aboutsummaryrefslogtreecommitdiffstats
path: root/doc
Commit message (Collapse)AuthorAgeFilesLines
* Add CRYPTO_secure_zallocRich Salz2016-01-271-27/+38
| | | | | | Also turn B<foo> into foo() in the pod page. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* Doc fixes suggested by Claus AssmannViktor Dukhovni2016-01-272-34/+42
| | | | | | RT4264, RT4268 Reviewed-by: Tim Hudson <tjh@openssl.org>
* Add SSL_up_ref() and SSL_CTX_up_ref()Matt Caswell2016-01-263-6/+22
| | | | | | | | The SSL and SSL_CTX structures are reference counted. However since libssl was made opaque there is no way for users of the library to manipulate the reference counts. This adds functions to enable that. Reviewed-by: Stephen Henson <steve@openssl.org>
* Fixed typo in the SSL_CTX_set_security_levelAlex Gaynor2016-01-221-1/+1
| | | | | Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org>
* Multiple -trusted/-untrusted/-CRLfile options in verifyViktor Dukhovni2016-01-201-37/+73
| | | | | | | | | | | | | | It is sometimes useful (especially in automated tests) to supply multiple trusted or untrusted certificates via separate files rather than have to prepare a single file containing them all. To that end, change verify(1) to accept these options zero or more times. Also automatically set -no-CAfile and -no-CApath when -trusted is specified. Improve verify(1) documentation, which could still use some work. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Add documentation for EVP_PKEY_TLS1_PRFDr. Stephen Henson2016-01-191-0/+87
| | | | Reviewed-by: Matt Caswell <matt@openssl.org>
* Accessor update; fix API, document one.Rich Salz2016-01-171-0/+5
| | | | Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
* Start a new line after each sentence-ending period.Viktor Dukhovni2016-01-161-106/+104
| | | | | | This avoids explicit double spaces between sentences. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Make SSL_dane_enable() requirement more clear.Viktor Dukhovni2016-01-161-4/+4
| | | | | | | | Also s/s/ssl/ as appropriate in the code example. Suggested by Claus Assmann. Reviewed-by: Rich Salz <rsalz@openssl.org>
* RT4232: Extra space in help message.Rich Salz2016-01-141-5/+0
| | | | | | | | | It turns out that -pause calls the undocumented function SSL_set_debug. That just sets flag inside the SSL structure. That flag, despite the command is never used. So remove the flag, the field, and the function. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Add CRYPTO_EX_DATA; remove EC_EXTRA_DATARich Salz2016-01-133-38/+29
| | | | | | | | | | | | Add CRYPTO_EX_DATA add EndC_KEY_[gs]et_method, From Roumen Petrov. Had to add various exdata calls to init/copy/free the exdata. Had to remove const from some EC functions because exdata isn't const-correct. :( Also remove EC_EXTRA_DATA and use a union to hold the possible pre-computed values and an enum to tell which value is in the union. (Rich Salz) Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
* Document the new EVP_CIPHER and EVP_CIPHER_CTX functionalityRichard Levitte2016-01-122-40/+311
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* GH528: "cipher -v" output is confusing.Rich Salz2016-01-112-66/+26
| | | | | | Fix the docs, and refactor some common code. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* Make SSL{_CTX,}_{get,set,clear}_options functionsViktor Dukhovni2016-01-115-12/+22
| | | | | | | These now take and return unsigned long, and get is constified. Updated related documentation and util/ssleay.num Reviewed-by: Matt Caswell <matt@openssl.org>
* Add memory leak return value.Dr. Stephen Henson2016-01-111-5/+6
| | | | | | | Make CRYPTO_mem_leaks() and CRYPTO_mem_leaks_fp() return a status value. Update documentation. Don't abort() if there are leaks. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* Enable/disable crypto-mdebug just like other featuresViktor Dukhovni2016-01-111-13/+13
| | | | | | Also always abort() on leak failure. Reviewed-by: Stephen Henson <steve@openssl.org>
* File is about s_time, not s_clientKurt Roeckx2016-01-101-2/+2
| | | | Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
* Allow disabling the min and max versionKurt Roeckx2016-01-101-1/+4
| | | | Reviewed-by: Viktor Dukhovni <openssl-users@dukhovni.org>
* Backwards-compatibility subject to OPENSSL_API_COMPATViktor Dukhovni2016-01-0710-12/+45
| | | | | | | | | Provide backwards-compatiblity for functions, macros and include files if OPENSSL_API_COMPAT is either not defined or defined less than the version number of the release in which the feature was deprecated. Reviewed-by: Richard Levitte <levitte@openssl.org>
* DANE s_client supportViktor Dukhovni2016-01-071-0/+41
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* mem functions cleanupRich Salz2016-01-074-7/+189
| | | | | | | | | | | | | | | | | Only two macros CRYPTO_MDEBUG and CRYPTO_MDEBUG_ABORT to control this. If CRYPTO_MDEBUG is not set, #ifdef out the whole debug machinery. (Thanks to Jakob Bohm for the suggestion!) Make the "change wrapper functions" be the only paradigm. Wrote documentation! Format the 'set func' functions so their paramlists are legible. Format some multi-line comments. Remove ability to get/set the "memory debug" functions at runtme. Remove MemCheck_* and CRYPTO_malloc_debug_init macros. Add CRYPTO_mem_debug(int flag) function. Add test/memleaktest. Rename CRYPTO_malloc_init to OPENSSL_malloc_init; remove needless calls. Reviewed-by: Richard Levitte <levitte@openssl.org>
* DANE documentation typosViktor Dukhovni2016-01-062-3/+3
| | | | | | Reported-by: Claus Assmann Reviewed-by: Rich Salz <rsalz@openssl.org>
* Remove more (rest?) of FIPS build stuff.Rich Salz2016-01-061-11/+1
| | | | Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
* DANE support structures, constructructors and accessorsViktor Dukhovni2016-01-054-1/+413
| | | | | | | | | Also tweak some of the code in demos/bio, to enable interactive testing of BIO_s_accept's use of SSL_dup. Changed the sconnect client to authenticate the server, which now exercises the new SSL_set1_host() function. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Refine and re-wrap Min/Max protocol docsViktor Dukhovni2016-01-024-52/+122
| | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* Add support for minimum and maximum protocol versionKurt Roeckx2016-01-024-65/+186
| | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* Add some documentation for the OCSP callback functionsMatt Caswell2015-12-271-0/+73
| | | | | | | Describe the usage of the OCSP callback functions on both the client and the server side. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* Always generate DH keys for ephemeral DH cipher suites.Dr. Stephen Henson2015-12-231-24/+5
| | | | Reviewed-by: Matt Caswell <matt@openssl.org>
* The functions take a SSL *, not a SSL_CTX *Daniel Kahn Gillmor2015-12-231-4/+4
| | | | | | | Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@openssl.org> RT: #4192, MR: #1533
* SSL configuration module docsDr. Stephen Henson2015-12-222-0/+112
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Remove some L<asdf|asdf> which crept back in.Rich Salz2015-12-183-4/+4
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Rename sec_mem to mem_sec, like other files.Rich Salz2015-12-161-5/+0
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Rename some BUF_xxx to OPENSSL_xxxRich Salz2015-12-161-25/+0
| | | | | | | | | Rename BUF_{strdup,strlcat,strlcpy,memdup,strndup,strnlen} to OPENSSL_{strdup,strlcat,strlcpy,memdup,strndup,strnlen} Add #define's for the old names. Add CRYPTO_{memdup,strndup}, called by OPENSSL_{memdup,strndup} macros. Reviewed-by: Tim Hudson <tjh@openssl.org>
* Fix s_server problem with no-ecMatt Caswell2015-12-151-6/+0
| | | | | | | | | | s_server was trying to set the ECDH curve when no-ec was defined. This also highlighted the fact that the -no_ecdhe option to s_server is broken, and doesn't make any sense any more (ECDHE is on by default and the only way it can be disabled is through the cipherstring). Therefore this commit removes the option. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
* Update EVP_PKEY documentation.Dr. Stephen Henson2015-12-141-15/+19
| | | | | | Add EVP_PKEY_up_ref() documentation and fix various typos. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* New function X509_get0_pubkeyDr. Stephen Henson2015-12-141-4/+7
| | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* Add EVP_PKEY_get0_* functions.Dr. Stephen Henson2015-12-141-0/+12
| | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* Fix typoBen Kaduk2015-12-132-2/+2
| | | | | Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Use SHA256 not MD5 as default digest.Rich Salz2015-12-122-3/+22
| | | | | (Documentation update was in the MR but not the commit. Oops.) Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* Add extension utility documentation.Dr. Stephen Henson2015-12-121-0/+83
| | | | Reviewed-by: Kurt Roeckx <kurt@openssl.org>
* add X509_up_ref() documentationDr. Stephen Henson2015-12-121-5/+15
| | | | Reviewed-by: Kurt Roeckx <kurt@openssl.org>
* extension documentationDr. Stephen Henson2015-12-121-0/+142
| | | | Reviewed-by: Kurt Roeckx <kurt@openssl.org>
* Support the TLS Feature (aka Must Staple) X.509v3 extension (RFC7633).Rob Stradling2015-12-102-0/+16
| | | | | | | | Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Dr. Stephen Henson <steve@openssl.org> GH: #495, MR: #1435
* Document EVP_MD constructors, destructors and manipulatorsRichard Levitte2015-12-071-0/+160
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Document the HMAC changesRichard Levitte2015-12-071-13/+24
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Document the EVP_MD_CTX changesRichard Levitte2015-12-075-43/+43
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Document the changed HMAC API.Richard Levitte2015-12-071-4/+6
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Fix typo and improve a bit of textViktor Dukhovni2015-12-061-4/+5
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Really disable 56-bit (single-DES) ciphersViktor Dukhovni2015-12-061-14/+3
| | | | Reviewed-by: Kurt Roeckx <kurt@openssl.org>
* Remove support for all 40 and 56 bit ciphers.Kurt Roeckx2015-12-056-223/+0
| | | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> MR: #364
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-05 04:08:11 +0000