=head1 RETURN VALUES
BIO_socket() returns the socket number on success or B<INVALID_SOCKET>
-(-1) on error. When an error has occured, the OpenSSL error stack
+(-1) on error. When an error has occurred, the OpenSSL error stack
will hold the error data and errno has the system error.
BIO_connect() and BIO_listen() return 1 on success or 0 on error.
-When an error has occured, the OpenSSL error stack will hold the error
+When an error has occurred, the OpenSSL error stack will hold the error
data and errno has the system error.
BIO_accept_ex() returns the accepted socket on success or
-B<INVALID_SOCKET> (-1) on error. When an error has occured, the
+B<INVALID_SOCKET> (-1) on error. When an error has occurred, the
OpenSSL error stack will hold the error data and errno has the system
error.
create strings with the host name and service name and give those
back via B<host> and B<service>. Those will need to be freed after
they are used. B<hostserv_prio> helps determine if B<hostserv> shall
-be interpreted primarly as a host name or a service name in ambiguous
+be interpreted primarily as a host name or a service name in ambiguous
cases.
The syntax the BIO_parse_hostserv() recognises is:
connection on that chain is shutdown and the socket closed when
the BIO is freed.
-Calling BIO_reset() on a accept BIO will close any active
+Calling BIO_reset() on an accept BIO will close any active
connection and reset the BIO into a state where it awaits another
incoming connection.
port. The port is represented as a string of the form "host:port",
where "host" is the interface to use and "port" is the port.
The host can be "*" or empty which is interpreted as meaning
-any interface. If the host is a IPv6 address, it has to be
+any interface. If the host is an IPv6 address, it has to be
enclosed in brackets, for example "[::1]:https". "port" has the
same syntax as the port specified in BIO_set_conn_port() for
connect BIOs, that is it can be a numerical port string or a
=head1 WARNING
-As the data is buffered, SSL_operation() may return with a ERROR_SSL_WANT_READ
+As the data is buffered, SSL_operation() may return with an ERROR_SSL_WANT_READ
condition, but there is still data in the write buffer. An application must
not rely on the error value of SSL_operation() but must assure that the
write buffer is always flushed first. Otherwise a deadlock may occur as
type (int *).
BIO_set_conn_hostname() uses the string B<name> to set the hostname.
-The hostname can be an IP address; if the address is a IPv6 one, it
+The hostname can be an IP address; if the address is an IPv6 one, it
must be enclosed with brackets. The hostname can also include the
port in the form hostname:port.
BIO_read() and BIO_write() read or write the underlying descriptor.
BIO_puts() is supported but BIO_gets() is not.
-If the close flag is set then then close() is called on the underlying
+If the close flag is set then close() is called on the underlying
file descriptor when the BIO is freed.
BIO_reset() attempts to change the file pointer to the start of file
BN_BLINDING_set_current_thread() doesn't return anything.
BN_BLINDING_lock(), BN_BLINDING_unlock() return 1 if the operation
-succeded or 0 on error.
+succeeded or 0 on error.
BN_BLINDING_get_flags() returns the currently set B<BN_BLINDING> flags
(a B<unsigned long> value).
=item EVP_CIPH_FLAG_AEAD_CIPHER
-This indicates that this is a AEAD cipher implementation.
+This indicates that this is an AEAD cipher implementation.
=item EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
When setting up a DigestAlgorithmIdentifier, this flag will have the
parameter be left absent by default. I<Note: if combined with
-EVP_MD_FLAG_DIGALGID_NULL, the latter will be overriden.>
+EVP_MD_FLAG_DIGALGID_NULL, the latter will be overridden.>
=item EVP_MD_FLAG_DIGALGID_CUSTOM
Custom DigestAlgorithmIdentifier handling via ctrl, with
B<EVP_MD_FLAG_DIGALGID_ABSENT> as default. I<Note: if combined with
-EVP_MD_FLAG_DIGALGID_NULL, the latter will be overriden.>
+EVP_MD_FLAG_DIGALGID_NULL, the latter will be overridden.>
Currently unused.
=back
=pod
-OCSP_resp_find_status, OCSP_resp_count, OCSP_resp_get0, OCSP_resp_find, OCSP_single_get0_status, OCSP_check_validity - OCSP reponse utility functions.
+OCSP_resp_find_status, OCSP_resp_count, OCSP_resp_get0, OCSP_resp_find, OCSP_single_get0_status, OCSP_check_validity - OCSP response utility functions.
=head1 SYNOPSIS
OCSP_response_create() creates and returns an B<OCSP_RESPONSE> structure for
B<status> and optionally including basic response B<bs>.
-OCSP_RESPONSE_free() frees up OCSP reponse B<resp>.
+OCSP_RESPONSE_free() frees up OCSP response B<resp>.
=head1 RETURN VALUES
OCSP_REQ_CTX_free() frees up the OCSP context B<rctx>.
-OCSP_set_max_response_length() sets the maximum reponse length for B<rctx>
+OCSP_set_max_response_length() sets the maximum response length for B<rctx>
to B<len>. If the response exceeds this length an error occurs. If not
set a default value of 100k is used.
the secure heap of the requested size, or C<NULL> if memory could not be
allocated.
-CRYPTO_secure_allocated() returns 1 if the pointer is in the
-the secure heap, or 0 if not.
+CRYPTO_secure_allocated() returns 1 if the pointer is in the secure heap, or 0 if not.
CRYPTO_secure_malloc_done() and OPENSSL_secure_free()
return no values.
RAND_load_file() reads a number of bytes from file B<filename> and
adds them to the PRNG. If B<max_bytes> is non-negative,
-up to to B<max_bytes> are read;
+up to B<max_bytes> are read;
if B<max_bytes> is -1, the complete file is read.
RAND_write_file() writes a number of random bytes (currently 1024) to
Delta CRL Indicator NID_delta_crl
Freshest CRL NID_freshest_crl
Invalidity Date NID_invalidity_date
- Issuing Distrubution Point NID_issuing_distribution_point
+ Issuing Distribution Point NID_issuing_distribution_point
The following are CRL entry extensions from PKIX standards such as RFC5280.
=head1 BUGS
This function uses the header B<x509.h> as opposed to most chain verification
-functiosn which use B<x509_vfy.h>.
+functions which use B<x509_vfy.h>.
=head1 SEE ALSO
Creating an ECDSA signature of a given SHA-256 hash value using the
named curve prime256v1 (aka P-256).
-First step: create a EC_KEY object (note: this part is B<not> ECDSA
+First step: create an EC_KEY object (note: this part is B<not> ECDSA
specific)
int ret;
this symbol is considered a "generic" command is handled directly by the
OpenSSL core routines.
-It is using these "core" control commands that one can discover the the control
+It is using these "core" control commands that one can discover the control
commands implemented by a given ENGINE, specifically the commands;
#define ENGINE_HAS_CTRL_FUNCTION 10
initialization vector is passed to EVP_BytesToKey() as the B<salt>
parameter. Internally, B<PKCS5_SALT_LEN> bytes of the salt are used
(regardless of the size of the initialization vector). The user's
-password is passed to to EVP_BytesToKey() using the B<data> and B<datal>
+password is passed to EVP_BytesToKey() using the B<data> and B<datal>
parameters. Finally, the library uses an iteration count of 1 for
EVP_BytesToKey().
elements at or after B<idx> are moved downwards. If B<idx> is out of range
the new element is appended to B<sk>. sk_X509_insert() either returns the
number of elements in B<sk> after the new element is inserted or zero if
-an error occured: which will happen if there is a memory allocation failure.
+an error occurred: which will happen if there is a memory allocation failure.
sk_X509_push() appends B<ptr> to B<sk> it is equivalent to:
sk_X509_shift() returns and removes the first element from B<sk>.
sk_X509_set() sets element B<idx> of B<sk> to B<ptr> replacing the current
-element. The new element value is returned or B<NULL> if an error occured:
+element. The new element value is returned or B<NULL> if an error occurred:
this will only happen if B<sk> is B<NULL> or B<idx> is out of range.
sk_X509_find() and int sk_X509_find_ex() search B<sk> using the supplied
;;; M-x c-set-style <RET> (or C-c . for short), and enter "eay".
;;; To toggle the auto-newline feature of CC mode, type C-c C-a.
;;;
-;;; If you're a OpenSSL developer, you might find it more comfortable
+;;; If you're an OpenSSL developer, you might find it more comfortable
;;; to have this style be permanent in your OpenSSL development
;;; directory. To have that, please perform this:
;;;
L<SSL_CTX_set_cert_verify_callback(3)> are responsible to authenticate the peer
chain in whatever manner they see fit.
-SSL_CTX_dane_mtype_set() may then be called zero or more times to to adjust the
+SSL_CTX_dane_mtype_set() may then be called zero or more times to adjust the
supported digest algorithms.
This must be done before any SSL handles are created for the context.
=head1 DESCRIPTION
SSL_CTX_free() decrements the reference count of B<ctx>, and removes the
-SSL_CTX object pointed to by B<ctx> and frees up the allocated memory if the
-the reference count has reached 0.
+SSL_CTX object pointed to by B<ctx> and frees up the allocated memory if the reference count has reached 0.
It also calls the free()ing procedures for indirectly affected items, if
applicable: the session cache, the list of ciphers, the list of Client CAs,
(see L<SSL_CTX_set_tmp_dh_callback(3)>).
When these conditions are not met for any cipher in the list (e.g. a
-client only supports export RSA ciphers with a asymmetric key length
+client only supports export RSA ciphers with an asymmetric key length
of 512 bits and the server is not configured to use temporary RSA
keys), the "no shared cipher" (SSL_R_NO_SHARED_CIPHER) error is generated
and the handshake will fail.
or SSL_set_psk_client_callback(). The callback function is given the
connection in parameter B<ssl>, a B<NULL>-terminated PSK identity hint
sent by the server in parameter B<hint>, a buffer B<identity> of
-length B<max_identity_len> bytes where the the resulting
+length B<max_identity_len> bytes where the resulting
B<NULL>-terminated identity is to be stored, and a buffer B<psk> of
length B<max_psk_len> bytes where the resulting pre-shared key is to
be stored.
=head1 DEFAULT CALLBACK BEHAVIOUR
-If an application doesn't set it's own security callback the default
+If an application doesn't set its own security callback the default
callback is used. It is intended to provide sane defaults. The meaning
of each level is described below.
=item Z<>0
This indicates that it was not possible to set/retrieve a session ticket and
-the SSL/TLS session will continue by by negotiating a set of cryptographic
+the SSL/TLS session will continue by negotiating a set of cryptographic
parameters or using the alternate SSL/TLS resumption mechanism, session ids.
If called with enc equal to 0 the library will call the I<cb> again to get
=head1 HEADER FILES
Currently the OpenSSL B<ssl> library provides the following C header files
-containing the prototypes for the data structures and and functions:
+containing the prototypes for the data structures and functions:
=over 4