On Mon, Jun 17, 2013 at 08:56:35AM +0200, NP wrote:
> On 13-06-17 03:27, Ken Moffat wrote:
> >[snip]
> > In the absence of more data (I'm still using perl-5.16 until I
> >start my next build) I suspect there _might_ be a problem with
> >building openssl on current perl (5.18).
> >
> >ĸen
> >
> Right. With Perl-5.18, pod2man has decided to enforce more strict
> syntax rules. This breaks some packages in BLFS, for instance :
> - openssl-1.01e
> - wget-1.14
> - Wireshark-1.8.3
>
> Mainly, pod2man rejects =ITEM commands followd by a number. To fix
> it, just prefix the number with some alpha character.
>
> The =ITEM commands should also been strictly enclosed by =OPEN /
> =BREAK commands (one occurrence in openssl package).
>
> I have made a patch for openssl; perhaps you my find it useful.
>
> With best regards.
> --
> Nico / 13-06-17
>
> diff -Naur openssl-1.0.1e.orig/doc/apps/cms.pod
> openssl-1.0.1e/doc/apps/cms.pod
> --- openssl-1.0.1e.orig/doc/apps/cms.pod 2013-02-11 15:26:04.000000000
> +0000
> +++ openssl-1.0.1e/doc/apps/cms.pod 2013-06-04 18:00:00.358162120 +0000
> @@ -450,28 +450,28 @@
>
> =over 4
>
> -=item 0
> +=item >0
>
[ snip ]
I've now installed perl-5.18 (grumpily - I did a manual install,
thought I'd told it to go into /usr/local but it installed in /usr
so I'll be restoring the system from a backup when I've finished
with this and wget.). Yes, I saw the problem during
make INSTALL_PREFIX=/path/to/somewhere ... install
and Nico's patch gets past that problem. But when I looked at the
installed SSL_CTX_use_psk_identity_hint.3ssl I noticed that the
added '>' were appearing in front of the return codes:
RETURN VALUES
SSL_CTX_use_psk_identity_hint() and
SSL_use_psk_identity_hint() return 1 on success, 0
otherwise.
Return values from the server callback are interpreted
as follows:
> 0 PSK identity was found and the server callback has
provided the PSK successfully in parameter psk.
Return value is the length of psk in bytes. It is an
error to return a value greater than max_psk_len.
If the PSK identity was not found but the callback
instructs the protocol to continue anyway, the
callback must provide some random data to psk and
return the length of the random data, so the
connection will fail with decryption_error before it
will be finished completely.
>0 PSK identity was not found. An
"unknown_psk_identity" alert message will be sent
and the connection setup fails.
1.0.1e 2013SSL-CTX_use_psk_identity_hint(3)
The first should be '> 0', the second 0.
And similar lists of return codes as >0 ... >N instead of 0 ... N
throughout the pages. I then looked at fedora - they have recently
added a patch to fix this problem. Unfortunately, they have a whole
raft of other patches, one or more of which already alter the pod
files, probably to put the lists of return codes into a consistent
order (some list 1, for an error, before 0). The end result is that
four hunks had to be fixed up manually, but even after that it still
missed various fixes which Nico had added. The attached version
builds, and almost everything I've looked at now reads correctly.
The one exception is SSL_shutdown (3). Nico's patch lists the
return values as >1, >0, >-1. My amended patch causes them to be
listed as 1, 0, <0 (using E<lt>0 which I noticed in one of the other
pod files). That look reasonable, but in fact the version on my
installed system actually says:
RETURN VALUES
The following return values can occur:
1. The shutdown was successfully completed. The "close
notify" alert was sent and the peer's "close notify"
alert was received.
2. The shutdown is not yet finished. Call
SSL_shutdown() for a second time, if a bidirectional
shutdown shall be performed. The output of
SSL_get_error(3) may be misleading, as an erroneous
SSL_ERROR_SYSCALL may be flagged even though no
error occurred.
3. -1
The shutdown was not successful because a fatal
error occurred either at the protocol level or a
connection failure occurred. It can also occur if
action is need to continue the operation for non-
blocking BIOs. Call SSL_get_error(3) with the
return value ret to find out the reason.
To me, that standard version makes less than zero sense : if 1,2,3
are the order in which possible return codes are listed, what are
the codes being described ?
Anyone got any opinions on SSL_shutdown (3), even just a bare "mine
also says the return values are 1, 2, 3 with -1" ?
Nico - we credit patches with authorship, as well as upstream
status. Can I put you as the author, with myself for changes ?
I note that a slightly different patch is in
http://marc.info/?l=openssl-dev&m=136988464021098&w=2 - for me, as
for Xinglp, it doesn't all apply (possibly, things have already been
changeded in openssl-master). Attempting to fix it up, the first
rejection is in a file which doesn't need to be fixed in our build.
I gave up at that point.
ĸen
--
das eine Mal als Tragödie, das andere Mal als Farce
diff -Naur openssl-1.0.1e.orig/doc/apps/cms.pod openssl-1.0.1e/doc/apps/cms.pod
--- openssl-1.0.1e.orig/doc/apps/cms.pod 2013-02-11 15:26:04.000000000
+0000
+++ openssl-1.0.1e/doc/apps/cms.pod 2013-06-17 22:22:26.155322499 +0100
@@ -450,28 +450,28 @@
=over 4
-=item 0
+=item C<0>
the operation was completely successfully.
-=item 1
+=item C<1>
an error occurred parsing the command options.
-=item 2
+=item C<2>
one of the input files could not be read.
-=item 3
+=item C<3>
an error occurred creating the CMS file or when reading the MIME
message.
-=item 4
+=item C<4>
an error occurred decrypting or verifying the message.
-=item 5
+=item C<5>
the message was verified correctly but an error occurred writing out
the signers certificates.
diff -Naur openssl-1.0.1e.orig/doc/apps/smime.pod
openssl-1.0.1e/doc/apps/smime.pod
--- openssl-1.0.1e.orig/doc/apps/smime.pod 2013-02-11 15:26:04.000000000
+0000
+++ openssl-1.0.1e/doc/apps/smime.pod 2013-06-17 22:22:26.155322499 +0100
@@ -308,28 +308,28 @@
=over 4
-=item 0
+=item C<0>
the operation was completely successfully.
-=item 1
+=item C<1>
an error occurred parsing the command options.
-=item 2
+=item C<2>
one of the input files could not be read.
-=item 3
+=item C<3>
an error occurred creating the PKCS#7 file or when reading the MIME
message.
-=item 4
+=item C<4>
an error occurred decrypting or verifying the message.
-=item 5
+=item C<5>
the message was verified correctly but an error occurred writing out
the signers certificates.
diff -Naur openssl-1.0.1e.orig/doc/crypto/X509_STORE_CTX_get_error.pod
openssl-1.0.1e/doc/crypto/X509_STORE_CTX_get_error.pod
--- openssl-1.0.1e.orig/doc/crypto/X509_STORE_CTX_get_error.pod 2013-02-11
15:26:04.000000000 +0000
+++ openssl-1.0.1e/doc/crypto/X509_STORE_CTX_get_error.pod 2013-06-17
22:42:10.224174241 +0100
@@ -278,6 +278,8 @@
an application specific error. This will never be returned unless explicitly
set by an application.
+=back
+
=head1 NOTES
The above functions should be used instead of directly referencing the fields
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_accept.pod
openssl-1.0.1e/doc/ssl/SSL_accept.pod
--- openssl-1.0.1e.orig/doc/ssl/SSL_accept.pod 2013-02-11 15:02:48.000000000
+0000
+++ openssl-1.0.1e/doc/ssl/SSL_accept.pod 2013-06-17 22:23:35.242910251
+0100
@@ -44,12 +44,12 @@
=over 4
-=item 1
+=item C<1>
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
established.
-=item 0
+=item C<0>
The TLS/SSL handshake was not successful but was shut down controlled and
by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_clear.pod
openssl-1.0.1e/doc/ssl/SSL_clear.pod
--- openssl-1.0.1e.orig/doc/ssl/SSL_clear.pod 2013-02-11 15:02:48.000000000
+0000
+++ openssl-1.0.1e/doc/ssl/SSL_clear.pod 2013-06-17 22:22:26.155322499
+0100
@@ -56,12 +56,12 @@
=over 4
-=item 0
+=item C<0>
The SSL_clear() operation could not be performed. Check the error stack to
find out the reason.
-=item 1
+=item C<1>
The SSL_clear() operation was successful.
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_COMP_add_compression_method.pod
openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod
--- openssl-1.0.1e.orig/doc/ssl/SSL_COMP_add_compression_method.pod
2013-02-11 15:02:48.000000000 +0000
+++ openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod 2013-06-17
22:22:26.155322499 +0100
@@ -53,11 +53,11 @@
=over 4
-=item 0
+=item C<0>
The operation succeeded.
-=item 1
+=item C<1>
The operation failed. Check the error queue to find out the reason.
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_connect.pod
openssl-1.0.1e/doc/ssl/SSL_connect.pod
--- openssl-1.0.1e.orig/doc/ssl/SSL_connect.pod 2013-02-11 15:02:48.000000000
+0000
+++ openssl-1.0.1e/doc/ssl/SSL_connect.pod 2013-06-17 22:25:49.878106973
+0100
@@ -41,12 +41,12 @@
=over 4
-=item 1
+=item C<1>
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
established.
-=item 0
+=item C<0>
The TLS/SSL handshake was not successful but was shut down controlled and
by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_CTX_add_session.pod
openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod
--- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_add_session.pod 2013-02-11
15:02:48.000000000 +0000
+++ openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod 2013-06-17
22:22:26.155322499 +0100
@@ -52,13 +52,13 @@
=over 4
-=item 0
+=item C<0>
The operation failed. In case of the add operation, it was tried to add
the same (identical) session twice. In case of the remove operation, the
session was not found in the cache.
-=item 1
+=item C<1>
The operation succeeded.
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_CTX_load_verify_locations.pod
openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod
--- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_load_verify_locations.pod
2013-02-11 15:02:48.000000000 +0000
+++ openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod 2013-06-17
22:22:26.155322499 +0100
@@ -100,13 +100,13 @@
=over 4
-=item 0
+=item C<0>
The operation failed because B<CAfile> and B<CApath> are NULL or the
processing at one of the locations specified failed. Check the error
stack to find out the reason.
-=item 1
+=item C<1>
The operation succeeded.
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_client_CA_list.pod
openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod
--- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_client_CA_list.pod 2013-02-11
15:02:48.000000000 +0000
+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod 2013-06-17
22:49:52.997375753 +0100
@@ -70,7 +70,7 @@
The operation succeeded.
-=item 0
+=item 2
A failure while manipulating the STACK_OF(X509_NAME) object occurred or
the X509_NAME could not be extracted from B<cacert>. Check the error stack
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_client_CA_list.pod.orig
openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod.orig
--- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_client_CA_list.pod.orig
1970-01-01 01:00:00.000000000 +0100
+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod.orig 2013-06-17
22:22:26.155322499 +0100
@@ -0,0 +1,94 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_client_CA_list, SSL_set_client_CA_list, SSL_CTX_add_client_CA,
+SSL_add_client_CA - set list of CAs sent to the client when requesting a
+client certificate
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list);
+ void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list);
+ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *cacert);
+ int SSL_add_client_CA(SSL *ssl, X509 *cacert);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_client_CA_list() sets the B<list> of CAs sent to the client when
+requesting a client certificate for B<ctx>.
+
+SSL_set_client_CA_list() sets the B<list> of CAs sent to the client when
+requesting a client certificate for the chosen B<ssl>, overriding the
+setting valid for B<ssl>'s SSL_CTX object.
+
+SSL_CTX_add_client_CA() adds the CA name extracted from B<cacert> to the
+list of CAs sent to the client when requesting a client certificate for
+B<ctx>.
+
+SSL_add_client_CA() adds the CA name extracted from B<cacert> to the
+list of CAs sent to the client when requesting a client certificate for
+the chosen B<ssl>, overriding the setting valid for B<ssl>'s SSL_CTX object.
+
+=head1 NOTES
+
+When a TLS/SSL server requests a client certificate (see
+B<SSL_CTX_set_verify_options()>), it sends a list of CAs, for which
+it will accept certificates, to the client.
+
+This list must explicitly be set using SSL_CTX_set_client_CA_list() for
+B<ctx> and SSL_set_client_CA_list() for the specific B<ssl>. The list
+specified overrides the previous setting. The CAs listed do not become
+trusted (B<list> only contains the names, not the complete certificates); use
+L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>
+to additionally load them for verification.
+
+If the list of acceptable CAs is compiled in a file, the
+L<SSL_load_client_CA_file(3)|SSL_load_client_CA_file(3)>
+function can be used to help importing the necessary data.
+
+SSL_CTX_add_client_CA() and SSL_add_client_CA() can be used to add additional
+items the list of client CAs. If no list was specified before using
+SSL_CTX_set_client_CA_list() or SSL_set_client_CA_list(), a new client
+CA list for B<ctx> or B<ssl> (as appropriate) is opened.
+
+These functions are only useful for TLS/SSL servers.
+
+=head1 RETURN VALUES
+
+SSL_CTX_set_client_CA_list() and SSL_set_client_CA_list() do not return
+diagnostic information.
+
+SSL_CTX_add_client_CA() and SSL_add_client_CA() have the following return
+values:
+
+=over 4
+
+=item 1
+
+The operation succeeded.
+
+=item 0
+
+A failure while manipulating the STACK_OF(X509_NAME) object occurred or
+the X509_NAME could not be extracted from B<cacert>. Check the error stack
+to find out the reason.
+
+=back
+
+=head1 EXAMPLES
+
+Scan all certificates in B<CAfile> and list them as acceptable CAs:
+
+ SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>,
+L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>,
+L<SSL_load_client_CA_file(3)|SSL_load_client_CA_file(3)>,
+L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>
+
+=cut
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_client_CA_list.pod.rej
openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod.rej
--- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_client_CA_list.pod.rej
1970-01-01 01:00:00.000000000 +0100
+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod.rej 2013-06-17
22:22:26.155322499 +0100
@@ -0,0 +1,18 @@
+--- doc/ssl/SSL_CTX_set_client_CA_list.pod.manfix 2013-04-30
15:30:40.000000000 +0200
++++ doc/ssl/SSL_CTX_set_client_CA_list.pod 2013-04-30 21:23:02.644353105
+0200
+@@ -66,13 +66,13 @@
+
+ =over 4
+
+-=item 0
++=item C<0>
+
+ A failure while manipulating the STACK_OF(X509_NAME) object occurred or
+ the X509_NAME could not be extracted from B<cacert>. Check the error stack
+ to find out the reason.
+
+-=item 1
++=item C<1>
+
+ The operation succeeded.
+
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_session_id_context.pod
openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod
--- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_session_id_context.pod
2013-02-11 15:02:48.000000000 +0000
+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod 2013-06-17
22:22:26.155322499 +0100
@@ -64,13 +64,13 @@
=over 4
-=item 0
+=item C<0>
The length B<sid_ctx_len> of the session id context B<sid_ctx> exceeded
the maximum allowed length of B<SSL_MAX_SSL_SESSION_ID_LENGTH>. The error
is logged to the error stack.
-=item 1
+=item C<1>
The operation succeeded.
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_ssl_version.pod
openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod
--- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_ssl_version.pod 2013-02-11
15:26:04.000000000 +0000
+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod 2013-06-17
22:22:26.155322499 +0100
@@ -42,11 +42,11 @@
=over 4
-=item 0
+=item C<0>
The new choice failed, check the error stack to find out the reason.
-=item 1
+=item C<1>
The operation succeeded.
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
--- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
2013-02-11 15:26:04.000000000 +0000
+++ openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2013-06-17
23:09:54.130145593 +0100
@@ -81,6 +81,8 @@
Return values from the server callback are interpreted as follows:
+=over 4
+
=item > 0
PSK identity was found and the server callback has provided the PSK
@@ -94,9 +96,11 @@
connection will fail with decryption_error before it will be finished
completely.
-=item 0
+=item C<0>
PSK identity was not found. An "unknown_psk_identity" alert message
will be sent and the connection setup fails.
+=back
+
=cut
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_CTX_use_psk_identity_hint.pod.orig
openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod.orig
--- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_use_psk_identity_hint.pod.orig
1970-01-01 01:00:00.000000000 +0100
+++ openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod.orig
2013-02-11 15:26:04.000000000 +0000
@@ -0,0 +1,102 @@
+=pod
+
+=begin comment
+
+Copyright 2005 Nokia. All rights reserved.
+
+The portions of the attached software ("Contribution") is developed by
+Nokia Corporation and is licensed pursuant to the OpenSSL open source
+license.
+
+The Contribution, originally written by Mika Kousa and Pasi Eronen of
+Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
+support (see RFC 4279) to OpenSSL.
+
+No patent licenses or other rights except those expressly stated in
+the OpenSSL open source license shall be deemed granted or received
+expressly, by implication, estoppel, or otherwise.
+
+No assurances are provided by Nokia that the Contribution does not
+infringe the patent or other intellectual property rights of any third
+party or that the license provides you with all the necessary rights
+to make use of the Contribution.
+
+THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
+ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
+SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
+OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
+OTHERWISE.
+
+=end comment
+
+=head1 NAME
+
+SSL_CTX_use_psk_identity_hint, SSL_use_psk_identity_hint,
+SSL_CTX_set_psk_server_callback, SSL_set_psk_server_callback - set PSK
+identity hint to use
+
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *hint);
+ int SSL_use_psk_identity_hint(SSL *ssl, const char *hint);
+
+ void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx,
+ unsigned int (*callback)(SSL *ssl, const char *identity,
+ unsigned char *psk, int max_psk_len));
+ void SSL_set_psk_server_callback(SSL *ssl,
+ unsigned int (*callback)(SSL *ssl, const char *identity,
+ unsigned char *psk, int max_psk_len));
+
+
+=head1 DESCRIPTION
+
+SSL_CTX_use_psk_identity_hint() sets the given B<NULL>-terminated PSK
+identity hint B<hint> to SSL context object
+B<ctx>. SSL_use_psk_identity_hint() sets the given B<NULL>-terminated
+PSK identity hint B<hint> to SSL connection object B<ssl>. If B<hint>
+is B<NULL> the current hint from B<ctx> or B<ssl> is deleted.
+
+In the case where PSK identity hint is B<NULL>, the server
+does not send the ServerKeyExchange message to the client.
+
+A server application must provide a callback function which is called
+when the server receives the ClientKeyExchange message from the
+client. The purpose of the callback function is to validate the
+received PSK identity and to fetch the pre-shared key used during the
+connection setup phase. The callback is set using functions
+SSL_CTX_set_psk_server_callback() or
+SSL_set_psk_server_callback(). The callback function is given the
+connection in parameter B<ssl>, B<NULL>-terminated PSK identity sent
+by the client in parameter B<identity>, and a buffer B<psk> of length
+B<max_psk_len> bytes where the pre-shared key is to be stored.
+
+
+=head1 RETURN VALUES
+
+SSL_CTX_use_psk_identity_hint() and SSL_use_psk_identity_hint() return
+1 on success, 0 otherwise.
+
+Return values from the server callback are interpreted as follows:
+
+=item > 0
+
+PSK identity was found and the server callback has provided the PSK
+successfully in parameter B<psk>. Return value is the length of
+B<psk> in bytes. It is an error to return a value greater than
+B<max_psk_len>.
+
+If the PSK identity was not found but the callback instructs the
+protocol to continue anyway, the callback must provide some random
+data to B<psk> and return the length of the random data, so the
+connection will fail with decryption_error before it will be finished
+completely.
+
+=item 0
+
+PSK identity was not found. An "unknown_psk_identity" alert message
+will be sent and the connection setup fails.
+
+=cut
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_do_handshake.pod
openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod
--- openssl-1.0.1e.orig/doc/ssl/SSL_do_handshake.pod 2013-02-11
15:02:48.000000000 +0000
+++ openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod 2013-06-17 22:28:02.369316597
+0100
@@ -45,12 +45,12 @@
=over 4
-=item 1
+=item C<1>
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
established.
-=item 0
+=item C<0>
The TLS/SSL handshake was not successful but was shut down controlled and
by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_read.pod
openssl-1.0.1e/doc/ssl/SSL_read.pod
--- openssl-1.0.1e.orig/doc/ssl/SSL_read.pod 2013-02-11 15:02:48.000000000
+0000
+++ openssl-1.0.1e/doc/ssl/SSL_read.pod 2013-06-17 22:22:26.155322499 +0100
@@ -86,7 +86,7 @@
The read operation was successful; the return value is the number of
bytes actually read from the TLS/SSL connection.
-=item 0
+=item C<0>
The read operation was not successful. The reason may either be a clean
shutdown due to a "close notify" alert sent by the peer (in which case
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_session_reused.pod
openssl-1.0.1e/doc/ssl/SSL_session_reused.pod
--- openssl-1.0.1e.orig/doc/ssl/SSL_session_reused.pod 2013-02-11
15:02:48.000000000 +0000
+++ openssl-1.0.1e/doc/ssl/SSL_session_reused.pod 2013-06-17
22:22:26.155322499 +0100
@@ -27,11 +27,11 @@
=over 4
-=item 0
+=item C<0>
A new session was negotiated.
-=item 1
+=item C<1>
A session was reused.
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_set_fd.pod
openssl-1.0.1e/doc/ssl/SSL_set_fd.pod
--- openssl-1.0.1e.orig/doc/ssl/SSL_set_fd.pod 2013-02-11 15:02:48.000000000
+0000
+++ openssl-1.0.1e/doc/ssl/SSL_set_fd.pod 2013-06-17 22:22:26.155322499
+0100
@@ -35,11 +35,11 @@
=over 4
-=item 0
+=item C<0>
The operation failed. Check the error stack to find out why.
-=item 1
+=item C<1>
The operation succeeded.
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_set_session.pod
openssl-1.0.1e/doc/ssl/SSL_set_session.pod
--- openssl-1.0.1e.orig/doc/ssl/SSL_set_session.pod 2013-02-11
15:02:48.000000000 +0000
+++ openssl-1.0.1e/doc/ssl/SSL_set_session.pod 2013-06-17 22:22:26.155322499
+0100
@@ -37,11 +37,11 @@
=over 4
-=item 0
+=item C<0>
The operation failed; check the error stack to find out the reason.
-=item 1
+=item C<1>
The operation succeeded.
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_shutdown.pod
openssl-1.0.1e/doc/ssl/SSL_shutdown.pod
--- openssl-1.0.1e.orig/doc/ssl/SSL_shutdown.pod 2013-02-11
15:02:48.000000000 +0000
+++ openssl-1.0.1e/doc/ssl/SSL_shutdown.pod 2013-06-17 22:32:18.263771924
+0100
@@ -92,19 +92,19 @@
=over 4
-=item 1
+=item C<1>
The shutdown was successfully completed. The "close notify" alert was sent
and the peer's "close notify" alert was received.
-=item 0
+=item C<0>
The shutdown is not yet finished. Call SSL_shutdown() for a second time,
if a bidirectional shutdown shall be performed.
The output of L<SSL_get_error(3)|SSL_get_error(3)> may be misleading, as an
erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred.
-=item -1
+=item E<lt>0
The shutdown was not successful because a fatal error occurred either
at the protocol level or a connection failure occurred. It can also occur if
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_write.pod
openssl-1.0.1e/doc/ssl/SSL_write.pod
--- openssl-1.0.1e.orig/doc/ssl/SSL_write.pod 2013-02-11 15:02:48.000000000
+0000
+++ openssl-1.0.1e/doc/ssl/SSL_write.pod 2013-06-17 22:22:26.155322499
+0100
@@ -79,7 +79,7 @@
The write operation was successful, the return value is the number of
bytes actually written to the TLS/SSL connection.
-=item 0
+=item C<0>
The write operation was not successful. Probably the underlying connection
was closed. Call SSL_get_error() with the return value B<ret> to find out,
--
http://linuxfromscratch.org/mailman/listinfo/blfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
