diff options
Diffstat (limited to 'lib/libssl')
22 files changed, 36 insertions, 36 deletions
diff --git a/lib/libssl/src/doc/ssl/BIO_f_ssl.pod b/lib/libssl/src/doc/ssl/BIO_f_ssl.pod index bc5861ab34b..9b5ed719b46 100644 --- a/lib/libssl/src/doc/ssl/BIO_f_ssl.pod +++ b/lib/libssl/src/doc/ssl/BIO_f_ssl.pod @@ -36,7 +36,7 @@ BIO_ssl_shutdown - SSL BIO BIO_f_ssl() returns the SSL BIO method. This is a filter BIO which is a wrapper round the OpenSSL SSL routines adding a BIO "flavour" to -SSL I/O. +SSL I/O. I/O performed on an SSL BIO communicates using the SSL protocol with the SSLs read and write BIOs. If an SSL connection is not established @@ -63,7 +63,7 @@ BIO_set_ssl_mode() sets the SSL BIO mode to B<client>. If B<client> is 1 client mode is set. If B<client> is 0 server mode is set. BIO_set_ssl_renegotiate_bytes() sets the renegotiate byte count -to B<num>. When set after every B<num> bytes of I/O (read and write) +to B<num>. When set after every B<num> bytes of I/O (read and write) the SSL session is automatically renegotiated. B<num> must be at least 512 bytes. @@ -84,7 +84,7 @@ BIO_new_buffer_ssl_connect() creates a new BIO chain consisting of a buffering BIO, an SSL BIO (using B<ctx>) and a connect BIO. -BIO_ssl_copy_session_id() copies an SSL session id between +BIO_ssl_copy_session_id() copies an SSL session id between BIO chains B<from> and B<to>. It does this by locating the SSL BIOs in each chain and calling SSL_copy_session_id() on the internal SSL pointer. @@ -187,7 +187,7 @@ unencrypted example in L<BIO_s_connect(3)|BIO_s_connect(3)>. /* Could examine ssl here to get connection info */ BIO_puts(sbio, "GET / HTTP/1.0\n\n"); - for(;;) { + for(;;) { len = BIO_read(sbio, tmpbuf, 1024); if(len <= 0) break; BIO_write(out, tmpbuf, len); @@ -252,9 +252,9 @@ a client and also echoes the request to standard output. /* By doing this when a new connection is established * we automatically have sbio inserted into it. The * BIO chain is now 'swallowed' by the accept BIO and - * will be freed when the accept BIO is freed. + * will be freed when the accept BIO is freed. */ - + BIO_set_accept_bios(acpt,sbio); out = BIO_new_fp(stdout, BIO_NOCLOSE); diff --git a/lib/libssl/src/doc/ssl/SSL_CTX_add_session.pod b/lib/libssl/src/doc/ssl/SSL_CTX_add_session.pod index fd927f8d7d1..03d03ec9d2d 100644 --- a/lib/libssl/src/doc/ssl/SSL_CTX_add_session.pod +++ b/lib/libssl/src/doc/ssl/SSL_CTX_add_session.pod @@ -59,7 +59,7 @@ The following values are returned by all functions: session was not found in the cache. =item C<1> - + The operation succeeded. =back diff --git a/lib/libssl/src/doc/ssl/SSL_CTX_flush_sessions.pod b/lib/libssl/src/doc/ssl/SSL_CTX_flush_sessions.pod index 148c36c8715..833a3af14df 100644 --- a/lib/libssl/src/doc/ssl/SSL_CTX_flush_sessions.pod +++ b/lib/libssl/src/doc/ssl/SSL_CTX_flush_sessions.pod @@ -26,7 +26,7 @@ As sessions will not be reused ones they are expired, they should be removed from the cache to save resources. This can either be done automatically whenever 255 new sessions were established (see L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>) -or manually by calling SSL_CTX_flush_sessions(). +or manually by calling SSL_CTX_flush_sessions(). The parameter B<tm> specifies the time which should be used for the expiration test, in most cases the actual time given by time(0) diff --git a/lib/libssl/src/doc/ssl/SSL_CTX_set_cert_verify_callback.pod b/lib/libssl/src/doc/ssl/SSL_CTX_set_cert_verify_callback.pod index c0f4f857085..29a4a7c375a 100644 --- a/lib/libssl/src/doc/ssl/SSL_CTX_set_cert_verify_callback.pod +++ b/lib/libssl/src/doc/ssl/SSL_CTX_set_cert_verify_callback.pod @@ -26,7 +26,7 @@ SSL_CTX_set_cert_verify_callback(), the supplied callback function is called instead. By setting I<callback> to NULL, the default behaviour is restored. When the verification must be performed, I<callback> will be called with -the arguments callback(X509_STORE_CTX *x509_store_ctx, void *arg). The +the arguments callback(X509_STORE_CTX *x509_store_ctx, void *arg). The argument I<arg> is specified by the application when setting I<callback>. I<callback> should return 1 to indicate verification success and 0 to @@ -35,7 +35,7 @@ returns 0, the handshake will fail. As the verification procedure may allow to continue the connection in case of failure (by always returning 1) the verification result must be set in any case using the B<error> member of I<x509_store_ctx> so that the calling application will be informed -about the detailed result of the verification procedure! +about the detailed result of the verification procedure! Within I<x509_store_ctx>, I<callback> has access to the I<verify_callback> function set using L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>. diff --git a/lib/libssl/src/doc/ssl/SSL_CTX_set_client_CA_list.pod b/lib/libssl/src/doc/ssl/SSL_CTX_set_client_CA_list.pod index bcf35dc85b1..a68fbd09ee9 100644 --- a/lib/libssl/src/doc/ssl/SSL_CTX_set_client_CA_list.pod +++ b/lib/libssl/src/doc/ssl/SSL_CTX_set_client_CA_list.pod @@ -9,7 +9,7 @@ client certificate =head1 SYNOPSIS #include <openssl/ssl.h> - + void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list); void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list); int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *cacert); @@ -42,7 +42,7 @@ This list must explicitly be set using SSL_CTX_set_client_CA_list() for B<ctx> and SSL_set_client_CA_list() for the specific B<ssl>. The list specified overrides the previous setting. The CAs listed do not become trusted (B<list> only contains the names, not the complete certificates); use -L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)> +L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)> to additionally load them for verification. If the list of acceptable CAs is compiled in a file, the diff --git a/lib/libssl/src/doc/ssl/SSL_CTX_set_mode.pod b/lib/libssl/src/doc/ssl/SSL_CTX_set_mode.pod index 8cb669daeb7..0191a846a70 100644 --- a/lib/libssl/src/doc/ssl/SSL_CTX_set_mode.pod +++ b/lib/libssl/src/doc/ssl/SSL_CTX_set_mode.pod @@ -66,7 +66,7 @@ return after the handshake and successful completion. When we no longer need a read buffer or a write buffer for a given SSL, then release the memory we were using to hold it. Released memory is either appended to a list of unused RAM chunks on the SSL_CTX, or simply -freed if the list of unused chunks would become longer than +freed if the list of unused chunks would become longer than SSL_CTX->freelist_max_len, which defaults to 32. Using this flag can save around 34k per idle SSL connection. This flag has no effect on SSL v2 connections, or on DTLS connections. diff --git a/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod b/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod index 935c9cd09b3..434b452c575 100644 --- a/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod +++ b/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod @@ -174,7 +174,7 @@ will send its list of preferences to the client and the client chooses. If we accept a netscape connection, demand a client cert, have a non-self-signed CA which does not have its CA in netscape, and the -browser has a cert, it will crash/hang. Works for 3.x and 4.xbeta +browser has a cert, it will crash/hang. Works for 3.x and 4.xbeta =item SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG diff --git a/lib/libssl/src/doc/ssl/SSL_CTX_set_session_cache_mode.pod b/lib/libssl/src/doc/ssl/SSL_CTX_set_session_cache_mode.pod index c5d2f43dff1..4c5d52ba4ea 100644 --- a/lib/libssl/src/doc/ssl/SSL_CTX_set_session_cache_mode.pod +++ b/lib/libssl/src/doc/ssl/SSL_CTX_set_session_cache_mode.pod @@ -26,7 +26,7 @@ SSL_CTX object is being maintained, the sessions are unique for each SSL_CTX object. In order to reuse a session, a client must send the session's id to the -server. It can only send exactly one id. The server then either +server. It can only send exactly one id. The server then either agrees to reuse the session or it starts a full handshake (to create a new session). diff --git a/lib/libssl/src/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod b/lib/libssl/src/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod index 29d1f8a6fbf..974f1e1829f 100644 --- a/lib/libssl/src/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod +++ b/lib/libssl/src/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod @@ -141,7 +141,7 @@ partly left out.) dh_tmp = dh_512; break; case 1024: - if (!dh_1024) + if (!dh_1024) dh_1024 = get_dh1024(); dh_tmp = dh_1024; break; diff --git a/lib/libssl/src/doc/ssl/SSL_CTX_set_verify.pod b/lib/libssl/src/doc/ssl/SSL_CTX_set_verify.pod index 6fd6c032155..177c59f484d 100644 --- a/lib/libssl/src/doc/ssl/SSL_CTX_set_verify.pod +++ b/lib/libssl/src/doc/ssl/SSL_CTX_set_verify.pod @@ -221,7 +221,7 @@ L<SSL_get_ex_data_X509_STORE_CTX_idx(3)|SSL_get_ex_data_X509_STORE_CTX_idx(3)>). preverify_ok = 0; err = X509_V_ERR_CERT_CHAIN_TOO_LONG; X509_STORE_CTX_set_error(ctx, err); - } + } if (!preverify_ok) { printf("verify error:num=%d:%s:depth=%d:%s\n", err, X509_verify_cert_error_string(err), depth, buf); @@ -269,7 +269,7 @@ L<SSL_get_ex_data_X509_STORE_CTX_idx(3)|SSL_get_ex_data_X509_STORE_CTX_idx(3)>). */ mydata.verify_depth = verify_depth; ... SSL_set_ex_data(ssl, mydata_index, &mydata); - + ... SSL_accept(ssl); /* check of success left out for clarity */ if (peer = SSL_get_peer_certificate(ssl)) diff --git a/lib/libssl/src/doc/ssl/SSL_CTX_use_certificate.pod b/lib/libssl/src/doc/ssl/SSL_CTX_use_certificate.pod index 10be95fdb10..a3b2cf1eb58 100644 --- a/lib/libssl/src/doc/ssl/SSL_CTX_use_certificate.pod +++ b/lib/libssl/src/doc/ssl/SSL_CTX_use_certificate.pod @@ -66,7 +66,7 @@ SSL_use_certificate_file() loads the certificate from B<file> into B<ssl>. See the NOTES section on why SSL_CTX_use_certificate_chain_file() should be preferred. -SSL_CTX_use_certificate_chain_file() loads a certificate chain from +SSL_CTX_use_certificate_chain_file() loads a certificate chain from B<file> into B<ctx>. The certificates must be in PEM format and must be sorted starting with the subject's certificate (actual client or server certificate), followed by intermediate CA certificates if applicable, and @@ -81,7 +81,7 @@ If a certificate has already been set and the private does not belong to the certificate an error is returned. To change a certificate, private key pair the new certificate needs to be set with SSL_use_certificate() or SSL_CTX_use_certificate() before setting the private key with -SSL_CTX_use_PrivateKey() or SSL_use_PrivateKey(). +SSL_CTX_use_PrivateKey() or SSL_use_PrivateKey(). SSL_CTX_use_PrivateKey_ASN1() adds the private key of type B<pk> @@ -108,7 +108,7 @@ the same check for B<ssl>. If no key/certificate was explicitly added for this B<ssl>, the last item added into B<ctx> will be checked. =head1 NOTES - + The internal certificate store of OpenSSL can hold two private key/certificate pairs at a time: one key/certificate of type RSA and one key/certificate of type DSA. The certificate used depends on the cipher select, see @@ -116,7 +116,7 @@ also L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>. When reading certificates and private keys from file, files of type SSL_FILETYPE_ASN1 (also known as B<DER>, binary encoding) can only contain -one certificate or private key, consequently +one certificate or private key, consequently SSL_CTX_use_certificate_chain_file() is only applicable to PEM formatting. Files of type SSL_FILETYPE_PEM can contain more than one item. diff --git a/lib/libssl/src/doc/ssl/SSL_SESSION_get_time.pod b/lib/libssl/src/doc/ssl/SSL_SESSION_get_time.pod index 490337a32f0..450a0127b96 100644 --- a/lib/libssl/src/doc/ssl/SSL_SESSION_get_time.pod +++ b/lib/libssl/src/doc/ssl/SSL_SESSION_get_time.pod @@ -52,7 +52,7 @@ valid values. SSL_SESSION_set_time() and SSL_SESSION_set_timeout() return 1 on success. -If any of the function is passed the NULL pointer for the session B<s>, +If any of the function is passed the NULL pointer for the session B<s>, 0 is returned. =head1 SEE ALSO diff --git a/lib/libssl/src/doc/ssl/SSL_accept.pod b/lib/libssl/src/doc/ssl/SSL_accept.pod index 288203f8afa..42a539d354e 100644 --- a/lib/libssl/src/doc/ssl/SSL_accept.pod +++ b/lib/libssl/src/doc/ssl/SSL_accept.pod @@ -18,7 +18,7 @@ B<ssl> by setting an underlying B<BIO>. =head1 NOTES -The behaviour of SSL_accept() depends on the underlying BIO. +The behaviour of SSL_accept() depends on the underlying BIO. If the underlying BIO is B<blocking>, SSL_accept() will only return once the handshake has been finished or an error occurred, except for SGC (Server diff --git a/lib/libssl/src/doc/ssl/SSL_alert_type_string.pod b/lib/libssl/src/doc/ssl/SSL_alert_type_string.pod index 0329c348697..8e071e61199 100644 --- a/lib/libssl/src/doc/ssl/SSL_alert_type_string.pod +++ b/lib/libssl/src/doc/ssl/SSL_alert_type_string.pod @@ -217,7 +217,7 @@ point. This message is always a warning. =item "UP"/"unknown PSK identity" Sent by the server to indicate that it does not recognize a PSK -identity or an SRP identity. +identity or an SRP identity. =item "UK"/"unknown" diff --git a/lib/libssl/src/doc/ssl/SSL_connect.pod b/lib/libssl/src/doc/ssl/SSL_connect.pod index 0087f6b3e19..5b21119a91a 100644 --- a/lib/libssl/src/doc/ssl/SSL_connect.pod +++ b/lib/libssl/src/doc/ssl/SSL_connect.pod @@ -18,7 +18,7 @@ underlying B<BIO>. =head1 NOTES -The behaviour of SSL_connect() depends on the underlying BIO. +The behaviour of SSL_connect() depends on the underlying BIO. If the underlying BIO is B<blocking>, SSL_connect() will only return once the handshake has been finished or an error occurred. diff --git a/lib/libssl/src/doc/ssl/SSL_get_client_CA_list.pod b/lib/libssl/src/doc/ssl/SSL_get_client_CA_list.pod index 68181b2407b..8b5ac0df2c0 100644 --- a/lib/libssl/src/doc/ssl/SSL_get_client_CA_list.pod +++ b/lib/libssl/src/doc/ssl/SSL_get_client_CA_list.pod @@ -9,7 +9,7 @@ SSL_get_client_CA_list, SSL_CTX_get_client_CA_list - get list of client CAs #include <openssl/ssl.h> STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); - STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx); + STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx); =head1 DESCRIPTION diff --git a/lib/libssl/src/doc/ssl/SSL_get_current_cipher.pod b/lib/libssl/src/doc/ssl/SSL_get_current_cipher.pod index e5ab12491e6..2f69109a7a9 100644 --- a/lib/libssl/src/doc/ssl/SSL_get_current_cipher.pod +++ b/lib/libssl/src/doc/ssl/SSL_get_current_cipher.pod @@ -27,7 +27,7 @@ the B<ssl> object. SSL_get_cipher() and SSL_get_cipher_name() are identical macros to obtain the name of the currently used cipher. SSL_get_cipher_bits() is a -macro to obtain the number of secret/algorithm bits used and +macro to obtain the number of secret/algorithm bits used and SSL_get_cipher_version() returns the protocol name. See L<SSL_CIPHER_get_name(3)|SSL_CIPHER_get_name(3)> for more details. diff --git a/lib/libssl/src/doc/ssl/SSL_library_init.pod b/lib/libssl/src/doc/ssl/SSL_library_init.pod index 8766776fea9..4767c0ba8b3 100644 --- a/lib/libssl/src/doc/ssl/SSL_library_init.pod +++ b/lib/libssl/src/doc/ssl/SSL_library_init.pod @@ -23,7 +23,7 @@ for SSL_library_init(). =head1 NOTES SSL_library_init() must be called before any other action takes place. -SSL_library_init() is not reentrant. +SSL_library_init() is not reentrant. =head1 WARNING diff --git a/lib/libssl/src/doc/ssl/SSL_load_client_CA_file.pod b/lib/libssl/src/doc/ssl/SSL_load_client_CA_file.pod index 02527dc2edc..5aa2b734472 100644 --- a/lib/libssl/src/doc/ssl/SSL_load_client_CA_file.pod +++ b/lib/libssl/src/doc/ssl/SSL_load_client_CA_file.pod @@ -30,7 +30,7 @@ Load names of CAs from file and use it as a client CA list: SSL_CTX *ctx; STACK_OF(X509_NAME) *cert_names; - ... + ... cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem"); if (cert_names != NULL) SSL_CTX_set_client_CA_list(ctx, cert_names); diff --git a/lib/libssl/src/doc/ssl/SSL_read.pod b/lib/libssl/src/doc/ssl/SSL_read.pod index 5f03ec35595..57dfbdfc28a 100644 --- a/lib/libssl/src/doc/ssl/SSL_read.pod +++ b/lib/libssl/src/doc/ssl/SSL_read.pod @@ -22,7 +22,7 @@ not already explicitly performed by L<SSL_connect(3)|SSL_connect(3)> or L<SSL_accept(3)|SSL_accept(3)>. If the peer requests a re-negotiation, it will be performed transparently during the SSL_read() operation. The behaviour of SSL_read() depends on the -underlying BIO. +underlying BIO. For the transparent negotiation to succeed, the B<ssl> must have been initialized to client or server mode. This is being done by calling @@ -47,7 +47,7 @@ record is complete and SSL_read() can succeed. If the underlying BIO is B<blocking>, SSL_read() will only return, once the read operation has been finished or an error occurred, except when a -renegotiation take place, in which case a SSL_ERROR_WANT_READ may occur. +renegotiation take place, in which case a SSL_ERROR_WANT_READ may occur. This behaviour can be controlled with the SSL_MODE_AUTO_RETRY flag of the L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)> call. diff --git a/lib/libssl/src/doc/ssl/SSL_shutdown.pod b/lib/libssl/src/doc/ssl/SSL_shutdown.pod index d86ac7cb131..50f47c20d78 100644 --- a/lib/libssl/src/doc/ssl/SSL_shutdown.pod +++ b/lib/libssl/src/doc/ssl/SSL_shutdown.pod @@ -12,7 +12,7 @@ SSL_shutdown - shut down a TLS/SSL connection =head1 DESCRIPTION -SSL_shutdown() shuts down an active TLS/SSL connection. It sends the +SSL_shutdown() shuts down an active TLS/SSL connection. It sends the "close notify" shutdown alert to the peer. =head1 NOTES @@ -64,7 +64,7 @@ complete (return value of the first call is 0). As the shutdown is not specially handled in the SSLv2 protocol, SSL_shutdown() will succeed on the first call. -The behaviour of SSL_shutdown() additionally depends on the underlying BIO. +The behaviour of SSL_shutdown() additionally depends on the underlying BIO. If the underlying BIO is B<blocking>, SSL_shutdown() will only return once the handshake step has been finished or an error occurred. diff --git a/lib/libssl/src/doc/ssl/SSL_write.pod b/lib/libssl/src/doc/ssl/SSL_write.pod index b0f73ae5203..f248f7d740f 100644 --- a/lib/libssl/src/doc/ssl/SSL_write.pod +++ b/lib/libssl/src/doc/ssl/SSL_write.pod @@ -22,7 +22,7 @@ not already explicitly performed by L<SSL_connect(3)|SSL_connect(3)> or L<SSL_accept(3)|SSL_accept(3)>. If the peer requests a re-negotiation, it will be performed transparently during the SSL_write() operation. The behaviour of SSL_write() depends on the -underlying BIO. +underlying BIO. For the transparent negotiation to succeed, the B<ssl> must have been initialized to client or server mode. This is being done by calling @@ -31,7 +31,7 @@ before the first call to an L<SSL_read(3)|SSL_read(3)> or SSL_write() function. If the underlying BIO is B<blocking>, SSL_write() will only return, once the write operation has been finished or an error occurred, except when a -renegotiation take place, in which case a SSL_ERROR_WANT_READ may occur. +renegotiation take place, in which case a SSL_ERROR_WANT_READ may occur. This behaviour can be controlled with the SSL_MODE_AUTO_RETRY flag of the L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)> call. |