| /openssl/test/ssl-tests/ |
| H A D | 21-key-update.cnf | 5 test-0 = 0-update-key-client-update-not-requested
6 test-1 = 1-update-key-server-update-not-requested
11 [0-update-key-client-update-not-requested]
12 ssl_conf = 0-update-key-client-update-not-requested-ssl
14 [0-update-key-client-update-not-requested-ssl]
18 [0-update-key-client-update-not-requested-server]
23 [0-update-key-client-update-not-requested-client]
37 [1-update-key-server-update-not-requested]
40 [1-update-key-server-update-not-requested-ssl]
44 [1-update-key-server-update-not-requested-server]
[all …]
|
| /openssl/crypto/err/ |
| H A D | openssl.txt | 190 BN_R_NOT_A_SQUARE:111:not a square
351 CMS_R_NOT_KEK:123:not kek
354 CMS_R_NOT_PWRI:177:not pwri
519 CT_R_SCT_NOT_SET:106:sct not set
543 DH_R_KEYS_NOT_SET:108:keys not set
567 DSA_R_P_NOT_PRIME:115:p not prime
568 DSA_R_Q_NOT_PRIME:113:q not prime
1268 RSA_R_P_NOT_PRIME:128:p not prime
1269 RSA_R_Q_NOT_PRIME:129:q not prime
1293 SM2_R_ID_NOT_SET:112:id not set
[all …]
|
| /openssl/doc/man3/ |
| H A D | X509_STORE_CTX_get_error.pod | 109 Unspecified error; should not happen.
120 The CRL of a certificate could not be found.
126 signature value could not be determined rather than it not matching the
133 value could not be determined rather than it not matching the expected value.
140 not be read.
162 The CRL is not yet valid.
214 and it is not self-signed and the B<X509_V_FLAG_PARTIAL_CHAIN> flag is not set.
281 Key usage does not include CRL signing.
297 key usage does not include digital signature>
350 this is not supported.
[all …]
|
| H A D | PKCS7_verify.pod | 32 B<not> check their validity or whether any signatures are valid. The I<certs>
42 not detached and I<indata> is not NULL then the structure has both
49 the I<certs> parameter (if it is not NULL). Then they are looked up in any
58 If CRL checking is enabled in I<store> and B<PKCS7_NOCRL> is not set,
61 If I<store> is not NULL and any chain verify fails an error code is returned.
72 If B<PKCS7_NOINTERN> is set the certificates in the message itself are not
89 If B<PKCS7_NOSIGS> is set then the signatures on the data are not checked.
103 is not considered important.
120 The trusted certificate store is not searched for the signer's certificates.
125 be held in memory if it is not detached.
[all …]
|
| H A D | OPENSSL_secure_malloc.pod | 51 This protects long-term storage of private keys, but will not necessarily
61 CRYPTO_secure_malloc_initialized() indicates whether or not the secure
69 If CRYPTO_secure_malloc_init() is not called, this is equivalent to
81 If CRYPTO_secure_malloc_init() is not called, this is equivalent to
90 the memory if it was not allocated from the secure heap.
91 If CRYPTO_secure_malloc_init() is not called, this is equivalent to
107 and 2 if successful but the heap could not be protected by memory
112 but CRYPTO_secure_malloc_done() has not been called or failed) or 0 if not.
115 the secure heap of the requested size, or C<NULL> if memory could not be
118 CRYPTO_secure_allocated() returns 1 if the pointer is in the secure heap, or 0 if not.
[all …]
|
| H A D | EVP_PKEY_gettable_params.pod | 44 obtain an integer value that does not fit into a native C B<int> type will cause
46 value that is negative or does not fit into a native C B<size_t> type using
51 parameters that do not fit into C<int> use EVP_PKEY_get_bn_param().
55 parameters that do not fit into C<size_t> use EVP_PKEY_get_bn_param().
65 If I<out_len> is not NULL, I<*out_len> is set to the length of the string
66 not including the terminating NUL byte. The required buffer size not including
72 If I<out_len> is not NULL, I<*out_len> is set to the length of the contents.
82 EVP_PKEY_gettable_params() returns NULL on error or if it is not supported.
87 EVP_PKEY_get_octet_string_param() if I<max_buf_sz> is not big enough to hold the
88 value. If I<out_len> is not NULL, I<*out_len> will be assigned the required
[all …]
|
| H A D | OPENSSL_init_crypto.pod | 61 not a default option. Once selected subsequent calls to
90 ciphers. This option is not a default option. Once selected subsequent
97 digests. This option is not a default option. Once selected subsequent
105 Note that in OpenSSL 1.1.1 this was the default for libssl but not for
125 RDRAND engine (if available). This not a default option and is deprecated
131 dynamic engine. This not a default option and is deprecated
137 openssl engine. This not a default option and is deprecated
149 CAPI engine (if available). This not a default option and is deprecated
161 AFALG engine. This not a default option and is deprecated
168 engines. This not a default option and is deprecated
[all …]
|
| H A D | SSL_CTX_set_options.pod | 27 Options already set before are not cleared!
30 Options already set before are not cleared!
59 SSL objects. SSL_clear() does not affect the settings.
206 do not understand TLSv1.3 will not drop the connection. Regardless of whether
261 compression is not recommended and is not available at security level 2 or
272 propose, and servers will not accept the extension.
280 not propose, and servers will not accept the extension.
295 handshake). This option is not needed for clients.
500 Other options not mentioned above do not have an effect and will be ignored.
516 secure renegotiation and 0 if it does not.
[all …]
|
| H A D | CMS_verify.pod | 44 This list of certificates must not contain duplicates.
46 Also the list of CRLs must not contain duplicates.
62 the I<certs> parameter (if it is not NULL) and then looking in any
70 If CRL checking is enabled in I<store> and B<CMS_NOCRL> is not set,
83 If B<CMS_NOINTERN> is set the certificates in the message itself are not
94 If B<CMS_NO_SIGNER_CERT_VERIFY> is set the signing certificates are not
97 If B<CMS_NO_ATTR_VERIFY> is set the signed attributes signature is not
115 certificates are not appropriate: for example an application may wish to
124 is not considered important.
149 be held in memory if it is not detached.
[all …]
|
| H A D | EVP_PKEY_check.pod | 25 given by B<ctx>. This check will always succeed for key types that do not have
31 order to perform a lightweight sanity check of the key. If a quicker form is not
39 order to perform a lightweight sanity check of the key. If a quicker form is not
53 default provider may use checks that are not as restrictive for certain key types.
60 It is not necessary to call these functions after locally calling an approved key
64 The EVP_PKEY_pairwise_check() and EVP_PKEY_private_check() might not be bounded
65 by any key size limits as private keys are not expected to be supplied by
72 They return -2 if the operation is not supported for the specific algorithm.
96 Licensed under the Apache License 2.0 (the "License"). You may not use
|
| H A D | CMS_add1_signer.pod | 31 structure is not complete and must be finalized either by streaming (if
42 are not appropriate. For example if multiple signers or non default digest
57 CMS_SignerInfo structure will not be finalized so additional attributes
61 If B<CMS_NOCERTS> is set the signer's certificate will not be included in the
75 identifier value instead. An error occurs if the signing certificate does not
81 If any of these algorithms is not available then it will not be included: for example the GOST algo…
82 not loaded.
104 Licensed under the Apache License 2.0 (the "License"). You may not use
|
| H A D | SSL_shutdown.pod | 32 to SSL_shutdown() when not being used with QUIC.
98 not call SSL_shutdown() in this case, a close_notify alert will not be sent and
99 the behaviour will not be fully standards compliant.
146 if the application does not wish to wait for the peer.
237 not provided, an error code of 0 is used by default.
243 will not validate the string. If a reason is not provided, or SSL_shutdown() is
269 could not yet be transmitted, or which was sent but lost in the network, may not
382 The shutdown process is ongoing and has not yet completed.
385 peer has not yet replied in turn with its own close_notify.
388 sent but the connection closure process has not yet completed.
[all …]
|
| H A D | X509_STORE_CTX_new.pod | 98 The I<target> certificate is not copied (its reference count is not updated),
99 and the caller must not free it before verification is complete.
113 The I<target> public key is not copied (its reference count is not updated),
114 and the caller must not free it before verification is complete.
123 The target certificate is not copied (its reference count is not updated),
124 and the caller must not free it before verification is complete.
129 The I<target> public key is not copied (its reference count is not updated),
130 and the caller must not free it before verification is complete.
134 and so it should not be free'd by the caller.
152 to I<param>. After this call B<param> should not be used.
[all …]
|
| H A D | SSL_get_peer_cert_chain.pod | 22 If the peer did not present a certificate, NULL is returned.
26 has sent them) it is B<not> a verified chain.
31 not successful (as indicated by SSL_get_verify_result() not returning
36 If the session is resumed peers do not send certificates so a NULL pointer
41 is not incremented and the returned stack may be invalidated by renegotiation.
72 Licensed under the Apache License 2.0 (the "License"). You may not use
|
| H A D | SSL_alert_type_string.pod | 63 Probably B<value> does not contain a correct alert message.
106 A certificate was corrupt, contained signatures that did not
119 A certificate has expired or is not currently valid.
146 certificate was not accepted because the CA certificate could not
153 applied, the sender decided not to proceed with negotiation.
158 A message could not be decoded because some field was out of the
170 A negotiation not in compliance with export restrictions was
178 recognized, but not supported. (For example, old protocol
208 is not appropriate, the recipient should respond with this alert;
219 Sent by the server to indicate that it does not recognize a PSK
[all …]
|
| H A D | SSL_CTX_set_session_ticket_cb.pod | 68 When the B<dec_cb> callback is invoked, the SSL_SESSION B<ss> has not yet been
83 sent to the client. This only occurs in TLSv1.2 or below. In TLSv1.3 it is not
94 be available. A new ticket should not be sent to the client.
110 handshake. Therefore, just because one ticket is unacceptable it does not mean
115 Do not use a ticket (if one was available). Do not send a renewed ticket to the
122 If the callback does not wish to change the default ticket behaviour then it
132 If the callback does not wish to change the default ticket behaviour then it
141 If the callback does not wish to change the default ticket behaviour then it
147 no session data will be available and the callback must not use the B<ss>
156 By default, in TLSv1.2 and below, a new session ticket is not issued on a
[all …]
|
| H A D | X509V3_get_d2i.pod | 52 If I<crit> is not NULL then I<*crit> is set to a status value: -2 if the
54 -1 if the extension could not be found, 0 if the extension is found and is
64 if the extension could not be decoded (invalid syntax or not supported).
98 not exist. An error is returned if the extension exists.
104 not exist, appends a new extension.
107 extension does not exist, returns an error.
110 not exist. An error is B<not> returned if the extension exists.
113 does not exist, returns an error. No new extension is added.
116 will not be added to the error queue.
119 will return NULL if the extension is not
[all …]
|
| H A D | CRYPTO_THREAD_run_once.pod | 51 any threading support or that provide a threading API that is not yet
97 be the only way that the variable is modified. If atomic operations are not
106 be the only way that the variable is modified. If atomic operations are not
116 be the only way that the variable is modified. If atomic operations are not
154 down. The maximum thread count is a limit, not a target. Threads will not be
181 if OpenSSL-managed thread pooling is not supported (for example, if it is not
248 /* Do not unlock unless the lock was successfully acquired. */
252 /* Your code here, do not return without releasing the lock! */
258 Finalization of locks is an advanced topic, not covered in this example.
261 The simplest solution is to just "leak" the lock in applications and not
[all …]
|
| H A D | DH_generate_parameters.pod | 46 The parameters generated by DH_generate_parameters_ex() should not be used in
53 of the key generation. If B<cb> is not B<NULL>, it will be
75 The parameter B<p> has been determined to not being an odd prime.
81 The generator B<g> is not suitable.
103 The parameter B<p> is not prime.
107 The parameter B<p> is not a safe prime and no B<q> value is present.
115 The generator B<g> is not suitable.
119 The parameter B<q> is not prime.
132 parameters should not be used for Diffie-Hellman operations otherwise
133 the security properties of the key exchange are not guaranteed.
[all …]
|
| H A D | SSL_CTX_set_tlsext_servername_callback.pod | 32 is NULL, SNI is not used.
46 In this case the servername requested by the client is not accepted and the
53 If this value is returned then the servername is not accepted by the server.
56 as for SSL_TLSEXT_ERR_ALERT_FATAL above. Note that TLSv1.3 does not support
73 and not on resumption handshakes.
82 If one has not been set, but a TLSv1.2 resumption is being attempted and the
95 if it was not called.
98 resumption did not occur
101 was not called.
114 TLSv1.2 (or below) resumption did not occur
[all …]
|
| H A D | SSL_CTX_set_security_level.pod | 42 the security level to B<level>. If not set the library default security level
50 the security callback associated with B<ctx> or B<s>. If not set a default
95 In addition to the level 2 exclusions cipher suites not offering forward
118 setting B<-DOPENSSL_TLS_SECURITY_LEVEL=level>. If not set then 2 is used.
124 for example) could not be checked at all.
144 offering insufficient security are not sent by the client and will not
152 SSL_CTX_use_certificate(). Applications which do not check the return values
154 not set at all because it had been rejected.
167 to the security callback or NULL if the callback is not set.
170 data pointer or NULL if the ex data is not set.
[all …]
|
| H A D | SSL_get_peer_certificate.pod | 25 peer presented. If the peer did not present a certificate, NULL is returned.
35 That a certificate is returned does not indicate information about the
40 is incremented by one, so that it will not be destroyed when the session
45 is not incremented, and must not be freed.
79 Licensed under the Apache License 2.0 (the "License"). You may not use
|
| H A D | SSL_CTX_set0_CA_list.pod | 59 protocol version has been disabled. Most servers do not need this and so this
67 to B<ctx> and it should not be freed by the caller.
72 to B<s> and it should not be freed by the caller.
82 any. The returned list should not be freed by the caller.
94 returned list should not be freed by the caller.
108 it should not be freed by the caller.
115 B<ctx>. The returned list should not be freed by the caller.
119 returned list should not be freed by the caller.
138 only contains the names, not the complete certificates); use
155 and SSL_set0_CA_list() do not return a value.
[all …]
|
| /openssl/doc/designs/ |
| H A D | handling-some-max-defines.md | 9 do not require any changes or workarounds for these limits. Such values
10 are not discussed further in this document. This document discusses only
21 This is a deprecated define which is useless. It is not used anywhere.
32 XOF functions do not count and the XOF output length is not and should
33 not be limited by this value.
52 Keep the value as is, do not deprecate. Review the codebase if it isn't
77 Keep the value as is, do not deprecate. Possibly review the codebase
78 to not depend on this value but there are many such cases. Avoid adding
123 Keep the value as is, do not deprecate. Possibly review the codebase
124 to not depend on this value but there are many such cases. Avoid adding
[all …]
|
| /openssl/crypto/x509/ |
| H A D | v3_cpols.c | 295 USERNOTICE *not; in notice_section() local
307 if ((not = USERNOTICE_new()) == NULL) { in notice_section()
311 qual->d.usernotice = not; in notice_section()
332 if (!not->noticeref) { in notice_section()
337 not->noticeref = nref; in notice_section()
339 nref = not->noticeref; in notice_section()
353 if (!not->noticeref) { in notice_section()
358 not->noticeref = nref; in notice_section()
360 nref = not->noticeref; in notice_section()
379 if (not->noticeref && in notice_section()
[all …]
|
