[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Matt Caswell matt at openssl.org
Tue May 1 13:18:55 UTC 2018


The branch OpenSSL_1_1_0-stable has been updated
       via  bbb88edeb6e2654cf0fabb88a31f23bee9632b03 (commit)
      from  9737a38f34b49487223625a77860e957095cae13 (commit)


- Log -----------------------------------------------------------------
commit bbb88edeb6e2654cf0fabb88a31f23bee9632b03
Author: Matt Caswell <matt at openssl.org>
Date:   Mon Apr 30 12:05:42 2018 +0100

    Fix some errors and missing info in the CMS docs
    
    Fixes #5063
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/6135)

-----------------------------------------------------------------------

Summary of changes:
 doc/apps/cms.pod           | 16 ++++++++--------
 doc/crypto/CMS_encrypt.pod |  5 ++---
 2 files changed, 10 insertions(+), 11 deletions(-)

diff --git a/doc/apps/cms.pod b/doc/apps/cms.pod
index 96acd31..f7dd374 100644
--- a/doc/apps/cms.pod
+++ b/doc/apps/cms.pod
@@ -393,6 +393,9 @@ When encrypting a message this option may be used multiple times to specify
 each recipient. This form B<must> be used if customised parameters are
 required (for example to specify RSA-OAEP).
 
+Only certificates carrying RSA, Diffie-Hellman or EC keys are supported by this
+option.
+
 =item B<-keyid>
 
 use subject key identifier to identify certificates instead of issuer name and
@@ -712,19 +715,16 @@ No revocation checking is done on the signer's certificate.
 =head1 HISTORY
 
 The use of multiple B<-signer> options and the B<-resign> command were first
-added in OpenSSL 1.0.0
-
-The B<keyopt> option was first added in OpenSSL 1.1.0
+added in OpenSSL 1.0.0.
 
-The use of B<-recip> to specify the recipient when encrypting mail was first
-added to OpenSSL 1.1.0
+The B<keyopt> option was first added in OpenSSL 1.0.2
 
-Support for RSA-OAEP and RSA-PSS was first added to OpenSSL 1.1.0.
+Support for RSA-OAEP and RSA-PSS was first added to OpenSSL 1.0.2.
 
 The use of non-RSA keys with B<-encrypt> and B<-decrypt> was first added
-to OpenSSL 1.1.0.
+to OpenSSL 1.0.2.
 
-The -no_alt_chains options was first added to OpenSSL 1.1.0.
+The -no_alt_chains options was first added to OpenSSL 1.0.2b.
 
 =head1 COPYRIGHT
 
diff --git a/doc/crypto/CMS_encrypt.pod b/doc/crypto/CMS_encrypt.pod
index 0ed4262..f4e0a12 100644
--- a/doc/crypto/CMS_encrypt.pod
+++ b/doc/crypto/CMS_encrypt.pod
@@ -18,9 +18,8 @@ B<cipher> is the symmetric cipher to use. B<flags> is an optional set of flags.
 
 =head1 NOTES
 
-Only certificates carrying RSA keys are supported so the recipient certificates
-supplied to this function must all contain RSA public keys, though they do not
-have to be signed using the RSA algorithm.
+Only certificates carrying RSA, Diffie-Hellman or EC keys are supported by this
+function.
 
 EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use
 because most clients will support it.


More information about the openssl-commits mailing list