From 3cea047b6cc9e93308e5aebbacc74183438fae57 Mon Sep 17 00:00:00 2001 From: Robert Yang Date: Wed, 11 May 2016 00:43:28 -0700 Subject: openssl: 1.0.2d -> 1.0.2h (mainly for CVEs) * CVEs: - CVE-2016-0705 - CVE-2016-0798 - CVE-2016-0797 - CVE-2016-0799 - CVE-2016-0702 - CVE-2016-0703 - CVE-2016-0704 - CVE-2016-2105 - CVE-2016-2106 - CVE-2016-2109 - CVE-2016-2176 * The LICENSE's checksum is changed because of date changes (2011 -> 2016), the contents are the same. * Remove backport patches - 0001-Add-test-for-CVE-2015-3194.patch - CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch - CVE-2015-3194-1-Add-PSS-parameter-check.patch - CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch - CVE-2015-3197.patch - CVE-2016-0701_1.patch - CVE-2016-0701_2.patch - CVE-2016-0800.patch - CVE-2016-0800_2.patch - CVE-2016-0800_3.patch * Update crypto_use_bigint_in_x86-64_perl.patch * Add version-script.patch and update block_diginotar.patch (From master branch) * Update openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch (From Armin) (From OE-Core master rev: bca156013af0a98cb18d8156626b9acc8f9883e3) (From OE-Core rev: 6ed7c8a9f82bc173ae0cc8b494af5a2c838f08fc) Signed-off-by: Robert Yang Signed-off-by: Richard Purdie Signed-off-by: Joshua Lock Signed-off-by: Richard Purdie --- .../openssl/openssl/CVE-2016-0800_2.patch | 592 --------------------- 1 file changed, 592 deletions(-) delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-0800_2.patch (limited to 'meta/recipes-connectivity/openssl/openssl/CVE-2016-0800_2.patch') diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-0800_2.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-0800_2.patch deleted file mode 100644 index de89d08d5c..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-0800_2.patch +++ /dev/null @@ -1,592 +0,0 @@ -From 021fb42dd0cf2bf985b0e26ca50418eb42c00d09 Mon Sep 17 00:00:00 2001 -From: Viktor Dukhovni -Date: Wed, 17 Feb 2016 23:38:55 -0500 -Subject: [PATCH] Bring SSL method documentation up to date -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Reviewed-by: Emilia Käsper - -Upstream-Status: Backport - -https://git.openssl.org/?p=openssl.git;a=commit;h=021fb42dd0cf2bf985b0e26ca50418eb42c00d09 - -CVE: CVE-2016-0800 #2 patch -Signed-off-by: Armin Kuster - ---- - doc/apps/ciphers.pod | 29 ++++--- - doc/apps/s_client.pod | 12 +-- - doc/apps/s_server.pod | 8 +- - doc/ssl/SSL_CONF_cmd.pod | 33 ++++---- - doc/ssl/SSL_CTX_new.pod | 168 ++++++++++++++++++++++++++++------------ - doc/ssl/SSL_CTX_set_options.pod | 10 +++ - doc/ssl/ssl.pod | 77 ++++++++++++++---- - 7 files changed, 226 insertions(+), 111 deletions(-) - -diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod -index 1c26e3b..8038b05 100644 ---- a/doc/apps/ciphers.pod -+++ b/doc/apps/ciphers.pod -@@ -38,25 +38,21 @@ SSL v2 and for SSL v3/TLS v1. - - Like B<-v>, but include cipher suite codes in output (hex format). - --=item B<-ssl3> -+=item B<-ssl3>, B<-tls1> - --only include SSL v3 ciphers. -+This lists ciphers compatible with any of SSLv3, TLSv1, TLSv1.1 or TLSv1.2. - - =item B<-ssl2> - --only include SSL v2 ciphers. -- --=item B<-tls1> -- --only include TLS v1 ciphers. -+Only include SSLv2 ciphers. - - =item B<-h>, B<-?> - --print a brief usage message. -+Print a brief usage message. - - =item B - --a cipher list to convert to a cipher preference list. If it is not included -+A cipher list to convert to a cipher preference list. If it is not included - then the default cipher list will be used. The format is described below. - - =back -@@ -109,9 +105,10 @@ The following is a list of all permitted cipher strings and their meanings. - - =item B - --the default cipher list. This is determined at compile time and --is normally B. This must be the firstcipher string --specified. -+The default cipher list. -+This is determined at compile time and is normally -+B. -+When used, this must be the first cipherstring specified. - - =item B - -@@ -582,11 +579,11 @@ Note: these ciphers can also be used in SSL v3. - =head2 Deprecated SSL v2.0 cipher suites. - - SSL_CK_RC4_128_WITH_MD5 RC4-MD5 -- SSL_CK_RC4_128_EXPORT40_WITH_MD5 EXP-RC4-MD5 -- SSL_CK_RC2_128_CBC_WITH_MD5 RC2-MD5 -- SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 EXP-RC2-MD5 -+ SSL_CK_RC4_128_EXPORT40_WITH_MD5 Not implemented. -+ SSL_CK_RC2_128_CBC_WITH_MD5 RC2-CBC-MD5 -+ SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 Not implemented. - SSL_CK_IDEA_128_CBC_WITH_MD5 IDEA-CBC-MD5 -- SSL_CK_DES_64_CBC_WITH_MD5 DES-CBC-MD5 -+ SSL_CK_DES_64_CBC_WITH_MD5 Not implemented. - SSL_CK_DES_192_EDE3_CBC_WITH_MD5 DES-CBC3-MD5 - - =head1 NOTES -diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod -index 84d0527..618df96 100644 ---- a/doc/apps/s_client.pod -+++ b/doc/apps/s_client.pod -@@ -201,15 +201,11 @@ Use the PSK key B when using a PSK cipher suite. The key is - given as a hexadecimal number without leading 0x, for example -psk - 1a2b3c4d. - --=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> -+=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> - --these options disable the use of certain SSL or TLS protocols. By default --the initial handshake uses a method which should be compatible with all --servers and permit them to use SSL v3, SSL v2 or TLS as appropriate. -- --Unfortunately there are still ancient and broken servers in use which --cannot handle this technique and will fail to connect. Some servers only --work if TLS is turned off. -+These options require or disable the use of the specified SSL or TLS protocols. -+By default the initial handshake uses a I method which will -+negotiate the highest mutually supported protocol version. - - =item B<-fallback_scsv> - -diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod -index baca779..6f4acb7 100644 ---- a/doc/apps/s_server.pod -+++ b/doc/apps/s_server.pod -@@ -217,11 +217,11 @@ Use the PSK key B when using a PSK cipher suite. The key is - given as a hexadecimal number without leading 0x, for example -psk - 1a2b3c4d. - --=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> -+=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> - --these options disable the use of certain SSL or TLS protocols. By default --the initial handshake uses a method which should be compatible with all --servers and permit them to use SSL v3, SSL v2 or TLS as appropriate. -+These options require or disable the use of the specified SSL or TLS protocols. -+By default the initial handshake uses a I method which will -+negotiate the highest mutually supported protocol version. - - =item B<-bugs> - -diff --git a/doc/ssl/SSL_CONF_cmd.pod b/doc/ssl/SSL_CONF_cmd.pod -index 2bf1a60..e81d76a 100644 ---- a/doc/ssl/SSL_CONF_cmd.pod -+++ b/doc/ssl/SSL_CONF_cmd.pod -@@ -74,7 +74,7 @@ B). Curve names are case sensitive. - - =item B<-named_curve> - --This sets the temporary curve used for ephemeral ECDH modes. Only used by -+This sets the temporary curve used for ephemeral ECDH modes. Only used by - servers - - The B argument is a curve name or the special value B which -@@ -85,7 +85,7 @@ can be either the B name (e.g. B) or an OpenSSL OID name - =item B<-cipher> - - Sets the cipher suite list to B. Note: syntax checking of B is --currently not performed unless a B or B structure is -+currently not performed unless a B or B structure is - associated with B. - - =item B<-cert> -@@ -111,9 +111,9 @@ operations are permitted. - - =item B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> - --Disables protocol support for SSLv2, SSLv3, TLS 1.0, TLS 1.1 or TLS 1.2 --by setting the corresponding options B, B, --B, B and B respectively. -+Disables protocol support for SSLv2, SSLv3, TLSv1.0, TLSv1.1 or TLSv1.2 -+by setting the corresponding options B, B, -+B, B and B respectively. - - =item B<-bugs> - -@@ -177,7 +177,7 @@ Note: the command prefix (if set) alters the recognised B values. - =item B - - Sets the cipher suite list to B. Note: syntax checking of B is --currently not performed unless an B or B structure is -+currently not performed unless an B or B structure is - associated with B. - - =item B -@@ -244,7 +244,7 @@ B). Curve names are case sensitive. - - =item B - --This sets the temporary curve used for ephemeral ECDH modes. Only used by -+This sets the temporary curve used for ephemeral ECDH modes. Only used by - servers - - The B argument is a curve name or the special value B which -@@ -258,10 +258,11 @@ The supported versions of the SSL or TLS protocol. - - The B argument is a comma separated list of supported protocols to - enable or disable. If an protocol is preceded by B<-> that version is disabled. --All versions are enabled by default, though applications may choose to --explicitly disable some. Currently supported protocol values are B, --B, B, B and B. The special value B refers --to all supported versions. -+Currently supported protocol values are B, B, B, -+B and B. -+All protocol versions other than B are enabled by default. -+To avoid inadvertent enabling of B, when SSLv2 is disabled, it is not -+possible to enable it via the B command. - - =item B - -@@ -339,16 +340,16 @@ The value is a directory name. - The order of operations is significant. This can be used to set either defaults - or values which cannot be overridden. For example if an application calls: - -- SSL_CONF_cmd(ctx, "Protocol", "-SSLv2"); -+ SSL_CONF_cmd(ctx, "Protocol", "-SSLv3"); - SSL_CONF_cmd(ctx, userparam, uservalue); - --it will disable SSLv2 support by default but the user can override it. If -+it will disable SSLv3 support by default but the user can override it. If - however the call sequence is: - - SSL_CONF_cmd(ctx, userparam, uservalue); -- SSL_CONF_cmd(ctx, "Protocol", "-SSLv2"); -+ SSL_CONF_cmd(ctx, "Protocol", "-SSLv3"); - --SSLv2 is B disabled and attempt to override this by the user are -+then SSLv3 is B disabled and attempt to override this by the user are - ignored. - - By checking the return code of SSL_CTX_cmd() it is possible to query if a -@@ -372,7 +373,7 @@ can be checked instead. If -3 is returned a required argument is missing - and an error is indicated. If 0 is returned some other error occurred and - this can be reported back to the user. - --The function SSL_CONF_cmd_value_type() can be used by applications to -+The function SSL_CONF_cmd_value_type() can be used by applications to - check for the existence of a command or to perform additional syntax - checking or translation of the command value. For example if the return - value is B an application could translate a relative -diff --git a/doc/ssl/SSL_CTX_new.pod b/doc/ssl/SSL_CTX_new.pod -index 491ac8c..b8cc879 100644 ---- a/doc/ssl/SSL_CTX_new.pod -+++ b/doc/ssl/SSL_CTX_new.pod -@@ -2,13 +2,55 @@ - - =head1 NAME - --SSL_CTX_new - create a new SSL_CTX object as framework for TLS/SSL enabled functions -+SSL_CTX_new, -+SSLv23_method, SSLv23_server_method, SSLv23_client_method, -+TLSv1_2_method, TLSv1_2_server_method, TLSv1_2_client_method, -+TLSv1_1_method, TLSv1_1_server_method, TLSv1_1_client_method, -+TLSv1_method, TLSv1_server_method, TLSv1_client_method, -+SSLv3_method, SSLv3_server_method, SSLv3_client_method, -+SSLv2_method, SSLv2_server_method, SSLv2_client_method, -+DTLS_method, DTLS_server_method, DTLS_client_method, -+DTLSv1_2_method, DTLSv1_2_server_method, DTLSv1_2_client_method, -+DTLSv1_method, DTLSv1_server_method, DTLSv1_client_method - -+create a new SSL_CTX object as framework for TLS/SSL enabled functions - - =head1 SYNOPSIS - - #include - - SSL_CTX *SSL_CTX_new(const SSL_METHOD *method); -+ const SSL_METHOD *SSLv23_method(void); -+ const SSL_METHOD *SSLv23_server_method(void); -+ const SSL_METHOD *SSLv23_client_method(void); -+ const SSL_METHOD *TLSv1_2_method(void); -+ const SSL_METHOD *TLSv1_2_server_method(void); -+ const SSL_METHOD *TLSv1_2_client_method(void); -+ const SSL_METHOD *TLSv1_1_method(void); -+ const SSL_METHOD *TLSv1_1_server_method(void); -+ const SSL_METHOD *TLSv1_1_client_method(void); -+ const SSL_METHOD *TLSv1_method(void); -+ const SSL_METHOD *TLSv1_server_method(void); -+ const SSL_METHOD *TLSv1_client_method(void); -+ #ifndef OPENSSL_NO_SSL3_METHOD -+ const SSL_METHOD *SSLv3_method(void); -+ const SSL_METHOD *SSLv3_server_method(void); -+ const SSL_METHOD *SSLv3_client_method(void); -+ #endif -+ #ifndef OPENSSL_NO_SSL2 -+ const SSL_METHOD *SSLv2_method(void); -+ const SSL_METHOD *SSLv2_server_method(void); -+ const SSL_METHOD *SSLv2_client_method(void); -+ #endif -+ -+ const SSL_METHOD *DTLS_method(void); -+ const SSL_METHOD *DTLS_server_method(void); -+ const SSL_METHOD *DTLS_client_method(void); -+ const SSL_METHOD *DTLSv1_2_method(void); -+ const SSL_METHOD *DTLSv1_2_server_method(void); -+ const SSL_METHOD *DTLSv1_2_client_method(void); -+ const SSL_METHOD *DTLSv1_method(void); -+ const SSL_METHOD *DTLSv1_server_method(void); -+ const SSL_METHOD *DTLSv1_client_method(void); - - =head1 DESCRIPTION - -@@ -23,65 +65,88 @@ client only type. B can be of the following types: - - =over 4 - --=item SSLv2_method(void), SSLv2_server_method(void), SSLv2_client_method(void) -+=item SSLv23_method(), SSLv23_server_method(), SSLv23_client_method() -+ -+These are the general-purpose I SSL/TLS methods. -+The actual protocol version used will be negotiated to the highest version -+mutually supported by the client and the server. -+The supported protocols are SSLv2, SSLv3, TLSv1, TLSv1.1 and TLSv1.2. -+Most applications should use these method, and avoid the version specific -+methods described below. -+ -+The list of protocols available can be further limited using the -+B, B, B, -+B and B options of the -+L or L functions. -+Clients should avoid creating "holes" in the set of protocols they support, -+when disabling a protocol, make sure that you also disable either all previous -+or all subsequent protocol versions. -+In clients, when a protocol version is disabled without disabling I -+previous protocol versions, the effect is to also disable all subsequent -+protocol versions. -+ -+The SSLv2 and SSLv3 protocols are deprecated and should generally not be used. -+Applications should typically use L in combination with -+the B flag to disable negotiation of SSLv3 via the above -+I SSL/TLS methods. -+The B option is set by default, and would need to be cleared -+via L in order to enable negotiation of SSLv2. -+ -+=item TLSv1_2_method(), TLSv1_2_server_method(), TLSv1_2_client_method() - --A TLS/SSL connection established with these methods will only understand --the SSLv2 protocol. A client will send out SSLv2 client hello messages --and will also indicate that it only understand SSLv2. A server will only --understand SSLv2 client hello messages. -+A TLS/SSL connection established with these methods will only understand the -+TLSv1.2 protocol. A client will send out TLSv1.2 client hello messages and -+will also indicate that it only understand TLSv1.2. A server will only -+understand TLSv1.2 client hello messages. - --=item SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void) -+=item TLSv1_1_method(), TLSv1_1_server_method(), TLSv1_1_client_method() - - A TLS/SSL connection established with these methods will only understand the --SSLv3 protocol. A client will send out SSLv3 client hello messages --and will indicate that it only understands SSLv3. A server will only understand --SSLv3 client hello messages. This especially means, that it will --not understand SSLv2 client hello messages which are widely used for --compatibility reasons, see SSLv23_*_method(). -+TLSv1.1 protocol. A client will send out TLSv1.1 client hello messages and -+will also indicate that it only understand TLSv1.1. A server will only -+understand TLSv1.1 client hello messages. - --=item TLSv1_method(void), TLSv1_server_method(void), TLSv1_client_method(void) -+=item TLSv1_method(), TLSv1_server_method(), TLSv1_client_method() - - A TLS/SSL connection established with these methods will only understand the --TLSv1 protocol. A client will send out TLSv1 client hello messages --and will indicate that it only understands TLSv1. A server will only understand --TLSv1 client hello messages. This especially means, that it will --not understand SSLv2 client hello messages which are widely used for --compatibility reasons, see SSLv23_*_method(). It will also not understand --SSLv3 client hello messages. -- --=item SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void) -- --A TLS/SSL connection established with these methods may understand the SSLv2, --SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols. -- --If the cipher list does not contain any SSLv2 ciphersuites (the default --cipher list does not) or extensions are required (for example server name) --a client will send out TLSv1 client hello messages including extensions and --will indicate that it also understands TLSv1.1, TLSv1.2 and permits a --fallback to SSLv3. A server will support SSLv3, TLSv1, TLSv1.1 and TLSv1.2 --protocols. This is the best choice when compatibility is a concern. -- --If any SSLv2 ciphersuites are included in the cipher list and no extensions --are required then SSLv2 compatible client hellos will be used by clients and --SSLv2 will be accepted by servers. This is B recommended due to the --insecurity of SSLv2 and the limited nature of the SSLv2 client hello --prohibiting the use of extensions. -+TLSv1 protocol. A client will send out TLSv1 client hello messages and will -+indicate that it only understands TLSv1. A server will only understand TLSv1 -+client hello messages. - --=back -+=item SSLv3_method(), SSLv3_server_method(), SSLv3_client_method() -+ -+A TLS/SSL connection established with these methods will only understand the -+SSLv3 protocol. A client will send out SSLv3 client hello messages and will -+indicate that it only understands SSLv3. A server will only understand SSLv3 -+client hello messages. The SSLv3 protocol is deprecated and should not be -+used. -+ -+=item SSLv2_method(), SSLv2_server_method(), SSLv2_client_method() -+ -+A TLS/SSL connection established with these methods will only understand the -+SSLv2 protocol. A client will send out SSLv2 client hello messages and will -+also indicate that it only understand SSLv2. A server will only understand -+SSLv2 client hello messages. The SSLv2 protocol offers little to no security -+and should not be used. -+As of OpenSSL 1.0.2g, EXPORT ciphers and 56-bit DES are no longer available -+with SSLv2. - --The list of protocols available can later be limited using the SSL_OP_NO_SSLv2, --SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1 and SSL_OP_NO_TLSv1_2 --options of the SSL_CTX_set_options() or SSL_set_options() functions. --Using these options it is possible to choose e.g. SSLv23_server_method() and --be able to negotiate with all possible clients, but to only allow newer --protocols like TLSv1, TLSv1.1 or TLS v1.2. -+=item DTLS_method(), DTLS_server_method(), DTLS_client_method() - --Applications which never want to support SSLv2 (even is the cipher string --is configured to use SSLv2 ciphersuites) can set SSL_OP_NO_SSLv2. -+These are the version-flexible DTLS methods. -+ -+=item DTLSv1_2_method(), DTLSv1_2_server_method(), DTLSv1_2_client_method() -+ -+These are the version-specific methods for DTLSv1.2. -+ -+=item DTLSv1_method(), DTLSv1_server_method(), DTLSv1_client_method() -+ -+These are the version-specific methods for DTLSv1. -+ -+=back - --SSL_CTX_new() initializes the list of ciphers, the session cache setting, --the callbacks, the keys and certificates and the options to its default --values. -+SSL_CTX_new() initializes the list of ciphers, the session cache setting, the -+callbacks, the keys and certificates and the options to its default values. - - =head1 RETURN VALUES - -@@ -91,8 +156,8 @@ The following return values can occur: - - =item NULL - --The creation of a new SSL_CTX object failed. Check the error stack to --find out the reason. -+The creation of a new SSL_CTX object failed. Check the error stack to find out -+the reason. - - =item Pointer to an SSL_CTX object - -@@ -102,6 +167,7 @@ The return value points to an allocated SSL_CTX object. - - =head1 SEE ALSO - -+L, L, L, - L, L, - L, L - -diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod -index e80a72c..9a7e98c 100644 ---- a/doc/ssl/SSL_CTX_set_options.pod -+++ b/doc/ssl/SSL_CTX_set_options.pod -@@ -189,15 +189,25 @@ browser has a cert, it will crash/hang. Works for 3.x and 4.xbeta - =item SSL_OP_NO_SSLv2 - - Do not use the SSLv2 protocol. -+As of OpenSSL 1.0.2g the B option is set by default. - - =item SSL_OP_NO_SSLv3 - - Do not use the SSLv3 protocol. -+It is recommended that applications should set this option. - - =item SSL_OP_NO_TLSv1 - - Do not use the TLSv1 protocol. - -+=item SSL_OP_NO_TLSv1_1 -+ -+Do not use the TLSv1.1 protocol. -+ -+=item SSL_OP_NO_TLSv1_2 -+ -+Do not use the TLSv1.2 protocol. -+ - =item SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION - - When performing renegotiation as a server, always start a new session -diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod -index 242087e..70cca17 100644 ---- a/doc/ssl/ssl.pod -+++ b/doc/ssl/ssl.pod -@@ -130,41 +130,86 @@ protocol methods defined in B structures. - - =over 4 - --=item const SSL_METHOD *B(void); -+=item const SSL_METHOD *B(void); - --Constructor for the SSLv2 SSL_METHOD structure for a dedicated client. -+Constructor for the I SSL_METHOD structure for -+clients, servers or both. -+See L for details. - --=item const SSL_METHOD *B(void); -+=item const SSL_METHOD *B(void); - --Constructor for the SSLv2 SSL_METHOD structure for a dedicated server. -+Constructor for the I SSL_METHOD structure for -+clients. - --=item const SSL_METHOD *B(void); -+=item const SSL_METHOD *B(void); - --Constructor for the SSLv2 SSL_METHOD structure for combined client and server. -+Constructor for the I SSL_METHOD structure for -+servers. - --=item const SSL_METHOD *B(void); -+=item const SSL_METHOD *B(void); - --Constructor for the SSLv3 SSL_METHOD structure for a dedicated client. -+Constructor for the TLSv1.2 SSL_METHOD structure for clients, servers -+or both. - --=item const SSL_METHOD *B(void); -+=item const SSL_METHOD *B(void); - --Constructor for the SSLv3 SSL_METHOD structure for a dedicated server. -+Constructor for the TLSv1.2 SSL_METHOD structure for clients. - --=item const SSL_METHOD *B(void); -+=item const SSL_METHOD *B(void); -+ -+Constructor for the TLSv1.2 SSL_METHOD structure for servers. -+ -+=item const SSL_METHOD *B(void); - --Constructor for the SSLv3 SSL_METHOD structure for combined client and server. -+Constructor for the TLSv1.1 SSL_METHOD structure for clients, servers -+or both. -+ -+=item const SSL_METHOD *B(void); -+ -+Constructor for the TLSv1.1 SSL_METHOD structure for clients. -+ -+=item const SSL_METHOD *B(void); -+ -+Constructor for the TLSv1.1 SSL_METHOD structure for servers. -+ -+=item const SSL_METHOD *B(void); -+ -+Constructor for the TLSv1 SSL_METHOD structure for clients, servers -+or both. - - =item const SSL_METHOD *B(void); - --Constructor for the TLSv1 SSL_METHOD structure for a dedicated client. -+Constructor for the TLSv1 SSL_METHOD structure for clients. - - =item const SSL_METHOD *B(void); - --Constructor for the TLSv1 SSL_METHOD structure for a dedicated server. -+Constructor for the TLSv1 SSL_METHOD structure for servers. - --=item const SSL_METHOD *B(void); -+=item const SSL_METHOD *B(void); -+ -+Constructor for the SSLv3 SSL_METHOD structure for clients, servers -+or both. -+ -+=item const SSL_METHOD *B(void); -+ -+Constructor for the SSLv3 SSL_METHOD structure for clients. -+ -+=item const SSL_METHOD *B(void); -+ -+Constructor for the SSLv3 SSL_METHOD structure for servers. -+ -+=item const SSL_METHOD *B(void); -+ -+Constructor for the SSLv2 SSL_METHOD structure for clients, servers -+or both. -+ -+=item const SSL_METHOD *B(void); -+ -+Constructor for the SSLv2 SSL_METHOD structure for clients. -+ -+=item const SSL_METHOD *B(void); - --Constructor for the TLSv1 SSL_METHOD structure for combined client and server. -+Constructor for the SSLv2 SSL_METHOD structure for servers. - - =back - --- -2.3.5 - -- cgit v1.2.3-54-g00ecf