based on spell(1) output. diff --git a/doc/ssl/SSL_CONF_CTX_set_ssl_ctx.pod b/doc/ssl/SSL_CONF_CTX_set_ssl_ctx.pod index 4fc8f06..2049a53 100644 --- a/doc/ssl/SSL_CONF_CTX_set_ssl_ctx.pod +++ b/doc/ssl/SSL_CONF_CTX_set_ssl_ctx.pod @@ -14,12 +14,12 @@ SSL_CONF_CTX_set_ssl_ctx, SSL_CONF_CTX_set_ssl - set context to configure =head1 DESCRIPTION SSL_CONF_CTX_set_ssl_ctx() sets the context associated with B<cctx> to the -B<SSL_CTX> structure B<ctx>. Any previos B<SSL> or B<SSL_CTX> associated with +B<SSL_CTX> structure B<ctx>. Any previous B<SSL> or B<SSL_CTX> associated with B<cctx> is cleared. Subsequent calls to SSL_CONF_cmd() will be sent to B<ctx>. SSL_CONF_CTX_set_ssl() sets the context associated with B<cctx> to the -B<SSL> structure B<ssl>. Any previos B<SSL> or B<SSL_CTX> associated with +B<SSL> structure B<ssl>. Any previous B<SSL> or B<SSL_CTX> associated with B<cctx> is cleared. Subsequent calls to SSL_CONF_cmd() will be sent to B<ssl>. diff --git a/doc/ssl/SSL_CONF_cmd.pod b/doc/ssl/SSL_CONF_cmd.pod index 2a4019c..25039db 100644 --- a/doc/ssl/SSL_CONF_cmd.pod +++ b/doc/ssl/SSL_CONF_cmd.pod @@ -91,8 +91,8 @@ associated with B<cctx>. =item B<-cert> Attempts to use the file B<value> as the certificate for the appropriate -context. It currently uses SSL_CTX_use_cerificate_chain_file if an B<SSL_CTX> -structure is set or SSL_use_certifcate_file with filetype PEM if an B<SSL> +context. It currently uses SSL_CTX_use_certificate_chain_file if an B<SSL_CTX> +structure is set or SSL_use_certificate_file with filetype PEM if an B<SSL> structure is set. This option is only supported if certificate operations are permitted. @@ -183,8 +183,8 @@ associated with B<cctx>. =item B<Certificate> Attempts to use the file B<value> as the certificate for the appropriate -context. It currently uses SSL_CTX_use_cerificate_chain_file if an B<SSL_CTX> -structure is set or SSL_use_certifcate_file with filetype PEM if an B<SSL> +context. It currently uses SSL_CTX_use_certificate_chain_file if an B<SSL_CTX> +structure is set or SSL_use_certificate_file with filetype PEM if an B<SSL> structure is set. This option is only supported if certificate operations are permitted. diff --git a/doc/ssl/SSL_CONF_cmd_argv.pod b/doc/ssl/SSL_CONF_cmd_argv.pod index 246eaa5..6e66441 100644 --- a/doc/ssl/SSL_CONF_cmd_argv.pod +++ b/doc/ssl/SSL_CONF_cmd_argv.pod @@ -14,7 +14,7 @@ SSL_CONF_cmd_argv - SSL configuration command line processing. The function SSL_CONF_cmd_argv() processes at most two command line arguments from B<pargv> and B<pargc>. The values of B<pargv> and B<pargc> -are updated to reflect the number of command options procesed. The B<pargc> +are updated to reflect the number of command options processed. The B<pargc> argument can be set to B<NULL> is it is not used. =head1 RETURN VALUES diff --git a/doc/ssl/SSL_CTX_add_session.pod b/doc/ssl/SSL_CTX_add_session.pod index 8e0abd3..c660a18 100644 --- a/doc/ssl/SSL_CTX_add_session.pod +++ b/doc/ssl/SSL_CTX_add_session.pod @@ -41,7 +41,7 @@ If a server SSL_CTX is configured with the SSL_SESS_CACHE_NO_INTERNAL_STORE flag then the internal cache will not be populated automatically by new sessions negotiated by the SSL/TLS implementation, even though the internal cache will be searched automatically for session-resume requests (the -latter can be surpressed by SSL_SESS_CACHE_NO_INTERNAL_LOOKUP). So the +latter can be suppressed by SSL_SESS_CACHE_NO_INTERNAL_LOOKUP). So the application can use SSL_CTX_add_session() directly to have full control over the sessions that can be resumed if desired. diff --git a/doc/ssl/SSL_CTX_set_cert_cb.pod b/doc/ssl/SSL_CTX_set_cert_cb.pod index 98bd2f1..141d828 100644 --- a/doc/ssl/SSL_CTX_set_cert_cb.pod +++ b/doc/ssl/SSL_CTX_set_cert_cb.pod @@ -26,7 +26,7 @@ the passed B<ssl> structure and set or clear any appropriate certificates. If the callback is successful it B<MUST> return 1 even if no certificates have been set. A zero is returned on error which will abort the handshake with a fatal internal error alert. A negative return value will suspend the handshake -and the handshake function will return immediatly. +and the handshake function will return immediately. L<SSL_get_error(3)|SSL_get_error(3)> will return SSL_ERROR_WANT_X509_LOOKUP to indicate, that the handshake was suspended. The next call to the handshake function will again lead to the call of cert_cb(). It is the job of the diff --git a/doc/ssl/SSL_CTX_set_client_cert_cb.pod b/doc/ssl/SSL_CTX_set_client_cert_cb.pod index 3465b5c..d0df69a 100644 --- a/doc/ssl/SSL_CTX_set_client_cert_cb.pod +++ b/doc/ssl/SSL_CTX_set_client_cert_cb.pod @@ -29,7 +29,7 @@ using the B<x509> and B<pkey> arguments and "1" must be returned. The certificate will be installed into B<ssl>, see the NOTES and BUGS sections. If no certificate should be set, "0" has to be returned and no certificate will be sent. A negative return value will suspend the handshake and the -handshake function will return immediatly. L<SSL_get_error(3)|SSL_get_error(3)> +handshake function will return immediately. L<SSL_get_error(3)|SSL_get_error(3)> will return SSL_ERROR_WANT_X509_LOOKUP to indicate, that the handshake was suspended. The next call to the handshake function will again lead to the call of client_cert_cb(). It is the job of the client_cert_cb() to store information diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod index 8baf6ac..65062ad 100644 --- a/doc/ssl/SSL_CTX_set_options.pod +++ b/doc/ssl/SSL_CTX_set_options.pod @@ -256,7 +256,7 @@ Connections and renegotiation are always permitted by OpenSSL implementations. =head2 Unpatched client and patched OpenSSL server -The initial connection suceeds but client renegotiation is denied by the +The initial connection succeeds but client renegotiation is denied by the server with a B<no_renegotiation> warning alert if TLS v1.0 is used or a fatal B<handshake_failure> alert in SSL v3.0. diff --git a/doc/ssl/SSL_CTX_set_security_level.pod b/doc/ssl/SSL_CTX_set_security_level.pod index d7d1429..d5d2539 100644 --- a/doc/ssl/SSL_CTX_set_security_level.pod +++ b/doc/ssl/SSL_CTX_set_security_level.pod @@ -144,7 +144,7 @@ of security requires the use of RSA keys of at least 15360 bits in size. Some restrictions can be gracefully handled: for example ciphersuites offering insufficient security are not sent by the client and will not be selected by the server. Other restrictions such as the peer certificate -key size or the DH pameter size will abort the handshake with a fatal +key size or the DH parameter size will abort the handshake with a fatal alert. Attempts to set certificates or parameters with insufficient security are
______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
