Loading doc/ssl/SSL_CTX_dane_enable.pod +2 −2 Original line number Diff line number Diff line Loading @@ -41,7 +41,7 @@ to adjust the supported digest algorithms. This must be done before any SSL handles are created for the context. The B<mtype> argument specifies a DANE TLSA matching type and the the B<md> argument specifies the associated digest algorithm handle. B<md> argument specifies the associated digest algorithm handle. The B<ord> argument specifies a strength ordinal. Algorithms with a larger strength ordinal are considered more secure. Strength ordinals are used to implement RFC7671 digest algorithm agility. Loading Loading @@ -181,7 +181,7 @@ the lifetime of the SSL connection. } ret = SSL_dane_tlsa_add(ssl, usage, selector, mtype, data, len); /* free data as approriate */ /* free data as appropriate */ if (ret < 0) /* handle SSL library internal error */ Loading doc/ssl/SSL_set1_host.pod +1 −1 Original line number Diff line number Diff line Loading @@ -35,7 +35,7 @@ that can match the peer's certificate. Any previous names set via SSL_set1_host() or SSL_add1_host() are retained, no change is made if B<name> is NULL or empty. When multiple names are configured, the peer is considered verified when any name matches. This function is required for DANE TLA in the presence of service name indirection is required for DANE TLSA in the presence of service name indirection via CNAME, MX or SRV records as specified in RFC7671, RFC7672 or RFC7673. Loading Loading
doc/ssl/SSL_CTX_dane_enable.pod +2 −2 Original line number Diff line number Diff line Loading @@ -41,7 +41,7 @@ to adjust the supported digest algorithms. This must be done before any SSL handles are created for the context. The B<mtype> argument specifies a DANE TLSA matching type and the the B<md> argument specifies the associated digest algorithm handle. B<md> argument specifies the associated digest algorithm handle. The B<ord> argument specifies a strength ordinal. Algorithms with a larger strength ordinal are considered more secure. Strength ordinals are used to implement RFC7671 digest algorithm agility. Loading Loading @@ -181,7 +181,7 @@ the lifetime of the SSL connection. } ret = SSL_dane_tlsa_add(ssl, usage, selector, mtype, data, len); /* free data as approriate */ /* free data as appropriate */ if (ret < 0) /* handle SSL library internal error */ Loading
doc/ssl/SSL_set1_host.pod +1 −1 Original line number Diff line number Diff line Loading @@ -35,7 +35,7 @@ that can match the peer's certificate. Any previous names set via SSL_set1_host() or SSL_add1_host() are retained, no change is made if B<name> is NULL or empty. When multiple names are configured, the peer is considered verified when any name matches. This function is required for DANE TLA in the presence of service name indirection is required for DANE TLSA in the presence of service name indirection via CNAME, MX or SRV records as specified in RFC7671, RFC7672 or RFC7673. Loading
Rich Salz <rsalz@openssl.org>Rich Salz <rsalz@openssl.org>