The B<-template>, B<-crlcert>, B<-oldcrl>, B<-crlout>, B<-crlform>
and B<-rsp_crl> options were added in OpenSSL 3.4.
-B<-centralkeygen>, b<-newkeyout>, B<-rsp_key> and
+B<-centralkeygen>, B<-newkeyout>, B<-rsp_key> and
B<-rsp_keypass> were added in OpenSSL 3.5.
=head1 COPYRIGHT
=item B<-v2prf> I<alg>
-This option sets the PRF algorithm to use with PKCS#5 v2.0. A typical value
+This option sets the PRF algorithm to use with PKCS#5 v2.0. A typical valid
value would be B<hmacWithSHA256>. If this option isn't set then the default
for the cipher is used or B<hmacWithSHA256> if there is no default.
or given with the B<-key> (or B<-signkey>) option.
If the input contains no public key but a private key, its public part is used.
-This option can be used in conjunction with b<-new> and B<-set_subject>
+This option can be used in conjunction with B<-new> and B<-set_subject>
to directly generate a certificate containing any desired public key.
This option is also useful for creating self-issued certificates that are not
B<COMP_METHOD>, respectively. COMP_get_name() returns the name of the algorithm
of the given B<COMP_METHOD>.
-COMP_compress_block() compresses b<ilen> bytes from the buffer I<in> into the
-buffer
b<out> of size I<olen> using the algorithm specified by I<ctx>.
+COMP_compress_block() compresses B<ilen> bytes from the buffer I<in> into the
+buffer
B<out> of size I<olen> using the algorithm specified by I<ctx>.
COMP_expand_block() expands I<ilen> bytes from the buffer I<in> into the
buffer I<out> of size I<olen> using the algorithm specified by I<ctx>.
=back
If B<val> is set to a non-NULL value, then the extension is sent in the handshake.
-If b<val> is set to a NULL value (and B<len> is 0), then the extension is
+If B<val> is set to a NULL value (and B<len> is 0), then the extension is
disabled. The default value is NULL, meaning the extension is not sent, and
X.509 certificates are used in the handshake.
=item *
Replace
-b<d2i_I<TYPE>PrivateKey()> with L<d2i_PrivateKey(3)>,
-b<d2i_I<TYPE>PublicKey()> with L<d2i_PublicKey(3)>,
-b<d2i_I<TYPE>params()> with L<d2i_KeyParams(3)>,
-b<d2i_I<TYPE>_PUBKEY()> with L<d2i_PUBKEY(3)>,
-b<i2d_I<TYPE>PrivateKey()> with L<i2d_PrivateKey(3)>,
-b<i2d_I<TYPE>PublicKey()> with L<i2d_PublicKey(3)>,
-b<i2d_I<TYPE>params()> with L<i2d_KeyParams(3)>,
-b<i2d_I<TYPE>_PUBKEY()> with L<i2d_PUBKEY(3)>.
+B<d2i_I<TYPE>PrivateKey()> with L<d2i_PrivateKey(3)>,
+B<d2i_I<TYPE>PublicKey()> with L<d2i_PublicKey(3)>,
+B<d2i_I<TYPE>params()> with L<d2i_KeyParams(3)>,
+B<d2i_I<TYPE>_PUBKEY()> with L<d2i_PUBKEY(3)>,
+B<i2d_I<TYPE>PrivateKey()> with L<i2d_PrivateKey(3)>,
+B<i2d_I<TYPE>PublicKey()> with L<i2d_PublicKey(3)>,
+B<i2d_I<TYPE>params()> with L<i2d_KeyParams(3)>,
+B<i2d_I<TYPE>_PUBKEY()> with L<i2d_PUBKEY(3)>.
A caveat is that L<i2d_PrivateKey(3)> may output a DER encoded PKCS#8
outermost structure instead of the type specific structure, and that
L<d2i_PrivateKey(3)> recognises and unpacks a PKCS#8 structures.
previous releases due to higher overhead. This applies particularly to
measuring performance on smaller data chunks.
-b<openssl dhparam>, B<openssl dsa>, B<openssl gendsa>, B<openssl dsaparam>,
+B<openssl dhparam>, B<openssl dsa>, B<openssl gendsa>, B<openssl dsaparam>,
B<openssl genrsa> and B<openssl rsa> have been modified to use PKEY APIs.
B<openssl genrsa> and B<openssl rsa> now write PKCS #8 keys by default.
projects / thirdparty / openssl.git / commitdiff
