Imported Upstream version 1.0.1fupstream/1.0.1f

author: Michael Demeter <michael.demeter@intel.com> 2014-01-06 15:47:34 -0800
committer: Michael Demeter <michael.demeter@intel.com> 2014-01-06 15:47:34 -0800
commit: 975084c3fdbacd5f8a3c626171be8d4df27b2ac5 (patch)
tree: 7f18b115ac927b799ebfe55335282130047b3ec6 /doc
parent: 37a8d409f8ffc065c1b1417f0f3b5ba050e8aa95 (diff)
download: openssl-975084c3fdbacd5f8a3c626171be8d4df27b2ac5.tar.gz
openssl-975084c3fdbacd5f8a3c626171be8d4df27b2ac5.tar.bz2
openssl-975084c3fdbacd5f8a3c626171be8d4df27b2ac5.zip
22 files changed, 109 insertions, 86 deletions
diff --git a/doc/apps/CA.pl.pod b/doc/apps/CA.pl.pod
index ed69952..d326101 100644
--- a/doc/apps/CA.pl.pod
+++ b/doc/apps/CA.pl.pod
@@ -39,13 +39,13 @@ prints a usage message.
 
 =item B<-newcert>
 
-creates a new self signed certificate. The private key and certificate are
-written to the file "newreq.pem".
+creates a new self signed certificate. The private key is written to the file
+"newkey.pem" and the request written to the file "newreq.pem".
 
 =item B<-newreq>
 
-creates a new certificate request. The private key and request are
-written to the file "newreq.pem".
+creates a new certificate request. The private key is written to the file
+"newkey.pem" and the request written to the file "newreq.pem".
 
 =item B<-newreq-nodes>
 
diff --git a/doc/apps/rsa.pod b/doc/apps/rsa.pod
index 69b2bef..d7d784d 100644
--- a/doc/apps/rsa.pod
+++ b/doc/apps/rsa.pod
@@ -24,6 +24,8 @@ B<openssl> B<rsa>
 [B<-check>]
 [B<-pubin>]
 [B<-pubout>]
+[B<-RSAPublicKey_in>]
+[B<-RSAPublicKey_out>]
 [B<-engine id>]
 
 =head1 DESCRIPTION
@@ -118,6 +120,10 @@ by default a private key is output: with this option a public
 key will be output instead. This option is automatically set if
 the input is a public key.
 
+=item B<-RSAPublicKey_in>, B<-RSAPublicKey_out>
+
+like B<-pubin> and B<-pubout> except B<RSAPublicKey> format is used instead.
+
 =item B<-engine id>
 
 specifying an engine (by its unique B<id> string) will cause B<rsa>
@@ -139,6 +145,11 @@ The PEM public key format uses the header and footer lines:
  -----BEGIN PUBLIC KEY-----
  -----END PUBLIC KEY-----
 
+The PEM B<RSAPublicKey> format uses the header and footer lines:
+
+ -----BEGIN RSA PUBLIC KEY-----
+ -----END RSA PUBLIC KEY-----
+
 The B<NET> form is a format compatible with older Netscape servers
 and Microsoft IIS .key files, this uses unsalted RC4 for its encryption.
 It is not very secure and so should only be used when necessary.
@@ -173,6 +184,10 @@ To just output the public part of a private key:
 
  openssl rsa -in key.pem -pubout -out pubkey.pem
 
+Output the public part of a private key in B<RSAPublicKey> format:
+
+ openssl rsa -in key.pem -RSAPublicKey_out -out pubkey.pem
+
 =head1 BUGS
 
 The command line password arguments don't currently work with
diff --git a/doc/apps/verify.pod b/doc/apps/verify.pod
index 336098f..da68300 100644
--- a/doc/apps/verify.pod
+++ b/doc/apps/verify.pod
@@ -54,35 +54,37 @@ in PEM format concatenated together.
 =item B<-untrusted file>
 
 A file of untrusted certificates. The file should contain multiple certificates
+in PEM format concatenated together.
 
 =item B<-purpose purpose>
 
-the intended use for the certificate. Without this option no chain verification
-will be done. Currently accepted uses are B<sslclient>, B<sslserver>,
-B<nssslserver>, B<smimesign>, B<smimeencrypt>. See the B<VERIFY OPERATION>
-section for more information.
+The intended use for the certificate. If this option is not specified,
+B<verify> will not consider certificate purpose during chain verification.
+Currently accepted uses are B<sslclient>, B<sslserver>, B<nssslserver>,
+B<smimesign>, B<smimeencrypt>. See the B<VERIFY OPERATION> section for more
+information.
 
 =item B<-help>
 
-prints out a usage message.
+Print out a usage message.
 
 =item B<-verbose>
 
-print extra information about the operations being performed.
+Print extra information about the operations being performed.
 
 =item B<-issuer_checks>
 
-print out diagnostics relating to searches for the issuer certificate
-of the current certificate. This shows why each candidate issuer
-certificate was rejected. However the presence of rejection messages
-does not itself imply that anything is wrong: during the normal
-verify process several rejections may take place.
+Print out diagnostics relating to searches for the issuer certificate of the
+current certificate. This shows why each candidate issuer certificate was
+rejected. The presence of rejection messages does not itself imply that
+anything is wrong; during the normal verification process, several
+rejections may take place.
 
 =item B<-policy arg>
 
-Enable policy processing and add B<arg> to the user-initial-policy-set
-(see RFC3280 et al). The policy B<arg> can be an object name an OID in numeric
-form. This argument can appear more than once.
+Enable policy processing and add B<arg> to the user-initial-policy-set (see
+RFC5280). The policy B<arg> can be an object name an OID in numeric form.
+This argument can appear more than once.
 
 =item B<-policy_check>
 
@@ -90,41 +92,40 @@ Enables certificate policy processing.
 
 =item B<-explicit_policy>
 
-Set policy variable require-explicit-policy (see RFC3280 et al).
+Set policy variable require-explicit-policy (see RFC5280).
 
 =item B<-inhibit_any>
 
-Set policy variable inhibit-any-policy (see RFC3280 et al).
+Set policy variable inhibit-any-policy (see RFC5280).
 
 =item B<-inhibit_map>
 
-Set policy variable inhibit-policy-mapping (see RFC3280 et al).
+Set policy variable inhibit-policy-mapping (see RFC5280).
 
 =item B<-policy_print>
 
-Print out diagnostics, related to policy checking
+Print out diagnostics related to policy processing.
 
 =item B<-crl_check>
 
-Checks end entity certificate validity by attempting to lookup a valid CRL.
+Checks end entity certificate validity by attempting to look up a valid CRL.
 If a valid CRL cannot be found an error occurs. 
 
 =item B<-crl_check_all>
 
 Checks the validity of B<all> certificates in the chain by attempting
-to lookup valid CRLs.
+to look up valid CRLs.
 
 =item B<-ignore_critical>
 
 Normally if an unhandled critical extension is present which is not
-supported by OpenSSL the certificate is rejected (as required by
-RFC3280 et al). If this option is set critical extensions are
-ignored.
+supported by OpenSSL the certificate is rejected (as required by RFC5280).
+If this option is set critical extensions are ignored.
 
 =item B<-x509_strict>
 
-Disable workarounds for broken certificates which have to be disabled
-for strict X.509 compliance.
+For strict X.509 compliance, disable non-compliant workarounds for broken
+certificates.
 
 =item B<-extended_crl>
 
@@ -142,16 +143,15 @@ because it doesn't add any security.
 
 =item B<->
 
-marks the last option. All arguments following this are assumed to be
+Indicates the last option. All arguments following this are assumed to be
 certificate files. This is useful if the first certificate filename begins
 with a B<->.
 
 =item B<certificates>
 
-one or more certificates to verify. If no certificate filenames are included
-then an attempt is made to read a certificate from standard input. They should
-all be in PEM format.
-
+One or more certificates to verify. If no certificates are given, B<verify>
+will attempt to read a certificate from standard input. Certificates must be
+in PEM format.
 
 =back
 
diff --git a/doc/apps/x509.pod b/doc/apps/x509.pod
index 3002b08..d2d9eb8 100644
--- a/doc/apps/x509.pod
+++ b/doc/apps/x509.pod
@@ -29,6 +29,7 @@ B<openssl> B<x509>
 [B<-purpose>]
 [B<-dates>]
 [B<-modulus>]
+[B<-pubkey>]
 [B<-fingerprint>]
 [B<-alias>]
 [B<-noout>]
@@ -135,6 +136,10 @@ section for more information.
 
 this option prevents output of the encoded version of the request.
 
+=item B<-pubkey>
+
+outputs the the certificate's SubjectPublicKeyInfo block in PEM format.
+
 =item B<-modulus>
 
 this option prints out the value of the modulus of the public key
diff --git a/doc/crypto/EVP_PKEY_CTX_ctrl.pod b/doc/crypto/EVP_PKEY_CTX_ctrl.pod
index f2f4559..13b91f1 100644
--- a/doc/crypto/EVP_PKEY_CTX_ctrl.pod
+++ b/doc/crypto/EVP_PKEY_CTX_ctrl.pod
@@ -117,7 +117,7 @@ L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
 L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
 L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
 L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
-L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,
+L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>,
 L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
 L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)> 
 
diff --git a/doc/crypto/EVP_PKEY_decrypt.pod b/doc/crypto/EVP_PKEY_decrypt.pod
index 42b2a8c..8479832 100644
--- a/doc/crypto/EVP_PKEY_decrypt.pod
+++ b/doc/crypto/EVP_PKEY_decrypt.pod
@@ -83,7 +83,7 @@ L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
 L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
 L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
 L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
-L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,
+L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>,
 L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
 
 =head1 HISTORY
diff --git a/doc/crypto/EVP_PKEY_derive.pod b/doc/crypto/EVP_PKEY_derive.pod
index d9d6d76..27464be 100644
--- a/doc/crypto/EVP_PKEY_derive.pod
+++ b/doc/crypto/EVP_PKEY_derive.pod
@@ -84,7 +84,7 @@ L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
 L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
 L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
 L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
-L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,
+L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>,
 
 =head1 HISTORY
 
diff --git a/doc/crypto/EVP_PKEY_encrypt.pod b/doc/crypto/EVP_PKEY_encrypt.pod
index 91c9c5d..e495a81 100644
--- a/doc/crypto/EVP_PKEY_encrypt.pod
+++ b/doc/crypto/EVP_PKEY_encrypt.pod
@@ -83,7 +83,7 @@ L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
 L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
 L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
 L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
-L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,
+L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>,
 L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
 
 =head1 HISTORY
diff --git a/doc/crypto/EVP_PKEY_get_default_digest.pod b/doc/crypto/EVP_PKEY_get_default_digest.pod
index 1a9c795..8ff597d 100644
--- a/doc/crypto/EVP_PKEY_get_default_digest.pod
+++ b/doc/crypto/EVP_PKEY_get_default_digest.pod
@@ -32,7 +32,7 @@ public key algorithm.
 L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
 L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
 L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
-L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,
+L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>,
 
 =head1 HISTORY
 
diff --git a/doc/crypto/EVP_PKEY_keygen.pod b/doc/crypto/EVP_PKEY_keygen.pod
index 37c6fe9..fd431ac 100644
--- a/doc/crypto/EVP_PKEY_keygen.pod
+++ b/doc/crypto/EVP_PKEY_keygen.pod
@@ -151,7 +151,7 @@ L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
 L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
 L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
 L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
-L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,
+L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>,
 L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
 
 =head1 HISTORY
diff --git a/doc/crypto/EVP_PKEY_sign.pod b/doc/crypto/EVP_PKEY_sign.pod
index 2fb52c3..a044f2c 100644
--- a/doc/crypto/EVP_PKEY_sign.pod
+++ b/doc/crypto/EVP_PKEY_sign.pod
@@ -86,7 +86,7 @@ L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
 L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
 L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
 L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
-L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,
+L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>,
 L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
 
 =head1 HISTORY
diff --git a/doc/crypto/EVP_PKEY_verify.pod b/doc/crypto/EVP_PKEY_verify.pod
index f93e5fc..90612ba 100644
--- a/doc/crypto/EVP_PKEY_verify.pod
+++ b/doc/crypto/EVP_PKEY_verify.pod
@@ -81,7 +81,7 @@ L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
 L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
 L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
 L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
-L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,
+L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>,
 L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
 
 =head1 HISTORY
diff --git a/doc/crypto/EVP_PKEY_verifyrecover.pod b/doc/crypto/EVP_PKEY_verify_recover.pod
index f3605eb..23a28a9 100644
--- a/doc/crypto/EVP_PKEY_verifyrecover.pod
+++ b/doc/crypto/EVP_PKEY_verify_recover.pod
@@ -2,23 +2,23 @@
 
 =head1 NAME
 
-EVP_PKEY_verifyrecover_init, EVP_PKEY_verifyrecover - recover signature using a public key algorithm
+EVP_PKEY_verify_recover_init, EVP_PKEY_verify_recover - recover signature using a public key algorithm
 
 =head1 SYNOPSIS
 
  #include <openssl/evp.h>
 
- int EVP_PKEY_verifyrecover_init(EVP_PKEY_CTX *ctx);
- int EVP_PKEY_verifyrecover(EVP_PKEY_CTX *ctx,
+ int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
 			unsigned char *rout, size_t *routlen,
 			const unsigned char *sig, size_t siglen);
 
 =head1 DESCRIPTION
 
-The EVP_PKEY_verifyrecover_init() function initializes a public key algorithm
+The EVP_PKEY_verify_recover_init() function initializes a public key algorithm
 context using key B<pkey> for a verify recover operation.
 
-The EVP_PKEY_verifyrecover() function recovers signed data
+The EVP_PKEY_verify_recover() function recovers signed data
 using B<ctx>. The signature is specified using the B<sig> and
 B<siglen> parameters. If B<rout> is B<NULL> then the maximum size of the output
 buffer is written to the B<routlen> parameter. If B<rout> is not B<NULL> then
@@ -36,16 +36,16 @@ Sometimes however it is useful to obtain the data originally signed using a
 signing operation. Only certain public key algorithms can recover a signature
 in this way (for example RSA in PKCS padding mode).
 
-After the call to EVP_PKEY_verifyrecover_init() algorithm specific control
+After the call to EVP_PKEY_verify_recover_init() algorithm specific control
 operations can be performed to set any appropriate parameters for the
 operation.
 
-The function EVP_PKEY_verifyrecover() can be called more than once on the same
+The function EVP_PKEY_verify_recover() can be called more than once on the same
 context if several operations are performed using the same parameters.
 
 =head1 RETURN VALUES
 
-EVP_PKEY_verifyrecover_init() and EVP_PKEY_verifyrecover() return 1 for success
+EVP_PKEY_verify_recover_init() and EVP_PKEY_verify_recover() return 1 for success
 and 0 or a negative value for failure. In particular a return value of -2
 indicates the operation is not supported by the public key algorithm.
 
@@ -66,7 +66,7 @@ Recover digest originally signed using PKCS#1 and SHA256 digest:
  ctx = EVP_PKEY_CTX_new(verify_key);
  if (!ctx)
 	/* Error occurred */
- if (EVP_PKEY_verifyrecover_init(ctx) <= 0)
+ if (EVP_PKEY_verify_recover_init(ctx) <= 0)
 	/* Error */
  if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
 	/* Error */
@@ -74,7 +74,7 @@ Recover digest originally signed using PKCS#1 and SHA256 digest:
 	/* Error */
 
  /* Determine buffer length */
- if (EVP_PKEY_verifyrecover(ctx, NULL, &routlen, sig, siglen) <= 0)
+ if (EVP_PKEY_verify_recover(ctx, NULL, &routlen, sig, siglen) <= 0)
 	/* Error */
 
  rout = OPENSSL_malloc(routlen);
@@ -82,7 +82,7 @@ Recover digest originally signed using PKCS#1 and SHA256 digest:
  if (!rout)
 	/* malloc failure */
  
- if (EVP_PKEY_verifyrecover(ctx, rout, &routlen, sig, siglen) <= 0)
+ if (EVP_PKEY_verify_recover(ctx, rout, &routlen, sig, siglen) <= 0)
 	/* Error */
 
  /* Recovered data is routlen bytes written to buffer rout */
diff --git a/doc/crypto/X509_STORE_CTX_get_error.pod b/doc/crypto/X509_STORE_CTX_get_error.pod
index a883f6c..60e8332 100644
--- a/doc/crypto/X509_STORE_CTX_get_error.pod
+++ b/doc/crypto/X509_STORE_CTX_get_error.pod
@@ -278,6 +278,8 @@ happen if extended CRL checking is enabled.
 an application specific error. This will never be returned unless explicitly
 set by an application.
 
+=back
+
 =head1 NOTES
 
 The above functions should be used instead of directly referencing the fields
diff --git a/doc/crypto/ecdsa.pod b/doc/crypto/ecdsa.pod
index 20edff9..59a5916 100644
--- a/doc/crypto/ecdsa.pod
+++ b/doc/crypto/ecdsa.pod
@@ -95,7 +95,7 @@ is ignored.
 
 ECDSA_verify() verifies that the signature in B<sig> of size
 B<siglen> is a valid ECDSA signature of the hash value
-value B<dgst> of size B<dgstlen> using the public key B<eckey>.
+B<dgst> of size B<dgstlen> using the public key B<eckey>.
 The parameter B<type> is ignored.
 
 ECDSA_do_sign() is wrapper function for ECDSA_do_sign_ex with B<kinv>
@@ -131,16 +131,12 @@ specific)
 
  int        ret;
  ECDSA_SIG *sig;
- EC_KEY    *eckey = EC_KEY_new();
+ EC_KEY    *eckey;
+ eckey = EC_KEY_new_by_curve_name(NID_secp192k1);
  if (eckey == NULL)
 	{
 	/* error */
 	}
- key->group = EC_GROUP_new_by_nid(NID_secp192k1);
- if (key->group == NULL)
-	{
-	/* error */
-	}
  if (!EC_KEY_generate_key(eckey))
 	{
 	/* error */
diff --git a/doc/ssl/SSL_CTX_set_client_CA_list.pod b/doc/ssl/SSL_CTX_set_client_CA_list.pod
index 632b556..5e66133 100644
--- a/doc/ssl/SSL_CTX_set_client_CA_list.pod
+++ b/doc/ssl/SSL_CTX_set_client_CA_list.pod
@@ -66,16 +66,16 @@ values:
 
 =over 4
 
-=item 1
-
-The operation succeeded.
-
 =item 0
 
 A failure while manipulating the STACK_OF(X509_NAME) object occurred or
 the X509_NAME could not be extracted from B<cacert>. Check the error stack
 to find out the reason.
 
+=item 1
+
+The operation succeeded.
+
 =back
 
 =head1 EXAMPLES
diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod
index cc588f3..fded060 100644
--- a/doc/ssl/SSL_CTX_set_options.pod
+++ b/doc/ssl/SSL_CTX_set_options.pod
@@ -88,9 +88,10 @@ As of OpenSSL 0.9.8q and 1.0.0c, this option has no effect.
 
 ...
 
-=item SSL_OP_MSIE_SSLV2_RSA_PADDING
+=item SSL_OP_SAFARI_ECDHE_ECDSA_BUG
 
-As of OpenSSL 0.9.7h and 0.9.8a, this option has no effect.
+Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X.
+OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
 
 =item SSL_OP_SSLEAY_080_CLIENT_DH_BUG
 
diff --git a/doc/ssl/SSL_CTX_use_psk_identity_hint.pod b/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
index b80e25b..7e60df5 100644
--- a/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
+++ b/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
@@ -81,6 +81,8 @@ SSL_CTX_use_psk_identity_hint() and SSL_use_psk_identity_hint() return
 
 Return values from the server callback are interpreted as follows:
 
+=over 4
+
 =item > 0
 
 PSK identity was found and the server callback has provided the PSK
@@ -99,4 +101,6 @@ completely.
 PSK identity was not found. An "unknown_psk_identity" alert message
 will be sent and the connection setup fails.
 
+=back
+
 =cut
diff --git a/doc/ssl/SSL_accept.pod b/doc/ssl/SSL_accept.pod
index cc724c0..b1c34d1 100644
--- a/doc/ssl/SSL_accept.pod
+++ b/doc/ssl/SSL_accept.pod
@@ -44,17 +44,17 @@ The following return values can occur:
 
 =over 4
 
-=item 1
-
-The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
-established.
-
 =item 0
 
 The TLS/SSL handshake was not successful but was shut down controlled and
 by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
 return value B<ret> to find out the reason.
 
+=item 1
+
+The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
+established.
+
 =item E<lt>0
 
 The TLS/SSL handshake was not successful because a fatal error occurred either
diff --git a/doc/ssl/SSL_connect.pod b/doc/ssl/SSL_connect.pod
index cc56ebb..946ca89 100644
--- a/doc/ssl/SSL_connect.pod
+++ b/doc/ssl/SSL_connect.pod
@@ -41,17 +41,17 @@ The following return values can occur:
 
 =over 4
 
-=item 1
-
-The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
-established.
-
 =item 0
 
 The TLS/SSL handshake was not successful but was shut down controlled and
 by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
 return value B<ret> to find out the reason.
 
+=item 1
+
+The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
+established.
+
 =item E<lt>0
 
 The TLS/SSL handshake was not successful, because a fatal error occurred either
diff --git a/doc/ssl/SSL_do_handshake.pod b/doc/ssl/SSL_do_handshake.pod
index 2435764..7f8cf24 100644
--- a/doc/ssl/SSL_do_handshake.pod
+++ b/doc/ssl/SSL_do_handshake.pod
@@ -45,17 +45,17 @@ The following return values can occur:
 
 =over 4
 
-=item 1
-
-The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
-established.
-
 =item 0
 
 The TLS/SSL handshake was not successful but was shut down controlled and
 by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
 return value B<ret> to find out the reason.
 
+=item 1
+
+The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
+established.
+
 =item E<lt>0
 
 The TLS/SSL handshake was not successful because a fatal error occurred either
diff --git a/doc/ssl/SSL_shutdown.pod b/doc/ssl/SSL_shutdown.pod
index 89911ac..42a89b7 100644
--- a/doc/ssl/SSL_shutdown.pod
+++ b/doc/ssl/SSL_shutdown.pod
@@ -92,11 +92,6 @@ The following return values can occur:
 
 =over 4
 
-=item 1
-
-The shutdown was successfully completed. The "close notify" alert was sent
-and the peer's "close notify" alert was received.
-
 =item 0
 
 The shutdown is not yet finished. Call SSL_shutdown() for a second time,
@@ -104,6 +99,11 @@ if a bidirectional shutdown shall be performed.
 The output of L<SSL_get_error(3)|SSL_get_error(3)> may be misleading, as an
 erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred.
 
+=item 1
+
+The shutdown was successfully completed. The "close notify" alert was sent
+and the peer's "close notify" alert was received.
+
 =item -1
 
 The shutdown was not successful because a fatal error occurred either
author	Michael Demeter <michael.demeter@intel.com>	2014-01-06 15:47:34 -0800
committer	Michael Demeter <michael.demeter@intel.com>	2014-01-06 15:47:34 -0800
commit	975084c3fdbacd5f8a3c626171be8d4df27b2ac5 (patch)
tree	7f18b115ac927b799ebfe55335282130047b3ec6 /doc
parent	37a8d409f8ffc065c1b1417f0f3b5ba050e8aa95 (diff)
download	openssl-975084c3fdbacd5f8a3c626171be8d4df27b2ac5.tar.gz openssl-975084c3fdbacd5f8a3c626171be8d4df27b2ac5.tar.bz2 openssl-975084c3fdbacd5f8a3c626171be8d4df27b2ac5.zip