diff options
Diffstat (limited to 'deps/openssl/openssl/doc/crypto/PKCS7_sign.pod')
| -rw-r--r-- | deps/openssl/openssl/doc/crypto/PKCS7_sign.pod | 28 |
1 files changed, 18 insertions, 10 deletions
diff --git a/deps/openssl/openssl/doc/crypto/PKCS7_sign.pod b/deps/openssl/openssl/doc/crypto/PKCS7_sign.pod index 64a35144f8..f319f664b9 100644 --- a/deps/openssl/openssl/doc/crypto/PKCS7_sign.pod +++ b/deps/openssl/openssl/doc/crypto/PKCS7_sign.pod @@ -13,9 +13,9 @@ PKCS7_sign - create a PKCS#7 signedData structure =head1 DESCRIPTION PKCS7_sign() creates and returns a PKCS#7 signedData structure. B<signcert> is -the certificate to sign with, B<pkey> is the corresponsding private key. +the certificate to sign with, B<pkey> is the corresponding private key. B<certs> is an optional additional set of certificates to include in the PKCS#7 -structure (for example any intermediate CAs in the chain). +structure (for example any intermediate CAs in the chain). The data to be signed is read from BIO B<data>. @@ -46,7 +46,7 @@ required by the S/MIME specifications) if B<PKCS7_BINARY> is set no translation occurs. This option should be used if the supplied data is in binary format otherwise the translation will corrupt it. -The signedData structure includes several PKCS#7 autenticatedAttributes +The signedData structure includes several PKCS#7 authenticatedAttributes including the signing time, the PKCS#7 content type and the supported list of ciphers in an SMIMECapabilities attribute. If B<PKCS7_NOATTR> is set then no authenticatedAttributes will be used. If B<PKCS7_NOSMIMECAP> is set then just @@ -80,13 +80,13 @@ BIO_new_PKCS7(). If a signer is specified it will use the default digest for the signing algorithm. This is B<SHA1> for both RSA and DSA keys. -In OpenSSL 1.0.0 the B<certs>, B<signcert> and B<pkey> parameters can all be +The B<certs>, B<signcert> and B<pkey> parameters can all be B<NULL> if the B<PKCS7_PARTIAL> flag is set. One or more signers can be added -using the function B<PKCS7_sign_add_signer()>. B<PKCS7_final()> must also be +using the function PKCS7_sign_add_signer(). PKCS7_final() must also be called to finalize the structure if streaming is not enabled. Alternative signing digests can also be specified using this method. -In OpenSSL 1.0.0 if B<signcert> and B<pkey> are NULL then a certificates only +If B<signcert> and B<pkey> are NULL then a certificates only PKCS#7 structure is output. In versions of OpenSSL before 1.0.0 the B<signcert> and B<pkey> parameters must @@ -103,14 +103,22 @@ occurred. The error can be obtained from ERR_get_error(3). =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_verify(3)|PKCS7_verify(3)> +L<ERR_get_error(3)>, L<PKCS7_verify(3)> =head1 HISTORY -PKCS7_sign() was added to OpenSSL 0.9.5 - -The B<PKCS7_PARTIAL> flag was added in OpenSSL 1.0.0 +The B<PKCS7_PARTIAL> flag, and the ability for B<certs>, B<signcert>, +and B<pkey> parameters to be B<NULL> to be was added in OpenSSL 1.0.0 The B<PKCS7_STREAM> flag was added in OpenSSL 1.0.0 +=head1 COPYRIGHT + +Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L<https://www.openssl.org/source/license.html>. + =cut |