From 491d390ec9216e3dee8200127234d748dc12baa4 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Lutz=20J=C3=A4nicke?= Date: Thu, 13 Sep 2001 15:19:39 +0000 Subject: [PATCH] Synchronize typo corrections with 0.9.7-dev --- doc/ssl/SSL_CTX_free.pod | 2 ++ doc/ssl/SSL_CTX_load_verify_locations.pod | 2 +- doc/ssl/SSL_CTX_set_info_callback.pod | 2 +- doc/ssl/SSL_CTX_set_options.pod | 2 +- doc/ssl/SSL_CTX_set_tmp_dh_callback.pod | 6 +++--- doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod | 4 ++-- doc/ssl/SSL_SESSION_free.pod | 2 ++ doc/ssl/SSL_alert_type_string.pod | 12 ++++++------ doc/ssl/SSL_get_error.pod | 8 ++++---- doc/ssl/SSL_get_peer_certificate.pod | 2 +- doc/ssl/SSL_read.pod | 12 +++++++----- doc/ssl/SSL_set_connect_state.pod | 2 +- doc/ssl/SSL_write.pod | 8 ++------ 13 files changed, 33 insertions(+), 31 deletions(-) diff --git a/doc/ssl/SSL_CTX_free.pod b/doc/ssl/SSL_CTX_free.pod index c716cde164..55e592f5f8 100644 --- a/doc/ssl/SSL_CTX_free.pod +++ b/doc/ssl/SSL_CTX_free.pod @@ -24,6 +24,8 @@ the certificates and keys. SSL_CTX_free() does not provide diagnostic information. +=head1 SEE ALSO + L, L =cut diff --git a/doc/ssl/SSL_CTX_load_verify_locations.pod b/doc/ssl/SSL_CTX_load_verify_locations.pod index ed6aa6bc84..84a799fc71 100644 --- a/doc/ssl/SSL_CTX_load_verify_locations.pod +++ b/doc/ssl/SSL_CTX_load_verify_locations.pod @@ -58,7 +58,7 @@ failure. In server mode, when requesting a client certificate, the server must send the list of CAs of which it will accept client certificates. This list is not influenced by the contents of B or B and must -explicitely be set using the +explicitly be set using the L family of functions. diff --git a/doc/ssl/SSL_CTX_set_info_callback.pod b/doc/ssl/SSL_CTX_set_info_callback.pod index 15dab2f1b1..e61be4e388 100644 --- a/doc/ssl/SSL_CTX_set_info_callback.pod +++ b/doc/ssl/SSL_CTX_set_info_callback.pod @@ -43,7 +43,7 @@ is called whenever the state changes, an alert appears, or an error occurs. The callback function is called as B. The B argument specifies information about where (in which context) -the callback function was called. If B is 0, an error condition occured. +the callback function was called. If B is 0, an error condition occurred. If an alert is handled, SSL_CB_ALERT is set and B specifies the alert information. diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod index 4fc8134d8a..5842a31fa4 100644 --- a/doc/ssl/SSL_CTX_set_options.pod +++ b/doc/ssl/SSL_CTX_set_options.pod @@ -133,7 +133,7 @@ This option must be used to prevent small subgroup attacks, when the DH parameters were not generated using "strong" primes (e.g. when using DSA-parameters, see L). If "strong" primes were used, it is not strictly necessary to generate -a new DH key during each handshake but it is also recommendet. +a new DH key during each handshake but it is also recommended. SSL_OP_SINGLE_DH_USE should therefore be enabled whenever temporary/ephemeral DH parameters are used. diff --git a/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod b/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod index 707d62c12c..29d1f8a6fb 100644 --- a/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod +++ b/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod @@ -29,7 +29,7 @@ The key is inherited by all B objects created from B. SSL_set_tmp_dh_callback() sets the callback only for B. -SSL_set_tmp_dh() sets the paramters only for B. +SSL_set_tmp_dh() sets the parameters only for B. These functions apply to SSL/TLS servers only. @@ -54,7 +54,7 @@ In order to perform a DH key exchange the server must use a DH group DH key during the negotiation, when the DH parameters are supplied via callback and/or when the SSL_OP_SINGLE_DH_USE option of L is set. It will -immediatly create a DH key, when DH parameters are supplied via +immediately create a DH key, when DH parameters are supplied via SSL_CTX_set_tmp_dh() and SSL_OP_SINGLE_DH_USE is not set. In this case, it may happen that a key is generated on initialization without later being needed, while on the other hand the computer time during the @@ -74,7 +74,7 @@ should not generate the parameters on the fly but supply the parameters. DH parameters can be reused, as the actual key is newly generated during the negotiation. The risk in reusing DH parameters is that an attacker may specialize on a very often used DH group. Applications should therefore -generate their own DH paramaters during the installation process using the +generate their own DH parameters during the installation process using the openssl L application. In order to reduce the computer time needed for this generation, it is possible to use DSA parameters instead (see L), but in this case SSL_OP_SINGLE_DH_USE diff --git a/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod b/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod index e4e68cddef..f85775927d 100644 --- a/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod +++ b/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod @@ -31,7 +31,7 @@ SSL_CTX_set_tmp_rsa() sets the temporary/ephemeral RSA key to be used to be B. The key is inherited by all SSL objects newly created from B with . Already created SSL objects are not affected. -SSL_CTX_need_tmp_rsa() returns 1, if a temporay/ephemeral RSA key is needed +SSL_CTX_need_tmp_rsa() returns 1, if a temporary/ephemeral RSA key is needed for RSA-based strength-limited 'exportable' ciphersuites because a RSA key with a keysize larger than 512 bits is installed. @@ -39,7 +39,7 @@ SSL_set_tmp_rsa_callback() sets the callback only for B. SSL_set_tmp_rsa() sets the key only for B. -SSL_need_tmp_rsa() returns 1, if a temporay/ephemeral RSA key is needed, +SSL_need_tmp_rsa() returns 1, if a temporary/ephemeral RSA key is needed, for RSA-based strength-limited 'exportable' ciphersuites because a RSA key with a keysize larger than 512 bits is installed. diff --git a/doc/ssl/SSL_SESSION_free.pod b/doc/ssl/SSL_SESSION_free.pod index df30ccbb32..9275d88a40 100644 --- a/doc/ssl/SSL_SESSION_free.pod +++ b/doc/ssl/SSL_SESSION_free.pod @@ -20,6 +20,8 @@ memory, if the the reference count has reached 0. SSL_SESSION_free() does not provide diagnostic information. +=head1 SEE ALSO + L, L =cut diff --git a/doc/ssl/SSL_alert_type_string.pod b/doc/ssl/SSL_alert_type_string.pod index c49e027dcb..783758943d 100644 --- a/doc/ssl/SSL_alert_type_string.pod +++ b/doc/ssl/SSL_alert_type_string.pod @@ -16,16 +16,16 @@ SSL_alert_type_string, SSL_alert_type_string_long, SSL_alert_desc_string, SSL_al =head1 DESCRIPTION -SSL_alert_type_string() returns the a one letter string indicating the +SSL_alert_type_string() returns a one letter string indicating the type of the alert specified by B. SSL_alert_type_string_long() returns a string indicating the type of the alert specified by B. -SSL_alert_desc_string() returns the a two letter string as a short form +SSL_alert_desc_string() returns a two letter string as a short form describing the reason of the alert specified by B. -SSL_alert_desc_string_long() returns the a string describing the reason +SSL_alert_desc_string_long() returns a string describing the reason of the alert specified by B. =head1 NOTES @@ -130,9 +130,9 @@ other fields. This is always fatal. =item "DC"/"decryption failed" -A TLSCiphertext decrypted in an invalid way: either it wasn`t an +A TLSCiphertext decrypted in an invalid way: either it wasn't an even multiple of the block length or its padding values, when -checked, weren`t correct. This message is always fatal. +checked, weren't correct. This message is always fatal. =item "RO"/"record overflow" @@ -144,7 +144,7 @@ with more than 2^14+1024 bytes. This message is always fatal. A valid certificate chain or partial chain was received, but the certificate was not accepted because the CA certificate could not -be located or couldn`t be matched with a known, trusted CA. This +be located or couldn't be matched with a known, trusted CA. This message is always fatal. =item "AD"/"access denied" diff --git a/doc/ssl/SSL_get_error.pod b/doc/ssl/SSL_get_error.pod index d95eec78aa..f700bf0ace 100644 --- a/doc/ssl/SSL_get_error.pod +++ b/doc/ssl/SSL_get_error.pod @@ -69,13 +69,13 @@ to read data. This is mainly because TLS/SSL handshakes may occur at any time during the protocol (initiated by either the client or the server); SSL_read(), SSL_peek(), and SSL_write() will handle any pending handshakes. -=item SSL_ERROR_WANT_CONNECT +=item SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT The operation did not complete; the same TLS/SSL I/O function should be called again later. The underlying BIO was not connected yet to the peer -and the call would block in connect(). The SSL function should be -called again when the connection is established. This messages can only -appear with a BIO_s_connect() BIO. +and the call would block in connect()/accept(). The SSL function should be +called again when the connection is established. These messages can only +appear with a BIO_s_connect() or BIO_s_accept() BIO, respectively. In order to find out, when the connection has been successfully established, on many platforms select() or poll() for writing on the socket file descriptor can be used. diff --git a/doc/ssl/SSL_get_peer_certificate.pod b/doc/ssl/SSL_get_peer_certificate.pod index 18d1db5183..60635a9660 100644 --- a/doc/ssl/SSL_get_peer_certificate.pod +++ b/doc/ssl/SSL_get_peer_certificate.pod @@ -19,7 +19,7 @@ peer presented. If the peer did not present a certificate, NULL is returned. Due to the protocol definition, a TLS/SSL server will always send a certificate, if present. A client will only send a certificate when -explicitely requested to do so by the server (see +explicitly requested to do so by the server (see L). If an anonymous cipher is used, no certificates are sent. diff --git a/doc/ssl/SSL_read.pod b/doc/ssl/SSL_read.pod index 6b47f2fbd1..f6c37f77e4 100644 --- a/doc/ssl/SSL_read.pod +++ b/doc/ssl/SSL_read.pod @@ -83,11 +83,13 @@ bytes actually read from the TLS/SSL connection. =item 0 -The read operation was not successful, the SSL connection was closed by the -peer by sending a "close notify" alert. The SSL_RECEIVED_SHUTDOWN flag in -the ssl shutdown state is set (see L, -L). -Call SSL_get_error() with the return value B to find out, +The read operation was not successful. The reason may either be a clean +shutdown due to a "close notify" alert sent by the peer (in which case +the SSL_RECEIVED_SHUTDOWN flag in the ssl shutdown state is set +(see L, +L). It is also possible, that +the peer simply shut down the underlying transport and the shutdown is +incomplete. Call SSL_get_error() with the return value B to find out, whether an error occurred or the connection was shut down cleanly (SSL_ERROR_ZERO_RETURN). diff --git a/doc/ssl/SSL_set_connect_state.pod b/doc/ssl/SSL_set_connect_state.pod index adf52a93c2..7adf8adfed 100644 --- a/doc/ssl/SSL_set_connect_state.pod +++ b/doc/ssl/SSL_set_connect_state.pod @@ -36,7 +36,7 @@ When using the L or L routines, the correct handshake routines are automatically set. When performing a transparent negotiation using L or L, the -handshake routines must be explicitely set in advance using either +handshake routines must be explicitly set in advance using either SSL_set_connect_state() or SSL_set_accept_state(). =head1 RETURN VALUES diff --git a/doc/ssl/SSL_write.pod b/doc/ssl/SSL_write.pod index 7299f6e2ee..dfa42e9aee 100644 --- a/doc/ssl/SSL_write.pod +++ b/doc/ssl/SSL_write.pod @@ -78,12 +78,8 @@ bytes actually written to the TLS/SSL connection. =item 0 -The write operation was not successful, because the write side of the -SSL connection was shut down (the SSL_SENT_SHUTDOWN flag in the shutdown -state is set) by calling L or -L. It is also possible, that the -underlying connection was closed. -Call SSL_get_error() with the return value B to find out, +The write operation was not successful. Probably the underlying connection +was closed. Call SSL_get_error() with the return value B to find out, whether an error occurred or the connection was shut down cleanly (SSL_ERROR_ZERO_RETURN). -- 2.25.1