X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=doc%2Fssleay.txt;h=4d2e7148681dc4d794ba1c42793b446a61551bc5;hp=094e28ce48dc5e5be7d33fe2b1c352f2a70fc981;hb=69582a592eb7cbd91af87e03b2be67e82fe0a1eb;hpb=155d7a0e1dcf225f635dc522b272606590112c58 diff --git a/doc/ssleay.txt b/doc/ssleay.txt index 094e28ce48..4d2e714868 100644 --- a/doc/ssleay.txt +++ b/doc/ssleay.txt @@ -1,10 +1,26 @@ Bundle of old SSLeay documentation files [OBSOLETE!] +*** WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! *** + +OBSOLETE means that nothing in this document should be trusted. This +document is provided mostly for historical purposes (it wasn't even up +to date at the time SSLeay 0.8.1 was released) and as inspiration. If +you copy some snippet of code from this document, please _check_ that +it really is correct from all points of view. For example, you can +check with the other documents in this directory tree, or by comparing +with relevant parts of the include files. + +People have done the mistake of trusting what's written here. Please +don't do that. + +*** WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! *** + + ==== readme ======================================================== This is the old 0.6.6 docuementation. Most of the cipher stuff is still -relevent but I'm working (very slowly) on new docuemtation. +relevent but I'm working (very slowly) on new documentation. The current version can be found online at http://www.cryptsoft.com/ssleay/doc @@ -532,8 +548,8 @@ application, ssleay. This one program is composed of many programs that can all be compiled independantly. ssleay has 3 modes of operation. -1) If the ssleay binaray has the name of one of its component programs, it -executes that program and then exits. This can be achieve by using hard or +1) If the ssleay binary has the name of one of its component programs, it +executes that program and then exits. This can be achieved by using hard or symbolic links, or failing that, just renaming the binary. 2) If the first argument to ssleay is the name of one of the component programs, that program runs that program and then exits. @@ -1169,7 +1185,7 @@ typedef struct bio_st example is for BIO_s_sock(). A socket needs to be assigned to the BIO before it can be used. - 'shutdown', this flag indicates if the underlying - comunication primative being used should be closed/freed + communication primitive being used should be closed/freed when the BIO is closed. - 'flags' is used to hold extra state. It is primarily used to hold information about why a non-blocking operation @@ -1783,7 +1799,7 @@ int BN_set_word(BIGNUM *a, unsigned long w); unsigned long BN_get_word(BIGNUM *a); Returns 'a' in an unsigned long. Not remarkably, often 'a' will - be biger than a word, in which case 0xffffffffL is returned. + be bigger than a word, in which case 0xffffffffL is returned. Word Operations These functions are much more efficient that the normal bignum arithmetic @@ -2042,7 +2058,7 @@ Now you will notice that macros like PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp, \ (char *)x, NULL,NULL,0,NULL) Don't do encryption normally. If you want to PEM encrypt your X509 structure, -either just call PEM_ASN1_write directly or just define you own +either just call PEM_ASN1_write directly or just define your own macro variant. As you can see, this macro just sets all encryption related parameters to NULL. @@ -3784,9 +3800,9 @@ made public on sci.crypt in Sep 1994 (RC4) and Feb 1996 (RC2). I have copies of the origional postings if people are interested. RSA I believe claim that they were 'trade-secrets' and that some-one broke an NDA in revealing them. Other claim they reverse engineered the algorithms from -compiled binaries. If the algorithms were reverse engineered, I belive +compiled binaries. If the algorithms were reverse engineered, I believe RSA had no legal leg to stand on. If an NDA was broken, I don't know. -Regardless, RSA, I belive, is willing to go to court over the issue so +Regardless, RSA, I believe, is willing to go to court over the issue so licencing is probably the best idea, or at least talk to them. If there are people who actually know more about this, pease let me know, I don't want to vilify or spread miss-information if I can help it. @@ -4279,7 +4295,7 @@ X-Status: Loading client certs into MSIE 3.01 =================================== -This document conatains all the information necessary to succesfully set up +This document contains all the information necessary to successfully set up some scripts to issue client certs to Microsoft Internet Explorer. It includes the required knowledge about the model MSIE uses for client certification and includes complete sample scripts ready to play with. The @@ -5550,7 +5566,7 @@ These 2 functions create and destroy SSL_CTX structures The SSL_CTX has a session_cache_mode which is by default, in SSL_SESS_CACHE_SERVER mode. What this means is that the library -will automatically add new session-id's to the cache apon sucsessful +will automatically add new session-id's to the cache upon successful SSL_accept() calls. If SSL_SESS_CACHE_CLIENT is set, then client certificates are also added to the cache. @@ -5564,12 +5580,12 @@ SSL_SESS_NO_CACHE_BOTH - Either SSL_accept() or SSL_connect(). If SSL_SESS_CACHE_NO_AUTO_CLEAR is set, old timed out sessions are not automatically removed each 255, SSL_connect()s or SSL_accept()s. -By default, apon every 255 successful SSL_connect() or SSL_accept()s, +By default, upon every 255 successful SSL_connect() or SSL_accept()s, the cache is flush. Please note that this could be expensive on a heavily loaded SSL server, in which case, turn this off and clear the cache of old entries 'manually' (with one of the functions listed below) every few hours. Perhaps I should up this number, it is hard -to say. Remember, the '255' new calls is just a mechanims to get called +to say. Remember, the '255' new calls is just a mechanism to get called every now and then, in theory at most 255 new session-id's will have been added but if 100 are added every minute, you would still have 500 in the cache before any would start being flushed (assuming a 3 minute @@ -5612,10 +5628,10 @@ if copy is 1. Otherwise, the reference count is not modified. void SSL_CTX_sess_set_get_cb(ctx,cb) sets the callback and int (*cb)()SSL_CTX_sess_get_get_cb(ctx) returns the callback. -These callbacks are basically indended to be used by processes to +These callbacks are basically intended to be used by processes to send their session-id's to other processes. I currently have not implemented -non-blocking semantics for these callbacks, it is upto the appication -to make the callbacks effiecent if they require blocking (perhaps +non-blocking semantics for these callbacks, it is upto the application +to make the callbacks efficient if they require blocking (perhaps by 'saving' them and then 'posting them' when control returns from the SSL_accept(). @@ -5743,7 +5759,7 @@ strucutre but also the private key and certificate associated with EXAMPLES. -So lets play at being a wierd SSL server. +So lets play at being a weird SSL server. /* setup a context */ ctx=SSL_CTX_new(); @@ -6229,7 +6245,7 @@ SSL_get_app_data void SSL_CTX_set_default_verify /* This callback, if set, totaly overrides the normal SSLeay verification - * functions and should return 1 on sucesss and 0 on failure */ + * functions and should return 1 on success and 0 on failure */ void SSL_CTX_set_cert_verify_callback /* The following are the same as the equivilent SSL_xxx functions. @@ -6573,7 +6589,7 @@ This information can be used to recall the functions when the 'error' condition has dissapeared. After the connection has been made, information can be retrived about the -SSL session and the session-id values that have been decided apon. +SSL session and the session-id values that have been decided upon. The 'peer' certificate can be retrieved. The session-id values include @@ -6710,8 +6726,8 @@ CRYPTO_set_locking_callback(locking_function); before any multithreading is started. id_function does not need to be defined under Windows NT or 95, the correct function will be called if it is not. Under unix, getpid() -is call if the id_callback is not defined, for solaris this is wrong -(since threads id's are not pid's) but under IRIX it is correct +is call if the id_callback is not defined, for Solaris this is wrong +(since threads id's are not pid's) but under Linux it is correct (threads are just processes sharing the data segement). The locking_callback is used to perform locking by the SSLeay library.