Various doc fixes from GH pull requests (b68fa4d1) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

CHANGES

+1 −1

Original line number	Diff line number	Diff line
		@@ -914,7 +914,7 @@
		[mancha <mancha1@zoho.com>]

		*) Fix eckey_priv_encode so it immediately returns an error upon a failure
		in i2d_ECPrivateKey.
		in i2d_ECPrivateKey. Thanks to Ted Unangst for feedback on this issue.
		[mancha <mancha1@zoho.com>]

		*) Fix some double frees. These are not thought to be exploitable.

+1 −1

Original line number	Diff line number	Diff line

		OpenSSL 1.0.2e-dev

		Copyright (c) 1998-2011 The OpenSSL Project
		Copyright (c) 1998-2015 The OpenSSL Project
		Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
		All rights reserved.

+2 −3

Original line number	Diff line number	Diff line
		@@ -40,9 +40,8 @@ consider insecure or to be insecure pretty soon.

		3. To generate a DSA key

		A DSA key can be used for signing only. This is important to keep
		in mind to know what kind of purposes a certificate request with a
		DSA key can really be used for.
		A DSA key can be used for signing only. It is important to
		know what a certificate request with a DSA key can really be used for.

		Generating a key for the DSA algorithm is a two-step process. First,
		you have to generate parameters from which to generate the key:

+1 −1

Original line number	Diff line number	Diff line
		@@ -216,7 +216,7 @@ key is encrypted using triple DES and the certificate using 40 bit RC2.

		these options allow the algorithm used to encrypt the private key and
		certificates to be selected. Any PKCS#5 v1.5 or PKCS#12 PBE algorithm name
		can be used (see B<NOTES> section for more information). If a a cipher name
		can be used (see B<NOTES> section for more information). If a cipher name
		(as output by the B<list-cipher-algorithms> command is specified then it
		is used with PKCS#5 v2.0. For interoperability reasons it is advisable to only
		use PKCS#12 algorithms.

+5 −6

Original line number	Diff line number	Diff line
		@@ -30,7 +30,6 @@ B<openssl> B<req>
		[B<-keygen_engine id>]
		[B<-[digest]>]
		[B<-config filename>]
		[B<-subj arg>]
		[B<-multivalue-rdn>]
		[B<-x509>]
		[B<-days n>]
		@@ -506,16 +505,16 @@ Examine and verify certificate request:

		Create a private key and then generate a certificate request from it:

		openssl genrsa -out key.pem 1024
		openssl genrsa -out key.pem 2048
		openssl req -new -key key.pem -out req.pem

		The same but just using req:

		openssl req -newkey rsa:1024 -keyout key.pem -out req.pem
		openssl req -newkey rsa:2048 -keyout key.pem -out req.pem

		Generate a self signed root certificate:

		openssl req -x509 -newkey rsa:1024 -keyout key.pem -out req.pem
		openssl req -x509 -newkey rsa:2048 -keyout key.pem -out req.pem

		Example of a file pointed to by the B<oid_file> option:

		@@ -531,7 +530,7 @@ expansion:
		Sample configuration file prompting for field values:

		[ req ]
		default_bits = 1024
		default_bits = 2048
		default_keyfile = privkey.pem
		distinguished_name = req_distinguished_name
		attributes = req_attributes
		@@ -572,7 +571,7 @@ Sample configuration containing all field values:
		RANDFILE = $ENV::HOME/.rnd

		[ req ]
		default_bits = 1024
		default_bits = 2048
		default_keyfile = keyfile.pem
		distinguished_name = req_distinguished_name
		attributes = req_attributes