/openssl/test/ssl-tests/ |
H A D | 21-key-update.cnf | 5 test-0 = 0-update-key-client-update-not-requested 6 test-1 = 1-update-key-server-update-not-requested 11 [0-update-key-client-update-not-requested] 12 ssl_conf = 0-update-key-client-update-not-requested-ssl 14 [0-update-key-client-update-not-requested-ssl] 18 [0-update-key-client-update-not-requested-server] 23 [0-update-key-client-update-not-requested-client] 37 [1-update-key-server-update-not-requested] 40 [1-update-key-server-update-not-requested-ssl] 44 [1-update-key-server-update-not-requested-server] [all …]
|
/openssl/crypto/err/ |
H A D | openssl.txt | 190 BN_R_NOT_A_SQUARE:111:not a square 351 CMS_R_NOT_KEK:123:not kek 354 CMS_R_NOT_PWRI:177:not pwri 520 CT_R_SCT_NOT_SET:106:sct not set 544 DH_R_KEYS_NOT_SET:108:keys not set 568 DSA_R_P_NOT_PRIME:115:p not prime 569 DSA_R_Q_NOT_PRIME:113:q not prime 1286 RSA_R_P_NOT_PRIME:128:p not prime 1287 RSA_R_Q_NOT_PRIME:129:q not prime 1311 SM2_R_ID_NOT_SET:112:id not set [all …]
|
/openssl/doc/man3/ |
H A D | X509_STORE_CTX_get_error.pod | 110 Unspecified error; should not happen. 121 The CRL of a certificate could not be found. 127 signature value could not be determined rather than it not matching the 134 value could not be determined rather than it not matching the expected value. 141 not be read. 163 The CRL is not yet valid. 215 and it is not self-signed and the B<X509_V_FLAG_PARTIAL_CHAIN> flag is not set. 282 Key usage does not include CRL signing. 298 key usage does not include digital signature> 351 this is not supported. [all …]
|
H A D | OPENSSL_secure_malloc.pod | 51 This protects long-term storage of private keys, but will not necessarily 61 CRYPTO_secure_malloc_initialized() indicates whether or not the secure 69 If CRYPTO_secure_malloc_init() is not called, this is equivalent to 81 If CRYPTO_secure_malloc_init() is not called, this is equivalent to 90 the memory if it was not allocated from the secure heap. 91 If CRYPTO_secure_malloc_init() is not called, this is equivalent to 107 and 2 if successful but the heap could not be protected by memory 112 but CRYPTO_secure_malloc_done() has not been called or failed) or 0 if not. 115 the secure heap of the requested size, or C<NULL> if memory could not be 118 CRYPTO_secure_allocated() returns 1 if the pointer is in the secure heap, or 0 if not. [all …]
|
H A D | EVP_PKEY_gettable_params.pod | 44 obtain an integer value that does not fit into a native C B<int> type will cause 46 value that is negative or does not fit into a native C B<size_t> type using 51 parameters that do not fit into C<int> use EVP_PKEY_get_bn_param(). 55 parameters that do not fit into C<size_t> use EVP_PKEY_get_bn_param(). 65 If I<out_len> is not NULL, I<*out_len> is set to the length of the string 66 not including the terminating NUL byte. The required buffer size not including 72 If I<out_len> is not NULL, I<*out_len> is set to the length of the contents. 82 EVP_PKEY_gettable_params() returns NULL on error or if it is not supported. 87 EVP_PKEY_get_octet_string_param() if I<max_buf_sz> is not big enough to hold the 88 value. If I<out_len> is not NULL, I<*out_len> will be assigned the required [all …]
|
H A D | OPENSSL_init_crypto.pod | 61 not a default option. Once selected subsequent calls to 90 ciphers. This option is not a default option. Once selected subsequent 97 digests. This option is not a default option. Once selected subsequent 105 Note that in OpenSSL 1.1.1 this was the default for libssl but not for 125 RDRAND engine (if available). This not a default option and is deprecated 131 dynamic engine. This not a default option and is deprecated 137 openssl engine. This not a default option and is deprecated 149 CAPI engine (if available). This not a default option and is deprecated 161 AFALG engine. This not a default option and is deprecated 168 engines. This not a default option and is deprecated [all …]
|
H A D | PKCS7_verify.pod | 34 B<not> check their validity or whether any signatures are valid. The I<certs> 44 not detached and I<indata> is not NULL then the structure has both 51 the I<certs> parameter (if it is not NULL). Then they are looked up in any 60 If CRL checking is enabled in I<store> and B<PKCS7_NOCRL> is not set, 63 If I<store> is not NULL and any chain verify fails an error code is returned. 74 If B<PKCS7_NOINTERN> is set the certificates in the message itself are not 91 If B<PKCS7_NOSIGS> is set then the signatures on the data are not checked. 105 is not considered important. 122 The trusted certificate store is not searched for the signer's certificates. 127 be held in memory if it is not detached. [all …]
|
H A D | SSL_CTX_set_options.pod | 28 Options already set before are not cleared! 31 Options already set before are not cleared! 60 SSL objects. SSL_clear() does not affect the settings. 207 do not understand TLSv1.3 will not drop the connection. Regardless of whether 262 compression is not recommended and is not available at security level 2 or 273 propose, and servers will not accept the extension. 281 not propose, and servers will not accept the extension. 296 handshake). This option is not needed for clients. 501 Other options not mentioned above do not have an effect and will be ignored. 517 secure renegotiation and 0 if it does not. [all …]
|
H A D | CMS_verify.pod | 46 This list of certificates must not contain duplicates. 48 Also the list of CRLs must not contain duplicates. 64 the I<certs> parameter (if it is not NULL) and then looking in any 72 If CRL checking is enabled in I<store> and B<CMS_NOCRL> is not set, 85 If B<CMS_NOINTERN> is set the certificates in the message itself are not 96 If B<CMS_NO_SIGNER_CERT_VERIFY> is set the signing certificates are not 99 If B<CMS_NO_ATTR_VERIFY> is set the signed attributes signature is not 117 certificates are not appropriate: for example an application may wish to 126 is not considered important. 151 be held in memory if it is not detached. [all …]
|
H A D | EVP_PKEY_check.pod | 25 given by B<ctx>. This check will always succeed for key types that do not have 31 order to perform a lightweight sanity check of the key. If a quicker form is not 39 order to perform a lightweight sanity check of the key. If a quicker form is not 53 default provider may use checks that are not as restrictive for certain key types. 60 It is not necessary to call these functions after locally calling an approved key 64 The EVP_PKEY_pairwise_check() and EVP_PKEY_private_check() might not be bounded 65 by any key size limits as private keys are not expected to be supplied by 72 They return -2 if the operation is not supported for the specific algorithm. 96 Licensed under the Apache License 2.0 (the "License"). You may not use
|
H A D | CMS_add1_signer.pod | 31 structure is not complete and must be finalized either by streaming (if 42 are not appropriate. For example if multiple signers or non default digest 57 CMS_SignerInfo structure will not be finalized so additional attributes 61 If B<CMS_NOCERTS> is set the signer's certificate will not be included in the 75 identifier value instead. An error occurs if the signing certificate does not 81 If any of these algorithms is not available then it will not be included: for example the GOST algo… 82 not loaded. 104 Licensed under the Apache License 2.0 (the "License"). You may not use
|
H A D | SSL_shutdown.pod | 32 to SSL_shutdown() when not being used with QUIC. 98 not call SSL_shutdown() in this case, a close_notify alert will not be sent and 99 the behaviour will not be fully standards compliant. 146 if the application does not wish to wait for the peer. 237 not provided, an error code of 0 is used by default. 243 will not validate the string. If a reason is not provided, or SSL_shutdown() is 269 could not yet be transmitted, or which was sent but lost in the network, may not 382 The shutdown process is ongoing and has not yet completed. 385 peer has not yet replied in turn with its own close_notify. 388 sent but the connection closure process has not yet completed. [all …]
|
H A D | X509_STORE_CTX_new.pod | 98 The I<target> certificate is not copied (its reference count is not updated), 99 and the caller must not free it before verification is complete. 113 The I<target> public key is not copied (its reference count is not updated), 114 and the caller must not free it before verification is complete. 123 The target certificate is not copied (its reference count is not updated), 124 and the caller must not free it before verification is complete. 129 The I<target> public key is not copied (its reference count is not updated), 130 and the caller must not free it before verification is complete. 134 and so it should not be free'd by the caller. 152 to I<param>. After this call B<param> should not be used. [all …]
|
H A D | SSL_get_peer_cert_chain.pod | 22 If the peer did not present a certificate, NULL is returned. 26 has sent them) it is B<not> a verified chain. 31 not successful (as indicated by SSL_get_verify_result() not returning 36 If the session is resumed peers do not send certificates so a NULL pointer 41 is not incremented and the returned stack may be invalidated by renegotiation. 72 Licensed under the Apache License 2.0 (the "License"). You may not use
|
H A D | SSL_alert_type_string.pod | 63 Probably B<value> does not contain a correct alert message. 106 A certificate was corrupt, contained signatures that did not 119 A certificate has expired or is not currently valid. 146 certificate was not accepted because the CA certificate could not 153 applied, the sender decided not to proceed with negotiation. 158 A message could not be decoded because some field was out of the 170 A negotiation not in compliance with export restrictions was 178 recognized, but not supported. (For example, old protocol 208 is not appropriate, the recipient should respond with this alert; 219 Sent by the server to indicate that it does not recognize a PSK [all …]
|
H A D | SSL_CTX_set_session_ticket_cb.pod | 68 When the B<dec_cb> callback is invoked, the SSL_SESSION B<ss> has not yet been 83 sent to the client. This only occurs in TLSv1.2 or below. In TLSv1.3 it is not 94 be available. A new ticket should not be sent to the client. 110 handshake. Therefore, just because one ticket is unacceptable it does not mean 115 Do not use a ticket (if one was available). Do not send a renewed ticket to the 122 If the callback does not wish to change the default ticket behaviour then it 132 If the callback does not wish to change the default ticket behaviour then it 141 If the callback does not wish to change the default ticket behaviour then it 147 no session data will be available and the callback must not use the B<ss> 156 By default, in TLSv1.2 and below, a new session ticket is not issued on a [all …]
|
H A D | X509V3_get_d2i.pod | 52 If I<crit> is not NULL then I<*crit> is set to a status value: -2 if the 54 -1 if the extension could not be found, 0 if the extension is found and is 64 if the extension could not be decoded (invalid syntax or not supported). 98 not exist. An error is returned if the extension exists. 104 not exist, appends a new extension. 107 extension does not exist, returns an error. 110 not exist. An error is B<not> returned if the extension exists. 113 does not exist, returns an error. No new extension is added. 116 will not be added to the error queue. 119 will return NULL if the extension is not [all …]
|
H A D | CRYPTO_THREAD_run_once.pod | 51 any threading support or that provide a threading API that is not yet 97 be the only way that the variable is modified. If atomic operations are not 106 be the only way that the variable is modified. If atomic operations are not 116 be the only way that the variable is modified. If atomic operations are not 154 down. The maximum thread count is a limit, not a target. Threads will not be 181 if OpenSSL-managed thread pooling is not supported (for example, if it is not 248 /* Do not unlock unless the lock was successfully acquired. */ 252 /* Your code here, do not return without releasing the lock! */ 258 Finalization of locks is an advanced topic, not covered in this example. 261 The simplest solution is to just "leak" the lock in applications and not [all …]
|
H A D | DH_generate_parameters.pod | 46 The parameters generated by DH_generate_parameters_ex() should not be used in 53 of the key generation. If B<cb> is not B<NULL>, it will be 75 The parameter B<p> has been determined to not being an odd prime. 81 The generator B<g> is not suitable. 103 The parameter B<p> is not prime. 107 The parameter B<p> is not a safe prime and no B<q> value is present. 115 The generator B<g> is not suitable. 119 The parameter B<q> is not prime. 132 parameters should not be used for Diffie-Hellman operations otherwise 133 the security properties of the key exchange are not guaranteed. [all …]
|
H A D | SSL_CTX_set_tlsext_servername_callback.pod | 32 is NULL, SNI is not used. 46 In this case the servername requested by the client is not accepted and the 53 If this value is returned then the servername is not accepted by the server. 56 as for SSL_TLSEXT_ERR_ALERT_FATAL above. Note that TLSv1.3 does not support 73 and not on resumption handshakes. 82 If one has not been set, but a TLSv1.2 resumption is being attempted and the 95 if it was not called. 98 resumption did not occur 101 was not called. 114 TLSv1.2 (or below) resumption did not occur [all …]
|
H A D | SSL_CTX_set_security_level.pod | 42 the security level to B<level>. If not set the library default security level 50 the security callback associated with B<ctx> or B<s>. If not set a default 95 In addition to the level 2 exclusions cipher suites not offering forward 118 setting B<-DOPENSSL_TLS_SECURITY_LEVEL=level>. If not set then 2 is used. 124 for example) could not be checked at all. 144 offering insufficient security are not sent by the client and will not 152 SSL_CTX_use_certificate(). Applications which do not check the return values 154 not set at all because it had been rejected. 167 to the security callback or NULL if the callback is not set. 170 data pointer or NULL if the ex data is not set. [all …]
|
H A D | SSL_CTX_set0_CA_list.pod | 59 protocol version has been disabled. Most servers do not need this and so this 67 to B<ctx> and it should not be freed by the caller. 72 to B<s> and it should not be freed by the caller. 82 any. The returned list should not be freed by the caller. 94 returned list should not be freed by the caller. 108 it should not be freed by the caller. 115 B<ctx>. The returned list should not be freed by the caller. 119 returned list should not be freed by the caller. 138 only contains the names, not the complete certificates); use 155 and SSL_set0_CA_list() do not return a value. [all …]
|
H A D | SSL_get_peer_certificate.pod | 25 peer presented. If the peer did not present a certificate, NULL is returned. 35 That a certificate is returned does not indicate information about the 40 is incremented by one, so that it will not be destroyed when the session 45 is not incremented, and must not be freed. 79 Licensed under the Apache License 2.0 (the "License"). You may not use
|
/openssl/doc/designs/ |
H A D | handling-some-max-defines.md | 9 do not require any changes or workarounds for these limits. Such values 10 are not discussed further in this document. This document discusses only 21 This is a deprecated define which is useless. It is not used anywhere. 32 XOF functions do not count and the XOF output length is not and should 33 not be limited by this value. 52 Keep the value as is, do not deprecate. Review the codebase if it isn't 77 Keep the value as is, do not deprecate. Possibly review the codebase 78 to not depend on this value but there are many such cases. Avoid adding 123 Keep the value as is, do not deprecate. Possibly review the codebase 124 to not depend on this value but there are many such cases. Avoid adding [all …]
|
/openssl/crypto/x509/ |
H A D | v3_cpols.c | 295 USERNOTICE *not; in notice_section() local 307 if ((not = USERNOTICE_new()) == NULL) { in notice_section() 311 qual->d.usernotice = not; in notice_section() 332 if (!not->noticeref) { in notice_section() 337 not->noticeref = nref; in notice_section() 339 nref = not->noticeref; in notice_section() 353 if (!not->noticeref) { in notice_section() 358 not->noticeref = nref; in notice_section() 360 nref = not->noticeref; in notice_section() 379 if (not->noticeref && in notice_section() [all …]
|