From: jmc Date: Fri, 11 Jun 2021 19:41:39 +0000 (+0000) Subject: space between RFC and number; X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=689a5e038eee38fafaea4f1560306028af829704;p=openbsd space between RFC and number; --- diff --git a/lib/libssl/man/SSL_CTX_set_options.3 b/lib/libssl/man/SSL_CTX_set_options.3 index ed797da2d6f..a0ec880a800 100644 --- a/lib/libssl/man/SSL_CTX_set_options.3 +++ b/lib/libssl/man/SSL_CTX_set_options.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: SSL_CTX_set_options.3,v 1.13 2021/04/15 16:35:54 tb Exp $ +.\" $OpenBSD: SSL_CTX_set_options.3,v 1.14 2021/06/11 19:41:39 jmc Exp $ .\" full merge up to: OpenSSL 7946ab33 Dec 6 17:56:41 2015 +0100 .\" selective merge up to: OpenSSL edb79c3a Mar 29 10:07:14 2017 +1000 .\" @@ -52,7 +52,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: April 15 2021 $ +.Dd $Mdocdate: June 11 2021 $ .Dt SSL_CTX_SET_OPTIONS 3 .Os .Sh NAME @@ -175,7 +175,7 @@ preferences. When not set, the server will always follow the client's preferences. When set, the server will choose following its own preferences. .It Dv SSL_OP_COOKIE_EXCHANGE -Turn on Cookie Exchange as described in RFC4347 Section 4.2.1. +Turn on Cookie Exchange as described in RFC 4347 Section 4.2.1. Only affects DTLS connections. .It Dv SSL_OP_LEGACY_SERVER_CONNECT Allow legacy insecure renegotiation between OpenSSL and unpatched servers @@ -250,7 +250,7 @@ and no longer have any effect: .Dv SSL_OP_TLSEXT_PADDING . .Sh SECURE RENEGOTIATION OpenSSL 0.9.8m and later always attempts to use secure renegotiation as -described in RFC5746. +described in RFC 5746. This counters the prefix attack described in CVE-2009-3555 and elsewhere. .Pp This attack has far-reaching consequences which application writers should be diff --git a/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 b/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 index 86a2cbb1314..e4756fe7c70 100644 --- a/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 +++ b/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: SSL_CTX_set_tlsext_ticket_key_cb.3,v 1.5 2019/06/12 09:36:30 schwarze Exp $ +.\" $OpenBSD: SSL_CTX_set_tlsext_ticket_key_cb.3,v 1.6 2021/06/11 19:41:39 jmc Exp $ .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file was written by Rich Salz @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 12 2019 $ +.Dd $Mdocdate: June 11 2021 $ .Dt SSL_CTX_SET_TLSEXT_TICKET_KEY_CB 3 .Os .Sh NAME @@ -69,7 +69,7 @@ sets a callback function .Fa cb for handling session tickets for the ssl context .Fa sslctx . -Session tickets, defined in RFC5077, provide an enhanced session +Session tickets, defined in RFC 5077, provide an enhanced session resumption capability where the server implementation is not required to maintain per session state. .Pp @@ -81,7 +81,7 @@ It is the responsibility of this function to create or retrieve the cryptographic parameters and to maintain their state. .Pp The OpenSSL library uses the callback function to help implement a -common TLS ticket construction state according to RFC5077 Section 4 such +common TLS ticket construction state according to RFC 5077 Section 4 such that per session state is unnecessary and a small set of cryptographic variables needs to be maintained by the callback function implementation. @@ -192,7 +192,7 @@ The OpenSSL library will call .Fa cb again with an .Fa enc -argument of 1 to set the new ticket (see RFC5077 3.3 paragraph 2). +argument of 1 to set the new ticket (see RFC 5077 3.3 paragraph 2). .It 1 This indicates that the .Fa ctx diff --git a/lib/libssl/man/SSL_CTX_set_tlsext_use_srtp.3 b/lib/libssl/man/SSL_CTX_set_tlsext_use_srtp.3 index f936f01d7bb..04c4833c6a1 100644 --- a/lib/libssl/man/SSL_CTX_set_tlsext_use_srtp.3 +++ b/lib/libssl/man/SSL_CTX_set_tlsext_use_srtp.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: SSL_CTX_set_tlsext_use_srtp.3,v 1.5 2021/06/11 15:28:14 landry Exp $ +.\" $OpenBSD: SSL_CTX_set_tlsext_use_srtp.3,v 1.6 2021/06/11 19:41:39 jmc Exp $ .\" full merge up to: OpenSSL b0edda11 Mar 20 13:00:17 2018 +0000 .\" .\" This file was written by Matt Caswell . @@ -80,12 +80,12 @@ .Sh DESCRIPTION SRTP is the Secure Real-Time Transport Protocol. OpenSSL implements support for the "use_srtp" DTLS extension -defined in RFC5764. +defined in RFC 5764. This provides a mechanism for establishing SRTP keying material, algorithms and parameters using DTLS. This capability may be used as part of an implementation that -conforms to RFC5763. -OpenSSL does not implement SRTP itself or RFC5763. +conforms to RFC 5763. +OpenSSL does not implement SRTP itself or RFC 5763. Note that OpenSSL does not support the use of SRTP Master Key Identifiers (MKIs). Also note that this extension is only supported in DTLS. @@ -110,13 +110,13 @@ SRTP protection profile names. The currently supported protection profile names are: .Bl -tag -width Ds .It Dv SRTP_AES128_CM_SHA1_80 -This corresponds to SRTP_AES128_CM_HMAC_SHA1_80 defined in RFC5764. +This corresponds to SRTP_AES128_CM_HMAC_SHA1_80 defined in RFC 5764. .It Dv SRTP_AES128_CM_SHA1_32 -This corresponds to SRTP_AES128_CM_HMAC_SHA1_32 defined in RFC5764. +This corresponds to SRTP_AES128_CM_HMAC_SHA1_32 defined in RFC 5764. .It Dv SRTP_AEAD_AES_128_GCM -This corresponds to SRTP_AEAD_AES_128_GCM defined in RFC7714. +This corresponds to SRTP_AEAD_AES_128_GCM defined in RFC 7714. .It Dv SRTP_AEAD_AES_256_GCM -This corresponds to SRTP_AEAD_AES_256_GCM defined in RFC7714. +This corresponds to SRTP_AEAD_AES_256_GCM defined in RFC 7714. .El .Pp Supplying an unrecognised protection profile name results in an error. diff --git a/lib/libssl/man/SSL_clear.3 b/lib/libssl/man/SSL_clear.3 index 1f2f0a5e528..809c3b20f43 100644 --- a/lib/libssl/man/SSL_clear.3 +++ b/lib/libssl/man/SSL_clear.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: SSL_clear.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $ +.\" $OpenBSD: SSL_clear.3,v 1.5 2021/06/11 19:41:39 jmc Exp $ .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file was written by Lutz Jaenicke . @@ -49,7 +49,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 27 2018 $ +.Dd $Mdocdate: June 11 2021 $ .Dt SSL_CLEAR 3 .Os .Sh NAME @@ -74,7 +74,7 @@ a side effect is the handling of the current SSL session. If a session is still .Em open , it is considered bad and will be removed from the session cache, -as required by RFC2246. +as required by RFC 2246. A session is considered open if .Xr SSL_shutdown 3 was not called for the connection or at least diff --git a/lib/libssl/man/SSL_free.3 b/lib/libssl/man/SSL_free.3 index d31f3e40ea1..c713ded121b 100644 --- a/lib/libssl/man/SSL_free.3 +++ b/lib/libssl/man/SSL_free.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: SSL_free.3,v 1.5 2020/03/30 10:28:59 schwarze Exp $ +.\" $OpenBSD: SSL_free.3,v 1.6 2021/06/11 19:41:39 jmc Exp $ .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file was written by Lutz Jaenicke . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 30 2020 $ +.Dd $Mdocdate: June 11 2021 $ .Dt SSL_FREE 3 .Os .Sh NAME @@ -102,7 +102,7 @@ was not called for the connection and was not used to set the .Vt SSL_SENT_SHUTDOWN state, the session will also be removed from the session cache as required by -RFC2246. +RFC 2246. .Sh SEE ALSO .Xr ssl 3 , .Xr SSL_clear 3 , diff --git a/lib/libssl/man/SSL_set_shutdown.3 b/lib/libssl/man/SSL_set_shutdown.3 index 6882d29c247..678086f88f7 100644 --- a/lib/libssl/man/SSL_set_shutdown.3 +++ b/lib/libssl/man/SSL_set_shutdown.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: SSL_set_shutdown.3,v 1.5 2020/03/30 10:28:59 schwarze Exp $ +.\" $OpenBSD: SSL_set_shutdown.3,v 1.6 2021/06/11 19:41:39 jmc Exp $ .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file was written by Lutz Jaenicke . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 30 2020 $ +.Dd $Mdocdate: June 11 2021 $ .Dt SSL_SET_SHUTDOWN 3 .Os .Sh NAME @@ -99,7 +99,7 @@ If the session is still open when .Xr SSL_clear 3 or .Xr SSL_free 3 -is called, it is considered bad and removed according to RFC2246. +is called, it is considered bad and removed according to RFC 2246. The actual condition for a correctly closed session is .Dv SSL_SENT_SHUTDOWN (according to the TLS RFC, it is acceptable to only send the