[openssl] master update

Matt Caswell matt at openssl.org
Tue Jan 5 18:09:37 UTC 2021

The branch master has been updated
       via  3497cc8776d50397ceefbd41bd3356a7f5d30c14 (commit)
      from  b043c41c0059786eb78492fb64217053272ef37d (commit)

- Log -----------------------------------------------------------------
commit 3497cc8776d50397ceefbd41bd3356a7f5d30c14
Author: bazmoz <bazmoz at protonmail.com>
Date:   Sun Dec 27 22:05:14 2020 +0530

    Updated SSL_CTX_new doc
    Fixes #13703
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/13741)


Summary of changes:
 doc/man3/SSL_CTX_new.pod | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/doc/man3/SSL_CTX_new.pod b/doc/man3/SSL_CTX_new.pod
index b71cda9be0..4093e657e8 100644
--- a/doc/man3/SSL_CTX_new.pod
+++ b/doc/man3/SSL_CTX_new.pod
@@ -73,11 +73,12 @@ functions
-SSL_CTX_new_ex() creates a new B<SSL_CTX> object as a framework to
-establish TLS/SSL or DTLS enabled connections using the library context
-I<libctx> (see L<OSSL_LIB_CTX(3)>). Any cryptographic algorithms that are used
-by any B<SSL> objects created from this B<SSL_CTX> will be fetched from the
-I<libctx> using the property query string I<propq> (see
+SSL_CTX_new_ex() creates a new B<SSL_CTX> object, which holds various
+configuration and data relevant to TLS/SSL or DTLS session establishment. The
+library context I<libctx> (see L<OSSL_LIB_CTX(3)>) is used to provide the
+cryptographic algorithms needed for the session. Any cryptographic algorithms
+that are used by any B<SSL> objects created from this B<SSL_CTX> will be fetched
+from the I<libctx> using the property query string I<propq> (see
 L<provider(7)/Fetching algorithms>. Either or both the I<libctx> or I<propq>
 parameters may be NULL.
@@ -90,6 +91,10 @@ SSL_CTX_free) decrements it. When the reference count drops to zero, any memory
 or resources allocated to the B<SSL_CTX> object are freed. SSL_CTX_up_ref()
 increments the reference count for an existing B<SSL_CTX> structure.
+An B<SSL_CTX> object should not be changed after it is used to create any B<SSL>
+objects or from multiple threads concurrently, since the implementation does not
+provide serialization of access for these cases.
 =head1 NOTES
 The SSL_CTX object uses I<method> as the connection method.

More information about the openssl-commits mailing list