/openssl/doc/man3/ |
H A D | OPENSSL_fork_prepare.pod | 29 keys) should not be shared across multiple programs. 33 Platforms without fork(2) will probably not need to use these functions. 36 such as Linux that have both functions will normally not need to call these 50 OPENSSL_fork_prepare(), OPENSSL_fork_parent() and OPENSSL_fork_child() do not 65 Licensed under the Apache License 2.0 (the "License"). You may not use
|
H A D | X509_check_purpose.pod | 47 =item E<32>0 if the certificate was not created to perform the purpose represented by I<id> 57 =item E<32>0 not a CA or does not have the purpose represented by I<id> 62 New versions will not return this value. May be a CA 75 Licensed under the Apache License 2.0 (the "License"). You may not use this
|
H A D | OBJ_nid2obj.pod | 93 I<ln> may be NULL, but not all at once. 98 The returned pointer is an internal pointer which B<must not> be freed. 106 that do not require a digest, NID_undef is a valid I<dig_id>. 130 Objects which are not in the table have the NID value NID_undef. 132 Objects do not need to be in the internal tables to be processed, 136 Some objects are used to represent algorithms which do not have a 146 These functions were not thread safe in OpenSSL 3.0 and before. 163 not NULL and I<buf_len> is big enough, otherwise the total string length. 164 Note that this does not count the trailing NUL character. 193 and should not be used. [all …]
|
H A D | BIO_s_socket.pod | 21 BIO_puts() is supported but BIO_gets() is not. 34 platforms sockets are not file descriptors and use distinct I/O routines, 35 Windows is one such platform. Any code mixing the two will not work on 49 Licensed under the Apache License 2.0 (the "License"). You may not use
|
H A D | SSL_SESSION_get0_id_context.pod | 25 B<*len> if B<len> is not NULL. 28 should not be released. 32 is given by B<sid_ctx_len> which must not exceed SSL_MAX_SID_CTX_LENGTH bytes. 51 Licensed under the Apache License 2.0 (the "License"). You may not use
|
H A D | X509_get0_uids.pod | 21 identifiers of certificate B<x> or NULL if the fields are not present. 24 attribute certificate B<x> or NULL if the field is not present. 33 X509_get0_uids() does not return a value. 68 Licensed under the Apache License 2.0 (the "License"). You may not use
|
H A D | X509_get0_notBefore.pod | 41 returned is an internal pointer which must not be freed up after 51 parameter I<tm> is not transferred by these functions so it must 56 returned is an internal pointer which must not be freed up after 61 parameter B<tm> is not transferred by these functions so it must 66 returned is an internal pointer which must not be freed up after 72 I<tm> is not transferred by these functions so it must be freed up after the 125 Licensed under the Apache License 2.0 (the "License"). You may not use
|
H A D | OSSL_HTTP_REQ_CTX.pod | 77 The I<rbio> is not free'd, I<wbio> will be free'd if I<free_wbio> is set. 102 If the I<content_type> argument is not NULL, 130 i.e., an error occurs in case the server does not grant it. 162 This memory BIO does not support streaming. 175 The returned BIO pointer must not be freed by the caller. 188 given by I<rctx> is still alive, i.e., has not been closed. 209 request URL do not match. 252 do not return values. 263 The returned BIO must not be freed by the caller. 266 or 0 if not available or an error occurred. [all …]
|
H A D | SSL_read_early_data.pod | 64 to send data from the server to the client when the client has not yet completed 76 authentication messages have not yet been received, i.e. the client is 81 or not by calling L<SSL_is_init_finished(3)>. 105 the server, but the total number of bytes written must not exceed the value 194 connection attempt. By default the server does not accept early data; a 267 containing the ClientHello. This means the early data is not actually 292 the same early data was not replayed across multiple connections. As a 299 if a client does not send any early data. 308 does not exist then the resumption is not allowed and a full handshake will 332 early data or not. See SSL_CTX_set_allow_early_data_cb() above for details. [all …]
|
H A D | SMIME_read_CMS.pod | 31 in binary format and is not translated to canonical form. 38 If B<*bcont> is not NULL then the message is clear text signed. B<*bcont> can 44 To support future functionality if B<bcont> is not NULL B<*bcont> should be 55 handle most S/MIME messages more complex compound formats may not work. 58 and will not handle the case where it is in binary format or uses quoted 87 Licensed under the Apache License 2.0 (the "License"). You may not use
|
H A D | EVP_PKEY_set1_RSA.pod | 71 alternative non-standard NIDs is now rare so B<EVP_PKEY_RSA2> et al are not 95 key is not of the correct type. The returned key must be freed after use. 105 key is not of the correct type. The reference count of the returned key is 106 B<not> incremented and so the key must not be freed after use. These functions 112 legacy key or NULL if the key is not legacy. 114 Note that if an EVP_PKEY was not constructed using one of the deprecated 135 If I<engine> does not include an B<EVP_PKEY_METHOD> for I<pkey> an 156 Updates to these keys will not be reflected back in the provider side key. The 158 EVP_PKEY_get1_EC_KEY() functions were not changed to have a "const" return type 177 EVP_PKEY_get_base_id() and will not care about the actual type: [all …]
|
H A D | SSL_write.pod | 62 Setting this flag does not cause a stream's send part to be concluded if not all 67 A call to SSL_write_ex2() fails if a flag is passed which is not supported or 77 If necessary, a write function will negotiate a TLS/SSL session, if not already 92 when the underlying BIO could not satisfy the needs of the function to continue 114 this processing is performed regularly. If an application is not using thread 129 You should not call SSL_write() with num=0, it will return an error. 139 not all the requested bytes have been written yet (if 145 retryable or not. 158 The write operation was not successful, because either the connection was 180 The write operation was not successful, because either the connection was [all …]
|
H A D | EVP_PKEY_CTX_ctrl.pod | 311 If not specified 65537 is used. 318 RSA key generation to I<primes>. If not specified 2 is used. 375 by the library and should not be freed by the caller. 409 parameter generation to B<nbits>. If not specified, 2048 is used. 430 since it is not part of a persisted key. 455 parameter generation. If not specified 2 is used. 489 since it is not part of a persisted key. 543 should not be freed by the caller. 567 by the library and should not be freed by the caller. 634 should not free the original memory pointed to by I<ukm>. [all …]
|
H A D | OSSL_LIB_CTX.pod | 59 In addition providers that are not loaded in the parent library context can be 61 library context. Providers loaded independently in this way will not be mirrored 62 in the parent library context and will not be affected if the parent library 70 reference count. L<OSSL_PROVIDER_unload(3)> must not be called for a provider in 71 the child library context that did not have an earlier L<OSSL_PROVIDER_load(3)> 81 B<OSSL_provider_init> function the currently initialising provider is not yet 82 available in the application's library context and therefore will similarly not 90 from a configuration. This function must not be called concurrently from 112 in the mean time. This means that the calling thread must not free the 119 and so applications should not typically call this function. [all …]
|
H A D | SSL_poll.pod | 140 This flag indicates that internal state machine processing should not be 159 event type bit in future SSL_poll() calls if it does not wish to receive 160 repeated notifications and has not caused the underlying readiness condition 175 for B<SSL_POLL_EVENT_R>), as not doing so is unlikely to be a sound design. 197 This event type may be raised even if it was not requested in I<events>; 205 This event is never raised on objects which are not connections. 214 This event is never raised on objects which are not connections. 330 not return more than one B<SSL_POLL_EVENT_F> event at once. 332 "Normal" events representing exceptional I/O conditions which do not 333 constitute a failure of the SSL_poll() mechanism itself are not considered [all …]
|
H A D | OSSL_HTTP_transfer.pod | 55 OSSL_HTTP_open() initiates an HTTP session using the I<bio> argument if not 76 If TLS is not used this defaults to the environment variable C<http_proxy> 87 separated by C<,> and/or whitespace (if not NULL; 114 or NULL to indicate failure, in which case it should not modify the BIO. 140 The optional callback function argument I<arg> is not consumed, 141 so must be freed by the caller when not needed any more. 180 If the I<expected_content_type> argument is not NULL, 200 If I<keep_alive> is 0 the connection is not kept open 204 i.e., an error occurs in case the server does not grant it. 211 is not NULL the latter pointer is used to provide any new location that [all …]
|
H A D | SSL_CTX_set_tlsext_status_cb.pod | 46 previously set via SSL_CTX_set_tlsext_status_type() or -1 if not set. 51 acceptable or not. The callback will be passed as an argument the value 53 callback will not be called in the event of a handshake where session resumption 70 call to the d2i_OCSP_RESPONSE() function. If the server has not provided any 86 error; 0 if the response is not acceptable (in which case the handshake will 91 returned), SSL_TLSEXT_ERR_NOACK (meaning that an OCSP response should not be 100 SSL_CTX_set_tlsext_status_type(), or -1 if not set. 122 Licensed under the Apache License 2.0 (the "License"). You may not use
|
H A D | SRP_create_verifier.pod | 51 the verifier and (if a salt was not provided) I<*salt> will be populated with a 52 newly allocated BIGNUM containing a random salt. If I<*salt> is not NULL then 81 "*" if I<N> is not NULL, the selected group id otherwise. This value should 82 not be freed. 85 (i.e. the prime bit size) or NULL if the arguments are not valid SRP group parameters. 86 This value should not be freed. 88 SRP_get_default_gN() returns NULL if I<id> is not a valid group size, 134 Licensed under the Apache License 2.0 (the "License"). You may not use
|
H A D | X509_check_private_key.pod | 28 the keys match each other, and 0 if not. 36 do not check if I<pkey> itself is indeed a private key or not. 49 Licensed under the Apache License 2.0 (the "License"). You may not use
|
H A D | SSL_set_session_secret_cb.pod | 27 RFC4851. Therefore this callback should not be used except when implementing 32 available in I<*secret_len> and may be updated by the callback (but must not be 41 the B<SSL_SESSION> - but it does not affect the ciphersuite selected by the 52 secret. A return value of 0 indicates that the secret has not been set. On the 64 Licensed under the Apache License 2.0 (the "License"). You may not use
|
/openssl/doc/man1/ |
H A D | openssl-pkeyparam.pod.in | 39 this option is not specified. 44 this option is not specified. 47 Note that file I/O is not atomic. The output file is truncated and then written. 55 Do not output the encoded version of the parameters. 96 Licensed under the Apache License 2.0 (the "License"). You may not use
|
H A D | openssl-pkcs8.pod.in | 60 not used) then the input file must be in PKCS#8 format. An encrypted 63 If B<-topk8> is not used and B<PEM> mode is set the output file will be an 67 If B<-topk8> is not used and B<DER> mode is set the output file will be an 83 option is not specified. If the key is encrypted a pass phrase will be 99 If any encryption options are set and B<-passout> is not given 101 When password input is interrupted, the output file is not touched. 118 This option does not encrypt private keys at all and should only be used 143 If not specified PKCS#5 v2.0 form is used. 159 If this value is not specified, the default for PBES2 is 16 (128 bits) 175 Some older implementations do not support PKCS#5 v2.0 format and require [all …]
|
/openssl/ |
H A D | NOTES-POSIX.md | 7 There are exceptions, though, for platforms that do not have a POSIX 11 types are not present (such as `ssize_t`). 13 Platforms that do have a POSIX library may still not have them accessible
|
/openssl/doc/designs/ |
H A D | fips_indicator.md | 5 the changes should not affect the default provider. 43 The following rules will apply to any code that currently is not FIPS approved, 188 turn off FIPS mode. This will not be added at this stage. 216 *dst = *src then it is not required. 266 There are a few places where we do not enforce key size that need to be addressed. 277 …If we chose not to remove them , then we need to check that OSSL_PKEY_PARAM_USE_COFACTOR_ECDH is s… 286 - ECDSA Verify using prehashed message is not allowed. 295 - X963KDF (SHA1 is not allowed) 308 Note many of these (such as KDF's will not support SHAKE). 315 Test that Deterministic ECDSA does not allow SHAKE (IG C.K Additional Comments 6) [all …]
|
/openssl/doc/designs/ddd/ |
H A D | WINDOWS.md | 7 In general, Windows does not provide a poll(2) system call. WSAPoll(2) was introduced 17 because sockets are NT kernel handles on Windows and thus are not allocated 22 Windows does not provide anything like epoll or kqueue. For high performance 28 interface on top of polling, but it is not really possible to build a 46 - ddd-01-conn-blocking: Blocking example, use of IOCP is not applicable. 48 - ddd-02-conn-nonblocking: Socket is managed by OpenSSL, and IOCP is not 51 - ddd-03-fd-blocking: Blocking example, use of IOCP is not applicable. 78 My conclusion here is that since libssl does not support IOCP in the first
|