SSL_get_verify_result() is only useful in connection -with L<SSL_get_peer_certificate(3)|SSL_get_peer_certificate(3)>. +with L<SSL_get_peer_certificate(3)>. =head1 RETURN VALUES @@ -44,14 +44,14 @@ The verification succeeded or no peer certificate was presented. =item Any other value -Documented in L<verify(1)|verify(1)>. +Documented in L<verify(1)>. =back =head1 SEE ALSO -L<ssl(3)|ssl(3)>, L<SSL_set_verify_result(3)|SSL_set_verify_result(3)>, -L<SSL_get_peer_certificate(3)|SSL_get_peer_certificate(3)>, -L<verify(1)|verify(1)> +L<ssl(3)>, L<SSL_set_verify_result(3)>, +L<SSL_get_peer_certificate(3)>, +L<verify(1)> =cut diff --git a/doc/ssl/SSL_get_version.pod b/doc/ssl/SSL_get_version.pod index b91bb47f78..e0c7034f2e 100644 --- a/doc/ssl/SSL_get_version.pod +++ b/doc/ssl/SSL_get_version.pod @@ -45,6 +45,6 @@ This indicates that no version has been set (no connection established). =head1 SEE ALSO -L<ssl(3)|ssl(3)> +L<ssl(3)> =cut diff --git a/doc/ssl/SSL_library_init.pod b/doc/ssl/SSL_library_init.pod index 8766776fea..1c99e76e61 100644 --- a/doc/ssl/SSL_library_init.pod +++ b/doc/ssl/SSL_library_init.pod @@ -51,7 +51,7 @@ OpenSSL_add_all_algorithms() as well. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, L<SSL_load_error_strings(3)|SSL_load_error_strings(3)>, -L<RAND_add(3)|RAND_add(3)> +L<ssl(3)>, L<SSL_load_error_strings(3)>, +L<RAND_add(3)> =cut diff --git a/doc/ssl/SSL_load_client_CA_file.pod b/doc/ssl/SSL_load_client_CA_file.pod index 02527dc2ed..f9da0c21ab 100644 --- a/doc/ssl/SSL_load_client_CA_file.pod +++ b/doc/ssl/SSL_load_client_CA_file.pod @@ -20,7 +20,7 @@ a STACK_OF(X509_NAME) with the subject names found. SSL_load_client_CA_file() reads a file of PEM formatted certificates and extracts the X509_NAMES of the certificates found. While the name suggests the specific usage as support function for -L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>, +L<SSL_CTX_set_client_CA_list(3)>, it is not limited to CA certificates. =head1 EXAMPLES @@ -56,7 +56,7 @@ Pointer to the subject names of the successfully read certificates. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, -L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)> +L<ssl(3)>, +L<SSL_CTX_set_client_CA_list(3)> =cut diff --git a/doc/ssl/SSL_new.pod b/doc/ssl/SSL_new.pod index f0774a57ae..4c350c507f 100644 --- a/doc/ssl/SSL_new.pod +++ b/doc/ssl/SSL_new.pod @@ -36,9 +36,9 @@ The return value points to an allocated SSL structure. =head1 SEE ALSO -L<SSL_free(3)|SSL_free(3)>, L<SSL_clear(3)|SSL_clear(3)>, -L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>, -L<SSL_get_SSL_CTX(3)|SSL_get_SSL_CTX(3)>, -L<ssl(3)|ssl(3)> +L<SSL_free(3)>, L<SSL_clear(3)>, +L<SSL_CTX_set_options(3)>, +L<SSL_get_SSL_CTX(3)>, +L<ssl(3)> =cut diff --git a/doc/ssl/SSL_pending.pod b/doc/ssl/SSL_pending.pod index 9dd071b625..a263241ab6 100644 --- a/doc/ssl/SSL_pending.pod +++ b/doc/ssl/SSL_pending.pod @@ -19,7 +19,7 @@ B<ssl> for immediate read. Data are received in blocks from the peer. Therefore data can be buffered inside B<ssl> and are ready for immediate retrieval with -L<SSL_read(3)|SSL_read(3)>. +L<SSL_read(3)>. =head1 RETURN VALUES @@ -30,7 +30,7 @@ The number of bytes pending is returned. SSL_pending() takes into account only bytes from the TLS/SSL record that is currently being processed (if any). If the B<SSL> object's I<read_ahead> flag is set (see -L<SSL_CTX_set_read_ahead(3)|SSL_CTX_set_read_ahead(3)>), additional protocol +L<SSL_CTX_set_read_ahead(3)>), additional protocol bytes may have been read containing more TLS/SSL records; these are ignored by SSL_pending(). @@ -39,7 +39,7 @@ of pending data is application data. =head1 SEE ALSO -L<SSL_read(3)|SSL_read(3)>, -L<SSL_CTX_set_read_ahead(3)|SSL_CTX_set_read_ahead(3)>, L<ssl(3)|ssl(3)> +L<SSL_read(3)>, +L<SSL_CTX_set_read_ahead(3)>, L<ssl(3)> =cut diff --git a/doc/ssl/SSL_read.pod b/doc/ssl/SSL_read.pod index 8ca0ce5058..947c8687f4 100644 --- a/doc/ssl/SSL_read.pod +++ b/doc/ssl/SSL_read.pod @@ -18,16 +18,16 @@ buffer B<buf>. =head1 NOTES If necessary, SSL_read() will negotiate a TLS/SSL session, if -not already explicitly performed by L<SSL_connect(3)|SSL_connect(3)> or -L<SSL_accept(3)|SSL_accept(3)>. If the +not already explicitly performed by L<SSL_connect(3)> or +L<SSL_accept(3)>. If the peer requests a re-negotiation, it will be performed transparently during the SSL_read() operation. The behaviour of SSL_read() depends on the underlying BIO. For the transparent negotiation to succeed, the B<ssl> must have been initialized to client or server mode. This is being done by calling -L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> or SSL_set_accept_state() -before the first call to an SSL_read() or L<SSL_write(3)|SSL_write(3)> +L<SSL_set_connect_state(3)> or SSL_set_accept_state() +before the first call to an SSL_read() or L<SSL_write(3)> function. SSL_read() works based on the SSL/TLS records. The data are received in @@ -49,12 +49,12 @@ If the underlying BIO is B<blocking>, SSL_read() will only return, once the read operation has been finished or an error occurred, except when a renegotiation take place, in which case a SSL_ERROR_WANT_READ may occur. This behaviour can be controlled with the SSL_MODE_AUTO_RETRY flag of the -L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)> call. +L<SSL_CTX_set_mode(3)> call. If the underlying BIO is B<non-blocking>, SSL_read() will also return when the underlying BIO could not satisfy the needs of SSL_read() to continue the operation. In this case a call to -L<SSL_get_error(3)|SSL_get_error(3)> with the +L<SSL_get_error(3)> with the return value of SSL_read() will yield B<SSL_ERROR_WANT_READ> or B<SSL_ERROR_WANT_WRITE>. As at any time a re-negotiation is possible, a call to SSL_read() can also cause write operations! The calling process @@ -64,7 +64,7 @@ non-blocking socket, nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue. -L<SSL_pending(3)|SSL_pending(3)> can be used to find out whether there +L<SSL_pending(3)> can be used to find out whether there are buffered bytes available for immediate retrieval. In this case SSL_read() can be called without blocking or actually receiving new data from the underlying socket. @@ -91,8 +91,8 @@ bytes actually read from the TLS/SSL connection. The read operation was not successful. The reason may either be a clean shutdown due to a "close notify" alert sent by the peer (in which case the SSL_RECEIVED_SHUTDOWN flag in the ssl shutdown state is set -(see L<SSL_shutdown(3)|SSL_shutdown(3)>, -L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>). It is also possible, that +(see L<SSL_shutdown(3)>, +L<SSL_set_shutdown(3)>). It is also possible, that the peer simply shut down the underlying transport and the shutdown is incomplete. Call SSL_get_error() with the return value B<ret> to find out, whether an error occurred or the connection was shut down cleanly @@ -113,12 +113,12 @@ return value B<ret> to find out the reason. =head1 SEE ALSO -L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_write(3)|SSL_write(3)>, -L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>, -L<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)> -L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>, -L<SSL_pending(3)|SSL_pending(3)>, -L<SSL_shutdown(3)|SSL_shutdown(3)>, L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>, -L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)> +L<SSL_get_error(3)>, L<SSL_write(3)>, +L<SSL_CTX_set_mode(3)>, L<SSL_CTX_new(3)>, +L<SSL_connect(3)>, L<SSL_accept(3)> +L<SSL_set_connect_state(3)>, +L<SSL_pending(3)>, +L<SSL_shutdown(3)>, L<SSL_set_shutdown(3)>, +L<ssl(3)>, L<bio(3)> =cut diff --git a/doc/ssl/SSL_rstate_string.pod b/doc/ssl/SSL_rstate_string.pod index bdb8a1fcd5..7309483ce9 100644 --- a/doc/ssl/SSL_rstate_string.pod +++ b/doc/ssl/SSL_rstate_string.pod @@ -54,6 +54,6 @@ The read state is unknown. This should never happen. =head1 SEE ALSO -L<ssl(3)|ssl(3)> +L<ssl(3)> =cut diff --git a/doc/ssl/SSL_session_reused.pod b/doc/ssl/SSL_session_reused.pod index b09d8a71b0..4a738fa320 100644 --- a/doc/ssl/SSL_session_reused.pod +++ b/doc/ssl/SSL_session_reused.pod @@ -39,7 +39,7 @@ A session was reused. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, L<SSL_set_session(3)|SSL_set_session(3)>, -L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)> +L<ssl(3)>, L<SSL_set_session(3)>, +L<SSL_CTX_set_session_cache_mode(3)> =cut diff --git a/doc/ssl/SSL_set_bio.pod b/doc/ssl/SSL_set_bio.pod index 8b96ee9983..3e87ee157e 100644 --- a/doc/ssl/SSL_set_bio.pod +++ b/doc/ssl/SSL_set_bio.pod @@ -32,9 +32,9 @@ SSL_set_bio(), SSL_set_rbio() and SSL_set_wbio() cannot fail. =head1 SEE ALSO -L<SSL_get_rbio(3)|SSL_get_rbio(3)>, -L<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)>, -L<SSL_shutdown(3)|SSL_shutdown(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)> +L<SSL_get_rbio(3)>, +L<SSL_connect(3)>, L<SSL_accept(3)>, +L<SSL_shutdown(3)>, L<ssl(3)>, L<bio(3)> =head1 HISTORY diff --git a/doc/ssl/SSL_set_connect_state.pod b/doc/ssl/SSL_set_connect_state.pod index a68de31e0e..4c3626c259 100644 --- a/doc/ssl/SSL_set_connect_state.pod +++ b/doc/ssl/SSL_set_connect_state.pod @@ -20,11 +20,11 @@ SSL_set_accept_state() sets B<ssl> to work in server mode. =head1 NOTES -When the SSL_CTX object was created with L<SSL_CTX_new(3)|SSL_CTX_new(3)>, +When the SSL_CTX object was created with L<SSL_CTX_new(3)>, it was either assigned a dedicated client method, a dedicated server method, or a generic method, that can be used for both client and server connections. (The method might have been changed with -L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)> or +L<SSL_CTX_set_ssl_version(3)> or SSL_set_ssl_method().) When beginning a new handshake, the SSL engine must know whether it must @@ -32,10 +32,10 @@ call the connect (client) or accept (server) routines. Even though it may be clear from the method chosen, whether client or server mode was requested, the handshake routines must be explicitly set. -When using the L<SSL_connect(3)|SSL_connect(3)> or -L<SSL_accept(3)|SSL_accept(3)> routines, the correct handshake +When using the L<SSL_connect(3)> or +L<SSL_accept(3)> routines, the correct handshake routines are automatically set. When performing a transparent negotiation -using L<SSL_write(3)|SSL_write(3)> or L<SSL_read(3)|SSL_read(3)>, the +using L<SSL_write(3)> or L<SSL_read(3)>, the handshake routines must be explicitly set in advance using either SSL_set_connect_state() or SSL_set_accept_state(). @@ -46,10 +46,10 @@ information. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>, -L<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)>, -L<SSL_write(3)|SSL_write(3)>, L<SSL_read(3)|SSL_read(3)>, -L<SSL_do_handshake(3)|SSL_do_handshake(3)>, -L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)> +L<ssl(3)>, L<SSL_new(3)>, L<SSL_CTX_new(3)>, +LL<SSL_connect(3)>, L<SSL_accept(3)>, +L<SSL_write(3)>, L<SSL_read(3)>, +L<SSL_do_handshake(3)>, +L<SSL_CTX_set_ssl_version(3)> =cut diff --git a/doc/ssl/SSL_set_fd.pod b/doc/ssl/SSL_set_fd.pod index 35a2325e2a..faf1d17191 100644 --- a/doc/ssl/SSL_set_fd.pod +++ b/doc/ssl/SSL_set_fd.pod @@ -47,8 +47,8 @@ The operation succeeded. =head1 SEE ALSO -L<SSL_get_fd(3)|SSL_get_fd(3)>, L<SSL_set_bio(3)|SSL_set_bio(3)>, -L<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)>, -L<SSL_shutdown(3)|SSL_shutdown(3)>, L<ssl(3)|ssl(3)> , L<bio(3)|bio(3)> +L<SSL_get_fd(3)>, L<SSL_set_bio(3)>, +L<SSL_connect(3)>, L<SSL_accept(3)>, +L<SSL_shutdown(3)>, L<ssl(3)> , L<bio(3)> =cut diff --git a/doc/ssl/SSL_set_session.pod b/doc/ssl/SSL_set_session.pod index 197b521830..c9e31c45fb 100644 --- a/doc/ssl/SSL_set_session.pod +++ b/doc/ssl/SSL_set_session.pod @@ -17,7 +17,7 @@ is to be established. SSL_set_session() is only useful for TLS/SSL clients. When the session is set, the reference count of B<session> is incremented by 1. If the session is not reused, the reference count is decremented again during SSL_connect(). Whether the session was reused can be queried -with the L<SSL_session_reused(3)|SSL_session_reused(3)> call. +with the L<SSL_session_reused(3)> call. If there is already a session set inside B<ssl> (because it was set with SSL_set_session() before or because the same B<ssl> was already used for @@ -49,9 +49,9 @@ The operation succeeded. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>, -L<SSL_get_session(3)|SSL_get_session(3)>, -L<SSL_session_reused(3)|SSL_session_reused(3)>, -L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)> +L<ssl(3)>, L<SSL_SESSION_free(3)>, +L<SSL_get_session(3)>, +L<SSL_session_reused(3)>, +L<SSL_CTX_set_session_cache_mode(3)> =cut diff --git a/doc/ssl/SSL_set_shutdown.pod b/doc/ssl/SSL_set_shutdown.pod index fe013085d3..91d7697036 100644 --- a/doc/ssl/SSL_set_shutdown.pod +++ b/doc/ssl/SSL_set_shutdown.pod @@ -44,18 +44,18 @@ SSL_SENT_SHUTDOWN and SSL_RECEIVED_SHUTDOWN can be set at the same time. The shutdown state of the connection is used to determine the state of the ssl session. If the session is still open, when -L<SSL_clear(3)|SSL_clear(3)> or L<SSL_free(3)|SSL_free(3)> is called, +L<SSL_clear(3)> or L<SSL_free(3)> is called, it is considered bad and removed according to RFC2246. The actual condition for a correctly closed session is SSL_SENT_SHUTDOWN (according to the TLS RFC, it is acceptable to only send the "close notify" alert but to not wait for the peer's answer, when the underlying connection is closed). SSL_set_shutdown() can be used to set this state without sending a -close alert to the peer (see L<SSL_shutdown(3)|SSL_shutdown(3)>). +close alert to the peer (see L<SSL_shutdown(3)>). If a "close notify" was received, SSL_RECEIVED_SHUTDOWN will be set, for setting SSL_SENT_SHUTDOWN the application must however still call -L<SSL_shutdown(3)|SSL_shutdown(3)> or SSL_set_shutdown() itself. +L<SSL_shutdown(3)> or SSL_set_shutdown() itself. =head1 RETURN VALUES @@ -65,8 +65,8 @@ SSL_get_shutdown() returns the current setting. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, L<SSL_shutdown(3)|SSL_shutdown(3)>, -L<SSL_CTX_set_quiet_shutdown(3)|SSL_CTX_set_quiet_shutdown(3)>, -L<SSL_clear(3)|SSL_clear(3)>, L<SSL_free(3)|SSL_free(3)> +L<ssl(3)>, L<SSL_shutdown(3)>, +L<SSL_CTX_set_quiet_shutdown(3)>, +L<SSL_clear(3)>, L<SSL_free(3)> =cut diff --git a/doc/ssl/SSL_set_verify_result.pod b/doc/ssl/SSL_set_verify_result.pod index 04ab101aad..2c6d0b4760 100644 --- a/doc/ssl/SSL_set_verify_result.pod +++ b/doc/ssl/SSL_set_verify_result.pod @@ -23,7 +23,7 @@ the verification result of the B<ssl> object. It does not become part of the established session, so if the session is to be reused later, the original value will reappear. -The valid codes for B<verify_result> are documented in L<verify(1)|verify(1)>. +The valid codes for B<verify_result> are documented in L<verify(1)>. =head1 RETURN VALUES @@ -31,8 +31,8 @@ SSL_set_verify_result() does not provide a return value. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>, -L<SSL_get_peer_certificate(3)|SSL_get_peer_certificate(3)>, -L<verify(1)|verify(1)> +L<ssl(3)>, L<SSL_get_verify_result(3)>, +L<SSL_get_peer_certificate(3)>, +L<verify(1)> =cut diff --git a/doc/ssl/SSL_shutdown.pod b/doc/ssl/SSL_shutdown.pod index b2bf9cb1b8..169079af50 100644 --- a/doc/ssl/SSL_shutdown.pod +++ b/doc/ssl/SSL_shutdown.pod @@ -50,11 +50,11 @@ with 1. =item If the peer already sent the "close notify" alert B<and> it was already processed implicitly inside another function -(L<SSL_read(3)|SSL_read(3)>), the SSL_RECEIVED_SHUTDOWN flag is set. +(L<SSL_read(3)>), the SSL_RECEIVED_SHUTDOWN flag is set. SSL_shutdown() will send the "close notify" alert, set the SSL_SENT_SHUTDOWN flag and will immediately return with 1. Whether SSL_RECEIVED_SHUTDOWN is already set can be checked using the -SSL_get_shutdown() (see also L<SSL_set_shutdown(3)|SSL_set_shutdown(3)> call. +SSL_get_shutdown() (see also L<SSL_set_shutdown(3)> call. =back @@ -80,7 +80,7 @@ into or retrieved out of the BIO before being able to continue. SSL_shutdown() can be modified to only set the connection to "shutdown" state but not actually send the "close notify" alert messages, -see L<SSL_CTX_set_quiet_shutdown(3)|SSL_CTX_set_quiet_shutdown(3)>. +see L<SSL_CTX_set_quiet_shutdown(3)>. When "quiet shutdown" is enabled, SSL_shutdown() will always succeed and return 1. @@ -94,7 +94,7 @@ The following return values can occur: The shutdown is not yet finished. Call SSL_shutdown() for a second time, if a bidirectional shutdown shall be performed. -The output of L<SSL_get_error(3)|SSL_get_error(3)> may be misleading, as an +The output of L<SSL_get_error(3)> may be misleading, as an erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred. =item Z<>1 @@ -107,17 +107,17 @@ and the peer's "close notify" alert was received. The shutdown was not successful because a fatal error occurred either at the protocol level or a connection failure occurred. It can also occur if action is need to continue the operation for non-blocking BIOs. -Call L<SSL_get_error(3)|SSL_get_error(3)> with the return value B<ret> +Call L<SSL_get_error(3)> with the return value B<ret> to find out the reason. =back =head1 SEE ALSO -L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_connect(3)|SSL_connect(3)>, -L<SSL_accept(3)|SSL_accept(3)>, L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>, -L<SSL_CTX_set_quiet_shutdown(3)|SSL_CTX_set_quiet_shutdown(3)>, -L<SSL_clear(3)|SSL_clear(3)>, L<SSL_free(3)|SSL_free(3)>, -L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)> +L<SSL_get_error(3)>, L<SSL_connect(3)>, +L<SSL_accept(3)>, L<SSL_set_shutdown(3)>, +L<SSL_CTX_set_quiet_shutdown(3)>, +L<SSL_clear(3)>, L<SSL_free(3)>, +L<ssl(3)>, L<bio(3)> =cut diff --git a/doc/ssl/SSL_state_string.pod b/doc/ssl/SSL_state_string.pod index fe25d47c71..0d2ba61bbf 100644 --- a/doc/ssl/SSL_state_string.pod +++ b/doc/ssl/SSL_state_string.pod @@ -40,6 +40,6 @@ Detailed description of possible states to be included later. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, L<SSL_CTX_set_info_callback(3)|SSL_CTX_set_info_callback(3)> +L<ssl(3)>, L<SSL_CTX_set_info_callback(3)> =cut diff --git a/doc/ssl/SSL_want.pod b/doc/ssl/SSL_want.pod index c0059c0d4a..e8b426c7b5 100644 --- a/doc/ssl/SSL_want.pod +++ b/doc/ssl/SSL_want.pod @@ -24,15 +24,15 @@ by SSL_want(). =head1 NOTES SSL_want() examines the internal state information of the SSL object. Its -return values are similar to that of L<SSL_get_error(3)|SSL_get_error(3)>. -Unlike L<SSL_get_error(3)|SSL_get_error(3)>, which also evaluates the +return values are similar to that of L<SSL_get_error(3)>. +Unlike L<SSL_get_error(3)>, which also evaluates the error queue, the results are obtained by examining an internal state flag only. The information must therefore only be used for normal operation under non-blocking I/O. Error conditions are not handled and must be treated -using L<SSL_get_error(3)|SSL_get_error(3)>. +using L<SSL_get_error(3)>. The result returned by SSL_want() should always be consistent with -the result of L<SSL_get_error(3)|SSL_get_error(3)>. +the result of L<SSL_get_error(3)>. =head1 RETURN VALUES @@ -48,21 +48,21 @@ There is no data to be written or to be read. There are data in the SSL buffer that must be written to the underlying B<BIO> layer in order to complete the actual SSL_*() operation. -A call to L<SSL_get_error(3)|SSL_get_error(3)> should return +A call to L<SSL_get_error(3)> should return SSL_ERROR_WANT_WRITE. =item SSL_READING More data must be read from the underlying B<BIO> layer in order to complete the actual SSL_*() operation. -A call to L<SSL_get_error(3)|SSL_get_error(3)> should return +A call to L<SSL_get_error(3)> should return SSL_ERROR_WANT_READ. =item SSL_X509_LOOKUP The operation did not complete because an application callback set by SSL_CTX_set_client_cert_cb() has asked to be called again. -A call to L<SSL_get_error(3)|SSL_get_error(3)> should return +A call to L<SSL_get_error(3)> should return SSL_ERROR_WANT_X509_LOOKUP. =back @@ -72,6 +72,6 @@ return 1, when the corresponding condition is true or 0 otherwise. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, L<err(3)|err(3)>, L<SSL_get_error(3)|SSL_get_error(3)> +L<ssl(3)>, L<err(3)>, L<SSL_get_error(3)> =cut diff --git a/doc/ssl/SSL_write.pod b/doc/ssl/SSL_write.pod index a57617f3ee..a9841ed331 100644 --- a/doc/ssl/SSL_write.pod +++ b/doc/ssl/SSL_write.pod @@ -18,27 +18,27 @@ B<ssl> connection. =head1 NOTES If necessary, SSL_write() will negotiate a TLS/SSL session, if -not already explicitly performed by L<SSL_connect(3)|SSL_connect(3)> or -L<SSL_accept(3)|SSL_accept(3)>. If the +not already explicitly performed by L<SSL_connect(3)> or +L<SSL_accept(3)>. If the peer requests a re-negotiation, it will be performed transparently during the SSL_write() operation. The behaviour of SSL_write() depends on the underlying BIO. For the transparent negotiation to succeed, the B<ssl> must have been initialized to client or server mode. This is being done by calling -L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> or SSL_set_accept_state() -before the first call to an L<SSL_read(3)|SSL_read(3)> or SSL_write() function. +L<SSL_set_connect_state(3)> or SSL_set_accept_state() +before the first call to an L<SSL_read(3)> or SSL_write() function. If the underlying BIO is B<blocking>, SSL_write() will only return, once the write operation has been finished or an error occurred, except when a renegotiation take place, in which case a SSL_ERROR_WANT_READ may occur. This behaviour can be controlled with the SSL_MODE_AUTO_RETRY flag of the -L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)> call. +L<SSL_CTX_set_mode(3)> call. If the underlying BIO is B<non-blocking>, SSL_write() will also return, when the underlying BIO could not satisfy the needs of SSL_write() to continue the operation. In this case a call to -L<SSL_get_error(3)|SSL_get_error(3)> with the +L<SSL_get_error(3)> with the return value of SSL_write() will yield B<SSL_ERROR_WANT_READ> or B<SSL_ERROR_WANT_WRITE>. As at any time a re-negotiation is possible, a call to SSL_write() can also cause read operations! The calling process @@ -51,7 +51,7 @@ must be written into or retrieved out of the BIO before being able to continue. SSL_write() will only return with success, when the complete contents of B<buf> of length B<num> has been written. This default behaviour can be changed with the SSL_MODE_ENABLE_PARTIAL_WRITE option of -L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>. When this flag is set, +L<SSL_CTX_set_mode(3)>. When this flag is set, SSL_write() will also return with success, when a partial write has been successfully completed. In this case the SSL_write() operation is considered completed. The bytes are sent and a new SSL_write() operation with a new @@ -100,10 +100,10 @@ return value B<ret> to find out the reason. =head1 SEE ALSO -L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_read(3)|SSL_read(3)>, -L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>, -L<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)> -L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>, -L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)> +L<SSL_get_error(3)>, L<SSL_read(3)>, +L<SSL_CTX_set_mode(3)>, L<SSL_CTX_new(3)>, +L<SSL_connect(3)>, L<SSL_accept(3)> +L<SSL_set_connect_state(3)>, +L<ssl(3)>, L<bio(3)> =cut diff --git a/doc/ssl/d2i_SSL_SESSION.pod b/doc/ssl/d2i_SSL_SESSION.pod index bce06e23b6..985d1580f9 100644 --- a/doc/ssl/d2i_SSL_SESSION.pod +++ b/doc/ssl/d2i_SSL_SESSION.pod @@ -31,10 +31,10 @@ a binary ASN1 representation. When using d2i_SSL_SESSION(), the SSL_SESSION object is automatically allocated. The reference count is 1, so that the session must be -explicitly removed using L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>, +explicitly removed using L<SSL_SESSION_free(3)>, unless the SSL_SESSION object is completely taken over, when being called inside the get_session_cb() (see -L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>). +L<SSL_CTX_sess_set_get_cb(3)>). SSL_SESSION objects keep internal link information about the session cache list, when being inserted into one SSL_CTX object's session cache. @@ -70,7 +70,7 @@ When the session is not valid, B<0> is returned and no operation is performed. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>, -L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)> +L<ssl(3)>, L<SSL_SESSION_free(3)>, +L<SSL_CTX_sess_set_get_cb(3)> =cut diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod index a094356131..6443de70a3 100644 --- a/doc/ssl/ssl.pod +++ b/doc/ssl/ssl.pod @@ -14,25 +14,25 @@ Transport Layer Security (TLS v1) protocols. It provides a rich API which is documented here. At first the library must be initialized; see -L<SSL_library_init(3)|SSL_library_init(3)>. +L<SSL_library_init(3)>. Then an B<SSL_CTX> object is created as a framework to establish -TLS/SSL enabled connections (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>). +TLS/SSL enabled connections (see L<SSL_CTX_new(3)>). Various options regarding certificates, algorithms etc. can be set in this object. When a network connection has been created, it can be assigned to an B<SSL> object. After the B<SSL> object has been created using -L<SSL_new(3)|SSL_new(3)>, L<SSL_set_fd(3)|SSL_set_fd(3)> or -L<SSL_set_bio(3)|SSL_set_bio(3)> can be used to associate the network +L<SSL_new(3)>, L<SSL_set_fd(3)> or +L<SSL_set_bio(3)> can be used to associate the network connection with the object. Then the TLS/SSL handshake is performed using -L<SSL_accept(3)|SSL_accept(3)> or L<SSL_connect(3)|SSL_connect(3)> +L<SSL_accept(3)> or L<SSL_connect(3)> respectively. -L<SSL_read(3)|SSL_read(3)> and L<SSL_write(3)|SSL_write(3)> are used +L<SSL_read(3)> and L<SSL_write(3)> are used to read and write data on the TLS/SSL connection. -L<SSL_shutdown(3)|SSL_shutdown(3)> can be used to shut down the +L<SSL_shutdown(3)> can be used to shut down the TLS/SSL connection. =head1 DATA STRUCTURES @@ -667,87 +667,87 @@ success or 0 on failure. =head1 SEE ALSO -L<openssl(1)|openssl(1)>, L<crypto(3)|crypto(3)>, -L<SSL_accept(3)|SSL_accept(3)>, L<SSL_clear(3)|SSL_clear(3)>, -L<SSL_connect(3)|SSL_connect(3)>, -L<SSL_CIPHER_get_name(3)|SSL_CIPHER_get_name(3)>, -L<SSL_COMP_add_compression_method(3)|SSL_COMP_add_compression_method(3)>, -L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>, -L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)>, -L<SSL_CTX_ctrl(3)|SSL_CTX_ctrl(3)>, -L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>, -L<SSL_CTX_get_ex_new_index(3)|SSL_CTX_get_ex_new_index(3)>, -L<SSL_CTX_get_verify_mode(3)|SSL_CTX_get_verify_mode(3)>, -L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)> -L<SSL_CTX_new(3)|SSL_CTX_new(3)>, -L<SSL_CTX_sess_number(3)|SSL_CTX_sess_number(3)>, -L<SSL_CTX_sess_set_cache_size(3)|SSL_CTX_sess_set_cache_size(3)>, -L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>, -L<SSL_CTX_sessions(3)|SSL_CTX_sessions(3)>, -L<SSL_CTX_set_cert_store(3)|SSL_CTX_set_cert_store(3)>, -L<SSL_CTX_set_cert_verify_callback(3)|SSL_CTX_set_cert_verify_callback(3)>, -L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>, -L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>, -L<SSL_CTX_set_client_cert_cb(3)|SSL_CTX_set_client_cert_cb(3)>, -L<SSL_CTX_set_default_passwd_cb(3)|SSL_CTX_set_default_passwd_cb(3)>, -L<SSL_CTX_set_generate_session_id(3)|SSL_CTX_set_generate_session_id(3)>, -L<SSL_CTX_set_info_callback(3)|SSL_CTX_set_info_callback(3)>, -L<SSL_CTX_set_max_cert_list(3)|SSL_CTX_set_max_cert_list(3)>, -L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>, -L<SSL_CTX_set_msg_callback(3)|SSL_CTX_set_msg_callback(3)>, -L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>, -L<SSL_CTX_set_quiet_shutdown(3)|SSL_CTX_set_quiet_shutdown(3)>, -L<SSL_CTX_set_read_ahead(3)|SSL_CTX_set_read_ahead(3)>, -L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>, -L<SSL_CTX_set_session_id_context(3)|SSL_CTX_set_session_id_context(3)>, -L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)>, -L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>, -L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>, -L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>, -L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>, -L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>, -L<SSL_alert_type_string(3)|SSL_alert_type_string(3)>, -L<SSL_do_handshake(3)|SSL_do_handshake(3)>, -L<SSL_get_SSL_CTX(3)|SSL_get_SSL_CTX(3)>, -L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>, -L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>, -L<SSL_get_default_timeout(3)|SSL_get_default_timeout(3)>, -L<SSL_get_error(3)|SSL_get_error(3)>, -L<SSL_get_ex_data_X509_STORE_CTX_idx(3)|SSL_get_ex_data_X509_STORE_CTX_idx(3)>, -L<SSL_get_ex_new_index(3)|SSL_get_ex_new_index(3)>, -L<SSL_get_fd(3)|SSL_get_fd(3)>, -L<SSL_get_peer_cert_chain(3)|SSL_get_peer_cert_chain(3)>, -L<SSL_get_rbio(3)|SSL_get_rbio(3)>, -L<SSL_get_session(3)|SSL_get_session(3)>, -L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>, -L<SSL_get_version(3)|SSL_get_version(3)>, -L<SSL_library_init(3)|SSL_library_init(3)>, -L<SSL_load_client_CA_file(3)|SSL_load_client_CA_file(3)>, -L<SSL_new(3)|SSL_new(3)>, -L<SSL_pending(3)|SSL_pending(3)>, -L<SSL_read(3)|SSL_read(3)>, -L<SSL_rstate_string(3)|SSL_rstate_string(3)>, -L<SSL_session_reused(3)|SSL_session_reused(3)>, -L<SSL_set_bio(3)|SSL_set_bio(3)>, -L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>, -L<SSL_set_fd(3)|SSL_set_fd(3)>, -L<SSL_set_session(3)|SSL_set_session(3)>, -L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>, -L<SSL_shutdown(3)|SSL_shutdown(3)>, -L<SSL_state_string(3)|SSL_state_string(3)>, -L<SSL_want(3)|SSL_want(3)>, -L<SSL_write(3)|SSL_write(3)>, -L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>, -L<SSL_SESSION_get_ex_new_index(3)|SSL_SESSION_get_ex_new_index(3)>, -L<SSL_SESSION_get_time(3)|SSL_SESSION_get_time(3)>, -L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)>, -L<SSL_CTX_set_psk_client_callback(3)|SSL_CTX_set_psk_client_callback(3)>, -L<SSL_CTX_use_psk_identity_hint(3)|SSL_CTX_use_psk_identity_hint(3)>, -L<SSL_get_psk_identity(3)|SSL_get_psk_identity(3)> +L<openssl(1)>, L<crypto(3)>, +L<SSL_accept(3)>, L<SSL_clear(3)>, +L<SSL_connect(3)>, +L<SSL_CIPHER_get_name(3)>, +L<SSL_COMP_add_compression_method(3)>, +L<SSL_CTX_add_extra_chain_cert(3)>, +L<SSL_CTX_add_session(3)>, +L<SSL_CTX_ctrl(3)>, +L<SSL_CTX_flush_sessions(3)>, +L<SSL_CTX_get_ex_new_index(3)>, +L<SSL_CTX_get_verify_mode(3)>, +L<SSL_CTX_load_verify_locations(3)> +L<SSL_CTX_new(3)>, +L<SSL_CTX_sess_number(3)>, +L<SSL_CTX_sess_set_cache_size(3)>, +L<SSL_CTX_sess_set_get_cb(3)>, +L<SSL_CTX_sessions(3)>, +L<SSL_CTX_set_cert_store(3)>, +L<SSL_CTX_set_cert_verify_callback(3)>, +L<SSL_CTX_set_cipher_list(3)>, +L<SSL_CTX_set_client_CA_list(3)>, +L<SSL_CTX_set_client_cert_cb(3)>, +L<SSL_CTX_set_default_passwd_cb(3)>, +L<SSL_CTX_set_generate_session_id(3)>, +L<SSL_CTX_set_info_callback(3)>, +L<SSL_CTX_set_max_cert_list(3)>, +L<SSL_CTX_set_mode(3)>, +L<SSL_CTX_set_msg_callback(3)>, +L<SSL_CTX_set_options(3)>, +L<SSL_CTX_set_quiet_shutdown(3)>, +L<SSL_CTX_set_read_ahead(3)>, +L<SSL_CTX_set_session_cache_mode(3)>, +L<SSL_CTX_set_session_id_context(3)>, +L<SSL_CTX_set_ssl_version(3)>, +L<SSL_CTX_set_timeout(3)>, +L<SSL_CTX_set_tmp_rsa_callback(3)>, +L<SSL_CTX_set_tmp_dh_callback(3)>, +L<SSL_CTX_set_verify(3)>, +L<SSL_CTX_use_certificate(3)>, +L<SSL_alert_type_string(3)>, +L<SSL_do_handshake(3)>, +L<SSL_get_SSL_CTX(3)>, +L<SSL_get_ciphers(3)>, +L<SSL_get_client_CA_list(3)>, +L<SSL_get_default_timeout(3)>, +L<SSL_get_error(3)>, +L<SSL_get_ex_data_X509_STORE_CTX_idx(3)>, +L<SSL_get_ex_new_index(3)>, +L<SSL_get_fd(3)>, +L<SSL_get_peer_cert_chain(3)>, +L<SSL_get_rbio(3)>, +L<SSL_get_session(3)>, +L<SSL_get_verify_result(3)>, +L<SSL_get_version(3)>, +L<SSL_library_init(3)>, +L<SSL_load_client_CA_file(3)>, +L<SSL_new(3)>, +L<SSL_pending(3)>, +L<SSL_read(3)>, +L<SSL_rstate_string(3)>, +L<SSL_session_reused(3)>, +L<SSL_set_bio(3)>, +L<SSL_set_connect_state(3)>, +L<SSL_set_fd(3)>, +L<SSL_set_session(3)>, +L<SSL_set_shutdown(3)>, +L<SSL_shutdown(3)>, +L<SSL_state_string(3)>, +L<SSL_want(3)>, +L<SSL_write(3)>, +L<SSL_SESSION_free(3)>, +L<SSL_SESSION_get_ex_new_index(3)>, +L<SSL_SESSION_get_time(3)>, +L<d2i_SSL_SESSION(3)>, +L<SSL_CTX_set_psk_client_callback(3)>, +L<SSL_CTX_use_psk_identity_hint(3)>, +L<SSL_get_psk_identity(3)> =head1 HISTORY -The L<ssl(3)|ssl(3)> document appeared in OpenSSL 0.9.2 +The L<ssl(3)> document appeared in OpenSSL 0.9.2 B<SSLv2_client_method>, B<SSLv2_server_method> and B<SSLv2_method> where removed in OpenSSL 1.1.0. |