diff options
Diffstat (limited to 'lib/libssl/man')
| -rw-r--r-- | lib/libssl/man/BIO_f_ssl.3 | 14 | ||||
| -rw-r--r-- | lib/libssl/man/SSL_CTX_set_options.3 | 10 | ||||
| -rw-r--r-- | lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 | 6 | ||||
| -rw-r--r-- | lib/libssl/man/SSL_get_session.3 | 6 |
4 files changed, 18 insertions, 18 deletions
diff --git a/lib/libssl/man/BIO_f_ssl.3 b/lib/libssl/man/BIO_f_ssl.3 index 86432002855..5e18a85bd1c 100644 --- a/lib/libssl/man/BIO_f_ssl.3 +++ b/lib/libssl/man/BIO_f_ssl.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: BIO_f_ssl.3,v 1.11 2019/06/12 09:36:30 schwarze Exp $ +.\" $OpenBSD: BIO_f_ssl.3,v 1.12 2022/03/31 17:27:18 naddy Exp $ .\" full merge up to: OpenSSL f672aee4 Feb 9 11:52:40 2016 -0500 .\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800 .\" @@ -50,7 +50,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 12 2019 $ +.Dd $Mdocdate: March 31 2022 $ .Dt BIO_F_SSL 3 .Os .Sh NAME @@ -147,7 +147,7 @@ is appended to an .Vt SSL .Vt BIO using -.Xr BIO_push 3 +.Xr BIO_push 3 , it is automatically used as the .Vt SSL .Vt BIO Ns 's read and write @@ -213,7 +213,7 @@ is 0, server mode is set. .Fn BIO_set_ssl_renegotiate_bytes sets the renegotiate byte count to .Fa num . -When set after every +When set, after every .Fa num bytes of I/O (read and write) the SSL session is automatically renegotiated. .Fa num @@ -222,7 +222,7 @@ must be at least 512 bytes. .Fn BIO_set_ssl_renegotiate_timeout sets the renegotiate timeout to .Fa seconds . -When the renegotiate timeout elapses the session is automatically renegotiated. +When the renegotiate timeout elapses, the session is automatically renegotiated. .Pp .Fn BIO_get_num_renegotiates returns the total number of session renegotiations due to I/O or timeout. @@ -303,7 +303,7 @@ established; the call should be used for non blocking connect .Vt BIO Ns s to determine if the call should be retried. -If an SSL connection has already been established this call has no effect. +If an SSL connection has already been established, this call has no effect. .Pp .Vt SSL .Vt BIO Ns s @@ -325,7 +325,7 @@ using a blocking transport will never request a retry. Since unknown .Xr BIO_ctrl 3 operations are sent through filter -.Vt BIO Ns s +.Vt BIO Ns s , the server name and port can be set using .Xr BIO_set_conn_hostname 3 and diff --git a/lib/libssl/man/SSL_CTX_set_options.3 b/lib/libssl/man/SSL_CTX_set_options.3 index 34c3a1adfd8..5df0b077858 100644 --- a/lib/libssl/man/SSL_CTX_set_options.3 +++ b/lib/libssl/man/SSL_CTX_set_options.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: SSL_CTX_set_options.3,v 1.15 2021/06/12 11:02:20 tb Exp $ +.\" $OpenBSD: SSL_CTX_set_options.3,v 1.16 2022/03/31 17:27:18 naddy Exp $ .\" full merge up to: OpenSSL 7946ab33 Dec 6 17:56:41 2015 +0100 .\" selective merge up to: OpenSSL edb79c3a Mar 29 10:07:14 2017 +1000 .\" @@ -52,7 +52,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 12 2021 $ +.Dd $Mdocdate: March 31 2022 $ .Dt SSL_CTX_SET_OPTIONS 3 .Os .Sh NAME @@ -206,7 +206,7 @@ Normally clients and servers using TLSv1.2 and earlier will, where possible, transparently make use of RFC 5077 tickets for stateless session resumption. .Pp -If this option is set this functionality is disabled and tickets will not be +If this option is set, this functionality is disabled and tickets will not be used by clients or servers. .It Dv SSL_OP_NO_TLSv1 Do not use the TLSv1.0 protocol. @@ -273,7 +273,7 @@ server with a .Em no_renegotiation warning alert. .Pp -If the patched OpenSSL server attempts to renegotiate a fatal +If the patched OpenSSL server attempts to renegotiate, a fatal .Em handshake_failure alert is sent. This is because the server code may be unaware of the unpatched nature of the @@ -306,7 +306,7 @@ them initially) and this is clearly not acceptable. Renegotiation is permitted because this does not add any additional security issues: during an attack clients do not see any renegotiations anyway. .Pp -As more servers become patched the option +As more servers become patched, the option .Dv SSL_OP_LEGACY_SERVER_CONNECT will .Em not diff --git a/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 b/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 index ae0349584a1..8be504d3b35 100644 --- a/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 +++ b/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: SSL_CTX_set_tmp_dh_callback.3,v 1.9 2022/02/18 23:17:15 jsg Exp $ +.\" $OpenBSD: SSL_CTX_set_tmp_dh_callback.3,v 1.10 2022/03/31 17:27:18 naddy Exp $ .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>. @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: February 18 2022 $ +.Dd $Mdocdate: March 31 2022 $ .Dt SSL_CTX_SET_TMP_DH_CALLBACK 3 .Os .Sh NAME @@ -117,7 +117,7 @@ when the application is left, it becomes impossible for attackers to decrypt past sessions, even if they get hold of the normal (certified) key, as this key was only used for signing. .Pp -In order to perform a DH key exchange the server must use a DH group +In order to perform a DH key exchange, the server must use a DH group (DH parameters) and generate a DH key. The server will always generate a new DH key during the negotiation. .Pp diff --git a/lib/libssl/man/SSL_get_session.3 b/lib/libssl/man/SSL_get_session.3 index 4cde129bc2b..2ab43fdd3ef 100644 --- a/lib/libssl/man/SSL_get_session.3 +++ b/lib/libssl/man/SSL_get_session.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: SSL_get_session.3,v 1.7 2018/03/27 17:35:50 schwarze Exp $ +.\" $OpenBSD: SSL_get_session.3,v 1.8 2022/03/31 17:27:18 naddy Exp $ .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>. @@ -49,7 +49,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 27 2018 $ +.Dd $Mdocdate: March 31 2022 $ .Dt SSL_GET_SESSION 3 .Os .Sh NAME @@ -109,7 +109,7 @@ If the data is to be kept, .Fn SSL_get1_session will increment the reference count, so that the session will not be implicitly removed by other operations but stays in memory. -In order to remove the session +In order to remove the session, .Xr SSL_SESSION_free 3 must be explicitly called once to decrement the reference count again. .Pp |