variables can be substituted. It is also possible to assign values to
environment variables by using the name B<ENV::name>, this will work
if the program looks up environment variables using the B<CONF> library
-instead of calling B<getenv()> directly.
+instead of calling getenv() directly.
It is possible to escape certain characters by using any kind of quote
or the B<\> character. By making the last character of a line a B<\>
its section have been processed.
The command B<default_algorithms> sets the default algorithms an ENGINE will
-supply using the functions B<ENGINE_set_default_string()>
+supply using the functions ENGINE_set_default_string().
If the name matches none of the above command names it is assumed to be a
ctrl command which is sent to the ENGINE. The value of the command is the
=item B<-C>
this option converts the parameters into C code. The parameters can then
-be loaded by calling the B<get_dsaXXX()> function.
+be loaded by calling the get_dsaXXX() function.
=item B<-genkey>
=item B<-C>
This option converts the EC parameters into C code. The parameters can then
-be loaded by calling the B<get_ec_group_XXX()> function.
+be loaded by calling the get_ec_group_XXX() function.
=item B<-check>
B<certs>, B<signcert> and B<pkey> parameters can all be B<NULL> and the
B<CMS_PARTIAL> flag set. Then one or more signers can be added using the
function CMS_sign_add1_signer(), non default digests can be used and custom
-attributes added. B<CMS_final()> must then be called to finalize the
+attributes added. CMS_final() must then be called to finalize the
structure if streaming is not enabled.
=head1 BUGS
specific data attached to a specific structure.
These functions should only be used by applications to manipulate
-B<CRYPTO_EX_DATA> structures passed to the B<new_func()>, B<free_func()> and
-B<dup_func()> callbacks: as passed to B<RSA_get_ex_new_index()> for example.
+B<CRYPTO_EX_DATA> structures passed to the new_func(), free_func() and
+dup_func() callbacks: as passed to RSA_get_ex_new_index() for example.
-B<CRYPTO_set_ex_data()> is used to set application specific data, the data is
+CRYPTO_set_ex_data() is used to set application specific data, the data is
supplied in the B<arg> parameter and its precise meaning is up to the
application.
-B<CRYPTO_get_ex_data()> is used to retrieve application specific data. The data
+CRYPTO_get_ex_data() is used to retrieve application specific data. The data
is returned to the application, this will be the same value as supplied to
-a previous B<CRYPTO_set_ex_data()> call.
+a previous CRYPTO_set_ex_data() call.
=head1 RETURN VALUES
-B<CRYPTO_set_ex_data()> returns 1 on success or 0 on failure.
+CRYPTO_set_ex_data() returns 1 on success or 0 on failure.
-B<CRYPTO_get_ex_data()> returns the application data or 0 on failure. 0 may also
+CRYPTO_get_ex_data() returns the application data or 0 on failure. 0 may also
be valid application data but currently it can only fail if given an invalid B<idx>
parameter.
The B<certs>, B<signcert> and B<pkey> parameters can all be
B<NULL> if the B<PKCS7_PARTIAL> flag is set. One or more signers can be added
-using the function B<PKCS7_sign_add_signer()>. B<PKCS7_final()> must also be
+using the function PKCS7_sign_add_signer(). PKCS7_final() must also be
called to finalize the structure if streaming is not enabled. Alternative
signing digests can also be specified using this method.
Since the application data can be anything at all it is passed and retrieved
as a B<void *> type.
-The B<RSA_get_ex_new_index()> function is initially called to "register" some
+The RSA_get_ex_new_index() function is initially called to "register" some
new application specific data. It takes three optional function pointers which
are called when the parent structure (in this case an RSA structure) is
initially created, when it is copied and when it is freed up. If any or all of
these function pointer arguments are not used they should be set to NULL. The
precise manner in which these function pointers are called is described in more
-detail below. B<RSA_get_ex_new_index()> also takes additional long and pointer
+detail below. RSA_get_ex_new_index() also takes additional long and pointer
parameters which will be passed to the supplied functions but which otherwise
have no special meaning. It returns an B<index> which should be stored
(typically in a static variable) and passed used in the B<idx> parameter in
-the remaining functions. Each successful call to B<RSA_get_ex_new_index()>
+the remaining functions. Each successful call to RSA_get_ex_new_index()
will return an index greater than any previously returned, this is important
because the optional functions are called in order of increasing index value.
-B<RSA_set_ex_data()> is used to set application specific data, the data is
+RSA_set_ex_data() is used to set application specific data, the data is
supplied in the B<arg> parameter and its precise meaning is up to the
application.
-B<RSA_get_ex_data()> is used to retrieve application specific data. The data
+RSA_get_ex_data() is used to retrieve application specific data. The data
is returned to the application, this will be the same value as supplied to
-a previous B<RSA_set_ex_data()> call.
+a previous RSA_set_ex_data() call.
-B<new_func()> is called when a structure is initially allocated (for example
-with B<RSA_new()>. The parent structure members will not have any meaningful
+new_func() is called when a structure is initially allocated (for example
+with RSA_new(). The parent structure members will not have any meaningful
values at this point. This function will typically be used to allocate any
application specific structure.
-B<free_func()> is called when a structure is being freed up. The dynamic parent
+free_func() is called when a structure is being freed up. The dynamic parent
structure members should not be accessed because they will be freed up when
this function is called.
-
B<new_func()> and B<free_func()> take the same parameters. B<parent> is a
+
new_func() and free_func() take the same parameters. B<parent> is a
pointer to the parent RSA structure. B<ptr> is a the application specific data
-(this wont be of much use in
B<new_func()>. B<ad> is a pointer to the
+(this wont be of much use in
new_func(). B<ad> is a pointer to the
B<CRYPTO_EX_DATA> structure from the parent RSA structure: the functions
-B<CRYPTO_get_ex_data()> and B<CRYPTO_set_ex_data()> can be called to manipulate
+CRYPTO_get_ex_data() and CRYPTO_set_ex_data() can be called to manipulate
it. The B<idx> parameter is the index: this will be the same value returned by
-B<RSA_get_ex_new_index()> when the functions were initially registered. Finally
+RSA_get_ex_new_index() when the functions were initially registered. Finally
the B<argl> and B<argp> parameters are the values originally passed to the same
-corresponding parameters when B<RSA_get_ex_new_index()> was called.
+corresponding parameters when RSA_get_ex_new_index() was called.
-B<dup_func()> is called when a structure is being copied. Pointers to the
+dup_func() is called when a structure is being copied. Pointers to the
destination and source B<CRYPTO_EX_DATA> structures are passed in the B<to> and
B<from> parameters respectively. The B<from_d> parameter is passed a pointer to
the source application data when the function is called, when the function returns
the value is copied to the destination: the application can thus modify the data
pointed to by B<from_d> and have different values in the source and destination.
-The B<idx>, B<argl> and B<argp> parameters are the same as those in B<new_func()>
-and B<free_func()>.
+The B<idx>, B<argl> and B<argp> parameters are the same as those in new_func()
+and free_func().
=head1 RETURN VALUES
-B<RSA_get_ex_new_index()> returns a new index or -1 on failure (note 0 is a valid
+RSA_get_ex_new_index() returns a new index or -1 on failure (note 0 is a valid
index value).
-B<RSA_set_ex_data()> returns 1 on success or 0 on failure.
+RSA_set_ex_data() returns 1 on success or 0 on failure.
-B<RSA_get_ex_data()> returns the application data or 0 on failure. 0 may also
+RSA_get_ex_data() returns the application data or 0 on failure. 0 may also
be valid application data but currently it can only fail if given an invalid B<idx>
parameter.
-B<new_func()> and B<dup_func()> should return 0 for failure and 1 for success.
+new_func() and dup_func() should return 0 for failure and 1 for success.
On failure an error code can be obtained from L<ERR_get_error(3)>.
=head1 BUGS
-B<dup_func()> is currently never called.
+dup_func() is currently never called.
-The return value of B<new_func()> is ignored.
+The return value of new_func() is ignored.
-The B<new_func()> function isn't very useful because no meaningful values are
+The new_func() function isn't very useful because no meaningful values are
present in the parent RSA structure when it is called.
=head1 SEE ALSO
If the B<PKCS7_STREAM> flag is set streaming is performed. This flag should
only be set if B<PKCS7_STREAM> was also set in the previous call to
-PKCS7_sign() or B<PKCS7_encrypt()>.
+PKCS7_sign() or PKCS7_encrypt().
If cleartext signing is being used and B<PKCS7_STREAM> not set then
the data must be read twice: once to compute the signature in PKCS7_sign()
must be set to the length of B<name>. When a hostname is specified,
certificate verification automatically invokes L<X509_check_host(3)>
with flags equal to the B<flags> argument given to
-B<X509_VERIFY_PARAM_set_hostflags()> (default zero). Applications
+X509_VERIFY_PARAM_set_hostflags() (default zero). Applications
are strongly advised to use this interface in preference to explicitly
calling L<X509_check_host(3)>, hostname checks are out of scope
with the DANE-EE(3) certificate usage, and the internal check will
The encoded data is in binary form and may contain embedded zeroes.
Therefore any FILE pointers or BIOs should be opened in binary mode.
-Functions such as B<strlen()> will B<not> return the correct length
+Functions such as strlen() will B<not> return the correct length
of the encoded structure.
The ways that B<*in> and B<*out> are incremented after the operation
This code will result in B<buf> apparently containing garbage because
it was incremented after the call to point after the data just written.
-Also B<buf> will no longer contain the pointer allocated by B<OPENSSL_malloc()>
-and the subsequent call to B<OPENSSL_free()> may well crash.
+Also B<buf> will no longer contain the pointer allocated by OPENSSL_malloc()
+and the subsequent call to OPENSSL_free() may well crash.
-Another trap to avoid is misuse of the B<xp> argument to B<d2i_X509()>:
+Another trap to avoid is misuse of the B<xp> argument to d2i_X509():
X509 *x;
if (!d2i_X509(&x, &p, len))
/* Some error */
-This will probably crash somewhere in B<d2i_X509()>. The reason for this
+This will probably crash somewhere in d2i_X509(). The reason for this
is that the variable B<x> is uninitialized and an attempt will be made to
interpret its (invalid) value as an B<X509> structure, typically causing
a segmentation violation. If B<x> is set to NULL first then this will not
=head1 DESCRIPTION
-SSL_CTX_set_cert_cb() and SSL_set_cert_cb() sets the B<cert_cb()> callback,
+SSL_CTX_set_cert_cb() and SSL_set_cert_cb() sets the cert_cb() callback,
B<arg> value is pointer which is passed to the application callback.
-When B<cert_cb()> is NULL, no callback function is used.
+When cert_cb() is NULL, no callback function is used.
cert_cb() is the application defined callback. It is called before a
certificate will be used by a client or server. The callback can then inspect
=head1 DESCRIPTION
-SSL_CTX_set_client_cert_cb() sets the B<client_cert_cb()> callback, that is
+SSL_CTX_set_client_cert_cb() sets the client_cert_cb() callback, that is
called when a client certificate is requested by a server and no certificate
was yet set for the SSL object.
-When B<client_cert_cb()> is NULL, no callback function is used.
+When client_cert_cb() is NULL, no callback function is used.
SSL_CTX_get_client_cert_cb() returns a pointer to the currently set callback
function.
projects / openssl.git / commitdiff