/openssl/test/ssl-tests/ |
H A D | 21-key-update.cnf.in | 4 # Licensed under the Apache License 2.0 (the "License"). You may not use 19 name => "update-key-client-update-not-requested", 30 name => "update-key-server-update-not-requested",
|
H A D | 25-cipher.cnf | 11 test-6 = 6-cipher-server-pref-not-mobile 169 [6-cipher-server-pref-not-mobile] 170 ssl_conf = 6-cipher-server-pref-not-mobile-ssl 172 [6-cipher-server-pref-not-mobile-ssl] 173 server = 6-cipher-server-pref-not-mobile-server 174 client = 6-cipher-server-pref-not-mobile-client 176 [6-cipher-server-pref-not-mobile-server] 183 [6-cipher-server-pref-not-mobile-client]
|
/openssl/include/openssl/ |
H A D | ct.h.in | 6 * Licensed under the Apache License 2.0 (the "License"). You may not use 263 * Set *sig to point to the signature for the SCT. sig must not be NULL. 326 * Returns 0 if the SCT is invalid or could not be verified. 335 * Returns 0 if at least one SCT is invalid or could not be verified. 348 * "a" must not be NULL. 364 * "**pp" and "*pp" must not be NULL. 368 * not defined. 375 * "a" must not be NULL. 391 * "**pp" and "*pp" must not be NULL. 395 * not defined. [all …]
|
/openssl/doc/man3/ |
H A D | SSL_CTX_dane_enable.pod | 91 authentication success in this case does not mean that the peer was 103 If the B<mcert> argument is not B<NULL> and a TLSA record matched a chain 106 must not be freed by the application. 130 If any of these parameters is NULL, the corresponding field is not returned. 132 data field and must not be freed by the application. 160 do not execute scripts downloaded from remote servers. 171 not match the digest algorithm, or a C<Full(0)> (binary ASN.1 DER form) 175 negative value when DANE authentication failed or was not enabled, a 274 * complete the handshake, check the verification status, and if not 298 * Resumed session was not originally verified, this connection is not [all …]
|
H A D | SSL_CTX_set_alpn_select_cb.pod | 60 is NULL, ALPN is not used. The B<arg> value is a pointer which is passed to 106 memory will not be modified, but the B<SSL> does keep a 113 is set to 0 if no protocol has been selected. B<data> must not be freed. 116 client's requested protocol for this connection. If the client did not 117 request any protocol or NPN is not enabled, then B<data> is set to NULL and 120 this function need not be a member of the list of supported protocols 131 nonempty, 8-bit length-prefixed, byte strings. The length-prefix byte is not 134 vector is not in the vector itself, but in a separate variable. 147 If there is no ALPN proposed in the ClientHello, the ALPN callback is not 186 ALPN protocol not selected, e.g., because no ALPN protocols are configured for [all …]
|
H A D | EVP_aes_128_gcm.pod | 103 WARNING: this is not intended for usage outside of TLS and requires calling of 104 some undocumented ctrl functions. These ciphers do not conform to the EVP AEAD 114 WARNING: this is not intended for usage outside of TLS and requires calling of 115 some undocumented ctrl functions. These ciphers do not conform to the EVP AEAD 151 XTS-AES provides confidentiality but not authentication of data. It also 157 The XTS implementation in OpenSSL does not support streaming. That is there must 189 Licensed under the Apache License 2.0 (the "License"). You may not use
|
H A D | SSL_CTX_set_cipher_list.pod | 31 B<ssl> objects created from B<ctx>. This function does not impact TLSv1.3 74 usable and not depend on details of the library configuration (ciphers compiled 75 in). Thus no syntax checking takes place. Items that are not recognized, because 76 the corresponding ciphers are not compiled in or because they are mistyped, 95 When these conditions are not met for any cipher in the list (e.g. a 97 of 512 bits and the server is not configured to use temporary RSA 128 Licensed under the Apache License 2.0 (the "License"). You may not use
|
H A D | CMS_compress.pod | 23 If zlib support is not compiled into OpenSSL then CMS_compress() will return 40 practice and is not supported by SMIME_write_CMS(). 43 B<not> complete and outputting its contents via a function that does not 72 Licensed under the Apache License 2.0 (the "License"). You may not use
|
H A D | SSL_do_handshake.pod | 29 when the underlying BIO could not satisfy the needs of SSL_do_handshake() 47 The TLS/SSL handshake was not successful but was shut down controlled and 58 The TLS/SSL handshake was not successful because a fatal error occurred either 60 not clean. It can also occur if action is needed to continue the operation 76 Licensed under the Apache License 2.0 (the "License"). You may not use
|
H A D | SMIME_read_PKCS7.pod | 34 If B<*bcont> is not B<NULL> then the message is clear text 41 To support future functionality if B<bcont> is not B<NULL> 53 formats may not work. 56 encoded and will not handle the case where it is in binary format 83 Licensed under the Apache License 2.0 (the "License"). You may not use
|
H A D | BIO_f_null.pod | 20 behaves just as though the BIO was not there. 24 As may be apparent a null filter BIO is not particularly useful. 34 Licensed under the Apache License 2.0 (the "License"). You may not use
|
H A D | SSL_SESSION_is_resumable.pod | 17 to resume a session or not. Returns 1 if it can or 0 if not. Note that 39 Licensed under the Apache License 2.0 (the "License"). You may not use
|
H A D | SSL_inject_net_dgram.pod | 24 the length of the buffer in bytes. The buffer is copied and need not remain 29 the injected packet was not actually received from the network directly by 36 on a SSL object which is not a QUIC connection SSL object. 50 Licensed under the Apache License 2.0 (the "License"). You may not use
|
H A D | BIO_sendmmsg.pod | 76 support for I<local> has not been enabled, processing of that B<BIO_MSG> fails. 79 I<local> may not be available on all platforms; on these platforms, these 83 system does not report a local address for a specific received message, the 118 local address support is not available for the platform. 132 functionality to transmit or receive multiple messages at a time is not 138 the number of messages successfully processed (which need not be nonzero) to 159 available or not enabled on the BIO. 163 The I<peer> field was set to a non-NULL value, but peer address support is not 168 The BIO_sendmmsg() or BIO_recvmmsg() method is not supported on the BIO. 175 Implementations of this interface which do not make system calls and thereby [all …]
|
H A D | OSSL_CMP_ATAV_set0.pod | 52 they must B<not> be freed up after the call because their ownership 53 is transferred to I<atav>. The I<itav> pointer must not be NULL. 66 or NULL if I<atav> is NULL or does not contain an algId. 73 -1 if I<atav> is NULL or does not contain an rsaKeyLen or cannot be parsed, 91 OSSL_CMP_ATAV_set0() and OSSL_CMP_ATAV_free() do not return a value. 113 Licensed under the Apache License 2.0 (the "License"). You may not use
|
H A D | SSL_want.pod | 37 nonblocking I/O. Error conditions are not handled and must be treated 67 The operation did not complete because an application callback set by 73 The operation did not complete because a certificate verification callback 85 The asynchronous job could not be started because there were no async jobs 91 The operation did not complete because an application callback set by 119 Licensed under the Apache License 2.0 (the "License"). You may not use
|
H A D | OpenSSL_version.pod | 62 The OpenSSL project will not touch this macro (will leave it an empty string). 78 (B<maj>) and minor (B<min>) number or not. It will evaluate to true if the 126 C<compiler: ...> if available, or C<compiler: information not available> 132 or C<built on: date not available> otherwise. 133 The date would not be available in a reproducible build, for example. 138 if available, or C<platform: information not available> otherwise. 163 or C<CPUINFO: N/A> if not available. 167 For an unknown I<t>, the text C<not available> is returned. 195 Note that on some operating systems, this is not the same as the 245 Licensed under the Apache License 2.0 (the "License"). You may not use
|
/openssl/doc/man1/ |
H A D | openssl-dhparam.pod.in | 54 this option is not specified. 59 if this option is not present. The output filename should B<not> be the same 76 displays a warning if not. 81 input file is ignored and parameters are generated instead. If not 90 this option is not present but a generator (B<-2>, B<-3> or B<-5>) is 142 Licensed under the Apache License 2.0 (the "License"). You may not use
|
H A D | openssl-pkcs8.pod.in | 60 not used) then the input file must be in PKCS#8 format. An encrypted 63 If B<-topk8> is not used and B<PEM> mode is set the output file will be an 67 If B<-topk8> is not used and B<DER> mode is set the output file will be an 83 option is not specified. If the key is encrypted a pass phrase will be 96 prompted for. The output filename should B<not> be the same as the input 114 This option does not encrypt private keys at all and should only be used 132 Some implementations may not support custom PRF algorithms and may require 139 If not specified PKCS#5 v2.0 form is used. 155 If this value is not specified, the default for PBES2 is 16 (128 bits) 171 Some older implementations do not support PKCS#5 v2.0 format and require [all …]
|
/openssl/doc/designs/quic-design/ |
H A D | connection-state-machine.md | 27 0-RTT is also not currently modelled in this analysis. 30 discerned from the requirements imposed. This does not mean that the 36 the handshake has been completed but not yet confirmed). 47 Handshake confirmation is not the same as handshake completion. 186 Key updates may not be initiated in the Terminating state. 350 <td>(packet processed if EL is not dropped)</td> 442 may not have been possible: 467 that we receive, thus this event may not always be raised. 532 this does not require modelling as additional state. 579 we are not in `TERMINATING` or `TERMINATED`. [all …]
|
H A D | quic-thread-assist.md | 17 However, on second glance, this does not even solve the problem, as 26 set calls, but the combination of the two would not be safe if the assist thread 36 application is not required to take the lock prior to connection 42 probably happen prior to initiating a connection, things may not be that bad. 68 - Post-handshake authentication is not allowed; 89 thread and may not be touched further. We would need to block all API calls 97 APIs we think have safe semantics here; e.g. implement only getters and not 100 enabled. Some APIs may not have ways to indicate failure; for such APIs which
|
/openssl/test/recipes/30-test_evp_data/ |
H A D | evppkey_ecdsa_sigalg.txt | 4 # Licensed under the Apache License 2.0 (the "License"). You may not use 184 # Test that a explicit curve is not allowed in fips mode 191 # Test that a curve with < 112 bits is not allowed in fips mode for signing 199 # Test that a non nist curve is not allowed in fips mode 207 # Test that SHA1 is not allowed in fips mode for signing 215 # Test that SHA1 is not allowed in fips mode for signing 243 # Test that SHA1 is not allowed in fips mode for signing 253 # Test that SHA1 is not allowed in fips mode for signing
|
H A D | evppkey_ecdsa.txt | 4 # Licensed under the Apache License 2.0 (the "License"). You may not use 185 # Test that a explicit curve is not allowed in fips mode 192 # Test that a curve with < 112 bits is not allowed in fips mode for signing 200 # Test that a non nist curve is not allowed in fips mode 208 # Test that SHA1 is not allowed in fips mode for signing 216 # Test that SHA1 is not allowed in fips mode for signing 244 # Test that SHA1 is not allowed in fips mode for signing 254 # Test that SHA1 is not allowed in fips mode for signing
|
/openssl/doc/man7/ |
H A D | EVP_SIGNATURE-ED25519.pod | 25 require access to the complete message (not a digest of the message). 29 not require access to the complete message; they operate on a hash of 37 instance, a nonempty context-string is not permitted. 82 instance is the explicit signature algorithm name, and may not be changed 85 If a context-string is not specified, then an empty context-string is 107 The PureEdDSA instances do not support the streaming mechanism of 112 The HashEdDSA instances do not yet support the streaming mechanisms 153 /* The input "params" is not needed if default options are acceptable. 177 Licensed under the Apache License 2.0 (the "License"). You may not use
|
H A D | EVP_RAND.pod | 29 it is in general not necessary to utilize the EVP_RAND API directly. 67 it does not make sense for the child to be an entropy source. 73 a live entropy source may ignore and not use its parent. 105 It is I<not> thread-safe to access the <primary> DRBG directly via the 220 It is possible to add I<additional input> not only during reseeding, 229 setting B<-DOPENSSL_DEFAULT_SEED_SRC=SEED-SRC>. If not set then 240 DRBG, depending on whether automatic reseeding is available or not. 245 Calling RAND_poll() or RAND_add() is not necessary, because the DRBG 259 reseed counter is not reset. 275 NOTE: Manual reseeding is *not allowed* in FIPS mode, because [all …]
|