/openssl/doc/man3/ |
H A D | SSL_CTX_set_generate_session_id.pod | 37 The length of the session id is between 1 and 32 bytes. The session id is not 39 transmitted in the clear when reusing the session so it must not contain 64 If an id conflict is not resolved, the handshake will fail. 68 no confidential information is leaked this way). If the application can not 70 fill in the bytes not used to code special information with random data 74 not the external one. Since the session id is generated before the 75 handshake is completed, it is not immediately added to the cache. If 79 the external cache is not tested with SSL_has_matching_session_id() 133 Licensed under the Apache License 2.0 (the "License"). You may not use
|
H A D | SSL_get_extms_support.pod | 23 master secret, 0 if it did not and -1 if a handshake is currently in 24 progress i.e. it is not possible to determine if extended master secret 35 Licensed under the Apache License 2.0 (the "License"). You may not use
|
H A D | SSL_CTX_dane_enable.pod | 91 authentication success in this case does not mean that the peer was 103 If the B<mcert> argument is not B<NULL> and a TLSA record matched a chain 106 must not be freed by the application. 130 If any of these parameters is NULL, the corresponding field is not returned. 132 data field and must not be freed by the application. 160 do not execute scripts downloaded from remote servers. 171 not match the digest algorithm, or a C<Full(0)> (binary ASN.1 DER form) 175 negative value when DANE authentication failed or was not enabled, a 274 * complete the handshake, check the verification status, and if not 298 * Resumed session was not originally verified, this connection is not [all …]
|
H A D | SSL_CTX_set_alpn_select_cb.pod | 60 is NULL, ALPN is not used. The B<arg> value is a pointer which is passed to 106 memory will not be modified, but the B<SSL> does keep a 113 is set to 0 if no protocol has been selected. B<data> must not be freed. 116 client's requested protocol for this connection. If the client did not 117 request any protocol or NPN is not enabled, then B<data> is set to NULL and 120 this function need not be a member of the list of supported protocols 131 nonempty, 8-bit length-prefixed, byte strings. The length-prefix byte is not 134 vector is not in the vector itself, but in a separate variable. 147 If there is no ALPN proposed in the ClientHello, the ALPN callback is not 186 ALPN protocol not selected, e.g., because no ALPN protocols are configured for [all …]
|
H A D | EVP_aes_128_gcm.pod | 103 WARNING: this is not intended for usage outside of TLS and requires calling of 104 some undocumented ctrl functions. These ciphers do not conform to the EVP AEAD 114 WARNING: this is not intended for usage outside of TLS and requires calling of 115 some undocumented ctrl functions. These ciphers do not conform to the EVP AEAD 151 XTS-AES provides confidentiality but not authentication of data. It also 157 The XTS implementation in OpenSSL does not support streaming. That is there must 189 Licensed under the Apache License 2.0 (the "License"). You may not use
|
H A D | SSL_CTX_set_cipher_list.pod | 31 B<ssl> objects created from B<ctx>. This function does not impact TLSv1.3 74 usable and not depend on details of the library configuration (ciphers compiled 75 in). Thus no syntax checking takes place. Items that are not recognized, because 76 the corresponding ciphers are not compiled in or because they are mistyped, 95 When these conditions are not met for any cipher in the list (e.g. a 97 of 512 bits and the server is not configured to use temporary RSA 128 Licensed under the Apache License 2.0 (the "License"). You may not use
|
H A D | CMS_compress.pod | 23 If zlib support is not compiled into OpenSSL then CMS_compress() will return 40 practice and is not supported by SMIME_write_CMS(). 43 B<not> complete and outputting its contents via a function that does not 72 Licensed under the Apache License 2.0 (the "License"). You may not use
|
H A D | SSL_do_handshake.pod | 29 when the underlying BIO could not satisfy the needs of SSL_do_handshake() 47 The TLS/SSL handshake was not successful but was shut down controlled and 58 The TLS/SSL handshake was not successful because a fatal error occurred either 60 not clean. It can also occur if action is needed to continue the operation 76 Licensed under the Apache License 2.0 (the "License"). You may not use
|
H A D | SMIME_read_PKCS7.pod | 34 If B<*bcont> is not B<NULL> then the message is clear text 41 To support future functionality if B<bcont> is not B<NULL> 53 formats may not work. 56 encoded and will not handle the case where it is in binary format 83 Licensed under the Apache License 2.0 (the "License"). You may not use
|
H A D | BIO_f_null.pod | 20 behaves just as though the BIO was not there. 24 As may be apparent a null filter BIO is not particularly useful. 34 Licensed under the Apache License 2.0 (the "License"). You may not use
|
H A D | SSL_SESSION_is_resumable.pod | 17 to resume a session or not. Returns 1 if it can or 0 if not. Note that 39 Licensed under the Apache License 2.0 (the "License"). You may not use
|
H A D | SSL_inject_net_dgram.pod | 24 the length of the buffer in bytes. The buffer is copied and need not remain 29 the injected packet was not actually received from the network directly by 36 on a SSL object which is not a QUIC connection SSL object. 50 Licensed under the Apache License 2.0 (the "License"). You may not use
|
H A D | BIO_sendmmsg.pod | 76 support for I<local> has not been enabled, processing of that B<BIO_MSG> fails. 79 I<local> may not be available on all platforms; on these platforms, these 83 system does not report a local address for a specific received message, the 118 local address support is not available for the platform. 132 functionality to transmit or receive multiple messages at a time is not 138 the number of messages successfully processed (which need not be nonzero) to 159 available or not enabled on the BIO. 163 The I<peer> field was set to a non-NULL value, but peer address support is not 168 The BIO_sendmmsg() or BIO_recvmmsg() method is not supported on the BIO. 175 Implementations of this interface which do not make system calls and thereby [all …]
|
H A D | OSSL_CMP_ATAV_set0.pod | 52 they must B<not> be freed up after the call because their ownership 53 is transferred to I<atav>. The I<itav> pointer must not be NULL. 66 or NULL if I<atav> is NULL or does not contain an algId. 73 -1 if I<atav> is NULL or does not contain an rsaKeyLen or cannot be parsed, 91 OSSL_CMP_ATAV_set0() and OSSL_CMP_ATAV_free() do not return a value. 113 Licensed under the Apache License 2.0 (the "License"). You may not use
|
H A D | SSL_want.pod | 37 nonblocking I/O. Error conditions are not handled and must be treated 67 The operation did not complete because an application callback set by 73 The operation did not complete because a certificate verification callback 85 The asynchronous job could not be started because there were no async jobs 91 The operation did not complete because an application callback set by 119 Licensed under the Apache License 2.0 (the "License"). You may not use
|
/openssl/test/ssl-tests/ |
H A D | 21-key-update.cnf.in | 4 # Licensed under the Apache License 2.0 (the "License"). You may not use 19 name => "update-key-client-update-not-requested", 30 name => "update-key-server-update-not-requested",
|
H A D | 25-cipher.cnf | 11 test-6 = 6-cipher-server-pref-not-mobile 169 [6-cipher-server-pref-not-mobile] 170 ssl_conf = 6-cipher-server-pref-not-mobile-ssl 172 [6-cipher-server-pref-not-mobile-ssl] 173 server = 6-cipher-server-pref-not-mobile-server 174 client = 6-cipher-server-pref-not-mobile-client 176 [6-cipher-server-pref-not-mobile-server] 183 [6-cipher-server-pref-not-mobile-client]
|
/openssl/include/openssl/ |
H A D | ct.h.in | 6 * Licensed under the Apache License 2.0 (the "License"). You may not use 263 * Set *sig to point to the signature for the SCT. sig must not be NULL. 326 * Returns 0 if the SCT is invalid or could not be verified. 335 * Returns 0 if at least one SCT is invalid or could not be verified. 348 * "a" must not be NULL. 364 * "**pp" and "*pp" must not be NULL. 368 * not defined. 375 * "a" must not be NULL. 391 * "**pp" and "*pp" must not be NULL. 395 * not defined. [all …]
|
/openssl/doc/man1/ |
H A D | openssl-dhparam.pod.in | 54 this option is not specified. 59 Standard output is used if this option is not present. 62 Note that file I/O is not atomic. The output file is truncated and then written. 78 displays a warning if not. 83 input file is ignored and parameters are generated instead. If not 92 this option is not present but a generator (B<-2>, B<-3> or B<-5>) is 144 Licensed under the Apache License 2.0 (the "License"). You may not use
|
/openssl/doc/designs/quic-design/ |
H A D | connection-state-machine.md | 27 0-RTT is also not currently modelled in this analysis. 30 discerned from the requirements imposed. This does not mean that the 36 the handshake has been completed but not yet confirmed). 47 Handshake confirmation is not the same as handshake completion. 186 Key updates may not be initiated in the Terminating state. 350 <td>(packet processed if EL is not dropped)</td> 442 may not have been possible: 467 that we receive, thus this event may not always be raised. 532 this does not require modelling as additional state. 579 we are not in `TERMINATING` or `TERMINATED`. [all …]
|
H A D | quic-thread-assist.md | 17 However, on second glance, this does not even solve the problem, as 26 set calls, but the combination of the two would not be safe if the assist thread 36 application is not required to take the lock prior to connection 42 probably happen prior to initiating a connection, things may not be that bad. 68 - Post-handshake authentication is not allowed; 89 thread and may not be touched further. We would need to block all API calls 97 APIs we think have safe semantics here; e.g. implement only getters and not 100 enabled. Some APIs may not have ways to indicate failure; for such APIs which
|
/openssl/test/recipes/30-test_evp_data/ |
H A D | evppkey_ecdsa_sigalg.txt | 4 # Licensed under the Apache License 2.0 (the "License"). You may not use 184 # Test that a explicit curve is not allowed in fips mode 191 # Test that a curve with < 112 bits is not allowed in fips mode for signing 199 # Test that a non nist curve is not allowed in fips mode 207 # Test that SHA1 is not allowed in fips mode for signing 215 # Test that SHA1 is not allowed in fips mode for signing 243 # Test that SHA1 is not allowed in fips mode for signing 253 # Test that SHA1 is not allowed in fips mode for signing
|
H A D | evppkey_ecdsa.txt | 4 # Licensed under the Apache License 2.0 (the "License"). You may not use 185 # Test that a explicit curve is not allowed in fips mode 192 # Test that a curve with < 112 bits is not allowed in fips mode for signing 200 # Test that a non nist curve is not allowed in fips mode 208 # Test that SHA1 is not allowed in fips mode for signing 216 # Test that SHA1 is not allowed in fips mode for signing 244 # Test that SHA1 is not allowed in fips mode for signing 254 # Test that SHA1 is not allowed in fips mode for signing
|
/openssl/doc/man7/ |
H A D | EVP_SIGNATURE-ED25519.pod | 25 require access to the complete message (not a digest of the message). 29 not require access to the complete message; they operate on a hash of 37 instance, a nonempty context-string is not permitted. 82 instance is the explicit signature algorithm name, and may not be changed 85 If a context-string is not specified, then an empty context-string is 107 The PureEdDSA instances do not support the streaming mechanism of 112 The HashEdDSA instances do not yet support the streaming mechanisms 153 /* The input "params" is not needed if default options are acceptable. 177 Licensed under the Apache License 2.0 (the "License"). You may not use
|
H A D | EVP_RAND.pod | 29 it is in general not necessary to utilize the EVP_RAND API directly. 67 it does not make sense for the child to be an entropy source. 73 a live entropy source may ignore and not use its parent. 105 It is I<not> thread-safe to access the <primary> DRBG directly via the 220 It is possible to add I<additional input> not only during reseeding, 229 setting B<-DOPENSSL_DEFAULT_SEED_SRC=SEED-SRC>. If not set then 240 DRBG, depending on whether automatic reseeding is available or not. 245 Calling RAND_poll() or RAND_add() is not necessary, because the DRBG 259 reseed counter is not reset. 275 NOTE: Manual reseeding is *not allowed* in FIPS mode, because [all …]
|