| Age | Commit message (Collapse) | Author |
|---|
|
|
|
covering the remaining functions that were documented in engine(3),
except for seven functions that are completely pointless and that
were merely listed but not really documented.
|
|
covering 60% of the documented functions). The old, abominable
engine(3) manual page shall die soon.
|
|
15:19:12, tb@ provided a subset of the DSA_meth_*(3) and RSA_meth_*(3)
functions. Merge the relevant parts of the manual pages from
OpenSSL, heavily tweaked by me, in particular for conciseness.
|
|
provided OPENSSL_init_crypto(3) and OPENSSL_init_ssl(3).
Write the documentation from scratch
because the text OpenSSL provides is full of bloat.
|
|
scratch, tweaks and OK jsing@ and jmc@.
|
|
X509_OBJECT_get0_X509(3) and X509_OBJECT_get0_X509_CRL(3).
Since they are undocumented in OpenSSL, write a new manual
page from scratch, also documenting five closely related
public functions that have already been available before.
|
|
X509_STORE_up_ref(3). X509_STORE_new(3) and X509_STORE_free(3)
have already been available earlier. Import the documentation from
OpenSSL, adding some precision.
|
|
BIO_get_data(3), BIO_set_data(3), and BIO_set_init(3).
Import the documentation from OpenSSL.
|
|
X509_get0_signature(3). Merge the documentation from OpenSSL.
Rename the file from X509_get_signature_nid.3 to X509_get0_signature.3
for consistency because we are not losing any history yet.
|
|
BIO_meth_*(). Import the documentation from OpenSSL, with extensive
tweaks by me.
|
|
EVP_PKEY_get0_{DH,DSA,RSA}(3), and RSA_{g,s}et0_key(3)
that tb@ just provided.
|
|
removing parts that don't apply to OpenBSD.
|
|
fixing half a dozen bugs and typos and also tweaking the wording a bit.
|
|
provided X509_get0_notBefore(3) and its three friends.
Write a manual page from scratch because what OpenSSL has
is confusing and incomplete.
By the way, providing two identical functions differing only
in the constness of the returned structure is crazy.
Are application programmers expected to be too stupid to write
const ASN1_TIME *notBefore = X509_getm_notBefore(x)
if that's what they want?
|
|
X509_get_signature_nid(3). Add a new manual page for it
based on the relevant parts of OpenSSL X509_get0_signature.pod.
|
|
via OpenSSL commit 751148e2 Oct 27 00:11:11 2017 +0200,
including only the parts related to functions that exist
in OpenBSD.
The design of these interfaces is not particularly pretty,
they are not particularly easy to document, and the manual
page does not look particularly good when formatted,
but what can we do, things are as they are...
|
|
from the OpenSSL manual and from code inspection.
Use my own Copyright and license because no Copyright-worthy amount
of text from OpenSSL remains.
And, no, these functions do *NOT* check private keys, not at all.
|
|
dropping the secmem stuff that we don't want
|
|
don't have, which implies renaming the file to EVP_PKEY_meth_get0_info.3
|
|
the OpenSSL manual page committed on July 27, 2017, and on source
code inspection. Use my own Copyright and license because no
copyright-worthy amount of text from OpenSSL remains.
NOTA BENE:
BUGS Most aspects of the semantics considerably differ from OpenSSL.
|
|
from Dr. Stephen Henson <steve@openssl.org>, OpenSSL commit d218f3c3
|
|
|
|
from Rich Salz <rsalz@openssl.org>, OpenSSL commit 3e5d9da5 etc.
|
|
from Emilia Kasper <emilia@openssl.org>, OpenSSL commit 80770da3,
tweaked by me
|
|
in commit 2ca2e917. Document it here, too, but do not use their
text. Be more concise and more precise at the same time.
|
|
and document ERR_asprintf_error_data as their replacement.
ok jsing@, ingo@
|
|
jsing@ confirmed that these are public and worth documenting.
|
|
jsing@ confirmed that these macros are public and worth documenting.
|
|
Not documented by OpenSSL, but listed in <openssl/x509_vfy.h>
and referenced from X509_LOOKUP_hash_dir(3), and clearly more
important than the latter. Fixes three dead links reported by jmc@.
Most of the information from SSL_CTX_load_verify_locations(3) should
probably be moved here, but not all, since the SSL page also talks
about SSL servers and clients and the like. As i'm not completely
sure regarding the boundaries, i'm leaving that as it is for now.
|
|
All 36 functions listed in <openssl/asn1.h>
and in OpenSSL doc/man3/d2i_X509.pod,
six of them with wrong prototypes.
|
|
All four functions are listed in <openssl/asn1.h>
and in OpenSSL doc/man3/d2i_X509.pod.
Note that in the OpenSSL documentation,
three of the four prototypes are incorrect.
|
|
Both functions are listed in <openssl/asn1.h>
and in OpenSSL doc/man3/d2i_X509.pod.
After reading the code, i'm not amused. You wouldn't think that
it might take eight stack levels to decode a constant sixteen bit
value that does not even allow a single content octet, or would
you? Nota bene, this is an average of four stack levels for each
non-zero bit decoded... :-(
|
|
encoding functions from scratch. All 46 functions are listed
in OpenSSL doc/man3/d2i_X509.pod.
|
|
from scratch. All six functions are listed in <openssl/x509.h>
and in OpenSSL doc/man3/d2i_X509.pod.
|
|
These six function are listed in <openssl/x509.h>
and in OpenSSL doc/man3/d2i_X509.pod.
|
|
from scratch. All these functions are listed in <openssl/ocsp.h>
and in OpenSSL doc/man3/d2i_X509.pod.
|
|
from scratch. All functions listed in <openssl/ts.h>
and in OpenSSL doc/man3/s2i_X509.pod.
|
|
It is already referenced by one other manual page.
All these functions are listed in <openssl/pkcs7.h>
and in OpenSSL doc/man3/d2i_X509.pod.
|
|
It is already referenced from some other manuals.
All these functions are listed in <openssl/pkcs12.h>
and in OpenSSL doc/man3/d2i_X509.pod.
|
|
ASN1_item_d2i(3) manual page from it. Enough text remains to keep
Stephen Henson's Copyright.
The eight functions documented in this new page are listed in
<openssl/asn1.h> and in Symbols.list, so they are public even though
OpenSSL does not document them. They are very important because
hundreds of documented, much-used public interface functions are
trivial wrappers around them, sharing their complicated semantics
and their copious CAVEATS and BUGS.
The plan is for the many pages documenting the wrappers to become
very concise, to focus on the few type-dependent specifics, and to
point to this new page for the details of the semantics, for the
CAVEATS, and for the BUGS.
While here, write a companion page ASN1_item_new(3) from scratch.
The user interface described in that page scares the hell out of
me, and i think people writing code to handle ASN.1 ought to be
aware of that dangerous user interface design, or they will sooner
or later get trapped.
|
|
are listed in <openssl/x509v3.h> and in OpenSSL doc/man3/X509_dup.pod.
OpenSSL documentation specifies the wrong header file.
I consider the quotation from
http://www-03.ibm.com/security/library/wp_pki0730.shtml
fair use because
(1) it is a very brief extract from a long text,
(2) no other source of information is available,
(3) it is quoted for the purpose of education and research,
(4) republishing happens in a not-for-profit context.
I'm not including the URI into the manual page because large corporate
websites are notorious for changing URIs during each spring cleaning.
|
|
documenting the dubious RFC 3280 PrivateKeyUsagePeriod extension.
Both functions are listed in <openssl/x509v3.h>
and in OpenSSL doc/man3/X509_dup.pod.
OpenSSL documentation specifies the wrong header file.
|
|
These four functions are listed in <openssl/x509v3.h>
and in OpenSSL doc/man3/X509_dup.pod.
OpenSSL documentation specifies the wrong header file.
|
|
All four functions are listed in <openssl/x509v3.h>
and in OpenSSL doc/man3/X509_dup.pod.
OpenSSL documentation specifies the wrong header file.
|
|
Both functions are listed in <openssl/x509v3.h>
and in OpenSSL doc/man3/X509_dup.pod.
OpenSSL documentation specifies the wrong header file.
|
|
i particularly like these fourteen functions, but they are all listed
in <openssl/x509v3.h> and in OpenSSL doc/man3/X509_dup.pod.
OpenSSL documentation specifies the wrong header file.
|
|
These functions are listed in <openssl/x509v3.h>
and in OpenSSL doc/man3/X509_dup.pod.
OpenSSL documentation specifies the wrong header file.
|
|
the important point of how to distinguish CA certificates from end
entity certificates. Both functions are listed in <openssl/x509v3.h>
and in OpenSSL doc/man3/X509_dup.pod.
OpenSSL documentation specifies the wrong header file.
|
|
All functions documented here are listed in <openssl/x509v3.h>
and in OpenSSL doc/man3/X509_dup.pod.
OpenSSL documentation specifies the wrong header file.
|
