ag/cpython-source-deps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Import OpenSSL 1.1.1i

Browse Source
This commit is contained in:
Steve Dower
2021-01-05 19:44:35 +00:00
parent 7f34c3085f
commit ae8aba4cbc
344 changed files with 4257 additions and 4161 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
doc/man5/config.pod
View File

@@ -262,13 +262,11 @@ Example of a configuration with the system default:
ssl_conf = ssl_sect
[ssl_sect]
system_default = system_default_sect
[system_default_sect]
MinProtocol = TLSv1.2
MinProtocol = DTLSv1.2
=head1 NOTES
@@ -355,8 +353,8 @@ Simple OpenSSL library configuration example to enter FIPS mode:
Note: in the above example you will get an error in non FIPS capable versions
of OpenSSL.
Simple OpenSSL library configuration to make TLS 1.3 the system-default
minimum TLS version:
Simple OpenSSL library configuration to make TLS 1.2 and DTLS 1.2 the
system-default minimum TLS and DTLS versions, respectively:
# Toplevel section for openssl (including libssl)
openssl_conf = default_conf_section
@@ -369,7 +367,12 @@ minimum TLS version:
system_default = system_default_section
[system_default_section]
MinProtocol = TLSv1.3
MinProtocol = TLSv1.2
MinProtocol = DTLSv1.2
The minimum TLS protocol is applied to B<SSL_CTX> objects that are TLS-based,
and the minimum DTLS protocol to those are DTLS-based.
The same applies also to maximum versions set with B<MaxProtocol>.
More complex OpenSSL library configuration. Add OID and don't enter FIPS mode:
@@ -432,7 +435,7 @@ the value.
The escaping isn't quite right: if you want to use sequences like B<\n>
you can't use any quote escaping on the same line.
Files are loaded in a single pass. This means that an variable expansion
Files are loaded in a single pass. This means that a variable expansion
will only work if the variables referenced are defined earlier in the
file.

6
doc/man5/x509v3_config.pod
View File

@@ -60,8 +60,8 @@ The following sections describe each supported extension in detail.
This is a multi valued extension which indicates whether a certificate is
a CA certificate. The first (mandatory) name is B<CA> followed by B<TRUE> or
B<FALSE>. If B<CA> is B<TRUE> then an optional B<pathlen> name followed by an
non-negative value can be included.
B<FALSE>. If B<CA> is B<TRUE> then an optional B<pathlen> name followed by a
nonnegative value can be included.
For example:
@@ -534,7 +534,7 @@ L<ASN1_generate_nconf(3)>
=head1 COPYRIGHT
Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy