Commit c03726ca authored by Rich Salz's avatar Rich Salz Committed by Rich Salz
Browse files

Various doc fixes. 



Make all mention of digest algorithm use "any supported algorithm"

RT2071, some new manpages from Victor B. Wagner <vitus@cryptocom.ru>:
    X509_LOOKUP_hash_dir.pod
    X509_check_ca.pod
    X509_check_issued.pod

RT 1600:
    Remove references to non-existant objects(3)
    Add RETURN VALUES to BIO_do_accept page.

RT1818:
    RSA_sign Can return values other than 0 on failure.

RT3634:
    Fix AES CBC aliases (Steffen Nurpmeso <sdaoden@yandex.com>)

RT3678:
    Some clarifications to BIO_new_pair
    (Devchandra L Meetei <dlmeetei@gmail.com>)

RT3787:
    Fix some EVP_ function return values
    (Laetitia Baudoin <lbaudoin@google.com>)

Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
parent ad775e04

doc/apps/ca.pod

+3 −2
Original line number Diff line number Diff line
@@ -167,7 +167,8 @@ the number of days to certify the certificate for. 


=item B<-md alg>



the message digest to use. Possible values include md5, sha1 and mdc2.

the message digest to use.

Any digest supported by the OpenSSL B<dgst> command can be used.

This option also applies to CRLs.



=item B<-policy arg>
@@ -406,7 +407,7 @@ least one of these must be present to generate a CRL. 


=item B<default_md>



the same as the B<-md> option. The message digest to use. Mandatory.

the same as the B<-md> option. Mandatory.



=item B<database>

doc/apps/dgst.pod

+4 −0
Original line number Diff line number Diff line
@@ -185,6 +185,10 @@ To verify a signature: 


=head1 NOTES



The digest mechanisms that are available will depend on the options

used when building OpenSSL.

The B<list digest-commands> command can be used to list them.



New or agile applications should use probably use SHA-256. Other digests,

particularly SHA-1 and MD5, are still widely used for interoperating

with existing formats and protocols.

doc/apps/enc.pod

+1 −1
Original line number Diff line number Diff line
@@ -282,7 +282,7 @@ authentication tag. 
 rc5-ofb            RC5 cipher in OFB mode



 aes-[128|192|256]-cbc	128/192/256 bit AES in CBC mode

 aes-[128|192|256]	Alias for aes-[128|192|256]-cbc

 aes[128|192|256]	Alias for aes-[128|192|256]-cbc

 aes-[128|192|256]-cfb	128/192/256 bit AES in 128 bit CFB mode

 aes-[128|192|256]-cfb1	128/192/256 bit AES in 1 bit CFB mode

 aes-[128|192|256]-cfb8	128/192/256 bit AES in 8 bit CFB mode

doc/apps/ocsp.pod

+4 −2
Original line number Diff line number Diff line
@@ -261,10 +261,12 @@ information is immediately available. In this case the age of the B<notBefore> f 
is checked to see it is not older than B<age> seconds old. By default this additional

check is not performed.



=item B<-md5|-sha1|-sha256|-ripemod160|...>

=item B<-[digest]>



this option sets digest algorithm to use for certificate identification

in the OCSP request. By default SHA-1 is used. 

in the OCSP request.

Any digest supported by the OpenSSL B<dgst> command can be used.

The default is SHA-1.



=back

doc/apps/openssl.pod

+8 −8
Original line number Diff line number Diff line
@@ -12,7 +12,7 @@ I<command> 
[ I<command_opts> ]

[ I<command_args> ]



B<openssl> [ B<list-standard-commands> | B<list-message-digest-commands> | B<list-cipher-commands> | B<list-cipher-algorithms> | B<list-message-digest-algorithms> | B<list-public-key-algorithms>]

B<openssl> B<list> [ B<standard-commands> | B<digest-commands> | B<cipher-commands> | B<cipher-algorithms> | B<digest-algorithms> | B<public-key-algorithms>]



B<openssl> B<no->I<XXX> [ I<arbitrary options> ]
@@ -41,20 +41,20 @@ The B<openssl> program provides a rich variety of commands (I<command> in the 
SYNOPSIS above), each of which often has a wealth of options and arguments

(I<command_opts> and I<command_args> in the SYNOPSIS).



The pseudo-commands B<list-standard-commands>, B<list-message-digest-commands>,

and B<list-cipher-commands> output a list (one entry per line) of the names

The list parameters B<standard-commands>, B<digest-commands>,

and B<cipher-commands> output a list (one entry per line) of the names

of all standard commands, message digest commands, or cipher commands,

respectively, that are available in the present B<openssl> utility.



The pseudo-commands B<list-cipher-algorithms> and

B<list-message-digest-algorithms> list all cipher and message digest names, one entry per line. Aliases are listed as:

The list parameters B<cipher-algorithms> and

B<digest-algorithms> list all cipher and message digest names, one entry per line. Aliases are listed as:



 from => to



The pseudo-command B<list-public-key-algorithms> lists all supported public

The list parameter B<public-key-algorithms> lists all supported public

key algorithms.



The pseudo-command B<no->I<XXX> tests whether a command of the

The command B<no->I<XXX> tests whether a command of the

specified name is available.  If no command named I<XXX> exists, it

returns 0 (success) and prints B<no->I<XXX>; otherwise it returns 1

and prints I<XXX>.  In both cases, the output goes to B<stdout> and
@@ -63,7 +63,7 @@ are always ignored. Since for each cipher there is a command of the 
same name, this provides an easy way for shell scripts to test for the

availability of ciphers in the B<openssl> program.  (B<no->I<XXX> is

not able to detect pseudo-commands such as B<quit>,

B<list->I<...>B<-commands>, or B<no->I<XXX> itself.)

B<list>, or B<no->I<XXX> itself.)



=head2 STANDARD COMMANDS