diff --git a/doc/ssl/SSL_CONF_CTX_new.pod b/doc/ssl/SSL_CONF_CTX_new.pod index 63fa8cf706b3c2d1680d568ae3a53c30a62135a5..1ae4ac627e356324601b0dd7e5cfb81b1dba4df0 100644 --- a/doc/ssl/SSL_CONF_CTX_new.pod +++ b/doc/ssl/SSL_CONF_CTX_new.pod @@ -13,7 +13,7 @@ SSL_CONF_CTX_new, SSL_CONF_CTX_free - SSL configuration allocation functions =head1 DESCRIPTION -The function SSL_CONF_CTX_new() allocates and initialised an B +The function SSL_CONF_CTX_new() allocates and initialises an B structure for use with the SSL_CONF functions. The function SSL_CONF_CTX_free() frees up the context B. @@ -29,6 +29,7 @@ SSL_CONF_CTX_free() does not return a value. L, L, +L, L, L diff --git a/doc/ssl/SSL_CONF_CTX_set1_prefix.pod b/doc/ssl/SSL_CONF_CTX_set1_prefix.pod index 92aed5e71f778c61a89a9d78b93c660cc7ee7155..3b165db89bb9c5c9d91b6926527b37456db84bd2 100644 --- a/doc/ssl/SSL_CONF_CTX_set1_prefix.pod +++ b/doc/ssl/SSL_CONF_CTX_set1_prefix.pod @@ -18,8 +18,8 @@ to B. If B is B it is restored to the default value. =head1 NOTES Command prefixes alter the commands recognised by subsequent SSL_CTX_cmd() -calls. For example for files if the prefix "SSL" is set then command names -such as "SSLProtocol", "SSLOptions" etc are recognised instead of "Protocol" +calls. For example for files, if the prefix "SSL" is set then command names +such as "SSLProtocol", "SSLOptions" etc. are recognised instead of "Protocol" and "Options". Similarly for command lines if the prefix is "--ssl-" then "--ssl-no_tls1_2" is recognised instead of "-no_tls1_2". @@ -37,6 +37,7 @@ SSL_CONF_CTX_set1_prefix() returns 1 for success and 0 for failure. =head1 SEE ALSO L, +L, L, L, L diff --git a/doc/ssl/SSL_CONF_CTX_set_flags.pod b/doc/ssl/SSL_CONF_CTX_set_flags.pod index ae0850f2ae96ed7cf2abd3ad5981242041ff4963..6f7bf11a8b9dce28213df3f03c117d70346e86b1 100644 --- a/doc/ssl/SSL_CONF_CTX_set_flags.pod +++ b/doc/ssl/SSL_CONF_CTX_set_flags.pod @@ -19,8 +19,8 @@ The function SSL_CONF_CTX_clear_flags() clears B in the context B. =head1 NOTES -The flags how subsequent calls to SSL_CONF_set_cmd() or SSL_CONF_set_argv() -behave. +The flags set affect how subsequent calls to SSL_CONF_cmd() or +SSL_CONF_argv() behave. Currently the following B values are recognised: @@ -42,6 +42,8 @@ indicate errors relating to unrecognised options or missing arguments in the error queue. If this option isn't set such errors are only reflected in the return values of SSL_CONF_set_cmd() or SSL_CONF_set_argv() +=back + =head1 RETURN VALUES SSL_CONF_CTX_set_flags() and SSL_CONF_CTX_clear_flags() returns the new flags @@ -51,6 +53,7 @@ value after setting or clearing flags. L, L, +L, L, L diff --git a/doc/ssl/SSL_CONF_argv.pod b/doc/ssl/SSL_CONF_argv.pod index 0796d4d47767a16813c6221c997ab88738f4b6fe..1d4920610fba1a056eebfa92987c267286da8007 100644 --- a/doc/ssl/SSL_CONF_argv.pod +++ b/doc/ssl/SSL_CONF_argv.pod @@ -14,12 +14,13 @@ SSL_CONF_argv - SSL configuration command line processing. The function SSL_CONF_cmd_argv() processes at most two command line arguments from B and B. The values of B and B -are updated to reflect the number of command options procesed. +are updated to reflect the number of command options procesed. The B +argument can be set to B is it is not used. =head1 RETURN VALUES -SSL_CONF_cmd_argv() returns the number of command arguments processed: 0, 1 -or 2 or a negative error code. +SSL_CONF_cmd_argv() returns the number of command arguments processed: 0, 1, 2 +2 or a negative error code. If -2 is returned then an argument for a command is missing. diff --git a/doc/ssl/SSL_CONF_cmd.pod b/doc/ssl/SSL_CONF_cmd.pod index 874bd006c683ed2f8eca1391a74bffdfa21aca15..f853d12e8f45d8340a41f2695f7776c2c33a38ae 100644 --- a/doc/ssl/SSL_CONF_cmd.pod +++ b/doc/ssl/SSL_CONF_cmd.pod @@ -22,7 +22,7 @@ framework for configuration files or command line options. Currently supported B names for configuration files (i.e. when the flag B is set) are listed below. All configuration file B names and are case insensitive so B is recognised -as well as B. Unless otherwise states the B names +as well as B. Unless otherwise stated the B names are also case insensitive. Note: the command prefix (if set) alters the recognised B values. @@ -32,7 +32,7 @@ Note: the command prefix (if set) alters the recognised B values. =item B Sets the cipher suite list to B. Note: syntax checking of B is -currently not performed unless a B or B structure is +currently not performed unless an B or B structure is associated with B. =item B @@ -55,7 +55,7 @@ OpenSSL library are permissible. This sets the supported signature algorithms associated with client authentication for TLS v1.2. For servers the value is used in the supported signature algorithms field of a certificate request. For clients it is -used to determine which signature algorithm to use for the client certificate. +used to determine which signature algorithm to with the client certificate. The syntax of B is identical to B. If not set then the value set for B will be used instead. @@ -63,9 +63,9 @@ the value set for B will be used instead. =item B This sets the supported elliptic curves. For servers the curves are -sent using the supported curves extension to TLS. For clients the it is used -to determine which curve to use. This affects curves used for both signatures -and key exchange. +sent using the supported curves extension for TLS v1.2. For clients it is used +to determine which curve to use. This setting affects curves used for both +signatures and key exchange, if applicable. The B argument is a colon separated list of curves. The curve can be either the B name (e.g. B) or an OpenSSL OID name (e.g @@ -76,9 +76,9 @@ B). Curve names are case sensitive. This sets the temporary curve used for ephemeral ECDH modes. The B argument is a curve name or the special value B which -automatically picks an appropriate curve based on client and server -preferences. The curve can be either the B name (e.g. B) or an -OpenSSL OID name (e.g B). Curve names are case sensitive. +picks an appropriate curve based on client and server preferences. The curve +can be either the B name (e.g. B) or an OpenSSL OID name +(e.g B). Curve names are case sensitive. =item B @@ -87,9 +87,9 @@ The supported versions of the SSL or TLS protocol. The B argument is a comma separated list of supported protocols to enable or disable. If an protocol is preceded by B<-> that version is disabled. All versions are enabled by default, though applications may choose to -explicitly disable some version. Currently supported protocol -values are B, B, B, B and B. The -special value B refers to all supported versions. +explicitly disable some. Currently supported protocol values are B, +B, B, B and B. The special value B refers +to all supported versions. =item B @@ -111,9 +111,9 @@ B: use empty fragments as a countermeasure against a SSL 3.0/TLS 1.0 protocol vulnerability affecting CBC ciphers. It is set by default. Inverse of B. -B enable various bug workarounds. Same as B. +B: enable various bug workarounds. Same as B. -B enable single use DH keys, set by default. Inverse of +B: enable single use DH keys, set by default. Inverse of B. Only used by servers. B enable single use ECDH keys, set by default. Inverse of @@ -138,7 +138,7 @@ Set by default. Currently supported B names for command lines (i.e. when the flag B is set) are listed below. Note: all B names and are case sensitive. Unless otherwise stated the B parameter is -noh used. The default prefix for command line commands is B<-> and that is +not used. The default prefix for command line commands is B<-> and that is reflected below. =over 4 @@ -174,7 +174,7 @@ associated with B. Disables protocol support for SSLv2, SSLv3, TLS 1.0, TLS 1.1 or TLS 1.2 by setting the corresponding options B, B, -B B and B respectively. +B, B and B respectively. =item B<-bugs>