[openssl-dev] Documentation for Integrating a New Symmetric Cipher

Hello, After following this as well as the users email chain for the past several months I’ve noticed that once in a blue moon people will ask how to integrate a new cipher. In response I decided to write up some documentation on the matter and just added it to “Internals and Development

Re: [openssl-dev] Code Health Tuesday - documentation!

trend with our next theme - documentation. > > Just find some missing documentation, write it and send us a PR on our > github site. Or help us fix incorrect or out-of-date documentation, or > broken links, etc. We held another successful event yesterday. We saw a wide variety of submis

Re: [openssl-dev] Code Health Tuesday - documentation!

significant improvements merged as a result. We'd like to continue that > trend with our next theme - documentation. > > Just find some missing documentation, write it and send us a PR on our > github site. Or help us fix incorrect or out-of-date documentation, or > broken links, e

[openssl-dev] Code Health Tuesday - documentation!

Hi all Our next "Code Health Tuesday" event will be on Tuesday 28th March. We've seen some great contributions during our last two events with many significant improvements merged as a result. We'd like to continue that trend with our next theme - documentation. Just find so

[openssl-dev] build.info documentation

Hello, Can anyone here point me in the direction to some documentation on build.info<http://build.info> files? For the most part I’m creating mine using examples from other crypto ciphers but could use some more in depth explanation of what is going on when it is being parsed.

Re: [openssl-dev] [openssl.org #4607] improve quietness for s_client ... also documentation for s_client + s_server

On 07/05/2016 02:42 PM, Rich Salz via RT wrote: > this is for 1.0.2, right? :; openssl version OpenSSL 1.1.0-pre6-dev :; git log commit c2d551c01930df54bce6517cfecd214db6e98e80 Date: Wed Apr 27 14:47:45 2016 +0100 -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4607 Please log

[openssl-dev] [openssl.org #4607] improve quietness for s_client ... also documentation for s_client + s_server

this is for 1.0.2, right? -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4607 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4607] improve quietness for s_client ... also documentation for s_client + s_server

Hi -- Attached are four simple patches. They make the apps more usable. They should be pretty much self-explanatory. Let me know if you have questions. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4607 Please log in as guest with password guest if prompted >From

[openssl-dev] [openssl.org #4573] BUG -- Documentation issue with RAND_add in rand.pod

commit d9e6d77 pushed to 1.0.2 branch (was already fixed in master). Thanks. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4573 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4573] BUG -- Documentation issue with RAND_add in rand.pod

The doc/crypto/rand.pod file incorrectly documents the prototype for the RAND_add function. The last argument is a double not an int. It is correctly documented in the doc/crypto/RAND_add.pod file. Fix attached. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security &

[openssl-dev] [openssl.org #4539] Documentation - Cipher names changed between 1.0.2 & 1.1.0-pre

Added a sub-section to ciphers.pod in commit 6d1e770. Thanks. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4539 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4302] Documentation error in apps/x509.html: -[digest] option

Fixed in commit 0b2d4755d67eece48d1 Thanks for the report. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4302 Please log in as guest with password

[openssl-dev] [openssl.org #4539] Documentation - Cipher names changed between 1.0.2 & 1.1.0-pre

Hello Folks, I'd like to suggest the "ciphers" documentation in 1.1.0 be updated to include the old EDH names for ciphers which were renamed to DHE between 1.0.2 & 1.1.0-pre. I think there are only two affected which are still available: EDH-RSA-DES-CBC3-SHA & EDH-DSS-DE

[openssl-dev] [openssl.org #4435] Pull request: Update EVP_CIPHER_CTX_set_padding documentation.

This has now been applied, thanks for the contribution. Ticket closed. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4435 Please log in as guest with

[openssl-dev] [openssl.org #4478] DOCUMENTATION: PKCS12_newpass

Added now. Thanks for the contribution. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4478 Please log in as guest with password guest if prompted --

[openssl-dev] [openssl.org #4478] DOCUMENTATION: PKCS12_newpass

Some of PKCS#12 is documented, others are not. This adds missing documentation for PKCS12_newpass. The documentation should be placed at "doc/crypto/PKCS12_newpass.pod". The full test program for EXAMPLE is attached. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4478

[openssl-dev] [openssl.org #4435] Pull request: Update EVP_CIPHER_CTX_set_padding documentation.

https://github.com/openssl/openssl/pull/876 Add note about when EVP_CIPHER_CTX_set_padding should be called. Conrado -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4435 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

Re: [openssl-dev] 1.1-pre4 documentation fails to install

Yes, that diff fixes the problem, thank you! (Hope to see it in Github :) On 3/14/16, 11:45, "openssl-dev on behalf of Viktor Dukhovni" wrote: >On Mon, Mar 14, 2016 at 03:28:13PM +, Blumenthal, Uri - 0553 - MITLL

Re: [openssl-dev] 1.1-pre4 documentation fails to install

On Mon, Mar 14, 2016 at 03:28:13PM +, Blumenthal, Uri - 0553 - MITLL wrote: > install ./doc/crypto/EVP_PKEY_set1_RSA.pod -> > /Users/ur20980/share/man/man3/EVP_PKEY_set1_RSA.3 > > IO::File=IO(0x7feb8c8029c0) around line 62: Unterminated B<...> sequence > POD document had syntax errors at

[openssl-dev] 1.1-pre4 documentation fails to install

Current Github version: EVP_PKEY_print_public.3 => EVP_PKEY_print_private.3 link /Users/ur20980/share/man/man3/EVP_PKEY_print_params.3 -> /Users/ur20980/share/man/man3/EVP_PKEY_print_private.3 EVP_PKEY_print_params.3 => EVP_PKEY_print_private.3 install ./doc/crypto/EVP_PKEY_set1_RSA.pod ->

[openssl-dev] [openssl.org #4312] documentation: RSA_new_method argument

pushed in commit 6baa3b430555d25b6eee6440a6b8bee80eaabfc3 thanks. -- Rich Salz, OpenSSL dev team; rs...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4312 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #4312] documentation: RSA_new_method argument

001 From: Roumen Petrov <open...@roumenpetrov.info> Date: Sat, 13 Feb 2016 10:41:49 +0200 Subject: [PATCH 3/5] documentation: RSA_new_method argument --- doc/crypto/RSA_set_method.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/crypto/RSA_set_method.pod b/d

[openssl-dev] [openssl.org #4302] Documentation error in apps/x509.html: -[digest] option

https://www.openssl.org/docs/manmaster/apps/x509.html says: > -[digest] > > the digest to use. This affects any signing or display option that uses a > message digest, such as the -fingerprint, >-signkey and -CA options. Any digest supported by the OpenSSL dgst command can be used. If

Re: [openssl-dev] [openssl.org #4157] Download Documentation

Seems to me this can be closed now. Cheers ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4192] [PATCH] differentiate SSL_* from from SSL_CTX_* in documentation

A couple places in the OpenSSL documentation claims that SSL_foo() takes an SSL_CTX* instead of an SSL*. i've corrected those here. --- doc/ssl/SSL_CTX_set1_verify_cert_store.pod | 8 doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod | 2 +- 2 files changed, 5 insertions(+), 5 deletions

Re: [openssl-dev] [openssl.org #4157] Download Documentation

On Monday 30 November 2015 16:23:48 Blumenthal, Uri - 0553 - MITLL wrote: > On 11/30/15, 11:10 , "openssl-dev on behalf of Hubert Kario" > > wrote: > >On Friday 27 November 2015 13:39:36 Tom Jay via RT wrote: > >> 3. Some kind of

Re: [openssl-dev] Download Documentation

On Monday 30 November 2015 16:28:06 Salz, Rich wrote: > > I think it omits a *huge* area of use cases where “openssl” > > executable itself is used to (a) test and/or debug other SSL/TLS > > applications and packages, (b) perform cryptographic processing on > > files and data - either standalone,

Re: [openssl-dev] [openssl.org #4157] Download Documentation

On Friday 27 November 2015 13:39:36 Tom Jay via RT wrote: > 3. Some kind of useful examples of common usages > of OpenSSL would be appreciated. I'm still trawling through the > documentation trying to figure out how to do what I want to do and am > relying heaving on 3rd party guides t

Re: [openssl-dev] [openssl.org #4157] Download Documentation

On Friday 27 November 2015 13:39:36 Tom Jay via RT wrote: > 3. Some kind of useful examples of common usages > of OpenSSL would be appreciated. I'm still trawling through the > documentation trying to figure out how to do what I want to do and am > relying heaving on 3rd party guides t

[openssl-dev] [openssl.org #4157] Download Documentation

Did you see the INSTALL and README files in whatever version you downloaded? On the download page, I added a link to the release strategy which explains the release numbering. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing

[openssl-dev] [openssl.org #4157] Download Documentation

Hello, Why is there no meaningul documentation on the OpenSSL download page? Why, if I'm building a SSL-enabled webserver, do I need to spend so much time on OpenSSL specifically? Why do the other tasks, of which there are many, not requires as much time as OpenSSL to compile, install and use

Re: [openssl-dev] [openssl.org #4157] Download Documentation

Tom Jay via RT wrote on 11/27/2015 02:39 PM: Hello, Why is there no meaningul documentation on the OpenSSL download page? Why, if I'm building a SSL-enabled webserver, do I need to spend so much time on OpenSSL specifically? Why do the other tasks, of which there are many, not requires as much

[openssl-dev] [openssl.org #4009] bug: Handling of SUITEB* ciphers does not match documentation

Fixed now to SUITEB* works at the beginning of cipher string. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ___ openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #3429] PATCH: Update to X509_check_host documentation

already done. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3787] [PATCH] Update the return value documentation for various EVP_* functions to match the code.

fixed in master, thanks. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3930] DOCUMENTATION: dgst.pod: duplicate -hmac

Fixed in master, 1.0.2, 1.0.1; thanks. OpenSSL_1_0_1-stable 86de216 RT4019: Duplicate -hmac flag in dgst.pod OpenSSL_1_0_2-stable 8e0b56b RT4019: Duplicate -hmac flag in dgst.pod master fe50cd7 RT4019: Duplicate -hmac flag in dgst.pod Author: Markus Rinne markus.ka.ri...@gmail.com Date: Mon Aug

[openssl-dev] [openssl.org #4019] [PATCH] dgst.pod: Remove redundant documentation of -hmac

Option -hmac was documented twice. The issue was reported here: https://rt.openssl.org/Ticket/Display.html?user=guestpass=guestid=3930 --- doc/apps/dgst.pod | 5 - 1 file changed, 5 deletions(-) diff --git a/doc/apps/dgst.pod b/doc/apps/dgst.pod index 236e1b7..b156097 100644 ---

Re: [openssl-dev] [openssl.org #4019] [PATCH] dgst.pod: Remove redundant documentation of -hmac

Message d'origine De : Markus Rinne via RT r...@openssl.org Date :24/08/2015 17:42 (GMT+01:00) A : Cc : openssl-dev@openssl.org Objet : [openssl-dev] [openssl.org #4019] [PATCH] dgst.pod: Remove redundant documentation of -hmac Option -hmac was documented twice

Re: [openssl-dev] [openssl.org #4009] bug: Handling of SUITEB* ciphers does not match documentation

On Monday 17 August 2015 15:33:18 Wall, Stephen via RT wrote: Please, do not change to documentation to match what the code is currently doing - some projects try to enforce better security by adding !EXP:!NULL or similar to the user provided cipher string. Allowing SUITEB128:!EXP:!NULL

[openssl-dev] [openssl.org #4009] bug: Handling of SUITEB* ciphers does not match documentation

(*prule_str, SUITEB128) || !strncmp(*prule_str, SUITEB128:, 10)) suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS; else ... Please, do not change to documentation to match what the code is currently doing - some projects try to enforce better security by adding !EXP:!NULL or similar

[openssl-dev] [openssl.org #3878] [DOC] add documentation for SSL_CTX_clear_extra_chain_certs

Done, ticket close. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3972] EVP documentation implicitly recommends the use of single-DES

fixed in master and 1.0.2, thanks. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3972] EVP documentation implicitly recommends the use of single-DES

See https://github.com/openssl/openssl/pull/348 I was looking for something else but then saw this text about normally supplied by a function such as EVP_des_cbc(); we should not be misleading our users in such a fashion. -Ben ___ openssl-bugs-mod

[openssl-dev] [openssl.org #3930] DOCUMENTATION: dgst.pod: duplicate -hmac

In dgst man page (doc/apps/dgst.pod), there's duplicate -hmac option documentation: -hmac arg set the HMAC key to arg. ... -hmac key create a hashed MAC using key. Michal Bozon ___ openssl-bugs-mod mailing list

[openssl-dev] [openssl.org #3570] [DOC] ciphers(1) documentation

Fixed in master with some other doc/typo fixes with commit 4c583c36596cd86feebd983b0313733fe9870500 -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3899] PATCH: Update to EVP_BytesToKey.pod documentation

Another small issue revealed on Stack Overflow: Utilizing PBKDF2 with OpenSSL library, http://stackoverflow.com/q/22795471. In the question the OP cited the man page for EVP_BytesToKey. He knew he needed to use PBKDF2 from the man page, but the man page did not explicit call out OpenSSL's

[openssl-dev] [openssl.org #3878] [DOC] add documentation for SSL_CTX_clear_extra_chain_certs

Please add documentation for SSL_CTX_clear_extra_chain_certs to the man pages and mention it's existence in SSL_CTX_add_extra_chain_cert. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3836] DOCUMENTATION: missing documentation for SSL_get_certificate

The ECDH callback needs to query the server's certificate to discover the EC group being used. The callback can then return a temporary key in the field. It looks like SSL_get_certificate can be used for the purpose. SSL_get_certificate is used in apps/s_cb.c, but there's no documentation

[openssl-dev] [openssl.org #3787] [PATCH] Update the return value documentation for various EVP_* functions to match the code.

documentation. --- doc/crypto/EVP_DigestVerifyInit.pod | 3 +-- doc/crypto/EVP_EncryptInit.pod | 4 ++-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/doc/crypto/EVP_DigestVerifyInit.pod b/doc/crypto/EVP_DigestVerifyInit.pod index e0217e4..d3316e9 100644 --- a/doc/crypto

[openssl-dev] [openssl.org #3761] bug report: x509 -certopt ca_default documentation mismatch

According to the manpage -textopt ca_default suppresses the signature: ca_default the value used by the ca utility, equivalent to no_issuer, no_pubkey, no_header, no_version, no_sigdump and no_signame. but openssl x509 -noout -in file.pem -text -certopt ca_default shows both

[openssl-dev] [openssl.org #3719] Bug report: Documentation for -no_explicit option of openssl ocsp missing

Steve has added documentation for this. Closing ticket. Matt ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3719] Bug report: Documentation for -no_explicit option of openssl ocsp missing

There's no documentation available for the -no_explicit option of openssl ocsp: https://www.openssl.org/docs/apps/ocsp.html Dr. Henson explained the meaning of the option and of the corresponding flag OCSP_NOEXPLICIT for OCSP_basic_verify() like this on the openssl-users list

[openssl.org #3596] [1.0.2] -checkhost and -verify_hostname options documentation errors

Ok, change applied, see commit 7005eda3b6e4858233ec3d2a95ff3f5f28f8a484 in the OpenSSL_1_0_2-stable branch. Thanks for the heads up! On Tue Nov 11 00:34:14 2014, hka...@redhat.com wrote: Current git OpenSSL_1_0_2-stable branch (39679d858) has errors related to hostname-, IP- and

Re: [openssl.org #3596] [1.0.2] -checkhost and -verify_hostname options documentation errors

https://github.com/richsalz/openssl/tree/master/apps the bad descriptions are gone, but the new ones are still missing -- Regards, Hubert Kario Quality Engineer, QE BaseOS Security team Email: hka...@redhat.com Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech

RE: [openssl.org #3596] [1.0.2] -checkhost and -verify_hostname options documentation errors

https://github.com/richsalz/openssl/tree/master/apps the bad descriptions are gone, but the new ones are still missing Yes. I have to resync against master. Of course I'll do that before the merge.

[openssl.org #3596] [1.0.2] -checkhost and -verify_hostname options documentation errors

It's the same with s_server, I might add. I'm looking into this. On Tue Nov 11 00:34:14 2014, hka...@redhat.com wrote: Current git OpenSSL_1_0_2-stable branch (39679d858) has errors related to hostname-, IP- and email-verification options. openssl s_client -help lists following options:

RE: [openssl.org #3596] [1.0.2] -checkhost and -verify_hostname options documentation errors

Please look at https://github.com/richsalz/openssl/tree/master/apps which will be merged into master soon (I hope)

[openssl.org #3612] Fwd: [PATCH] Missing documentation for ocsp -timeout option

Patch applied. Many thanks, Matt __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager

[openssl.org #3612] Fwd: [PATCH] Missing documentation for ocsp -timeout option

There's a very useful -timeout option in the ocsp utility which is not mentioned in the manpage or the help output. diff --git a/apps/ocsp.c b/apps/ocsp.c index 902546f..0c6579d 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -650,6 +650,7 @@ int MAIN(int argc, char **argv)

Re: Improving Developer Documentation

I asked O’Reilly if it was going to be updated, but here’s the response I got: Hello, Thanks for you for your interest in Network Security with OpenSSL. I wish I had better news for your, but unfortunately it appears as if there isn't a new edition being planned. Best regards,

Re: Improving Developer Documentation

In an interesting turn, I had emailed John Viega and asked him if there was a chance of an updated and expanded edition of his book, and his response was: Probably next year, yes. so that’s something to look forward to. -Philip On Nov 15, 2014, at 2:04 PM, Philip Prindeville

RE: Improving Developer Documentation

they could all be better linked from the OpenSSL wiki is a different question of course :) Good luck! Message Received: Nov 14 2014, 01:58 AM From: Casey Dunham casey.dun...@gmail.com To: openssl-dev@openssl.org Cc: Subject: Improving Developer Documentation Greetings, I have just

RE: Improving Developer Documentation

http://www.amazon.co.uk/Network-Security-OpenSSL-Cryptography-Communications/dp/059600270X I've found basics and even more advanced topics in this book, but please notice that it is more than 10 years old, so doesn't cover new stuff and I've found some information outdated. Still - good book.

Re: Improving Developer Documentation

In looking for documentation regarding OpenSSL all I have found have been outdated examples. Even the rtfm link is unmaintained and has not been updated since 2002, according to this: http://www.rtfm.com/openssl-examples/ I think it would be great to link to these from a single source on the wiki

RE: Improving Developer Documentation

I would applaud the effort to create better (and more tutorial-style) documentation. It would also be great to bring the documentation and examples up to date. [Description: cid:image001.jpg@01CFFF4A.CA221DD0] -Original Message- From: owner-openssl-...@openssl.org [mailto:owner

Re: Improving Developer Documentation

OpenSSL APIs haven't changed much in 10 years :) In looking for documentation regarding OpenSSL all I have found have been outdated examples. Even the rtfm link is unmaintained and has not been updated since 2002, according to this: http://www.rtfm.com/openssl-examples

RE: Improving Developer Documentation

-dev@openssl.org; Krzysztof Kwiatkowski; openssl-dev@openssl.org Cc: owner-openssl-...@openssl.org Subject: Re: Improving Developer Documentation OpenSSL APIs haven't changed much in 10 years :) In looking for documentation regarding OpenSSL all I have found have been outdated examples. Even

Re: Improving Developer Documentation

-...@openssl.org] On Behalf Of david.ll...@fsmail.net Sent: Friday, November 14, 2014 4:16 PM To: openssl-dev@openssl.org; Krzysztof Kwiatkowski; openssl-dev@openssl.org Cc: owner-openssl-...@openssl.org Subject: Re: Improving Developer Documentation OpenSSL APIs haven't changed much in 10

RE: Improving Developer Documentation

Global Research) Cc: openssl-dev@openssl.org; owner-openssl-...@openssl.org Subject: Re: Improving Developer Documentation SRP is another On Fri, 2014-11-14 at 22:42 +, Bush, Stephen F (GE Global Research) wrote: Pre-Shared Keys might be one example of something that is hard to find in any

Re: Improving Developer Documentation

...@leeds.pl] Sent: Friday, November 14, 2014 7:00 PM To: Bush, Stephen F (GE Global Research) Cc: openssl-dev@openssl.org; owner-openssl-...@openssl.org Subject: Re: Improving Developer Documentation SRP is another On Fri, 2014-11-14 at 22:42 +, Bush, Stephen F (GE Global Research) wrote

Improving Developer Documentation

Greetings, I have just subscribed and hopefully I am not breaking any list etiquette here, but I wanted to respond to the thread that was started back in April on Improving the Documentation for OpenSSL. http://marc.info/?l=openssl-devm=139832883828644 I am a developer (BS CS, Minor in Math

[openssl.org #3596] [1.0.2] -checkhost and -verify_hostname options documentation errors

Current git OpenSSL_1_0_2-stable branch (39679d858) has errors related to hostname-, IP- and email-verification options. openssl s_client -help lists following options: -checkhost host - check peer certificate matches host -checkemail email - check peer certificate matches email -checkip

[openssl.org #3570] [DOC] ciphers(1) documentation

On https://www.openssl.org/docs/apps/ciphers.html it lists Pre shared keying (PSK) cipheruites It should say cipher suites. __ OpenSSL Project http://www.openssl.org Development Mailing List

[openssl.org #3511] Bug report: documentation: req docs claim default serial number for x509 certificate is 0, it is in fact a random integer (since 2004)

64674bcc8cee73853d00388a5e83cb1b2f38bec1 in 2004. Correct the req documentation to reflect this. --- doc/apps/req.pod | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/apps/req.pod b/doc/apps/req.pod index ad538ca..ffede30 100644 --- a/doc/apps/req.pod +++ b/doc/apps/req.pod

[openssl.org #3511] Bug report: documentation: req docs claim default serial number for x509 certificate is 0, it is in fact a random integer (since 2004)

fixed in head and 1.0.2 OpenSSL_1_0_2-stable 157c345 RT3511: doc fix; req default serial is random HEAD 3aba132 RT3511: doc fix; req default serial is random Author: Adam Williamson awill...@redhat.com Date: Sun Aug 31 18:22:09 2014 -0400 RT3511: doc fix; req default serial is random RT842,

Re: [openssl.org #3504] PATCH: documentation update for dgst command

Oops, thanks Rich. On Tue, Aug 26, 2014 at 10:06 AM, Rich Salz via RT r...@openssl.org wrote: The key is not optional with the -hmac option. This is fixed in the rsalz-monolith branch of akamai/openssl on github, to be rpart of release after 1.0.2 thanks. -- Rich Salz, OpenSSL dev team;

[openssl.org #3504] PATCH: documentation update for dgst command

From Stack Overflow and What key is used by openssl (command) for HMAC if key is not passed in as argument, https://stackoverflow.com/questions/25492833/what-key-is-used-by-openssl-command-for-hmac-if-key-is-not-passed-in-as-argume. The docs don't specify the behavior for the following: echo

[openssl.org #3504] PATCH: documentation update for dgst command

The key is not optional with the -hmac option. This is fixed in the rsalz-monolith branch of akamai/openssl on github, to be rpart of release after 1.0.2 thanks. -- Rich Salz, OpenSSL dev team; rs...@openssl.org __ OpenSSL

Re: [openssl.org #3504] PATCH: documentation update for dgst command

Oops, thanks Rich. On Tue, Aug 26, 2014 at 10:06 AM, Rich Salz via RT r...@openssl.org wrote: The key is not optional with the -hmac option. This is fixed in the rsalz-monolith branch of akamai/openssl on github, to be rpart of release after 1.0.2 thanks. -- Rich Salz, OpenSSL dev team;

[openssl.org #3429] PATCH: Update to X509_check_host documentation

Viktor graciously took the time to explain some of the finer details of the new name matching API (see http://www.mail-archive.com/openssl-users@openssl.org/msg74281.html). The discussion was helpful to me, and would likely be helpful to others. The patch incorporates Viktor's comments, and

Re: [openssl.org #3429] AutoReply: PATCH: Update to X509_check_host documentation

On Fri, Jul 04, 2014 at 10:50:47PM +0200, noloa...@gmail.com via RT wrote: Updated text for the patch based on Viktor's reply to JW and JB on the list. The updted text includes the a statement that its not possible to determine which named matched (this may be added in the future); and the

Re: [openssl.org #3429] AutoReply: PATCH: Update to X509_check_host documentation

On Sat, Jul 05, 2014 at 12:17:13AM +0200, Kurt Roeckx wrote: On Fri, Jul 04, 2014 at 10:50:47PM +0200, noloa...@gmail.com via RT wrote: Updated text for the patch based on Viktor's reply to JW and JB on the list. The updated text includes the a statement that its not possible to

[openssl.org #298] Documentation suggestions

The toplevel Makefile runs the POD pages threw a sed script that remove the (n) notation. This seems to address the concerns. POD, and POD2MAN and POD2HTML are a bit arcane for me. __ OpenSSL Project

[openssl.org #656] error in documentation about BIO_read

I looked at all BIO_read calls in ssl/*.c and it appears the check is for =0 now, not 0. So we fixed the code to conform to the doc. :) __ OpenSSL Project http://www.openssl.org Development Mailing

[openssl.org #882] Documentation patch

Added some text to the last paragraph: When using i2d_SSL_SESSION(), the memory location pointed to by pp must be large enough to hold the binary representation of the session. There is no known limit on the size of the created ASN1 representation, so the necessary amount of space should be

[openssl.org #939] PATCH: documentation clarifications for RSA_sign, rsautl

I took the first part of the diff, adding this: +Note that PKCS #1 adds meta-data, placing limits on the size of the +key that can be used. +See LRSA_private_encrypt(3)|RSA_private_encrypt(3) for lower-level +operations. __

[openssl.org #1630] [enhancement request] Documentation improvements?!

Since BIO_push(a,b) returns a, I changed the code examples to ignore the return value and explicitly used b64 Perhaps I should have introduced a new BIO* top and used that? If so open/re-open a ticket. __ OpenSSL Project

[openssl.org #2403] Possible Documentation Issue (FIPS User's Guide)

Looks like fixed in the latest (2013) version; there is no cross-comipled entry. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org

[openssl.org #2424] [BUG] documentation inconsistency (no_type vs. ignore_type)

Fix will be checked in to master shortly; thanks. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager

[openssl.org #2637] Missing documentation for -no_ign_eof option

To be commit'ed to head shortly, thanks. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager

[openssl.org #2697] documentation for SSL_CTX_set_tlsext_ticket_key_cb

Wow, thanks for writing that. And especially the long example. It points out various magic numbers; see RT ticket 3420 about that. To be submitted to master head shortly. __ OpenSSL Project

[openssl.org #2921] documentation: SSL_CTX_set_verify_options() does not exist

Simple fix, thanks. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager

[openssl.org #2922] documentation: SSL_CTX_set_verify() default depth is 100 not 9

You are right the default is 100 not nine. Thanks. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager

[openssl.org #2940] [Patch] Extend/correct documentation for SSL_CIPHER_get_description(), SSL_CIPHER_get_version(), SSL_get_version()

Integrated, thanks. Will be put on main/master shortly. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager

[openssl.org #3112] OpenSSL Documentation Bugs

Someone already fixed it, and updated the sample code to use the right API. Good for that nameless person. __ OpenSSL Project http://www.openssl.org Development Mailing List

[openssl.org #3118] [webpage] wrong documentation

Fixed the typo, thanks. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager

[openssl.org #3156] [PATCH] fix documentation for SSL_CTX_set_tmp_dh_callback and friends

Thanks, fixed, to be commit'd shortly. (The update, not me :) __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager

[openssl.org #2853] Documentation is not sufficient

The failures will not be dependent on the input stream. It could be allocation failures, for example. But very unlikely. __ OpenSSL Project http://www.openssl.org Development Mailing List

[openssl.org #2623] documentation update

Someone removed the patent link a long time ago. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager

[openssl.org #3184] Update documentation of SSLv23_method()

Documents updated now. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org

  1   2   3   >