Loading doc/ssl/SSL_CONF_CTX_new.pod +2 −1 Original line number Diff line number Diff line Loading @@ -13,7 +13,7 @@ SSL_CONF_CTX_new, SSL_CONF_CTX_free - SSL configuration allocation functions =head1 DESCRIPTION The function SSL_CONF_CTX_new() allocates and initialised an B<SSL_CONF_CTX> The function SSL_CONF_CTX_new() allocates and initialises an B<SSL_CONF_CTX> structure for use with the SSL_CONF functions. The function SSL_CONF_CTX_free() frees up the context B<cctx>. Loading @@ -29,6 +29,7 @@ SSL_CONF_CTX_free() does not return a value. L<SSL_CONF_CTX_set_flags(3)|SSL_CONF_CTX_set_flags(3)>, L<SSL_CONF_CTX_set_ssl_ctx(3)|SSL_CONF_CTX_set_ssl_ctx(3)>, L<SSL_CONF_CTX_set1_prefix(3)|SSL_CONF_CTX_set1_prefix(3)>, L<SSL_CONF_cmd(3)|SSL_CONF_cmd(3)>, L<SSL_CONF_cmd_argv(3)|SSL_CONF_cmd_argv(3)> Loading doc/ssl/SSL_CONF_CTX_set1_prefix.pod +3 −2 Original line number Diff line number Diff line Loading @@ -18,8 +18,8 @@ to B<prefix>. If B<prefix> is B<NULL> it is restored to the default value. =head1 NOTES Command prefixes alter the commands recognised by subsequent SSL_CTX_cmd() calls. For example for files if the prefix "SSL" is set then command names such as "SSLProtocol", "SSLOptions" etc are recognised instead of "Protocol" calls. For example for files, if the prefix "SSL" is set then command names such as "SSLProtocol", "SSLOptions" etc. are recognised instead of "Protocol" and "Options". Similarly for command lines if the prefix is "--ssl-" then "--ssl-no_tls1_2" is recognised instead of "-no_tls1_2". Loading @@ -37,6 +37,7 @@ SSL_CONF_CTX_set1_prefix() returns 1 for success and 0 for failure. =head1 SEE ALSO L<SSL_CONF_CTX_new(3)|SSL_CONF_CTX_new(3)>, L<SSL_CONF_CTX_set_flags(3)|SSL_CONF_CTX_set_flags(3)>, L<SSL_CONF_CTX_set_ssl_ctx(3)|SSL_CONF_CTX_set_ssl_ctx(3)>, L<SSL_CONF_cmd(3)|SSL_CONF_cmd(3)>, L<SSL_CONF_cmd_argv(3)|SSL_CONF_cmd_argv(3)> Loading doc/ssl/SSL_CONF_CTX_set_flags.pod +5 −2 Original line number Diff line number Diff line Loading @@ -19,8 +19,8 @@ The function SSL_CONF_CTX_clear_flags() clears B<flags> in the context B<cctx>. =head1 NOTES The flags how subsequent calls to SSL_CONF_set_cmd() or SSL_CONF_set_argv() behave. The flags set affect how subsequent calls to SSL_CONF_cmd() or SSL_CONF_argv() behave. Currently the following B<flags> values are recognised: Loading @@ -42,6 +42,8 @@ indicate errors relating to unrecognised options or missing arguments in the error queue. If this option isn't set such errors are only reflected in the return values of SSL_CONF_set_cmd() or SSL_CONF_set_argv() =back =head1 RETURN VALUES SSL_CONF_CTX_set_flags() and SSL_CONF_CTX_clear_flags() returns the new flags Loading @@ -51,6 +53,7 @@ value after setting or clearing flags. L<SSL_CONF_CTX_new(3)|SSL_CONF_CTX_new(3)>, L<SSL_CONF_CTX_set_ssl_ctx(3)|SSL_CONF_CTX_set_ssl_ctx(3)>, L<SSL_CONF_CTX_set1_prefix(3)|SSL_CONF_CTX_set1_prefix(3)>, L<SSL_CONF_cmd(3)|SSL_CONF_cmd(3)>, L<SSL_CONF_cmd_argv(3)|SSL_CONF_cmd_argv(3)> Loading doc/ssl/SSL_CONF_argv.pod +4 −3 Original line number Diff line number Diff line Loading @@ -14,12 +14,13 @@ SSL_CONF_argv - SSL configuration command line processing. The function SSL_CONF_cmd_argv() processes at most two command line arguments from B<pargv> and B<pargc>. The values of B<pargv> and B<pargc> are updated to reflect the number of command options procesed. are updated to reflect the number of command options procesed. The B<pargc> argument can be set to B<NULL> is it is not used. =head1 RETURN VALUES SSL_CONF_cmd_argv() returns the number of command arguments processed: 0, 1 or 2 or a negative error code. SSL_CONF_cmd_argv() returns the number of command arguments processed: 0, 1, 2 2 or a negative error code. If -2 is returned then an argument for a command is missing. Loading doc/ssl/SSL_CONF_cmd.pod +16 −16 Original line number Diff line number Diff line Loading @@ -22,7 +22,7 @@ framework for configuration files or command line options. Currently supported B<cmd> names for configuration files (i.e. when the flag B<SSL_CONF_FLAG_FILE> is set) are listed below. All configuration file B<cmd> names and are case insensitive so B<signaturealgorithms> is recognised as well as B<SignatureAlgorithms>. Unless otherwise states the B<value> names as well as B<SignatureAlgorithms>. Unless otherwise stated the B<value> names are also case insensitive. Note: the command prefix (if set) alters the recognised B<cmd> values. Loading @@ -32,7 +32,7 @@ Note: the command prefix (if set) alters the recognised B<cmd> values. =item B<CipherSuite> Sets the cipher suite list to B<value>. Note: syntax checking of B<value> is currently not performed unless a B<SSL> or B<SSL_CTX> structure is currently not performed unless an B<SSL> or B<SSL_CTX> structure is associated with B<cctx>. =item B<SignatureAlgorithms> Loading @@ -55,7 +55,7 @@ OpenSSL library are permissible. This sets the supported signature algorithms associated with client authentication for TLS v1.2. For servers the value is used in the supported signature algorithms field of a certificate request. For clients it is used to determine which signature algorithm to use for the client certificate. used to determine which signature algorithm to with the client certificate. The syntax of B<value> is identical to B<SignatureAlgorithms>. If not set then the value set for B<SignatureAlgorithms> will be used instead. Loading @@ -63,9 +63,9 @@ the value set for B<SignatureAlgorithms> will be used instead. =item B<Curves> This sets the supported elliptic curves. For servers the curves are sent using the supported curves extension to TLS. For clients the it is used to determine which curve to use. This affects curves used for both signatures and key exchange. sent using the supported curves extension for TLS v1.2. For clients it is used to determine which curve to use. This setting affects curves used for both signatures and key exchange, if applicable. The B<value> argument is a colon separated list of curves. The curve can be either the B<NIST> name (e.g. B<P-256>) or an OpenSSL OID name (e.g Loading @@ -76,9 +76,9 @@ B<prime256v1>). Curve names are case sensitive. This sets the temporary curve used for ephemeral ECDH modes. The B<value> argument is a curve name or the special value B<Automatic> which automatically picks an appropriate curve based on client and server preferences. The curve can be either the B<NIST> name (e.g. B<P-256>) or an OpenSSL OID name (e.g B<prime256v1>). Curve names are case sensitive. picks an appropriate curve based on client and server preferences. The curve can be either the B<NIST> name (e.g. B<P-256>) or an OpenSSL OID name (e.g B<prime256v1>). Curve names are case sensitive. =item B<Protocol> Loading @@ -87,9 +87,9 @@ The supported versions of the SSL or TLS protocol. The B<value> argument is a comma separated list of supported protocols to enable or disable. If an protocol is preceded by B<-> that version is disabled. All versions are enabled by default, though applications may choose to explicitly disable some version. Currently supported protocol values are B<SSLv2>, B<SSLv3>, B<TLSv1>, B<TLSv1.1> and B<TLSv1.2>. The special value B<ALL> refers to all supported versions. explicitly disable some. Currently supported protocol values are B<SSLv2>, B<SSLv3>, B<TLSv1>, B<TLSv1.1> and B<TLSv1.2>. The special value B<ALL> refers to all supported versions. =item B<Options> Loading @@ -111,9 +111,9 @@ B<EmptyFragments>: use empty fragments as a countermeasure against a SSL 3.0/TLS 1.0 protocol vulnerability affecting CBC ciphers. It is set by default. Inverse of B<SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS>. B<Bugs> enable various bug workarounds. Same as B<SSL_OP_ALL>. B<Bugs>: enable various bug workarounds. Same as B<SSL_OP_ALL>. B<DHSingle> enable single use DH keys, set by default. Inverse of B<DHSingle>: enable single use DH keys, set by default. Inverse of B<SSL_OP_DH_SINGLE>. Only used by servers. B<ECDHSingle> enable single use ECDH keys, set by default. Inverse of Loading @@ -138,7 +138,7 @@ Set by default. Currently supported B<cmd> names for command lines (i.e. when the flag B<SSL_CONF_CMDLINE> is set) are listed below. Note: all B<cmd> names and are case sensitive. Unless otherwise stated the B<value> parameter is noh used. The default prefix for command line commands is B<-> and that is not used. The default prefix for command line commands is B<-> and that is reflected below. =over 4 Loading Loading @@ -174,7 +174,7 @@ associated with B<cctx>. Disables protocol support for SSLv2, SSLv3, TLS 1.0, TLS 1.1 or TLS 1.2 by setting the corresponding options B<SSL_OP_NO_SSL2>, B<SSL_OP_NO_SSL3>, B<SSL_OP_NO_TLS1> B<SSL_OP_NO_TLS1_1> and B<SSL_OP_NO_TLS1_2> respectively. B<SSL_OP_NO_TLS1>, B<SSL_OP_NO_TLS1_1> and B<SSL_OP_NO_TLS1_2> respectively. =item B<-bugs> Loading Loading
doc/ssl/SSL_CONF_CTX_new.pod +2 −1 Original line number Diff line number Diff line Loading @@ -13,7 +13,7 @@ SSL_CONF_CTX_new, SSL_CONF_CTX_free - SSL configuration allocation functions =head1 DESCRIPTION The function SSL_CONF_CTX_new() allocates and initialised an B<SSL_CONF_CTX> The function SSL_CONF_CTX_new() allocates and initialises an B<SSL_CONF_CTX> structure for use with the SSL_CONF functions. The function SSL_CONF_CTX_free() frees up the context B<cctx>. Loading @@ -29,6 +29,7 @@ SSL_CONF_CTX_free() does not return a value. L<SSL_CONF_CTX_set_flags(3)|SSL_CONF_CTX_set_flags(3)>, L<SSL_CONF_CTX_set_ssl_ctx(3)|SSL_CONF_CTX_set_ssl_ctx(3)>, L<SSL_CONF_CTX_set1_prefix(3)|SSL_CONF_CTX_set1_prefix(3)>, L<SSL_CONF_cmd(3)|SSL_CONF_cmd(3)>, L<SSL_CONF_cmd_argv(3)|SSL_CONF_cmd_argv(3)> Loading
doc/ssl/SSL_CONF_CTX_set1_prefix.pod +3 −2 Original line number Diff line number Diff line Loading @@ -18,8 +18,8 @@ to B<prefix>. If B<prefix> is B<NULL> it is restored to the default value. =head1 NOTES Command prefixes alter the commands recognised by subsequent SSL_CTX_cmd() calls. For example for files if the prefix "SSL" is set then command names such as "SSLProtocol", "SSLOptions" etc are recognised instead of "Protocol" calls. For example for files, if the prefix "SSL" is set then command names such as "SSLProtocol", "SSLOptions" etc. are recognised instead of "Protocol" and "Options". Similarly for command lines if the prefix is "--ssl-" then "--ssl-no_tls1_2" is recognised instead of "-no_tls1_2". Loading @@ -37,6 +37,7 @@ SSL_CONF_CTX_set1_prefix() returns 1 for success and 0 for failure. =head1 SEE ALSO L<SSL_CONF_CTX_new(3)|SSL_CONF_CTX_new(3)>, L<SSL_CONF_CTX_set_flags(3)|SSL_CONF_CTX_set_flags(3)>, L<SSL_CONF_CTX_set_ssl_ctx(3)|SSL_CONF_CTX_set_ssl_ctx(3)>, L<SSL_CONF_cmd(3)|SSL_CONF_cmd(3)>, L<SSL_CONF_cmd_argv(3)|SSL_CONF_cmd_argv(3)> Loading
doc/ssl/SSL_CONF_CTX_set_flags.pod +5 −2 Original line number Diff line number Diff line Loading @@ -19,8 +19,8 @@ The function SSL_CONF_CTX_clear_flags() clears B<flags> in the context B<cctx>. =head1 NOTES The flags how subsequent calls to SSL_CONF_set_cmd() or SSL_CONF_set_argv() behave. The flags set affect how subsequent calls to SSL_CONF_cmd() or SSL_CONF_argv() behave. Currently the following B<flags> values are recognised: Loading @@ -42,6 +42,8 @@ indicate errors relating to unrecognised options or missing arguments in the error queue. If this option isn't set such errors are only reflected in the return values of SSL_CONF_set_cmd() or SSL_CONF_set_argv() =back =head1 RETURN VALUES SSL_CONF_CTX_set_flags() and SSL_CONF_CTX_clear_flags() returns the new flags Loading @@ -51,6 +53,7 @@ value after setting or clearing flags. L<SSL_CONF_CTX_new(3)|SSL_CONF_CTX_new(3)>, L<SSL_CONF_CTX_set_ssl_ctx(3)|SSL_CONF_CTX_set_ssl_ctx(3)>, L<SSL_CONF_CTX_set1_prefix(3)|SSL_CONF_CTX_set1_prefix(3)>, L<SSL_CONF_cmd(3)|SSL_CONF_cmd(3)>, L<SSL_CONF_cmd_argv(3)|SSL_CONF_cmd_argv(3)> Loading
doc/ssl/SSL_CONF_argv.pod +4 −3 Original line number Diff line number Diff line Loading @@ -14,12 +14,13 @@ SSL_CONF_argv - SSL configuration command line processing. The function SSL_CONF_cmd_argv() processes at most two command line arguments from B<pargv> and B<pargc>. The values of B<pargv> and B<pargc> are updated to reflect the number of command options procesed. are updated to reflect the number of command options procesed. The B<pargc> argument can be set to B<NULL> is it is not used. =head1 RETURN VALUES SSL_CONF_cmd_argv() returns the number of command arguments processed: 0, 1 or 2 or a negative error code. SSL_CONF_cmd_argv() returns the number of command arguments processed: 0, 1, 2 2 or a negative error code. If -2 is returned then an argument for a command is missing. Loading
doc/ssl/SSL_CONF_cmd.pod +16 −16 Original line number Diff line number Diff line Loading @@ -22,7 +22,7 @@ framework for configuration files or command line options. Currently supported B<cmd> names for configuration files (i.e. when the flag B<SSL_CONF_FLAG_FILE> is set) are listed below. All configuration file B<cmd> names and are case insensitive so B<signaturealgorithms> is recognised as well as B<SignatureAlgorithms>. Unless otherwise states the B<value> names as well as B<SignatureAlgorithms>. Unless otherwise stated the B<value> names are also case insensitive. Note: the command prefix (if set) alters the recognised B<cmd> values. Loading @@ -32,7 +32,7 @@ Note: the command prefix (if set) alters the recognised B<cmd> values. =item B<CipherSuite> Sets the cipher suite list to B<value>. Note: syntax checking of B<value> is currently not performed unless a B<SSL> or B<SSL_CTX> structure is currently not performed unless an B<SSL> or B<SSL_CTX> structure is associated with B<cctx>. =item B<SignatureAlgorithms> Loading @@ -55,7 +55,7 @@ OpenSSL library are permissible. This sets the supported signature algorithms associated with client authentication for TLS v1.2. For servers the value is used in the supported signature algorithms field of a certificate request. For clients it is used to determine which signature algorithm to use for the client certificate. used to determine which signature algorithm to with the client certificate. The syntax of B<value> is identical to B<SignatureAlgorithms>. If not set then the value set for B<SignatureAlgorithms> will be used instead. Loading @@ -63,9 +63,9 @@ the value set for B<SignatureAlgorithms> will be used instead. =item B<Curves> This sets the supported elliptic curves. For servers the curves are sent using the supported curves extension to TLS. For clients the it is used to determine which curve to use. This affects curves used for both signatures and key exchange. sent using the supported curves extension for TLS v1.2. For clients it is used to determine which curve to use. This setting affects curves used for both signatures and key exchange, if applicable. The B<value> argument is a colon separated list of curves. The curve can be either the B<NIST> name (e.g. B<P-256>) or an OpenSSL OID name (e.g Loading @@ -76,9 +76,9 @@ B<prime256v1>). Curve names are case sensitive. This sets the temporary curve used for ephemeral ECDH modes. The B<value> argument is a curve name or the special value B<Automatic> which automatically picks an appropriate curve based on client and server preferences. The curve can be either the B<NIST> name (e.g. B<P-256>) or an OpenSSL OID name (e.g B<prime256v1>). Curve names are case sensitive. picks an appropriate curve based on client and server preferences. The curve can be either the B<NIST> name (e.g. B<P-256>) or an OpenSSL OID name (e.g B<prime256v1>). Curve names are case sensitive. =item B<Protocol> Loading @@ -87,9 +87,9 @@ The supported versions of the SSL or TLS protocol. The B<value> argument is a comma separated list of supported protocols to enable or disable. If an protocol is preceded by B<-> that version is disabled. All versions are enabled by default, though applications may choose to explicitly disable some version. Currently supported protocol values are B<SSLv2>, B<SSLv3>, B<TLSv1>, B<TLSv1.1> and B<TLSv1.2>. The special value B<ALL> refers to all supported versions. explicitly disable some. Currently supported protocol values are B<SSLv2>, B<SSLv3>, B<TLSv1>, B<TLSv1.1> and B<TLSv1.2>. The special value B<ALL> refers to all supported versions. =item B<Options> Loading @@ -111,9 +111,9 @@ B<EmptyFragments>: use empty fragments as a countermeasure against a SSL 3.0/TLS 1.0 protocol vulnerability affecting CBC ciphers. It is set by default. Inverse of B<SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS>. B<Bugs> enable various bug workarounds. Same as B<SSL_OP_ALL>. B<Bugs>: enable various bug workarounds. Same as B<SSL_OP_ALL>. B<DHSingle> enable single use DH keys, set by default. Inverse of B<DHSingle>: enable single use DH keys, set by default. Inverse of B<SSL_OP_DH_SINGLE>. Only used by servers. B<ECDHSingle> enable single use ECDH keys, set by default. Inverse of Loading @@ -138,7 +138,7 @@ Set by default. Currently supported B<cmd> names for command lines (i.e. when the flag B<SSL_CONF_CMDLINE> is set) are listed below. Note: all B<cmd> names and are case sensitive. Unless otherwise stated the B<value> parameter is noh used. The default prefix for command line commands is B<-> and that is not used. The default prefix for command line commands is B<-> and that is reflected below. =over 4 Loading Loading @@ -174,7 +174,7 @@ associated with B<cctx>. Disables protocol support for SSLv2, SSLv3, TLS 1.0, TLS 1.1 or TLS 1.2 by setting the corresponding options B<SSL_OP_NO_SSL2>, B<SSL_OP_NO_SSL3>, B<SSL_OP_NO_TLS1> B<SSL_OP_NO_TLS1_1> and B<SSL_OP_NO_TLS1_2> respectively. B<SSL_OP_NO_TLS1>, B<SSL_OP_NO_TLS1_1> and B<SSL_OP_NO_TLS1_2> respectively. =item B<-bugs> Loading
