Start documenting our new pet octopus, SSL_CTX_set_security_level(3).
Or should we call it a centipede?

Feedback and OK on a previous version from jsing@
and from our chief myriapodologist, tb@.

sort. alphanumerics have lower ASCII values than '_'

Install SSL_read_early_data.3. I should have done this during the last
libssl bump.

Add SSL_CTX_set_keylog_callback and SSL_CTX_get_keylog_callback

Some things in ports care about calling these functions. Since we will
not provide private key logging functionality they are document

Add SSL_CTX_set_keylog_callback and SSL_CTX_get_keylog_callback

Some things in ports care about calling these functions. Since we will
not provide private key logging functionality they are documented
as being for compatibility and that they don't do anything.

ok tb@

show more ...

provide a small manual page for the SSL_set_psk_use_session_callback(3)
stub, written from scratch;
OK tb@ on SSL_set_psk_use_session_callback.3

Merge the stub SSL_SESSION_is_resumable(3) manual page from the
OpenSSL 1.1.1 branch, which is still under a free license.
A few tweaks to wording and structure by me.
OK tb@ on SSL_SESSION_is_resuma

Merge the stub SSL_SESSION_is_resumable(3) manual page from the
OpenSSL 1.1.1 branch, which is still under a free license.
A few tweaks to wording and structure by me.
OK tb@ on SSL_SESSION_is_resumable.3

show more ...

Install SSL_SESSION_get0_cipher.3

Link SSL_get_finished.3 to build.

In ssl.h rev. 1.174 to 1.176, tb@ added some stubs related to 0-RTT data.
Write documentation from scratch explaining why we don't support 0-RTT
but how we stub it out instead.
Tweaks and OK tb@.

..

In ssl.h rev. 1.174 to 1.176, tb@ added some stubs related to 0-RTT data.
Write documentation from scratch explaining why we don't support 0-RTT
but how we stub it out instead.
Tweaks and OK tb@.

... and beck@ pointed out that this OpenSSL API is akin to adding a
laser sighting system to a giant blackpowder cannon that one keeps
blowing one's own feet to mangled scraps with ...

show more ...

Document the public function SSL_set_SSL_CTX(3) from scratch,
which is undocumented in OpenSSL but mentioned in passing in one
OpenSSL manual page, and which was recently mentioned by jsing@ when
wor

Document the public function SSL_set_SSL_CTX(3) from scratch,
which is undocumented in OpenSSL but mentioned in passing in one
OpenSSL manual page, and which was recently mentioned by jsing@ when
working on SSL_set_ciphersuites(3).
With corrections from and OK inoguchi@.

show more ...

Install the new page SSL_set1_host(3), link to it from relevant places,
and add two other .Xrs that might help readers find their way.
Update the merge notices of all files touched and
merge a few tr

Install the new page SSL_set1_host(3), link to it from relevant places,
and add two other .Xrs that might help readers find their way.
Update the merge notices of all files touched and
merge a few trivial changes from the OpenSSL 1.1.1 branch.
OK tb@

show more ...

Import SSL_CTX_add1_chain_cert(3) from OpenSSL branch 1.1.1, which is still
under a free license, omitting functions we don't have and tweaked by me;
the functions were provided by jsing@ in ssl.h re

Import SSL_CTX_add1_chain_cert(3) from OpenSSL branch 1.1.1, which is still
under a free license, omitting functions we don't have and tweaked by me;
the functions were provided by jsing@ in ssl.h rev. 1.166.

While here, also document SSL_CTX_get_extra_chain_certs(3) because
it is closely related to companion functions are already documented
and the API is kind of incomplete without it.

show more ...

In crypto.h rev. 1.43 and ssl.h rev. 1.153 2018/03/17 16:20:01, beck@
provided OPENSSL_init_crypto(3) and OPENSSL_init_ssl(3).
Write the documentation from scratch
because the text OpenSSL provides i

In crypto.h rev. 1.43 and ssl.h rev. 1.153 2018/03/17 16:20:01, beck@
provided OPENSSL_init_crypto(3) and OPENSSL_init_ssl(3).
Write the documentation from scratch
because the text OpenSSL provides is full of bloat.

show more ...

In ssl.h rev. 1.152 2018/03/17 15:55:52, tb@ provided
SSL_SESSION_has_ticket(3) and SSL_SESSION_get_ticket_lifetime_hint(3).
Merge the documentation from OpenSSL, tweaked by me.

Import SSL_CTX_set_tlsext_use_srtp(3) from OpenSSL, slightly tweaked by me.

In ssl.h rev. 1.141 2018/02/20 18:07:11, tb@ provided
SSL_SESSION_get_protocol_version(3).
Import the documentation form OpenSSL, tweaked by me, OK tb@.

In ssl.h rev. 1.139 2018/02/17 15:19:43 and rev. 1.140 2018/02/17 15:32:20,
jsing@ provided SSL_get_client_random(3), SSL_get_server_random(3), and
SSL_SESSION_get_master_key(3). Import the document

In ssl.h rev. 1.139 2018/02/17 15:19:43 and rev. 1.140 2018/02/17 15:32:20,
jsing@ provided SSL_get_client_random(3), SSL_get_server_random(3), and
SSL_SESSION_get_master_key(3). Import the documentation from OpenSSL,
with some tweaks.

show more ...

In ssl.h rev. 1.138 2018/02/17 15:13:12, jsing@ provided
SSL_CTX_get0_certificate(3). It is public in OpenSSL, too,
but OpenSSL has no documentation, so write some from scratch.

import SSL_export_keying_material(3) from OpenSSL

Import SSL_CTX_set_min_proto_version(3) from OpenSSL, suggested by jsing@.
While importing:
* Fix the prototypes, they all contained wrong datatypes.
* Delete SSL3_VERSION which is no longer supporte

Import SSL_CTX_set_min_proto_version(3) from OpenSSL, suggested by jsing@.
While importing:
* Fix the prototypes, they all contained wrong datatypes.
* Delete SSL3_VERSION which is no longer supported.
* Delete TLS1_3_VERSION and DTLS1_2_VERSION, not yet supported.
* Delete the lie that these would be macros.
* Improve SEE ALSO and HISTORY sections.

show more ...

Import the SSL_CTX_set1_groups(3) manual page from OpenSSL, deleting
the read accessors we don't have and fixing the prototypes - the
data type of each and every argument differs in the OpenSSL manua

Import the SSL_CTX_set1_groups(3) manual page from OpenSSL, deleting
the read accessors we don't have and fixing the prototypes - the
data type of each and every argument differs in the OpenSSL manuals.
Reference the new page from SSL_set_tmp_ecdh(3) as suggested by jsing@.

show more ...

New manual page SSL_set_tmp_ecdh(3) written from scratch.
Feedback and OK jsing@.

new manual page SSL_get_server_tmp_key(3)
from Matt Caswell <matt@openssl.org>, OpenSSL commit 508fafd8

Additional SSL_SESSION documentation
from Matt Caswell <matt at openssl dot org>, OpenSSL commit b31db505.
Improve crosslinking while here.

new manual page SSL_CTX_set_tlsext_servername_callback(3) for SNI;
from <Jon dot Spillett at oracle dot com>
via OpenSSL commit 8c55c461