diff options
| author | Xin LI <delphij@FreeBSD.org> | 2013-04-02 17:34:42 +0000 |
|---|---|---|
| committer | Xin LI <delphij@FreeBSD.org> | 2013-04-02 17:34:42 +0000 |
| commit | 0d9d75b124880ee5a3aeb5c2af92a04340c02bef (patch) | |
| tree | 953639ad57c000dc6351819b4798541490d39802 /crypto/openssl/doc | |
| parent | 660eb4006e69a82831062be4a4af070afccf64bc (diff) | |
| download | src-releng/9.0.tar.gz src-releng/9.0.zip | |
Fix OpenSSL multiple vulnerabilities. [13:03]releng/9.0
Fix BIND remote denial of service. [13:04]
Security: CVE-2013-0166, CVE-2013-0169
Security: FreeBSD-SA-13:03.openssl
Security: CVE-2013-2266
Security: FreeBSD-SA-13:04.bind
Approved by: so
Notes
Notes:
svn path=/releng/9.0/; revision=249029
Diffstat (limited to 'crypto/openssl/doc')
| -rw-r--r-- | crypto/openssl/doc/HOWTO/proxy_certificates.txt | 2 | ||||
| -rw-r--r-- | crypto/openssl/doc/apps/CA.pl.pod | 8 | ||||
| -rw-r--r-- | crypto/openssl/doc/apps/ca.pod | 2 | ||||
| -rw-r--r-- | crypto/openssl/doc/apps/dgst.pod | 2 | ||||
| -rw-r--r-- | crypto/openssl/doc/crypto/engine.pod | 2 | ||||
| -rw-r--r-- | crypto/openssl/doc/ssl/SSL_clear.pod | 14 |
6 files changed, 18 insertions, 12 deletions
diff --git a/crypto/openssl/doc/HOWTO/proxy_certificates.txt b/crypto/openssl/doc/HOWTO/proxy_certificates.txt index 3d36b02f6b31..f98ec3607678 100644 --- a/crypto/openssl/doc/HOWTO/proxy_certificates.txt +++ b/crypto/openssl/doc/HOWTO/proxy_certificates.txt @@ -57,7 +57,7 @@ following methods: - in all other cases, proxy certificate validation can be enabled before starting the application by setting the envirnoment variable - OPENSSL_ALLOW_PROXY with some non-empty value. + OPENSSL_ALLOW_PROXY_CERTS with some non-empty value. There are thoughts to allow proxy certificates with a line in the default openssl.cnf, but that's still in the future. diff --git a/crypto/openssl/doc/apps/CA.pl.pod b/crypto/openssl/doc/apps/CA.pl.pod index ed69952f3799..d326101cde78 100644 --- a/crypto/openssl/doc/apps/CA.pl.pod +++ b/crypto/openssl/doc/apps/CA.pl.pod @@ -39,13 +39,13 @@ prints a usage message. =item B<-newcert> -creates a new self signed certificate. The private key and certificate are -written to the file "newreq.pem". +creates a new self signed certificate. The private key is written to the file +"newkey.pem" and the request written to the file "newreq.pem". =item B<-newreq> -creates a new certificate request. The private key and request are -written to the file "newreq.pem". +creates a new certificate request. The private key is written to the file +"newkey.pem" and the request written to the file "newreq.pem". =item B<-newreq-nodes> diff --git a/crypto/openssl/doc/apps/ca.pod b/crypto/openssl/doc/apps/ca.pod index 5618c2dc9d2e..6757b81a8e36 100644 --- a/crypto/openssl/doc/apps/ca.pod +++ b/crypto/openssl/doc/apps/ca.pod @@ -88,7 +88,7 @@ section for information on the required format. =item B<-infiles> if present this should be the last option, all subsequent arguments -are assumed to the the names of files containing certificate requests. +are assumed to be the names of files containing certificate requests. =item B<-out filename> diff --git a/crypto/openssl/doc/apps/dgst.pod b/crypto/openssl/doc/apps/dgst.pod index 908cd2a6d657..4007cedf07a8 100644 --- a/crypto/openssl/doc/apps/dgst.pod +++ b/crypto/openssl/doc/apps/dgst.pod @@ -68,7 +68,7 @@ see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. =item B<-verify filename> -verify the signature using the the public key in "filename". +verify the signature using the public key in "filename". The output is either "Verification OK" or "Verification Failure". =item B<-prverify filename> diff --git a/crypto/openssl/doc/crypto/engine.pod b/crypto/openssl/doc/crypto/engine.pod index f5ab1c3e50fd..8435d6bb0e3c 100644 --- a/crypto/openssl/doc/crypto/engine.pod +++ b/crypto/openssl/doc/crypto/engine.pod @@ -517,7 +517,7 @@ implemented by ENGINEs should be numbered from. Any command value lower than this symbol is considered a "generic" command is handled directly by the OpenSSL core routines. -It is using these "core" control commands that one can discover the the control +It is using these "core" control commands that one can discover the control commands implemented by a given ENGINE, specifically the commands; #define ENGINE_HAS_CTRL_FUNCTION 10 diff --git a/crypto/openssl/doc/ssl/SSL_clear.pod b/crypto/openssl/doc/ssl/SSL_clear.pod index 8e077e31c9a8..d4df1bfac316 100644 --- a/crypto/openssl/doc/ssl/SSL_clear.pod +++ b/crypto/openssl/doc/ssl/SSL_clear.pod @@ -39,10 +39,16 @@ for a description of the method's properties. SSL_clear() resets the SSL object to allow for another connection. The reset operation however keeps several settings of the last sessions (some of these settings were made automatically during the last -handshake). It only makes sense when opening a new session (or reusing -an old one) with the same peer that shares these settings. -SSL_clear() is not a short form for the sequence -L<SSL_free(3)|SSL_free(3)>; L<SSL_new(3)|SSL_new(3)>; . +handshake). It only makes sense for a new connection with the exact +same peer that shares these settings, and may fail if that peer +changes its settings between connections. Use the sequence +L<SSL_get_session(3)|SSL_get_session(3)>; +L<SSL_new(3)|SSL_new(3)>; +L<SSL_set_session(3)|SSL_set_session(3)>; +L<SSL_free(3)|SSL_free(3)> +instead to avoid such failures +(or simply L<SSL_free(3)|SSL_free(3)>; L<SSL_new(3)|SSL_new(3)> +if session reuse is not desired). =head1 RETURN VALUES |