Matt
On 30/07/2021 17:55, Ken Goldman wrote:
It would be nice if the documentation would guarantee that
this function is a no-op when the parameter is NULL - like
the standard free() call.
This would save coding (if not NULL) all the time.
Same comment for all the _free functions.
I know I can
All our _free functions will accept NULL. We rely on this extensively
*everywhere*. We perhaps could be better at documenting it, but you can
rely on it.
Matt
On 30/07/2021 17:55, Ken Goldman wrote:
It would be nice if the documentation would guarantee that
this function is a no-op when the
It would be nice if the documentation would guarantee that
this function is a no-op when the parameter is NULL - like
the standard free() call.
This would save coding (if not NULL) all the time.
Same comment for all the _free functions.
I know I can look at the code, but that doesn't
pr
> From: "Bhadri Madapusi"
>
> Is there any documentation on which version of openssl are supported
> on PPC LE. I am trying to figure out which version of 1.0.2 source
> and FIPS module to use to compile my nginx with openssl and FIPS. Thank
you.
Not documentation,
Hi,
Is there any documentation on which version of openssl are supported on
PPC LE. I am trying to figure out which version of 1.0.2 source and FIPS
module to use to compile my nginx with openssl and FIPS. Thank you.
regards,
Bhadri
On Thu, Jul 23, 2020 at 02:35:28AM +0200, Jakob Bohm via openssl-users wrote:
> The OPENSSL_ia32cap_P variable, its bitfields and the code that sets
> it (in assembler) seemto have no clear documentation.
Have you seen the OPENSSL_ia32cap manpage?
Kurt
On 2020-07-26 01:56, Jan Just Keijser wrote:
On 23/07/20 02:35, Jakob Bohm via openssl-users wrote:
The OPENSSL_ia32cap_P variable, its bitfields and the code that sets
it (in assembler) seemto have no clear documentation.
Thanks, I somehow missed that document as I was grepping the code
On 23/07/20 02:35, Jakob Bohm via openssl-users wrote:
The OPENSSL_ia32cap_P variable, its bitfields and the code that sets
it (in assembler) seemto have no clear documentation.
Looking at x86_64cpuid.pl, I see jumps to ".Lintel" etc. being
conditional
on stuff other than the CP
The OPENSSL_ia32cap_P variable, its bitfields and the code that sets
it (in assembler) seemto have no clear documentation.
Looking at x86_64cpuid.pl, I see jumps to ".Lintel" etc. being conditional
on stuff other than the CPU being an Intel CPU, while the code in there is
generally
On 05/08/2019 22:53, Dawn Cassara wrote:
> Where would I find the easiest, most comprehensive installation instructions
> for
> Windows 2012 r2?
I assume you mean installation of OpenSSL on that platform!
Installation instructions are here:
https://github.com/openssl/openssl/blob/master/INST
Perhaps not on an OpenSSL list?You might try stackoverflow.comCharlesSent from
a mobile; please excuse the brevity.
Original message From: Dawn Cassara
Date: 8/5/19 5:53 PM (GMT-05:00) To: openssl-users@openssl.org Subject:
documentation on installation Where would I find
Where would I find the easiest, most comprehensive installation
instructions for Windows 2012 r2?
--
Dawn Cassara
832-224-6826 / 314-332-0279
Houston / St. Louis Reputation Management http://HoustonRepManagement.com
http://StLouisRepManagement.com
some questions:
how many iteration of PBKDF must I do ? Must the result of the
encryption be hashed with HMAC ?
Kind regards,
Alexis.
Le ven. 1 févr. 2019 à 13:58, Alexis BRENON @OpenSSL
a écrit :
>
> i everyone,
>
> I am looking for some documentation on how to pad and/or derive my
i everyone,
I am looking for some documentation on how to pad and/or derive my
message and my key (from simple password), to mimic AES 128 ECB
en/decryption.
For a decorative purpose (no security consideration in mind), I used
openssl to encrypt a small message (less than 16 bytes) with a small
On Fri, 15 Sep 2017 15:54:16 +
"Salz, Rich via openssl-users" wrote:
> Links across versions don’t really work since we moved from “crypto” “ssl” to
> man3, etc.
> Perhaps we should just take them down.
One might suppose that it "failed" to a secure mode. Older files will remain
secure
Links across versions don’t really work since we moved from “crypto” “ssl” to
man3, etc.
Perhaps we should just take them down.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Many pages like:
https://www.openssl.org/docs/man1.0.2/crypto/PEM_read_bio_PUBKEY.html
will have a link on the right that says: "1.1.0" version, which I'd rather
read because I'm using 1.1.0+, but it links to:
https://www.openssl.org/docs/man1.1.0/crypto/pem.html
which does not exist. Nor
t; https://github.com/openssl/openssl/issues
>>
>> You'll need a github user id.
>>
>> >
>> > I'd also be willing to help with documentation, if that's possible.
>>
>> It is possible. Make the relevant changes (file
>> doc/ma
ser id.
>
> >
> > I'd also be willing to help with documentation, if that's possible.
>
> It is possible. Make the relevant changes (file
> doc/man3/RSA_get0_key.pod) in a recent checkout of master and then
> create a github pull request:
>
> https://gi
t;>> If this behavior is guaranteed, it would be nice if it was documented.
>>
>> Wanna open an issue to fix the doc? :)
>>
>
> I'd be happy to, but I don't know how.
Click "New Issue" on this page:
https://github.com/openssl/openssl/issues
You&
issue to fix the doc? :)
I'd be happy to, but I don't know how.
I'd also be willing to help with documentation, if that's possible.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> The __current__ code for this function returns values if the **BIGNUM is
> not NULL. Thus, it appears safe to pass in NULL for values not needed.
Yes. That's true for many "get" functions.
> However, the documentation is silent on this behavior.
>
> If this be
The __current__ code for this function returns values if the **BIGNUM is
not NULL. Thus, it appears safe to pass in NULL for values not needed.
However, the documentation is silent on this behavior.
If this behavior is guaranteed, it would be nice if it was documented.
If not, a comment in
Paul Dale | Cryptographer | Network Security & Encryption
Phone +61 7 3031 7217
Oracle Australia
-Original Message-
From: Schmicker, Robert [mailto:rsc...@unh.newhaven.edu]
Sent: Monday, 1 May 2017 1:08 PM
To: openssl-users@openssl.org
Subject: [openssl-users] Documentation for Integrat
> While the process is still fresh in my head, I was wondering if the community
> would benefit in having some documentation on the process to follow and
> issues that may arise? Possibly add this into the OpenSSL wiki?
This would be a great idea.
--
openssl-users mailing list
To un
libcrypto and libssl. While
the process is still fresh in my head, I was wondering if the community would
benefit in having some documentation on the process to follow and issues that
may arise? Possibly add this into the OpenSSL wiki? I would love for this to be
my first contribution to an open
Hello,
Can anyone here point me in the direction to some documentation on
build.info<http://build.info> files?
For the most part I’m creating mine using examples from other crypto ciphers
but could use some more in depth explanation of what is going on when it is
being parsed.
Thanks Frank,
I assume that by "the SSL error handler" you mean that I can get the error
by calling ERR_get_error() ?
BR
Joachim
2016-11-09 0:54 GMT+01:00 Frank Migge :
> Hi Joachim,
>
> >> It seems like the documentation for SSL_set_tlsext_host_name is gone.
> >
Hi Joachim,
>> It seems like the documentation for SSL_set_tlsext_host_name is gone.
>> Does anyone know where I can find the documentation? I am interested
in the return values right now.
If I got it right:
1) ssl/tls1.h (line 334ff): # define SSL_set_tlsext_host_name(s
On 11/08/2016 01:24 AM, Joachim Person wrote:
> Hi,
>
> It seems like the documentation for SSL_set_tlsext_host_name is gone.
> Does anyone know where I can find the documentation? I am interested
> in the return values right now.
>
> https://www.openssl.
Hi,
It seems like the documentation for SSL_set_tlsext_host_name is gone. Does
anyone know where I can find the documentation? I am interested in the
return values right now.
https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_tlsext_host_name.html
(Page not found)
BR
Joachim
--
openssl-users
Hi all,
Another thing: couldn't SSL_OP_CIPHER_SERVER_PREFERENCE be renamed (or
aliased) to SSL_OP_SERVER_PREFERENCE in OpenSSL 1.1.0 because it applies
to more objects than only cipher suites?
--
Julien
Message transféré
Sujet : Wording in OpenSSL documentatio
Hi,
In a recent discussion in the news.software.nntp newsgroup, we discussed
the use of SSL_OP_CIPHER_SERVER_PREFERENCE, and would like to point out
a possible improvement in the wording of the documentation of
SSL_CTX_set_options.
Currently, there is in OpenSSL documentation:
https
t de
Jakob Bohm
Envoyé : mardi 27 octobre 2015 02:21
À : openssl-users@openssl.org
Objet : Re: [openssl-users] suggested enhancement documentation or warning
for pkey command line tool
On 26/10/2015 14:02, Viktor Dukhovni wrote:
> On Mon, Oct 26, 2015 at 01:21:24PM +0100, Michel wrote:
>
uld add consistent private
key encryption options to all the affected apps, while
keeping the historic defaults of each command.
Documentation would encourage explicitly specifying the
desired format even if it happens to be the current default.
Then after a long transition period (to get all manne
On Tue, Oct 27, 2015 at 02:21:13AM +0100, Jakob Bohm wrote:
> More specifically, the issue is that the currently
> recommended command "openssl pkey", allegedly silently
> omits the encryption when told not to Base64 encode the
> encrypted key.
I agree this is a bug, and needs to be fixed. A fat
On 26/10/2015 14:02, Viktor Dukhovni wrote:
On Mon, Oct 26, 2015 at 01:21:24PM +0100, Michel wrote:
I believe it might be usefull to remind in the documentation that the
-cipher argment for openssl pkey command line tool is silently ignore when
combined with -outform DER.
May be it is worth
On Mon, Oct 26, 2015 at 01:21:24PM +0100, Michel wrote:
> I believe it might be usefull to remind in the documentation that the
> -cipher argment for openssl pkey command line tool is silently ignore when
> combined with -outform DER.
>
> May be it is worth to add a warning to
Hi,
I believe it might be usefull to remind in the documentation that the
-cipher argment for openssl pkey command line tool is silently ignore when
combined with -outform DER.
May be it is worth to add a warning too ?
___
openssl-users mailing list
2015-05-09 21:47 GMT+02:00 Salz, Rich :
>
>> After getting into building and especially configuring my own CA again I'm
>> nearly at the end and I've noticed some errors in the documentation I want
>> to report.
>
> I like the "again" :)
Ye
> After getting into building and especially configuring my own CA again I'm
> nearly at the end and I've noticed some errors in the documentation I want
> to report.
I like the "again" :)
> 3) On https://www.openssl.org/docs/apps/req.html the option -subj i
Hello list!
After getting into building and especially configuring my own CA again
I'm nearly at the end and I've noticed some errors in the
documentation I want to report.
1) On https://www.openssl.org/docs/apps/ca.html for the -md option not
all possible values (sha256, sha384, etc.
Steve Marquess
writes:
>> Are you certain? For a user-space component like OpenSSL, this is
>> obviously true, but I think you could argue that a kernel module's
>> "Operational Environment" has no relation to the Linux distro, only to
>> the kernel it's loaded by and the hardware architecture (
On 03/27/2015 04:45 AM, Henrik Grindal Bakken wrote:
> Steve Marquess
> writes:
>
>>> If the CMVP bureaucracy insists on a specific kernel version
>>> for the platform number, this should be one of the "Long Term
>>> Support" kernel releases to maximize longevity (assuming that
>>> regular OS pat
Steve Marquess
writes:
>> If the CMVP bureaucracy insists on a specific kernel version
>> for the platform number, this should be one of the "Long Term
>> Support" kernel releases to maximize longevity (assuming that
>> regular OS patching within a version number is still accepted
>> as "same pla
On 26/03/2015 22:29, Steve Marquess wrote:
On 03/26/2015 01:41 PM, Jakob Bohm wrote:
On 26/03/2015 16:56, Steve Marquess wrote:
On 03/26/2015 11:30 AM, John Foley wrote:
We looked at this very briefly a couple of years ago. In theory, there
may be a way to achieve the goal as a loadable kerne
On 03/26/2015 01:41 PM, Jakob Bohm wrote:
> On 26/03/2015 16:56, Steve Marquess wrote:
>> On 03/26/2015 11:30 AM, John Foley wrote:
>>> We looked at this very briefly a couple of years ago. In theory, there
>>> may be a way to achieve the goal as a loadable kernel module (a.k.a.
>>> device driver)
On 26/03/2015 16:56, Steve Marquess wrote:
On 03/26/2015 11:30 AM, John Foley wrote:
We looked at this very briefly a couple of years ago. In theory, there
may be a way to achieve the goal as a loadable kernel module (a.k.a.
device driver). The idea would be to have a kernel module that provid
On 03/26/2015 01:00 PM, Marcus Meissner wrote:
> ...
>>
>> Unfortunately FIPS 140-2 validation conflicts rather violently with open
>> source software (and with software engineering best practice in general,
>> for that matter). Even if some benevolent benefactor ponied up the
>> quarter megabuck i
On Thu, Mar 26, 2015 at 10:57:28AM -0400, Steve Marquess wrote:
> On 03/25/2015 06:26 PM, jone...@teksavvy.com wrote:
> > On Wed, 25 Mar 2015 17:03:04 -0400
> > Steve Marquess wrote:
> >
> >> I wasn't aware the Linux kernel (the real one, not proprietary
> >> commercial derivatives) had a "FIPS"
On 03/26/2015 11:30 AM, John Foley wrote:
> We looked at this very briefly a couple of years ago. In theory, there
> may be a way to achieve the goal as a loadable kernel module (a.k.a.
> device driver). The idea would be to have a kernel module that provides
> crypto support. This kernel module
We looked at this very briefly a couple of years ago. In theory, there
may be a way to achieve the goal as a loadable kernel module (a.k.a.
device driver). The idea would be to have a kernel module that provides
crypto support. This kernel module would be the FIPS object module,
with the FIP
On 03/25/2015 06:26 PM, jone...@teksavvy.com wrote:
> On Wed, 25 Mar 2015 17:03:04 -0400
> Steve Marquess wrote:
>
>> I wasn't aware the Linux kernel (the real one, not proprietary
>> commercial derivatives) had a "FIPS" mode. Please enlighten me.
>
> It could very well be that the word 'mode' i
On Wed, 25 Mar 2015 17:03:04 -0400
Steve Marquess wrote:
> I wasn't aware the Linux kernel (the real one, not proprietary
> commercial derivatives) had a "FIPS" mode. Please enlighten me.
It could very well be that the word 'mode' is not the right one.
'option' would perhaps be better. This art
On 03/25/2015 04:12 PM, jonetsu wrote:
> Hello,
>
> This is not about OpenSSL, although from experience, maybe some know
> the answer. Does anyone know if actual documentation exists for the
> Linux kernel FIPS mode apart from the source itself ? There is
> nothing in Doc
On Wed, Mar 25, 2015 at 4:12 PM, jonetsu wrote:
> Hello,
>
> This is not about OpenSSL, although from experience, maybe some know the
> answer. Does anyone know if actual documentation exists for the Linux kernel
> FIPS mode apart from the source itself ? There is nothing i
Hello,
This is not about OpenSSL, although from experience, maybe some know the
answer. Does anyone know if actual documentation exists for the Linux kernel
FIPS mode apart from the source itself ? There is nothing in Documentation/ as
per 3.18.2. - thanks.
Regards
On 10/4/2013 at 9:52 PM Dave Thompson wrote:
|> From: owner-openssl-us...@openssl.org On Behalf Of Mike.
|> Sent: Friday, October 04, 2013 16:28
|
|> I have just started to learn OpenSSL, and I am having troubles
|> finding documentation that is helpful.
|>
|> www.openssl.org
> From: owner-openssl-us...@openssl.org On Behalf Of Mike.
> Sent: Friday, October 04, 2013 16:28
> I have just started to learn OpenSSL, and I am having troubles
> finding documentation that is helpful.
>
> www.openssl.org seems to have lots of reference documentation, but
I have just started to learn OpenSSL, and I am having troubles
finding documentation that is helpful.
www.openssl.org seems to have lots of reference documentation, but
not too much in usage documentation, e.g., what are the typical
contents expected in the SAN for a CA cert vs. those of a
Hi All,
Is it possible to configure a build that does not include documentations?
I'm working on Mac OSX, and I have three targets under /usr/local/ssl/
(iphoneos, iphonesimulator, and macosx). There's no reason to install
the documentation over top itself multiple ti
y, October 04, 2012 11:43 AM
To: openssl-users@openssl.org
Subject: Re: Documentation for TXT_DB errors?
On 10/03/2012 05:49 AM, Dave Thompson wrote:
>> I deleted index.txt and reset serial.txt to 00 and that
>> solved the problem.
>>
>> Hope that was not a terrible idea.
I
On 10/03/2012 05:49 AM, Dave Thompson wrote:
>> I deleted index.txt and reset serial.txt to 00 and that
>> solved the problem.
>>
>> Hope that was not a terrible idea.
In my opinion, reusing serials is a *very bad* idea in general.
It is definitely deprecated and maybe forbidden in some legal cont
nation
(cf Sherlock Holmes). But I suggest keeping track of what you do,
so if the problem does recur you can post a complete scenario
for us (maybe but not necessarily me) to look at.
> Charles
>
> -----Original Message-
> From: Charles Mills [mailto:charl...@mcn.org]
&
charl...@mcn.org]
Sent: Tuesday, October 02, 2012 9:03 AM
To: 'openssl-users@openssl.org'
Subject: RE: Documentation for TXT_DB errors?
Dave, as always, thanks.
> Unlike most(?) other modules in openssl, txt_db does NOT use the ERR_
module with its error strings
I love OpenSSL and I
Dave, as always, thanks.
> Unlike most(?) other modules in openssl, txt_db does NOT use the ERR_
module with its error strings
I love OpenSSL and I'm not going to tell you how to run your organization
but better documentation would probably mean both wider acceptance and fewer
dumb q
> From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills
> Sent: Monday, 01 October, 2012 10:12
> Is there specific documentation anywhere for TXT_DB errors?
>
AFAIK only $sourcetree/crypto/txt_db/txt_db.h
Unlike most(?) other modules in openssl, txt_db does NOT use
the
Is there specific documentation anywhere for TXT_DB errors?
I'm not a total newbie at this but I am not an expert. I have issued server
certificates before but now I am stuck on a TXT_DB error 2.
serial.txt exists and contains 1C. index.txt exists and contains 17
(decimal) lines.
Unless
red) log in page. Do you have a link
>> to the actual documentation?
>>
>> --
>> Ken Goldman kgold...@us.ibm.com
>> 914-945-2415 (862-2415)
>>
>>
>>
>>
>> From:
>> To:openssl-users@openssl.org,
>> Date:
Username is guest, password is guest.
Matt
On 12 September 2012 14:12, Kenneth Goldman wrote:
> All I get is an (ironically unsecured) log in page. Do you have a link to
> the actual documentation?
>
> --
> Ken Goldman kgold...@us.ibm.com
> 914-945-2415 (862-2415)
&g
On Wed, 2012-09-12 at 00:28 +0300, farmdve data.bg wrote:
> I have seen a lot of applications that utilize the OpenSSL library,
> however I see that the majority of the documentation is incomplete.
>
>
> In particular, I need some documentation for the EC package in the
>
On Wed, 2012-09-12 at 00:28 +0300, farmdve data.bg wrote:
> I have seen a lot of applications that utilize the OpenSSL library,
> however I see that the majority of the documentation is incomplete.
>
>
> In particular, I need some documentation for the EC package in the
>
I have seen a lot of applications that utilize the OpenSSL library, however
I see that the majority of the documentation is incomplete.
In particular, I need some documentation for the EC package in the
'crypto' sub-folder, I mean, it's not possible for application developers
to ge
any documentation for them.. Has anyone used them or has
any idea about them and can you please guide me as in how to use them in my
code to take user password input or is there any better function in openssl
using which i can achieve what i intend to do in first place.
Many thanks
Abhiroop
> From: owner-openssl-us...@openssl.org On Behalf Of Jakob Bohm
> Sent: Wednesday, 19 October, 2011 06:04
> On 10/19/2011 6:10 AM, Mohan Radhakrishnan wrote:
> >
> > Hi,
> >
> > Is there any material available that shows flows of one-way/two-ssl
> > and different types of CA architectures ? We us
On 10/19/2011 6:10 AM, Mohan Radhakrishnan wrote:
Hi,
Is there any material available that shows flows of one-way/two-ssl
and different types of CA architectures ? We use two-way SSL and
generate CSR’s and update expired certificates and we are aware of the
basic points.
I am not sure wha
Hi,
Is there any material available that shows flows of
one-way/two-ssl and different types of CA architectures ? We use two-way
SSL and generate CSR's and update expired certificates and we are aware
of the basic points.
I have browsed the NIST website.
Thanks,
Mohan
DISCLAIMER
FYI: I've been using
http://www.openssl.org/docs/crypto/crypto.html
as a starting point for openssl man pages.
Today, I stumbled upon
http://www.openssl.org/docs/crypto/
which is much more complete.
Is there someone I should email to request an update to the publically
visible
ranch/branches you are targeting (0.9.8x, 1.0.0x or 1.0.1x).
> I hope this will help you enrich OpenSSL with this interesting engine.
A comment on code contributions. The pace at which OpenSSL's code has
evolved has far outstipped the evolution of the documentation. I think
this needs to stop.
Hi.
I'm trying to implement an Engine to use my decoder with openssl. However, I
find the API lacking documentation. This far I only seen comments in source
code headers. How shall I go about implementing my engine? (AES cipher
initially)
Have searched alot and read many source files.
I've been looking all over for this, and I can't find it.
Background - I'm trying to build stunnel on a platform that doesn't
include RSA_generate_key, so I need to modify it to use the newer API.
At the very least, I need to know how to check the return value of the
new API.
Thanks!
--
===
On Mon, Jul 12, 2010 at 3:29 PM, Ian Pilcher wrote:
> > the whole shebang bundled in a 7z for minimum transfer size.
>
> That's what I needed. (It did take me a while to figure out how to deal
> with a "7z" file.)
>
Sorry, been spreading 7zip through my environment for so long I sometimes
forge
On 07/11/2010 08:58 PM, Ger Hobbelt wrote:
> The new API is called RSA_generate_key_ex() and has a different interface.
That much I know. The problem is finding the documentation for the new
interface.
> the whole shebang bundled in a 7z for minimum transfer size.
That's what I n
there iff you need that thing.
- documentation in doc/crypto/RSA_ .pod files; for some odd reason
there's the old
http://www.openssl.org/docs/crypto/RSA_generate_key.html
but not the new
http://www.openssl.org/docs/crypto/RSA_generate_key_ex.html
doc on-line yet.
the who
I've been looking all over for this, and I can't find it.
Background - I'm trying to build stunnel on a platform that doesn't
include RSA_generate_key, so I need to modify it to use the newer API.
At the very least, I need to know how to check the return value of the
new API.
Thanks!
--
===
I can not find any mention of these in documentation or man pages
> Can someone point me to where I might find them
>
As far as I can see they are not documented on their own.
They are the core of a base64 BIO created by BIO_f_base64(),
which does have a (brief) manpage, but they are expos
I bought a copy of Network Security with OpenSSL from a friend
In chapter 7 section Secure HTTP Cookies the examples use functions
EVP_EncodeBlock and EVP_DecodeBlock
I can not find any mention of these in documentation or man pages
Can someone point me to where I might find them
Thanks
Richard
On Sat February 13 2010, John L Veazey wrote:
> On Sat, Feb 13, 2010 at 1:04 AM, Patrick M. Rutkowski
> wrote:
> > From the SSL_get_error() man page:
> >
> >
> > The current thread's error queue must be empty before the TLS/SSL I/O
> > opera
I was just reading that. I believe my original answer was quite
wrong. Let me step out of the way and let someone else answer this
question.
Sorry.
On Sat, Feb 13, 2010 at 1:04 AM, Patrick M. Rutkowski
wrote:
> From the SSL_get_error() man page:
>
>
>From the SSL_get_error() man page:
The current thread's error queue must be empty before the TLS/SSL I/O
operation is attempted, or SSL_get_error() will not work reliably.
And don't
When dealing with the high level SSL_* functions, stick with
SSL_get_error() as per s_client.c and s_server.c.
If you are doing things on a lower level, you may need to deal with
the error stack yourself; but for people new to OpenSSL, just stick
with functions starting with SSL_* or BIO_*
On Fri
I should have mentioned ERR_get_error() in my question, that's what's
most heavily on my mind. The question is if you have to call clear the
error stack with ERR_get_error() after every failed SSL call, even
failures that are often "not really failures." For example, my code
considered SSL_read() r
Patrick,
I believe the "sane state" implied here is that if you call
SSL_get_error() some of the time and not all of the time, you may be
getting information about errors that happened any time in the past
for that SSL*. It won't necessarily prevent OpenSSL from working
correctly, just your perce
As an OpenSSL newbie, I'm trouble that the man pages for SSL_write()
and SSL_read() don't stress that you should clear the error stack upon
a failed call. They suggest you check SSL_get_error(), but they make
no mention of clearing the error stack afterward, and I hear that
clearing the error stack
llos I want to send -- is that in scope or not? Implemented yet,
or not? If you give me something that is received, I'd like to be able to send
that same something)
I am not suggesting that this has to be implemented to satisfy my need. But, it
is not clear from the documentation in
is really has nothing to do with OpenSSL - or at least, only
tangentially - If you don't understand the basics of how the IETF and
ITU have defined X.509 and the Internet profiles, then no amount of
OpenSSL documentation is going to save you.
If you read the specifications, you can very easil
That works for *future* documentation for *new* code, but it doesn't address
the existing gaps.
Perhaps examining where the existing gaps are biggest would be productive.
For me, two areas have always been confusing:
1) What objects are dynamically allocated, appropriately reference co
.
>
My sense is that this thread is no longer productive. Perhaps we can stop.
FWIW, the Postfix project strives to avoid documentation gaps, by not
accepting code contributions that are not *fully* documented at the time
the code is contributed. The first step towards improving OpenSSL docs,
ugh to satisfy you, you are out of luck.
Often the designer, programmer, and documentation writer are one and the same
person, and the proper global design (and thus documentation) goals are not
clear until some attempt at implementation. Agile development trumps waterfall
design because you can neve
Not quite. The docs may not indicate whether a returned reference is
dynamically allocated, statically allocated, reference counted, how to
deallocate, etc. The API will still be correct as far as a reference being
returned, but the documentation will be incomplete.
Often the library
1 - 100 of 252 matches
Mail list logo