| /openssl/doc/man3/ |
| H A D | SSL_CTX_set_generate_session_id.pod | 37 The length of the session id is between 1 and 32 bytes. The session id is not
39 transmitted in the clear when reusing the session so it must not contain
64 If an id conflict is not resolved, the handshake will fail.
68 no confidential information is leaked this way). If the application can not
70 fill in the bytes not used to code special information with random data
74 not the external one. Since the session id is generated before the
75 handshake is completed, it is not immediately added to the cache. If
79 the external cache is not tested with SSL_has_matching_session_id()
133 Licensed under the Apache License 2.0 (the "License"). You may not use
|
| H A D | SSL_get_extms_support.pod | 23 master secret, 0 if it did not and -1 if a handshake is currently in
24 progress i.e. it is not possible to determine if extended master secret
35 Licensed under the Apache License 2.0 (the "License"). You may not use
|
| H A D | SSL_CTX_dane_enable.pod | 91 authentication success in this case does not mean that the peer was
103 If the B<mcert> argument is not B<NULL> and a TLSA record matched a chain
106 must not be freed by the application.
130 If any of these parameters is NULL, the corresponding field is not returned.
132 data field and must not be freed by the application.
160 do not execute scripts downloaded from remote servers.
171 not match the digest algorithm, or a C<Full(0)> (binary ASN.1 DER form)
175 negative value when DANE authentication failed or was not enabled, a
274 * complete the handshake, check the verification status, and if not
298 * Resumed session was not originally verified, this connection is not
[all …]
|
| H A D | SSL_CTX_set_alpn_select_cb.pod | 60 is NULL, ALPN is not used. The B<arg> value is a pointer which is passed to
106 memory will not be modified, but the B<SSL> does keep a
113 is set to 0 if no protocol has been selected. B<data> must not be freed.
116 client's requested protocol for this connection. If the client did not
117 request any protocol or NPN is not enabled, then B<data> is set to NULL and
120 this function need not be a member of the list of supported protocols
131 nonempty, 8-bit length-prefixed, byte strings. The length-prefix byte is not
134 vector is not in the vector itself, but in a separate variable.
147 If there is no ALPN proposed in the ClientHello, the ALPN callback is not
186 ALPN protocol not selected, e.g., because no ALPN protocols are configured for
[all …]
|
| H A D | EVP_aes_128_gcm.pod | 103 WARNING: this is not intended for usage outside of TLS and requires calling of
104 some undocumented ctrl functions. These ciphers do not conform to the EVP AEAD
114 WARNING: this is not intended for usage outside of TLS and requires calling of
115 some undocumented ctrl functions. These ciphers do not conform to the EVP AEAD
151 XTS-AES provides confidentiality but not authentication of data. It also
157 The XTS implementation in OpenSSL does not support streaming. That is there must
189 Licensed under the Apache License 2.0 (the "License"). You may not use
|
| H A D | SSL_CTX_set_cipher_list.pod | 31 B<ssl> objects created from B<ctx>. This function does not impact TLSv1.3
74 usable and not depend on details of the library configuration (ciphers compiled
75 in). Thus no syntax checking takes place. Items that are not recognized, because
76 the corresponding ciphers are not compiled in or because they are mistyped,
95 When these conditions are not met for any cipher in the list (e.g. a
97 of 512 bits and the server is not configured to use temporary RSA
128 Licensed under the Apache License 2.0 (the "License"). You may not use
|
| H A D | CMS_compress.pod | 23 If zlib support is not compiled into OpenSSL then CMS_compress() will return
40 practice and is not supported by SMIME_write_CMS().
43 B<not> complete and outputting its contents via a function that does not
72 Licensed under the Apache License 2.0 (the "License"). You may not use
|
| H A D | SSL_do_handshake.pod | 29 when the underlying BIO could not satisfy the needs of SSL_do_handshake()
47 The TLS/SSL handshake was not successful but was shut down controlled and
58 The TLS/SSL handshake was not successful because a fatal error occurred either
60 not clean. It can also occur if action is needed to continue the operation
76 Licensed under the Apache License 2.0 (the "License"). You may not use
|
| H A D | SMIME_read_PKCS7.pod | 34 If B<*bcont> is not B<NULL> then the message is clear text
41 To support future functionality if B<bcont> is not B<NULL>
53 formats may not work.
56 encoded and will not handle the case where it is in binary format
83 Licensed under the Apache License 2.0 (the "License"). You may not use
|
| H A D | BIO_f_null.pod | 20 behaves just as though the BIO was not there.
24 As may be apparent a null filter BIO is not particularly useful.
34 Licensed under the Apache License 2.0 (the "License"). You may not use
|
| H A D | SSL_SESSION_is_resumable.pod | 17 to resume a session or not. Returns 1 if it can or 0 if not. Note that
39 Licensed under the Apache License 2.0 (the "License"). You may not use
|
| H A D | SSL_inject_net_dgram.pod | 24 the length of the buffer in bytes. The buffer is copied and need not remain
29 the injected packet was not actually received from the network directly by
36 on a SSL object which is not a QUIC connection SSL object.
50 Licensed under the Apache License 2.0 (the "License"). You may not use
|
| H A D | BIO_sendmmsg.pod | 76 support for I<local> has not been enabled, processing of that B<BIO_MSG> fails.
79 I<local> may not be available on all platforms; on these platforms, these
83 system does not report a local address for a specific received message, the
118 local address support is not available for the platform.
132 functionality to transmit or receive multiple messages at a time is not
138 the number of messages successfully processed (which need not be nonzero) to
159 available or not enabled on the BIO.
163 The I<peer> field was set to a non-NULL value, but peer address support is not
168 The BIO_sendmmsg() or BIO_recvmmsg() method is not supported on the BIO.
175 Implementations of this interface which do not make system calls and thereby
[all …]
|
| H A D | OSSL_CMP_ATAV_set0.pod | 52 they must B<not> be freed up after the call because their ownership
53 is transferred to I<atav>. The I<itav> pointer must not be NULL.
66 or NULL if I<atav> is NULL or does not contain an algId.
73 -1 if I<atav> is NULL or does not contain an rsaKeyLen or cannot be parsed,
91 OSSL_CMP_ATAV_set0() and OSSL_CMP_ATAV_free() do not return a value.
113 Licensed under the Apache License 2.0 (the "License"). You may not use
|
| H A D | SSL_want.pod | 37 nonblocking I/O. Error conditions are not handled and must be treated
67 The operation did not complete because an application callback set by
73 The operation did not complete because a certificate verification callback
85 The asynchronous job could not be started because there were no async jobs
91 The operation did not complete because an application callback set by
119 Licensed under the Apache License 2.0 (the "License"). You may not use
|
| /openssl/test/ssl-tests/ |
| H A D | 21-key-update.cnf.in | 4 # Licensed under the Apache License 2.0 (the "License"). You may not use
19 name => "update-key-client-update-not-requested",
30 name => "update-key-server-update-not-requested",
|
| H A D | 25-cipher.cnf | 11 test-6 = 6-cipher-server-pref-not-mobile
169 [6-cipher-server-pref-not-mobile]
170 ssl_conf = 6-cipher-server-pref-not-mobile-ssl
172 [6-cipher-server-pref-not-mobile-ssl]
173 server = 6-cipher-server-pref-not-mobile-server
174 client = 6-cipher-server-pref-not-mobile-client
176 [6-cipher-server-pref-not-mobile-server]
183 [6-cipher-server-pref-not-mobile-client]
|
| /openssl/include/openssl/ |
| H A D | ct.h.in | 6 * Licensed under the Apache License 2.0 (the "License"). You may not use
263 * Set *sig to point to the signature for the SCT. sig must not be NULL.
326 * Returns 0 if the SCT is invalid or could not be verified.
335 * Returns 0 if at least one SCT is invalid or could not be verified.
348 * "a" must not be NULL.
364 * "**pp" and "*pp" must not be NULL.
368 * not defined.
375 * "a" must not be NULL.
391 * "**pp" and "*pp" must not be NULL.
395 * not defined.
[all …]
|
| /openssl/doc/man1/ |
| H A D | openssl-dhparam.pod.in | 54 this option is not specified.
59 Standard output is used if this option is not present.
62 Note that file I/O is not atomic. The output file is truncated and then written.
78 displays a warning if not.
83 input file is ignored and parameters are generated instead. If not
92 this option is not present but a generator (B<-2>, B<-3> or B<-5>) is
144 Licensed under the Apache License 2.0 (the "License"). You may not use
|
| /openssl/doc/designs/quic-design/ |
| H A D | connection-state-machine.md | 27 0-RTT is also not currently modelled in this analysis.
30 discerned from the requirements imposed. This does not mean that the
36 the handshake has been completed but not yet confirmed).
47 Handshake confirmation is not the same as handshake completion.
186 Key updates may not be initiated in the Terminating state.
350 <td>(packet processed if EL is not dropped)</td>
442 may not have been possible:
467 that we receive, thus this event may not always be raised.
532 this does not require modelling as additional state.
579 we are not in `TERMINATING` or `TERMINATED`.
[all …]
|
| H A D | quic-thread-assist.md | 17 However, on second glance, this does not even solve the problem, as
26 set calls, but the combination of the two would not be safe if the assist thread
36 application is not required to take the lock prior to connection
42 probably happen prior to initiating a connection, things may not be that bad.
68 - Post-handshake authentication is not allowed;
89 thread and may not be touched further. We would need to block all API calls
97 APIs we think have safe semantics here; e.g. implement only getters and not
100 enabled. Some APIs may not have ways to indicate failure; for such APIs which
|
| /openssl/test/recipes/30-test_evp_data/ |
| H A D | evppkey_ecdsa_sigalg.txt | 4 # Licensed under the Apache License 2.0 (the "License"). You may not use
184 # Test that a explicit curve is not allowed in fips mode
191 # Test that a curve with < 112 bits is not allowed in fips mode for signing
199 # Test that a non nist curve is not allowed in fips mode
207 # Test that SHA1 is not allowed in fips mode for signing
215 # Test that SHA1 is not allowed in fips mode for signing
243 # Test that SHA1 is not allowed in fips mode for signing
253 # Test that SHA1 is not allowed in fips mode for signing
|
| H A D | evppkey_ecdsa.txt | 4 # Licensed under the Apache License 2.0 (the "License"). You may not use
185 # Test that a explicit curve is not allowed in fips mode
192 # Test that a curve with < 112 bits is not allowed in fips mode for signing
200 # Test that a non nist curve is not allowed in fips mode
208 # Test that SHA1 is not allowed in fips mode for signing
216 # Test that SHA1 is not allowed in fips mode for signing
244 # Test that SHA1 is not allowed in fips mode for signing
254 # Test that SHA1 is not allowed in fips mode for signing
|
| /openssl/doc/man7/ |
| H A D | EVP_SIGNATURE-ED25519.pod | 25 require access to the complete message (not a digest of the message).
29 not require access to the complete message; they operate on a hash of
37 instance, a nonempty context-string is not permitted.
82 instance is the explicit signature algorithm name, and may not be changed
85 If a context-string is not specified, then an empty context-string is
107 The PureEdDSA instances do not support the streaming mechanism of
112 The HashEdDSA instances do not yet support the streaming mechanisms
153 /* The input "params" is not needed if default options are acceptable.
177 Licensed under the Apache License 2.0 (the "License"). You may not use
|
| H A D | EVP_RAND.pod | 29 it is in general not necessary to utilize the EVP_RAND API directly.
67 it does not make sense for the child to be an entropy source.
73 a live entropy source may ignore and not use its parent.
105 It is I<not> thread-safe to access the <primary> DRBG directly via the
220 It is possible to add I<additional input> not only during reseeding,
229 setting B<-DOPENSSL_DEFAULT_SEED_SRC=SEED-SRC>. If not set then
240 DRBG, depending on whether automatic reseeding is available or not.
245 Calling RAND_poll() or RAND_add() is not necessary, because the DRBG
259 reseed counter is not reset.
275 NOTE: Manual reseeding is *not allowed* in FIPS mode, because
[all …]
|
