From aa4d426b4d3527d7e166df1a05058c9a4a0f6683 Mon Sep 17 00:00:00 2001 From: Wojtek Kosior Date: Fri, 30 Apr 2021 00:33:56 +0200 Subject: initial/final commit --- openssl-1.1.0h/doc/HOWTO/certificates.txt | 110 +++ openssl-1.1.0h/doc/HOWTO/keys.txt | 105 +++ openssl-1.1.0h/doc/HOWTO/proxy_certificates.txt | 319 ++++++++ openssl-1.1.0h/doc/README | 20 + openssl-1.1.0h/doc/apps/CA.pl.pod | 214 +++++ openssl-1.1.0h/doc/apps/asn1parse.pod | 209 +++++ openssl-1.1.0h/doc/apps/ca.pod | 724 +++++++++++++++++ openssl-1.1.0h/doc/apps/ciphers.pod | 731 +++++++++++++++++ openssl-1.1.0h/doc/apps/cms.pod | 738 +++++++++++++++++ openssl-1.1.0h/doc/apps/config.pod | 387 +++++++++ openssl-1.1.0h/doc/apps/crl.pod | 143 ++++ openssl-1.1.0h/doc/apps/crl2pkcs7.pod | 106 +++ openssl-1.1.0h/doc/apps/dgst.pod | 239 ++++++ openssl-1.1.0h/doc/apps/dhparam.pod | 160 ++++ openssl-1.1.0h/doc/apps/dsa.pod | 179 ++++ openssl-1.1.0h/doc/apps/dsaparam.pod | 125 +++ openssl-1.1.0h/doc/apps/ec.pod | 207 +++++ openssl-1.1.0h/doc/apps/ecparam.pod | 186 +++++ openssl-1.1.0h/doc/apps/enc.pod | 354 ++++++++ openssl-1.1.0h/doc/apps/engine.pod | 115 +++ openssl-1.1.0h/doc/apps/errstr.pod | 46 ++ openssl-1.1.0h/doc/apps/gendsa.pod | 92 +++ openssl-1.1.0h/doc/apps/genpkey.pod | 278 +++++++ openssl-1.1.0h/doc/apps/genrsa.pod | 119 +++ openssl-1.1.0h/doc/apps/list.pod | 82 ++ openssl-1.1.0h/doc/apps/nseq.pod | 85 ++ openssl-1.1.0h/doc/apps/ocsp.pod | 467 +++++++++++ openssl-1.1.0h/doc/apps/openssl.pod | 461 +++++++++++ openssl-1.1.0h/doc/apps/passwd.pod | 97 +++ openssl-1.1.0h/doc/apps/pkcs12.pod | 381 +++++++++ openssl-1.1.0h/doc/apps/pkcs7.pod | 120 +++ openssl-1.1.0h/doc/apps/pkcs8.pod | 302 +++++++ openssl-1.1.0h/doc/apps/pkey.pod | 156 ++++ openssl-1.1.0h/doc/apps/pkeyparam.pod | 83 ++ openssl-1.1.0h/doc/apps/pkeyutl.pod | 293 +++++++ openssl-1.1.0h/doc/apps/rand.pod | 70 ++ openssl-1.1.0h/doc/apps/rehash.pod | 140 ++++ openssl-1.1.0h/doc/apps/req.pod | 662 +++++++++++++++ openssl-1.1.0h/doc/apps/rsa.pod | 217 +++++ openssl-1.1.0h/doc/apps/rsautl.pod | 205 +++++ openssl-1.1.0h/doc/apps/s_client.pod | 619 ++++++++++++++ openssl-1.1.0h/doc/apps/s_server.pod | 616 ++++++++++++++ openssl-1.1.0h/doc/apps/s_time.pod | 195 +++++ openssl-1.1.0h/doc/apps/sess_id.pod | 164 ++++ openssl-1.1.0h/doc/apps/smime.pod | 518 ++++++++++++ openssl-1.1.0h/doc/apps/speed.pod | 68 ++ openssl-1.1.0h/doc/apps/spkac.pod | 148 ++++ openssl-1.1.0h/doc/apps/ts.pod | 662 +++++++++++++++ openssl-1.1.0h/doc/apps/tsget.pod | 200 +++++ openssl-1.1.0h/doc/apps/verify.pod | 725 +++++++++++++++++ openssl-1.1.0h/doc/apps/version.pod | 81 ++ openssl-1.1.0h/doc/apps/x509.pod | 898 +++++++++++++++++++++ openssl-1.1.0h/doc/apps/x509v3_config.pod | 541 +++++++++++++ .../doc/crypto/ASN1_INTEGER_get_int64.pod | 133 +++ openssl-1.1.0h/doc/crypto/ASN1_OBJECT_new.pod | 51 ++ openssl-1.1.0h/doc/crypto/ASN1_STRING_length.pod | 93 +++ openssl-1.1.0h/doc/crypto/ASN1_STRING_new.pod | 52 ++ openssl-1.1.0h/doc/crypto/ASN1_STRING_print_ex.pod | 105 +++ openssl-1.1.0h/doc/crypto/ASN1_TIME_set.pod | 138 ++++ openssl-1.1.0h/doc/crypto/ASN1_TYPE_get.pod | 100 +++ openssl-1.1.0h/doc/crypto/ASN1_generate_nconf.pod | 270 +++++++ openssl-1.1.0h/doc/crypto/ASYNC_WAIT_CTX_new.pod | 144 ++++ openssl-1.1.0h/doc/crypto/ASYNC_start_job.pod | 330 ++++++++ openssl-1.1.0h/doc/crypto/BF_encrypt.pod | 117 +++ openssl-1.1.0h/doc/crypto/BIO_ADDR.pod | 125 +++ openssl-1.1.0h/doc/crypto/BIO_ADDRINFO.pod | 91 +++ openssl-1.1.0h/doc/crypto/BIO_connect.pod | 112 +++ openssl-1.1.0h/doc/crypto/BIO_ctrl.pod | 136 ++++ openssl-1.1.0h/doc/crypto/BIO_f_base64.pod | 91 +++ openssl-1.1.0h/doc/crypto/BIO_f_buffer.pod | 92 +++ openssl-1.1.0h/doc/crypto/BIO_f_cipher.pod | 81 ++ openssl-1.1.0h/doc/crypto/BIO_f_md.pod | 156 ++++ openssl-1.1.0h/doc/crypto/BIO_f_null.pod | 39 + openssl-1.1.0h/doc/crypto/BIO_f_ssl.pod | 298 +++++++ openssl-1.1.0h/doc/crypto/BIO_find_type.pod | 69 ++ openssl-1.1.0h/doc/crypto/BIO_get_data.pod | 65 ++ openssl-1.1.0h/doc/crypto/BIO_get_ex_new_index.pod | 64 ++ openssl-1.1.0h/doc/crypto/BIO_meth_new.pod | 131 +++ openssl-1.1.0h/doc/crypto/BIO_new.pod | 72 ++ openssl-1.1.0h/doc/crypto/BIO_new_CMS.pod | 75 ++ openssl-1.1.0h/doc/crypto/BIO_parse_hostserv.pod | 74 ++ openssl-1.1.0h/doc/crypto/BIO_printf.pod | 50 ++ openssl-1.1.0h/doc/crypto/BIO_push.pod | 89 ++ openssl-1.1.0h/doc/crypto/BIO_read.pod | 77 ++ openssl-1.1.0h/doc/crypto/BIO_s_accept.pod | 222 +++++ openssl-1.1.0h/doc/crypto/BIO_s_bio.pod | 201 +++++ openssl-1.1.0h/doc/crypto/BIO_s_connect.pod | 200 +++++ openssl-1.1.0h/doc/crypto/BIO_s_fd.pod | 98 +++ openssl-1.1.0h/doc/crypto/BIO_s_file.pod | 159 ++++ openssl-1.1.0h/doc/crypto/BIO_s_mem.pod | 124 +++ openssl-1.1.0h/doc/crypto/BIO_s_null.pod | 44 + openssl-1.1.0h/doc/crypto/BIO_s_socket.pod | 54 ++ openssl-1.1.0h/doc/crypto/BIO_set_callback.pod | 221 +++++ openssl-1.1.0h/doc/crypto/BIO_should_retry.pod | 132 +++ openssl-1.1.0h/doc/crypto/BN_BLINDING_new.pod | 122 +++ openssl-1.1.0h/doc/crypto/BN_CTX_new.pod | 76 ++ openssl-1.1.0h/doc/crypto/BN_CTX_start.pod | 57 ++ openssl-1.1.0h/doc/crypto/BN_add.pod | 127 +++ openssl-1.1.0h/doc/crypto/BN_add_word.pod | 61 ++ openssl-1.1.0h/doc/crypto/BN_bn2bin.pod | 116 +++ openssl-1.1.0h/doc/crypto/BN_cmp.pod | 47 ++ openssl-1.1.0h/doc/crypto/BN_copy.pod | 69 ++ openssl-1.1.0h/doc/crypto/BN_generate_prime.pod | 194 +++++ openssl-1.1.0h/doc/crypto/BN_mod_inverse.pod | 41 + .../doc/crypto/BN_mod_mul_montgomery.pod | 90 +++ .../doc/crypto/BN_mod_mul_reciprocal.pod | 76 ++ openssl-1.1.0h/doc/crypto/BN_new.pod | 63 ++ openssl-1.1.0h/doc/crypto/BN_num_bytes.pod | 61 ++ openssl-1.1.0h/doc/crypto/BN_rand.pod | 67 ++ openssl-1.1.0h/doc/crypto/BN_set_bit.pod | 69 ++ openssl-1.1.0h/doc/crypto/BN_swap.pod | 26 + openssl-1.1.0h/doc/crypto/BN_zero.pod | 70 ++ openssl-1.1.0h/doc/crypto/BUF_MEM_new.pod | 77 ++ openssl-1.1.0h/doc/crypto/CMS_add0_cert.pod | 71 ++ .../doc/crypto/CMS_add1_recipient_cert.pod | 66 ++ openssl-1.1.0h/doc/crypto/CMS_add1_signer.pod | 106 +++ openssl-1.1.0h/doc/crypto/CMS_compress.pod | 81 ++ openssl-1.1.0h/doc/crypto/CMS_decrypt.pod | 81 ++ openssl-1.1.0h/doc/crypto/CMS_encrypt.pod | 104 +++ openssl-1.1.0h/doc/crypto/CMS_final.pod | 46 ++ .../doc/crypto/CMS_get0_RecipientInfos.pod | 130 +++ openssl-1.1.0h/doc/crypto/CMS_get0_SignerInfos.pod | 89 ++ openssl-1.1.0h/doc/crypto/CMS_get0_type.pod | 81 ++ .../doc/crypto/CMS_get1_ReceiptRequest.pod | 72 ++ openssl-1.1.0h/doc/crypto/CMS_sign.pod | 128 +++ openssl-1.1.0h/doc/crypto/CMS_sign_receipt.pod | 50 ++ openssl-1.1.0h/doc/crypto/CMS_uncompress.pod | 59 ++ openssl-1.1.0h/doc/crypto/CMS_verify.pod | 131 +++ openssl-1.1.0h/doc/crypto/CMS_verify_receipt.pod | 52 ++ openssl-1.1.0h/doc/crypto/CONF_modules_free.pod | 62 ++ .../doc/crypto/CONF_modules_load_file.pod | 135 ++++ .../doc/crypto/CRYPTO_THREAD_run_once.pod | 170 ++++ .../doc/crypto/CRYPTO_get_ex_new_index.pod | 166 ++++ .../doc/crypto/CTLOG_STORE_get0_log_by_id.pod | 49 ++ openssl-1.1.0h/doc/crypto/CTLOG_STORE_new.pod | 79 ++ openssl-1.1.0h/doc/crypto/CTLOG_new.pod | 72 ++ .../doc/crypto/CT_POLICY_EVAL_CTX_new.pod | 111 +++ openssl-1.1.0h/doc/crypto/DEFINE_STACK_OF.pod | 241 ++++++ openssl-1.1.0h/doc/crypto/DES_random_key.pod | 310 +++++++ openssl-1.1.0h/doc/crypto/DH_generate_key.pod | 54 ++ .../doc/crypto/DH_generate_parameters.pod | 134 +++ openssl-1.1.0h/doc/crypto/DH_get0_pqg.pod | 110 +++ openssl-1.1.0h/doc/crypto/DH_get_1024_160.pod | 74 ++ openssl-1.1.0h/doc/crypto/DH_meth_new.pod | 156 ++++ openssl-1.1.0h/doc/crypto/DH_new.pod | 46 ++ openssl-1.1.0h/doc/crypto/DH_set_method.pod | 88 ++ openssl-1.1.0h/doc/crypto/DH_size.pod | 47 ++ openssl-1.1.0h/doc/crypto/DSA_SIG_new.pod | 58 ++ openssl-1.1.0h/doc/crypto/DSA_do_sign.pod | 52 ++ openssl-1.1.0h/doc/crypto/DSA_dup_DH.pod | 41 + openssl-1.1.0h/doc/crypto/DSA_generate_key.pod | 39 + .../doc/crypto/DSA_generate_parameters.pod | 122 +++ openssl-1.1.0h/doc/crypto/DSA_get0_pqg.pod | 102 +++ openssl-1.1.0h/doc/crypto/DSA_meth_new.pod | 193 +++++ openssl-1.1.0h/doc/crypto/DSA_new.pod | 48 ++ openssl-1.1.0h/doc/crypto/DSA_set_method.pod | 88 ++ openssl-1.1.0h/doc/crypto/DSA_sign.pod | 70 ++ openssl-1.1.0h/doc/crypto/DSA_size.pod | 44 + openssl-1.1.0h/doc/crypto/ECDSA_SIG_new.pod | 207 +++++ openssl-1.1.0h/doc/crypto/ECPKParameters_print.pod | 44 + openssl-1.1.0h/doc/crypto/EC_GFp_simple_method.pod | 69 ++ openssl-1.1.0h/doc/crypto/EC_GROUP_copy.pod | 206 +++++ openssl-1.1.0h/doc/crypto/EC_GROUP_new.pod | 120 +++ openssl-1.1.0h/doc/crypto/EC_KEY_get_enc_flags.pod | 59 ++ openssl-1.1.0h/doc/crypto/EC_KEY_new.pod | 183 +++++ openssl-1.1.0h/doc/crypto/EC_POINT_add.pod | 80 ++ openssl-1.1.0h/doc/crypto/EC_POINT_new.pod | 196 +++++ openssl-1.1.0h/doc/crypto/ENGINE_add.pod | 621 ++++++++++++++ openssl-1.1.0h/doc/crypto/ERR_GET_LIB.pod | 66 ++ openssl-1.1.0h/doc/crypto/ERR_clear_error.pod | 34 + openssl-1.1.0h/doc/crypto/ERR_error_string.pod | 74 ++ openssl-1.1.0h/doc/crypto/ERR_get_error.pod | 79 ++ .../doc/crypto/ERR_load_crypto_strings.pod | 62 ++ openssl-1.1.0h/doc/crypto/ERR_load_strings.pod | 58 ++ openssl-1.1.0h/doc/crypto/ERR_print_errors.pod | 60 ++ openssl-1.1.0h/doc/crypto/ERR_put_error.pod | 76 ++ openssl-1.1.0h/doc/crypto/ERR_remove_state.pod | 53 ++ openssl-1.1.0h/doc/crypto/ERR_set_mark.pod | 39 + openssl-1.1.0h/doc/crypto/EVP_BytesToKey.pod | 78 ++ .../doc/crypto/EVP_CIPHER_CTX_get_cipher_data.pod | 51 ++ openssl-1.1.0h/doc/crypto/EVP_CIPHER_meth_new.pod | 253 ++++++ openssl-1.1.0h/doc/crypto/EVP_DigestInit.pod | 259 ++++++ openssl-1.1.0h/doc/crypto/EVP_DigestSignInit.pod | 96 +++ openssl-1.1.0h/doc/crypto/EVP_DigestVerifyInit.pod | 91 +++ openssl-1.1.0h/doc/crypto/EVP_EncodeInit.pod | 162 ++++ openssl-1.1.0h/doc/crypto/EVP_EncryptInit.pod | 661 +++++++++++++++ openssl-1.1.0h/doc/crypto/EVP_MD_meth_new.pod | 179 ++++ openssl-1.1.0h/doc/crypto/EVP_OpenInit.pod | 70 ++ openssl-1.1.0h/doc/crypto/EVP_PKEY_ASN1_METHOD.pod | 358 ++++++++ openssl-1.1.0h/doc/crypto/EVP_PKEY_CTX_ctrl.pod | 154 ++++ openssl-1.1.0h/doc/crypto/EVP_PKEY_CTX_new.pod | 62 ++ .../doc/crypto/EVP_PKEY_CTX_set_hkdf_md.pod | 128 +++ .../doc/crypto/EVP_PKEY_CTX_set_tls1_prf_md.pod | 108 +++ .../doc/crypto/EVP_PKEY_asn1_get_count.pod | 80 ++ openssl-1.1.0h/doc/crypto/EVP_PKEY_cmp.pod | 73 ++ openssl-1.1.0h/doc/crypto/EVP_PKEY_decrypt.pod | 102 +++ openssl-1.1.0h/doc/crypto/EVP_PKEY_derive.pod | 102 +++ openssl-1.1.0h/doc/crypto/EVP_PKEY_encrypt.pod | 108 +++ .../doc/crypto/EVP_PKEY_get_default_digest_nid.pod | 50 ++ openssl-1.1.0h/doc/crypto/EVP_PKEY_keygen.pod | 175 ++++ openssl-1.1.0h/doc/crypto/EVP_PKEY_new.pod | 61 ++ .../doc/crypto/EVP_PKEY_print_private.pod | 62 ++ openssl-1.1.0h/doc/crypto/EVP_PKEY_set1_RSA.pod | 131 +++ openssl-1.1.0h/doc/crypto/EVP_PKEY_sign.pod | 115 +++ openssl-1.1.0h/doc/crypto/EVP_PKEY_verify.pod | 100 +++ .../doc/crypto/EVP_PKEY_verify_recover.pod | 112 +++ openssl-1.1.0h/doc/crypto/EVP_SealInit.pod | 90 +++ openssl-1.1.0h/doc/crypto/EVP_SignInit.pod | 105 +++ openssl-1.1.0h/doc/crypto/EVP_VerifyInit.pod | 94 +++ openssl-1.1.0h/doc/crypto/HMAC.pod | 152 ++++ openssl-1.1.0h/doc/crypto/MD5.pod | 101 +++ openssl-1.1.0h/doc/crypto/MDC2_Init.pod | 68 ++ openssl-1.1.0h/doc/crypto/OBJ_nid2obj.pod | 198 +++++ openssl-1.1.0h/doc/crypto/OCSP_REQUEST_new.pod | 118 +++ openssl-1.1.0h/doc/crypto/OCSP_cert_to_id.pod | 89 ++ .../doc/crypto/OCSP_request_add1_nonce.pod | 84 ++ .../doc/crypto/OCSP_resp_find_status.pod | 152 ++++ openssl-1.1.0h/doc/crypto/OCSP_response_status.pod | 100 +++ openssl-1.1.0h/doc/crypto/OCSP_sendreq_new.pod | 122 +++ openssl-1.1.0h/doc/crypto/OPENSSL_Applink.pod | 31 + openssl-1.1.0h/doc/crypto/OPENSSL_LH_COMPFUNC.pod | 239 ++++++ openssl-1.1.0h/doc/crypto/OPENSSL_LH_stats.pod | 64 ++ .../doc/crypto/OPENSSL_VERSION_NUMBER.pod | 111 +++ openssl-1.1.0h/doc/crypto/OPENSSL_config.pod | 74 ++ openssl-1.1.0h/doc/crypto/OPENSSL_ia32cap.pod | 140 ++++ openssl-1.1.0h/doc/crypto/OPENSSL_init_crypto.pod | 245 ++++++ .../doc/crypto/OPENSSL_instrument_bus.pod | 53 ++ .../doc/crypto/OPENSSL_load_builtin_modules.pod | 56 ++ openssl-1.1.0h/doc/crypto/OPENSSL_malloc.pod | 207 +++++ .../doc/crypto/OPENSSL_secure_malloc.pod | 131 +++ .../doc/crypto/OpenSSL_add_all_algorithms.pod | 90 +++ openssl-1.1.0h/doc/crypto/PEM_read.pod | 127 +++ openssl-1.1.0h/doc/crypto/PEM_read_CMS.pod | 97 +++ .../doc/crypto/PEM_read_bio_PrivateKey.pod | 481 +++++++++++ .../doc/crypto/PEM_write_bio_CMS_stream.pod | 50 ++ .../doc/crypto/PEM_write_bio_PKCS7_stream.pod | 49 ++ openssl-1.1.0h/doc/crypto/PKCS12_create.pod | 76 ++ openssl-1.1.0h/doc/crypto/PKCS12_newpass.pod | 115 +++ openssl-1.1.0h/doc/crypto/PKCS12_parse.pod | 71 ++ openssl-1.1.0h/doc/crypto/PKCS5_PBKDF2_HMAC.pod | 73 ++ openssl-1.1.0h/doc/crypto/PKCS7_decrypt.pod | 57 ++ openssl-1.1.0h/doc/crypto/PKCS7_encrypt.pod | 88 ++ openssl-1.1.0h/doc/crypto/PKCS7_sign.pod | 124 +++ .../doc/crypto/PKCS7_sign_add_signer.pod | 96 +++ openssl-1.1.0h/doc/crypto/PKCS7_verify.pod | 128 +++ openssl-1.1.0h/doc/crypto/RAND_add.pod | 79 ++ openssl-1.1.0h/doc/crypto/RAND_bytes.pod | 58 ++ openssl-1.1.0h/doc/crypto/RAND_cleanup.pod | 42 + openssl-1.1.0h/doc/crypto/RAND_egd.pod | 87 ++ openssl-1.1.0h/doc/crypto/RAND_load_file.pod | 79 ++ openssl-1.1.0h/doc/crypto/RAND_set_rand_method.pod | 81 ++ openssl-1.1.0h/doc/crypto/RC4_set_key.pod | 66 ++ openssl-1.1.0h/doc/crypto/RIPEMD160_Init.pod | 72 ++ openssl-1.1.0h/doc/crypto/RSA_blinding_on.pod | 44 + openssl-1.1.0h/doc/crypto/RSA_check_key.pod | 84 ++ openssl-1.1.0h/doc/crypto/RSA_generate_key.pod | 88 ++ openssl-1.1.0h/doc/crypto/RSA_get0_key.pod | 112 +++ openssl-1.1.0h/doc/crypto/RSA_meth_new.pod | 235 ++++++ openssl-1.1.0h/doc/crypto/RSA_new.pod | 47 ++ .../doc/crypto/RSA_padding_add_PKCS1_type_1.pod | 129 +++ openssl-1.1.0h/doc/crypto/RSA_print.pod | 52 ++ openssl-1.1.0h/doc/crypto/RSA_private_encrypt.pod | 74 ++ openssl-1.1.0h/doc/crypto/RSA_public_encrypt.pod | 95 +++ openssl-1.1.0h/doc/crypto/RSA_set_method.pod | 186 +++++ openssl-1.1.0h/doc/crypto/RSA_sign.pod | 65 ++ .../doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod | 63 ++ openssl-1.1.0h/doc/crypto/RSA_size.pod | 46 ++ openssl-1.1.0h/doc/crypto/SCT_new.pod | 194 +++++ openssl-1.1.0h/doc/crypto/SCT_print.pod | 52 ++ openssl-1.1.0h/doc/crypto/SCT_validate.pod | 98 +++ openssl-1.1.0h/doc/crypto/SHA256_Init.pod | 108 +++ openssl-1.1.0h/doc/crypto/SMIME_read_CMS.pod | 75 ++ openssl-1.1.0h/doc/crypto/SMIME_read_PKCS7.pod | 78 ++ openssl-1.1.0h/doc/crypto/SMIME_write_CMS.pod | 69 ++ openssl-1.1.0h/doc/crypto/SMIME_write_PKCS7.pod | 70 ++ .../doc/crypto/SSL_CTX_set_tlsext_use_srtp.pod | 111 +++ openssl-1.1.0h/doc/crypto/UI_STRING.pod | 135 ++++ openssl-1.1.0h/doc/crypto/UI_create_method.pod | 202 +++++ openssl-1.1.0h/doc/crypto/UI_new.pod | 203 +++++ openssl-1.1.0h/doc/crypto/X509V3_get_d2i.pod | 241 ++++++ openssl-1.1.0h/doc/crypto/X509_ALGOR_dup.pod | 48 ++ .../doc/crypto/X509_CRL_get0_by_serial.pod | 115 +++ .../doc/crypto/X509_EXTENSION_set_object.pod | 96 +++ openssl-1.1.0h/doc/crypto/X509_LOOKUP_hash_dir.pod | 130 +++ .../doc/crypto/X509_NAME_ENTRY_get_object.pod | 77 ++ .../doc/crypto/X509_NAME_add_entry_by_txt.pod | 123 +++ openssl-1.1.0h/doc/crypto/X509_NAME_get0_der.pod | 40 + .../doc/crypto/X509_NAME_get_index_by_NID.pod | 123 +++ openssl-1.1.0h/doc/crypto/X509_NAME_print_ex.pod | 112 +++ openssl-1.1.0h/doc/crypto/X509_PUBKEY_new.pod | 120 +++ openssl-1.1.0h/doc/crypto/X509_SIG_get0.pod | 36 + .../doc/crypto/X509_STORE_CTX_get_error.pod | 338 ++++++++ openssl-1.1.0h/doc/crypto/X509_STORE_CTX_new.pod | 174 ++++ .../doc/crypto/X509_STORE_CTX_set_verify_cb.pod | 215 +++++ .../doc/crypto/X509_STORE_get0_param.pod | 57 ++ openssl-1.1.0h/doc/crypto/X509_STORE_new.pod | 58 ++ .../doc/crypto/X509_STORE_set_verify_cb_func.pod | 265 ++++++ .../doc/crypto/X509_VERIFY_PARAM_set_flags.pod | 359 ++++++++ openssl-1.1.0h/doc/crypto/X509_check_ca.pod | 45 ++ openssl-1.1.0h/doc/crypto/X509_check_host.pod | 157 ++++ openssl-1.1.0h/doc/crypto/X509_check_issued.pod | 45 ++ openssl-1.1.0h/doc/crypto/X509_digest.pod | 65 ++ openssl-1.1.0h/doc/crypto/X509_dup.pod | 303 +++++++ openssl-1.1.0h/doc/crypto/X509_get0_notBefore.pod | 103 +++ openssl-1.1.0h/doc/crypto/X509_get0_signature.pod | 97 +++ openssl-1.1.0h/doc/crypto/X509_get0_uids.pod | 57 ++ .../doc/crypto/X509_get_extension_flags.pod | 181 +++++ openssl-1.1.0h/doc/crypto/X509_get_pubkey.pod | 87 ++ .../doc/crypto/X509_get_serialNumber.pod | 71 ++ .../doc/crypto/X509_get_subject_name.pod | 86 ++ openssl-1.1.0h/doc/crypto/X509_get_version.pod | 83 ++ openssl-1.1.0h/doc/crypto/X509_new.pod | 83 ++ openssl-1.1.0h/doc/crypto/X509_sign.pod | 99 +++ openssl-1.1.0h/doc/crypto/X509_verify_cert.pod | 60 ++ .../doc/crypto/X509v3_get_ext_by_NID.pod | 140 ++++ openssl-1.1.0h/doc/crypto/bio.pod | 90 +++ openssl-1.1.0h/doc/crypto/crypto.pod | 62 ++ openssl-1.1.0h/doc/crypto/ct.pod | 55 ++ openssl-1.1.0h/doc/crypto/d2i_DHparams.pod | 35 + openssl-1.1.0h/doc/crypto/d2i_Netscape_RSA.pod | 38 + .../doc/crypto/d2i_PKCS8PrivateKey_bio.pod | 61 ++ openssl-1.1.0h/doc/crypto/d2i_PrivateKey.pod | 77 ++ openssl-1.1.0h/doc/crypto/d2i_X509.pod | 601 ++++++++++++++ openssl-1.1.0h/doc/crypto/des_modes.pod | 261 ++++++ openssl-1.1.0h/doc/crypto/evp.pod | 116 +++ openssl-1.1.0h/doc/crypto/i2d_CMS_bio_stream.pod | 53 ++ openssl-1.1.0h/doc/crypto/i2d_PKCS7_bio_stream.pod | 53 ++ openssl-1.1.0h/doc/crypto/i2d_re_X509_tbs.pod | 79 ++ openssl-1.1.0h/doc/crypto/o2i_SCT_LIST.pod | 48 ++ openssl-1.1.0h/doc/crypto/x509.pod | 75 ++ openssl-1.1.0h/doc/dir-locals.example.el | 15 + openssl-1.1.0h/doc/fingerprints.txt | 27 + openssl-1.1.0h/doc/openssl-c-indent.el | 62 ++ openssl-1.1.0h/doc/ssl/DTLSv1_listen.pod | 102 +++ openssl-1.1.0h/doc/ssl/OPENSSL_init_ssl.pod | 84 ++ openssl-1.1.0h/doc/ssl/SSL_CIPHER_get_name.pod | 128 +++ .../doc/ssl/SSL_COMP_add_compression_method.pod | 116 +++ openssl-1.1.0h/doc/ssl/SSL_CONF_CTX_new.pod | 50 ++ .../doc/ssl/SSL_CONF_CTX_set1_prefix.pod | 58 ++ openssl-1.1.0h/doc/ssl/SSL_CONF_CTX_set_flags.pod | 84 ++ .../doc/ssl/SSL_CONF_CTX_set_ssl_ctx.pod | 56 ++ openssl-1.1.0h/doc/ssl/SSL_CONF_cmd.pod | 563 +++++++++++++ openssl-1.1.0h/doc/ssl/SSL_CONF_cmd_argv.pod | 51 ++ openssl-1.1.0h/doc/ssl/SSL_CTX_add1_chain_cert.pod | 158 ++++ .../doc/ssl/SSL_CTX_add_extra_chain_cert.pod | 80 ++ openssl-1.1.0h/doc/ssl/SSL_CTX_add_session.pod | 82 ++ openssl-1.1.0h/doc/ssl/SSL_CTX_config.pod | 93 +++ openssl-1.1.0h/doc/ssl/SSL_CTX_ctrl.pod | 43 + openssl-1.1.0h/doc/ssl/SSL_CTX_dane_enable.pod | 384 +++++++++ openssl-1.1.0h/doc/ssl/SSL_CTX_flush_sessions.pod | 56 ++ openssl-1.1.0h/doc/ssl/SSL_CTX_free.pod | 51 ++ openssl-1.1.0h/doc/ssl/SSL_CTX_get0_param.pod | 64 ++ openssl-1.1.0h/doc/ssl/SSL_CTX_get_verify_mode.pod | 59 ++ .../doc/ssl/SSL_CTX_has_client_custom_ext.pod | 37 + .../doc/ssl/SSL_CTX_load_verify_locations.pod | 161 ++++ openssl-1.1.0h/doc/ssl/SSL_CTX_new.pod | 218 +++++ openssl-1.1.0h/doc/ssl/SSL_CTX_sess_number.pod | 85 ++ .../doc/ssl/SSL_CTX_sess_set_cache_size.pod | 62 ++ openssl-1.1.0h/doc/ssl/SSL_CTX_sess_set_get_cb.pod | 96 +++ openssl-1.1.0h/doc/ssl/SSL_CTX_sessions.pod | 43 + openssl-1.1.0h/doc/ssl/SSL_CTX_set1_curves.pod | 90 +++ openssl-1.1.0h/doc/ssl/SSL_CTX_set1_sigalgs.pod | 113 +++ .../doc/ssl/SSL_CTX_set1_verify_cert_store.pod | 100 +++ .../doc/ssl/SSL_CTX_set_alpn_select_cb.pod | 197 +++++ openssl-1.1.0h/doc/ssl/SSL_CTX_set_cert_cb.pod | 77 ++ openssl-1.1.0h/doc/ssl/SSL_CTX_set_cert_store.pod | 73 ++ .../doc/ssl/SSL_CTX_set_cert_verify_callback.pod | 74 ++ openssl-1.1.0h/doc/ssl/SSL_CTX_set_cipher_list.pod | 74 ++ .../doc/ssl/SSL_CTX_set_client_CA_list.pod | 103 +++ .../doc/ssl/SSL_CTX_set_client_cert_cb.pod | 103 +++ .../doc/ssl/SSL_CTX_set_ct_validation_callback.pod | 145 ++++ .../doc/ssl/SSL_CTX_set_ctlog_list_file.pod | 53 ++ .../doc/ssl/SSL_CTX_set_default_passwd_cb.pod | 113 +++ openssl-1.1.0h/doc/ssl/SSL_CTX_set_ex_data.pod | 52 ++ .../doc/ssl/SSL_CTX_set_generate_session_id.pod | 139 ++++ .../doc/ssl/SSL_CTX_set_info_callback.pod | 162 ++++ .../doc/ssl/SSL_CTX_set_max_cert_list.pod | 82 ++ .../doc/ssl/SSL_CTX_set_min_proto_version.pod | 73 ++ openssl-1.1.0h/doc/ssl/SSL_CTX_set_mode.pod | 114 +++ .../doc/ssl/SSL_CTX_set_msg_callback.pod | 103 +++ openssl-1.1.0h/doc/ssl/SSL_CTX_set_options.pod | 307 +++++++ .../doc/ssl/SSL_CTX_set_psk_client_callback.pod | 63 ++ .../doc/ssl/SSL_CTX_set_quiet_shutdown.pod | 72 ++ openssl-1.1.0h/doc/ssl/SSL_CTX_set_read_ahead.pod | 60 ++ .../doc/ssl/SSL_CTX_set_security_level.pod | 169 ++++ .../doc/ssl/SSL_CTX_set_session_cache_mode.pod | 141 ++++ .../doc/ssl/SSL_CTX_set_session_id_context.pod | 92 +++ .../doc/ssl/SSL_CTX_set_split_send_fragment.pod | 132 +++ openssl-1.1.0h/doc/ssl/SSL_CTX_set_ssl_version.pod | 70 ++ openssl-1.1.0h/doc/ssl/SSL_CTX_set_timeout.pod | 68 ++ .../doc/ssl/SSL_CTX_set_tlsext_status_cb.pod | 125 +++ .../doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod | 198 +++++ .../doc/ssl/SSL_CTX_set_tmp_dh_callback.pod | 137 ++++ openssl-1.1.0h/doc/ssl/SSL_CTX_set_verify.pod | 307 +++++++ openssl-1.1.0h/doc/ssl/SSL_CTX_use_certificate.pod | 180 +++++ .../doc/ssl/SSL_CTX_use_psk_identity_hint.pod | 87 ++ openssl-1.1.0h/doc/ssl/SSL_CTX_use_serverinfo.pod | 56 ++ openssl-1.1.0h/doc/ssl/SSL_SESSION_free.pod | 78 ++ openssl-1.1.0h/doc/ssl/SSL_SESSION_get0_cipher.pod | 42 + .../doc/ssl/SSL_SESSION_get0_hostname.pod | 37 + .../doc/ssl/SSL_SESSION_get0_id_context.pod | 56 ++ openssl-1.1.0h/doc/ssl/SSL_SESSION_get0_peer.pod | 38 + .../doc/ssl/SSL_SESSION_get_compress_id.pod | 39 + openssl-1.1.0h/doc/ssl/SSL_SESSION_get_ex_data.pod | 47 ++ .../doc/ssl/SSL_SESSION_get_protocol_version.pod | 44 + openssl-1.1.0h/doc/ssl/SSL_SESSION_get_time.pod | 76 ++ openssl-1.1.0h/doc/ssl/SSL_SESSION_has_ticket.pod | 53 ++ openssl-1.1.0h/doc/ssl/SSL_SESSION_print.pod | 47 ++ openssl-1.1.0h/doc/ssl/SSL_SESSION_set1_id.pod | 50 ++ openssl-1.1.0h/doc/ssl/SSL_accept.pod | 82 ++ openssl-1.1.0h/doc/ssl/SSL_alert_type_string.pod | 242 ++++++ openssl-1.1.0h/doc/ssl/SSL_check_chain.pod | 94 +++ openssl-1.1.0h/doc/ssl/SSL_clear.pod | 84 ++ openssl-1.1.0h/doc/ssl/SSL_connect.pod | 82 ++ openssl-1.1.0h/doc/ssl/SSL_do_handshake.pod | 81 ++ .../doc/ssl/SSL_export_keying_material.pod | 61 ++ openssl-1.1.0h/doc/ssl/SSL_extension_supported.pod | 145 ++++ openssl-1.1.0h/doc/ssl/SSL_free.pod | 54 ++ openssl-1.1.0h/doc/ssl/SSL_get0_peer_scts.pod | 45 ++ openssl-1.1.0h/doc/ssl/SSL_get_SSL_CTX.pod | 35 + openssl-1.1.0h/doc/ssl/SSL_get_all_async_fds.pod | 88 ++ openssl-1.1.0h/doc/ssl/SSL_get_ciphers.pod | 84 ++ openssl-1.1.0h/doc/ssl/SSL_get_client_CA_list.pod | 62 ++ openssl-1.1.0h/doc/ssl/SSL_get_client_random.pod | 88 ++ openssl-1.1.0h/doc/ssl/SSL_get_current_cipher.pod | 55 ++ openssl-1.1.0h/doc/ssl/SSL_get_default_timeout.pod | 50 ++ openssl-1.1.0h/doc/ssl/SSL_get_error.pod | 143 ++++ openssl-1.1.0h/doc/ssl/SSL_get_extms_support.pod | 40 + openssl-1.1.0h/doc/ssl/SSL_get_fd.pod | 53 ++ openssl-1.1.0h/doc/ssl/SSL_get_peer_cert_chain.pod | 77 ++ .../doc/ssl/SSL_get_peer_certificate.pod | 64 ++ openssl-1.1.0h/doc/ssl/SSL_get_psk_identity.pod | 44 + openssl-1.1.0h/doc/ssl/SSL_get_rbio.pod | 49 ++ openssl-1.1.0h/doc/ssl/SSL_get_session.pod | 82 ++ openssl-1.1.0h/doc/ssl/SSL_get_shared_sigalgs.pod | 86 ++ openssl-1.1.0h/doc/ssl/SSL_get_verify_result.pod | 66 ++ openssl-1.1.0h/doc/ssl/SSL_get_version.pod | 67 ++ openssl-1.1.0h/doc/ssl/SSL_library_init.pod | 57 ++ openssl-1.1.0h/doc/ssl/SSL_load_client_CA_file.pod | 71 ++ openssl-1.1.0h/doc/ssl/SSL_new.pod | 61 ++ openssl-1.1.0h/doc/ssl/SSL_pending.pod | 68 ++ openssl-1.1.0h/doc/ssl/SSL_read.pod | 121 +++ openssl-1.1.0h/doc/ssl/SSL_rstate_string.pod | 68 ++ openssl-1.1.0h/doc/ssl/SSL_session_reused.pod | 54 ++ openssl-1.1.0h/doc/ssl/SSL_set1_host.pod | 121 +++ openssl-1.1.0h/doc/ssl/SSL_set_bio.pod | 108 +++ openssl-1.1.0h/doc/ssl/SSL_set_connect_state.pod | 64 ++ openssl-1.1.0h/doc/ssl/SSL_set_fd.pod | 63 ++ openssl-1.1.0h/doc/ssl/SSL_set_session.pod | 70 ++ openssl-1.1.0h/doc/ssl/SSL_set_shutdown.pod | 81 ++ openssl-1.1.0h/doc/ssl/SSL_set_verify_result.pod | 47 ++ openssl-1.1.0h/doc/ssl/SSL_shutdown.pod | 132 +++ openssl-1.1.0h/doc/ssl/SSL_state_string.pod | 54 ++ openssl-1.1.0h/doc/ssl/SSL_want.pod | 103 +++ openssl-1.1.0h/doc/ssl/SSL_write.pod | 111 +++ openssl-1.1.0h/doc/ssl/d2i_SSL_SESSION.pod | 49 ++ openssl-1.1.0h/doc/ssl/ssl.pod | 843 +++++++++++++++++++ 457 files changed, 58967 insertions(+) create mode 100644 openssl-1.1.0h/doc/HOWTO/certificates.txt create mode 100644 openssl-1.1.0h/doc/HOWTO/keys.txt create mode 100644 openssl-1.1.0h/doc/HOWTO/proxy_certificates.txt create mode 100644 openssl-1.1.0h/doc/README create mode 100644 openssl-1.1.0h/doc/apps/CA.pl.pod create mode 100644 openssl-1.1.0h/doc/apps/asn1parse.pod create mode 100644 openssl-1.1.0h/doc/apps/ca.pod create mode 100644 openssl-1.1.0h/doc/apps/ciphers.pod create mode 100644 openssl-1.1.0h/doc/apps/cms.pod create mode 100644 openssl-1.1.0h/doc/apps/config.pod create mode 100644 openssl-1.1.0h/doc/apps/crl.pod create mode 100644 openssl-1.1.0h/doc/apps/crl2pkcs7.pod create mode 100644 openssl-1.1.0h/doc/apps/dgst.pod create mode 100644 openssl-1.1.0h/doc/apps/dhparam.pod create mode 100644 openssl-1.1.0h/doc/apps/dsa.pod create mode 100644 openssl-1.1.0h/doc/apps/dsaparam.pod create mode 100644 openssl-1.1.0h/doc/apps/ec.pod create mode 100644 openssl-1.1.0h/doc/apps/ecparam.pod create mode 100644 openssl-1.1.0h/doc/apps/enc.pod create mode 100644 openssl-1.1.0h/doc/apps/engine.pod create mode 100644 openssl-1.1.0h/doc/apps/errstr.pod create mode 100644 openssl-1.1.0h/doc/apps/gendsa.pod create mode 100644 openssl-1.1.0h/doc/apps/genpkey.pod create mode 100644 openssl-1.1.0h/doc/apps/genrsa.pod create mode 100644 openssl-1.1.0h/doc/apps/list.pod create mode 100644 openssl-1.1.0h/doc/apps/nseq.pod create mode 100644 openssl-1.1.0h/doc/apps/ocsp.pod create mode 100644 openssl-1.1.0h/doc/apps/openssl.pod create mode 100644 openssl-1.1.0h/doc/apps/passwd.pod create mode 100644 openssl-1.1.0h/doc/apps/pkcs12.pod create mode 100644 openssl-1.1.0h/doc/apps/pkcs7.pod create mode 100644 openssl-1.1.0h/doc/apps/pkcs8.pod create mode 100644 openssl-1.1.0h/doc/apps/pkey.pod create mode 100644 openssl-1.1.0h/doc/apps/pkeyparam.pod create mode 100644 openssl-1.1.0h/doc/apps/pkeyutl.pod create mode 100644 openssl-1.1.0h/doc/apps/rand.pod create mode 100644 openssl-1.1.0h/doc/apps/rehash.pod create mode 100644 openssl-1.1.0h/doc/apps/req.pod create mode 100644 openssl-1.1.0h/doc/apps/rsa.pod create mode 100644 openssl-1.1.0h/doc/apps/rsautl.pod create mode 100644 openssl-1.1.0h/doc/apps/s_client.pod create mode 100644 openssl-1.1.0h/doc/apps/s_server.pod create mode 100644 openssl-1.1.0h/doc/apps/s_time.pod create mode 100644 openssl-1.1.0h/doc/apps/sess_id.pod create mode 100644 openssl-1.1.0h/doc/apps/smime.pod create mode 100644 openssl-1.1.0h/doc/apps/speed.pod create mode 100644 openssl-1.1.0h/doc/apps/spkac.pod create mode 100644 openssl-1.1.0h/doc/apps/ts.pod create mode 100644 openssl-1.1.0h/doc/apps/tsget.pod create mode 100644 openssl-1.1.0h/doc/apps/verify.pod create mode 100644 openssl-1.1.0h/doc/apps/version.pod create mode 100644 openssl-1.1.0h/doc/apps/x509.pod create mode 100644 openssl-1.1.0h/doc/apps/x509v3_config.pod create mode 100644 openssl-1.1.0h/doc/crypto/ASN1_INTEGER_get_int64.pod create mode 100644 openssl-1.1.0h/doc/crypto/ASN1_OBJECT_new.pod create mode 100644 openssl-1.1.0h/doc/crypto/ASN1_STRING_length.pod create mode 100644 openssl-1.1.0h/doc/crypto/ASN1_STRING_new.pod create mode 100644 openssl-1.1.0h/doc/crypto/ASN1_STRING_print_ex.pod create mode 100644 openssl-1.1.0h/doc/crypto/ASN1_TIME_set.pod create mode 100644 openssl-1.1.0h/doc/crypto/ASN1_TYPE_get.pod create mode 100644 openssl-1.1.0h/doc/crypto/ASN1_generate_nconf.pod create mode 100644 openssl-1.1.0h/doc/crypto/ASYNC_WAIT_CTX_new.pod create mode 100644 openssl-1.1.0h/doc/crypto/ASYNC_start_job.pod create mode 100644 openssl-1.1.0h/doc/crypto/BF_encrypt.pod create mode 100644 openssl-1.1.0h/doc/crypto/BIO_ADDR.pod create mode 100644 openssl-1.1.0h/doc/crypto/BIO_ADDRINFO.pod create mode 100644 openssl-1.1.0h/doc/crypto/BIO_connect.pod create mode 100644 openssl-1.1.0h/doc/crypto/BIO_ctrl.pod create mode 100644 openssl-1.1.0h/doc/crypto/BIO_f_base64.pod create mode 100644 openssl-1.1.0h/doc/crypto/BIO_f_buffer.pod create mode 100644 openssl-1.1.0h/doc/crypto/BIO_f_cipher.pod create mode 100644 openssl-1.1.0h/doc/crypto/BIO_f_md.pod create mode 100644 openssl-1.1.0h/doc/crypto/BIO_f_null.pod create mode 100644 openssl-1.1.0h/doc/crypto/BIO_f_ssl.pod create mode 100644 openssl-1.1.0h/doc/crypto/BIO_find_type.pod create mode 100644 openssl-1.1.0h/doc/crypto/BIO_get_data.pod create mode 100644 openssl-1.1.0h/doc/crypto/BIO_get_ex_new_index.pod create mode 100644 openssl-1.1.0h/doc/crypto/BIO_meth_new.pod create mode 100644 openssl-1.1.0h/doc/crypto/BIO_new.pod create mode 100644 openssl-1.1.0h/doc/crypto/BIO_new_CMS.pod create mode 100644 openssl-1.1.0h/doc/crypto/BIO_parse_hostserv.pod create mode 100644 openssl-1.1.0h/doc/crypto/BIO_printf.pod create mode 100644 openssl-1.1.0h/doc/crypto/BIO_push.pod create mode 100644 openssl-1.1.0h/doc/crypto/BIO_read.pod create mode 100644 openssl-1.1.0h/doc/crypto/BIO_s_accept.pod create mode 100644 openssl-1.1.0h/doc/crypto/BIO_s_bio.pod create mode 100644 openssl-1.1.0h/doc/crypto/BIO_s_connect.pod create mode 100644 openssl-1.1.0h/doc/crypto/BIO_s_fd.pod create mode 100644 openssl-1.1.0h/doc/crypto/BIO_s_file.pod create mode 100644 openssl-1.1.0h/doc/crypto/BIO_s_mem.pod create mode 100644 openssl-1.1.0h/doc/crypto/BIO_s_null.pod create mode 100644 openssl-1.1.0h/doc/crypto/BIO_s_socket.pod create mode 100644 openssl-1.1.0h/doc/crypto/BIO_set_callback.pod create mode 100644 openssl-1.1.0h/doc/crypto/BIO_should_retry.pod create mode 100644 openssl-1.1.0h/doc/crypto/BN_BLINDING_new.pod create mode 100644 openssl-1.1.0h/doc/crypto/BN_CTX_new.pod create mode 100644 openssl-1.1.0h/doc/crypto/BN_CTX_start.pod create mode 100644 openssl-1.1.0h/doc/crypto/BN_add.pod create mode 100644 openssl-1.1.0h/doc/crypto/BN_add_word.pod create mode 100644 openssl-1.1.0h/doc/crypto/BN_bn2bin.pod create mode 100644 openssl-1.1.0h/doc/crypto/BN_cmp.pod create mode 100644 openssl-1.1.0h/doc/crypto/BN_copy.pod create mode 100644 openssl-1.1.0h/doc/crypto/BN_generate_prime.pod create mode 100644 openssl-1.1.0h/doc/crypto/BN_mod_inverse.pod create mode 100644 openssl-1.1.0h/doc/crypto/BN_mod_mul_montgomery.pod create mode 100644 openssl-1.1.0h/doc/crypto/BN_mod_mul_reciprocal.pod create mode 100644 openssl-1.1.0h/doc/crypto/BN_new.pod create mode 100644 openssl-1.1.0h/doc/crypto/BN_num_bytes.pod create mode 100644 openssl-1.1.0h/doc/crypto/BN_rand.pod create mode 100644 openssl-1.1.0h/doc/crypto/BN_set_bit.pod create mode 100644 openssl-1.1.0h/doc/crypto/BN_swap.pod create mode 100644 openssl-1.1.0h/doc/crypto/BN_zero.pod create mode 100644 openssl-1.1.0h/doc/crypto/BUF_MEM_new.pod create mode 100644 openssl-1.1.0h/doc/crypto/CMS_add0_cert.pod create mode 100644 openssl-1.1.0h/doc/crypto/CMS_add1_recipient_cert.pod create mode 100644 openssl-1.1.0h/doc/crypto/CMS_add1_signer.pod create mode 100644 openssl-1.1.0h/doc/crypto/CMS_compress.pod create mode 100644 openssl-1.1.0h/doc/crypto/CMS_decrypt.pod create mode 100644 openssl-1.1.0h/doc/crypto/CMS_encrypt.pod create mode 100644 openssl-1.1.0h/doc/crypto/CMS_final.pod create mode 100644 openssl-1.1.0h/doc/crypto/CMS_get0_RecipientInfos.pod create mode 100644 openssl-1.1.0h/doc/crypto/CMS_get0_SignerInfos.pod create mode 100644 openssl-1.1.0h/doc/crypto/CMS_get0_type.pod create mode 100644 openssl-1.1.0h/doc/crypto/CMS_get1_ReceiptRequest.pod create mode 100644 openssl-1.1.0h/doc/crypto/CMS_sign.pod create mode 100644 openssl-1.1.0h/doc/crypto/CMS_sign_receipt.pod create mode 100644 openssl-1.1.0h/doc/crypto/CMS_uncompress.pod create mode 100644 openssl-1.1.0h/doc/crypto/CMS_verify.pod create mode 100644 openssl-1.1.0h/doc/crypto/CMS_verify_receipt.pod create mode 100644 openssl-1.1.0h/doc/crypto/CONF_modules_free.pod create mode 100644 openssl-1.1.0h/doc/crypto/CONF_modules_load_file.pod create mode 100644 openssl-1.1.0h/doc/crypto/CRYPTO_THREAD_run_once.pod create mode 100644 openssl-1.1.0h/doc/crypto/CRYPTO_get_ex_new_index.pod create mode 100644 openssl-1.1.0h/doc/crypto/CTLOG_STORE_get0_log_by_id.pod create mode 100644 openssl-1.1.0h/doc/crypto/CTLOG_STORE_new.pod create mode 100644 openssl-1.1.0h/doc/crypto/CTLOG_new.pod create mode 100644 openssl-1.1.0h/doc/crypto/CT_POLICY_EVAL_CTX_new.pod create mode 100644 openssl-1.1.0h/doc/crypto/DEFINE_STACK_OF.pod create mode 100644 openssl-1.1.0h/doc/crypto/DES_random_key.pod create mode 100644 openssl-1.1.0h/doc/crypto/DH_generate_key.pod create mode 100644 openssl-1.1.0h/doc/crypto/DH_generate_parameters.pod create mode 100644 openssl-1.1.0h/doc/crypto/DH_get0_pqg.pod create mode 100644 openssl-1.1.0h/doc/crypto/DH_get_1024_160.pod create mode 100644 openssl-1.1.0h/doc/crypto/DH_meth_new.pod create mode 100644 openssl-1.1.0h/doc/crypto/DH_new.pod create mode 100644 openssl-1.1.0h/doc/crypto/DH_set_method.pod create mode 100644 openssl-1.1.0h/doc/crypto/DH_size.pod create mode 100644 openssl-1.1.0h/doc/crypto/DSA_SIG_new.pod create mode 100644 openssl-1.1.0h/doc/crypto/DSA_do_sign.pod create mode 100644 openssl-1.1.0h/doc/crypto/DSA_dup_DH.pod create mode 100644 openssl-1.1.0h/doc/crypto/DSA_generate_key.pod create mode 100644 openssl-1.1.0h/doc/crypto/DSA_generate_parameters.pod create mode 100644 openssl-1.1.0h/doc/crypto/DSA_get0_pqg.pod create mode 100644 openssl-1.1.0h/doc/crypto/DSA_meth_new.pod create mode 100644 openssl-1.1.0h/doc/crypto/DSA_new.pod create mode 100644 openssl-1.1.0h/doc/crypto/DSA_set_method.pod create mode 100644 openssl-1.1.0h/doc/crypto/DSA_sign.pod create mode 100644 openssl-1.1.0h/doc/crypto/DSA_size.pod create mode 100644 openssl-1.1.0h/doc/crypto/ECDSA_SIG_new.pod create mode 100644 openssl-1.1.0h/doc/crypto/ECPKParameters_print.pod create mode 100644 openssl-1.1.0h/doc/crypto/EC_GFp_simple_method.pod create mode 100644 openssl-1.1.0h/doc/crypto/EC_GROUP_copy.pod create mode 100644 openssl-1.1.0h/doc/crypto/EC_GROUP_new.pod create mode 100644 openssl-1.1.0h/doc/crypto/EC_KEY_get_enc_flags.pod create mode 100644 openssl-1.1.0h/doc/crypto/EC_KEY_new.pod create mode 100644 openssl-1.1.0h/doc/crypto/EC_POINT_add.pod create mode 100644 openssl-1.1.0h/doc/crypto/EC_POINT_new.pod create mode 100644 openssl-1.1.0h/doc/crypto/ENGINE_add.pod create mode 100644 openssl-1.1.0h/doc/crypto/ERR_GET_LIB.pod create mode 100644 openssl-1.1.0h/doc/crypto/ERR_clear_error.pod create mode 100644 openssl-1.1.0h/doc/crypto/ERR_error_string.pod create mode 100644 openssl-1.1.0h/doc/crypto/ERR_get_error.pod create mode 100644 openssl-1.1.0h/doc/crypto/ERR_load_crypto_strings.pod create mode 100644 openssl-1.1.0h/doc/crypto/ERR_load_strings.pod create mode 100644 openssl-1.1.0h/doc/crypto/ERR_print_errors.pod create mode 100644 openssl-1.1.0h/doc/crypto/ERR_put_error.pod create mode 100644 openssl-1.1.0h/doc/crypto/ERR_remove_state.pod create mode 100644 openssl-1.1.0h/doc/crypto/ERR_set_mark.pod create mode 100644 openssl-1.1.0h/doc/crypto/EVP_BytesToKey.pod create mode 100644 openssl-1.1.0h/doc/crypto/EVP_CIPHER_CTX_get_cipher_data.pod create mode 100644 openssl-1.1.0h/doc/crypto/EVP_CIPHER_meth_new.pod create mode 100644 openssl-1.1.0h/doc/crypto/EVP_DigestInit.pod create mode 100644 openssl-1.1.0h/doc/crypto/EVP_DigestSignInit.pod create mode 100644 openssl-1.1.0h/doc/crypto/EVP_DigestVerifyInit.pod create mode 100644 openssl-1.1.0h/doc/crypto/EVP_EncodeInit.pod create mode 100644 openssl-1.1.0h/doc/crypto/EVP_EncryptInit.pod create mode 100644 openssl-1.1.0h/doc/crypto/EVP_MD_meth_new.pod create mode 100644 openssl-1.1.0h/doc/crypto/EVP_OpenInit.pod create mode 100644 openssl-1.1.0h/doc/crypto/EVP_PKEY_ASN1_METHOD.pod create mode 100644 openssl-1.1.0h/doc/crypto/EVP_PKEY_CTX_ctrl.pod create mode 100644 openssl-1.1.0h/doc/crypto/EVP_PKEY_CTX_new.pod create mode 100644 openssl-1.1.0h/doc/crypto/EVP_PKEY_CTX_set_hkdf_md.pod create mode 100644 openssl-1.1.0h/doc/crypto/EVP_PKEY_CTX_set_tls1_prf_md.pod create mode 100644 openssl-1.1.0h/doc/crypto/EVP_PKEY_asn1_get_count.pod create mode 100644 openssl-1.1.0h/doc/crypto/EVP_PKEY_cmp.pod create mode 100644 openssl-1.1.0h/doc/crypto/EVP_PKEY_decrypt.pod create mode 100644 openssl-1.1.0h/doc/crypto/EVP_PKEY_derive.pod create mode 100644 openssl-1.1.0h/doc/crypto/EVP_PKEY_encrypt.pod create mode 100644 openssl-1.1.0h/doc/crypto/EVP_PKEY_get_default_digest_nid.pod create mode 100644 openssl-1.1.0h/doc/crypto/EVP_PKEY_keygen.pod create mode 100644 openssl-1.1.0h/doc/crypto/EVP_PKEY_new.pod create mode 100644 openssl-1.1.0h/doc/crypto/EVP_PKEY_print_private.pod create mode 100644 openssl-1.1.0h/doc/crypto/EVP_PKEY_set1_RSA.pod create mode 100644 openssl-1.1.0h/doc/crypto/EVP_PKEY_sign.pod create mode 100644 openssl-1.1.0h/doc/crypto/EVP_PKEY_verify.pod create mode 100644 openssl-1.1.0h/doc/crypto/EVP_PKEY_verify_recover.pod create mode 100644 openssl-1.1.0h/doc/crypto/EVP_SealInit.pod create mode 100644 openssl-1.1.0h/doc/crypto/EVP_SignInit.pod create mode 100644 openssl-1.1.0h/doc/crypto/EVP_VerifyInit.pod create mode 100644 openssl-1.1.0h/doc/crypto/HMAC.pod create mode 100644 openssl-1.1.0h/doc/crypto/MD5.pod create mode 100644 openssl-1.1.0h/doc/crypto/MDC2_Init.pod create mode 100644 openssl-1.1.0h/doc/crypto/OBJ_nid2obj.pod create mode 100644 openssl-1.1.0h/doc/crypto/OCSP_REQUEST_new.pod create mode 100644 openssl-1.1.0h/doc/crypto/OCSP_cert_to_id.pod create mode 100644 openssl-1.1.0h/doc/crypto/OCSP_request_add1_nonce.pod create mode 100644 openssl-1.1.0h/doc/crypto/OCSP_resp_find_status.pod create mode 100644 openssl-1.1.0h/doc/crypto/OCSP_response_status.pod create mode 100644 openssl-1.1.0h/doc/crypto/OCSP_sendreq_new.pod create mode 100644 openssl-1.1.0h/doc/crypto/OPENSSL_Applink.pod create mode 100644 openssl-1.1.0h/doc/crypto/OPENSSL_LH_COMPFUNC.pod create mode 100644 openssl-1.1.0h/doc/crypto/OPENSSL_LH_stats.pod create mode 100644 openssl-1.1.0h/doc/crypto/OPENSSL_VERSION_NUMBER.pod create mode 100644 openssl-1.1.0h/doc/crypto/OPENSSL_config.pod create mode 100644 openssl-1.1.0h/doc/crypto/OPENSSL_ia32cap.pod create mode 100644 openssl-1.1.0h/doc/crypto/OPENSSL_init_crypto.pod create mode 100644 openssl-1.1.0h/doc/crypto/OPENSSL_instrument_bus.pod create mode 100644 openssl-1.1.0h/doc/crypto/OPENSSL_load_builtin_modules.pod create mode 100644 openssl-1.1.0h/doc/crypto/OPENSSL_malloc.pod create mode 100644 openssl-1.1.0h/doc/crypto/OPENSSL_secure_malloc.pod create mode 100644 openssl-1.1.0h/doc/crypto/OpenSSL_add_all_algorithms.pod create mode 100644 openssl-1.1.0h/doc/crypto/PEM_read.pod create mode 100644 openssl-1.1.0h/doc/crypto/PEM_read_CMS.pod create mode 100644 openssl-1.1.0h/doc/crypto/PEM_read_bio_PrivateKey.pod create mode 100644 openssl-1.1.0h/doc/crypto/PEM_write_bio_CMS_stream.pod create mode 100644 openssl-1.1.0h/doc/crypto/PEM_write_bio_PKCS7_stream.pod create mode 100644 openssl-1.1.0h/doc/crypto/PKCS12_create.pod create mode 100644 openssl-1.1.0h/doc/crypto/PKCS12_newpass.pod create mode 100644 openssl-1.1.0h/doc/crypto/PKCS12_parse.pod create mode 100644 openssl-1.1.0h/doc/crypto/PKCS5_PBKDF2_HMAC.pod create mode 100644 openssl-1.1.0h/doc/crypto/PKCS7_decrypt.pod create mode 100644 openssl-1.1.0h/doc/crypto/PKCS7_encrypt.pod create mode 100644 openssl-1.1.0h/doc/crypto/PKCS7_sign.pod create mode 100644 openssl-1.1.0h/doc/crypto/PKCS7_sign_add_signer.pod create mode 100644 openssl-1.1.0h/doc/crypto/PKCS7_verify.pod create mode 100644 openssl-1.1.0h/doc/crypto/RAND_add.pod create mode 100644 openssl-1.1.0h/doc/crypto/RAND_bytes.pod create mode 100644 openssl-1.1.0h/doc/crypto/RAND_cleanup.pod create mode 100644 openssl-1.1.0h/doc/crypto/RAND_egd.pod create mode 100644 openssl-1.1.0h/doc/crypto/RAND_load_file.pod create mode 100644 openssl-1.1.0h/doc/crypto/RAND_set_rand_method.pod create mode 100644 openssl-1.1.0h/doc/crypto/RC4_set_key.pod create mode 100644 openssl-1.1.0h/doc/crypto/RIPEMD160_Init.pod create mode 100644 openssl-1.1.0h/doc/crypto/RSA_blinding_on.pod create mode 100644 openssl-1.1.0h/doc/crypto/RSA_check_key.pod create mode 100644 openssl-1.1.0h/doc/crypto/RSA_generate_key.pod create mode 100644 openssl-1.1.0h/doc/crypto/RSA_get0_key.pod create mode 100644 openssl-1.1.0h/doc/crypto/RSA_meth_new.pod create mode 100644 openssl-1.1.0h/doc/crypto/RSA_new.pod create mode 100644 openssl-1.1.0h/doc/crypto/RSA_padding_add_PKCS1_type_1.pod create mode 100644 openssl-1.1.0h/doc/crypto/RSA_print.pod create mode 100644 openssl-1.1.0h/doc/crypto/RSA_private_encrypt.pod create mode 100644 openssl-1.1.0h/doc/crypto/RSA_public_encrypt.pod create mode 100644 openssl-1.1.0h/doc/crypto/RSA_set_method.pod create mode 100644 openssl-1.1.0h/doc/crypto/RSA_sign.pod create mode 100644 openssl-1.1.0h/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod create mode 100644 openssl-1.1.0h/doc/crypto/RSA_size.pod create mode 100644 openssl-1.1.0h/doc/crypto/SCT_new.pod create mode 100644 openssl-1.1.0h/doc/crypto/SCT_print.pod create mode 100644 openssl-1.1.0h/doc/crypto/SCT_validate.pod create mode 100644 openssl-1.1.0h/doc/crypto/SHA256_Init.pod create mode 100644 openssl-1.1.0h/doc/crypto/SMIME_read_CMS.pod create mode 100644 openssl-1.1.0h/doc/crypto/SMIME_read_PKCS7.pod create mode 100644 openssl-1.1.0h/doc/crypto/SMIME_write_CMS.pod create mode 100644 openssl-1.1.0h/doc/crypto/SMIME_write_PKCS7.pod create mode 100644 openssl-1.1.0h/doc/crypto/SSL_CTX_set_tlsext_use_srtp.pod create mode 100644 openssl-1.1.0h/doc/crypto/UI_STRING.pod create mode 100644 openssl-1.1.0h/doc/crypto/UI_create_method.pod create mode 100644 openssl-1.1.0h/doc/crypto/UI_new.pod create mode 100644 openssl-1.1.0h/doc/crypto/X509V3_get_d2i.pod create mode 100644 openssl-1.1.0h/doc/crypto/X509_ALGOR_dup.pod create mode 100644 openssl-1.1.0h/doc/crypto/X509_CRL_get0_by_serial.pod create mode 100644 openssl-1.1.0h/doc/crypto/X509_EXTENSION_set_object.pod create mode 100644 openssl-1.1.0h/doc/crypto/X509_LOOKUP_hash_dir.pod create mode 100644 openssl-1.1.0h/doc/crypto/X509_NAME_ENTRY_get_object.pod create mode 100644 openssl-1.1.0h/doc/crypto/X509_NAME_add_entry_by_txt.pod create mode 100644 openssl-1.1.0h/doc/crypto/X509_NAME_get0_der.pod create mode 100644 openssl-1.1.0h/doc/crypto/X509_NAME_get_index_by_NID.pod create mode 100644 openssl-1.1.0h/doc/crypto/X509_NAME_print_ex.pod create mode 100644 openssl-1.1.0h/doc/crypto/X509_PUBKEY_new.pod create mode 100644 openssl-1.1.0h/doc/crypto/X509_SIG_get0.pod create mode 100644 openssl-1.1.0h/doc/crypto/X509_STORE_CTX_get_error.pod create mode 100644 openssl-1.1.0h/doc/crypto/X509_STORE_CTX_new.pod create mode 100644 openssl-1.1.0h/doc/crypto/X509_STORE_CTX_set_verify_cb.pod create mode 100644 openssl-1.1.0h/doc/crypto/X509_STORE_get0_param.pod create mode 100644 openssl-1.1.0h/doc/crypto/X509_STORE_new.pod create mode 100644 openssl-1.1.0h/doc/crypto/X509_STORE_set_verify_cb_func.pod create mode 100644 openssl-1.1.0h/doc/crypto/X509_VERIFY_PARAM_set_flags.pod create mode 100644 openssl-1.1.0h/doc/crypto/X509_check_ca.pod create mode 100644 openssl-1.1.0h/doc/crypto/X509_check_host.pod create mode 100644 openssl-1.1.0h/doc/crypto/X509_check_issued.pod create mode 100644 openssl-1.1.0h/doc/crypto/X509_digest.pod create mode 100644 openssl-1.1.0h/doc/crypto/X509_dup.pod create mode 100644 openssl-1.1.0h/doc/crypto/X509_get0_notBefore.pod create mode 100644 openssl-1.1.0h/doc/crypto/X509_get0_signature.pod create mode 100644 openssl-1.1.0h/doc/crypto/X509_get0_uids.pod create mode 100644 openssl-1.1.0h/doc/crypto/X509_get_extension_flags.pod create mode 100644 openssl-1.1.0h/doc/crypto/X509_get_pubkey.pod create mode 100644 openssl-1.1.0h/doc/crypto/X509_get_serialNumber.pod create mode 100644 openssl-1.1.0h/doc/crypto/X509_get_subject_name.pod create mode 100644 openssl-1.1.0h/doc/crypto/X509_get_version.pod create mode 100644 openssl-1.1.0h/doc/crypto/X509_new.pod create mode 100644 openssl-1.1.0h/doc/crypto/X509_sign.pod create mode 100644 openssl-1.1.0h/doc/crypto/X509_verify_cert.pod create mode 100644 openssl-1.1.0h/doc/crypto/X509v3_get_ext_by_NID.pod create mode 100644 openssl-1.1.0h/doc/crypto/bio.pod create mode 100644 openssl-1.1.0h/doc/crypto/crypto.pod create mode 100644 openssl-1.1.0h/doc/crypto/ct.pod create mode 100644 openssl-1.1.0h/doc/crypto/d2i_DHparams.pod create mode 100644 openssl-1.1.0h/doc/crypto/d2i_Netscape_RSA.pod create mode 100644 openssl-1.1.0h/doc/crypto/d2i_PKCS8PrivateKey_bio.pod create mode 100644 openssl-1.1.0h/doc/crypto/d2i_PrivateKey.pod create mode 100644 openssl-1.1.0h/doc/crypto/d2i_X509.pod create mode 100644 openssl-1.1.0h/doc/crypto/des_modes.pod create mode 100644 openssl-1.1.0h/doc/crypto/evp.pod create mode 100644 openssl-1.1.0h/doc/crypto/i2d_CMS_bio_stream.pod create mode 100644 openssl-1.1.0h/doc/crypto/i2d_PKCS7_bio_stream.pod create mode 100644 openssl-1.1.0h/doc/crypto/i2d_re_X509_tbs.pod create mode 100644 openssl-1.1.0h/doc/crypto/o2i_SCT_LIST.pod create mode 100644 openssl-1.1.0h/doc/crypto/x509.pod create mode 100644 openssl-1.1.0h/doc/dir-locals.example.el create mode 100644 openssl-1.1.0h/doc/fingerprints.txt create mode 100644 openssl-1.1.0h/doc/openssl-c-indent.el create mode 100644 openssl-1.1.0h/doc/ssl/DTLSv1_listen.pod create mode 100644 openssl-1.1.0h/doc/ssl/OPENSSL_init_ssl.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CIPHER_get_name.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_COMP_add_compression_method.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CONF_CTX_new.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CONF_CTX_set1_prefix.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CONF_CTX_set_flags.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CONF_CTX_set_ssl_ctx.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CONF_cmd.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CONF_cmd_argv.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_add1_chain_cert.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_add_extra_chain_cert.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_add_session.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_config.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_ctrl.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_dane_enable.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_flush_sessions.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_free.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_get0_param.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_get_verify_mode.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_has_client_custom_ext.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_load_verify_locations.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_new.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_sess_number.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_sess_set_cache_size.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_sess_set_get_cb.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_sessions.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_set1_curves.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_set1_sigalgs.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_set1_verify_cert_store.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_set_alpn_select_cb.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_set_cert_cb.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_set_cert_store.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_set_cert_verify_callback.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_set_cipher_list.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_set_client_CA_list.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_set_client_cert_cb.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_set_ct_validation_callback.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_set_ctlog_list_file.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_set_default_passwd_cb.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_set_ex_data.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_set_generate_session_id.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_set_info_callback.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_set_max_cert_list.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_set_min_proto_version.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_set_mode.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_set_msg_callback.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_set_options.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_set_psk_client_callback.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_set_quiet_shutdown.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_set_read_ahead.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_set_security_level.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_set_session_cache_mode.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_set_session_id_context.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_set_split_send_fragment.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_set_ssl_version.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_set_timeout.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_set_tlsext_status_cb.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_set_verify.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_use_certificate.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_use_psk_identity_hint.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_use_serverinfo.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_SESSION_free.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_SESSION_get0_cipher.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_SESSION_get0_hostname.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_SESSION_get0_id_context.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_SESSION_get0_peer.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_SESSION_get_compress_id.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_SESSION_get_ex_data.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_SESSION_get_protocol_version.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_SESSION_get_time.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_SESSION_has_ticket.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_SESSION_print.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_SESSION_set1_id.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_accept.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_alert_type_string.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_check_chain.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_clear.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_connect.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_do_handshake.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_export_keying_material.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_extension_supported.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_free.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_get0_peer_scts.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_get_SSL_CTX.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_get_all_async_fds.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_get_ciphers.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_get_client_CA_list.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_get_client_random.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_get_current_cipher.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_get_default_timeout.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_get_error.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_get_extms_support.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_get_fd.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_get_peer_cert_chain.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_get_peer_certificate.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_get_psk_identity.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_get_rbio.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_get_session.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_get_shared_sigalgs.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_get_verify_result.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_get_version.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_library_init.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_load_client_CA_file.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_new.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_pending.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_read.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_rstate_string.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_session_reused.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_set1_host.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_set_bio.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_set_connect_state.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_set_fd.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_set_session.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_set_shutdown.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_set_verify_result.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_shutdown.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_state_string.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_want.pod create mode 100644 openssl-1.1.0h/doc/ssl/SSL_write.pod create mode 100644 openssl-1.1.0h/doc/ssl/d2i_SSL_SESSION.pod create mode 100644 openssl-1.1.0h/doc/ssl/ssl.pod (limited to 'openssl-1.1.0h/doc') diff --git a/openssl-1.1.0h/doc/HOWTO/certificates.txt b/openssl-1.1.0h/doc/HOWTO/certificates.txt new file mode 100644 index 0000000..65f8fc8 --- /dev/null +++ b/openssl-1.1.0h/doc/HOWTO/certificates.txt @@ -0,0 +1,110 @@ + + HOWTO certificates + +1. Introduction + +How you handle certificates depends a great deal on what your role is. +Your role can be one or several of: + + - User of some client application + - User of some server application + - Certificate authority + +This file is for users who wish to get a certificate of their own. +Certificate authorities should read https://www.openssl.org/docs/apps/ca.html. + +In all the cases shown below, the standard configuration file, as +compiled into openssl, will be used. You may find it in /etc/, +/usr/local/ssl/ or somewhere else. By default the file is named +openssl.cnf and is described at https://www.openssl.org/docs/apps/config.html. +You can specify a different configuration file using the +'-config {file}' argument with the commands shown below. + + +2. Relationship with keys + +Certificates are related to public key cryptography by containing a +public key. To be useful, there must be a corresponding private key +somewhere. With OpenSSL, public keys are easily derived from private +keys, so before you create a certificate or a certificate request, you +need to create a private key. + +Private keys are generated with 'openssl genrsa -out privkey.pem' if +you want a RSA private key, or if you want a DSA private key: +'openssl dsaparam -out dsaparam.pem 2048; openssl gendsa -out privkey.pem dsaparam.pem'. + +The private keys created by these commands are not passphrase protected; +it might or might not be the desirable thing. Further information on how to +create private keys can be found at https://www.openssl.org/docs/HOWTO/keys.txt. +The rest of this text assumes you have a private key in the file privkey.pem. + + +3. Creating a certificate request + +To create a certificate, you need to start with a certificate request +(or, as some certificate authorities like to put it, "certificate +signing request", since that's exactly what they do, they sign it and +give you the result back, thus making it authentic according to their +policies). A certificate request is sent to a certificate authority +to get it signed into a certificate. You can also sign the certificate +yourself if you have your own certificate authority or create a +self-signed certificate (typically for testing purpose). + +The certificate request is created like this: + + openssl req -new -key privkey.pem -out cert.csr + +Now, cert.csr can be sent to the certificate authority, if they can +handle files in PEM format. If not, use the extra argument '-outform' +followed by the keyword for the format to use (see another HOWTO +). In some cases, -outform does not let you output the +certificate request in the right format and you will have to use one +of the various other commands that are exposed by openssl (or get +creative and use a combination of tools). + +The certificate authority performs various checks (according to their +policies) and usually waits for payment from you. Once that is +complete, they send you your new certificate. + +Section 5 will tell you more on how to handle the certificate you +received. + + +4. Creating a self-signed test certificate + +You can create a self-signed certificate if you don't want to deal +with a certificate authority, or if you just want to create a test +certificate for yourself. This is similar to creating a certificate +request, but creates a certificate instead of a certificate request. +This is NOT the recommended way to create a CA certificate, see +https://www.openssl.org/docs/apps/ca.html. + + openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095 + + +5. What to do with the certificate + +If you created everything yourself, or if the certificate authority +was kind enough, your certificate is a raw DER thing in PEM format. +Your key most definitely is if you have followed the examples above. +However, some (most?) certificate authorities will encode them with +things like PKCS7 or PKCS12, or something else. Depending on your +applications, this may be perfectly OK, it all depends on what they +know how to decode. If not, There are a number of OpenSSL tools to +convert between some (most?) formats. + +So, depending on your application, you may have to convert your +certificate and your key to various formats, most often also putting +them together into one file. The ways to do this is described in +another HOWTO , I will just mention the simplest case. +In the case of a raw DER thing in PEM format, and assuming that's all +right for your applications, simply concatenating the certificate and +the key into a new file and using that one should be enough. With +some applications, you don't even have to do that. + + +By now, you have your certificate and your private key and can start +using applications that depend on it. + +-- +Richard Levitte diff --git a/openssl-1.1.0h/doc/HOWTO/keys.txt b/openssl-1.1.0h/doc/HOWTO/keys.txt new file mode 100644 index 0000000..1662c17 --- /dev/null +++ b/openssl-1.1.0h/doc/HOWTO/keys.txt @@ -0,0 +1,105 @@ + + HOWTO keys + +1. Introduction + +Keys are the basis of public key algorithms and PKI. Keys usually +come in pairs, with one half being the public key and the other half +being the private key. With OpenSSL, the private key contains the +public key information as well, so a public key doesn't need to be +generated separately. + +Public keys come in several flavors, using different cryptographic +algorithms. The most popular ones associated with certificates are +RSA and DSA, and this HOWTO will show how to generate each of them. + + +2. To generate a RSA key + +A RSA key can be used both for encryption and for signing. + +Generating a key for the RSA algorithm is quite easy, all you have to +do is the following: + + openssl genrsa -des3 -out privkey.pem 2048 + +With this variant, you will be prompted for a protecting password. If +you don't want your key to be protected by a password, remove the flag +'-des3' from the command line above. + +The number 2048 is the size of the key, in bits. Today, 2048 or +higher is recommended for RSA keys, as fewer amount of bits is +consider insecure or to be insecure pretty soon. + + +3. To generate a DSA key + +A DSA key can be used for signing only. It is important to +know what a certificate request with a DSA key can really be used for. + +Generating a key for the DSA algorithm is a two-step process. First, +you have to generate parameters from which to generate the key: + + openssl dsaparam -out dsaparam.pem 2048 + +The number 2048 is the size of the key, in bits. Today, 2048 or +higher is recommended for DSA keys, as fewer amount of bits is +consider insecure or to be insecure pretty soon. + +When that is done, you can generate a key using the parameters in +question (actually, several keys can be generated from the same +parameters): + + openssl gendsa -des3 -out privkey.pem dsaparam.pem + +With this variant, you will be prompted for a protecting password. If +you don't want your key to be protected by a password, remove the flag +'-des3' from the command line above. + + +4. To generate an EC key + +An EC key can be used both for key agreement (ECDH) and signing (ECDSA). + +Generating a key for ECC is similar to generating a DSA key. These are +two-step processes. First, you have to get the EC parameters from which +the key will be generated: + + openssl ecparam -name prime256v1 -out prime256v1.pem + +The prime256v1, or NIST P-256, which stands for 'X9.62/SECG curve over +a 256-bit prime field', is the name of an elliptic curve which generates the +parameters. You can use the following command to list all supported curves: + + openssl ecparam -list_curves + +When that is done, you can generate a key using the created parameters (several +keys can be produced from the same parameters): + + openssl genpkey -des3 -paramfile prime256v1.pem -out private.key + +With this variant, you will be prompted for a password to protect your key. +If you don't want your key to be protected by a password, remove the flag +'-des3' from the command line above. + +You can also directly generate the key in one step: + + openssl ecparam -genkey -name prime256v1 -out private.key + +or + + openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:P-256 + + +5. NOTE + +If you intend to use the key together with a server certificate, +it may be reasonable to avoid protecting it with a password, since +otherwise someone would have to type in the password every time the +server needs to access the key. + +For X25519, it's treated as a distinct algorithm but not as one of +the curves listed with 'ecparam -list_curves' option. You can use +the following command to generate an X25519 key: + + openssl genpkey -algorithm X25519 -out xkey.pem diff --git a/openssl-1.1.0h/doc/HOWTO/proxy_certificates.txt b/openssl-1.1.0h/doc/HOWTO/proxy_certificates.txt new file mode 100644 index 0000000..642bec9 --- /dev/null +++ b/openssl-1.1.0h/doc/HOWTO/proxy_certificates.txt @@ -0,0 +1,319 @@ + HOWTO proxy certificates + +0. WARNING + +NONE OF THE CODE PRESENTED HERE HAS BEEN CHECKED! The code is just examples to +show you how things could be done. There might be typos or type conflicts, and +you will have to resolve them. + +1. Introduction + +Proxy certificates are defined in RFC 3820. They are really usual certificates +with the mandatory extension proxyCertInfo. + +Proxy certificates are issued by an End Entity (typically a user), either +directly with the EE certificate as issuing certificate, or by extension through +an already issued proxy certificate. Proxy certificates are used to extend +rights to some other entity (a computer process, typically, or sometimes to the +user itself). This allows the entity to perform operations on behalf of the +owner of the EE certificate. + +See http://www.ietf.org/rfc/rfc3820.txt for more information. + + +2. A warning about proxy certificates + +No one seems to have tested proxy certificates with security in mind. To this +date, it seems that proxy certificates have only been used in a context highly +aware of them. + +Existing applications might misbehave when trying to validate a chain of +certificates which use a proxy certificate. They might incorrectly consider the +leaf to be the certificate to check for authorisation data, which is controlled +by the EE certificate owner. + +subjectAltName and issuerAltName are forbidden in proxy certificates, and this +is enforced in OpenSSL. The subject must be the same as the issuer, with one +commonName added on. + +Possible threats we can think of at this time include: + + - impersonation through commonName (think server certificates). + - use of additional extensions, possibly non-standard ones used in certain + environments, that would grant extra or different authorisation rights. + +For these reasons, OpenSSL requires that the use of proxy certificates be +explicitly allowed. Currently, this can be done using the following methods: + + - if the application directly calls X509_verify_cert(), it can first call: + + X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS); + + Where ctx is the pointer which then gets passed to X509_verify_cert(). + + - proxy certificate validation can be enabled before starting the application + by setting the environment variable OPENSSL_ALLOW_PROXY_CERTS. + +In the future, it might be possible to enable proxy certificates by editing +openssl.cnf. + + +3. How to create proxy certificates + +Creating proxy certificates is quite easy, by taking advantage of a lack of +checks in the 'openssl x509' application (*ahem*). You must first create a +configuration section that contains a definition of the proxyCertInfo extension, +for example: + + [ v3_proxy ] + # A proxy certificate MUST NEVER be a CA certificate. + basicConstraints=CA:FALSE + + # Usual authority key ID + authorityKeyIdentifier=keyid,issuer:always + + # The extension which marks this certificate as a proxy + proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:1,policy:text:AB + +It's also possible to specify the proxy extension in a separate section: + + proxyCertInfo=critical,@proxy_ext + + [ proxy_ext ] + language=id-ppl-anyLanguage + pathlen=0 + policy=text:BC + +The policy value has a specific syntax, {syntag}:{string}, where the syntag +determines what will be done with the string. The following syntags are +recognised: + + text indicates that the string is simply bytes, without any encoding: + + policy=text:räksmörgås + + Previous versions of this design had a specific tag for UTF-8 text. + However, since the bytes are copied as-is anyway, there is no need for + such a specific tag. + + hex indicates the string is encoded in hex, with colons between each byte + (every second hex digit): + + policy=hex:72:E4:6B:73:6D:F6:72:67:E5:73 + + Previous versions of this design had a tag to insert a complete DER + blob. However, the only legal use for this would be to surround the + bytes that would go with the hex: tag with whatever is needed to + construct a correct OCTET STRING. The DER tag therefore felt + superfluous, and was removed. + + file indicates that the text of the policy should really be taken from a + file. The string is then really a file name. This is useful for + policies that are large (more than a few lines, e.g. XML documents). + +The 'policy' setting can be split up in multiple lines like this: + + 0.policy=This is + 1.policy= a multi- + 2.policy=line policy. + +NOTE: the proxy policy value is the part which determines the rights granted to +the process using the proxy certificate. The value is completely dependent on +the application reading and interpreting it! + +Now that you have created an extension section for your proxy certificate, you +can easily create a proxy certificate by doing: + + openssl req -new -config openssl.cnf -out proxy.req -keyout proxy.key + openssl x509 -req -CAcreateserial -in proxy.req -days 7 -out proxy.crt \ + -CA user.crt -CAkey user.key -extfile openssl.cnf -extensions v3_proxy + +You can also create a proxy certificate using another proxy certificate as +issuer (note: I'm using a different configuration section for it): + + openssl req -new -config openssl.cnf -out proxy2.req -keyout proxy2.key + openssl x509 -req -CAcreateserial -in proxy2.req -days 7 -out proxy2.crt \ + -CA proxy.crt -CAkey proxy.key -extfile openssl.cnf -extensions v3_proxy2 + + +4. How to have your application interpret the policy? + +The basic way to interpret proxy policies is to start with some default rights, +then compute the resulting rights by checking the proxy certificate against +the chain of proxy certificates, user certificate and CA certificates. You then +use the final computed rights. Sounds easy, huh? It almost is. + +The slightly complicated part is figuring out how to pass data between your +application and the certificate validation procedure. + +You need the following ingredients: + + - a callback function that will be called for every certificate being + validated. The callback be called several times for each certificate, + so you must be careful to do the proxy policy interpretation at the right + time. You also need to fill in the defaults when the EE certificate is + checked. + + - a data structure that is shared between your application code and the + callback. + + - a wrapper function that sets it all up. + + - an ex_data index function that creates an index into the generic ex_data + store that is attached to an X509 validation context. + +Here is some skeleton code you can fill in: + + #include + #include + #include + #include + + #define total_rights 25 + + /* + * In this example, I will use a view of granted rights as a bit + * array, one bit for each possible right. + */ + typedef struct your_rights { + unsigned char rights[(total_rights + 7) / 8]; + } YOUR_RIGHTS; + + /* + * The following procedure will create an index for the ex_data + * store in the X509 validation context the first time it's called. + * Subsequent calls will return the same index. */ + static int get_proxy_auth_ex_data_idx(X509_STORE_CTX *ctx) + { + static volatile int idx = -1; + if (idx < 0) { + X509_STORE_lock(X509_STORE_CTX_get0_store(ctx)); + if (idx < 0) { + idx = X509_STORE_CTX_get_ex_new_index(0, + "for verify callback", + NULL,NULL,NULL); + } + X509_STORE_unlock(X509_STORE_CTX_get0_store(ctx)); + } + return idx; + } + + /* Callback to be given to the X509 validation procedure. */ + static int verify_callback(int ok, X509_STORE_CTX *ctx) + { + if (ok == 1) { + /* + * It's REALLY important you keep the proxy policy + * check within this section. It's important to know + * that when ok is 1, the certificates are checked + * from top to bottom. You get the CA root first, + * followed by the possible chain of intermediate + * CAs, followed by the EE certificate, followed by + * the possible proxy certificates. + */ + X509 *xs = X509_STORE_CTX_get_current_cert(ctx); + + if (X509_get_extension_flags(xs) & EXFLAG_PROXY) { + YOUR_RIGHTS *rights = + (YOUR_RIGHTS *)X509_STORE_CTX_get_ex_data(ctx, + get_proxy_auth_ex_data_idx(ctx)); + PROXY_CERT_INFO_EXTENSION *pci = + X509_get_ext_d2i(xs, NID_proxyCertInfo, NULL, NULL); + + switch (OBJ_obj2nid(pci->proxyPolicy->policyLanguage)) { + case NID_Independent: + /* + * Do whatever you need to grant explicit rights to + * this particular proxy certificate, usually by + * pulling them from some database. If there are none + * to be found, clear all rights (making this and any + * subsequent proxy certificate void of any rights). + */ + memset(rights->rights, 0, sizeof(rights->rights)); + break; + case NID_id_ppl_inheritAll: + /* + * This is basically a NOP, we simply let the current + * rights stand as they are. + */ + break; + default: + /* This is usually the most complex section of code. + * You really do whatever you want as long as you + * follow RFC 3820. In the example we use here, the + * simplest thing to do is to build another, temporary + * bit array and fill it with the rights granted by + * the current proxy certificate, then use it as a + * mask on the accumulated rights bit array, and + * voilà, you now have a new accumulated rights bit + * array. + */ + { + int i; + YOUR_RIGHTS tmp_rights; + memset(tmp_rights.rights, 0, sizeof(tmp_rights.rights)); + + /* + * process_rights() is supposed to be a procedure + * that takes a string and it's length, interprets + * it and sets the bits in the YOUR_RIGHTS pointed + * at by the third argument. + */ + process_rights((char *) pci->proxyPolicy->policy->data, + pci->proxyPolicy->policy->length, + &tmp_rights); + + for(i = 0; i < total_rights / 8; i++) + rights->rights[i] &= tmp_rights.rights[i]; + } + break; + } + PROXY_CERT_INFO_EXTENSION_free(pci); + } else if (!(X509_get_extension_flags(xs) & EXFLAG_CA)) { + /* We have an EE certificate, let's use it to set default! */ + YOUR_RIGHTS *rights = + (YOUR_RIGHTS *)X509_STORE_CTX_get_ex_data(ctx, + get_proxy_auth_ex_data_idx(ctx)); + + /* The following procedure finds out what rights the owner + * of the current certificate has, and sets them in the + * YOUR_RIGHTS structure pointed at by the second + * argument. + */ + set_default_rights(xs, rights); + } + } + return ok; + } + + static int my_X509_verify_cert(X509_STORE_CTX *ctx, + YOUR_RIGHTS *needed_rights) + { + int ok; + int (*save_verify_cb)(int ok,X509_STORE_CTX *ctx) = + X509_STORE_CTX_get_verify_cb(ctx); + YOUR_RIGHTS rights; + + X509_STORE_CTX_set_verify_cb(ctx, verify_callback); + X509_STORE_CTX_set_ex_data(ctx, get_proxy_auth_ex_data_idx(ctx), &rights); + X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS); + ok = X509_verify_cert(ctx); + + if (ok == 1) { + ok = check_needed_rights(rights, needed_rights); + } + + X509_STORE_CTX_set_verify_cb(ctx, save_verify_cb); + + return ok; + } + + +If you use SSL or TLS, you can easily set up a callback to have the +certificates checked properly, using the code above: + + SSL_CTX_set_cert_verify_callback(s_ctx, my_X509_verify_cert, &needed_rights); + + +-- +Richard Levitte diff --git a/openssl-1.1.0h/doc/README b/openssl-1.1.0h/doc/README new file mode 100644 index 0000000..cac4115 --- /dev/null +++ b/openssl-1.1.0h/doc/README @@ -0,0 +1,20 @@ + +README This file + +fingerprints.txt + PGP fingerprints of authorised release signers + +standards.txt + Moved to the web, https://www.openssl.org/docs/standards.html + +HOWTO/ + A few how-to documents; not necessarily up-to-date +apps/ + The openssl command-line tools; start with openssl.pod +ssl/ + The SSL library; start with ssl.pod +crypto/ + The cryptographic library; start with crypto.pod + +Formatted versions of the manpages (apps,ssl,crypto) can be found at + https://www.openssl.org/docs/manpages.html diff --git a/openssl-1.1.0h/doc/apps/CA.pl.pod b/openssl-1.1.0h/doc/apps/CA.pl.pod new file mode 100644 index 0000000..a7f3970 --- /dev/null +++ b/openssl-1.1.0h/doc/apps/CA.pl.pod @@ -0,0 +1,214 @@ +=pod + +=head1 NAME + +CA.pl - friendlier interface for OpenSSL certificate programs + +=head1 SYNOPSIS + +B +B<-?> | +B<-h> | +B<-help> + +B +B<-newcert> | +B<-newreq> | +B<-newreq-nodes> | +B<-xsign> | +B<-sign> | +B<-signCA> | +B<-signcert> | +B<-crl> | +B<-newca> +[B<-extra-cmd> extra-params] + +B B<-pkcs12> [B<-extra-pkcs12> extra-params] [B] + +B B<-verify> [B<-extra-verify> extra-params] B... + +B B<-revoke> [B<-extra-ca> extra-params] B [B] + +=head1 DESCRIPTION + +The B script is a perl script that supplies the relevant command line +arguments to the B command for some common certificate operations. +It is intended to simplify the process of certificate creation and management +by the use of some simple options. + +=head1 OPTIONS + +=over 4 + +=item B, B<-h>, B<-help> + +prints a usage message. + +=item B<-newcert> + +creates a new self signed certificate. The private key is written to the file +"newkey.pem" and the request written to the file "newreq.pem". +This argument invokes B command. + +=item B<-newreq> + +creates a new certificate request. The private key is written to the file +"newkey.pem" and the request written to the file "newreq.pem". +Executes B command below the hood. + +=item B<-newreq-nodes> + +is like B<-newreq> except that the private key will not be encrypted. +Uses B command. + +=item B<-newca> + +creates a new CA hierarchy for use with the B program (or the B<-signcert> +and B<-xsign> options). The user is prompted to enter the filename of the CA +certificates (which should also contain the private key) or by hitting ENTER +details of the CA will be prompted for. The relevant files and directories +are created in a directory called "demoCA" in the current directory. +B and B commands are get invoked. + +=item B<-pkcs12> + +create a PKCS#12 file containing the user certificate, private key and CA +certificate. It expects the user certificate and private key to be in the +file "newcert.pem" and the CA certificate to be in the file demoCA/cacert.pem, +it creates a file "newcert.p12". This command can thus be called after the +B<-sign> option. The PKCS#12 file can be imported directly into a browser. +If there is an additional argument on the command line it will be used as the +"friendly name" for the certificate (which is typically displayed in the browser +list box), otherwise the name "My Certificate" is used. +Delegates work to B command. + +=item B<-sign>, B<-signcert>, B<-xsign> + +calls the B program to sign a certificate request. It expects the request +to be in the file "newreq.pem". The new certificate is written to the file +"newcert.pem" except in the case of the B<-xsign> option when it is written +to standard output. Leverages B command. + +=item B<-signCA> + +this option is the same as the B<-signreq> option except it uses the configuration +file section B and so makes the signed request a valid CA certificate. This +is useful when creating intermediate CA from a root CA. +Extra params are passed on to B command. + +=item B<-signcert> + +this option is the same as B<-sign> except it expects a self signed certificate +to be present in the file "newreq.pem". +Extra params are passed on to B and B commands. + +=item B<-crl> + +generate a CRL. Executes B command. + +=item B<-revoke certfile [reason]> + +revoke the certificate contained in the specified B. An optional +reason may be specified, and must be one of: B, +B, B, B, B, +B, B, or B. +Leverages B command. + +=item B<-verify> + +verifies certificates against the CA certificate for "demoCA". If no certificates +are specified on the command line it tries to verify the file "newcert.pem". +Invokes B command. + +=item B<-extra-req> | B<-extra-ca> | B<-extra-pkcs12> | B<-extra-x509> | B<-extra-verify> + +The purpose of these parameters is to allow optional parameters to be supplied +to B that this command executes. The B<-extra-cmd> are specific to the +option being used and the B command getting invoked. For example +when this command invokes B extra parameters can be passed on +with the B<-extra-req> parameter. The +B commands being invoked per option are documented below. +Users should consult B command documentation for more information. + +=back + +=head1 EXAMPLES + +Create a CA hierarchy: + + CA.pl -newca + +Complete certificate creation example: create a CA, create a request, sign +the request and finally create a PKCS#12 file containing it. + + CA.pl -newca + CA.pl -newreq + CA.pl -signreq + CA.pl -pkcs12 "My Test Certificate" + +=head1 DSA CERTIFICATES + +Although the B creates RSA CAs and requests it is still possible to +use it with DSA certificates and requests using the L command +directly. The following example shows the steps that would typically be taken. + +Create some DSA parameters: + + openssl dsaparam -out dsap.pem 1024 + +Create a DSA CA certificate and private key: + + openssl req -x509 -newkey dsa:dsap.pem -keyout cacert.pem -out cacert.pem + +Create the CA directories and files: + + CA.pl -newca + +enter cacert.pem when prompted for the CA file name. + +Create a DSA certificate request and private key (a different set of parameters +can optionally be created first): + + openssl req -out newreq.pem -newkey dsa:dsap.pem + +Sign the request: + + CA.pl -signreq + +=head1 NOTES + +Most of the filenames mentioned can be modified by editing the B script. + +If the demoCA directory already exists then the B<-newca> command will not +overwrite it and will do nothing. This can happen if a previous call using +the B<-newca> option terminated abnormally. To get the correct behaviour +delete the demoCA directory if it already exists. + +Under some environments it may not be possible to run the B script +directly (for example Win32) and the default configuration file location may +be wrong. In this case the command: + + perl -S CA.pl + +can be used and the B environment variable changed to point to +the correct path of the configuration file. + +The script is intended as a simple front end for the B program for use +by a beginner. Its behaviour isn't always what is wanted. For more control over the +behaviour of the certificate commands call the B command directly. + +=head1 SEE ALSO + +L, L, L, L, +L + +=head1 COPYRIGHT + +Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/openssl-1.1.0h/doc/apps/asn1parse.pod b/openssl-1.1.0h/doc/apps/asn1parse.pod new file mode 100644 index 0000000..3c607e8 --- /dev/null +++ b/openssl-1.1.0h/doc/apps/asn1parse.pod @@ -0,0 +1,209 @@ +=pod + +=head1 NAME + +openssl-asn1parse, +asn1parse - ASN.1 parsing tool + +=head1 SYNOPSIS + +B B +[B<-help>] +[B<-inform PEM|DER>] +[B<-in filename>] +[B<-out filename>] +[B<-noout>] +[B<-offset number>] +[B<-length number>] +[B<-i>] +[B<-oid filename>] +[B<-dump>] +[B<-dlimit num>] +[B<-strparse offset>] +[B<-genstr string>] +[B<-genconf file>] +[B<-strictpem>] + +=head1 DESCRIPTION + +The B command is a diagnostic utility that can parse ASN.1 +structures. It can also be used to extract data from ASN.1 formatted data. + +=head1 OPTIONS + +=over 4 + +=item B<-help> + +Print out a usage message. + +=item B<-inform> B + +the input format. B is binary format and B (the default) is base64 +encoded. + +=item B<-in filename> + +the input file, default is standard input + +=item B<-out filename> + +output file to place the DER encoded data into. If this +option is not present then no data will be output. This is most useful when +combined with the B<-strparse> option. + +=item B<-noout> + +don't output the parsed version of the input file. + +=item B<-offset number> + +starting offset to begin parsing, default is start of file. + +=item B<-length number> + +number of bytes to parse, default is until end of file. + +=item B<-i> + +indents the output according to the "depth" of the structures. + +=item B<-oid filename> + +a file containing additional OBJECT IDENTIFIERs (OIDs). The format of this +file is described in the NOTES section below. + +=item B<-dump> + +dump unknown data in hex format. + +=item B<-dlimit num> + +like B<-dump>, but only the first B bytes are output. + +=item B<-strparse offset> + +parse the contents octets of the ASN.1 object starting at B. This +option can be used multiple times to "drill down" into a nested structure. + +=item B<-genstr string>, B<-genconf file> + +generate encoded data based on B, B or both using +L format. If B only is +present then the string is obtained from the default section using the name +B. The encoded data is passed through the ASN1 parser and printed out as +though it came from a file, the contents can thus be examined and written to a +file using the B option. + +=item B<-strictpem> + +If this option is used then B<-inform> will be ignored. Without this option any +data in a PEM format input file will be treated as being base64 encoded and +processed whether it has the normal PEM BEGIN and END markers or not. This +option will ignore any data prior to the start of the BEGIN marker, or after an +END marker in a PEM file. + +=back + +=head2 Output + +The output will typically contain lines like this: + + 0:d=0 hl=4 l= 681 cons: SEQUENCE + +..... + + 229:d=3 hl=3 l= 141 prim: BIT STRING + 373:d=2 hl=3 l= 162 cons: cont [ 3 ] + 376:d=3 hl=3 l= 159 cons: SEQUENCE + 379:d=4 hl=2 l= 29 cons: SEQUENCE + 381:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier + 386:d=5 hl=2 l= 22 prim: OCTET STRING + 410:d=4 hl=2 l= 112 cons: SEQUENCE + 412:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier + 417:d=5 hl=2 l= 105 prim: OCTET STRING + 524:d=4 hl=2 l= 12 cons: SEQUENCE + +..... + +This example is part of a self-signed certificate. Each line starts with the +offset in decimal. B specifies the current depth. The depth is increased +within the scope of any SET or SEQUENCE. B gives the header length +(tag and length octets) of the current type. B gives the length of +the contents octets. + +The B<-i> option can be used to make the output more readable. + +Some knowledge of the ASN.1 structure is needed to interpret the output. + +In this example the BIT STRING at offset 229 is the certificate public key. +The contents octets of this will contain the public key information. This can +be examined using the option B<-strparse 229> to yield: + + 0:d=0 hl=3 l= 137 cons: SEQUENCE + 3:d=1 hl=3 l= 129 prim: INTEGER :E5D21E1F5C8D208EA7A2166C7FAF9F6BDF2059669C60876DDB70840F1A5AAFA59699FE471F379F1DD6A487E7D5409AB6A88D4A9746E24B91D8CF55DB3521015460C8EDE44EE8A4189F7A7BE77D6CD3A9AF2696F486855CF58BF0EDF2B4068058C7A947F52548DDF7E15E96B385F86422BEA9064A3EE9E1158A56E4A6F47E5897 + 135:d=1 hl=2 l= 3 prim: INTEGER :010001 + +=head1 NOTES + +If an OID is not part of OpenSSL's internal table it will be represented in +numerical form (for example 1.2.3.4). The file passed to the B<-oid> option +allows additional OIDs to be included. Each line consists of three columns, +the first column is the OID in numerical format and should be followed by white +space. The second column is the "short name" which is a single word followed +by white space. The final column is the rest of the line and is the +"long name". B displays the long name. Example: + +C<1.2.3.4 shortName A long name> + +=head1 EXAMPLES + +Parse a file: + + openssl asn1parse -in file.pem + +Parse a DER file: + + openssl asn1parse -inform DER -in file.der + +Generate a simple UTF8String: + + openssl asn1parse -genstr 'UTF8:Hello World' + +Generate and write out a UTF8String, don't print parsed output: + + openssl asn1parse -genstr 'UTF8:Hello World' -noout -out utf8.der + +Generate using a config file: + + openssl asn1parse -genconf asn1.cnf -noout -out asn1.der + +Example config file: + + asn1=SEQUENCE:seq_sect + + [seq_sect] + + field1=BOOL:TRUE + field2=EXP:0, UTF8:some random string + + +=head1 BUGS + +There should be options to change the format of output lines. The output of some +ASN.1 types is not well handled (if at all). + +=head1 SEE ALSO + +L + +=head1 COPYRIGHT + +Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/openssl-1.1.0h/doc/apps/ca.pod b/openssl-1.1.0h/doc/apps/ca.pod new file mode 100644 index 0000000..9918a13 --- /dev/null +++ b/openssl-1.1.0h/doc/apps/ca.pod @@ -0,0 +1,724 @@ +=pod + +=head1 NAME + +openssl-ca, +ca - sample minimal CA application + +=head1 SYNOPSIS + +B B +[B<-help>] +[B<-verbose>] +[B<-config filename>] +[B<-name section>] +[B<-gencrl>] +[B<-revoke file>] +[B<-valid file>] +[B<-status serial>] +[B<-updatedb>] +[B<-crl_reason reason>] +[B<-crl_hold instruction>] +[B<-crl_compromise time>] +[B<-crl_CA_compromise time>] +[B<-crldays days>] +[B<-crlhours hours>] +[B<-crlexts section>] +[B<-startdate date>] +[B<-enddate date>] +[B<-days arg>] +[B<-md arg>] +[B<-policy arg>] +[B<-keyfile arg>] +[B<-keyform PEM|DER>] +[B<-key arg>] +[B<-passin arg>] +[B<-cert file>] +[B<-selfsign>] +[B<-in file>] +[B<-out file>] +[B<-notext>] +[B<-outdir dir>] +[B<-infiles>] +[B<-spkac file>] +[B<-ss_cert file>] +[B<-preserveDN>] +[B<-noemailDN>] +[B<-batch>] +[B<-msie_hack>] +[B<-extensions section>] +[B<-extfile section>] +[B<-engine id>] +[B<-subj arg>] +[B<-utf8>] +[B<-create_serial>] +[B<-multivalue-rdn>] + +=head1 DESCRIPTION + +The B command is a minimal CA application. It can be used +to sign certificate requests in a variety of forms and generate +CRLs it also maintains a text database of issued certificates +and their status. + +The options descriptions will be divided into each purpose. + +=head1 OPTIONS + +=over 4 + +=item B<-help> + +Print out a usage message. + +=item B<-verbose> + +this prints extra details about the operations being performed. + +=item B<-config filename> + +specifies the configuration file to use. +Optional; for a description of the default value, +see L. + +=item B<-name section> + +specifies the configuration file section to use (overrides +B in the B section). + +=item B<-in filename> + +an input filename containing a single certificate request to be +signed by the CA. + +=item B<-ss_cert filename> + +a single self-signed certificate to be signed by the CA. + +=item B<-spkac filename> + +a file containing a single Netscape signed public key and challenge +and additional field values to be signed by the CA. See the B +section for information on the required input and output format. + +=item B<-infiles> + +if present this should be the last option, all subsequent arguments +are taken as the names of files containing certificate requests. + +=item B<-out filename> + +the output file to output certificates to. The default is standard +output. The certificate details will also be printed out to this +file in PEM format (except that B<-spkac> outputs DER format). + +=item B<-outdir directory> + +the directory to output certificates to. The certificate will be +written to a filename consisting of the serial number in hex with +".pem" appended. + +=item B<-cert> + +the CA certificate file. + +=item B<-keyfile filename> + +the private key to sign requests with. + +=item B<-keyform PEM|DER> + +the format of the data in the private key file. +The default is PEM. + +=item B<-key password> + +the password used to encrypt the private key. Since on some +systems the command line arguments are visible (e.g. Unix with +the 'ps' utility) this option should be used with caution. + +=item B<-selfsign> + +indicates the issued certificates are to be signed with the key +the certificate requests were signed with (given with B<-keyfile>). +Certificate requests signed with a different key are ignored. If +B<-spkac>, B<-ss_cert> or B<-gencrl> are given, B<-selfsign> is +ignored. + +A consequence of using B<-selfsign> is that the self-signed +certificate appears among the entries in the certificate database +(see the configuration option B), and uses the same +serial number counter as all other certificates sign with the +self-signed certificate. + +=item B<-passin arg> + +the key password source. For more information about the format of B +see the B section in L. + +=item B<-notext> + +don't output the text form of a certificate to the output file. + +=item B<-startdate date> + +this allows the start date to be explicitly set. The format of the +date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime structure). + +=item B<-enddate date> + +this allows the expiry date to be explicitly set. The format of the +date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime structure). + +=item B<-days arg> + +the number of days to certify the certificate for. + +=item B<-md alg> + +the message digest to use. +Any digest supported by the OpenSSL B command can be used. +This option also applies to CRLs. + +=item B<-policy arg> + +this option defines the CA "policy" to use. This is a section in +the configuration file which decides which fields should be mandatory +or match the CA certificate. Check out the B section +for more information. + +=item B<-msie_hack> + +this is a legacy option to make B work with very old versions of +the IE certificate enrollment control "certenr3". It used UniversalStrings +for almost everything. Since the old control has various security bugs +its use is strongly discouraged. The newer control "Xenroll" does not +need this option. + +=item B<-preserveDN> + +Normally the DN order of a certificate is the same as the order of the +fields in the relevant policy section. When this option is set the order +is the same as the request. This is largely for compatibility with the +older IE enrollment control which would only accept certificates if their +DNs match the order of the request. This is not needed for Xenroll. + +=item B<-noemailDN> + +The DN of a certificate can contain the EMAIL field if present in the +request DN, however it is good policy just having the e-mail set into +the altName extension of the certificate. When this option is set the +EMAIL field is removed from the certificate' subject and set only in +the, eventually present, extensions. The B keyword can be +used in the configuration file to enable this behaviour. + +=item B<-batch> + +this sets the batch mode. In this mode no questions will be asked +and all certificates will be certified automatically. + +=item B<-extensions section> + +the section of the configuration file containing certificate extensions +to be added when a certificate is issued (defaults to B +unless the B<-extfile> option is used). If no extension section is +present then, a V1 certificate is created. If the extension section +is present (even if it is empty), then a V3 certificate is created. See the:w +L manual page for details of the +extension section format. + +=item B<-extfile file> + +an additional configuration file to read certificate extensions from +(using the default section unless the B<-extensions> option is also +used). + +=item B<-engine id> + +specifying an engine (by its unique B string) will cause B +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. + +=item B<-subj arg> + +supersedes subject name given in the request. +The arg must be formatted as I, +characters may be escaped by \ (backslash), no spaces are skipped. + +=item B<-utf8> + +this option causes field values to be interpreted as UTF8 strings, by +default they are interpreted as ASCII. This means that the field +values, whether prompted from a terminal or obtained from a +configuration file, must be valid UTF8 strings. + +=item B<-create_serial> + +if reading serial from the text file as specified in the configuration +fails, specifying this option creates a new random serial to be used as next +serial number. + +=item B<-multivalue-rdn> + +This option causes the -subj argument to be interpreted with full +support for multivalued RDNs. Example: + +I + +If -multi-rdn is not used then the UID value is I<123456+CN=John Doe>. + +=back + +=head1 CRL OPTIONS + +=over 4 + +=item B<-gencrl> + +this option generates a CRL based on information in the index file. + +=item B<-crldays num> + +the number of days before the next CRL is due. That is the days from +now to place in the CRL nextUpdate field. + +=item B<-crlhours num> + +the number of hours before the next CRL is due. + +=item B<-revoke filename> + +a filename containing a certificate to revoke. + +=item B<-valid filename> + +a filename containing a certificate to add a Valid certificate entry. + +=item B<-status serial> + +displays the revocation status of the certificate with the specified +serial number and exits. + +=item B<-updatedb> + +Updates the database index to purge expired certificates. + +=item B<-crl_reason reason> + +revocation reason, where B is one of: B, B, +B, B, B, B, +B or B. The matching of B is case +insensitive. Setting any revocation reason will make the CRL v2. + +In practice B is not particularly useful because it is only used +in delta CRLs which are not currently implemented. + +=item B<-crl_hold instruction> + +This sets the CRL revocation reason code to B and the hold +instruction to B which must be an OID. Although any OID can be +used only B (the use of which is discouraged by RFC2459) +B or B will normally be used. + +=item B<-crl_compromise time> + +This sets the revocation reason to B and the compromise time to +B