|author||Simon L. B. Nielsen <simon@FreeBSD.org>||2010-02-28 18:49:43 +0000|
|committer||Simon L. B. Nielsen <simon@FreeBSD.org>||2010-02-28 18:49:43 +0000|
Import OpenSSL 0.9.8m.vendor/openssl/0.9.8m
Notes: svn path=/vendor-crypto/openssl/dist/; revision=204477 svn path=/vendor-crypto/openssl/0.9.8m/; revision=204478; tag=vendor/openssl/0.9.8m
Diffstat (limited to 'doc/apps')
2 files changed, 17 insertions, 10 deletions
diff --git a/doc/apps/enc.pod b/doc/apps/enc.pod
index 4391c933600f..d3049e82e969 100644
@@ -50,15 +50,13 @@ see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
-use a salt in the key derivation routines. This option should B<ALWAYS>
-be used unless compatibility with previous versions of OpenSSL or SSLeay
-is required. This option is only present on OpenSSL versions 0.9.5 or
+use a salt in the key derivation routines. This is the default.
-don't use a salt in the key derivation routines. This is the default for
-compatibility with previous versions of OpenSSL and SSLeay.
+don't use a salt in the key derivation routines. This option B<SHOULD NOT> be
+used except for test purposes or compatibility with ancient versions of OpenSSL
diff --git a/doc/apps/verify.pod b/doc/apps/verify.pod
index ff2629d2cf85..31875773e385 100644
@@ -66,6 +66,11 @@ certificate was rejected. However the presence of rejection messages
does not itself imply that anything is wrong: during the normal
verify process several rejections may take place.
+Verify the signature on the self-signed root CA. This is disabled by default
+because it doesn't add any security.
marks the last option. All arguments following this are assumed to be
@@ -166,8 +171,8 @@ the operation was successful.
=item B<2 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate>
-the issuer certificate could not be found: this occurs if the issuer certificate
-of an untrusted certificate cannot be found.
+the issuer certificate of a looked up certificate could not be found. This
+normally means the list of trusted certificates is not complete.
=item B<3 X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL>
@@ -244,8 +249,8 @@ be found locally.
=item B<20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate>
-the issuer certificate of a locally looked up certificate could not be found. This normally means
-the list of trusted certificates is not complete.
+the issuer certificate could not be found: this occurs if the issuer
+certificate of an untrusted certificate cannot be found.
=item B<21 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate>
@@ -321,6 +326,10 @@ the certificates in the file will be recognised.
Previous versions of OpenSSL assume certificates with matching subject name are identical and
+Previous versions of this documentation swapped the meaning of the
+B<20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY> error codes.
=head1 SEE ALSO