Salut, Le 17/06/2015 16:39, David Prévot a écrit : > Peux-tu fournir le bon fichier PO s’il te plaît ? Merci pour la réponse rapide, je viens d’envoyer [1] ta mise à jour. > Il y aura une dizaine de nouvelles chaînes à mettre à jour (cf. la > branche tmp/openssl dans le dépôt) Voilà la dernière version, par avance merci. Amicalement David
# French translations for the openssl package # Copyright (C) 2008, 2012-2015 Debian French l10n team <debian-l10n-french@lists.debian.org>. # This file is distributed under the same license as the openssl package. # # Nicolas François <nicolas.francois@centraliens.net>, 2008. # David Prévot <david@tilapin.org>, 2012-2015. # Jean-Paul Guillonneau <guillonneau.jeanpaul@free.fr>, 2014. msgid "" msgstr "" "Project-Id-Version: openssl\n" "POT-Creation-Date: 2015-06-13 15:23-0400\n" "PO-Revision-Date: 2015-05-15 06:35+0200\n" "Last-Translator: Jean-Paul Guillonneau <guillonneau.jeanpaul@free.fr>\n" "Language-Team: French <debian-l10n-french@lists.debian.org>\n" "Language: fr\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n > 1);\n" "X-Generator: Lokalize 1.5\n" #. type: =head1 #: C/ssl/SSL_CTX_set1_curves.pod:3 C/ssl/SSL_CTX_set1_verify_cert_store.pod:3 #: C/ssl/SSL_CTX_set_cert_cb.pod:3 C/ssl/SSL_CTX_set_cert_store.pod:3 #: C/ssl/SSL_CTX_set_cert_verify_callback.pod:3 #: C/ssl/SSL_CTX_set_cipher_list.pod:3 C/ssl/SSL_CTX_set_client_CA_list.pod:3 #: C/ssl/SSL_CTX_set_client_cert_cb.pod:3 #: C/ssl/SSL_CTX_set_custom_cli_ext.pod:3 #: C/ssl/SSL_CTX_set_default_passwd_cb.pod:3 #: C/ssl/SSL_CTX_set_generate_session_id.pod:3 #: C/ssl/SSL_CTX_set_info_callback.pod:3 C/ssl/SSL_CTX_set_max_cert_list.pod:3 #: C/ssl/SSL_CTX_set_mode.pod:3 C/ssl/SSL_CTX_set_msg_callback.pod:3 #: C/ssl/SSL_CTX_set_options.pod:3 #: C/ssl/SSL_CTX_set_psk_client_callback.pod:32 #: C/ssl/SSL_CTX_set_quiet_shutdown.pod:3 C/ssl/SSL_CTX_set_read_ahead.pod:3 #: C/ssl/SSL_CTX_set_session_cache_mode.pod:3 #: C/ssl/SSL_CTX_set_session_id_context.pod:3 #: C/ssl/SSL_CTX_set_ssl_version.pod:3 C/ssl/SSL_CTX_set_timeout.pod:3 #: C/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod:3 #: C/ssl/SSL_CTX_set_tmp_dh_callback.pod:3 #: C/ssl/SSL_CTX_set_tmp_rsa_callback.pod:3 C/ssl/SSL_CTX_set_verify.pod:3 msgid "NAME" msgstr "NOM" #. type: textblock #: C/ssl/SSL_CTX_set1_curves.pod:5 msgid "" "SSL_CTX_set1_curves, SSL_CTX_set1_curves_list, SSL_set1_curves, " "SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve, " "SSL_CTX_set_ecdh_auto, SSL_set_ecdh_auto - EC supported curve functions" msgstr "" "SSL_CTX_set1_curves, SSL_CTX_set1_curves_list, SSL_set1_curves, " "SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve, " "SSL_CTX_set_ecdh_auto, SSL_set_ecdh_auto - Fonctions de courbes elliptiques " "prises en charge" #. type: =head1 #: C/ssl/SSL_CTX_set1_curves.pod:9 C/ssl/SSL_CTX_set1_verify_cert_store.pod:11 #: C/ssl/SSL_CTX_set_cert_cb.pod:7 C/ssl/SSL_CTX_set_cert_store.pod:7 #: C/ssl/SSL_CTX_set_cert_verify_callback.pod:7 #: C/ssl/SSL_CTX_set_cipher_list.pod:7 C/ssl/SSL_CTX_set_client_CA_list.pod:9 #: C/ssl/SSL_CTX_set_client_cert_cb.pod:7 #: C/ssl/SSL_CTX_set_custom_cli_ext.pod:7 #: C/ssl/SSL_CTX_set_default_passwd_cb.pod:7 #: C/ssl/SSL_CTX_set_generate_session_id.pod:7 #: C/ssl/SSL_CTX_set_info_callback.pod:7 C/ssl/SSL_CTX_set_max_cert_list.pod:7 #: C/ssl/SSL_CTX_set_mode.pod:7 C/ssl/SSL_CTX_set_msg_callback.pod:7 #: C/ssl/SSL_CTX_set_options.pod:7 #: C/ssl/SSL_CTX_set_psk_client_callback.pod:36 #: C/ssl/SSL_CTX_set_quiet_shutdown.pod:7 C/ssl/SSL_CTX_set_read_ahead.pod:9 #: C/ssl/SSL_CTX_set_session_cache_mode.pod:7 #: C/ssl/SSL_CTX_set_session_id_context.pod:7 #: C/ssl/SSL_CTX_set_ssl_version.pod:8 C/ssl/SSL_CTX_set_timeout.pod:7 #: C/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod:7 #: C/ssl/SSL_CTX_set_tmp_dh_callback.pod:7 #: C/ssl/SSL_CTX_set_tmp_rsa_callback.pod:7 C/ssl/SSL_CTX_set_verify.pod:7 msgid "SYNOPSIS" msgstr "SYNOPSIS" #. type: verbatim #: C/ssl/SSL_CTX_set1_curves.pod:11 #: C/ssl/SSL_CTX_set1_verify_cert_store.pod:13 C/ssl/SSL_CTX_set_cert_cb.pod:9 #: C/ssl/SSL_CTX_set_cert_store.pod:9 #: C/ssl/SSL_CTX_set_cert_verify_callback.pod:9 #: C/ssl/SSL_CTX_set_cipher_list.pod:9 C/ssl/SSL_CTX_set_client_cert_cb.pod:9 #: C/ssl/SSL_CTX_set_custom_cli_ext.pod:9 #: C/ssl/SSL_CTX_set_default_passwd_cb.pod:9 #: C/ssl/SSL_CTX_set_generate_session_id.pod:9 #: C/ssl/SSL_CTX_set_info_callback.pod:9 C/ssl/SSL_CTX_set_max_cert_list.pod:9 #: C/ssl/SSL_CTX_set_mode.pod:9 C/ssl/SSL_CTX_set_msg_callback.pod:9 #: C/ssl/SSL_CTX_set_options.pod:9 #: C/ssl/SSL_CTX_set_psk_client_callback.pod:38 #: C/ssl/SSL_CTX_set_quiet_shutdown.pod:9 C/ssl/SSL_CTX_set_read_ahead.pod:11 #: C/ssl/SSL_CTX_set_session_cache_mode.pod:9 #: C/ssl/SSL_CTX_set_session_id_context.pod:9 #: C/ssl/SSL_CTX_set_ssl_version.pod:10 C/ssl/SSL_CTX_set_timeout.pod:9 #: C/ssl/SSL_CTX_set_tmp_dh_callback.pod:9 #: C/ssl/SSL_CTX_set_tmp_rsa_callback.pod:9 C/ssl/SSL_CTX_set_verify.pod:9 #, no-wrap msgid "" " #include <openssl/ssl.h>\n" "\n" msgstr "" "B< #include E<lt>openssl/ssl.hE<gt>>\n" "\n" #. type: verbatim #: C/ssl/SSL_CTX_set1_curves.pod:13 #, no-wrap msgid "" " int SSL_CTX_set1_curves(SSL_CTX *ctx, int *clist, int clistlen);\n" " int SSL_CTX_set1_curves_list(SSL_CTX *ctx, char *list);\n" "\n" msgstr "" "B< int SSL_CTX_set1_curves(SSL_CTX *>I<ctx>B<, int *>I<clist>B<, int> I<clistlen>B<);>\n" " B<int SSL_CTX_set1_curves_list(SSL_CTX *>I<ctx>B<, char *>I<list>B<);>\n" "\n" #. type: verbatim #: C/ssl/SSL_CTX_set1_curves.pod:16 #, no-wrap msgid "" " int SSL_set1_curves(SSL *ssl, int *clist, int clistlen);\n" " int SSL_set1_curves_list(SSL *ssl, char *list);\n" "\n" msgstr "" "B< int SSL_CTX_set1_curves(SSL *>I<ssl>B<, int *>I<clist>B<, int> I<clistlen>B<);>\n" " B<int SSL_CTX_set1_curves_list(SSL *>I<ssl>B<, char *>I<list>B<);>\n" "\n" #. type: verbatim #: C/ssl/SSL_CTX_set1_curves.pod:19 #, no-wrap msgid "" " int SSL_get1_curves(SSL *ssl, int *curves);\n" " int SSL_get_shared_curve(SSL *s, int n);\n" "\n" msgstr "" "B< int SSL_get1_curves(SSL *>I<ssl>B<, int *>I<curves>B<);>\n" " B<int SSL_get_shared_curve(SSL *s, int> I<n>B<);>\n" "\n" #. type: verbatim #: C/ssl/SSL_CTX_set1_curves.pod:22 #, no-wrap msgid "" " int SSL_CTX_set_ecdh_auto(SSL_CTX *ctx, int onoff);\n" " int SSL_set_ecdh_auto(SSL *s, int onoff);\n" "\n" msgstr "" "B< int SSL_CTX_set_ecdh_auto(SSL_CTX *>I<ctx>B<, int> I<onoff>B<);>\n" " B<int SSL_set_ecdh_auto(SSL *s, int> I<onoff>B<);>\n" "\n" #. type: =head1 #: C/ssl/SSL_CTX_set1_curves.pod:25 #: C/ssl/SSL_CTX_set1_verify_cert_store.pod:25 #: C/ssl/SSL_CTX_set_cert_cb.pod:16 C/ssl/SSL_CTX_set_cert_store.pod:14 #: C/ssl/SSL_CTX_set_cert_verify_callback.pod:13 #: C/ssl/SSL_CTX_set_cipher_list.pod:14 #: C/ssl/SSL_CTX_set_client_CA_list.pod:18 #: C/ssl/SSL_CTX_set_client_cert_cb.pod:15 #: C/ssl/SSL_CTX_set_custom_cli_ext.pod:40 #: C/ssl/SSL_CTX_set_default_passwd_cb.pod:16 #: C/ssl/SSL_CTX_set_generate_session_id.pod:19 #: C/ssl/SSL_CTX_set_info_callback.pod:17 #: C/ssl/SSL_CTX_set_max_cert_list.pod:17 C/ssl/SSL_CTX_set_mode.pod:17 #: C/ssl/SSL_CTX_set_msg_callback.pod:17 C/ssl/SSL_CTX_set_options.pod:22 #: C/ssl/SSL_CTX_set_psk_client_callback.pod:50 #: C/ssl/SSL_CTX_set_quiet_shutdown.pod:17 C/ssl/SSL_CTX_set_read_ahead.pod:21 #: C/ssl/SSL_CTX_set_session_cache_mode.pod:14 #: C/ssl/SSL_CTX_set_session_id_context.pod:16 #: C/ssl/SSL_CTX_set_ssl_version.pod:16 C/ssl/SSL_CTX_set_timeout.pod:14 #: C/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod:16 #: C/ssl/SSL_CTX_set_tmp_dh_callback.pod:19 #: C/ssl/SSL_CTX_set_tmp_rsa_callback.pod:23 C/ssl/SSL_CTX_set_verify.pod:20 msgid "DESCRIPTION" msgstr "DESCRIPTION" #. type: textblock #: C/ssl/SSL_CTX_set1_curves.pod:27 msgid "" "SSL_CTX_set1_curves() sets the supported curves for B<ctx> to B<clistlen> " "curves in the array B<clist>. The array consist of all NIDs of curves in " "preference order. For a TLS client the curves are used directly in the " "supported curves extension. For a TLS server the curves are used to " "determine the set of shared curves." msgstr "" "B<SSL_CTX_set1_curves>() définit les courbes elliptiques prises en charge " "pour I<ctx> à I<clistlen> courbes dans le tableau I<clist>. Le tableau est " "constitué de tous les identifiants de courbe dans lâ??ordre de préférence. " "Pour un client TLS, les courbes sont utilisées directement dans lâ??extension " "prise en charge. Pour un serveur TLS, les courbes sont utilisées pour " "déterminer lâ??ensemble des courbes partagées." #. type: textblock #: C/ssl/SSL_CTX_set1_curves.pod:33 msgid "" "SSL_CTX_set1_curves_list() sets the supported curves for B<ctx> to string " "B<list>. The string is a colon separated list of curve NIDs or names, for " "example \"P-521:P-384:P-256\"." msgstr "" "B<SSL_CTX_set1_curves_list>() définit les courbes prises en charge pour " "I<ctx> dans la chaîne I<list>. La chaîne est constituée dâ??une liste de noms " "ou identifiants séparés par des deux points, par exemple « P-521:P-384:" "P-256 »." #. type: textblock #: C/ssl/SSL_CTX_set1_curves.pod:37 msgid "" "SSL_set1_curves() and SSL_set1_curves_list() are similar except they set " "supported curves for the SSL structure B<ssl>." msgstr "" "B<SSL_set1_curves>() et B<SSL_set1_curves_list>() sont similaires aux " "précédentes sauf quâ??elles définissent les courbes prises en charge pour les " "structures SSL I<ssl>." #. type: textblock #: C/ssl/SSL_CTX_set1_curves.pod:40 msgid "" "SSL_get1_curves() returns the set of supported curves sent by a client in " "the supported curves extension. It returns the total number of supported " "curves. The B<curves> parameter can be B<NULL> to simply return the number " "of curves for memory allocation purposes. The B<curves> array is in the form " "of a set of curve NIDs in preference order. It can return zero if the client " "did not send a supported curves extension." msgstr "" "B<SSL_get1_curves>() renvoie lâ??ensemble des courbes prises en charge par un " "client dans lâ??extension des courbes prises en charge. Elle renvoie le nombre " "total de courbes prises en charge. Le paramètre I<curves> peut être NULL " "pour simplement renvoyer le nombre de courbes dans le but dâ??allouer de la " "mémoire. Le tableau I<curves> est sous la forme dâ??un ensemble dâ??identifiants " "de courbe dans un ordre préférentiel. Elle peut renvoyer B<0> si le client " "ne renvoie pas dâ??extension de courbes prises en charge." #. type: textblock #: C/ssl/SSL_CTX_set1_curves.pod:48 msgid "" "SSL_get_shared_curve() returns shared curve B<n> for a server-side SSL " "B<ssl>. If B<n> is -1 then the total number of shared curves is returned, " "which may be zero. Other than for diagnostic purposes, most applications " "will only be interested in the first shared curve so B<n> is normally set to " "zero. If the value B<n> is out of range, NID_undef is returned." msgstr "" "B<SSL_get_shared_curve>() renvoie I<n> courbes partagées pour un SSL du côté " "serveur I<ssl>. Si I<n> est égal à B<-1>, alors le nombre total de courbes " "partagées est renvoyé, et peut valoir zéro. Autrement que pour des buts de " "diagnostic, la plupart des applications ne seront intéressées que par la " "première courbe partagée, aussi I<n> est normalement réglé à zéro. Si la " "valeur de I<n> est hors limites, NID_undef est renvoyé." #. type: textblock #: C/ssl/SSL_CTX_set1_curves.pod:55 msgid "" "SSL_CTX_set_ecdh_auto() and SSL_set_ecdh_auto() set automatic curve " "selection for server B<ctx> or B<ssl> to B<onoff>. If B<onoff> is 1 then the " "highest preference curve is automatically used for ECDH temporary keys used " "during key exchange." msgstr "" "B<SSL_CTX_set_ecdh_auto>() et B<SSL_set_ecdh_auto>() règlent la sélection " "automatique de courbes pour le serveur I<ctx> ou I<ssl> à I<onoff>. Si " "I<onoff> vaut B<1>, alors la courbe de plus haute préférence est " "automatiquement employée pour les clefs temporaires ECDH utilisées durant " "lâ??échange de clefs." #. type: textblock #: C/ssl/SSL_CTX_set1_curves.pod:60 msgid "All these functions are implemented as macros." msgstr "Toutes ces fonctions sont implémentées en utilisant des macros." #. type: =head1 #: C/ssl/SSL_CTX_set1_curves.pod:62 #: C/ssl/SSL_CTX_set1_verify_cert_store.pod:43 #: C/ssl/SSL_CTX_set_cert_cb.pod:36 C/ssl/SSL_CTX_set_cert_store.pod:23 #: C/ssl/SSL_CTX_set_cert_verify_callback.pod:19 #: C/ssl/SSL_CTX_set_cipher_list.pod:23 #: C/ssl/SSL_CTX_set_client_CA_list.pod:35 #: C/ssl/SSL_CTX_set_client_cert_cb.pod:38 #: C/ssl/SSL_CTX_set_custom_cli_ext.pod:103 #: C/ssl/SSL_CTX_set_default_passwd_cb.pod:32 #: C/ssl/SSL_CTX_set_generate_session_id.pod:31 #: C/ssl/SSL_CTX_set_info_callback.pod:36 #: C/ssl/SSL_CTX_set_max_cert_list.pod:32 C/ssl/SSL_CTX_set_mode.pod:29 #: C/ssl/SSL_CTX_set_msg_callback.pod:74 C/ssl/SSL_CTX_set_options.pod:44 #: C/ssl/SSL_CTX_set_psk_client_callback.pod:67 #: C/ssl/SSL_CTX_set_quiet_shutdown.pod:33 C/ssl/SSL_CTX_set_read_ahead.pod:37 #: C/ssl/SSL_CTX_set_session_cache_mode.pod:21 #: C/ssl/SSL_CTX_set_session_id_context.pod:24 #: C/ssl/SSL_CTX_set_ssl_version.pod:29 C/ssl/SSL_CTX_set_timeout.pod:21 #: C/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod:107 #: C/ssl/SSL_CTX_set_tmp_dh_callback.pod:34 #: C/ssl/SSL_CTX_set_tmp_rsa_callback.pod:48 C/ssl/SSL_CTX_set_verify.pod:40 msgid "NOTES" msgstr "NOTES" #. type: textblock #: C/ssl/SSL_CTX_set1_curves.pod:64 msgid "" "If an application wishes to make use of several of these functions for " "configuration purposes either on a command line or in a file it should " "consider using the SSL_CONF interface instead of manually parsing options." msgstr "" "Si une application désire utiliser plusieurs de ces fonctions pour des " "besoins de configuration, soit en ligne de commande ou avec un fichier, " "lâ??utilisation de lâ??interface SSL_CONF est à préférer à lâ??analyse manuelle " "des options." #. type: textblock #: C/ssl/SSL_CTX_set1_curves.pod:68 msgid "" "The functions SSL_CTX_set_ecdh_auto() and SSL_set_ecdh_auto() can be used to " "make a server always choose the most appropriate curve for a client. If set " "it will override any temporary ECDH parameters set by a server. Previous " "versions of OpenSSL could effectively only use a single ECDH curve set using " "a function such as SSL_CTX_set_ecdh_tmp(). Newer applications should just " "call:" msgstr "" "Les fonctions B<SSL_CTX_set_ecdh_auto>() et B<SSL_set_ecdh_auto>() peuvent " "être utilisées pour quâ??un serveur choisisse toujours la courbe la plus " "appropriée pour un client. Dans ce cas, les paramètres temporaires ECDH " "définis par le serveur seront outrepassés. Les versions précédentes " "dâ??OpenSSL pouvaient effectivement seulement utiliser une seule courbe ECDH " "définie en employant une fonction telle que B<SSL_CTX_set_ecdh_tmp>(). Les " "nouvelles applications doivent juste appeler :" #. type: verbatim #: C/ssl/SSL_CTX_set1_curves.pod:75 #, no-wrap msgid "" " SSL_CTX_set_ecdh_auto(ctx, 1);\n" "\n" msgstr "" " SSL_CTX_set_ecdh_auto(ctx, 1);\n" "\n" #. type: textblock #: C/ssl/SSL_CTX_set1_curves.pod:77 msgid "" "and they will automatically support ECDH using the most appropriate shared " "curve." msgstr "" "et elles prendront en charge ECDH automatiquement en utilisant la courbe " "partagée la plus adéquate." #. type: =head1 #: C/ssl/SSL_CTX_set1_curves.pod:80 #: C/ssl/SSL_CTX_set1_verify_cert_store.pod:69 #: C/ssl/SSL_CTX_set_cert_store.pod:52 #: C/ssl/SSL_CTX_set_cert_verify_callback.pod:57 #: C/ssl/SSL_CTX_set_cipher_list.pod:61 #: C/ssl/SSL_CTX_set_client_CA_list.pod:59 #: C/ssl/SSL_CTX_set_custom_cli_ext.pod:122 #: C/ssl/SSL_CTX_set_default_passwd_cb.pod:52 #: C/ssl/SSL_CTX_set_generate_session_id.pod:132 #: C/ssl/SSL_CTX_set_info_callback.pod:101 #: C/ssl/SSL_CTX_set_max_cert_list.pod:60 C/ssl/SSL_CTX_set_mode.pod:86 #: C/ssl/SSL_CTX_set_options.pod:303 #: C/ssl/SSL_CTX_set_psk_client_callback.pod:71 #: C/ssl/SSL_CTX_set_quiet_shutdown.pod:49 C/ssl/SSL_CTX_set_read_ahead.pod:42 #: C/ssl/SSL_CTX_set_session_cache_mode.pod:113 #: C/ssl/SSL_CTX_set_session_id_context.pod:60 #: C/ssl/SSL_CTX_set_ssl_version.pod:38 C/ssl/SSL_CTX_set_timeout.pod:45 #: C/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod:178 #: C/ssl/SSL_CTX_set_tmp_dh_callback.pod:134 #: C/ssl/SSL_CTX_set_tmp_rsa_callback.pod:141 C/ssl/SSL_CTX_set_verify.pod:161 msgid "RETURN VALUES" msgstr "VALEURS DE RETOUR" #. type: textblock #: C/ssl/SSL_CTX_set1_curves.pod:82 msgid "" "SSL_CTX_set1_curves(), SSL_CTX_set1_curves_list(), SSL_set1_curves(), " "SSL_set1_curves_list(), SSL_CTX_set_ecdh_auto() and SSL_set_ecdh_auto() " "return 1 for success and 0 for failure." msgstr "" "B<SSL_CTX_set1_curves>(), B<SSL_CTX_set1_curves_list>(), " "B<SSL_set1_curves>(), B<SSL_set1_curves_list>(), B<SSL_CTX_set_ecdh_auto>() " "et B<SSL_set_ecdh_auto>() renvoient B<1> en cas de réussite et B<0> lors " "dâ??un échec." #. type: textblock #: C/ssl/SSL_CTX_set1_curves.pod:86 msgid "SSL_get1_curves() returns the number of curves, which may be zero." msgstr "B<SSL_get1_curves>() renvoie le nombre de courbes, pouvant être zéro." #. type: textblock #: C/ssl/SSL_CTX_set1_curves.pod:88 msgid "" "SSL_get_shared_curve() returns the NID of shared curve B<n> or NID_undef if " "there is no shared curve B<n>; or the total number of shared curves if B<n> " "is -1." msgstr "" "B<SSL_get_shared_curve>() renvoie lâ??identifiant de la courbe partagée I<n> " "ou NID_undef sâ??il nâ??existe pas de courbe partagée I<n>; ou le nombre total " "de courbes partagées si I<n> vaut B<-1>." #. type: textblock #: C/ssl/SSL_CTX_set1_curves.pod:92 msgid "" "When called on a client B<ssl>, SSL_get_shared_curve() has no meaning and " "returns -1." msgstr "" "Lorsquâ??appelée sur un client I<ssl>, B<SSL_get_shared_curve>() ne signifie " "rien et renvoie B<-1>." #. type: =head1 #: C/ssl/SSL_CTX_set1_curves.pod:95 #: C/ssl/SSL_CTX_set1_verify_cert_store.pod:73 #: C/ssl/SSL_CTX_set_cert_cb.pod:61 C/ssl/SSL_CTX_set_cert_store.pod:58 #: C/ssl/SSL_CTX_set_cert_verify_callback.pod:61 #: C/ssl/SSL_CTX_set_cipher_list.pod:66 #: C/ssl/SSL_CTX_set_client_CA_list.pod:87 #: C/ssl/SSL_CTX_set_client_cert_cb.pod:87 #: C/ssl/SSL_CTX_set_default_passwd_cb.pod:71 #: C/ssl/SSL_CTX_set_generate_session_id.pod:140 #: C/ssl/SSL_CTX_set_info_callback.pod:148 #: C/ssl/SSL_CTX_set_max_cert_list.pod:68 C/ssl/SSL_CTX_set_mode.pod:93 #: C/ssl/SSL_CTX_set_msg_callback.pod:90 C/ssl/SSL_CTX_set_options.pod:316 #: C/ssl/SSL_CTX_set_quiet_shutdown.pod:57 C/ssl/SSL_CTX_set_read_ahead.pod:47 #: C/ssl/SSL_CTX_set_session_cache_mode.pod:120 #: C/ssl/SSL_CTX_set_session_id_context.pod:79 #: C/ssl/SSL_CTX_set_ssl_version.pod:55 C/ssl/SSL_CTX_set_timeout.pod:51 #: C/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod:182 #: C/ssl/SSL_CTX_set_tmp_dh_callback.pod:142 #: C/ssl/SSL_CTX_set_tmp_rsa_callback.pod:152 C/ssl/SSL_CTX_set_verify.pod:283 msgid "SEE ALSO" msgstr "VOIR AUSSI" #. type: textblock #: C/ssl/SSL_CTX_set1_curves.pod:97 msgid "L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>" msgstr "L<B<SSL_CTX_add_extra_chain_cert>(3)|SSL_CTX_add_extra_chain_cert(3)>" #. type: =head1 #: C/ssl/SSL_CTX_set1_curves.pod:99 #: C/ssl/SSL_CTX_set1_verify_cert_store.pod:87 #: C/ssl/SSL_CTX_set_cert_verify_callback.pod:67 #: C/ssl/SSL_CTX_set_generate_session_id.pod:144 #: C/ssl/SSL_CTX_set_max_cert_list.pod:73 C/ssl/SSL_CTX_set_mode.pod:97 #: C/ssl/SSL_CTX_set_msg_callback.pod:94 C/ssl/SSL_CTX_set_options.pod:323 #: C/ssl/SSL_CTX_set_session_cache_mode.pod:132 #: C/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod:191 msgid "HISTORY" msgstr "HISTORIQUE" #. type: textblock #: C/ssl/SSL_CTX_set1_curves.pod:101 #: C/ssl/SSL_CTX_set1_verify_cert_store.pod:89 msgid "These functions were first added to OpenSSL 1.0.2." msgstr "Ces fonctions ont été introduites dans OpenSSL 1.0.2" #. type: textblock #: C/ssl/SSL_CTX_set1_verify_cert_store.pod:5 msgid "" "SSL_CTX_set0_verify_cert_store, SSL_CTX_set1_verify_cert_store, " "SSL_CTX_set0_chain_cert_store, SSL_CTX_set1_chain_cert_store, " "SSL_set0_verify_cert_store, SSL_set1_verify_cert_store, " "SSL_set0_chain_cert_store, SSL_set1_chain_cert_store - set certificate " "verification or chain store" msgstr "" "SSL_CTX_set0_verify_cert_store, SSL_CTX_set1_verify_cert_store, " "SSL_CTX_set0_chain_cert_store, SSL_CTX_set1_chain_cert_store, " "SSL_set0_verify_cert_store, SSL_set1_verify_cert_store, " "SSL_set0_chain_cert_store, SSL_set1_chain_cert_store - Définir le stockage " "des vérifications de chaîne ou certificat" #. type: verbatim #: C/ssl/SSL_CTX_set1_verify_cert_store.pod:15 #, no-wrap msgid "" " int SSL_CTX_set0_verify_cert_store(SSL_CTX *ctx, X509_STORE *st);\n" " int SSL_CTX_set1_verify_cert_store(SSL_CTX *ctx, X509_STORE *st);\n" " int SSL_CTX_set0_chain_cert_store(SSL_CTX *ctx, X509_STORE *st);\n" " int SSL_CTX_set1_chain_cert_store(SSL_CTX *ctx, X509_STORE *st);\n" "\n" msgstr "" "B< int SSL_CTX_set0_verify_cert_store(SSL_CTX *>I<ctx>B<, X509_STORE *>I<st>B<);>\n" " B<int SSL_CTX_set1_verify_cert_store(SSL_CTX *>I<ctx>B<, X509_STORE *>I<st>B<);>\n" " B<int SSL_CTX_set0_chain_cert_store(SSL_CTX *>I<ctx>B<, X509_STORE *>I<st>B<);>\n" " B<int SSL_CTX_set1_chain_cert_store(SSL_CTX *>I<ctx>B<, X509_STORE *>I<st>B<);>\n" "\n" #. type: verbatim #: C/ssl/SSL_CTX_set1_verify_cert_store.pod:20 #, no-wrap msgid "" " int SSL_set0_verify_cert_store(SSL_CTX *ctx, X509_STORE *st);\n" " int SSL_set1_verify_cert_store(SSL_CTX *ctx, X509_STORE *st);\n" " int SSL_set0_chain_cert_store(SSL_CTX *ctx, X509_STORE *st);\n" " int SSL_set1_chain_cert_store(SSL_CTX *ctx, X509_STORE *st);\n" "\n" msgstr "" "B< int SSL_set0_verify_cert_store(SSL_CTX *>I<ctx>B<, X509_STORE *>I<st>B<);>\n" " B<int SSL_set1_verify_cert_store(SSL_CTX *>I<ctx>B<, X509_STORE *>I<st>B<);>\n" " B<int SSL_set0_chain_cert_store(SSL_CTX *>I<ctx>B<, X509_STORE *>I<st>B<);>\n" " B<int SSL_set1_chain_cert_store(SSL_CTX *>I<ctx>B<, X509_STORE *>I<st>B<);>\n" "\n" #. type: textblock #: C/ssl/SSL_CTX_set1_verify_cert_store.pod:27 msgid "" "SSL_CTX_set0_verify_cert_store() and SSL_CTX_set1_verify_cert_store() set " "the certificate store used for certificate verification to B<st>." msgstr "" "B<SSL_CTX_set0_verify_cert_store>() et B<SSL_CTX_set1_verify_cert_store>() " "définissent le stockage de certificats utilisé pour leur vérification à " "I<st>." #. type: textblock #: C/ssl/SSL_CTX_set1_verify_cert_store.pod:30 msgid "" "SSL_CTX_set0_chain_cert_store() and SSL_CTX_set1_chain_cert_store() set the " "certificate store used for certificate chain building to B<st>." msgstr "" "B<SSL_CTX_set0_chain_cert_store>() et B<SSL_CTX_set1_chain_cert_store>() " "définissent le stockage de certificats utilisé pour la construction de " "chaîne de certificats à I<st>." #. type: textblock #: C/ssl/SSL_CTX_set1_verify_cert_store.pod:33 msgid "" "SSL_set0_verify_cert_store(), SSL_set1_verify_cert_store(), " "SSL_set0_chain_cert_store() and SSL_set1_chain_cert_store() are similar " "except they apply to SSL structure B<ssl>." msgstr "" "B<SSL_set0_verify_cert_store>(), B<SSL_set1_verify_cert_store>(), " "B<SSL_set0_chain_cert_store>() et B<SSL_set1_chain_cert_store>() sont " "similaires sauf quâ??elles sâ??appliquent à une structure SSL I<ssl>." #. type: textblock #: C/ssl/SSL_CTX_set1_verify_cert_store.pod:37 msgid "" "All these functions are implemented as macros. Those containing a B<1> " "increment the reference count of the supplied store so it must be freed at " "some point after the operation. Those containing a B<0> do not increment " "reference counts and the supplied store B<MUST NOT> be freed after the " "operation." msgstr "" "Toutes ces fonctions sont mises en Å?uvre avec des macros. Celles contenant " "un B<1> incrémentent le compteur de références du stockage fourni, afin que " "celui-ci soit libéré à un certain moment après lâ??opération. Celles contenant " "un B<0> nâ??incrémentent point le compteur et le stockage fourni B<ne doit " "pas> être libéré après lâ??opération." #. type: textblock #: C/ssl/SSL_CTX_set1_verify_cert_store.pod:45 msgid "" "The stores pointers associated with an SSL_CTX structure are copied to any " "SSL structures when SSL_new() is called. As a result SSL structures will not " "be affected if the parent SSL_CTX store pointer is set to a new value." msgstr "" "Les pointeurs de stockage associés avec une structure SSL_CTX sont copiés " "dans nâ??importe quelle structure SSL quand B<SSL_new>() est appelée. Par " "conséquent, les structures SSL ne seront pas affectées si le pointeur de " "stockage SSL_CTX parent est défini à une nouvelle valeur." #. type: textblock #: C/ssl/SSL_CTX_set1_verify_cert_store.pod:49 msgid "" "The verification store is used to verify the certificate chain sent by the " "peer: that is an SSL/TLS client will use the verification store to verify " "the server's certificate chain and a SSL/TLS server will use it to verify " "any client certificate chain." msgstr "" "Le stockage de vérification est utilisé pour vérifier la chaîne de " "certificats envoyée par le pair : câ??est-à -dire, un client SSL/TLS utilisera " "le stockage de vérification pour vérifier la chaîne de certificats du " "serveur et un serveur SSL/TLS lâ??utilisera pour vérifier nâ??importe quelle " "chaîne de certificats de client." #. type: textblock #: C/ssl/SSL_CTX_set1_verify_cert_store.pod:54 msgid "The chain store is used to build the certificate chain." msgstr "" "Le stockage de chaînes est utilisé pour construire la chaîne de certificats." #. type: textblock #: C/ssl/SSL_CTX_set1_verify_cert_store.pod:56 msgid "" "If the mode B<SSL_MODE_NO_AUTO_CHAIN> is set or a certificate chain is " "configured already (for example using the functions such as " "L<SSL_CTX_add1_chain_cert(3)|SSL_CTX_add1_chain_cert(3)> or " "L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>) then " "automatic chain building is disabled." msgstr "" "Si le mode B<SSL_MODE_NO_AUTO_CHAIN> est utilisé ou une chaîne de " "certificats est déjà configurée (par exemple en utilisant des fonctions " "telles que L<B<SSL_CTX_add1_chain_cert>(3)|SSL_CTX_add1_chain_cert(3)> ou " "L<B<SSL_CTX_add_extra_chain_cert>(3)|SSL_CTX_add_extra_chain_cert(3)>), " "alors la construction automatique de chaîne est désactivée." #. type: textblock #: C/ssl/SSL_CTX_set1_verify_cert_store.pod:62 msgid "" "If the mode B<SSL_MODE_NO_AUTO_CHAIN> is set then automatic chain building " "is disabled." msgstr "" "Si le mode B<SSL_MODE_NO_AUTO_CHAIN> est utilisé, alors la construction " "automatique de chaîne est désactivée." #. type: textblock #: C/ssl/SSL_CTX_set1_verify_cert_store.pod:65 msgid "" "If the chain or the verification store is not set then the store associated " "with the parent SSL_CTX is used instead to retain compatibility with " "previous versions of OpenSSL." msgstr "" "Si le stockage de chaînes ou vérifications nâ??est défini, alors le stockage " "associé avec le SSL_CTX parent est utilisé pour conserver la compatibilité " "avec les précédentes versions dâ??OpenSSL." #. type: textblock #: C/ssl/SSL_CTX_set1_verify_cert_store.pod:71 msgid "All these functions return 1 for success and 0 for failure." msgstr "" "Toutes ces fonctions renvoient B<1> en cas de succès et B<0> lors dâ??un échec." #. type: textblock #: C/ssl/SSL_CTX_set1_verify_cert_store.pod:75 msgid "" "L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)> " "L<SSL_CTX_set0_chain(3)|SSL_CTX_set0_chain(3)> L<SSL_CTX_set1_chain(3)|" "SSL_CTX_set1_chain(3)> L<SSL_CTX_add0_chain_cert(3)|" "SSL_CTX_add0_chain_cert(3)> L<SSL_CTX_add1_chain_cert(3)|" "SSL_CTX_add1_chain_cert(3)> L<SSL_set0_chain(3)|SSL_set0_chain(3)> " "L<SSL_set1_chain(3)|SSL_set1_chain(3)> L<SSL_add0_chain_cert(3)|" "SSL_add0_chain_cert(3)> L<SSL_add1_chain_cert(3)|SSL_add1_chain_cert(3)> " "L<SSL_CTX_build_cert_chain(3)|SSL_CTX_build_cert_chain(3)> " "L<SSL_build_cert_chain(3)|SSL_build_cert_chain(3)>" msgstr "" "L<B<SSL_CTX_add_extra_chain_cert>(3)|SSL_CTX_add_extra_chain_cert(3)> " "L<B<SSL_CTX_set0_chain>(3)|SSL_CTX_set0_chain(3)> L<B<SSL_CTX_set1_chain>(3)|" "SSL_CTX_set1_chain(3)> L<B<SSL_CTX_add0_chain_cert>(3)|" "SSL_CTX_add0_chain_cert(3)> L<B<SSL_CTX_add1_chain_cert>(3)|" "SSL_CTX_add1_chain_cert(3)> L<B<SSL_set0_chain>(3)|SSL_set0_chain(3)> " "L<B<SSL_set1_chain>(3)|SSL_set1_chain(3)> L<B<SSL_add0_chain_cert>(3)|" "SSL_add0_chain_cert(3)> L<B<SSL_add1_chain_cert>(3)|SSL_add1_chain_cert(3)> " "L<B<SSL_CTX_build_cert_chain>(3)|SSL_CTX_build_cert_chain(3)> " "L<B<SSL_build_cert_chain>(3)|SSL_build_cert_chain(3)>" #. type: textblock #: C/ssl/SSL_CTX_set_cert_cb.pod:5 msgid "" "SSL_CTX_set_cert_cb, SSL_set_cert_cb - handle certificate callback function" msgstr "" "SSL_CTX_set_cert_cb, SSL_set_cert_cb - Gestion de la fonction de rappel de " "certificat client." #. type: verbatim #: C/ssl/SSL_CTX_set_cert_cb.pod:11 #, no-wrap msgid "" " void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cert_cb)(SSL *ssl, void *arg), void *arg);\n" " void SSL_set_cert_cb(SSL *s, int (*cert_cb)(SSL *ssl, void *arg), void *arg);\n" "\n" msgstr "" "B< void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*>I<cert_cb>B<)(SSL *>I<ssl>B<, void *>I<arg>B<), void *>I<arg>B<);>\n" " B<void SSL_set_cert_cb(SSL *s, int (*>I<cert_cb>B<)(SSL *>I<ssl>B<, void *>I<arg>B<), void *>I<arg>B<);>\n" "\n" #. type: verbatim #: C/ssl/SSL_CTX_set_cert_cb.pod:14 #, no-wrap msgid "" " int (*cert_cb)(SSL *ssl, void *arg);\n" "\n" msgstr "" "B< int (*>I<cert_cb>B<)(SSL *>I<ssl>B<, void *>I<arg>B<);>\n" "\n" #. type: textblock #: C/ssl/SSL_CTX_set_cert_cb.pod:18 msgid "" "SSL_CTX_set_cert_cb() and SSL_set_cert_cb() sets the B<cert_cb()> callback, " "B<arg> value is pointer which is passed to the application callback." msgstr "" "B<SSL_CTX_set_cert_cb>() et B<SSL_set_cert_cb>() définissent la fonction de " "rappel B<cert_cb()>, la valeur I<arg> est un pointeur qui est transmis à la " "fonction de rappel de lâ??application." #. type: textblock #: C/ssl/SSL_CTX_set_cert_cb.pod:21 msgid "When B<cert_cb()> is NULL, no callback function is used." msgstr "" "Lorsque B<cert_cb()> est NULL, aucune fonction de rappel nâ??est utilisée." #. type: textblock #: C/ssl/SSL_CTX_set_cert_cb.pod:23 msgid "" "cert_cb() is the application defined callback. It is called before a " "certificate will be used by a client or server. The callback can then " "inspect the passed B<ssl> structure and set or clear any appropriate " "certificates. If the callback is successful it B<MUST> return 1 even if no " "certificates have been set. A zero is returned on error which will abort the " "handshake with a fatal internal error alert. A negative return value will " "suspend the handshake and the handshake function will return immediately. " "L<SSL_get_error(3)|SSL_get_error(3)> will return SSL_ERROR_WANT_X509_LOOKUP " "to indicate, that the handshake was suspended. The next call to the " "handshake function will again lead to the call of cert_cb(). It is the job " "of the cert_cb() to store information about the state of the last call, if " "required to continue." msgstr "" "B<cert_cb()> est le rappel défini par lâ??application. Il est employé avant " "quâ??un certificat soit utilisé par un client ou un serveur. Le rappel peut " "alors inspecter la structure transmise I<ssl> et établir ou supprimer " "nâ??importe quel certificat. Si le rappel est réussi, il B<doit> renvoyer B<1> " "même si aucun certificat nâ??est établi. Un B<0> est renvoyé lors dâ??une erreur " "qui interrompt lâ??initiation de connexion avec une alerte dâ??erreur interne " "fatale. Le renvoi dâ??une valeur négative suspendra lâ??initiation de connexion " "et la fonction dâ??initiation s'arrêtera immédiatement. L<B<SSL_get_error>(3)|" "SSL_get_error(3)> renverra SSL_ERROR_WANT_X509_LOOKUP pour signaler que " "lâ??initiation est suspendue. Le prochain appel à la fonction dâ??initiation " "amènera de nouveau à lâ??appel de B<client_cert_cb>(). Câ??est au B<cert_cb>() " "dâ??emmagasiner lâ??information sur lâ??état du dernier appel, si une demande de " "continuation est faite." #. type: textblock #: C/ssl/SSL_CTX_set_cert_cb.pod:38 msgid "" "An application will typically call SSL_use_certificate() and " "SSL_use_PrivateKey() to set the end entity certificate and private key. It " "can add intermediate and optionally the root CA certificates using " "SSL_add1_chain_cert()." msgstr "" "Une application appellera habituellement B<SSL_use_certificate>() et " "B<SSL_use_PrivateKey>() pour définir les clef privée et certificat dâ??entité " "de fin. Elle peut facultativement ajouter en intermédiaire les certificats " "dâ??autorité racine en employant B<SSL_add1_chain_cert>()." #. type: textblock #: C/ssl/SSL_CTX_set_cert_cb.pod:43 msgid "" "It might also call SSL_certs_clear() to delete any certificates associated " "with the B<SSL> object." msgstr "" "Elle peut aussi appeler B<SSL_certs_clear>() pour supprimer nâ??importe quel " "certificat associé avec lâ??objet I<SSL>." #. type: textblock #: C/ssl/SSL_CTX_set_cert_cb.pod:46 msgid "" "The certificate callback functionality supercedes the (largely broken) " "functionality provided by the old client certificate callback interface. It " "is B<always> called even is a certificate is already set so the callback can " "modify or delete the existing certificate." msgstr "" "La fonction de rappel de certificat remplace la (défectueuse) fonction " "fournie par la vieille interface client de rappel de certificat. Elle est " "B<toujours> appelée même si un certificat est déjà défini, ainsi le rappel " "peut modifier ou supprimer les certificats existants." #. type: textblock #: C/ssl/SSL_CTX_set_cert_cb.pod:51 msgid "" "A more advanced callback might examine the handshake parameters and set " "whatever chain is appropriate. For example a legacy client supporting only " "TLS v1.0 might receive a certificate chain signed using SHA1 whereas a TLS " "v1.2 client which advertises support for SHA256 could receive a chain using " "SHA256." msgstr "" "Un rappel de plus haut niveau peut examiner les paramètres de lâ??initiation " "de connexion et définir toute chaîne appropriée. Par exemple, un ancien " "client ne prenant en charge que TLS v1.0 peut recevoir une chaîne de " "certificats signée avec SHA1, tandis quâ??un client TLS v1.2 déclarant la " "prise en charge de SHA256 peut recevoir une chaîne utilisant SHA256." #. type: textblock #: C/ssl/SSL_CTX_set_cert_cb.pod:57 msgid "" "Normal server sanity checks are performed on any certificates set by the " "callback. So if an EC chain is set for a curve the client does not support " "it will B<not> be used." msgstr "" "Des contrôles de validité pour le serveur sont réalisés sur tous les " "certificats définis par le rappel. Aussi, si une chaîne de courbe elliptique " "est définie pour une courbe que le client ne prend pas en charge, elle ne " "sera B<pas> utilisée." #. type: textblock #: C/ssl/SSL_CTX_set_cert_cb.pod:63 msgid "" "L<ssl(3)|ssl(3)>, L<SSL_use_certificate(3)|SSL_use_certificate(3)>, " "L<SSL_add1_chain_cert(3)|SSL_add1_chain_cert(3)>, " "L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>, L<SSL_clear(3)|" "SSL_clear(3)>, L<SSL_free(3)|SSL_free(3)>" msgstr "" "L<B<ssl>(3)|ssl(3)>, L<B<SSL_use_certificate>(3)|SSL_use_certificate(3)>, " "L<B<SSL_add1_chain_cert>(3)|SSL_add1_chain_cert(3)>, " "L<B<SSL_get_client_CA_list>(3)|SSL_get_client_CA_list(3)>, L<B<SSL_clear>(3)|" "SSL_clear(3)>, L<B<SSL_free>(3)|SSL_free(3)>" #. type: textblock #: C/ssl/SSL_CTX_set_cert_store.pod:5 msgid "" "SSL_CTX_set_cert_store, SSL_CTX_get_cert_store - manipulate X509 certificate " "verification storage" msgstr "" "SSL_CTX_set_cert_store, SSL_CTX_get_cert_store - Manipuler le stockage de " "vérification de certificats X509" #. type: verbatim #: C/ssl/SSL_CTX_set_cert_store.pod:11 #, no-wrap msgid "" " void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store);\n" " X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx);\n" "\n" msgstr "" "B< void SSL_CTX_set_cert_store(SSL_CTX *>I<ctx>B<, X509_STORE *>I<stockage>B<);>\n" " B<X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *>I<ctx>B<);>\n" "\n" #. type: textblock #: C/ssl/SSL_CTX_set_cert_store.pod:16 msgid "" "SSL_CTX_set_cert_store() sets/replaces the certificate verification storage " "of B<ctx> to/with B<store>. If another X509_STORE object is currently set in " "B<ctx>, it will be X509_STORE_free()ed." msgstr "" "B<SSL_CTX_set_cert_store>() définit et remplace le stockage de vérifications " "de certificat de I<ctx> en I<stockage>. Si un autre objet X509_STORE est " "actuellement défini dans I<ctx>, il sera libéré avec B<X509_STORE_free>()." #. type: textblock #: C/ssl/SSL_CTX_set_cert_store.pod:20 msgid "" "SSL_CTX_get_cert_store() returns a pointer to the current certificate " "verification storage." msgstr "" "B<SSL_CTX_set_cert_store>() renvoie un pointeur vers le stockage actuel de " "vérifications de certificat." #. type: textblock #: C/ssl/SSL_CTX_set_cert_store.pod:25 msgid "" "In order to verify the certificates presented by the peer, trusted CA " "certificates must be accessed. These CA certificates are made available via " "lookup methods, handled inside the X509_STORE. From the X509_STORE the " "X509_STORE_CTX used when verifying certificates is created." msgstr "" "Afin de vérifier les certificats présentés par le pair, il faut accéder aux " "certificats d'autorité de certification. Ces certificats d'autorité de " "certification sont rendus disponibles par des méthodes de recherche, " "traitées à l'intérieur de X509_STORE. Le X509_STORE_CTX utilisé lors de la " "vérification de certificats est créé à partir de X509_STORE." #. type: textblock #: C/ssl/SSL_CTX_set_cert_store.pod:30 msgid "" "Typically the trusted certificate store is handled indirectly via using " "L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>. Using " "the SSL_CTX_set_cert_store() and SSL_CTX_get_cert_store() functions it is " "possible to manipulate the X509_STORE object beyond the " "L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)> call." msgstr "" "L'emplacement de stockage des certificats de confiance est typiquement géré " "en utilisant L<B<SSL_CTX_load_verify_locations>(3)|" "SSL_CTX_load_verify_locations(3)>. L'utilisation des fonctions " "B<SSL_CTX_set_cert_store>() et B<SSL_CTX_get_cert_store>() est possible pour " "manipuler l'objet X509_STORE au delà de l'appel " "L<B<SSL_CTX_load_verify_locations>(3)|SSL_CTX_load_verify_locations(3)>." #. type: textblock #: C/ssl/SSL_CTX_set_cert_store.pod:37 msgid "" "Currently no detailed documentation on how to use the X509_STORE object is " "available. Not all members of the X509_STORE are used when the verification " "takes place. So will e.g. the verify_callback() be overridden with the " "verify_callback() set via the L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)> " "family of functions. This document must therefore be updated when " "documentation about the X509_STORE object and its handling becomes available." msgstr "" "Aucune documentation détaillée du mode d'utilisation de l'objet X509_STORE " "n'est pour l'instant disponible. Les éléments du X509_STORE ne sont pas tous " "utilisés au moment de la vérification. Ainsi, par exemple, la fonction " "B<verify_callback>() sera écrasée par la fonction B<verify_callback>() " "définie par la famille de fonctions L<B<SSL_CTX_set_verify>(3)|" "SSL_CTX_set_verify(3)>. Ce document devra par conséquent être mis à jour " "lorsque la documentation de l'objet X509_STORE et de son traitement sera " "disponible." #. type: =head1 #: C/ssl/SSL_CTX_set_cert_store.pod:45 msgid "RESTRICTIONS" msgstr "RESTRICTIONS" #. type: textblock #: C/ssl/SSL_CTX_set_cert_store.pod:47 msgid "" "The X509_STORE structure used by an SSL_CTX is used for verifying peer " "certificates and building certificate chains, it is also shared by every " "child SSL structure. Applications wanting finer control can use functions " "such as SSL_CTX_set1_verify_cert_store() instead." msgstr "" "La structure X509_STORE utilisée par un SSL_CTX est employée pour vérifier " "les certificats de pairs et construire la chaîne de certificats ; elle est " "aussi partagée par toute structure SSL enfant. Les applications désirant un " "contrôle plus fin peuvent plutôt utiliser des fonctions telles que " "B<SSL_CTX_set1_verify_cert_store>()." #. type: textblock #: C/ssl/SSL_CTX_set_cert_store.pod:54 msgid "SSL_CTX_set_cert_store() does not return diagnostic output." msgstr "B<SSL_CTX_set_cert_store>() ne renvoie pas de sortie de diagnostic." #. type: textblock #: C/ssl/SSL_CTX_set_cert_store.pod:56 msgid "SSL_CTX_get_cert_store() returns the current setting." msgstr "B<SSL_CTX_set_cert_store>() renvoie la configuration actuelle." #. type: textblock #: C/ssl/SSL_CTX_set_cert_store.pod:60 msgid "" "L<ssl(3)|ssl(3)>, L<SSL_CTX_load_verify_locations(3)|" "SSL_CTX_load_verify_locations(3)>, L<SSL_CTX_set_verify(3)|" "SSL_CTX_set_verify(3)>" msgstr "" "L<B<ssl>(3)|ssl(3)>, L<B<SSL_CTX_load_verify_locations>(3)|" "SSL_CTX_load_verify_locations(3)>, L<B<SSL_CTX_set_verify>(3)|" "SSL_CTX_set_verify(3)>" #. type: textblock #: C/ssl/SSL_CTX_set_cert_verify_callback.pod:5 msgid "" "SSL_CTX_set_cert_verify_callback - set peer certificate verification " "procedure" msgstr "" "SSL_CTX_set_cert_verify_callback - Définir la procédure de vérification de " "certificat de pair" #. type: verbatim #: C/ssl/SSL_CTX_set_cert_verify_callback.pod:11 #, no-wrap msgid "" " void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*callback)(X509_STORE_CTX *,void *), void *arg);\n" "\n" msgstr "" "B< void SSL_CTX_set_cert_verify_callback(SSL_CTX *>I<ctx>B<, int (*>I<rappel>B<)(X509_STORE_CTX *,void *), void *>I<arg>B<);>\n" "\n" #. type: textblock #: C/ssl/SSL_CTX_set_cert_verify_callback.pod:15 msgid "" "SSL_CTX_set_cert_verify_callback() sets the verification callback function " "for I<ctx>. SSL objects that are created from I<ctx> inherit the setting " "valid at the time when L<SSL_new(3)|SSL_new(3)> is called." msgstr "" "B<SSL_CTX_set_cert_verify_callback>() définit la fonction de rappel de " "vérification pour I<ctx>. Les objets SSL créés à partir de I<ctx> héritent " "des réglages valables au moment de lâ??appel de L<B<SSL_new>(3)|SSL_new(3)>." #. type: textblock #: C/ssl/SSL_CTX_set_cert_verify_callback.pod:21 msgid "" "Whenever a certificate is verified during a SSL/TLS handshake, a " "verification function is called. If the application does not explicitly " "specify a verification callback function, the built-in verification function " "is used. If a verification callback I<callback> is specified via " "SSL_CTX_set_cert_verify_callback(), the supplied callback function is called " "instead. By setting I<callback> to NULL, the default behaviour is restored." msgstr "" "Ã? chaque fois quâ??un certificat est vérifié durant une initiation de " "connexion SSL/TLS, une fonction de vérification est appelée. Si " "lâ??application ne précise pas de fonction de rappel de vérification, la " "fonction interne est utilisée. Si un rappel pour vérification I<rappel> est " "précisé à lâ??aide de B<SSL_CTX_set_cert_verify_callback>(), la fonction de " "rappel indiquée est appelée. En réglant I<rappel> à NULL, le comportement " "par défaut est restauré." #. type: textblock #: C/ssl/SSL_CTX_set_cert_verify_callback.pod:28 msgid "" "When the verification must be performed, I<callback> will be called with the " "arguments callback(X509_STORE_CTX *x509_store_ctx, void *arg). The argument " "I<arg> is specified by the application when setting I<callback>." msgstr "" "Quand une vérification doit être effectuée, I<rappel> sera appelé avec les " "arguments I<rappel(X509_STORE_CTX *x509_store_ctx, void *arg)>.Lâ??argument " "I<arg> est indiqué par lâ??application lors de la configuration de I<rappel>." #. type: textblock #: C/ssl/SSL_CTX_set_cert_verify_callback.pod:32 msgid "" "I<callback> should return 1 to indicate verification success and 0 to " "indicate verification failure. If SSL_VERIFY_PEER is set and I<callback> " "returns 0, the handshake will fail. As the verification procedure may allow " "to continue the connection in case of failure (by always returning 1) the " "verification result must be set in any case using the B<error> member of " "I<x509_store_ctx> so that the calling application will be informed about the " "detailed result of the verification procedure!" msgstr "" "I<rappel> renvoie B<1> en cas de réussite et B<0> en cas dâ??échec. Si " "SSL_VERIFY_PEER est configuré et I<rappel> renvoie B<0>, lâ??initiation de " "connexion échouera. Comme la vérification de procédure permet de continuer " "la connexion en cas dâ??échec (en renvoyant toujours B<1>), le résultat de la " "vérification doit, dans tous les cas, être indiqué en utilisant la partie " "B<error> de B<x509_store_ctx>, de façon que lâ??application appelante soit " "informée du résultat détaillé de la procédure de vérification !" #. type: textblock #: C/ssl/SSL_CTX_set_cert_verify_callback.pod:40 msgid "" "Within I<x509_store_ctx>, I<callback> has access to the I<verify_callback> " "function set using L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>." msgstr "" "Dans B<x509_store_ctx>, I<rappel> peut accéder à la fonction " "I<verify_callback> établie en utilisant L<B<SSL_CTX_set_verify>(3)|" "SSL_CTX_set_verify(3)>." #. type: =head1 #: C/ssl/SSL_CTX_set_cert_verify_callback.pod:43 #: C/ssl/SSL_CTX_set_session_id_context.pod:47 msgid "WARNINGS" msgstr "AVERTISSEMENTS" #. type: textblock #: C/ssl/SSL_CTX_set_cert_verify_callback.pod:45 msgid "" "Do not mix the verification callback described in this function with the " "B<verify_callback> function called during the verification process. The " "latter is set using the L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)> " "family of functions." msgstr "" "Ne pas mélanger le rappel de vérification décrit dans cette fonction avec la " "fonction I<verify_callback> appelée durant la procédure de vérification. " "Cette dernière est définie en utilisant la famille de fonctions " "L<B<SSL_CTX_set_verify>(3)|SSL_CTX_set_verify(3)>." #. type: textblock #: C/ssl/SSL_CTX_set_cert_verify_callback.pod:50 msgid "" "Providing a complete verification procedure including certificate purpose " "settings etc is a complex task. The built-in procedure is quite powerful and " "in most cases it should be sufficient to modify its behaviour using the " "B<verify_callback> function." msgstr "" "Fournir une procédure de vérification complète incluant les indications " "dâ??objectif de certificat est une tâche complexe. La procédure interne est " "plutôt puissante, et, dans la plupart des cas, il sera suffisant de modifier " "son comportement en utilisant la fonction I<verify_callback>." #. type: =head1 #: C/ssl/SSL_CTX_set_cert_verify_callback.pod:55 #: C/ssl/SSL_CTX_set_client_cert_cb.pod:63 C/ssl/SSL_CTX_set_verify.pod:149 msgid "BUGS" msgstr "BOGUES" #. type: textblock #: C/ssl/SSL_CTX_set_cert_verify_callback.pod:59 msgid "" "SSL_CTX_set_cert_verify_callback() does not provide diagnostic information." msgstr "" "B<SSL_CTX_set_cert_verify_callback>() ne fournit pas dâ??information de " "diagnostic." #. type: textblock #: C/ssl/SSL_CTX_set_cert_verify_callback.pod:63 msgid "" "L<ssl(3)|ssl(3)>, L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>, " "L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>, " "L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>" msgstr "" "L<B<ssl>(3)|ssl(3)>, L<B<SSL_CTX_set_verify>(3)|SSL_CTX_set_verify(3)>, " "L<B<SSL_get_verify_result>(3)|SSL_get_verify_result(3)>, " "L<B<SSL_CTX_load_verify_locations>(3)|SSL_CTX_load_verify_locations(3)>" #. type: verbatim #: C/ssl/SSL_CTX_set_cert_verify_callback.pod:69 #, no-wrap msgid "" "Previous to OpenSSL 0.9.7, the I<arg> argument to B<SSL_CTX_set_cert_verify_callback>\n" "was ignored, and I<callback> was called simply as\n" " int (*callback)(X509_STORE_CTX *)\n" "To compile software written for previous versions of OpenSSL, a dummy\n" "argument will have to be added to I<callback>.\n" "\n" msgstr "" "Antérieurement à OpenSSL 0.9.7, lâ??argument I<arg> de B<SSL_CTX_set_cert_verify_callback>\n" "était ignoré et I<rappel> était simplement appelé comme ceci :\n" " int (*I<rappel>)(X509_STORE_CTX *)\n" "\n" "\n" "Pour compiler des logiciels écrits pour de précédentes versions dâ??OpenSSL, \n" "un argument factice doit être ajouté à I<rappel>.\n" "\n" #. type: textblock #: C/ssl/SSL_CTX_set_cipher_list.pod:5 msgid "" "SSL_CTX_set_cipher_list, SSL_set_cipher_list - choose list of available " "SSL_CIPHERs" msgstr "" "SSL_CTX_set_cipher_list, SSL_set_cipher_list - Choisir la liste des " "SSL_CIPHER disponibles" #. type: verbatim #: C/ssl/SSL_CTX_set_cipher_list.pod:11 #, no-wrap msgid "" " int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str);\n" " int SSL_set_cipher_list(SSL *ssl, const char *str);\n" "\n" msgstr "" "B< int SSL_CTX_set_cipher_list(SSL_CTX *>I<ctx>B<, const char *>I<str>B<);>\n" " B<int SSL_set_cipher_list(SSL *>I<ssl>B<, const char *>I<str>B<);>\n" "\n" #. type: textblock #: C/ssl/SSL_CTX_set_cipher_list.pod:16 msgid "" "SSL_CTX_set_cipher_list() sets the list of available ciphers for B<ctx> " "using the control string B<str>. The format of the string is described in " "L<ciphers(1)|ciphers(1)>. The list of ciphers is inherited by all B<ssl> " "objects created from B<ctx>." msgstr "" "B<SSL_CTX_set_cipher_list>() définit la liste des algorithmes de chiffrement " "disponibles pour I<ctx> en utilisant la chaîne de contrôle I<str>. Le format " "de la chaîne est décrit dans L<B<ciphers>(1)|ciphers(1)>. La liste " "d'algorithmes de chiffrement est héritée par tous les objets I<ssl> créés à " "partir de I<ctx>." #. type: textblock #: C/ssl/SSL_CTX_set_cipher_list.pod:21 msgid "SSL_set_cipher_list() sets the list of ciphers only for B<ssl>." msgstr "" "B<SSL_set_cipher_list>() ne définit la liste des algorithmes de chiffrement " "que pour I<ssl>." #. type: textblock #: C/ssl/SSL_CTX_set_cipher_list.pod:25 msgid "" "The control string B<str> should be universally usable and not depend on " "details of the library configuration (ciphers compiled in). Thus no syntax " "checking takes place. Items that are not recognized, because the " "corresponding ciphers are not compiled in or because they are mistyped, are " "simply ignored. Failure is only flagged if no ciphers could be collected at " "all." msgstr "" "La chaîne de contrôle I<str> devrait être universellement utilisable sans " "dépendre de détails de la configuration de bibliothèques (algorithmes de " "chiffrement compilés à l'intérieur). Ainsi, aucune vérification de syntaxe " "n'est effectuée. Les éléments qui ne sont pas reconnus, parce que les " "algorithmes de chiffrement correspondants ne sont pas compilés à " "l'intérieur, ou parce qu'ils n'ont pas été écrits correctement, sont " "simplement ignorés. Un échec nâ??est signalé que si aucun algorithme de " "chiffrement n'a pu être collecté." #. type: textblock #: C/ssl/SSL_CTX_set_cipher_list.pod:32 msgid "" "It should be noted, that inclusion of a cipher to be used into the list is a " "necessary condition. On the client side, the inclusion into the list is also " "sufficient. On the server side, additional restrictions apply. All ciphers " "have additional requirements. ADH ciphers don't need a certificate, but DH-" "parameters must have been set. All other ciphers need a corresponding " "certificate and key." msgstr "" "Précision importante : l'inclusion d'un algorithme de chiffrement à utiliser " "dans la liste est une condition nécessaire. Du côté client, l'inclusion dans " "la liste est aussi suffisante. Du côté serveur, des restrictions " "supplémentaires s'appliquent. Tous les algorithmes de chiffrement ont des " "conditions nécessaires supplémentaires. Les algorithmes de chiffrement ADH " "n'ont pas besoin d'un certificat, mais les paramètres DH doivent avoir été " "définis. Tous les autres algorithmes de chiffrement ont besoin d'un " "certificat et d'une clef correspondants" #. type: textblock #: C/ssl/SSL_CTX_set_cipher_list.pod:39 msgid "" "A RSA cipher can only be chosen, when a RSA certificate is available. RSA " "export ciphers with a keylength of 512 bits for the RSA key require a " "temporary 512 bit RSA key, as typically the supplied key has a length of " "1024 bit (see L<SSL_CTX_set_tmp_rsa_callback(3)|" "SSL_CTX_set_tmp_rsa_callback(3)>). RSA ciphers using DHE need a certificate " "and key and additional DH-parameters (see L<SSL_CTX_set_tmp_dh_callback(3)|" "SSL_CTX_set_tmp_dh_callback(3)>)." msgstr "" "Seul un algorithme de chiffrement RSA peut être choisi quand un certificat " "RSA est disponible. Les algorithmes de chiffrement RSA exportés avec une " "taille de clef de 512 bits pour la clef RSA ont besoin d'une clef RSA " "temporaire de 512 bits, puisque les clefs typiquement fournies ont une " "taille de 1024 bits (consultez L<B<SSL_CTX_set_tmp_rsa_callback>(3)|" "SSL_CTX_set_tmp_rsa_callback(3)>). Les algorithmes de chiffrement RSA " "utilisant DHE ont besoin d'un certificat et d'une clef et de paramètres DH " "supplémentaires (consultez L<B<SSL_CTX_set_tmp_dh_callback>(3)|" "SSL_CTX_set_tmp_dh_callback(3)>)." #. type: textblock #: C/ssl/SSL_CTX_set_cipher_list.pod:47 msgid "" "A DSA cipher can only be chosen, when a DSA certificate is available. DSA " "ciphers always use DH key exchange and therefore need DH-parameters (see " "L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>)." msgstr "" "Seul un algorithme de chiffrement DSA peut être choisi quand un certificat " "DSA est disponible. Les algorithmes de chiffrement DSA utilisent toujours un " "échange de clefs DH, et ont par conséquent besoin de paramètres DH " "(consultez L<B<SSL_CTX_set_tmp_dh_callback>(3)|" "SSL_CTX_set_tmp_dh_callback(3)>)." #. type: textblock #: C/ssl/SSL_CTX_set_cipher_list.pod:51 msgid "" "When these conditions are not met for any cipher in the list (e.g. a client " "only supports export RSA ciphers with a asymmetric key length of 512 bits " "and the server is not configured to use temporary RSA keys), the \"no shared " "cipher\" (SSL_R_NO_SHARED_CIPHER) error is generated and the handshake will " "fail." msgstr "" "Quand ces conditions ne sont pas réunies pour aucun algorithme de " "chiffrement de la liste (par exemple un client qui ne gère que les " "algorithmes de chiffrement RSA pour lâ??export avec une taille de clef " "asymétrique de 512 bits et que le serveur n'est pas configuré pour utiliser " "des clefs RSA temporaires), l'erreur « pas d'algorithme de chiffrement " "partagé » (SSL_R_NO_SHARED_CIPHER) est générée, et l'initialisation échouera." #. type: textblock #: C/ssl/SSL_CTX_set_cipher_list.pod:57 msgid "" "If the cipher list does not contain any SSLv2 cipher suites (this is the " "default) then SSLv2 is effectively disabled and neither clients nor servers " "will attempt to use SSLv2." msgstr "" "Si la liste dâ??algorithmes de chiffrement ne contient aucune suite de " "chiffrement SSLv2 (état par défaut), alors SSLv2 est réellement désactivé et " "ni les clients, ni les serveurs, ne pourront utiliser SSLv2." #. type: textblock #: C/ssl/SSL_CTX_set_cipher_list.pod:63 msgid "" "SSL_CTX_set_cipher_list() and SSL_set_cipher_list() return 1 if any cipher " "could be selected and 0 on complete failure." msgstr "" "B<SSL_CTX_set_cipher_list>() et B<SSL_set_cipher_list>() renvoient B<1> si " "un algorithme de chiffrement a pu être sélectionné et B<0> en cas d'échec " "complet." #. type: textblock #: C/ssl/SSL_CTX_set_cipher_list.pod:68 msgid "" "L<ssl(3)|ssl(3)>, L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>, " "L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>, " "L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>, " "L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>, " "L<ciphers(1)|ciphers(1)>" msgstr "" "L<B<ssl>(3)|ssl(3)>, L<B<SSL_get_ciphers>(3)|SSL_get_ciphers(3)>, " "L<B<SSL_CTX_use_certificate>(3)|SSL_CTX_use_certificate(3)>, " "L<B<SSL_CTX_set_tmp_rsa_callback>(3)|SSL_CTX_set_tmp_rsa_callback(3)>, " "L<B<SSL_CTX_set_tmp_dh_callback>(3)|SSL_CTX_set_tmp_dh_callback(3)>, " "L<B<ciphers>(1)|ciphers(1)>" #. type: textblock #: C/ssl/SSL_CTX_set_client_CA_list.pod:5 msgid "" "SSL_CTX_set_client_CA_list, SSL_set_client_CA_list, SSL_CTX_add_client_CA, " "SSL_add_client_CA - set list of CAs sent to the client when requesting a " "client certificate" msgstr "" "SSL_CTX_set_client_CA_list, SSL_set_client_CA_list, SSL_CTX_add_client_CA, " "SSL_add_client_CA - Définir la liste dâ??autorités de certification (CA) " "adressée au client lors dâ??une demande de certificat client" #. type: verbatim #: C/ssl/SSL_CTX_set_client_CA_list.pod:11 #, no-wrap msgid "" " #include <openssl/ssl.h>\n" " \n" msgstr "" "B< #include E<lt>openssl/ssl.hE<gt>>\n" " \n" #. type: verbatim #: C/ssl/SSL_CTX_set_client_CA_list.pod:13 #, no-wrap msgid "" " void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list);\n" " void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list);\n" " int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *cacert);\n" " int SSL_add_client_CA(SSL *ssl, X509 *cacert);\n" "\n" msgstr "" "B< void SSL_CTX_set_client_CA_list(SSL_CTX *>I<ctx>B<, STACK_OF(X509_NAME)*>I<liste>B<);>\n" " B<void SSL_set_client_CA_list(SSL *>I<s>B<, STACK_OF(X509_NAME) *>I<liste>B<);>\n" " B<int SSL_CTX_add_client_CA(SSL_CTX *>I<ctx>B<, X509 *>I<ca_cert>B<);>\n" " B<int SSL_add_client_CA(SSL *>I<ssl>B<, X509 *>I<ca_cert>B<);>\n" "\n" #. type: textblock #: C/ssl/SSL_CTX_set_client_CA_list.pod:20 msgid "" "SSL_CTX_set_client_CA_list() sets the B<list> of CAs sent to the client when " "requesting a client certificate for B<ctx>." msgstr "" "B<SSL_CTX_set_client_CA_list>() définit la I<liste> de CA adressée au client " "lors dâ??une requête de certificat client pour I<ctx>." #. type: textblock #: C/ssl/SSL_CTX_set_client_CA_list.pod:23 msgid "" "SSL_set_client_CA_list() sets the B<list> of CAs sent to the client when " "requesting a client certificate for the chosen B<ssl>, overriding the " "setting valid for B<ssl>'s SSL_CTX object." msgstr "" "B<SSL_set_client_CA_list>() définit la I<liste> de CA adressée au client " "lors dâ??une requête de certificat client pour le I<ssl> choisi, redéfinissant " "le réglage valable de lâ??objet SSL_CTX de I<ssl>." #. type: textblock #: C/ssl/SSL_CTX_set_client_CA_list.pod:27 msgid "" "SSL_CTX_add_client_CA() adds the CA name extracted from B<cacert> to the " "list of CAs sent to the client when requesting a client certificate for " "B<ctx>." msgstr "" "B<SSL_CTX_add_client_CA>() ajoute le nom de la CA, extrait de I<ca_cert>, à " "la liste de CA adressée au client lors dâ??une requête de certificat client " "pour I<ctx>." #. type: textblock #: C/ssl/SSL_CTX_set_client_CA_list.pod:31 msgid "" "SSL_add_client_CA() adds the CA name extracted from B<cacert> to the list of " "CAs sent to the client when requesting a client certificate for the chosen " "B<ssl>, overriding the setting valid for B<ssl>'s SSL_CTX object." msgstr "" "B<SSL_add_client_CA>() ajoute le nom de la CA extrait de I<ca_cert> à la " "liste de CA adressée au client lors dâ??une requête dâ??un certificat client " "pour le I<ssl> choisi, redéfinissant le réglage valable pour lâ??objet SSL_CTX " "de I<ssl>." #. type: textblock #: C/ssl/SSL_CTX_set_client_CA_list.pod:37 msgid "" "When a TLS/SSL server requests a client certificate (see " "B<SSL_CTX_set_verify(3)>), it sends a list of CAs, for which it will accept " "certificates, to the client." msgstr "" "Quand un serveur TLS/SSL demande un certificat client (consultez " "B<SSL_CTX_set_verify>(3)), il envoie une liste de CA, depuis laquelle il " "acceptera des certificats, au client." #. type: textblock #: C/ssl/SSL_CTX_set_client_CA_list.pod:41 msgid "" "This list must explicitly be set using SSL_CTX_set_client_CA_list() for " "B<ctx> and SSL_set_client_CA_list() for the specific B<ssl>. The list " "specified overrides the previous setting. The CAs listed do not become " "trusted (B<list> only contains the names, not the complete certificates); " "use L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)> to " "additionally load them for verification." msgstr "" "Cette liste doit clairement être définie en utilisant " "B<SSL_CTX_set_client_CA_list>() pour I<ctx> et B<SSL_set_client_CA_list>() " "pour le I<ssl> particulier. La liste indiquée redéfinit la précédente " "configuration. Les CA listées ne deviennent pas de confiance (I<liste> " "contient seulement les noms, mais pas les certificats en entier) ; utilisez " "L<B<SSL_CTX_load_verify_locations>(3)|SSL_CTX_load_verify_locations(3)> pour " "en plus les charger pour la vérification." #. type: textblock #: C/ssl/SSL_CTX_set_client_CA_list.pod:48 msgid "" "If the list of acceptable CAs is compiled in a file, the " "L<SSL_load_client_CA_file(3)|SSL_load_client_CA_file(3)> function can be " "used to help importing the necessary data." msgstr "" "Si la liste de CA acceptables est dressée dans un fichier, la fonction " "L<B<SSL_load_client_CA_file>(3)|SSL_load_client_CA_file(3)> peut être " "utilisée pour lâ??importation des données nécessaires." #. type: textblock #: C/ssl/SSL_CTX_set_client_CA_list.pod:52 msgid "" "SSL_CTX_add_client_CA() and SSL_add_client_CA() can be used to add " "additional items the list of client CAs. If no list was specified before " "using SSL_CTX_set_client_CA_list() or SSL_set_client_CA_list(), a new client " "CA list for B<ctx> or B<ssl> (as appropriate) is opened." msgstr "" "B<SSL_CTX_add_client_CA>() et B<SSL_add_client_CA>() peuvent être utilisées " "pour ajouter des éléments dans la liste de CA client. Si aucune liste " "nâ??était indiquée avant lâ??utilisation de B<SSL_CTX_set_client_CA_list>() ou " "B<SSL_set_client_CA_list>(), une nouvelle liste de CA client pour I<ctx> ou " "I<ssl> (selon le cas) est ouverte." #. type: textblock #: C/ssl/SSL_CTX_set_client_CA_list.pod:57 msgid "These functions are only useful for TLS/SSL servers." msgstr "Ces fonctions sont seulement utiles pour les serveurs TLS/SSL." #. type: textblock #: C/ssl/SSL_CTX_set_client_CA_list.pod:61 msgid "" "SSL_CTX_set_client_CA_list() and SSL_set_client_CA_list() do not return " "diagnostic information." msgstr "" "B<SSL_CTX_set_client_CA_list>() et B<SSL_set_client_CA_list>() ne renvoient " "pas de renseignements de diagnostic." #. type: textblock #: C/ssl/SSL_CTX_set_client_CA_list.pod:64 msgid "" "SSL_CTX_add_client_CA() and SSL_add_client_CA() have the following return " "values:" msgstr "" "B<SSL_CTX_add_client_CA>() et B<SSL_add_client_CA>() ont les valeurs de " "retour suivantes." #. type: =item #: C/ssl/SSL_CTX_set_client_CA_list.pod:69 #: C/ssl/SSL_CTX_set_session_id_context.pod:67 #: C/ssl/SSL_CTX_set_ssl_version.pod:45 #: C/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod:92 msgid "Z<>0" msgstr "Z<>0" #. type: textblock #: C/ssl/SSL_CTX_set_client_CA_list.pod:71 msgid "" "A failure while manipulating the STACK_OF(X509_NAME) object occurred or the " "X509_NAME could not be extracted from B<cacert>. Check the error stack to " "find out the reason." msgstr "" "Une erreur lors de la manipulation de lâ??objet STACK_OF(X509_NAME) est " "survenue ou X509_NAME nâ??a pu être extrait de I<ca_cert>. Vérifiez la pile " "dâ??erreurs pour en trouver la raison." #. type: =item #: C/ssl/SSL_CTX_set_client_CA_list.pod:75 #: C/ssl/SSL_CTX_set_session_id_context.pod:73 #: C/ssl/SSL_CTX_set_ssl_version.pod:49 #: C/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod:87 msgid "Z<>1" msgstr "Z<>1" #. type: textblock #: C/ssl/SSL_CTX_set_client_CA_list.pod:77 #: C/ssl/SSL_CTX_set_session_id_context.pod:75 #: C/ssl/SSL_CTX_set_ssl_version.pod:51 msgid "The operation succeeded." msgstr "L'opération a réussi." #. type: =head1 #: C/ssl/SSL_CTX_set_client_CA_list.pod:81 #: C/ssl/SSL_CTX_set_default_passwd_cb.pod:57 #: C/ssl/SSL_CTX_set_generate_session_id.pod:95 #: C/ssl/SSL_CTX_set_info_callback.pod:107 #: C/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod:126 #: C/ssl/SSL_CTX_set_tmp_dh_callback.pod:101 #: C/ssl/SSL_CTX_set_tmp_rsa_callback.pod:90 C/ssl/SSL_CTX_set_verify.pod:165 msgid "EXAMPLES" msgstr "EXEMPLES" #. type: textblock #: C/ssl/SSL_CTX_set_client_CA_list.pod:83 msgid "Scan all certificates in B<CAfile> and list them as acceptable CAs:" msgstr "" "Examiner tous les certificats dans I<fichier_CA> et les incorporer dans la " "liste de CA acceptables :" #. type: verbatim #: C/ssl/SSL_CTX_set_client_CA_list.pod:85 #, no-wrap msgid "" " SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));\n" "\n" msgstr "" " SSL_CTX_set_client_CA_list(I<ctx>,SSL_load_client_CA_file(I<fichier_CA>));\n" "\n" #. type: textblock #: C/ssl/SSL_CTX_set_client_CA_list.pod:89 msgid "" "L<ssl(3)|ssl(3)>, L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>, " "L<SSL_load_client_CA_file(3)|SSL_load_client_CA_file(3)>, " "L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>" msgstr "" "L<B<ssl>(3)|ssl(3)>, L<B<SSL_get_client_CA_list>(3)|" "SSL_get_client_CA_list(3)>, L<B<SSL_load_client_CA_file>(3)|" "SSL_load_client_CA_file(3)>, L<B<SSL_CTX_load_verify_locations>(3)|" "SSL_CTX_load_verify_locations(3)>" #. type: textblock #: C/ssl/SSL_CTX_set_client_cert_cb.pod:5 msgid "" "SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb - handle client " "certificate callback function" msgstr "" "SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb - Gestion de la " "fonction de rappel de certificat client." #. type: verbatim #: C/ssl/SSL_CTX_set_client_cert_cb.pod:11 #, no-wrap msgid "" " void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));\n" " int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);\n" " int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);\n" "\n" msgstr "" "B< void SSL_CTX_set_client_cert_cb(SSL_CTX *>I<ctx>B<, int (*client_cert_cb)(SSL *>I<ssl>B<, X509 **x>I<509>B<, EVP_PKEY **>I<pkey>B<));>\n" " B<int (*SSL_CTX_get_client_cert_cb(SSL_CTX *>I<ctx>B<))(SSL *>I<ssl>B<, X509 **>I<x509>B<, EVP_PKEY **>I<pkey>B<);>\n" " B<int (*client_cert_cb)(SSL *>I<ssl>B<, X509 **>I<x509>B<, EVP_PKEY **>I<pkey>B<);>\n" "\n" #. type: textblock #: C/ssl/SSL_CTX_set_client_cert_cb.pod:17 msgid "" "SSL_CTX_set_client_cert_cb() sets the B<client_cert_cb()> callback, that is " "called when a client certificate is requested by a server and no certificate " "was yet set for the SSL object." msgstr "" "B<SSL_CTX_set_client_cert_cb>() définit le rappel B<client_cert_cb>(), qui " "est appelé lors dâ??une demande de certificat client par un serveur et " "quâ??aucun certificat nâ??a été défini pour lâ??objet SSL." #. type: textblock #: C/ssl/SSL_CTX_set_client_cert_cb.pod:21 msgid "When B<client_cert_cb()> is NULL, no callback function is used." msgstr "" "Lorsque B<client_cert_cb>() est NULL, aucune fonction de rappel nâ??est " "utilisée." #. type: textblock #: C/ssl/SSL_CTX_set_client_cert_cb.pod:23 msgid "" "SSL_CTX_get_client_cert_cb() returns a pointer to the currently set callback " "function." msgstr "" "B<SSL_CTX_ge_client_cert_cb>() renvoie un pointeur vers la fonction de " "rappel actuellement définie." #. type: textblock #: C/ssl/SSL_CTX_set_client_cert_cb.pod:26 msgid "" "client_cert_cb() is the application defined callback. If it wants to set a " "certificate, a certificate/private key combination must be set using the " "B<x509> and B<pkey> arguments and \"1\" must be returned. The certificate " "will be installed into B<ssl>, see the NOTES and BUGS sections. If no " "certificate should be set, \"0\" has to be returned and no certificate will " "be sent. A negative return value will suspend the handshake and the " "handshake function will return immediately. L<SSL_get_error(3)|" "SSL_get_error(3)> will return SSL_ERROR_WANT_X509_LOOKUP to indicate, that " "the handshake was suspended. The next call to the handshake function will " "again lead to the call of client_cert_cb(). It is the job of the " "client_cert_cb() to store information about the state of the last call, if " "required to continue." msgstr "" "B<client_cert_cb>() est le rappel défini par lâ??application. Si elle veut " "définir un certificat, une combinaison clef/certificat privé doit être " "indiquée en utilisant les arguments I<x509> et I<pkey>, et B<1> doit être " "renvoyé. Le certificat sera installé dans I<ssl> ; consultez les sections " "NOTES et BOGUES. Si aucun certificat ne doit être défini, B<0> doit être " "renvoyé et aucun certificat ne sera adressé. Le renvoi dâ??une valeur négative " "suspendra lâ??initiation de connexion et la fonction dâ??initiation s'arrêtera " "immédiatement. L<B<SSL_get_error>(3)|SSL_get_error(3)> renverra " "SSL_ERROR_WANT_X509_LOOKUP pour signaler que lâ??initiation est suspendue. Le " "prochain appel à la fonction dâ??initiation amènera de nouveau à lâ??appel de " "B<client_cert_cb>(). Câ??est au B<client_cert_cb>() dâ??emmagasiner " "lâ??information sur lâ??état du dernier appel, si une demande de continuation " "est faite." #. type: textblock #: C/ssl/SSL_CTX_set_client_cert_cb.pod:40 msgid "" "During a handshake (or renegotiation) a server may request a certificate " "from the client. A client certificate must only be sent, when the server did " "send the request." msgstr "" "Pendant lâ??initialisation de connexion (ou renégociation), un serveur peut " "demander un certificat au client. Un certificat client doit seulement être " "adressé, lorsque le serveur a bien envoyé la requête." #. type: textblock #: C/ssl/SSL_CTX_set_client_cert_cb.pod:44 msgid "" "When a certificate was set using the L<SSL_CTX_use_certificate(3)|" "SSL_CTX_use_certificate(3)> family of functions, it will be sent to the " "server. The TLS standard requires that only a certificate is sent, if it " "matches the list of acceptable CAs sent by the server. This constraint is " "violated by the default behavior of the OpenSSL library. Using the callback " "function it is possible to implement a proper selection routine or to allow " "a user interaction to choose the certificate to be sent." msgstr "" "Quand un certificat a été défini en utilisant la famille de fonctions " "L<B<SSL_CTX_use_certificate>(3)|SSL_CTX_use_certificate(3)>, il est adressé " "au serveur. La norme TLS exige quâ??un seul certificat soit adressé, sâ??il a " "une correspondance dans la liste de CA acceptables envoyée par le serveur. " "Cette contrainte nâ??est pas respectée par le comportement par défaut de la " "bibliothèque OpenSSL. Lâ??utilisation de la fonction de rappel permet " "dâ??implémenter une routine de sélection appropriée ou de choisir le " "certificat à envoyer par une interaction de lâ??utilisateur." #. type: textblock #: C/ssl/SSL_CTX_set_client_cert_cb.pod:53 msgid "" "If a callback function is defined and no certificate was yet defined for the " "SSL object, the callback function will be called. If the callback function " "returns a certificate, the OpenSSL library will try to load the private key " "and certificate data into the SSL object using the SSL_use_certificate() and " "SSL_use_private_key() functions. Thus it will permanently install the " "certificate and key for this SSL object. It will not be reset by calling " "L<SSL_clear(3)|SSL_clear(3)>. If the callback returns no certificate, the " "OpenSSL library will not send a certificate." msgstr "" "Si une fonction de rappel est définie et quâ??aucun certificat nâ??a été défini " "pour lâ??objet SSL, la fonction de rappel est appelée. Si la fonction de " "rappel renvoie un certificat, la bibliothèque OpenSSL essayera de charger la " "clef privée et les données de certificat dans lâ??objet SSL, en utilisant les " "fonctions B<SSL_use_certificate>() et B<SSL_use_private_key>(). Par " "conséquent, les clef et certificat seront installés définitivement pour " "lâ??objet SSL. Ils ne seront pas réinitialisés par L<B<SSL_clear>(3)|" "SSL_clear(3)>. Si le rappel ne renvoie aucun certificat, la bibliothèque " "OpenSSl nâ??adressera pas de certificat." #. type: textblock #: C/ssl/SSL_CTX_set_client_cert_cb.pod:65 msgid "" "The client_cert_cb() cannot return a complete certificate chain, it can only " "return one client certificate. If the chain only has a length of 2, the root " "CA certificate may be omitted according to the TLS standard and thus a " "standard conforming answer can be sent to the server. For a longer chain, " "the client must send the complete chain (with the option to leave out the " "root CA certificate). This can only be accomplished by either adding the " "intermediate CA certificates into the trusted certificate store for the " "SSL_CTX object (resulting in having to add CA certificates that otherwise " "maybe would not be trusted), or by adding the chain certificates using the " "L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)> function, " "which is only available for the SSL_CTX object as a whole and that therefore " "probably can only apply for one client certificate, making the concept of " "the callback function (to allow the choice from several certificates) " "questionable." msgstr "" "B<client_cert_cb>() ne peut pas renvoyer une chaîne de certificats complète, " "il peut simplement renvoyer un certificat client. Si la chaîne est de " "longueur 2 le certificat du CA racine peut être omis en accord avec le " "standard TLS et donc, une réponse conforme au standard peut être adressée au " "serveur. Pour une chaîne plus longue, le client doit envoyer la chaîne " "complète (avec lâ??option dâ??omettre le certificat du CA racine). Cela peut " "être uniquement accompli soit en ajoutant les certificats de CA " "intermédiaires dans le stockage de certificats de confiance pour lâ??objet " "SSL_CTX (avec pour conséquence dâ??avoir à ajouter des certificats de CA qui " "peut-être ne seraient pas considérés de confiance), soit en ajoutant la " "chaîne de certificats avec la fonction L<B<SSL_CTX_add_extra_chain_cert>(3)|" "SSL_CTX_add_extra_chain_cert(3)>, qui est seulement disponible pour lâ??objet " "SSL_CTX globalement, et par conséquent peut probablement sâ??appliquer à un " "seul certificat client, rendant le concept de fonction de rappel (pour " "permettre le choix parmi plusieurs certificats) discutable." #. type: textblock #: C/ssl/SSL_CTX_set_client_cert_cb.pod:81 msgid "" "Once the SSL object has been used in conjunction with the callback function, " "the certificate will be set for the SSL object and will not be cleared even " "when L<SSL_clear(3)|SSL_clear(3)> is being called. It is therefore mandatory " "to destroy the SSL object using L<SSL_free(3)|SSL_free(3)> and create a new " "one to return to the previous state." msgstr "" "Une fois que lâ??objet SSL a été utilisé conjointement avec la fonction de " "rappel, le certificat sera défini pour lâ??objet SSL et ne sera pas effacé " "même quand L<B<SSL_clear>(3)|SSL_clear(3)> sera appelée. Il est donc " "obligatoire de détruire lâ??objet SSL avec L<B<SSL_free>(3)|SSL_free(3)> et " "créer un nouvel objet pour retourner à lâ??état précédent." #. type: textblock #: C/ssl/SSL_CTX_set_client_cert_cb.pod:89 msgid "" "L<ssl(3)|ssl(3)>, L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>, " "L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>, " "L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>, L<SSL_clear(3)|" "SSL_clear(3)>, L<SSL_free(3)|SSL_free(3)>" msgstr "" "L<B<ssl>(3)|ssl(3)>, L<B<SSL_CTX_use_certificate>(3)|" "SSL_CTX_use_certificate(3)>, L<B<SSL_CTX_add_extra_chain_cert>(3)|" "SSL_CTX_add_extra_chain_cert(3)>, L<B<SSL_get_client_CA_list>(3)|" "SSL_get_client_CA_list(3)>, L<B<SSL_clear>(3)|SSL_clear(3)>, " "L<B<SSL_free>(3)|SSL_free(3)>" #. type: textblock #: C/ssl/SSL_CTX_set_custom_cli_ext.pod:5 msgid "" "SSL_CTX_add_client_custom_ext, SSL_CTX_add_server_custom_ext - custom TLS " "extension handling" msgstr "" "SSL_CTX_add_client_custom_ext, SSL_CTX_add_server_custom_ext - Gestion " "personnalisée dâ??extension TLS" #. type: verbatim #: C/ssl/SSL_CTX_set_custom_cli_ext.pod:11 #, no-wrap msgid "" " int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type,\n" "\t\t\t custom_ext_add_cb add_cb,\n" "\t\t\t custom_ext_free_cb free_cb, void *add_arg,\n" "\t\t\t custom_ext_parse_cb parse_cb,\n" "\t\t\t\t void *parse_arg);\n" "\n" msgstr "" "B< int SSL_CTX_add_client_custom_ext(SSL_CTX *>I<ctx>B<, unsigned int> I<ext_type>B<,>\n" " \t\t\t B<custom_ext_add_cb> I<add_cb>B<,>\n" " \t\t\t B<custom_ext_free_cb> I<free_cb>B<, void *>I<add_arg>B<,>\n" " \t\t\t B<custom_ext_parse_cb> I<parse_cb>B<,>\n" " \t\t\t\t B<void *>I<parse_arg>B<);>\n" "\n" #. type: verbatim #: C/ssl/SSL_CTX_set_custom_cli_ext.pod:17 #, no-wrap msgid "" " int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type,\n" "\t\t\t custom_ext_add_cb add_cb,\n" "\t\t\t custom_ext_free_cb free_cb, void *add_arg,\n" "\t\t\t custom_ext_parse_cb parse_cb,\n" "\t\t\t\t void *parse_arg);\n" "\n" msgstr "" "B< int SSL_CTX_add_server_custom_ext(SSL_CTX *>I<ctx>B<, unsigned int> I<ext_type>B<,>\n" " \t\t\t B<custom_ext_add_cb> I<add_cb>B<,>\n" " \t\t\t B<custom_ext_free_cb> I<free_cb>B<, void *>I<add_arg>B<,>\n" " \t\t\t B<custom_ext_parse_cb> I<parse_cb>B<,>\n" " \t\t\t\t B<void *>I<parse_arg>B<);>\n" "\n" #. type: verbatim #: C/ssl/SSL_CTX_set_custom_cli_ext.pod:23 #, no-wrap msgid "" " int SSL_extension_supported(unsigned int ext_type);\n" "\n" msgstr "" "B< int SSL_extension_supported(unsigned int> I<ext_type>B<);>\n" "\n" #. type: verbatim #: C/ssl/SSL_CTX_set_custom_cli_ext.pod:25 #, no-wrap msgid "" " typedef int (*custom_ext_add_cb)(SSL *s, unsigned int ext_type,\n" "\t\t\t\t const unsigned char **out,\n" "\t\t\t\t size_t *outlen, int *al,\n" "\t\t\t\t void *add_arg);\n" "\n" msgstr "" "B< typedef int (*>I<custom_ext_add_cb>B<)(SSL *s>B<, unsigned int> I<ext_type>B<,>\n" " \t\t\t\t B<const unsigned char **>I<out>B<,>\n" " \t\t\t\t B<size_t *>I<outlen>B<, int *>I<al>B<,>\n" " \t\t\t\t B<void *>I<add_arg>B<);>\n" "\n" #. type: verbatim #: C/ssl/SSL_CTX_set_custom_cli_ext.pod:30 #, no-wrap msgid "" " typedef void (*custom_ext_free_cb)(SSL *s, unsigned int ext_type,\n" "\t\t\t\t const unsigned char *out,\n" "\t\t\t\t void *add_arg);\n" "\n" msgstr "" "B< typedef void (*>I<custom_ext_free_cb>B<)(SSL *s, unsigned intB> I<ext_type>B<,>\n" " \t\t\t\t B<const unsigned char *>I<out>B<,>\n" " \t\t\t\t B<void *>I<add_arg>B<);>\n" "\n" #. type: verbatim #: C/ssl/SSL_CTX_set_custom_cli_ext.pod:34 #, no-wrap msgid "" " typedef int (*custom_ext_parse_cb)(SSL *s, unsigned int ext_type,\n" "\t\t\t\t const unsigned char *in,\n" "\t\t\t\t size_t inlen, int *al,\n" "\t\t\t\t void *parse_arg);\n" "\n" msgstr "" "B< typedef int (*>I<custom_ext_parse_cb>B<)(SSL *s, unsigned intB> I<ext_type>B<,>\n" " \t\t\t\t B<const unsigned char *>I<in>B<,>\n" " \t\t\t\t B<size_t> I<inlen>B<, int *>I<al>B<,>\n" " \t\t\t\t B<void *>I<parse_arg>B<);>\n" "\n" #. type: textblock #: C/ssl/SSL_CTX_set_custom_cli_ext.pod:42 msgid "" "SSL_CTX_add_client_custom_ext() adds a custom extension for a TLS client " "with extension type B<ext_type> and callbacks B<add_cb>, B<free_cb> and " "B<parse_cb>." msgstr "" "B<SSL_CTX_add_client_custom_ext>() ajoute une extension personnalisée pour " "un client TLS avec une extension de type I<ext_type> et les rappels " "I<add_cb>, I<free_cb> et I<parse_cb>." #. type: textblock #: C/ssl/SSL_CTX_set_custom_cli_ext.pod:46 msgid "" "SSL_CTX_add_server_custom_ext() adds a custom extension for a TLS server " "with extension type B<ext_type> and callbacks B<add_cb>, B<free_cb> and " "B<parse_cb>." msgstr "" "B<SSL_CTX_add_server_custom_ext>() ajoute une extension personnalisée pour " "un serveur TLS avec une extension de type I<ext_type> et les rappels " "I<add_cb>, I<free_cb> et I<parse_cb>." #. type: textblock #: C/ssl/SSL_CTX_set_custom_cli_ext.pod:50 msgid "" "In both cases the extension type must not be handled by OpenSSL internally " "or an error occurs." msgstr "" "Dans les deux cas, le type dâ??extension ne doit pas être géré en interne par " "OpenSSL, sinon une erreur se produit." #. type: textblock #: C/ssl/SSL_CTX_set_custom_cli_ext.pod:53 #: C/ssl/SSL_CTX_set_custom_cli_ext.pod:130 msgid "" "SSL_extension_supported() returns 1 if the extension B<ext_type> is handled " "internally by OpenSSL and 0 otherwise." msgstr "" "B<SSL_extension_supported>() renvoie B<1> si lâ??extension I<ext_type> est " "gérée en interne par OpenSSL ou autrement B<0>." #. type: =head1 #: C/ssl/SSL_CTX_set_custom_cli_ext.pod:56 msgid "EXTENSION CALLBACKS" msgstr "FONCTIONS DE RAPPEL Dâ??EXTENSION" #. type: textblock #: C/ssl/SSL_CTX_set_custom_cli_ext.pod:58 msgid "" "The callback B<add_cb> is called to send custom extension data to be " "included in ClientHello for TLS clients or ServerHello for servers. The " "B<ext_type> parameter is set to the extension type which will be added and " "B<add_arg> to the value set when the extension handler was added." msgstr "" "Le rappel I<add_cb> est demandé pour envoyer des données dâ??extension " "personnalisée à inclure dans ClientHello pour un client TLS ou ServerHello " "pour un serveur TLS. Le paramètre I<ext_type> est défini au type dâ??extension " "qui sera ajouté et le paramètre I<add_arg> à la valeur définie lorsque le " "gestionnaire dâ??extension a été ajouté." #. type: textblock #: C/ssl/SSL_CTX_set_custom_cli_ext.pod:63 msgid "" "If the application wishes to include the extension B<ext_type> it should set " "B<*out> to the extension data, set B<*outlen> to the length of the extension " "data and return 1." msgstr "" "Si lâ??application veut inclure lâ??extension I<ext_type>, elle doit définir " "I<*out> aux données dâ??extension, définir I<*outlen> à la longueur des " "données dâ??extension et renvoyer B<1>." #. type: textblock #: C/ssl/SSL_CTX_set_custom_cli_ext.pod:67 msgid "" "If the B<add_cb> does not wish to include the extension it must return 0." msgstr "" "Si le rappel I<add_cb> ne veut pas inclure lâ??extension, il doit renvoyer " "B<0>." #. type: textblock #: C/ssl/SSL_CTX_set_custom_cli_ext.pod:69 msgid "" "If B<add_cb> returns -1 a fatal handshake error occurs using the TLS alert " "value specified in B<*al>." msgstr "" "Si le rappel I<add_cb> renvoie B<-1>, une erreur fatale dâ??initiation de " "connexion sâ??est produite avec un message dâ??alerte TLS indiqué dans I<*al>." #. type: textblock #: C/ssl/SSL_CTX_set_custom_cli_ext.pod:72 msgid "" "For clients (but not servers) if B<add_cb> is set to NULL a zero length " "extension is added for B<ext_type>." msgstr "" "Pour les clients (mais pas les serveurs), si I<add_cb> est défini à NULL, " "une extension de longueur zéro est ajoutée pour I<ext_type>." #. type: textblock #: C/ssl/SSL_CTX_set_custom_cli_ext.pod:75 msgid "" "For clients every registered B<add_cb> is always called to see if the " "application wishes to add an extension to ClientHello." msgstr "" "Pour les clients, chaque I<add_cb> enregistré est toujours appelé pour " "savoir si lâ??application veut ajouter une extension à ClientHello." #. type: textblock #: C/ssl/SSL_CTX_set_custom_cli_ext.pod:78 msgid "" "For servers every registered B<add_cb> is called once if and only if the " "corresponding extension was received in ClientHello to see if the " "application wishes to add the extension to ServerHello. That is, if no " "corresponding extension was received in ClientHello then B<add_cb> will not " "be called." msgstr "" "Pour les serveurs, chaque I<add_cb> enregistré est appelé une fois, si et " "seulement si lâ??extension correspondante a été intégrée dans ClientHello, " "pour savoir si lâ??application veut ajouter lâ??extension à ServerHello. Câ??est-à -" "dire, sans extension correspondante dans ClientHello, I<add_cb> nâ??est pas " "appelé." #. type: textblock #: C/ssl/SSL_CTX_set_custom_cli_ext.pod:83 msgid "" "If an extension is added (that is B<add_cb> returns 1) B<free_cb> is called " "(if it is set) with the value of B<out> set by the add callback. It can be " "used to free up any dynamic extension data set by B<add_cb>. Since B<out> is " "constant (to permit use of constant data in B<add_cb>) applications may need " "to cast away const to free the data." msgstr "" "Si une extension est ajoutée (câ??est-à -dire, I<add_cb> renvoie B<1>), " "I<free_cb> est appelé (sâ??il est défini) avec la valeur de I<out> définie par " "le rappel dâ??ajout. Il peut être utilisé pour libérer nâ??importe quelles " "données dâ??extension variables définies par I<add_cb>. Puisque I<out> est " "constant (pour permettre lâ??utilisation de données constantes dans " "I<add_cb>), les applications peuvent nécessiter de rejeter cette constance " "pour libérer les données." #. type: textblock #: C/ssl/SSL_CTX_set_custom_cli_ext.pod:89 msgid "" "The callback B<parse_cb> receives data for TLS extensions. For TLS clients " "the extension data will come from ServerHello and for TLS servers it will " "come from ClientHello." msgstr "" "Le rappel I<parse_cb> reçoit des données pour des extensions TLS. Pour les " "clients TLS les données dâ??extension proviennent de ServerHello et pour les " "serveurs TLS de ClientHello." #. type: textblock #: C/ssl/SSL_CTX_set_custom_cli_ext.pod:93 msgid "" "The extension data consists of B<inlen> bytes in the buffer B<in> for the " "extension B<extension_type>." msgstr "" "Les données dâ??extension consistent en I<inlen> octets dans le tampon I<in> " "pour lâ??extension I<extension_type>." #. type: textblock #: C/ssl/SSL_CTX_set_custom_cli_ext.pod:96 msgid "" "If the B<parse_cb> considers the extension data acceptable it must return 1. " "If it returns 0 or a negative value a fatal handshake error occurs using the " "TLS alert value specified in B<*al>." msgstr "" "Si I<parse_cb> juge les données dâ??extension valables, il doit renvoyer B<1>. " "Sâ??il renvoie B<0> ou une valeur négative, une erreur fatale dâ??initiation de " "connexion se produit avec un message dâ??alerte indiqué dans I<*al>." #. type: textblock #: C/ssl/SSL_CTX_set_custom_cli_ext.pod:100 msgid "" "The buffer B<in> is a temporary internal buffer which will not be valid " "after the callback returns." msgstr "" "Le tampon I<in> est un tampon interne temporaire qui ne sera plus valable " "après le renvoi du rappel." #. type: textblock #: C/ssl/SSL_CTX_set_custom_cli_ext.pod:105 msgid "" "The B<add_arg> and B<parse_arg> parameters can be set to arbitrary values " "which will be passed to the corresponding callbacks. They can, for example, " "be used to store the extension data received in a convenient structure or " "pass the extension data to be added or freed when adding extensions." msgstr "" "Les paramètres I<add_arg> et I<parse_arg> peuvent être définis à des valeurs " "arbitraires transmises aux rappels correspondants. Ils peuvent, par exemple " "servir au stockage des données dâ??extension reçues dans une structure " "appropriée ou à transmettre les données dâ??extension à ajouter ou libérer " "lors de lâ??ajout de lâ??extension." #. type: textblock #: C/ssl/SSL_CTX_set_custom_cli_ext.pod:110 msgid "" "The B<ext_type> parameter corresponds to the B<extension_type> field of " "RFC5246 et al. It is B<not> a NID." msgstr "" "Le paramètre I<ext_type> correspond au champ I<extension_type> de la " "RFC 5246 (entre autres). Ce nâ??est B<pas> un identifiant (NID)." #. type: textblock #: C/ssl/SSL_CTX_set_custom_cli_ext.pod:113 msgid "" "If the same custom extension type is received multiple times a fatal " "B<decode_error> alert is sent and the handshake aborts. If a custom " "extension is received in ServerHello which was not sent in ClientHello a " "fatal B<unsupported_extension> alert is sent and the handshake is aborted. " "The ServerHello B<add_cb> callback is only called if the corresponding " "extension was received in ClientHello. This is compliant with the TLS " "specifications. This behaviour ensures that each callback is called at most " "once and that an application can never send unsolicited extensions." msgstr "" "Si la même extension personnalisée est reçue plusieurs fois, une alerte " "I<decode_error> fatale est envoyée et lâ??initiation de connexion échoue. Si " "une extension personnalisée est reçue dans ServerHello qui nâ??avait pas été " "envoyée dans ClientHello, une alerte I<unsupported_extension> est envoyée et " "lâ??initiation de connexion avorte. Le rappel I<add_cb> de ServerHello est " "seulement appelé si lâ??extension correspondante a été reçue dans ClientHello. " "Cela est conforme aux spécifications TLS. Ce comportement assure que chaque " "rappel est fait au plus une fois et quâ??une application ne ne puisse envoyer " "une extension non sollicitée." #. type: textblock #: C/ssl/SSL_CTX_set_custom_cli_ext.pod:124 msgid "" "SSL_CTX_add_client_custom_ext() and SSL_CTX_add_server_custom_ext() return 1 " "for success and 0 for failure. A failure can occur if an attempt is made to " "add the same B<ext_type> more than once, if an attempt is made to use an " "extension type handled internally by OpenSSL or if an internal error occurs " "(for example a memory allocation failure)." msgstr "" "B<SSL_CTX_add_client_custom_ext>() et B<SSL_CTX_add_server_custom_ext>() " "renvoient B<1> pour un succès et B<0> pour un échec. Un échec peut se " "produire si un essai est fait dâ??ajouter plus dâ??une fois le même I<ext_type>, " "si un essai est fait dâ??utiliser un type dâ??extension utilisé en interne par " "OpenSSL ou si une erreur interne se produit (par exemple un échec " "dâ??allocation mémoire)." #. type: textblock #: C/ssl/SSL_CTX_set_default_passwd_cb.pod:5 msgid "" "SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata - set " "passwd callback for encrypted PEM file handling" msgstr "" "SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata - " "Définir le rappel du mot de passe pour la gestion de fichier utilisant le " "chiffrage PEM " #. type: verbatim #: C/ssl/SSL_CTX_set_default_passwd_cb.pod:11 #, no-wrap msgid "" " void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);\n" " void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);\n" "\n" msgstr "" "B< void SSL_CTX_set_default_passwd_cb(SSL_CTX *>I<ctx>B<, pem_password_cb *cb);>\n" " B<void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *>I<ctx>B<, void *u);>\n" "\n" #. type: verbatim #: C/ssl/SSL_CTX_set_default_passwd_cb.pod:14 #, no-wrap msgid "" " int pem_passwd_cb(char *buf, int size, int rwflag, void *userdata);\n" "\n" msgstr "" "B< int pem_passwd_cb(char *>I<tamp>B<, int> I<taille>B<, int> I<rwflag>B<, void *>I<userdata>B<);>\n" "\n" #. type: textblock #: C/ssl/SSL_CTX_set_default_passwd_cb.pod:18 msgid "" "SSL_CTX_set_default_passwd_cb() sets the default password callback called " "when loading/storing a PEM certificate with encryption." msgstr "" "B<SSL_CTX_set_default_passwd_cb>() définit le rappel du mot de passe par " "défaut appelé lors dâ??un chargement ou enregistrement chiffré avec un " "certificat PEM" #. type: textblock #: C/ssl/SSL_CTX_set_default_passwd_cb.pod:21 msgid "" "SSL_CTX_set_default_passwd_cb_userdata() sets a pointer to B<userdata> which " "will be provided to the password callback on invocation." msgstr "" "B<SSL_CTX_set_default_passwd_cb_userdata>() définit un pointeur vers " "I<userdata> qui sera fourni à lâ??invocation du rappel de mot de passe." #. type: textblock #: C/ssl/SSL_CTX_set_default_passwd_cb.pod:24 msgid "" "The pem_passwd_cb(), which must be provided by the application, hands back " "the password to be used during decryption. On invocation a pointer to " "B<userdata> is provided. The pem_passwd_cb must write the password into the " "provided buffer B<buf> which is of size B<size>. The actual length of the " "password must be returned to the calling function. B<rwflag> indicates " "whether the callback is used for reading/decryption (rwflag=0) or writing/" "encryption (rwflag=1)." msgstr "" "B<pem_passwd_cb()>, qui doit être fourni par lâ??application, restitue le mot " "de passe lors du déchiffrement. Lors de lâ??invocation, un pointeur vers " "I<userdata> est fourni. B<pem_passwd_cb> doit écrire le mot de passe dans le " "tampon I<tampon> fourni qui est de taille I<taille>. La taille réelle doit " "être renvoyée à la fonction de rappel. I<rwflag> indique si le rappel est " "utilisé pour lecture et déchiffrement (I<rwflag>=0) ou écriture et " "chiffrement (I<rwflag>=1)." #. type: textblock #: C/ssl/SSL_CTX_set_default_passwd_cb.pod:34 msgid "" "When loading or storing private keys, a password might be supplied to " "protect the private key. The way this password can be supplied may depend on " "the application. If only one private key is handled, it can be practical to " "have pem_passwd_cb() handle the password dialog interactively. If several " "keys have to be handled, it can be practical to ask for the password once, " "then keep it in memory and use it several times. In the last case, the " "password could be stored into the B<userdata> storage and the " "pem_passwd_cb() only returns the password already stored." msgstr "" "Lors du chargement ou du stockage de clefs privées, un mot de passe devrait " "être fourni pour protéger la clef privée. La façon de fournir ce mot de " "passe dépend de lâ??application. Si une seule clef privée est gérée, cela peut " "être pratique que B<pem_passwd_cb()> gère le dialogue pour le mot de passe " "de façon interactive. Si plusieurs clefs doivent être gérées, il peut être " "pratique de demander le mot de passe une fois, puis le garder en mémoire et " "lâ??utiliser plusieurs fois. Dans ce dernier cas, le mot de passe peut être " "mémorisé dans le stockage I<userdata> et B<pem_passwd_cb()> ne renvoie que " "le mot de passe déjà enregistré." #. type: textblock #: C/ssl/SSL_CTX_set_default_passwd_cb.pod:43 msgid "" "When asking for the password interactively, pem_passwd_cb() can use " "B<rwflag> to check, whether an item shall be encrypted (rwflag=1). In this " "case the password dialog may ask for the same password twice for comparison " "in order to catch typos, that would make decryption impossible." msgstr "" "Lors dâ??une demande interactive, B<pem_passwd_cb()> peut utiliser I<rwflag> " "pour déterminer si un objet doit être chiffré (I<rwflag>=1). Dans ce cas, le " "dialogue pour le mot de passe peut demander le mot de passe deux fois pour " "éviter les erreurs de frappe qui rendent le déchiffrement impossible." #. type: textblock #: C/ssl/SSL_CTX_set_default_passwd_cb.pod:49 msgid "" "Other items in PEM formatting (certificates) can also be encrypted, it is " "however not usual, as certificate information is considered public." msgstr "" "Dâ??autres objets formatés en PEM (certificats) peuvent aussi être chiffrés. " "Ce nâ??est pas courant, lâ??information sur les certificats est considérée comme " "publique." #. type: textblock #: C/ssl/SSL_CTX_set_default_passwd_cb.pod:54 msgid "" "SSL_CTX_set_default_passwd_cb() and " "SSL_CTX_set_default_passwd_cb_userdata() do not provide diagnostic " "information." msgstr "" "B<SSL_CTX_set_default_passwd_cb>() et " "B<SSL_CTX_set_default_passwd_cb_userdata>() ne fournissent pas dâ??information " "de diagnostic." #. type: textblock #: C/ssl/SSL_CTX_set_default_passwd_cb.pod:59 msgid "" "The following example returns the password provided as B<userdata> to the " "calling function. The password is considered to be a '\\0' terminated " "string. If the password does not fit into the buffer, the password is " "truncated." msgstr "" "Lâ??exemple suivant renvoie le mot de passe fourni par I<userdata> à la " "fonction de rappel. Le mot de passe est censé être une chaîne finissant par " "« \\0 ». Si le mot de passe ne tient pas dans le tampon, il est tronqué." #. type: verbatim #: C/ssl/SSL_CTX_set_default_passwd_cb.pod:64 #, no-wrap msgid "" " int pem_passwd_cb(char *buf, int size, int rwflag, void *password)\n" " {\n" " strncpy(buf, (char *)(password), size);\n" " buf[size - 1] = '\\0';\n" " return(strlen(buf));\n" " }\n" "\n" msgstr "" " int pem_passwd_cb(char *I<tamp>, int I<taille>, int I<rwflag>, void *I<mot_de_passe>)\n" " {\n" " strncpy(I<tamp>, (char *)(I<mot_de_passe>), I<taille>);\n" " I<tamp>[I<taille> - 1] = '\\0';\n" " return(strlen(I<tamp>));\n" " }\n" "\n" #. type: textblock #: C/ssl/SSL_CTX_set_default_passwd_cb.pod:73 msgid "" "L<ssl(3)|ssl(3)>, L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>" msgstr "" "L<B<ssl>(3)|ssl(3)>, L<B<SSL_CTX_use_certificate>(3)|" "SSL_CTX_use_certificate(3)>" #. type: textblock #: C/ssl/SSL_CTX_set_generate_session_id.pod:5 msgid "" "SSL_CTX_set_generate_session_id, SSL_set_generate_session_id, " "SSL_has_matching_session_id - manipulate generation of SSL session IDs " "(server only)" msgstr "" "SSL_CTX_set_generate_session_id, SSL_set_generate_session_id, " "SSL_has_matching_session_id - Contrôler la création dâ??identifiant de session " "SSL (serveur uniquement)" #. type: verbatim #: C/ssl/SSL_CTX_set_generate_session_id.pod:11 #, no-wrap msgid "" " typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id,\n" " unsigned int *id_len);\n" "\n" msgstr "" "B< typedef int (*GEN_SESSION_CB)(const SSL *>I<ssl>B<, unsigned char *>I<id>B<,>\n" " B<unsigned int *>I<id_long>)B<;>\n" "\n" #. type: verbatim #: C/ssl/SSL_CTX_set_generate_session_id.pod:14 #, no-wrap msgid "" " int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb);\n" " int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB, cb);\n" " int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,\n" "\t\t\t\t unsigned int id_len);\n" "\n" msgstr "" "B< int SSL_CTX_set_generate_session_id(SSL_CTX *>I<ctx>B<, GEN_SESSION_CB> I<cb>B<);>\n" " B<int SSL_set_generate_session_id(SSL *>I<ssl>B<, GEN_SESSION_CB,> I<cb>B<);>\n" " B<int SSL_has_matching_session_id(const SSL *>I<ssl>B<, const unsigned char *>I<id>B<,>\n" " \t\t\t\t B<unsigned int> I<id_long>B<);>\n" "\n" #. type: textblock #: C/ssl/SSL_CTX_set_generate_session_id.pod:21 msgid "" "SSL_CTX_set_generate_session_id() sets the callback function for generating " "new session ids for SSL/TLS sessions for B<ctx> to be B<cb>." msgstr "" "B<SSL_CTX_set_generate_session_id>() définit la fonction de rappel pour la " "création dâ??identifiants de nouvelles sessions SSL/TLS pour I<ctx> à I<cb>." #. type: textblock #: C/ssl/SSL_CTX_set_generate_session_id.pod:24 msgid "" "SSL_set_generate_session_id() sets the callback function for generating new " "session ids for SSL/TLS sessions for B<ssl> to be B<cb>." msgstr "" "B<SSL_CTX_set_generate_session_id>() définit la fonction de rappel pour la " "création dâ??identifiants de nouvelles sessions SSL/TLS pour I<ssl> à I<cb>." #. type: textblock #: C/ssl/SSL_CTX_set_generate_session_id.pod:27 msgid "" "SSL_has_matching_session_id() checks, whether a session with id B<id> (of " "length B<id_len>) is already contained in the internal session cache of the " "parent context of B<ssl>." msgstr "" "B<SSL_has_matching_session_id>() vérifie si une session dâ??identifiant I<id> " "(de longueur I<id_long>) est déjà contenue dans le cache interne de session " "du contexte parent de I<ssl>." #. type: textblock #: C/ssl/SSL_CTX_set_generate_session_id.pod:33 msgid "" "When a new session is established between client and server, the server " "generates a session id. The session id is an arbitrary sequence of bytes. " "The length of the session id is 16 bytes for SSLv2 sessions and between 1 " "and 32 bytes for SSLv3/TLSv1. The session id is not security critical but " "must be unique for the server. Additionally, the session id is transmitted " "in the clear when reusing the session so it must not contain sensitive " "information." msgstr "" "Quand une nouvelle session est établie entre client et serveur, le serveur " "crée un identifiant de session. Celui-ci est une séquence arbitraire " "dâ??octets. La longueur de lâ??identifiant est de 16 octets pour les sessions " "SSLv2 et entre 1 et 32 octets pour celles SSLv3/TLSv1. Lâ??identifiant nâ??est " "pas critique pour la sécurité mais doit être unique pour le serveur. De plus " "lâ??identifiant est transmis en clair, aussi ne doit-il pas contenir " "dâ??informations sensibles." #. type: textblock #: C/ssl/SSL_CTX_set_generate_session_id.pod:41 msgid "" "Without a callback being set, an OpenSSL server will generate a unique " "session id from pseudo random numbers of the maximum possible length. Using " "the callback function, the session id can be changed to contain additional " "information like e.g. a host id in order to improve load balancing or " "external caching techniques." msgstr "" "Sans rappel défini, un serveur OpenSSL créera un seul identifiant de session " "à partir de nombres pseudo-aléatoire de la longueur la plus grande possible. " "En utilisant la fonction de rappel, lâ??identifiant peut être changé et " "contenir des informations supplémentaires, comme p.ex. un identifiant dâ??hôte " "pour améliorer la répartition de charge ou les techniques de cache externe." #. type: textblock #: C/ssl/SSL_CTX_set_generate_session_id.pod:47 msgid "" "The callback function receives a pointer to the memory location to put B<id> " "into and a pointer to the maximum allowed length B<id_len>. The buffer at " "location B<id> is only guaranteed to have the size B<id_len>. The callback " "is only allowed to generate a shorter id and reduce B<id_len>; the callback " "B<must never> increase B<id_len> or write to the location B<id> exceeding " "the given limit." msgstr "" "La fonction de rappel reçoit un pointeur vers lâ??emplacement mémoire où " "mettre I<id> et un autre vers la longueur maximale admise I<id_long>. Le " "tampon à lâ??emplacement I<id> est seulement sûr dâ??avoir la taille de " "I<id_long>. Le rappel est seulement autorisé à créer un identifiant plus " "petit et à réduire I<id_long> ; le rappel B<ne doit jamais> augmenter " "I<id_long> ou écrire dans lâ??emplacement I<id> en dépassant la limite donnée." #. type: textblock #: C/ssl/SSL_CTX_set_generate_session_id.pod:54 msgid "" "If a SSLv2 session id is generated and B<id_len> is reduced, it will be " "restored after the callback has finished and the session id will be padded " "with 0x00. It is not recommended to change the B<id_len> for SSLv2 " "sessions. The callback can use the L<SSL_get_version(3)|SSL_get_version(3)> " "function to check, whether the session is of type SSLv2." msgstr "" "Si un identifiant de session SSLv2 est créé et I<id_long> réduit, il sera " "restauré après la fin du rappel et lâ??identifiant empli avec des 0x00. " "Changer I<id_long> nâ??est pas recommandé pour des sessions SSLv2. Le rappel " "peut utiliser la fonction L<B<SSL_get_version>(3)|SSL_get_version(3)> pour " "vérifier si la fonction est de type SSLv2." #. type: textblock #: C/ssl/SSL_CTX_set_generate_session_id.pod:60 msgid "" "The location B<id> is filled with 0x00 before the callback is called, so the " "callback may only fill part of the possible length and leave B<id_len> " "untouched while maintaining reproducibility." msgstr "" "Lâ??emplacement I<id> est empli avec des 0x00 avant lâ??appel du rappel, aussi " "le rappel peut seulement remplir une partie de la longueur possible et " "laisse I<id_long> inchangé tout en maintenant la reproductibilité." #. type: textblock #: C/ssl/SSL_CTX_set_generate_session_id.pod:64 msgid "" "Since the sessions must be distinguished, session ids must be unique. " "Without the callback a random number is used, so that the probability of " "generating the same session id is extremely small (2^128 possible ids for an " "SSLv2 session, 2^256 for SSLv3/TLSv1). In order to assure the uniqueness of " "the generated session id, the callback must call " "SSL_has_matching_session_id() and generate another id if a conflict occurs. " "If an id conflict is not resolved, the handshake will fail. If the " "application codes e.g. a unique host id, a unique process number, and a " "unique sequence number into the session id, uniqueness could easily be " "achieved without randomness added (it should however be taken care that no " "confidential information is leaked this way). If the application can not " "guarantee uniqueness, it is recommended to use the maximum B<id_len> and " "fill in the bytes not used to code special information with random data to " "avoid collisions." msgstr "" "Puisque les sessions doivent pouvoir être distinguées, les identifiants de " "session doivent être uniques. En dehors du rappel, un nombre aléatoire est " "utilisé, aussi la possibilité de créer un même identifiant est extrêmement " "faible (2^128 identifiants possibles pour une session SSLv2 , 2^256 pour " "SSLv3/TLSv1). Dans le but dâ??assurer lâ??unicité de lâ??identifiant créé, le " "rappel doit appeler B<SSL_has_matching_session_id>() et créer un autre " "identifiant si un conflit se produit. Si un conflit dâ??identifiant apparait, " "lâ??initiation de connexion échouera. Si lâ??application code p.ex. un " "identifiant unique dâ??hôte, un numéro unique de processus et un numéro unique " "de suite dans lâ??identifiant de session, lâ??unicité peut facilement être " "parachevée sans caractères aléatoires ajoutés (en prenant soin quâ??aucune " "information confidentielle ne puisse être divulguée). Si lâ??application ne " "peut garantir lâ??unicité, lâ??utilisation du maximum de I<id_long> est " "recommandée ainsi que remplir les octets, non utilisés pour coder une " "information particulière, avec des données aléatoires pour éviter un conflit." #. type: textblock #: C/ssl/SSL_CTX_set_generate_session_id.pod:79 msgid "" "SSL_has_matching_session_id() will only query the internal session cache, " "not the external one. Since the session id is generated before the handshake " "is completed, it is not immediately added to the cache. If another thread is " "using the same internal session cache, a race condition can occur in that " "another thread generates the same session id. Collisions can also occur " "when using an external session cache, since the external cache is not tested " "with SSL_has_matching_session_id() and the same race condition applies." msgstr "" "B<SSL_has_matching_session_id>() interrogera le cache interne de session " "mais pas celui externe. Puisque lâ??identifiant de session est créé avant que " "lâ??initiation ne soit terminée, il nâ??est pas ajouté immédiatement au cache. " "Si un autre processus utilise le même cache interne de session, une " "situation de compétition peut survenir si cet autre processus crée le même " "identifiant. Des conflits peuvent survenir lors de lâ??utilisation du cache de " "session externe puisque celui-ci nâ??est pas vérifié avec " "B<SSL_has_matching_session_id>(), et la même situation de compétition existe." #. type: textblock #: C/ssl/SSL_CTX_set_generate_session_id.pod:88 msgid "" "When calling SSL_has_matching_session_id() for an SSLv2 session with reduced " "B<id_len>, the match operation will be performed using the fixed length " "required and with a 0x00 padded id." msgstr "" "Lors de lâ??appel de B<SSL_has_matching_session_id>()pour une session SSLv2 " "avec I<id_long> réduit, la correspondance sera réalisée en utilisant la " "longueur demandée et lâ??identifiant emplit de 0x00." #. type: textblock #: C/ssl/SSL_CTX_set_generate_session_id.pod:92 msgid "" "The callback must return 0 if it cannot generate a session id for whatever " "reason and return 1 on success." msgstr "" "Le rappel doit renvoyer B<0> si un identifiant ne peut être créé pour " "nâ??importe quelle raison et B<1> en cas de réussite." #. type: textblock #: C/ssl/SSL_CTX_set_generate_session_id.pod:97 msgid "" "The callback function listed will generate a session id with the server id " "given, and will fill the rest with pseudo random bytes:" msgstr "" "La fonction de rappel doit créé un identifiant de session avec lâ??identifiant " "de serveur fourni, et compléter le reste avec des octets pseudo-aléatoires." #. type: verbatim #: C/ssl/SSL_CTX_set_generate_session_id.pod:100 #, no-wrap msgid "" " const char session_id_prefix = \"www-18\";\n" "\n" msgstr "" " const char session_id_prefix = \"www-18\";\n" "\n" #. type: verbatim #: C/ssl/SSL_CTX_set_generate_session_id.pod:102 #, no-wrap msgid "" " #define MAX_SESSION_ID_ATTEMPTS 10\n" " static int generate_session_id(const SSL *ssl, unsigned char *id,\n" " unsigned int *id_len)\n" " {\n" " unsigned int count = 0;\n" " const char *version;\n" "\n" msgstr "" " #define MAX_SESSION_ID_ATTEMPTS 10\n" " static int generate_session_id(const SSL *ssl, unsigned char *id,\n" " unsigned int *id_long)\n" " {\n" " unsigned int count = 0;\n" " const char *version;\n" "\n" #. type: verbatim #: C/ssl/SSL_CTX_set_generate_session_id.pod:109 #, no-wrap msgid "" " version = SSL_get_version(ssl);\n" " if (!strcmp(version, \"SSLv2\"))\n" "\t /* we must not change id_len */;\n" "\n" msgstr "" " version = SSL_get_version(ssl);\n" " if (!strcmp(version, \"SSLv2\"))\n" "\t /* ne pas changer id_long */;\n" "\n" #. type: verbatim #: C/ssl/SSL_CTX_set_generate_session_id.pod:113 #, no-wrap msgid "" " do {\n" " RAND_pseudo_bytes(id, *id_len);\n" " /* Prefix the session_id with the required prefix. NB: If our\n" " * prefix is too long, clip it - but there will be worse effects\n" " * anyway, eg. the server could only possibly create 1 session\n" " * ID (ie. the prefix!) so all future session negotiations will\n" " * fail due to conflicts. */\n" " memcpy(id, session_id_prefix,\n" " (strlen(session_id_prefix) < *id_len) ?\n" " strlen(session_id_prefix) : *id_len);\n" " }\n" " while(SSL_has_matching_session_id(ssl, id, *id_len) &&\n" " (++count < MAX_SESSION_ID_ATTEMPTS));\n" " if(count >= MAX_SESSION_ID_ATTEMPTS)\n" " return 0;\n" " return 1;\n" " }\n" "\n" msgstr "" " do {\n" " RAND_pseudo_bytes(id, *id_len);\n" " /* Préfixer le session_id avec le préfixe demandé.\n" " * Avertissement : si le préfixe est trop long, rognez-le\n" " * â?? des effets pervers sont possibles, par exemple,\n" " * le serveur peut créer un identifiant de session\n" " * (câ??est-à -dire le préfixe) de telle sorte que toutes\n" " * les négociations de sessions suivante échoueront à \n" " * cause des conflits. */\n" " memcpy(id, session_id_prefix,\n" " (strlen(session_id_prefix) < *id_long) ?\n" " strlen(session_id_prefix) : *id_long);\n" " }\n" " while(SSL_has_matching_session_id(ssl, id, *id_long) &&\n" " (++count < MAX_SESSION_ID_ATTEMPTS));\n" " if(count >= MAX_SESSION_ID_ATTEMPTS)\n" " return 0;\n" " return 1;\n" " }\n" "\n" #. type: textblock #: C/ssl/SSL_CTX_set_generate_session_id.pod:134 msgid "" "SSL_CTX_set_generate_session_id() and SSL_set_generate_session_id() always " "return 1." msgstr "" "B<SSL_CTX_set_generate_session_id>() et B<SSL_set_generate_session_id>() " "renvoient B<1>." #. type: textblock #: C/ssl/SSL_CTX_set_generate_session_id.pod:137 msgid "" "SSL_has_matching_session_id() returns 1 if another session with the same id " "is already in the cache." msgstr "" "B<SSL_has_matching_session_id>() renvoie B<1> si une autre session avec le " "même identifiant est déjà dans le cache." #. type: textblock #: C/ssl/SSL_CTX_set_generate_session_id.pod:142 msgid "L<ssl(3)|ssl(3)>, L<SSL_get_version(3)|SSL_get_version(3)>" msgstr "L<B<ssl>(3)|ssl(3)>, L<B<SSL_get_version>(3)|SSL_get_version(3)>" #. type: textblock #: C/ssl/SSL_CTX_set_generate_session_id.pod:146 msgid "" "SSL_CTX_set_generate_session_id(), SSL_set_generate_session_id() and " "SSL_has_matching_session_id() have been introduced in OpenSSL 0.9.7." msgstr "" "B<SSL_CTX_set_generate_session_id>(), B<SSL_set_generate_session_id>() et " "B<SSL_has_matching_session_id>() ont été introduits dans OpenSSL 0.9.7." #. type: textblock #: C/ssl/SSL_CTX_set_info_callback.pod:5 msgid "" "SSL_CTX_set_info_callback, SSL_CTX_get_info_callback, SSL_set_info_callback, " "SSL_get_info_callback - handle information callback for SSL connections" msgstr "" "SSL_CTX_set_info_callback, SSL_CTX_get_info_callback, SSL_set_info_callback, " "SSL_get_info_callback - Gestion du rappel dâ??information pour les connexions " "SSL" #. type: verbatim #: C/ssl/SSL_CTX_set_info_callback.pod:11 #, no-wrap msgid "" " void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*callback)());\n" " void (*SSL_CTX_get_info_callback(const SSL_CTX *ctx))();\n" "\n" msgstr "" "B< void SSL_CTX_set_info_callback(SSL_CTX *>I<ctx>B<, void (*>I<rappel>B<)());>\n" " B<void (*SSL_CTX_get_info_callback(const SSL_CTX *>I<ctx>B<))();>\n" "\n" #. type: verbatim #: C/ssl/SSL_CTX_set_info_callback.pod:14 #, no-wrap msgid "" " void SSL_set_info_callback(SSL *ssl, void (*callback)());\n" " void (*SSL_get_info_callback(const SSL *ssl))();\n" "\n" msgstr "" "B< void SSL_set_info_callback(SSL *>I<ssl>B<, void (*>I<rappel>B<)());>\n" " B<void (*SSL_get_info_callback(const SSL *>I<ssl>B<))();>\n" "\n" #. type: textblock #: C/ssl/SSL_CTX_set_info_callback.pod:19 msgid "" "SSL_CTX_set_info_callback() sets the B<callback> function, that can be used " "to obtain state information for SSL objects created from B<ctx> during " "connection setup and use. The setting for B<ctx> is overridden from the " "setting for a specific SSL object, if specified. When B<callback> is NULL, " "not callback function is used." msgstr "" "B<SSL_CTX_set_info_callback>() définit la fonction I<rappel>, qui peut être " "utilisée pour obtenir lâ??information dâ??état pour des objets SSL créés à " "partir de I<ctx> pendant la configuration de la connexion et son " "utilisation. Le réglage pour I<ctx> est redéfini par la configuration pour " "un objet SSL spécifique, sâ??il existe. Si I<rappel> est NULL, aucune fonction " "de rappel nâ??est utilisée." #. type: textblock #: C/ssl/SSL_CTX_set_info_callback.pod:25 msgid "" "SSL_set_info_callback() sets the B<callback> function, that can be used to " "obtain state information for B<ssl> during connection setup and use. When " "B<callback> is NULL, the callback setting currently valid for B<ctx> is used." msgstr "" "B<SSL_set_info_callback>() définit la fonction I<rappel>, qui peut être " "utilisée pour lâ??information dâ??état pour I<ssl> pendant la configuration de " "la connexion et son utilisation. Si I<rappel> est NULL, le réglage du rappel " "en cours pour I<ctx> est utilisé." #. type: textblock #: C/ssl/SSL_CTX_set_info_callback.pod:30 msgid "" "SSL_CTX_get_info_callback() returns a pointer to the currently set " "information callback function for B<ctx>." msgstr "" "B<SSL_CTX_get_info_callback>() renvoie un pointeur vers lâ??actuelle fonction " "de rappel dâ??information pour I<ctx>." #. type: textblock #: C/ssl/SSL_CTX_set_info_callback.pod:33 msgid "" "SSL_get_info_callback() returns a pointer to the currently set information " "callback function for B<ssl>." msgstr "" "B<SSL_get_info_callback>() renvoie un pointeur vers lâ??actuelle fonction de " "rappel dâ??information pour I<ssl>." #. type: textblock #: C/ssl/SSL_CTX_set_info_callback.pod:38 msgid "" "When setting up a connection and during use, it is possible to obtain state " "information from the SSL/TLS engine. When set, an information callback " "function is called whenever the state changes, an alert appears, or an error " "occurs." msgstr "" "Durant la configuration de connexion et son utilisation, il est possible " "dâ??obtenir des informations dâ??état du moteur SSL/TLS. Si définie, une " "fonction de rappel dâ??information est appelée à chaque fois que lâ??état " "change, une alerte apparait, ou une erreur survient." #. type: textblock #: C/ssl/SSL_CTX_set_info_callback.pod:42 msgid "" "The callback function is called as B<callback(SSL *ssl, int where, int " "ret)>. The B<where> argument specifies information about where (in which " "context) the callback function was called. If B<ret> is 0, an error " "condition occurred. If an alert is handled, SSL_CB_ALERT is set and B<ret> " "specifies the alert information." msgstr "" "La fonction de rappel est demandée ainsi : B<rappel(SSL *>I<ssl>B<, int " ">I<où>B<, int> I<ret>B<)>. Lâ??argument I<où> précise lâ??information sur où " "(dans quel contexte) la fonction de rappel a été appelée. Si I<ret> est " "B<0>, une condition dâ??erreur est survenue. Si une alerte est gérée, " "SSL_CB_ALERT est défini et I<ret> indique la connaissance dâ??une alerte." #. type: textblock #: C/ssl/SSL_CTX_set_info_callback.pod:48 msgid "B<where> is a bitmask made up of the following bits:" msgstr "I<où> est un masquage fait avec les éléments suivants." #. type: =item #: C/ssl/SSL_CTX_set_info_callback.pod:52 msgid "SSL_CB_LOOP" msgstr "SSL_CB_LOOP" #. type: textblock #: C/ssl/SSL_CTX_set_info_callback.pod:54 msgid "Callback has been called to indicate state change inside a loop." msgstr "" "Le rappel a été demandé pour indiquer un changement dâ??état dans une boucle." #. type: =item #: C/ssl/SSL_CTX_set_info_callback.pod:56 msgid "SSL_CB_EXIT" msgstr "SSL_CB_EXIT" #. type: textblock #: C/ssl/SSL_CTX_set_info_callback.pod:58 msgid "" "Callback has been called to indicate error exit of a handshake function. " "(May be soft error with retry option for non-blocking setups.)" msgstr "" "Le rappel a été demandé pour indiquer une sortie dâ??erreur dans une fonction " "dâ??initiation de connexion (Peut être une erreur bénigne avec la possibilité " "de recommencer dans les configurations non bloquantes)." #. type: =item #: C/ssl/SSL_CTX_set_info_callback.pod:61 msgid "SSL_CB_READ" msgstr "SSL_CB_READ" #. type: textblock #: C/ssl/SSL_CTX_set_info_callback.pod:63 msgid "Callback has been called during read operation." msgstr "Le rappel a été demandé pendant une opération de lecture." #. type: =item #: C/ssl/SSL_CTX_set_info_callback.pod:65 msgid "SSL_CB_WRITE" msgstr "SSL_CB_WRITE" #. type: textblock #: C/ssl/SSL_CTX_set_info_callback.pod:67 msgid "Callback has been called during write operation." msgstr "Le rappel a été demandé durant une opération dâ??écriture." #. type: =item #: C/ssl/SSL_CTX_set_info_callback.pod:69 msgid "SSL_CB_ALERT" msgstr "SSL_CB_ALERT" #. type: textblock #: C/ssl/SSL_CTX_set_info_callback.pod:71 msgid "Callback has been called due to an alert being sent or received." msgstr "Le rappel a été demandé à cause dâ??une alerte envoyée ou reçue." #. type: =item #: C/ssl/SSL_CTX_set_info_callback.pod:73 msgid "SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ)" msgstr "SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ)" #. type: =item #: C/ssl/SSL_CTX_set_info_callback.pod:75 msgid "SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE)" msgstr "SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE)" #. type: =item #: C/ssl/SSL_CTX_set_info_callback.pod:77 msgid "SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP)" msgstr "SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP)" #. type: =item #: C/ssl/SSL_CTX_set_info_callback.pod:79 msgid "SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT)" msgstr "SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT)" #. type: =item #: C/ssl/SSL_CTX_set_info_callback.pod:81 msgid "SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP)" msgstr "SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP)" #. type: =item #: C/ssl/SSL_CTX_set_info_callback.pod:83 msgid "SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT)" msgstr "SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT)" #. type: =item #: C/ssl/SSL_CTX_set_info_callback.pod:85 msgid "SSL_CB_HANDSHAKE_START" msgstr "SSL_CB_HANDSHAKE_START" #. type: textblock #: C/ssl/SSL_CTX_set_info_callback.pod:87 msgid "Callback has been called because a new handshake is started." msgstr "" "Le rappel a été demandé car une nouvelle initialisation de connexion a " "commencé." #. type: =item #: C/ssl/SSL_CTX_set_info_callback.pod:89 msgid "SSL_CB_HANDSHAKE_DONE 0x20" msgstr "SSL_CB_HANDSHAKE_DONE 0x20" #. type: textblock #: C/ssl/SSL_CTX_set_info_callback.pod:91 msgid "Callback has been called because a handshake is finished." msgstr "Le rappel a été demandé parce que lâ??initialisation est terminée." #. type: textblock #: C/ssl/SSL_CTX_set_info_callback.pod:95 msgid "" "The current state information can be obtained using the " "L<SSL_state_string(3)|SSL_state_string(3)> family of functions." msgstr "" "Lâ??actuelle information dâ??état peut être obtenue avec la famille de fonctions " "L<B<SSL_state_string>(3)|SSL_state_string(3)>." #. type: textblock #: C/ssl/SSL_CTX_set_info_callback.pod:98 msgid "" "The B<ret> information can be evaluated using the L<SSL_alert_type_string(3)|" "SSL_alert_type_string(3)> family of functions." msgstr "" "Lâ??information I<ret> peut être évaluée avec la famille de fonctions " "L<B<SSL_alert_type_string>(3)|SSL_alert_type_string(3)>." #. type: textblock #: C/ssl/SSL_CTX_set_info_callback.pod:103 msgid "SSL_set_info_callback() does not provide diagnostic information." msgstr "B<SSL_set_info_callback>() ne fournit pas dâ??information de diagnostic." #. type: textblock #: C/ssl/SSL_CTX_set_info_callback.pod:105 msgid "SSL_get_info_callback() returns the current setting." msgstr "B<SSL_get_info_callback>() renvoie le réglage actuel." #. type: textblock #: C/ssl/SSL_CTX_set_info_callback.pod:109 msgid "" "The following example callback function prints state strings, information " "about alerts being handled and error messages to the B<bio_err> BIO." msgstr "" "Lâ??exemple suivant de fonction de rappel écrit les chaînes dâ??état, " "lâ??information sur les alertes gérées et les messages dâ??erreur dans le BIO " "I<bio_err>." #. type: verbatim #: C/ssl/SSL_CTX_set_info_callback.pod:112 #, no-wrap msgid "" " void apps_ssl_info_callback(SSL *s, int where, int ret)\n" "\t{\n" "\tconst char *str;\n" "\tint w;\n" "\n" msgstr "" " void apps_ssl_info_callback(SSL *s, int où, int ret)\n" "\t{\n" "\tconst char *str;\n" "\tint w;\n" "\n" #. type: verbatim #: C/ssl/SSL_CTX_set_info_callback.pod:117 #, no-wrap msgid "" "\tw=where& ~SSL_ST_MASK;\n" "\n" msgstr "" "\tw=où& ~SSL_ST_MASK;\n" "\n" #. type: verbatim #: C/ssl/SSL_CTX_set_info_callback.pod:119 #, no-wrap msgid "" "\tif (w & SSL_ST_CONNECT) str=\"SSL_connect\";\n" "\telse if (w & SSL_ST_ACCEPT) str=\"SSL_accept\";\n" "\telse str=\"undefined\";\n" "\n" msgstr "" "\tif (w & SSL_ST_CONNECT) str=\"SSL_connect\";\n" "\telse if (w & SSL_ST_ACCEPT) str=\"SSL_accept\";\n" "\telse str=\"undefined\";\n" "\n" #. type: verbatim #: C/ssl/SSL_CTX_set_info_callback.pod:123 #, no-wrap msgid "" "\tif (where & SSL_CB_LOOP)\n" "\t\t{\n" "\t\tBIO_printf(bio_err,\"%s:%s\\n\",str,SSL_state_string_long(s));\n" "\t\t}\n" "\telse if (where & SSL_CB_ALERT)\n" "\t\t{\n" "\t\tstr=(where & SSL_CB_READ)?\"read\":\"write\";\n" "\t\tBIO_printf(bio_err,\"SSL3 alert %s:%s:%s\\n\",\n" "\t\t\tstr,\n" "\t\t\tSSL_alert_type_string_long(ret),\n" "\t\t\tSSL_alert_desc_string_long(ret));\n" "\t\t}\n" "\telse if (where & SSL_CB_EXIT)\n" "\t\t{\n" "\t\tif (ret == 0)\n" "\t\t\tBIO_printf(bio_err,\"%s:failed in %s\\n\",\n" "\t\t\t\tstr,SSL_state_string_long(s));\n" "\t\telse if (ret < 0)\n" "\t\t\t{\n" "\t\t\tBIO_printf(bio_err,\"%s:error in %s\\n\",\n" "\t\t\t\tstr,SSL_state_string_long(s));\n" "\t\t\t}\n" "\t\t}\n" "\t}\n" "\n" msgstr "" "\tif (où & SSL_CB_LOOP)\n" "\t\t{\n" "\t\tBIO_printf(bio_err,\"%s:%s\\n\",str,SSL_state_string_long(s));\n" "\t\t}\n" "\telse if (où & SSL_CB_ALERT)\n" "\t\t{\n" "\t\tstr=(où & SSL_CB_READ)?\"read\":\"write\";\n" "\t\tBIO_printf(bio_err,\"SSL3 alert %s:%s:%s\\n\",\n" "\t\t\tstr,\n" "\t\t\tSSL_alert_type_string_long(ret),\n" "\t\t\tSSL_alert_desc_string_long(ret));\n" "\t\t}\n" "\telse if (où & SSL_CB_EXIT)\n" "\t\t{\n" "\t\tif (ret == 0)\n" "\t\t\tBIO_printf(bio_err,\"%s : erreur dans %s\\n\",\n" "\t\t\t\tstr,SSL_state_string_long(s));\n" "\t\telse if (ret < 0)\n" "\t\t\t{\n" "\t\t\tBIO_printf(bio_err,\"%s : erreur dans %s\\n\",\n" "\t\t\t\tstr,SSL_state_string_long(s));\n" "\t\t\t}\n" "\t\t}\n" "\t}\n" "\n" #. type: textblock #: C/ssl/SSL_CTX_set_info_callback.pod:150 msgid "" "L<ssl(3)|ssl(3)>, L<SSL_state_string(3)|SSL_state_string(3)>, " "L<SSL_alert_type_string(3)|SSL_alert_type_string(3)>" msgstr "" "L<B<ssl>(3)|ssl(3)>, L<B<SSL_state_string>(3)|SSL_state_string(3)>, " "L<B<SSL_alert_type_string>(3)|SSL_alert_type_string(3)>" #. type: textblock #: C/ssl/SSL_CTX_set_max_cert_list.pod:5 msgid "" "SSL_CTX_set_max_cert_list, SSL_CTX_get_max_cert_list, SSL_set_max_cert_list, " "SSL_get_max_cert_list, - manipulate allowed for the peer's certificate chain" msgstr "" "SSL_CTX_set_max_cert_list, SSL_CTX_get_max_cert_list, SSL_set_max_cert_list, " "SSL_get_max_cert_list - Contrôles autorisés sur les chaînes de certificats " "de pairs" #. type: verbatim #: C/ssl/SSL_CTX_set_max_cert_list.pod:11 #, no-wrap msgid "" " long SSL_CTX_set_max_cert_list(SSL_CTX *ctx, long size);\n" " long SSL_CTX_get_max_cert_list(SSL_CTX *ctx);\n" "\n" msgstr "" "B< long SSL_CTX_set_max_cert_list(SSL_CTX *>I<ctx>B<, long size);>\n" " B<long SSL_CTX_get_max_cert_list(SSL_CTX *>I<ctx>B<);>\n" "\n" #. type: verbatim #: C/ssl/SSL_CTX_set_max_cert_list.pod:14 #, no-wrap msgid "" " long SSL_set_max_cert_list(SSL *ssl, long size);\n" " long SSL_get_max_cert_list(SSL *ctx);\n" "\n" msgstr "" "B< long SSL_set_max_cert_list(SSL *>I<ssl>B<, long size);>\n" " B<long SSL_get_max_cert_list(SSL *>I<ctx>B<);>\n" "\n" #. type: textblock #: C/ssl/SSL_CTX_set_max_cert_list.pod:19 msgid "" "SSL_CTX_set_max_cert_list() sets the maximum size allowed for the peer's " "certificate chain for all SSL objects created from B<ctx> to be <size> " "bytes. The SSL objects inherit the setting valid for B<ctx> at the time " "L<SSL_new(3)|SSL_new(3)> is being called." msgstr "" "B<SSL_CTX_set_max_cert_list>() définit la taille maximale autorisée pour les " "chaînes de certificats de pairs pour tous les objets SSL créés à partir de " "I<ctx> à I<taille> octets. Les objets SSL hérite des réglages valables pour " "I<ctx> au moment où L<B<SSL_new>(3)|SSL_new(3)> est appelé." #. type: textblock #: C/ssl/SSL_CTX_set_max_cert_list.pod:24 msgid "" "SSL_CTX_get_max_cert_list() returns the currently set maximum size for " "B<ctx>." msgstr "" "B<SSL_CTX_get_max_cert_list>() renvoie lâ??actuelle taille maximale pour " "I<ctx>." #. type: textblock #: C/ssl/SSL_CTX_set_max_cert_list.pod:26 msgid "" "SSL_set_max_cert_list() sets the maximum size allowed for the peer's " "certificate chain for B<ssl> to be <size> bytes. This setting stays valid " "until a new value is set." msgstr "" "B<SSL_set_max_cert_list>() définit la taille maximale autorisée pour la " "chaîne de certificats du pair pour I<ssl> à I<taille> octets. Ce réglage " "reste valable jusquâ??à ce quâ??une nouvelle valeur soit choisie." #. type: textblock #: C/ssl/SSL_CTX_set_max_cert_list.pod:30 msgid "" "SSL_get_max_cert_list() returns the currently set maximum size for B<ssl>." msgstr "" "B<SSL_get_max_cert_list>() renvoie lâ??actuelle taille maximale pour I<ssl>." #. type: textblock #: C/ssl/SSL_CTX_set_max_cert_list.pod:34 msgid "" "During the handshake process, the peer may send a certificate chain. The " "TLS/SSL standard does not give any maximum size of the certificate chain. " "The OpenSSL library handles incoming data by a dynamically allocated " "buffer. In order to prevent this buffer from growing without bounds due to " "data received from a faulty or malicious peer, a maximum size for the " "certificate chain is set." msgstr "" "Pendant le processus dâ??initialisation de connexion, le pair envoie une " "chaîne de certificats. La norme TLS/SSL nâ??indique pas de taille maximale " "pour la chaîne de certificats. La bibliothèque dâ??OpenSSL prend en charge les " "entrées de données avec un tampon alloué dynamiquement. Pour éviter que ce " "tampon grossisse sans limite à cause de données reçues dâ??un pair " "malveillant, une taille maximale pour la chaîne de certificats est définie." #. type: textblock #: C/ssl/SSL_CTX_set_max_cert_list.pod:41 msgid "" "The default value for the maximum certificate chain size is 100kB (30kB on " "the 16bit DOS platform). This should be sufficient for usual certificate " "chains (OpenSSL's default maximum chain length is 10, see " "L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>, and certificates without " "special extensions have a typical size of 1-2kB)." msgstr "" "La valeur maximale par défaut de la taille de chaîne de certificats est " "100 ko (30 ko sur les plateformes DOS 16 bits). Cela devrait être suffisant " "pour les chaînes de certificats courantes (pour OpenSSL, la longueur " "maximale par défaut est 10, consultez L<B<SSL_CTX_set_verify>(3)|" "SSL_CTX_set_verify(3)>, et les certificats sans extensions particulières ont " "classiquement une taille de 1 à 2 ko." #. type: textblock #: C/ssl/SSL_CTX_set_max_cert_list.pod:47 msgid "" "For special applications it can be necessary to extend the maximum " "certificate chain size allowed to be sent by the peer, see e.g. the work on " "\"Internet X.509 Public Key Infrastructure Proxy Certificate Profile\" and " "\"TLS Delegation Protocol\" at http://www.ietf.org/ and http://www.globus." "org/ ." msgstr "" "Pour des applications particulières, il peut être nécessaire dâ??augmenter la " "taille maximale de la chaîne de certificats pouvant être envoyée par le " "pair, consultez p.ex., « Internet X.509 Public Key Infrastructure Proxy " "Certificate Profile » et « TLS Delegation Protocol » sur http://www.ietf." "org/ et http://www.globus.org/." #. type: textblock #: C/ssl/SSL_CTX_set_max_cert_list.pod:53 msgid "" "Under normal conditions it should never be necessary to set a value smaller " "than the default, as the buffer is handled dynamically and only uses the " "memory actually required by the data sent by the peer." msgstr "" "Dans des conditions normales, il ne devrait jamais être nécessaire de " "définir une valeur plus petite que celle par défaut, car le tampon est géré " "dynamiquement et nâ??utilise que la mémoire réellement nécessaire pour les " "données envoyées par le pair." #. type: textblock #: C/ssl/SSL_CTX_set_max_cert_list.pod:57 msgid "" "If the maximum certificate chain size allowed is exceeded, the handshake " "will fail with a SSL_R_EXCESSIVE_MESSAGE_SIZE error." msgstr "" "Si la taille maximale de la chaîne de certificats est dépassée, " "lâ??initialisation de connexion échouera avec une erreur " "SSL_R_EXCESSIVE_MESSAGE_SIZE." #. type: textblock #: C/ssl/SSL_CTX_set_max_cert_list.pod:62 msgid "" "SSL_CTX_set_max_cert_list() and SSL_set_max_cert_list() return the " "previously set value." msgstr "" "B<SSL_CTX_set_max_cert_list>() et B<SSL_set_max_cert_list>() renvoient la " "valeur précédemment définie." #. type: textblock #: C/ssl/SSL_CTX_set_max_cert_list.pod:65 msgid "" "SSL_CTX_get_max_cert_list() and SSL_get_max_cert_list() return the currently " "set value." msgstr "" "B<SSL_CTX_get_max_cert_list>() et B<SSL_get_max_cert_list>() renvoient la " "valeur actuellement définie." #. type: textblock #: C/ssl/SSL_CTX_set_max_cert_list.pod:70 msgid "" "L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_CTX_set_verify(3)|" "SSL_CTX_set_verify(3)>" msgstr "" "L<B<ssl>(3)|ssl(3)>, L<B<SSL_new>(3)|SSL_new(3)>, L<B<SSL_CTX_set_verify>(3)|" "SSL_CTX_set_verify(3)>" #. type: textblock #: C/ssl/SSL_CTX_set_max_cert_list.pod:75 msgid "SSL*_set/get_max_cert_list() have been introduced in OpenSSL 0.9.7." msgstr "" "B<SSL>I<*>B<_set>() et B<get_max_cert_list>() ont été introduites dans " "OpenSSL 0.9.7." #. type: textblock #: C/ssl/SSL_CTX_set_mode.pod:5 msgid "" "SSL_CTX_set_mode, SSL_set_mode, SSL_CTX_get_mode, SSL_get_mode - manipulate " "SSL engine mode" msgstr "" "SSL_CTX_set_mode, SSL_set_mode, SSL_CTX_get_mode, SSL_get_mode - Manipuler " "le mode du moteur SSL" #. type: verbatim #: C/ssl/SSL_CTX_set_mode.pod:11 #, no-wrap msgid "" " long SSL_CTX_set_mode(SSL_CTX *ctx, long mode);\n" " long SSL_set_mode(SSL *ssl, long mode);\n" "\n" msgstr "" "B< long SSL_CTX_set_mode(SSL_CTX *>I<ctx>B<, long> I<mode>B<);>\n" " B<long SSL_set_mode(SSL *>I<ssl>B<, long> I<mode>B<);>\n" "\n" #. type: verbatim #: C/ssl/SSL_CTX_set_mode.pod:14 #, no-wrap msgid "" " long SSL_CTX_get_mode(SSL_CTX *ctx);\n" " long SSL_get_mode(SSL *ssl);\n" "\n" msgstr "" "B< long SSL_CTX_get_mode(SSL_CTX *>I<ctx>B<);>\n" " B<long SSL_get_mode(SSL *>I<ssl>B<);>\n" "\n" #. type: textblock #: C/ssl/SSL_CTX_set_mode.pod:19 msgid "" "SSL_CTX_set_mode() adds the mode set via bitmask in B<mode> to B<ctx>. " "Options already set before are not cleared." msgstr "" "B<SSL_CTX_set_mode>() ajoute le mode à lâ??aide dâ??un masquage dans I<mode> à " "I<ctx>. Les options déjà définies ne sont pas effacées." #. type: textblock #: C/ssl/SSL_CTX_set_mode.pod:22 msgid "" "SSL_set_mode() adds the mode set via bitmask in B<mode> to B<ssl>. Options " "already set before are not cleared." msgstr "" "B<SSL_set_mode>() ajoute le mode à lâ??aide dâ??un masquage dans I<mode> à " "I<ssl>. Les options déjà définies ne sont pas effacées." #. type: textblock #: C/ssl/SSL_CTX_set_mode.pod:25 msgid "SSL_CTX_get_mode() returns the mode set for B<ctx>." msgstr "B<SSL_CTX_get_mode>() renvoie le mode défini pour I<ctx>." #. type: textblock #: C/ssl/SSL_CTX_set_mode.pod:27 msgid "SSL_get_mode() returns the mode set for B<ssl>." msgstr "B<SSL_get_mode>() renvoie le mode défini pour I<ssl>." #. type: textblock #: C/ssl/SSL_CTX_set_mode.pod:31 msgid "The following mode changes are available:" msgstr "Les modes suivants sont disponibles." #. type: =item #: C/ssl/SSL_CTX_set_mode.pod:35 msgid "SSL_MODE_ENABLE_PARTIAL_WRITE" msgstr "SSL_MODE_ENABLE_PARTIAL_WRITE" #. type: textblock #: C/ssl/SSL_CTX_set_mode.pod:37 msgid "" "Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success when " "just a single record has been written). When not set (the default), " "SSL_write() will only report success once the complete chunk was written. " "Once SSL_write() returns with r, r bytes have been successfully written and " "the next call to SSL_write() must only send the n-r bytes left, imitating " "the behaviour of write()." msgstr "" "Autoriser B<SSL_write>(..., I<n>) à renvoyer I<r> avec 0 < I<r> < I<n> (c-à -" "d., rendre compte de la réussite lorsquâ??un seul enregistrement a été écrit). " "Si non défini (état par défaut), B<SSL_write>() nâ??indiquera une réussite que " "lorsquâ??un morceau complet est écrit. Après un renvoi de B<SSL_write>() avec " "I<r>, I<r> octets ont été écrits avec succès et le prochain appel à " "B<SSL_write>() ne doit envoyer que les derniers n-r octets, à lâ??instar du " "comportement de B<write>()." #. type: =item #: C/ssl/SSL_CTX_set_mode.pod:44 msgid "SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER" msgstr "SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER" #. type: textblock #: C/ssl/SSL_CTX_set_mode.pod:46 msgid "" "Make it possible to retry SSL_write() with changed buffer location (the " "buffer contents must stay the same). This is not the default to avoid the " "misconception that non-blocking SSL_write() behaves like non-blocking " "write()." msgstr "" "Rendre possible un nouvel essai de B<SSL_write>() avec un emplacement de " "tampon différent (le contenu du tampon doit rester le même). Ce nâ??est pas le " "comportement par défaut pour éviter lâ??idée fausse que B<SSL_write>() non " "bloquant a le même comportement que B<write>() non bloquant." #. type: =item #: C/ssl/SSL_CTX_set_mode.pod:51 msgid "SSL_MODE_AUTO_RETRY" msgstr "SSL_MODE_AUTO_RETRY" #. type: textblock #: C/ssl/SSL_CTX_set_mode.pod:53 msgid "" "Never bother the application with retries if the transport is blocking. If " "a renegotiation take place during normal operation, a L<SSL_read(3)|" "SSL_read(3)> or L<SSL_write(3)|SSL_write(3)> would return with -1 and " "indicate the need to retry with SSL_ERROR_WANT_READ. In a non-blocking " "environment applications must be prepared to handle incomplete read/write " "operations. In a blocking environment, applications are not always prepared " "to deal with read/write operations returning without success report. The " "flag SSL_MODE_AUTO_RETRY will cause read/write operations to only return " "after the handshake and successful completion." msgstr "" "Ne contrariez jamais lâ??application avec de nouveaux essais si le transfert " "est bloquant. Si une renégociation a lieu durant une opération normale, " "L<B<SSL_read>(3)|SSL_read(3)> ou L<B<SSL_write>(3)|SSL_write(3)> renverrait " "B<-1> et indiquerait la nécessité de réessayer avec SSL_ERROR_WANT_READ. " "Dans un environnement non bloquant, les applications doivent être préparées " "à prendre en charge les opérations de lecture et écriture incomplètes. Dans " "un environnement bloquant, les applications ne sont pas préparées à " "sâ??occuper des opérations de lecture et écriture, se terminant sans " "indication de réussite. Lâ??indicateur SSL_MODE_AUTO_RETRY fera que les " "opérations le lecture et écriture ne se termineront quâ??après la réussite " "complète de lâ??initiation de connexion." #. type: =item #: C/ssl/SSL_CTX_set_mode.pod:64 msgid "SSL_MODE_RELEASE_BUFFERS" msgstr "SSL_MODE_RELEASE_BUFFERS" #. type: textblock #: C/ssl/SSL_CTX_set_mode.pod:66 msgid "" "When we no longer need a read buffer or a write buffer for a given SSL, then " "release the memory we were using to hold it. Released memory is either " "appended to a list of unused RAM chunks on the SSL_CTX, or simply freed if " "the list of unused chunks would become longer than SSL_CTX-" ">freelist_max_len, which defaults to 32. Using this flag can save around " "34k per idle SSL connection. This flag has no effect on SSL v2 connections, " "or on DTLS connections." msgstr "" "Sâ??il nâ??est plus besoin dâ??un tampon de lecture ou dâ??écriture pour un SSL " "donné, libérer la mémoire utilisée pour ce tampon. La mémoire libérée est " "soit ajoutée à une liste de morceaux de RAM dans le SSL_CTX, ou simplement " "libérée si la liste de morceaux devient plus grande que SSL_CTX-" ">freelist_max_len, de valeur 32 par défaut. Utiliser cet indicateur peut " "sauver 34 k par connexion inactive, Cet indicateur nâ??a aucun effet sur les " "connexions SSL v2, ou DTLS." #. type: =item #: C/ssl/SSL_CTX_set_mode.pod:74 msgid "SSL_MODE_SEND_FALLBACK_SCSV" msgstr "SSL_MODE_SEND_FALLBACK_SCSV" #. type: textblock #: C/ssl/SSL_CTX_set_mode.pod:76 msgid "" "Send TLS_FALLBACK_SCSV in the ClientHello. To be set only by applications " "that reconnect with a downgraded protocol version; see draft-ietf-tls-" "downgrade-scsv-00 for details." msgstr "" "Envoyer TLS_FALLBACK_SCSV dans ClientHello. Ã? nâ??activer que par les " "applications qui se reconnectent avec une version dégradée de protocole ; " "consultez draft-ietf-tls-downgrade-scsv-00 pour plus de précisions." #. type: textblock #: C/ssl/SSL_CTX_set_mode.pod:80 msgid "" "DO NOT ENABLE THIS if your application attempts a normal handshake. Only " "use this in explicit fallback retries, following the guidance in draft-ietf-" "tls-downgrade-scsv-00." msgstr "" "Nâ??activez jamais cela si lâ??application essaye une initialisation de " "connexion normale. Nâ??utilisez cela que dans les tentatives de reconnexion en " "solution de repli explicite, en suivant les conseils de draft-ietf-tls-" "downgrade-scsv-00." #. type: textblock #: C/ssl/SSL_CTX_set_mode.pod:88 msgid "" "SSL_CTX_set_mode() and SSL_set_mode() return the new mode bitmask after " "adding B<mode>." msgstr "" "B<SSL_CTX_set_mode>() et B<SSL_set_mode>() renvoient le nouveau masquage du " "mode après lâ??ajout de I<mode>." #. type: textblock #: C/ssl/SSL_CTX_set_mode.pod:91 msgid "SSL_CTX_get_mode() and SSL_get_mode() return the current bitmask." msgstr "" "B<SSL_CTX_get_mode>() et B<SSL_get_mode>() renvoient lâ??actuel masquage." #. type: textblock #: C/ssl/SSL_CTX_set_mode.pod:95 msgid "" "L<ssl(3)|ssl(3)>, L<SSL_read(3)|SSL_read(3)>, L<SSL_write(3)|SSL_write(3)>" msgstr "" "L<B<ssl>(3)|ssl(3)>, L<B<SSL_read>(3)|SSL_read(3)>, L<B<SSL_write>(3)|" "SSL_write(3)>" #. type: textblock #: C/ssl/SSL_CTX_set_mode.pod:99 msgid "SSL_MODE_AUTO_RETRY as been added in OpenSSL 0.9.6." msgstr "SSL_MODE_AUTO_RETRY a été ajouté dans OpenSSL 0.9.6." #. type: textblock #: C/ssl/SSL_CTX_set_msg_callback.pod:5 msgid "" "SSL_CTX_set_msg_callback, SSL_CTX_set_msg_callback_arg, " "SSL_set_msg_callback, SSL_get_msg_callback_arg - install callback for " "observing protocol messages" msgstr "" "SSL_CTX_set_msg_callback, SSL_CTX_set_msg_callback_arg, " "SSL_set_msg_callback, SSL_get_msg_callback_arg - Installer le rappel pour " "lâ??observation des messages de protocole" #. type: verbatim #: C/ssl/SSL_CTX_set_msg_callback.pod:11 #, no-wrap msgid "" " void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));\n" " void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg);\n" "\n" msgstr "" "B< void SSL_CTX_set_msg_callback(SSL_CTX *>I<ctx>B<, void (*>I<cb>B<)(int> I<write_p>B<, int> I<version>B<, int> I<content_type>B<, const void *>I<tamp>B<, size_t> I<taille>B<, SSL *>I<ssl>B<, void *>I<arg>B<));>\n" " B<void SSL_CTX_set_msg_callback_arg(SSL_CTX *>I<ctx>B<, void *>I<arg>B<);>\n" "\n" #. type: verbatim #: C/ssl/SSL_CTX_set_msg_callback.pod:14 #, no-wrap msgid "" " void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));\n" " void SSL_set_msg_callback_arg(SSL *ssl, void *arg);\n" "\n" msgstr "" "B< void SSL_set_msg_callback(SSL *>I<ssl>B<, void (*>I<cb>B<)(int> I<write_p>B<, int> I<version>B<, int> I<content_type>B<, const void *>I<tamp>B<, size_t> I<taille>B<, SSL *>I<ssl>B<, void *>I<arg>B<));>\n" " B<void SSL_set_msg_callback_arg(SSL *>I<ssl>B<, void *>I<arg>B<);>\n" "\n" #. type: textblock #: C/ssl/SSL_CTX_set_msg_callback.pod:19 msgid "" "SSL_CTX_set_msg_callback() or SSL_set_msg_callback() can be used to define a " "message callback function I<cb> for observing all SSL/TLS protocol messages " "(such as handshake messages) that are received or sent. " "SSL_CTX_set_msg_callback_arg() and SSL_set_msg_callback_arg() can be used " "to set argument I<arg> to the callback function, which is available for " "arbitrary application use." msgstr "" "B<SSL_CTX_set_msg_callback>() ou B<SSL_set_msg_callback>() peuvent être " "utilisées pour définir une fonction de rappel de message I<cb> pour observer " "tous les messages de protocole SSL/TLS (tels des messages dâ??initiation de " "connexion) qui sont reçus ou envoyés. B<SSL_CTX_set_msg_callback_arg>() et " "B<SSL_set_msg_callback_arg>() peuvent être utilisées pour définir lâ??argument " "I<arg> de la fonction de rappel, qui est disponible pour toute application." #. type: textblock #: C/ssl/SSL_CTX_set_msg_callback.pod:26 msgid "" "SSL_CTX_set_msg_callback() and SSL_CTX_set_msg_callback_arg() specify " "default settings that will be copied to new B<SSL> objects by L<SSL_new(3)|" "SSL_new(3)>. SSL_set_msg_callback() and SSL_set_msg_callback_arg() modify " "the actual settings of an B<SSL> object. Using a B<0> pointer for I<cb> " "disables the message callback." msgstr "" "B<SSL_CTX_set_msg_callback>() et B<SSL_CTX_set_msg_callback_arg>() précisent " "les réglages par défaut qui seront copiés dans les nouveaux objets SSL par " "L<B<SSL_new>(3)|SSL_new(3)>. B<SSL_set_msg_callback>() et " "B<SSL_set_msg_callback_arg>() changent les réglages existants dâ??un objet " "SSL. Lâ??utilisation dâ??un pointeur B<0> pour I<cb> désactive le rappel de " "messages." #. type: textblock #: C/ssl/SSL_CTX_set_msg_callback.pod:32 msgid "" "When I<cb> is called by the SSL/TLS library for a protocol message, the " "function arguments have the following meaning:" msgstr "" "Quand I<cb> est appelé par la bibliothèque SSL/TLS pour un message de " "protocole, les arguments de la fonction ont les significations suivantes." #. type: =item #: C/ssl/SSL_CTX_set_msg_callback.pod:37 msgid "I<write_p>" msgstr "I<write_p>" #. type: textblock #: C/ssl/SSL_CTX_set_msg_callback.pod:39 msgid "" "This flag is B<0> when a protocol message has been received and B<1> when a " "protocol message has been sent." msgstr "" "Cet indicateur est B<0> lorsquâ??un message de protocole est reçu et B<1> " "lorsquâ??un message est envoyé." #. type: =item #: C/ssl/SSL_CTX_set_msg_callback.pod:42 msgid "I<version>" msgstr "I<version>" #. type: textblock #: C/ssl/SSL_CTX_set_msg_callback.pod:44 msgid "" "The protocol version according to which the protocol message is interpreted " "by the library. Currently, this is one of B<SSL2_VERSION>, B<SSL3_VERSION> " "and B<TLS1_VERSION> (for SSL 2.0, SSL 3.0 and TLS 1.0, respectively)." msgstr "" "La version du protocole à partir de laquelle la bibliothèque interprètera " "les messages de protocole. Actuellement câ??est une parmi B<SSL2_VERSION>, " "B<SSL3_VERSION> et B<TLS1_VERSION> (pour SSL 2.0, SSL 3.0 et TLS 1.0, " "respectivement)." #. type: =item #: C/ssl/SSL_CTX_set_msg_callback.pod:49 msgid "I<content_type>" msgstr "I<content_type>" #. type: textblock #: C/ssl/SSL_CTX_set_msg_callback.pod:51 msgid "" "In the case of SSL 2.0, this is always B<0>. In the case of SSL 3.0 or TLS " "1.0, this is one of the B<ContentType> values defined in the protocol " "specification (B<change_cipher_spec(20)>, B<alert(21)>, B<handshake(22)>; " "but never B<application_data(23)> because the callback will only be called " "for protocol messages)." msgstr "" "Pour SSL 2.0, câ??est toujours B<0>. Pour SSL 3.0 ou TLS 1.0, câ??est une des " "valeurs de B<ContentType> définies dans les spécifications de protocole " "(B<change_cipher_spec(20)>, B<alert(21)>, B<handshake(22)> ; mais jamais " "B<application_data(23)> car le rappel nâ??est demandé que pour des messages de " "protocole." #. type: =item #: C/ssl/SSL_CTX_set_msg_callback.pod:57 msgid "I<buf>, I<len>" msgstr "I<tamp>, I<taille>" #. type: textblock #: C/ssl/SSL_CTX_set_msg_callback.pod:59 msgid "" "I<buf> points to a buffer containing the protocol message, which consists of " "I<len> bytes. The buffer is no longer valid after the callback function has " "returned." msgstr "" "I<tamp> pointe vers un tampon contenant le message de protocole, qui est " "constitué de I<taille> octets. Le tampon nâ??est plus valable après que la " "fonction de rappel s'est terminée." #. type: =item #: C/ssl/SSL_CTX_set_msg_callback.pod:63 msgid "I<ssl>" msgstr "I<ssl>" #. type: textblock #: C/ssl/SSL_CTX_set_msg_callback.pod:65 msgid "The B<SSL> object that received or sent the message." msgstr "Lâ??objet SSL qui a reçu ou envoyé le message." #. type: =item #: C/ssl/SSL_CTX_set_msg_callback.pod:67 msgid "I<arg>" msgstr "I<arg>" #. type: textblock #: C/ssl/SSL_CTX_set_msg_callback.pod:69 msgid "" "The user-defined argument optionally defined by " "SSL_CTX_set_msg_callback_arg() or SSL_set_msg_callback_arg()." msgstr "" "Lâ??argument défini par lâ??utilisateur, facultativement défini par " "B<SSL_CTX_set_msg_callback_arg>() ou B<SSL_set_msg_callback_arg>()." #. type: textblock #: C/ssl/SSL_CTX_set_msg_callback.pod:76 msgid "" "Protocol messages are passed to the callback function after decryption and " "fragment collection where applicable. (Thus record boundaries are not " "visible.)" msgstr "" "Les messages de protocole sont transmis à la fonction de rappel après " "déchiffrement et lâ??assemblage de morceaux où câ??est autorisé (les limites " "dâ??enregistrement ne sont pas visibles)." #. type: textblock #: C/ssl/SSL_CTX_set_msg_callback.pod:80 msgid "" "If processing a received protocol message results in an error, the callback " "function may not be called. For example, the callback function will never " "see messages that are considered too large to be processed." msgstr "" "Si durant le processus, un message de protocole reçu conduit à une erreur, " "la fonction de rappel ne sera pas appelée. Par exemple, la fonction de " "rappel ne verra jamais les messages considérés comme trop grands pour être " "traités." #. type: textblock #: C/ssl/SSL_CTX_set_msg_callback.pod:85 msgid "" "Due to automatic protocol version negotiation, I<version> is not necessarily " "the protocol version used by the sender of the message: If a TLS 1.0 " "ClientHello message is received by an SSL 3.0-only server, I<version> will " "be B<SSL3_VERSION>." msgstr "" "Ã? cause de la négociation automatique de version de protocole, I<version> " "nâ??est pas inévitablement la version de protocole utilisée par lâ??expéditeur " "du message. Si un message ClientHello de TLS 1.0 est reçu par un serveur " "uniquement SSL 3.0, I<version> sera B<SSL3_VERSION>." #. type: textblock #: C/ssl/SSL_CTX_set_msg_callback.pod:92 msgid "L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>" msgstr "L<B<ssl>(3)|ssl(3)>, L<B<SSL_new>(3)|SSL_new(3)>" #. type: textblock #: C/ssl/SSL_CTX_set_msg_callback.pod:96 msgid "" "SSL_CTX_set_msg_callback(), SSL_CTX_set_msg_callback_arg(), " "SSL_set_msg_callback() and SSL_get_msg_callback_arg() were added in OpenSSL " "0.9.7." msgstr "" "B<SSL_CTX_set_msg_callback>(), B<SSL_CTX_set_msg_callback_arg>(), " "B<SSL_set_msg_callback>() et B<SSL_get_msg_callback_arg>() ont été ajoutées " "dans OpenSSL 0.9.7." #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:5 msgid "" "SSL_CTX_set_options, SSL_set_options, SSL_CTX_clear_options, " "SSL_clear_options, SSL_CTX_get_options, SSL_get_options, " "SSL_get_secure_renegotiation_support - manipulate SSL options" msgstr "" "SSL_CTX_set_options, SSL_set_options, SSL_CTX_clear_options, " "SSL_clear_options, SSL_CTX_get_options, SSL_get_options, " "SSL_get_secure_renegotiation_support - Manipuler des options SSL" #. type: verbatim #: C/ssl/SSL_CTX_set_options.pod:11 #, no-wrap msgid "" " long SSL_CTX_set_options(SSL_CTX *ctx, long options);\n" " long SSL_set_options(SSL *ssl, long options);\n" "\n" msgstr "" "B< long SSL_CTX_set_options(SSL_CTX *>I<ctx>B<, long> I<options>B<);>\n" " B<long SSL_set_options(SSL *>I<ssl>B<, long> I<options>B<);>\n" "\n" #. type: verbatim #: C/ssl/SSL_CTX_set_options.pod:14 #, no-wrap msgid "" " long SSL_CTX_clear_options(SSL_CTX *ctx, long options);\n" " long SSL_clear_options(SSL *ssl, long options);\n" "\n" msgstr "" "B< long SSL_CTX_clear_options(SSL_CTX *>I<ctx>B<, long> I<options>B<);>\n" " B<long SSL_clear_options(SSL *>I<ssl>B<, long> I<options>B<);>\n" "\n" #. type: verbatim #: C/ssl/SSL_CTX_set_options.pod:17 #, no-wrap msgid "" " long SSL_CTX_get_options(SSL_CTX *ctx);\n" " long SSL_get_options(SSL *ssl);\n" "\n" msgstr "" "B< long SSL_CTX_get_options(SSL_CTX *>I<ctx>B<);>\n" " B<long SSL_get_options(SSL *>I<ssl>B<);>\n" "\n" #. type: verbatim #: C/ssl/SSL_CTX_set_options.pod:20 #, no-wrap msgid "" " long SSL_get_secure_renegotiation_support(SSL *ssl);\n" "\n" msgstr "" "B< long SSL_get_secure_renegotiation_support(SSL *>I<ssl>B<);>\n" "\n" #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:24 msgid "Note: all these functions are implemented using macros." msgstr "Note : toutes ces fonctions sont implémentées en utilisant des macros." #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:26 msgid "" "SSL_CTX_set_options() adds the options set via bitmask in B<options> to " "B<ctx>. Options already set before are not cleared!" msgstr "" "B<SSL_CTX_set_options>() ajoute les options, définies à lâ??aide dâ??un masquage " "dans I<options>, à I<ctx>. Les options déjà définies ne sont pas effacées !" #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:29 msgid "" "SSL_set_options() adds the options set via bitmask in B<options> to B<ssl>. " "Options already set before are not cleared!" msgstr "" "B<SSL_set_options>() ajoute les options, définies à lâ??aide dâ??un masquage " "dans I<options>, à I<ctx>. Les options déjà définies ne sont pas effacées !" #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:32 msgid "" "SSL_CTX_clear_options() clears the options set via bitmask in B<options> to " "B<ctx>." msgstr "" "B<SSL_CTX_clear_options>() efface les options, définies à lâ??aide dâ??un " "masquage dans I<options>, de I<ctx>." #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:35 msgid "" "SSL_clear_options() clears the options set via bitmask in B<options> to " "B<ssl>." msgstr "" "B<SSL_clear_options>() efface les options, définies à lâ??aide dâ??un masquage " "dans I<options>, de I<ssl>." #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:37 msgid "SSL_CTX_get_options() returns the options set for B<ctx>." msgstr "B<SSL_CTX_get_options>() renvoie les options définies pour I<ctx>." #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:39 msgid "SSL_get_options() returns the options set for B<ssl>." msgstr "B<SSL_get_options>() renvoie les options définies pour I<ssl>." #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:41 msgid "" "SSL_get_secure_renegotiation_support() indicates whether the peer supports " "secure renegotiation." msgstr "" "B<SSL_get_secure_renegotiation_support>() signale si le pair gère les " "renégociations sécurisées." #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:46 msgid "" "The behaviour of the SSL library can be changed by setting several options. " "The options are coded as bitmasks and can be combined by a logical B<or> " "operation (|)." msgstr "" "Le comportement de la bibliothèque SSL peut être modifié en réglant " "plusieurs options. Les options sont codées comme des masquages et peuvent " "être associées avec une opération logique B<ou> (|)." #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:50 msgid "" "SSL_CTX_set_options() and SSL_set_options() affect the (external) protocol " "behaviour of the SSL library. The (internal) behaviour of the API can be " "changed by using the similar L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)> and " "SSL_set_mode() functions." msgstr "" "B<SSL_CTX_set_options>() et B<SSL_set_options>() affectent le comportement " "de protocole (externe) de la bibliothèque SSL. Le comportement (interne) de " "lâ??API peut être changé en utilisant les fonctions similaires " "L<B<SSL_CTX_set_mode>(3)|SSL_CTX_set_mode(3)> et B<SSL_set_mode>()." #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:55 msgid "" "During a handshake, the option settings of the SSL object are used. When a " "new SSL object is created from a context using SSL_new(), the current option " "setting is copied. Changes to B<ctx> do not affect already created SSL " "objects. SSL_clear() does not affect the settings." msgstr "" "Pendant une initialisation de connexion, les réglages dâ??options de lâ??objet " "SSL sont utilisés. Quand un nouvel objet SSL est créé à partir dâ??un contexte " "en utilisant B<SSL_new>(), les réglages dâ??option sont copiés. Les " "modifications à I<ctx> nâ??agissent sur les objets SSL déjà créés. " "B<SSL_clear>() ne modifie pas les réglages." #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:60 msgid "The following B<bug workaround> options are available:" msgstr "Les options suivantes de palliatif de bogue sont disponibles." #. type: =item #: C/ssl/SSL_CTX_set_options.pod:64 msgid "SSL_OP_MICROSOFT_SESS_ID_BUG" msgstr "SSL_OP_MICROSOFT_SESS_ID_BUG" #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:66 msgid "" "www.microsoft.com - when talking SSLv2, if session-id reuse is performed, " "the session-id passed back in the server-finished message is different from " "the one decided upon." msgstr "" "www.microsoft.com â?? avec SSLv2, si une réutilisation de lâ??identifiant de " "session est faite, lâ??identifiant transmis dans le message quand le serveur a " "terminé est différent de celui décidé pour SSLv2." #. type: =item #: C/ssl/SSL_CTX_set_options.pod:70 msgid "SSL_OP_NETSCAPE_CHALLENGE_BUG" msgstr "SSL_OP_NETSCAPE_CHALLENGE_BUG" #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:72 msgid "" "Netscape-Commerce/1.12, when talking SSLv2, accepts a 32 byte challenge but " "then appears to only use 16 bytes when generating the encryption keys. " "Using 16 bytes is ok but it should be ok to use 32. According to the SSLv3 " "spec, one should use 32 bytes for the challenge when operating in SSLv2/v3 " "compatibility mode, but as mentioned above, this breaks this server so 16 " "bytes is the way to go." msgstr "" "Netscape-Commerce/1.12, avec SSLv2, accepte une demande dâ??accès en 32 octets " "mais il semble seulement utiliser 16 octets lors de la production de la clef " "de chiffrement. Utiliser 16 octets est correct, mais 32 octets le serait " "aussi. Dâ??après les spécifications SSLv3, 32 octets devraient être utilisés " "lors dâ??une demande dans le mode de compatibilité SSLv2/v3, mais comme " "mentionné ci-dessus, cela casse le serveur et 16 octets est la méthode à " "utiliser." #. type: =item #: C/ssl/SSL_CTX_set_options.pod:79 msgid "SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG" msgstr "SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG" #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:81 msgid "As of OpenSSL 0.9.8q and 1.0.0c, this option has no effect." msgstr "Comme dans OpenSSL 0.9.8q et 1.0.0c, cette option nâ??a pas dâ??effet." #. type: =item #: C/ssl/SSL_CTX_set_options.pod:83 msgid "SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG" msgstr "SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG" #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:85 C/ssl/SSL_CTX_set_options.pod:89 #: C/ssl/SSL_CTX_set_options.pod:98 C/ssl/SSL_CTX_set_options.pod:102 #: C/ssl/SSL_CTX_set_options.pod:106 C/ssl/SSL_CTX_set_options.pod:173 #: C/ssl/SSL_CTX_set_options.pod:177 C/ssl/SSL_CTX_set_options.pod:187 msgid "..." msgstr "..." #. type: =item #: C/ssl/SSL_CTX_set_options.pod:87 msgid "SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER" msgstr "SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER" #. type: =item #: C/ssl/SSL_CTX_set_options.pod:91 msgid "SSL_OP_SAFARI_ECDHE_ECDSA_BUG" msgstr "SSL_OP_SAFARI_ECDHE_ECDSA_BUG" #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:93 msgid "" "Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS " "X. OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers." msgstr "" "Ne choisissez pas les signatures ECDHE-ECDSA si le client apparait être " "Safari sur OS X. OS X 10.8..10.8.3 ne prennent plus en charge les signatures " "ECDHE-ECDSA." #. type: =item #: C/ssl/SSL_CTX_set_options.pod:96 msgid "SSL_OP_SSLEAY_080_CLIENT_DH_BUG" msgstr "SSL_OP_SSLEAY_080_CLIENT_DH_BUG" #. type: =item #: C/ssl/SSL_CTX_set_options.pod:100 msgid "SSL_OP_TLS_D5_BUG" msgstr "SSL_OP_TLS_D5_BUG" #. type: =item #: C/ssl/SSL_CTX_set_options.pod:104 msgid "SSL_OP_TLS_BLOCK_PADDING_BUG" msgstr "SSL_OP_TLS_BLOCK_PADDING_BUG" #. type: =item #: C/ssl/SSL_CTX_set_options.pod:108 msgid "SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS" msgstr "SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS" #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:110 msgid "" "Disables a countermeasure against a SSL 3.0/TLS 1.0 protocol vulnerability " "affecting CBC ciphers, which cannot be handled by some broken SSL " "implementations. This option has no effect for connections using other " "ciphers." msgstr "" "Désactiver les contre-mesures sur une vulnérabilité du protocole SSL 3.0/" "TLS 1.0, qui ne peut être gérée par quelques implémentations cassées. Cette " "option nâ??a aucun effet sur les connexions utilisant dâ??autres signatures." #. type: =item #: C/ssl/SSL_CTX_set_options.pod:115 msgid "SSL_OP_TLSEXT_PADDING" msgstr "SSL_OP_TLSEXT_PADDING" #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:117 msgid "" "Adds a padding extension to ensure the ClientHello size is never between 256 " "and 511 bytes in length. This is needed as a workaround for some " "implementations." msgstr "" "Ajouter une extension dâ??emplissage pour garantir que la taille de " "ClientHello ne soit jamais comprise entre 256 et 512 octets. Cela est " "nécessaire comme palliatif pour quelques implémentations." #. type: =item #: C/ssl/SSL_CTX_set_options.pod:121 msgid "SSL_OP_ALL" msgstr "SSL_OP_ALL" #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:123 msgid "All of the above bug workarounds." msgstr "Tous les palliatifs pour les bogues ci-dessus." #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:127 msgid "" "It is usually safe to use B<SSL_OP_ALL> to enable the bug workaround options " "if compatibility with somewhat broken implementations is desired." msgstr "" "Utiliser B<SSL_OP_ALL> est généralement sans danger pour activer les options " "de palliatif de bogue si la compatibilité avec quelques implémentations " "légèrement non conformes est désirée." #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:131 msgid "The following B<modifying> options are available:" msgstr "Les options B<modificatrices> suivantes sont disponibles." #. type: =item #: C/ssl/SSL_CTX_set_options.pod:135 msgid "SSL_OP_TLS_ROLLBACK_BUG" msgstr "SSL_OP_TLS_ROLLBACK_BUG" #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:137 msgid "Disable version rollback attack detection." msgstr "Désactiver la détection de la variante attaque par annulation. " #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:139 msgid "" "During the client key exchange, the client must send the same information " "about acceptable SSL/TLS protocol levels as during the first hello. Some " "clients violate this rule by adapting to the server's answer. (Example: the " "client sends a SSLv2 hello and accepts up to SSLv3.1=TLSv1, the server only " "understands up to SSLv3. In this case the client must still use the same " "SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect to " "the server's answer and violate the version rollback protection.)" msgstr "" "Pendant lâ??échange de clefs, le client doit envoyer la même information sur " "les niveaux acceptables de protocole SSL/TLS comme pendant le premier hello. " "Certains clients enfreignent cette règle en sâ??adaptant à la réponse du " "serveur. (Exemple : le client envoie un hello SSLv2 et accepte jusquâ??à " "SSLv3.1=TLSv1, le serveur comprend jusquâ??à SSLv3. Dans ce cas, le client " "doit encore utiliser la même annonce SSLv3.1=TLSv1. Certains clients se " "rabattent sur SSLv3 en accord avec la réponse du serveur et enfreignent la " "variante protection contre annulation.)" #. type: =item #: C/ssl/SSL_CTX_set_options.pod:147 msgid "SSL_OP_SINGLE_DH_USE" msgstr "SSL_OP_SINGLE_DH_USE" #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:149 msgid "" "Always create a new key when using temporary/ephemeral DH parameters (see " "L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>). This " "option must be used to prevent small subgroup attacks, when the DH " "parameters were not generated using \"strong\" primes (e.g. when using DSA-" "parameters, see L<dhparam(1)|dhparam(1)>). If \"strong\" primes were used, " "it is not strictly necessary to generate a new DH key during each handshake " "but it is also recommended. B<SSL_OP_SINGLE_DH_USE> should therefore be " "enabled whenever temporary/ephemeral DH parameters are used." msgstr "" "Toujours créer une nouvelle clef lors de lâ??utilisation de paramètres DH " "temporaires ou éphémères (consultez L<B<SSL_CTX_set_tmp_dh_callback>(3)|" "SSL_CTX_set_tmp_dh_callback(3)>). Cette option doit être utilisée en " "prévention des attaques par petits sous-groupes, si les paramètres DH " "nâ??étaient pas créés avec des nombres premiers « forts » (p. ex. lors de " "lâ??utilisation de paramètres DSA, consultez L<B<dhparam>(1)|dhparam(1)>). Si " "des nombres premiers « forts » sont utilisés, créer une nouvelle clef DH à " "chaque initialisation de connexion nâ??est pas strictement nécessaire mais " "recommandé. B<SSL_OP_SINGLE_DH_USE> devrait par conséquent être activé " "chaque fois que des paramètres temporaires ou éphémères sont utilisés." #. type: =item #: C/ssl/SSL_CTX_set_options.pod:159 msgid "SSL_OP_EPHEMERAL_RSA" msgstr "SSL_OP_EPHEMERAL_RSA" #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:161 msgid "This option is no longer implemented and is treated as no op." msgstr "Cette option nâ??est plus effective, elle est ignorée." #. type: =item #: C/ssl/SSL_CTX_set_options.pod:163 msgid "SSL_OP_CIPHER_SERVER_PREFERENCE" msgstr "SSL_OP_CIPHER_SERVER_PREFERENCE" #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:165 msgid "" "When choosing a cipher, use the server's preferences instead of the client " "preferences. When not set, the SSL server will always follow the clients " "preferences. When set, the SSLv3/TLSv1 server will choose following its own " "preferences. Because of the different protocol, for SSLv2 the server will " "send its list of preferences to the client and the client chooses." msgstr "" "Lors du choix dâ??une signature, utiliser les préférences du serveur plutôt " "que celles du client. Sans ce réglage, le serveur SSL suivra toujours les " "préférences du client. Avec ce réglage, le serveur SSLv3/TLSv1 choisira de " "suivre ses propres préférences. Ã? cause de la différence de protocole, pour " "SSLv2 le serveur enverra sa liste de préférences au client et celui-ci " "choisira." #. type: =item #: C/ssl/SSL_CTX_set_options.pod:171 msgid "SSL_OP_PKCS1_CHECK_1" msgstr "SSL_OP_PKCS1_CHECK_1" #. type: =item #: C/ssl/SSL_CTX_set_options.pod:175 msgid "SSL_OP_PKCS1_CHECK_2" msgstr "SSL_OP_PKCS1_CHECK_2" #. type: =item #: C/ssl/SSL_CTX_set_options.pod:179 msgid "SSL_OP_NETSCAPE_CA_DN_BUG" msgstr "SSL_OP_NETSCAPE_CA_DN_BUG" #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:181 msgid "" "If we accept a netscape connection, demand a client cert, have a non-self-" "signed CA which does not have its CA in netscape, and the browser has a " "cert, it will crash/hang. Works for 3.x and 4.xbeta" msgstr "" "Si une connexion Netscape est acceptée, demande un certificat client, " "possède un CA non auto-signé nâ??ayant pas son CA dans Netscape, et que le " "navigateur a un certificat, cela provoquera un plantage ou un blocage. " "Valable pour 3.x et 4.xbeta." #. type: =item #: C/ssl/SSL_CTX_set_options.pod:185 msgid "SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG" msgstr "SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG" #. type: =item #: C/ssl/SSL_CTX_set_options.pod:189 msgid "SSL_OP_NO_SSLv2" msgstr "SSL_OP_NO_SSLv2" #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:191 msgid "Do not use the SSLv2 protocol." msgstr "Ne pas utiliser le protocole SSLv2." #. type: =item #: C/ssl/SSL_CTX_set_options.pod:193 msgid "SSL_OP_NO_SSLv3" msgstr "SSL_OP_NO_SSLv3" #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:195 msgid "Do not use the SSLv3 protocol." msgstr "Ne pas utiliser le protocole SSLv3." #. type: =item #: C/ssl/SSL_CTX_set_options.pod:197 msgid "SSL_OP_NO_TLSv1" msgstr "SSL_OP_NO_TLSv1" #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:199 msgid "Do not use the TLSv1 protocol." msgstr "Ne pas utiliser le protocole TLSv1." #. type: =item #: C/ssl/SSL_CTX_set_options.pod:201 msgid "SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION" msgstr "SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION" #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:203 msgid "" "When performing renegotiation as a server, always start a new session (i.e., " "session resumption requests are only accepted in the initial handshake). " "This option is not needed for clients." msgstr "" "Lors dâ??une renégociation par un serveur, toujours démarrer une nouvelle " "session (câ??est-à -dire, une requête de reprise de session est seulement " "acceptée au cours de lâ??initiation initiale de connexion). Cette option nâ??est " "pas nécessaire pour les clients." #. type: =item #: C/ssl/SSL_CTX_set_options.pod:207 msgid "SSL_OP_NO_TICKET" msgstr "SSL_OP_NO_TICKET" #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:209 msgid "" "Normally clients and servers will, where possible, transparently make use of " "RFC4507bis tickets for stateless session resumption." msgstr "" "Normalement les clients et serveurs, où câ??est possible, font usage de " "certificats RFC4507bis de manière transparente pour la reprise dâ??une session " "sans état." #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:212 msgid "" "If this option is set this functionality is disabled and tickets will not be " "used by clients or servers." msgstr "" "Si cette option est activée, cette fonctionnalité est désactivée et les " "certificats ne seront pas utilisés par les clients ou serveurs." #. type: =item #: C/ssl/SSL_CTX_set_options.pod:215 msgid "SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION" msgstr "SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION" #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:217 msgid "" "Allow legacy insecure renegotiation between OpenSSL and unpatched clients or " "servers. See the B<SECURE RENEGOTIATION> section for more details." msgstr "" "Autoriser les anciennes renégociations non sécurisées entre OpenSSL et les " "clients ou serveurs non protégés. Consultez la section B<RENÃ?GOCIATION " "SÃ?CURISÃ?E> pour plus de détails." #. type: =item #: C/ssl/SSL_CTX_set_options.pod:220 msgid "SSL_OP_LEGACY_SERVER_CONNECT" msgstr "SSL_OP_LEGACY_SERVER_CONNECT" #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:222 msgid "" "Allow legacy insecure renegotiation between OpenSSL and unpatched servers " "B<only>: this option is currently set by default. See the B<SECURE " "RENEGOTIATION> section for more details." msgstr "" "Autoriser les anciennes renégociations non sécurisées entre OpenSSL et les " "serveurs non protégés B<uniquement>. Cette option est actuellement établie " "par défaut. Consultez la section B<RENÃ?GOCIATION SÃ?CURISÃ?E> pour plus de " "détails." #. type: =head1 #: C/ssl/SSL_CTX_set_options.pod:228 msgid "SECURE RENEGOTIATION" msgstr "RENÃ?GOCIATION SÃ?CURISÃ?E" #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:230 msgid "" "OpenSSL 0.9.8m and later always attempts to use secure renegotiation as " "described in RFC5746. This counters the prefix attack described in " "CVE-2009-3555 and elsewhere." msgstr "" "OpenSSL 0.9.8m et ses versions postérieures essayent dâ??utiliser les " "renégociations sécurisées comme décrites dans la RFC5746. Cela contre " "lâ??attaque par préfixe décrite entre autres dans CVE-2009-3555." #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:234 msgid "" "The deprecated and highly broken SSLv2 protocol does not support " "renegotiation at all: its use is B<strongly> discouraged." msgstr "" "Le protocole SSLv2, déprécié et couramment transgressé, ne gère absolument " "pas les renégociations ; son usage est très B<fortement> déconseillé." #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:237 msgid "" "This attack has far reaching consequences which application writers should " "be aware of. In the description below an implementation supporting secure " "renegotiation is referred to as I<patched>. A server not supporting secure " "renegotiation is referred to as I<unpatched>." msgstr "" "Cette attaque est de grande portée et les développeurs dâ??application devrait " "en tenir compte. Dans la description qui suit une implémentation gérant une " "renégociation sécurisée est qualifiée de I<protégée>. Un serveur ne prenant " "pas en charge les renégociations sécurisées est qualifié de I<non protégé>." #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:242 msgid "" "The following sections describe the operations permitted by OpenSSL's secure " "renegotiation implementation." msgstr "" "Les sections suivantes décrivent les opérations permises par les " "implémentations de renégociation sécurisée." #. type: =head2 #: C/ssl/SSL_CTX_set_options.pod:245 msgid "Patched client and server" msgstr "Client et serveur protégés" #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:247 msgid "" "Connections and renegotiation are always permitted by OpenSSL " "implementations." msgstr "" "Les connexions et renégociations sont toujours autorisées par les " "implémentations dâ??OpenSSL." #. type: =head2 #: C/ssl/SSL_CTX_set_options.pod:249 msgid "Unpatched client and patched OpenSSL server" msgstr "Client non protégé et serveur OpenSSL protégé" #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:251 msgid "" "The initial connection succeeds but client renegotiation is denied by the " "server with a B<no_renegotiation> warning alert if TLS v1.0 is used or a " "fatal B<handshake_failure> alert in SSL v3.0." msgstr "" "La connexion initiale réussit mais la renégociation du client est refusée " "par le serveur avec un message dâ??avertissement B<no_renegotiation> si " "TLS v1.0 utilisé, ou un message fatal B<handshake_failure> si câ??est SSL v3.0." #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:255 msgid "" "If the patched OpenSSL server attempts to renegotiate a fatal " "B<handshake_failure> alert is sent. This is because the server code may be " "unaware of the unpatched nature of the client." msgstr "" "Si le serveur OpenSSL protégé essaie de renégocier, un message fatal " "B<handshake_failure> est envoyé. Cela est dû à lâ??ignorance du serveur de la " "nature non protégée du client." #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:259 msgid "" "If the option B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> is set then " "renegotiation B<always> succeeds." msgstr "" "Si lâ??option B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> est validée, alors " "la renégociation réussira B<toujours>." #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:262 msgid "" "B<NB:> a bug in OpenSSL clients earlier than 0.9.8m (all of which are " "unpatched) will result in the connection hanging if it receives a " "B<no_renegotiation> alert. OpenSSL versions 0.9.8m and later will regard a " "B<no_renegotiation> alert as fatal and respond with a fatal " "B<handshake_failure> alert. This is because the OpenSSL API currently has no " "provision to indicate to an application that a renegotiation attempt was " "refused." msgstr "" "B<Remarque> : un bogue dans les clients OpenSSL antérieurs à  0.9.8m (aucun " "dâ??entre eux nâ??est protégé) conduira à un blocage de la connexion si un " "message B<no_renegotiation> est reçu. Les versions 0.9.8m et ultérieures " "dâ??OpenSSL considéreront un message B<no_renegotiation> comme fatal et " "répondront par un message fatal B<handshake_failure>. Câ??est parce " "quâ??actuellement lâ??API dâ??OpenSSL nâ??a aucun moyen dâ??indiquer à une application " "quâ??un essai est refusé." #. type: =head2 #: C/ssl/SSL_CTX_set_options.pod:270 msgid "Patched OpenSSL client and unpatched server." msgstr "Client OpenSSL protégé et serveur non protégé." #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:272 msgid "" "If the option B<SSL_OP_LEGACY_SERVER_CONNECT> or " "B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> is set then initial connections " "and renegotiation between patched OpenSSL clients and unpatched servers " "succeeds. If neither option is set then initial connections to unpatched " "servers will fail." msgstr "" "Si lâ??option B<SSL_OP_LEGACY_SERVER_CONNECT> ou " "B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> est établie, les connexions et " "les renégociations entre les clients OpenSSL et les serveurs non protégés " "réussiront. Si aucune option nâ??est établie, alors les connexions initiales " "vers les serveurs non protégés échoueront." #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:278 msgid "" "The option B<SSL_OP_LEGACY_SERVER_CONNECT> is currently set by default even " "though it has security implications: otherwise it would be impossible to " "connect to unpatched servers (i.e. all of them initially) and this is " "clearly not acceptable. Renegotiation is permitted because this does not add " "any additional security issues: during an attack clients do not see any " "renegotiations anyway." msgstr "" "Lâ??option B<SSL_OP_LEGACY_SERVER_CONNECT> est actuellement établie par défaut " "même si elle a des implications sur la sécurité : sans quoi il serait " "impossible de se connecter sur des serveurs non protégés (câ??est-à -dire " "initialement tous) et cela nâ??est clairement pas acceptable. La renégociation " "est autorisée parce que cela nâ??ajoute aucun problème de sécurité : pendant " "une attaque, les clients ne voient de toute façon aucune renégociation." #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:285 msgid "" "As more servers become patched the option B<SSL_OP_LEGACY_SERVER_CONNECT> " "will B<not> be set by default in a future version of OpenSSL." msgstr "" "Comme de plus en plus de serveurs deviennent protégés, lâ??option " "B<SSL_OP_LEGACY_SERVER_CONNECT> ne sera B<pas> active par défaut dans une " "future version de OpenSSL." #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:288 msgid "" "OpenSSL client applications wishing to ensure they can connect to unpatched " "servers should always B<set> B<SSL_OP_LEGACY_SERVER_CONNECT>" msgstr "" "Les applications clientes dâ??OpenSSL voulant être sûres de se connecter à des " "serveurs non protégés devrait toujours B<activer> " "B<SSL_OP_LEGACY_SERVER_CONNECT>." #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:291 msgid "" "OpenSSL client applications that want to ensure they can B<not> connect to " "unpatched servers (and thus avoid any security issues) should always " "B<clear> B<SSL_OP_LEGACY_SERVER_CONNECT> using SSL_CTX_clear_options() or " "SSL_clear_options()." msgstr "" "Les applications clientes dâ??OpenSSL voulant être sûres de ne B<pas> se " "connecter à des serveurs non protégés (et donc éviter tout problème de " "sécurité) devraient toujours B<désactiver> B<SSL_OP_LEGACY_SERVER_CONNECT> " "en utilisant B<SSL_CTX_clear_options>() ou B<SSL_clear_options>()." #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:296 msgid "" "The difference between the B<SSL_OP_LEGACY_SERVER_CONNECT> and " "B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> options is that " "B<SSL_OP_LEGACY_SERVER_CONNECT> enables initial connections and secure " "renegotiation between OpenSSL clients and unpatched servers B<only>, while " "B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> allows initial connections and " "renegotiation between OpenSSL and unpatched clients or servers." msgstr "" "La différence entre les options B<SSL_OP_LEGACY_SERVER_CONNECT> et " "B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> est que " "B<SSL_OP_LEGACY_SERVER_CONNECT> autorise les connections initiales et " "renégociation sécurisée entre des clients OpenSSL et B<seulement> des " "serveurs non protégés, quand B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> " "autorise des connexions initiales et renégociation sécurisée entre OpenSSL " "et des clients ou serveurs non protégés." #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:305 msgid "" "SSL_CTX_set_options() and SSL_set_options() return the new options bitmask " "after adding B<options>." msgstr "" "B<SSL_CTX_set_options>() et B<SSL_set_options>() renvoient les nouveaux " "masquages dâ??options après lâ??ajout dâ??B<options>." #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:308 msgid "" "SSL_CTX_clear_options() and SSL_clear_options() return the new options " "bitmask after clearing B<options>." msgstr "" "B<SSL_CTX_clear_options>() et B<SSL_clear_options>() renvoient les nouveaux " "masquages dâ??options après effacement dâ??B<options>." #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:311 msgid "SSL_CTX_get_options() and SSL_get_options() return the current bitmask." msgstr "" "B<SSL_CTX_get_options>() et B<SSL_get_options>() renvoient lâ??actuel masquage." #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:313 msgid "" "SSL_get_secure_renegotiation_support() returns 1 is the peer supports secure " "renegotiation and 0 if it does not." msgstr "" "B<SSL_get_secure_renegotiation_support>() renvoie B<1> si le pair prend en " "charge les renégociations sécurisées et B<0> dans le cas contraire." #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:318 msgid "" "L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_clear(3)|SSL_clear(3)>, " "L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>, " "L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>, " "L<dhparam(1)|dhparam(1)>" msgstr "" "L<B<ssl>(3)|ssl(3)>, L<B<SSL_new>(3)|SSL_new(3)>, L<B<SSL_clear>(3)|" "SSL_clear(3)>, L<B<SSL_CTX_set_tmp_dh_callback>(3)|" "SSL_CTX_set_tmp_dh_callback(3)>, L<B<SSL_CTX_set_tmp_rsa_callback>(3)|" "SSL_CTX_set_tmp_rsa_callback(3)>, L<B<dhparam>(1)|dhparam(1)>" #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:325 msgid "" "B<SSL_OP_CIPHER_SERVER_PREFERENCE> and " "B<SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION> have been added in OpenSSL " "0.9.7." msgstr "" "B<SSL_OP_CIPHER_SERVER_PREFERENCE> et " "B<SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION> ont été ajoutées dans " "OpenSSL 0.9.7." #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:329 msgid "" "B<SSL_OP_TLS_ROLLBACK_BUG> has been added in OpenSSL 0.9.6 and was " "automatically enabled with B<SSL_OP_ALL>. As of 0.9.7, it is no longer " "included in B<SSL_OP_ALL> and must be explicitly set." msgstr "" "B<SSL_OP_TLS_ROLLBACK_BUG> a été ajoutée dans OpenSSL 0.9.6 et était " "automatiquement activée avec B<SSL_OP_ALL>. Ã? partir de 0.9.7, elle nâ??est " "plus incluse dans B<SSL_OP_ALL> et doit être clairement indiquée." #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:333 msgid "" "B<SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS> has been added in OpenSSL 0.9.6e. " "Versions up to OpenSSL 0.9.6c do not include the countermeasure that can be " "disabled with this option (in OpenSSL 0.9.6d, it was always enabled)." msgstr "" "B<SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS> a été ajoutée dans OpenSSL 0.9.6e. Les " "versions jusquâ??à OpenSSL 0.9.6c nâ??incluent pas de contre-mesure qui puisse " "être désactivée avec cette option (dans OpenSSL 0.9.6d, elle était toujours " "active)." #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:338 msgid "" "SSL_CTX_clear_options() and SSL_clear_options() were first added in OpenSSL " "0.9.8m." msgstr "" "B<SSL_CTX_clear_options>() et B<SSL_clear_options>() ont été ajoutées la " "première fois dans OpenSSL 0.9.8m." #. type: textblock #: C/ssl/SSL_CTX_set_options.pod:341 msgid "" "B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION>, B<SSL_OP_LEGACY_SERVER_CONNECT> " "and the function SSL_get_secure_renegotiation_support() were first added in " "OpenSSL 0.9.8m." msgstr "" "B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION>, B<SSL_OP_LEGACY_SERVER_CONNECT> " "et la fonction B<SSL_get_secure_renegotiation_support>() ont été ajoutées la " "première fois dans OpenSSL 0.9.8m." #. type: =end #: C/ssl/SSL_CTX_set_psk_client_callback.pod:3 #: C/ssl/SSL_CTX_set_psk_client_callback.pod:30 msgid "comment" msgstr "comment" #. type: textblock #: C/ssl/SSL_CTX_set_psk_client_callback.pod:5 msgid "Copyright 2005 Nokia. All rights reserved." msgstr "Copyright 2005 Nokia. All rights reserved." #. type: textblock #: C/ssl/SSL_CTX_set_psk_client_callback.pod:7 msgid "" "The portions of the attached software (\"Contribution\") is developed by " "Nokia Corporation and is licensed pursuant to the OpenSSL open source " "license." msgstr "" "The portions of the attached software (\"Contribution\") is developed by " "Nokia Corporation and is licensed pursuant to the OpenSSL open source " "license." #. type: textblock #: C/ssl/SSL_CTX_set_psk_client_callback.pod:11 msgid "" "The Contribution, originally written by Mika Kousa and Pasi Eronen of Nokia " "Corporation, consists of the \"PSK\" (Pre-Shared Key) ciphersuites support " "(see RFC 4279) to OpenSSL." msgstr "" "The Contribution, originally written by Mika Kousa and Pasi Eronen of Nokia " "Corporation, consists of the \"PSK\" (Pre-Shared Key) ciphersuites support " "(see RFC 4279) to OpenSSL." #. type: textblock #: C/ssl/SSL_CTX_set_psk_client_callback.pod:15 msgid "" "No patent licenses or other rights except those expressly stated in the " "OpenSSL open source license shall be deemed granted or received expressly, " "by implication, estoppel, or otherwise." msgstr "" "No patent licenses or other rights except those expressly stated in the " "OpenSSL open source license shall be deemed granted or received expressly, " "by implication, estoppel, or otherwise." #. type: textblock #: C/ssl/SSL_CTX_set_psk_client_callback.pod:19 msgid "" "No assurances are provided by Nokia that the Contribution does not infringe " "the patent or other intellectual property rights of any third party or that " "the license provides you with all the necessary rights to make use of the " "Contribution." msgstr "" "No assurances are provided by Nokia that the Contribution does not infringe " "the patent or other intellectual property rights of any third party or that " "the license provides you with all the necessary rights to make use of the " "Contribution." #. type: textblock #: C/ssl/SSL_CTX_set_psk_client_callback.pod:24 msgid "" "THE SOFTWARE IS PROVIDED \"AS IS\" WITHOUT WARRANTY OF ANY KIND. IN ADDITION " "TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA SPECIFICALLY DISCLAIMS ANY " "LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY OTHER ENTITY BASED ON " "INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR OTHERWISE." msgstr "" "THE SOFTWARE IS PROVIDED \"AS IS\" WITHOUT WARRANTY OF ANY KIND. IN ADDITION " "TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA SPECIFICALLY DISCLAIMS ANY " "LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY OTHER ENTITY BASED ON " "INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR OTHERWISE." #. type: textblock #: C/ssl/SSL_CTX_set_psk_client_callback.pod:34 msgid "" "SSL_CTX_set_psk_client_callback, SSL_set_psk_client_callback - set PSK " "client callback" msgstr "" "SSL_CTX_set_psk_client_callback, SSL_set_psk_client_callback - Définir un " "rappel client PSK" #. type: verbatim #: C/ssl/SSL_CTX_set_psk_client_callback.pod:40 #, no-wrap msgid "" " void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx,\n" "\tunsigned int (*callback)(SSL *ssl, const char *hint,\n" "\tchar *identity, unsigned int max_identity_len,\n" "\tunsigned char *psk, unsigned int max_psk_len));\n" " void SSL_set_psk_client_callback(SSL *ssl,\n" "\tunsigned int (*callback)(SSL *ssl, const char *hint,\n" "\tchar *identity, unsigned int max_identity_len,\n" " \tunsigned char *psk, unsigned int max_psk_len));\n" "\n" msgstr "" "B< void SSL_CTX_set_psk_client_callback(SSL_CTX *>I<ctx>B<,>\n" " \tB<unsigned int (*>I<callback>B<)(SSL *>I<ssl>B<, const char *>I<hint>B<,>\n" " \tB<char *>I<identity>B<, unsigned int> I<max_identity_len>B<,>\n" " \tB<unsigned char *>I<psk>B<, unsigned int> I<max_psk_len>B<));>\n" " B<void SSL_set_psk_client_callback(SSL *>I<ssl>B<,>\n" " \tB<unsigned int (*>I<callback>B<)(SSL *>I<ssl>B<, const char *>I<hint>B<,>\n" " \tB<char *>I<identity>B<, unsigned int> I<max_identity_len>B<,>\n" " \tB<unsigned char *>I<psk>B<, unsigned int> I<max_psk_len>B<));>\n" "\n" #. type: textblock #: C/ssl/SSL_CTX_set_psk_client_callback.pod:52 msgid "" "A client application must provide a callback function which is called when " "the client is sending the ClientKeyExchange message to the server." msgstr "" "Une application cliente doit fournir une fonction de rappel qui est appelée " "quand le client envoie le message ClientKeyExchange au serveur." #. type: textblock #: C/ssl/SSL_CTX_set_psk_client_callback.pod:55 msgid "" "The purpose of the callback function is to select the PSK identity and the " "pre-shared key to use during the connection setup phase." msgstr "" "Le but de cette fonction de rappel est de sélectionner l'identité PSK et la " "clef prépartagée à utiliser pendant la phase de configuration de connexion." #. type: textblock #: C/ssl/SSL_CTX_set_psk_client_callback.pod:58 msgid "" "The callback is set using functions SSL_CTX_set_psk_client_callback() or " "SSL_set_psk_client_callback(). The callback function is given the connection " "in parameter B<ssl>, a B<NULL>-terminated PSK identity hint sent by the " "server in parameter B<hint>, a buffer B<identity> of length " "B<max_identity_len> bytes where the the resulting B<NULL>-terminated " "identity is to be stored, and a buffer B<psk> of length B<max_psk_len> bytes " "where the resulting pre-shared key is to be stored." msgstr "" "Le rappel est défini en utilisant les fonctions " "B<SSL_CTX_set_psk_client_callback>() ou B<SSL_set_psk_client_callback>(). Ã? " "la fonction de rappel, sont fournis : la connexion dans le paramètre I<ssl>, " "un indice d'identité PSK terminé par B<NULL> envoyé par le serveur dans le " "paramètre I<hint>, un tampon I<identity> de taille " "I<max_identity_len> octets où l'identité terminée par B<NULL> résultante " "sera stockée, et un tampon I<psk> de taille I<max_psk_len> octets où la clef " "prépartagée résultante sera stockée." #. type: textblock #: C/ssl/SSL_CTX_set_psk_client_callback.pod:69 msgid "Note that parameter B<hint> given to the callback may be B<NULL>." msgstr "" "Remarquez que le paramètre I<hint> donné au rappel pourrait être B<NULL>." #. type: textblock #: C/ssl/SSL_CTX_set_psk_client_callback.pod:73 msgid "Return values from the client callback are interpreted as follows:" msgstr "Les valeurs de retour du rappel client sont interprétées comme suit." #. type: textblock #: C/ssl/SSL_CTX_set_psk_client_callback.pod:75 msgid "" "On success (callback found a PSK identity and a pre-shared key to use) the " "length (> 0) of B<psk> in bytes is returned." msgstr "" "En cas de réussite (le rappel a trouvé une identité PSK et une clef " "prépartagée à utiliser), la taille (> 0) de I<psk> en octet est renvoyée." #. type: textblock #: C/ssl/SSL_CTX_set_psk_client_callback.pod:78 msgid "" "Otherwise or on errors callback should return 0. In this case the connection " "setup fails." msgstr "" "Sinon, ou en cas d'erreur, le rappel devrait renvoyer 0. Dans ce cas, la " "configuration de connexion échoue." #. type: textblock #: C/ssl/SSL_CTX_set_quiet_shutdown.pod:5 msgid "" "SSL_CTX_set_quiet_shutdown, SSL_CTX_get_quiet_shutdown, " "SSL_set_quiet_shutdown, SSL_get_quiet_shutdown - manipulate shutdown " "behaviour" msgstr "" "SSL_CTX_set_quiet_shutdown, SSL_CTX_get_quiet_shutdown, " "SSL_set_quiet_shutdown, SSL_get_quiet_shutdown - Manipuler le comportement " "de lâ??arrêt" #. type: verbatim #: C/ssl/SSL_CTX_set_quiet_shutdown.pod:11 #, no-wrap msgid "" " void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode);\n" " int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);\n" "\n" msgstr "" "B< void SSL_CTX_set_quiet_shutdown(SSL_CTX *>I<ctx>B<, int> I<mode>B<);>\n" " B<int SSL_CTX_get_quiet_shutdown(const SSL_CTX *>I<ctx>B<);>\n" "\n" #. type: verbatim #: C/ssl/SSL_CTX_set_quiet_shutdown.pod:14 #, no-wrap msgid "" " void SSL_set_quiet_shutdown(SSL *ssl, int mode);\n" " int SSL_get_quiet_shutdown(const SSL *ssl);\n" "\n" msgstr "" "B< void SSL_set_quiet_shutdown(SSL *>I<ssl>B<, int> I<mode>B<);>\n" " B<int SSL_get_quiet_shutdown(const SSL *>I<ssl>B<);>\n" "\n" #. type: textblock #: C/ssl/SSL_CTX_set_quiet_shutdown.pod:19 msgid "" "SSL_CTX_set_quiet_shutdown() sets the \"quiet shutdown\" flag for B<ctx> to " "be B<mode>. SSL objects created from B<ctx> inherit the B<mode> valid at the " "time L<SSL_new(3)|SSL_new(3)> is called. B<mode> may be 0 or 1." msgstr "" "B<SSL_CTX_set_quiet_shutdown>() définit lâ??attribut « arrêt sûr » pour I<ctx> " "à I<mode>. Les objets SSL créés à partir de I<ctx> héritent du I<mode> " "valable au moment de lâ??appel de L<B<SSL_new>(3)|SSL_new(3)>. I<mode> peut " "être B<0> ou B<1>." #. type: textblock #: C/ssl/SSL_CTX_set_quiet_shutdown.pod:23 msgid "" "SSL_CTX_get_quiet_shutdown() returns the \"quiet shutdown\" setting of " "B<ctx>." msgstr "" "B<SSL_CTX_get_quiet_shutdown>() renvoie le réglage de « arrêt sûr » de " "I<ctx>." #. type: textblock #: C/ssl/SSL_CTX_set_quiet_shutdown.pod:25 msgid "" "SSL_set_quiet_shutdown() sets the \"quiet shutdown\" flag for B<ssl> to be " "B<mode>. The setting stays valid until B<ssl> is removed with L<SSL_free(3)|" "SSL_free(3)> or SSL_set_quiet_shutdown() is called again. It is not changed " "when L<SSL_clear(3)|SSL_clear(3)> is called. B<mode> may be 0 or 1." msgstr "" "B<SSL_set_quiet_shutdown>() définit lâ??attribut « arrêt sûr » pour I<ssl> à " "I<mode>. Le réglage reste valable jusquâ??à ce que I<ssl> soit supprimé avec " "L<B<SSL_free>(3)|SSL_free(3)> ou que B<SSL_set_quiet_shutdown>() soit de " "nouveau appelé. Lâ??attribut nâ??est pas changé lorsque L<B<SSL_clear>(3)|" "SSL_clear(3)> est appelé. I<mode> peut être B<0> ou B<1>." #. type: textblock #: C/ssl/SSL_CTX_set_quiet_shutdown.pod:31 msgid "" "SSL_get_quiet_shutdown() returns the \"quiet shutdown\" setting of B<ssl>." msgstr "" "B<SSL_get_quiet_shutdown>() renvoie le réglage de « arrêt sûr » de I<ssl>." #. type: textblock #: C/ssl/SSL_CTX_set_quiet_shutdown.pod:35 msgid "" "Normally when a SSL connection is finished, the parties must send out " "\"close notify\" alert messages using L<SSL_shutdown(3)|SSL_shutdown(3)> for " "a clean shutdown." msgstr "" "Normalement quand une connexion SSL est terminée, les éléments doivent " "envoyer des messages « notification dâ??arrêt » en utilisant " "L<B<SSL_shutdown>(3)|SSL_shutdown(3)> pour un arrêt propre." #. type: textblock #: C/ssl/SSL_CTX_set_quiet_shutdown.pod:39 msgid "" "When setting the \"quiet shutdown\" flag to 1, L<SSL_shutdown(3)|" "SSL_shutdown(3)> will set the internal flags to SSL_SENT_SHUTDOWN|" "SSL_RECEIVED_SHUTDOWN. (L<SSL_shutdown(3)|SSL_shutdown(3)> then behaves " "like L<SSL_set_shutdown(3)|SSL_set_shutdown(3)> called with " "SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.) The session is thus considered to " "be shutdown, but no \"close notify\" alert is sent to the peer. This " "behaviour violates the TLS standard." msgstr "" "Lors du réglage de lâ??attribut « arrêt sûr » à B<1>, L<B<SSL_shutdown>(3)|" "SSL_shutdown(3)> définira les attributs internes de SSL_SENT_SHUTDOWN|" "SSL_RECEIVED_SHUTDOWN. (L<B<SSL_shutdown>(3)|SSL_shutdown(3)> se comporte " "alors comme L<B<SSL_set_shutdown>(3)|SSL_set_shutdown(3)> appelée avec " "SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.) La session est par conséquent " "considérée comme terminée, mais aucun message « notification dâ??arrêt » nâ??est " "envoyé au pair. Cela transgresse la norme TLS." #. type: textblock #: C/ssl/SSL_CTX_set_quiet_shutdown.pod:47 msgid "" "The default is normal shutdown behaviour as described by the TLS standard." msgstr "" "Par défaut, le comportement lâ??arrêt est celui décrit dans la norme TLS." #. type: textblock #: C/ssl/SSL_CTX_set_quiet_shutdown.pod:51 msgid "" "SSL_CTX_set_quiet_shutdown() and SSL_set_quiet_shutdown() do not return " "diagnostic information." msgstr "" "B<SSL_CTX_set_quiet_shutdown>() et B<SSL_set_quiet_shutdown>() ne renvoient " "pas dâ??information de diagnostic." #. type: textblock #: C/ssl/SSL_CTX_set_quiet_shutdown.pod:54 msgid "" "SSL_CTX_get_quiet_shutdown() and SSL_get_quiet_shutdown return the current " "setting." msgstr "" "B<SSL_CTX_get_quiet_shutdown>() et B<SSL_get_quiet_shutdown> renvoient le " "réglage actuel." #. type: textblock #: C/ssl/SSL_CTX_set_quiet_shutdown.pod:59 msgid "" "L<ssl(3)|ssl(3)>, L<SSL_shutdown(3)|SSL_shutdown(3)>, L<SSL_set_shutdown(3)|" "SSL_set_shutdown(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_clear(3)|" "SSL_clear(3)>, L<SSL_free(3)|SSL_free(3)>" msgstr "" "L<B<ssl>(3)|ssl(3)>, L<B<SSL_shutdown>(3)|SSL_shutdown(3)>, " "L<B<SSL_set_shutdown>(3)|SSL_set_shutdown(3)>, L<B<SSL_new>(3)|SSL_new(3)>, " "L<B<SSL_clear>(3)|SSL_clear(3)>, L<B<SSL_free>(3)|SSL_free(3)>" #. type: textblock #: C/ssl/SSL_CTX_set_read_ahead.pod:5 msgid "" "SSL_CTX_set_read_ahead, SSL_CTX_set_default_read_ahead, " "SSL_CTX_get_read_ahead, SSL_CTX_get_default_read_ahead, SSL_set_read_ahead, " "SSL_get_read_ahead - manage whether to read as many input bytes as possible" msgstr "" "SSL_CTX_set_read_ahead, SSL_CTX_set_default_read_ahead, " "SSL_CTX_get_read_ahead, SSL_CTX_get_default_read_ahead, SSL_set_read_ahead, " "SSL_get_read_ahead - Décider de la lecture dâ??autant dâ??octets dâ??entrée que " "possibles" #. type: verbatim #: C/ssl/SSL_CTX_set_read_ahead.pod:13 #, no-wrap msgid "" " int SSL_get_read_ahead(const SSL *s);\n" " void SSL_set_read_ahead(SSL *s, int yes);\n" "\n" msgstr "" "B< int SSL_get_read_ahead(const SSL *s);>\n" " B<void SSL_set_read_ahead(SSL *s, int> I<yes>B<);>\n" "\n" #. type: verbatim #: C/ssl/SSL_CTX_set_read_ahead.pod:16 #, no-wrap msgid "" " #define SSL_CTX_get_default_read_ahead(ctx)\n" " #define SSL_CTX_set_default_read_ahead(ctx,m)\n" " #define SSL_CTX_get_read_ahead(ctx)\n" " #define SSL_CTX_set_read_ahead(ctx,m)\n" "\n" msgstr "" "B< #define SSL_CTX_get_default_read_ahead(ctx)>\n" " B<#define SSL_CTX_set_default_read_ahead(ctx,>I<m>B<)>\n" " B<#define SSL_CTX_get_read_ahead(ctx)>\n" " B<#define SSL_CTX_set_read_ahead(ctx,>I<m>B<)>\n" "\n" #. type: textblock #: C/ssl/SSL_CTX_set_read_ahead.pod:23 msgid "" "SSL_CTX_set_read_ahead() and SSL_set_read_ahead() set whether we should read " "as many input bytes as possible (for non-blocking reads) or not. For example " "if B<x> bytes are currently required by OpenSSL, but B<y> bytes are " "available from the underlying BIO (where B<y> > B<x>), then OpenSSL will " "read all B<y> bytes into its buffer (providing that the buffer is large " "enough) if reading ahead is on, or B<x> bytes otherwise. The parameter " "B<yes> or B<m> should be 0 to ensure reading ahead is off, or non zero " "otherwise." msgstr "" "B<SSL_CTX_set_read_ahead>() et B<SSL_set_read_ahead>() définissent si autant " "dâ??octets que possibles doivent être lus ou pas (pour les lectures non " "bloquantes). Par exemple, si I<x> octets sont demandés par OpenSSL, mais que " "I<y> octets sont disponibles dans le BIO en cause (où I<y> > I<x>), alors " "OpenSSL lira tous les I<y> octets dans son tampon (pourvu que le tampon soit " "suffisamment grand) si la lecture complète est activée, ou I<x> octets dans " "le cas contraire. Les paramètres I<yes> ou I<m> doivent être à B<0> pour " "être sûr que la lecture complète soit désactivée, ou différent de zéro pour " "le contraire." #. type: textblock #: C/ssl/SSL_CTX_set_read_ahead.pod:31 msgid "" "SSL_CTX_set_default_read_ahead is a synonym for SSL_CTX_set_read_ahead, and " "SSL_CTX_get_default_read_ahead is a synonym for SSL_CTX_get_read_ahead." msgstr "" "B<SSL_CTX_set_default_read_ahead> est un synonyme de " "B<SSL_CTX_set_read_ahead>, et B<SSL_CTX_get_default_read_ahead> pour " "B<SSL_CTX_get_read_ahead>." #. type: textblock #: C/ssl/SSL_CTX_set_read_ahead.pod:34 msgid "" "SSL_CTX_get_read_ahead() and SSL_get_read_ahead() indicate whether reading " "ahead has been set or not." msgstr "" "B<SSL_CTX_get_read_ahead>() et B<SSL_get_read_ahead>() précisent si la " "lecture complète a été activée ou non." #. type: textblock #: C/ssl/SSL_CTX_set_read_ahead.pod:39 msgid "" "These functions have no impact when used with DTLS. The return values for " "SSL_CTX_get_read_head() and SSL_get_read_ahead() are undefined for DTLS." msgstr "" "Ces fonctions nâ??ont aucun impact si elles sont utilisées avec DTLS. Les " "valeurs de retour avec DTLS de B<SSL_CTX_get_read_head>() et " "B<SSL_get_read_ahead>() sont indéterminées." #. type: textblock #: C/ssl/SSL_CTX_set_read_ahead.pod:44 msgid "" "SSL_get_read_ahead and SSL_CTX_get_read_ahead return 0 if reading ahead is " "off, and non zero otherwise." msgstr "" "B<SSL_get_read_ahead> et B<SSL_CTX_get_read_ahead> renvoient B<0> si la " "lecture complète est désactivée et une valeur différente de zéro dans le cas " "contraire." #. type: textblock #: C/ssl/SSL_CTX_set_read_ahead.pod:49 #: C/ssl/SSL_CTX_set_session_id_context.pod:81 msgid "L<ssl(3)|ssl(3)>" msgstr "L<B<ssl>(3)|ssl(3)>" #. type: textblock #: C/ssl/SSL_CTX_set_session_cache_mode.pod:5 msgid "" "SSL_CTX_set_session_cache_mode, SSL_CTX_get_session_cache_mode - enable/" "disable session caching" msgstr "" "SSL_CTX_set_session_cache_mode, SSL_CTX_get_session_cache_mode - Activer ou " "désactiver la mise en cache de session" #. type: verbatim #: C/ssl/SSL_CTX_set_session_cache_mode.pod:11 #, no-wrap msgid "" " long SSL_CTX_set_session_cache_mode(SSL_CTX ctx, long mode);\n" " long SSL_CTX_get_session_cache_mode(SSL_CTX ctx);\n" "\n" msgstr "" "B< long SSL_CTX_set_session_cache_mode(SSL_CTX> I<ctx>B<, long> I<mode>B<);>\n" " B<long SSL_CTX_get_session_cache_mode(SSL_CTX> I<ctx>B<);>\n" "\n" #. type: textblock #: C/ssl/SSL_CTX_set_session_cache_mode.pod:16 msgid "" "SSL_CTX_set_session_cache_mode() enables/disables session caching by setting " "the operational mode for B<ctx> to <mode>." msgstr "" "B<SSL_CTX_set_session_cache_mode>() permet ou pas la mise en cache de " "session en définissant le mode opérationnel pour I<ctx> à I<mode>." #. type: textblock #: C/ssl/SSL_CTX_set_session_cache_mode.pod:19 msgid "SSL_CTX_get_session_cache_mode() returns the currently used cache mode." msgstr "B<SSL_CTX_get_session_cache_mode>() renvoie le mode actuel du cache." #. type: textblock #: C/ssl/SSL_CTX_set_session_cache_mode.pod:23 msgid "" "The OpenSSL library can store/retrieve SSL/TLS sessions for later reuse. " "The sessions can be held in memory for each B<ctx>, if more than one SSL_CTX " "object is being maintained, the sessions are unique for each SSL_CTX object." msgstr "" "La bibliothèque OpenSSL peut mémoriser ou extraire des sessions SSL/TLS pour " "usage ultérieur. Les sessions peuvent être gardées en mémoire pour chaque " "I<ctx>, si plus dâ??un objet SSL_CTX est conservé. Celui-ci nâ??a quâ??une seule " "session." #. type: textblock #: C/ssl/SSL_CTX_set_session_cache_mode.pod:28 msgid "" "In order to reuse a session, a client must send the session's id to the " "server. It can only send exactly one id. The server then either agrees to " "reuse the session or it starts a full handshake (to create a new session)." msgstr "" "Pour réutiliser une session, un client doit envoyer lâ??identifiant de session " "au serveur. Il ne peut envoyer quâ??un seul identifiant. Le serveur choisit " "soit de réutiliser la session, soit de lancer une initialisation de " "connexion complète (pour créer une nouvelle session)." #. type: textblock #: C/ssl/SSL_CTX_set_session_cache_mode.pod:33 msgid "" "A server will lookup up the session in its internal session storage. If the " "session is not found in internal storage or lookups for the internal storage " "have been deactivated (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP), the server will " "try the external storage if available." msgstr "" "Un serveur recherchera la session dans son stockage interne de sessions. Si " "la session nâ??est pas trouvée dans le stockage interne ou que la recherche " "pour le stockage interne a été désactivée " "(SSL_SESS_CACHE_NO_INTERNAL_LOOKUP), le serveur essaiera dans le stockage " "externe sâ??il est disponible." #. type: textblock #: C/ssl/SSL_CTX_set_session_cache_mode.pod:38 msgid "" "Since a client may try to reuse a session intended for use in a different " "context, the session id context must be set by the server (see " "L<SSL_CTX_set_session_id_context(3)|SSL_CTX_set_session_id_context(3)>)." msgstr "" "Puisquâ??un client peut essayer de réutiliser la session pour lâ??utiliser dans " "un contexte différent, lâ??identifiant de session du contexte doit être défini " "par le serveur (consultez L<B<SSL_CTX_set_session_id_context>(3)|" "SSL_CTX_set_session_id_context(3)>)." #. type: textblock #: C/ssl/SSL_CTX_set_session_cache_mode.pod:42 msgid "The following session cache modes and modifiers are available:" msgstr "" "Les modes et modificateurs de cache de session suivants sont disponibles." #. type: =item #: C/ssl/SSL_CTX_set_session_cache_mode.pod:46 msgid "SSL_SESS_CACHE_OFF" msgstr "SSL_SESS_CACHE_OFF" #. type: textblock #: C/ssl/SSL_CTX_set_session_cache_mode.pod:48 msgid "No session caching for client or server takes place." msgstr "Pas de mise en cache de session pour le client ou le serveur." #. type: =item #: C/ssl/SSL_CTX_set_session_cache_mode.pod:50 msgid "SSL_SESS_CACHE_CLIENT" msgstr "SSL_SESS_CACHE_CLIENT" #. type: textblock #: C/ssl/SSL_CTX_set_session_cache_mode.pod:52 msgid "" "Client sessions are added to the session cache. As there is no reliable way " "for the OpenSSL library to know whether a session should be reused or which " "session to choose (due to the abstract BIO layer the SSL engine does not " "have details about the connection), the application must select the session " "to be reused by using the L<SSL_set_session(3)|SSL_set_session(3)> function. " "This option is not activated by default." msgstr "" "Les sessions de client sont ajoutées au cache de session. Comme il nâ??est pas " "possible pour la bibliothèque OpenSSL de savoir si une session sera " "réutilisée ou quelle session choisir (à cause de la couche d'abstraction du " "BIO, le moteur SSL ne connait pas de détail sur la connexion), lâ??application " "doit choisir la session à réutiliser en utilisant la fonction " "L<B<SSL_set_session>(3)|SSL_set_session(3)>. Cette option nâ??est pas activée " "par défaut." #. type: =item #: C/ssl/SSL_CTX_set_session_cache_mode.pod:59 msgid "SSL_SESS_CACHE_SERVER" msgstr "SSL_SESS_CACHE_SERVER" #. type: textblock #: C/ssl/SSL_CTX_set_session_cache_mode.pod:61 msgid "" "Server sessions are added to the session cache. When a client proposes a " "session to be reused, the server looks for the corresponding session in " "(first) the internal session cache (unless " "SSL_SESS_CACHE_NO_INTERNAL_LOOKUP is set), then (second) in the external " "cache if available. If the session is found, the server will try to reuse " "the session. This is the default." msgstr "" "Les sessions du serveur sont ajoutées au cache de session. Quand le client " "propose de réutiliser une session, le serveur recherche en premier la " "session correspondante dans le cache interne de session (à moins que " "SSL_SESS_CACHE_NO_INTERNAL_LOOKUP soit établie), puis dans le cache externe " "sâ??il est disponible. Si la session est trouvée, le serveur essayera de " "réutiliser la session. Câ??est lâ??action par défaut." #. type: =item #: C/ssl/SSL_CTX_set_session_cache_mode.pod:67 msgid "SSL_SESS_CACHE_BOTH" msgstr "SSL_SESS_CACHE_BOTH" #. type: textblock #: C/ssl/SSL_CTX_set_session_cache_mode.pod:69 msgid "" "Enable both SSL_SESS_CACHE_CLIENT and SSL_SESS_CACHE_SERVER at the same time." msgstr "Activer SSL_SESS_CACHE_CLIENT et SSL_SESS_CACHE_SERVER en même temps." #. type: =item #: C/ssl/SSL_CTX_set_session_cache_mode.pod:71 msgid "SSL_SESS_CACHE_NO_AUTO_CLEAR" msgstr "SSL_SESS_CACHE_NO_AUTO_CLEAR" #. type: textblock #: C/ssl/SSL_CTX_set_session_cache_mode.pod:73 msgid "" "Normally the session cache is checked for expired sessions every 255 " "connections using the L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)> " "function. Since this may lead to a delay which cannot be controlled, the " "automatic flushing may be disabled and L<SSL_CTX_flush_sessions(3)|" "SSL_CTX_flush_sessions(3)> can be called explicitly by the application." msgstr "" "Normalement, les sessions expirées sont recherchées dans le cache de session " "toutes les 255 connexions en utilisant la fonction " "L<B<SSL_CTX_flush_sessions>(3)|SSL_CTX_flush_sessions(3)>. Comme cela peut " "mener à un délai non contrôlable, la suppression automatique peut être " "désactivée et L<B<SSL_CTX_flush_sessions>(3)|SSL_CTX_flush_sessions(3)> peut " "être explicitement demandée par lâ??application." #. type: =item #: C/ssl/SSL_CTX_set_session_cache_mode.pod:81 msgid "SSL_SESS_CACHE_NO_INTERNAL_LOOKUP" msgstr "SSL_SESS_CACHE_NO_INTERNAL_LOOKUP" #. type: textblock #: C/ssl/SSL_CTX_set_session_cache_mode.pod:83 msgid "" "By setting this flag, session-resume operations in an SSL/TLS server will " "not automatically look up sessions in the internal cache, even if sessions " "are automatically stored there. If external session caching callbacks are in " "use, this flag guarantees that all lookups are directed to the external " "cache. As automatic lookup only applies for SSL/TLS servers, the flag has " "no effect on clients." msgstr "" "Avec cet attribut, les opérations de redémarrage de session dans un serveur " "SSL/TLS ne rechercheront pas automatiquement des sessions dans le cache " "interne, même si des sessions sont automatiquement stockées dedans. Si des " "rappels de mise en cache externe de session sont utilisés, cet attribut " "garantit que les recherches sont directement dirigées vers le cache externe." "Comme la recherche automatique sâ??applique uniquement sur les serveurs SSL/" "TLS, lâ??attribut nâ??a aucun effet sur les clients." #. type: =item #: C/ssl/SSL_CTX_set_session_cache_mode.pod:90 msgid "SSL_SESS_CACHE_NO_INTERNAL_STORE" msgstr "SSL_SESS_CACHE_NO_INTERNAL_STORE" #. type: textblock #: C/ssl/SSL_CTX_set_session_cache_mode.pod:92 msgid "" "Depending on the presence of SSL_SESS_CACHE_CLIENT and/or " "SSL_SESS_CACHE_SERVER, sessions negotiated in an SSL/TLS handshake may be " "cached for possible reuse. Normally a new session is added to the internal " "cache as well as any external session caching (callback) that is configured " "for the SSL_CTX. This flag will prevent sessions being stored in the " "internal cache (though the application can add them manually using " "L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)>). Note: in any SSL/TLS " "servers where external caching is configured, any successful session lookups " "in the external cache (ie. for session-resume requests) would normally be " "copied into the local cache before processing continues - this flag prevents " "these additions to the internal cache as well." msgstr "" "En fonction de la présence de SSL_SESS_CACHE_CLIENT et/ou " "SSL_SESS_CACHE_SERVER, les sessions négociées dans une initialisation de " "connexion SSL/TLS peuvent être mise en cache pour une possible " "réutilisation. Normalement, une nouvelle session est ajoutée dans le cache " "interne, ainsi que pour nâ??importe quelle mise en cache externe de session " "(rappel) qui est configurée, pour le SSL_CTX. Cet attribut empêche les " "sessions dâ??être stockées dans le cache interne (bien que lâ??application " "puisse les ajouter manuellement en utilisant L<B<SSL_CTX_add_session>(3)|" "SSL_CTX_add_session(3)>). Note : dans tous les serveurs SSL/TLS où la mise " "en cache externe est configurée, toute recherche de session réussie dans le " "cache externe (pour une requête de reprise de session) devrait normalement " "être copiée dans le cache local avant tout traitement ultérieur ; cet " "attribut empêche aussi son ajout dans le cache interne." #. type: =item #: C/ssl/SSL_CTX_set_session_cache_mode.pod:103 msgid "SSL_SESS_CACHE_NO_INTERNAL" msgstr "SSL_SESS_CACHE_NO_INTERNAL" #. type: textblock #: C/ssl/SSL_CTX_set_session_cache_mode.pod:105 msgid "" "Enable both SSL_SESS_CACHE_NO_INTERNAL_LOOKUP and " "SSL_SESS_CACHE_NO_INTERNAL_STORE at the same time." msgstr "" "Activer SSL_SESS_CACHE_NO_INTERNAL_LOOKUP et " "SSL_SESS_CACHE_NO_INTERNAL_STORE en même temps." #. type: textblock #: C/ssl/SSL_CTX_set_session_cache_mode.pod:111 msgid "The default mode is SSL_SESS_CACHE_SERVER." msgstr "Le mode par défaut est SSL_SESS_CACHE_SERVER." #. type: textblock #: C/ssl/SSL_CTX_set_session_cache_mode.pod:115 msgid "SSL_CTX_set_session_cache_mode() returns the previously set cache mode." msgstr "" "B<SSL_CTX_set_session_cache_mode>() renvoie le précédent mode du cache." #. type: textblock #: C/ssl/SSL_CTX_set_session_cache_mode.pod:117 msgid "SSL_CTX_get_session_cache_mode() returns the currently set cache mode." msgstr "B<SSL_CTX_get_session_cache_mode>() renvoie lâ??actuel mode du cache." #. type: textblock #: C/ssl/SSL_CTX_set_session_cache_mode.pod:122 msgid "" "L<ssl(3)|ssl(3)>, L<SSL_set_session(3)|SSL_set_session(3)>, " "L<SSL_session_reused(3)|SSL_session_reused(3)>, L<SSL_CTX_add_session(3)|" "SSL_CTX_add_session(3)>, L<SSL_CTX_sess_number(3)|SSL_CTX_sess_number(3)>, " "L<SSL_CTX_sess_set_cache_size(3)|SSL_CTX_sess_set_cache_size(3)>, " "L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>, " "L<SSL_CTX_set_session_id_context(3)|SSL_CTX_set_session_id_context(3)>, " "L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>, " "L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>" msgstr "" "L<B<ssl>(3)|ssl(3)>, L<B<SSL_set_session>(3)|SSL_set_session(3)>, " "L<B<SSL_session_reused>(3)|SSL_session_reused(3)>, " "L<B<SSL_CTX_add_session>(3)|SSL_CTX_add_session(3)>, " "L<B<SSL_CTX_sess_number>(3)|SSL_CTX_sess_number(3)>, " "L<B<SSL_CTX_sess_set_cache_size>(3)|SSL_CTX_sess_set_cache_size(3)>, " "L<B<SSL_CTX_sess_set_get_cb>(3)|SSL_CTX_sess_set_get_cb(3)>, " "L<B<SSL_CTX_set_session_id_context>(3)|SSL_CTX_set_session_id_context(3)>, " "L<B<SSL_CTX_set_timeout>(3)|SSL_CTX_set_timeout(3)>, " "L<B<SSL_CTX_flush_sessions>(3)|SSL_CTX_flush_sessions(3)>" #. type: textblock #: C/ssl/SSL_CTX_set_session_cache_mode.pod:134 msgid "" "SSL_SESS_CACHE_NO_INTERNAL_STORE and SSL_SESS_CACHE_NO_INTERNAL were " "introduced in OpenSSL 0.9.6h." msgstr "" "SSL_SESS_CACHE_NO_INTERNAL_STORE et SSL_SESS_CACHE_NO_INTERNAL ont été " "introduits dans OpenSSL 0.9.6h." #. type: textblock #: C/ssl/SSL_CTX_set_session_id_context.pod:5 msgid "" "SSL_CTX_set_session_id_context, SSL_set_session_id_context - set context " "within which session can be reused (server side only)" msgstr "" "SSL_CTX_set_session_id_context, SSL_set_session_id_context - Définir le " "contexte dans lequel la session peut être réutilisée (seulement du coté " "serveur)" #. type: verbatim #: C/ssl/SSL_CTX_set_session_id_context.pod:11 #, no-wrap msgid "" " int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,\n" " unsigned int sid_ctx_len);\n" " int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,\n" " unsigned int sid_ctx_len);\n" "\n" msgstr "" "B< int SSL_CTX_set_session_id_context(SSL_CTX *>I<ctx>B<, const unsigned char *>I<sid_ctx>B<,>\n" " B<unsigned int> I<sid_ctx_len>B<);>\n" " B<int SSL_set_session_id_context(SSL *>I<ssl>B<, const unsigned char *>I<sid_ctx>B<,>\n" " B<unsigned int> I<sid_ctx_len>B<);>\n" "\n" #. type: textblock #: C/ssl/SSL_CTX_set_session_id_context.pod:18 msgid "" "SSL_CTX_set_session_id_context() sets the context B<sid_ctx> of length " "B<sid_ctx_len> within which a session can be reused for the B<ctx> object." msgstr "" "B<SSL_CTX_set_session_id_context>() définit le contexte I<sid_ctx> de " "longueur I<sid_ctx_len> dans lequel une session peut être réutilisée pour " "lâ??objet I<ctx>." #. type: textblock #: C/ssl/SSL_CTX_set_session_id_context.pod:21 msgid "" "SSL_set_session_id_context() sets the context B<sid_ctx> of length " "B<sid_ctx_len> within which a session can be reused for the B<ssl> object." msgstr "" "B<SSL_set_session_id_context>() définit le contexte I<sid_ctx> de longueur " "I<sid_ctx_len> dans lequel une session peut être réutilisée pour lâ??objet " "I<ssl>." #. type: textblock #: C/ssl/SSL_CTX_set_session_id_context.pod:26 msgid "" "Sessions are generated within a certain context. When exporting/importing " "sessions with B<i2d_SSL_SESSION>/B<d2i_SSL_SESSION> it would be possible, to " "re-import a session generated from another context (e.g. another " "application), which might lead to malfunctions. Therefore each application " "must set its own session id context B<sid_ctx> which is used to distinguish " "the contexts and is stored in exported sessions. The B<sid_ctx> can be any " "kind of binary data with a given length, it is therefore possible to use e." "g. the name of the application and/or the hostname and/or service name ..." msgstr "" "Les sessions sont créées à lâ??intérieur dâ??un certain contexte. Lors de " "lâ??importation ou exportation de session avec B<i2d_SSL_SESSION> ou " "B<d2i_SSL_SESSION>, il serait possible de réimporter une session créée à " "partir dâ??un autre contexte (câ??est-à -dire, une autre application), qui " "pourrait amener des défaillances. Par conséquent chaque application doit " "définir son propre contexte dâ??identifiant de session I<sid_ctx> qui est " "utilisé pour différencier les contextes et est stocké dans les sessions " "exportées. I<sid_ctx> peut être nâ??importe quelle donnée binaire avec une " "longueur donnée, et donc il est possible dâ??utiliser par exemple le nom de " "lâ??application et/ou le nom dâ??hôte et/ou le nom du serviceâ?¦" #. type: textblock #: C/ssl/SSL_CTX_set_session_id_context.pod:36 msgid "" "The session id context becomes part of the session. The session id context " "is set by the SSL/TLS server. The SSL_CTX_set_session_id_context() and " "SSL_set_session_id_context() functions are therefore only useful on the " "server side." msgstr "" "Le contexte dâ??identifiant de session devient partie de la session. Il est " "défini par le serveur SSL/TSL. Les fonctions " "B<SSL_CTX_set_session_id_context>() et B<SSL_set_session_id_context>() sont " "donc seulement utiles du coté serveur." #. type: textblock #: C/ssl/SSL_CTX_set_session_id_context.pod:41 msgid "" "OpenSSL clients will check the session id context returned by the server " "when reusing a session." msgstr "" "Les clients OpenSSL vérifieront le contexte dâ??identifiant de session renvoyé " "par le serveur lors de la réutilisation dâ??une session." #. type: textblock #: C/ssl/SSL_CTX_set_session_id_context.pod:44 msgid "" "The maximum length of the B<sid_ctx> is limited to " "B<SSL_MAX_SSL_SESSION_ID_LENGTH>." msgstr "" "La longueur maximale de I<sid_ctx> est B<SSL_MAX_SSL_SESSION_ID_LENGTH>." #. type: textblock #: C/ssl/SSL_CTX_set_session_id_context.pod:49 msgid "" "If the session id context is not set on an SSL/TLS server and client " "certificates are used, stored sessions will not be reused but a fatal error " "will be flagged and the handshake will fail." msgstr "" "Si le contexte dâ??identifiant de session nâ??est pas défini sur un serveur SSL/" "TLS et que les certificats sont utilisés, les sessions stockées ne seront " "pas réutilisées, mais une erreur fatale sera signalée et lâ??initialisation de " "connexion échouera." #. type: textblock #: C/ssl/SSL_CTX_set_session_id_context.pod:54 msgid "" "If a server returns a different session id context to an OpenSSL client when " "reusing a session, an error will be flagged and the handshake will fail. " "OpenSSL servers will always return the correct session id context, as an " "OpenSSL server checks the session id context itself before reusing a session " "as described above." msgstr "" "Si un serveur renvoie un contexte différent dâ??identifiant de session à un " "client OpenSSL réutilisant une session, une erreur sera signalée et " "lâ??initialisation de connexion échouera. Les serveurs OpenSSL renvoient " "lâ??exact contexte dâ??identifiant de connexion, puisquâ??ils contrôlent le " "contexte dâ??identifiant de connexion avant de réutiliser une session comme " "décrit ci-dessus." #. type: textblock #: C/ssl/SSL_CTX_set_session_id_context.pod:62 msgid "" "SSL_CTX_set_session_id_context() and SSL_set_session_id_context() return " "the following values:" msgstr "" "B<SSL_CTX_set_session_id_context>() et B<SSL_set_session_id_context>() " "renvoient les valeurs suivantes :" #. type: textblock #: C/ssl/SSL_CTX_set_session_id_context.pod:69 msgid "" "The length B<sid_ctx_len> of the session id context B<sid_ctx> exceeded the " "maximum allowed length of B<SSL_MAX_SSL_SESSION_ID_LENGTH>. The error is " "logged to the error stack." msgstr "" "La longueur I<sid_ctx_len> du contexte dâ??identifiant de session I<sid_ctx> " "dépasse la longueur maximale allouée de B<SSL_MAX_SSL_SESSION_ID_LENGTH>. " "Lâ??erreur est journalisée dans la pile dâ??erreurs." #. type: textblock #: C/ssl/SSL_CTX_set_ssl_version.pod:5 msgid "" "SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method - choose a " "new TLS/SSL method" msgstr "" "SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method - Choisir " "une nouvelle méthode TLS ou SSL" #. type: verbatim #: C/ssl/SSL_CTX_set_ssl_version.pod:12 #, no-wrap msgid "" " int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *method);\n" " int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method);\n" " const SSL_METHOD *SSL_get_ssl_method(SSL *ssl);\n" "\n" msgstr "" "B< int SSL_CTX_set_ssl_version(SSL_CTX *>I<ctx>B<, const SSL_METHOD *>I<method>B<);>\n" " B<int SSL_set_ssl_method(SSL *>I<s>B<, const SSL_METHOD *>I<method>B<);>\n" " B<const SSL_METHOD *SSL_get_ssl_method(SSL *>I<ssl>B<);>\n" "\n" #. type: textblock #: C/ssl/SSL_CTX_set_ssl_version.pod:18 msgid "" "SSL_CTX_set_ssl_version() sets a new default TLS/SSL B<method> for SSL " "objects newly created from this B<ctx>. SSL objects already created with " "L<SSL_new(3)|SSL_new(3)> are not affected, except when L<SSL_clear(3)|" "SSL_clear(3)> is being called." msgstr "" "B<SSL_CTX_set_ssl_version>() définit une nouvelle I<method> TLS ou SSL par " "défaut pour les objets SSL nouvellement créés à partir de ce I<ctx>. Les " "objets SSL déjà créés avec L<B<SSL_new>(3)|SSL_new(3)> ne sont pas " "concernés, sauf si L<B<SSL_clear>(3)|SSL_clear(3)> est appelée." #. type: textblock #: C/ssl/SSL_CTX_set_ssl_version.pod:23 msgid "" "SSL_set_ssl_method() sets a new TLS/SSL B<method> for a particular B<ssl> " "object. It may be reset, when SSL_clear() is called." msgstr "" "B<SSL_set_ssl_method>() définit une nouvelle I<method> TLS ou SSL pour un " "objet I<ssl> spécifique. Elle pourrait être redéfinie si B<SSL_clear>() est " "appelé." #. type: textblock #: C/ssl/SSL_CTX_set_ssl_version.pod:26 msgid "" "SSL_get_ssl_method() returns a function pointer to the TLS/SSL method set in " "B<ssl>." msgstr "" "B<SSL_get_ssl_method>() renvoie un pointeur de fonction vers la méthode TLS " "ou SSL définie en I<ssl>." #. type: textblock #: C/ssl/SSL_CTX_set_ssl_version.pod:31 msgid "" "The available B<method> choices are described in L<SSL_CTX_new(3)|" "SSL_CTX_new(3)>." msgstr "" "Les possibilités de I<method> disponibles sont décrites en " "L<B<SSL_CTX_new>(3)|SSL_CTX_new(3)>." #. type: textblock #: C/ssl/SSL_CTX_set_ssl_version.pod:34 msgid "" "When L<SSL_clear(3)|SSL_clear(3)> is called and no session is connected to " "an SSL object, the method of the SSL object is reset to the method currently " "set in the corresponding SSL_CTX object." msgstr "" "Quand L<B<SSL_clear>(3)|SSL_clear(3)> est appelée et qu'aucune session n'est " "connectée à un objet SSL, la méthode de l'objet SSL est redéfinie à la " "méthode actuellement définie dans l'objet SSL_CTX correspondant." #. type: textblock #: C/ssl/SSL_CTX_set_ssl_version.pod:40 msgid "" "The following return values can occur for SSL_CTX_set_ssl_version() and " "SSL_set_ssl_method():" msgstr "" "Les valeurs suivantes peuvent être renvoyées pour " "B<SSL_CTX_set_ssl_version>() et B<SSL_set_ssl_method>()." #. type: textblock #: C/ssl/SSL_CTX_set_ssl_version.pod:47 msgid "The new choice failed, check the error stack to find out the reason." msgstr "" "Le nouveau choix a échoué, vérifiez la pile d'erreur pour découvrir la " "raison." #. type: textblock #: C/ssl/SSL_CTX_set_ssl_version.pod:57 msgid "" "L<SSL_CTX_new(3)|SSL_CTX_new(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_clear(3)|" "SSL_clear(3)>, L<ssl(3)|ssl(3)>, L<SSL_set_connect_state(3)|" "SSL_set_connect_state(3)>" msgstr "" "L<B<SSL_CTX_new>(3)|SSL_CTX_new(3)>, L<B<SSL_new>(3)|SSL_new(3)>, " "L<B<SSL_clear>(3)|SSL_clear(3)>, L<B<ssl>(3)|ssl(3)>, " "L<B<SSL_set_connect_state>(3)|SSL_set_connect_state(3)>" #. type: textblock #: C/ssl/SSL_CTX_set_timeout.pod:5 msgid "" "SSL_CTX_set_timeout, SSL_CTX_get_timeout - manipulate timeout values for " "session caching" msgstr "" "SSL_CTX_set_timeout, SSL_CTX_get_timeout - Manipuler les valeurs de délai " "d'expiration pour le cache de sessions" #. type: verbatim #: C/ssl/SSL_CTX_set_timeout.pod:11 #, no-wrap msgid "" " long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);\n" " long SSL_CTX_get_timeout(SSL_CTX *ctx);\n" "\n" msgstr "" "B< long SSL_CTX_set_timeout(SSL_CTX *>I<ctx>B<, long> I<t>B<);>\n" " B<long SSL_CTX_get_timeout(SSL_CTX *>I<ctx>B<);>\n" "\n" #. type: textblock #: C/ssl/SSL_CTX_set_timeout.pod:16 msgid "" "SSL_CTX_set_timeout() sets the timeout for newly created sessions for B<ctx> " "to B<t>. The timeout value B<t> must be given in seconds." msgstr "" "B<SSL_CTX_set_timeout>() définit le délai d'expiration pour les sessions " "nouvellement créées pour I<ctx> à I<t>. La valeur de délai d'expiration I<t> " "doit être donnée en seconde." #. type: textblock #: C/ssl/SSL_CTX_set_timeout.pod:19 msgid "" "SSL_CTX_get_timeout() returns the currently set timeout value for B<ctx>." msgstr "" "B<SSL_CTX_get_timeout>() renvoie la valeur de délai d'expiration " "actuellement définie pour I<ctx>." #. type: textblock #: C/ssl/SSL_CTX_set_timeout.pod:23 msgid "" "Whenever a new session is created, it is assigned a maximum lifetime. This " "lifetime is specified by storing the creation time of the session and the " "timeout value valid at this time. If the actual time is later than creation " "time plus timeout, the session is not reused." msgstr "" "Ã? chaque fois qu'une nouvelle session est créée, une durée de vie maximale " "lui est attribuée. Cette durée de vie est indiquée en gardant la date de " "création de la session et la valeur de délai d'expiration valable à ce " "moment. Si la date réelle est au delà du délai d'expiration ajouté à la date " "de création, la session n'est pas réutilisée." #. type: textblock #: C/ssl/SSL_CTX_set_timeout.pod:28 msgid "" "Due to this realization, all sessions behave according to the timeout value " "valid at the time of the session negotiation. Changes of the timeout value " "do not affect already established sessions." msgstr "" "Ã? cause de cette actualisation, toutes les sessions se comportent d'après la " "valeur de délai d'expiration valable au moment de la négociation de session. " "Les modifications à la valeur de délai d'expiration n'affectent pas les " "sessions déjà établies." #. type: textblock #: C/ssl/SSL_CTX_set_timeout.pod:32 msgid "" "The expiration time of a single session can be modified using the " "L<SSL_SESSION_get_time(3)|SSL_SESSION_get_time(3)> family of functions." msgstr "" "La date d'expiration d'une seule session peut être modifiée en utilisant la " "famille de fonctions L<B<SSL_SESSION_get_time>(3)|SSL_SESSION_get_time(3)>." #. type: textblock #: C/ssl/SSL_CTX_set_timeout.pod:35 msgid "" "Expired sessions are removed from the internal session cache, whenever " "L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)> is called, either " "directly by the application or automatically (see " "L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>)" msgstr "" "Les sessions expirées sont supprimées du cache de sessions interne, à chaque " "fois que L<B<SSL_CTX_flush_sessions>(3)|SSL_CTX_flush_sessions(3)> est " "appelée, soit directement par l'application, soit automatiquement (consultez " "L<B<SSL_CTX_set_session_cache_mode>(3)|SSL_CTX_set_session_cache_mode(3)>)" #. type: textblock #: C/ssl/SSL_CTX_set_timeout.pod:40 msgid "" "The default value for session timeout is decided on a per protocol basis, " "see L<SSL_get_default_timeout(3)|SSL_get_default_timeout(3)>. All currently " "supported protocols have the same default timeout value of 300 seconds." msgstr "" "La valeur par défaut pour le délai d'expiration de la session est décidée en " "fonction du protocole, consultez L<B<SSL_get_default_timeout>(3)|" "SSL_get_default_timeout(3)>. Tous les protocoles actuellement pris en charge " "ont la même valeur de délai d'expiration par défaut de 300 secondes." #. type: textblock #: C/ssl/SSL_CTX_set_timeout.pod:47 msgid "SSL_CTX_set_timeout() returns the previously set timeout value." msgstr "" "B<SSL_CTX_set_timeout>() renvoie la valeur de délai d'expiration " "précédemment définie." #. type: textblock #: C/ssl/SSL_CTX_set_timeout.pod:49 msgid "SSL_CTX_get_timeout() returns the currently set timeout value." msgstr "" "B<SSL_CTX_get_timeout>() renvoie la valeur de délai d'expiration " "actuellement définie." #. type: textblock #: C/ssl/SSL_CTX_set_timeout.pod:53 msgid "" "L<ssl(3)|ssl(3)>, L<SSL_CTX_set_session_cache_mode(3)|" "SSL_CTX_set_session_cache_mode(3)>, L<SSL_SESSION_get_time(3)|" "SSL_SESSION_get_time(3)>, L<SSL_CTX_flush_sessions(3)|" "SSL_CTX_flush_sessions(3)>, L<SSL_get_default_timeout(3)|" "SSL_get_default_timeout(3)>" msgstr "" "L<B<ssl>(3)|ssl(3)>, L<B<SSL_CTX_set_session_cache_mode>(3)|" "SSL_CTX_set_session_cache_mode(3)>, L<B<SSL_SESSION_get_time>(3)|" "SSL_SESSION_get_time(3)>, L<B<SSL_CTX_flush_sessions>(3)|" "SSL_CTX_flush_sessions(3)>, L<B<SSL_get_default_timeout>(3)|" "SSL_get_default_timeout(3)>" #. type: textblock #: C/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod:5 msgid "" "SSL_CTX_set_tlsext_ticket_key_cb - set a callback for session ticket " "processing" msgstr "" "SSL_CTX_set_tlsext_ticket_key_cb - Définir un rappel pour le traitement de " "ticket de session" #. type: verbatim #: C/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod:9 #, no-wrap msgid "" " #include <openssl/tls1.h>\n" "\n" msgstr "" "B< #include E<lt>openssl/tls1.hE<gt>>\n" "\n" #. type: verbatim #: C/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod:11 #, no-wrap msgid "" " long SSL_CTX_set_tlsext_ticket_key_cb(SSL_CTX sslctx,\n" " int (*cb)(SSL *s, unsigned char key_name[16],\n" "\t unsigned char iv[EVP_MAX_IV_LENGTH],\n" "\t\t EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc));\n" "\n" msgstr "" "B< long SSL_CTX_set_tlsext_ticket_key_cb(SSL_CTX> I<sslctx>B<,>\n" " B<int (*>I<cb>B<)(SSL *s, unsigned char key_name[16],>\n" " \t B<unsigned char> I<iv>B<[EVP_MAX_IV_LENGTH],>\n" " \t\t B<EVP_CIPHER_CTX *>I<ctx>B<, HMAC_CTX *>I<hctx>B<, int> I<enc>B<));>\n" "\n" #. type: textblock #: C/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod:18 msgid "" "SSL_CTX_set_tlsext_ticket_key_cb() sets a callback fuction I<cb> for " "handling session tickets for the ssl context I<sslctx>. Session tickets, " "defined in RFC5077 provide an enhanced session resumption capability where " "the server implementation is not required to maintain per session state. It " "only applies to TLS and there is no SSLv3 implementation." msgstr "" "B<SSL_CTX_set_tlsext_ticket_key_cb>() définit une fonction de rappel I<cb> " "pour gérer les tickets de session pour le contexte SSL I<sslctx>. Les " "tickets de session définis dans la RFC5077 procurent une amélioration de " "capacité de reprise de session là où lâ??implémentation du serveur ne requiert " "pas la conservation de lâ??état par session. Cela ne sâ??applique quâ??à TLS et il " "nâ??existe pas dâ??implémentation pour SSLv3." #. type: textblock #: C/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod:24 msgid "" "The callback is available when the OpenSSL library was built without " "I<OPENSSL_NO_TLSEXT> being defined." msgstr "" "Le rappel est disponible lorsque la bibliothèque OpenSSL a été construite " "sans que B<OPENSSL_NO_TLSEXT> soit défini." #. type: textblock #: C/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod:27 msgid "" "The callback function I<cb> will be called for every client instigated TLS " "session when session ticket extension is presented in the TLS hello message. " "It is the responsibility of this function to create or retrieve the " "cryptographic parameters and to maintain their state." msgstr "" "La fonction de rappel I<cb> sera appelée pour chaque client qui initie une " "session TLS lorsque lâ??extension de ticket de session est présentée dans le " "message « hello » de TLS. Câ??est la charge de cette fonction de créer ou " "extraire les paramètres de chiffrement et de conserver leur état." #. type: textblock #: C/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod:32 msgid "" "The OpenSSL library uses your callback function to help implement a common " "TLS ticket construction state according to RFC5077 Section 4 such that per " "session state is unnecessary and a small set of cryptographic variables " "needs to be maintained by the callback function implementation." msgstr "" "La bibliothèque OpenSSL utilise la fonction de rappel pour mettre en Å?uvre " "un état commun de construction de ticket selon la section 4 de la RFC5077, " "et est telle que lâ??état de session lâ??état est inutile et quâ??un petit " "ensemble de variables de chiffrement doit être conservé par lâ??implémentation " "de la fonction de rappel." #. type: textblock #: C/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod:37 msgid "" "In order to reuse a session, a TLS client must send the a session ticket " "extension to the server. The client can only send exactly one session " "ticket. The server, through the callback function, either agrees to reuse " "the session ticket information or it starts a full TLS handshake to create a " "new session ticket." msgstr "" "Pour réutiliser une session, un client TLS doit envoyer une extension de " "ticket de session au serveur. Le client ne peut envoyer quâ??un seul ticket de " "session. Le serveur, à lâ??aide de la fonction de rappel, soit accepte de " "réutiliser les données du ticket de session ou démarre une initialisation de " "connexion TLS complète pour créer un nouveau ticket de session." #. type: textblock #: C/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod:43 msgid "" "Before the callback function is started I<ctx> and I<hctx> have been " "initialised with EVP_CIPHER_CTX_init and HMAC_CTX_init respectively." msgstr "" "Avant dâ??utiliser la fonction de rappel, I<ctx> et I<hctx> sont initialisés " "avec respectivement EVP_CIPHER_CTX_init et HMAC_CTX_init." #. type: textblock #: C/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod:46 msgid "" "For new sessions tickets, when the client doesn't present a session ticket, " "or an attempted retreival of the ticket failed, or a renew option was " "indicated, the callback function will be called with I<enc> equal to 1. The " "OpenSSL library expects that the function will set an arbitary I<name>, " "initialize I<iv>, and set the cipher context I<ctx> and the hash context " "I<hctx>." msgstr "" "Pour les nouveaux tickets de session, si le client nâ??en présente pas, ou une " "recherche de ticket échoue, ou un renouvellement dâ??option est présenté, la " "fonction de rappel sera demandée avec I<enc> égal à B<1>. La bibliothèque " "OpenSSl demande que la fonction définisse un I<name> arbitraire, initialise " "I<iv>, et définisse le contexte du chiffrement I<ctx> et le contexte du " "hachage I<hctx>." #. type: textblock #: C/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod:52 msgid "The I<name> is 16 characters long and is used as a key identifier." msgstr "" "Le I<name> comporte 16 caractères et est utilisé comme clef dâ??identification." #. type: textblock #: C/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod:54 msgid "" "The I<iv> length is the length of the IV of the corresponding cipher. The " "maximum IV length is L<EVP_MAX_IV_LENGTH> bytes defined in B<evp.h>." msgstr "" "La longueur de I<iv> est la longueur du vecteur dâ??initialisation de " "lâ??algorithme de chiffrement correspondant. La longueur maximale est " "B<EVP_MAX_IV_LENGTH> octets définie dans I<evp.h>." #. type: textblock #: C/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod:57 msgid "" "The initialization vector I<iv> should be a random value. The cipher context " "I<ctx> should use the initialisation vector I<iv>. The cipher context can be " "set using L<EVP_EncryptInit_ex>. The hmac context can be set using " "L<HMAC_Init_ex>." msgstr "" "Le vecteur dâ??initialisation I<iv> doit être une valeur aléatoire. Le " "contexte de chiffrement I<ctx> doit utiliser le vecteur I<iv>. Le contexte " "peut être défini en utilisant B<EVP_EncryptInit_ex>. Le contexte HMAC peut " "lâ??être avec B<HMAC_Init_ex>." #. type: textblock #: C/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod:61 msgid "" "When the client presents a session ticket, the callback function with be " "called with I<enc> set to 0 indicating that the I<cb> function should " "retreive a set of parameters. In this case I<name> and I<iv> have already " "been parsed out of the session ticket. The OpenSSL library expects that the " "I<name> will be used to retrieve a cryptographic parameters and that the " "cryptographic context I<ctx> will be set with the retreived parameters and " "the initialization vector I<iv>. using a function like " "L<EVP_DecryptInit_ex>. The I<hctx> needs to be set using L<HMAC_Init_ex>." msgstr "" "Quand un client présente un ticket de session, la fonction de rappel sera " "appelée avec I<enc> défini à B<0>, signifiant que la fonction I<cb> doit " "retrouver un ensemble de paramètres. Dans ce cas, I<name> et I<iv> ont déjà " "été séparés du ticket de session. La bibliothèque OpenSSl sâ??attend à ce que " "I<name> soit utilisé pour récupérer les paramètres de chiffrement et que le " "contexte de chiffrement I<ctx> soit défini pour retrouver les paramètres et " "le vecteur dâ??initialisation I<iv>, en utilisant une fonction telle que " "B<EVP_DecryptInit_ex>. I<hctx> doit être défini avec B<HMAC_Init_ex>." #. type: textblock #: C/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod:70 msgid "" "If the I<name> is still valid but a renewal of the ticket is required the " "callback function should return 2. The library will call the callback again " "with an arguement of enc equal to 1 to set the new ticket." msgstr "" "Si I<name> est toujours valable mais quâ??un renouvellement du ticket est " "demandé, la fonction de rappel renverra B<2>. La bibliothèque appellera de " "nouveau le rappel avec un argument pour I<enc> égal à B<1> pour définir le " "nouveau ticket." #. type: textblock #: C/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod:74 msgid "" "The return value of the I<cb> function is used by OpenSSL to determine what " "further processing will occur. The following return values have meaning:" msgstr "" "La valeur de retour de la fonction I<cb> est utilisée par OpenSSL pour " "déterminer quel est le traitement à venir. Les valeurs suivantes " "signifient : " #. type: =item #: C/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod:79 msgid "Z<>2" msgstr "Z<>2" #. type: textblock #: C/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod:81 msgid "" "This indicates that the I<ctx> and I<hctx> have been set and the session can " "continue on those parameters. Additionally it indicates that the session " "ticket is in a renewal period and should be replaced. The OpenSSL library " "will call I<cb> again with an enc argument of 1 to set the new ticket (see " "RFC5077 3.3 paragraph 2)." msgstr "" "Cela indique que I<ctx> et I<hctx> ont été définis et que la session peut " "continuer avec ces paramètres. En plus, cela indique que le ticket de " "session est dans une période de renouvellement et devrait être renouvelé. La " "bibliothèque OpenSSL appellera de nouveau I<cb> avec un argument I<enc> de " "B<1> pour définir le nouveau ticket (consultez la RFC5077 3.3, paragraphe 2)." #. type: textblock #: C/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod:89 msgid "" "This indicates that the I<ctx> and I<hctx> have been set and the session can " "continue on those parameters." msgstr "" "Cela indique que I<ctx> et I<hctx> ont été définis et que la session peut " "continuer avec ces paramètres." #. type: textblock #: C/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod:94 msgid "" "This indicates that it was not possible to set/retrieve a session ticket and " "the SSL/TLS session will continue by by negiotationing a set of " "cryptographic parameters or using the alternate SSL/TLS resumption " "mechanism, session ids." msgstr "" "Cela indique quâ??il nâ??a pas été possible de définir ou retrouver un ticket de " "session et que la session SSL/TLS continuera par une négociation dâ??un " "ensemble de paramètres de chiffrement ou en utilisant le mécanisme de " "reprise alternatif de SSL/TLS par identifiants de session." #. type: textblock #: C/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod:98 msgid "" "If called with enc equal to 0 the library will call the I<cb> again to get a " "new set of parameters." msgstr "" "Si appelée avec I<enc> égal B<0>, la bibliothèque appellera de nouveau I<cb> " "pour obtenir un nouveau jeu de paramètres." #. type: =item #: C/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod:101 msgid "less than 0" msgstr "inférieur à 0" #. type: textblock #: C/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod:103 msgid "This indicates an error." msgstr "Cela indique une erreur." #. type: textblock #: C/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod:109 msgid "" "Session resumption shortcuts the TLS so that the client certificate " "negiotation don't occur. It makes up for this by storing client certificate " "an all other negotiated state information encrypted within the ticket. In a " "resumed session the applications will have all this state information " "available exactly as if a full negiotation had occured." msgstr "" "La reprise de session court-circuite TLS de façon à ce que la négociation de " "certificat du client ne se produise pas. Pour cela, le certificat du client " "et toute autre information sur lâ??état de la négociation sont chiffrés dans " "le ticket. Dans une reprise de session, les applications auront toute " "lâ??information dâ??état disponible comme après une pleine négociation." #. type: textblock #: C/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod:115 msgid "" "If an attacker can obtain the key used to encrypt a session ticket, they can " "obtain the master secret for any ticket using that key and decrypt any " "traffic using that session: even if the ciphersuite supports forward " "secrecy. As a result applications may wish to use multiple keys and avoid " "using long term keys stored in files." msgstr "" "Si un attaquant pouvait obtenir la clef utilisée pour chiffrer le ticket de " "session, il pourrait, pour tout ticket utilisant cette clef, obtenir la clef " "secrète maître et déchiffrer tous les messages émis par cette session, même " "si la suite de chiffrement prend en charge la confidentialité persistante. " "Par conséquent, les applications peuvent vouloir utiliser plusieurs clefs et " "éviter les clefs utilisées sur un long terme et stockées dans des fichiers." #. type: textblock #: C/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod:121 msgid "" "Applications can use longer keys to maintain a consistent level of " "security. For example if a ciphersuite uses 256 bit ciphers but only a 128 " "bit ticket key the overall security is only 128 bits because breaking the " "ticket key will enable an attacker to obtain the session keys." msgstr "" "Les applications peuvent utiliser des clefs plus longues pour conserver un " "niveau de sécurité constant. Par exemple, si la suite de chiffrement est " "basée sur 256 bits mais que la clef du ticket est basée sur 128 bits, la " "sécurité dâ??ensemble est basée sur 128 bits car le cassage de la clef de " "ticket permettra à un attaquant dâ??obtenir les clefs de session." #. type: verbatim #: C/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod:128 #, no-wrap msgid "" "Reference Implemention:\n" " SSL_CTX_set_tlsext_ticket_key_cb(SSL,ssl_tlsext_ticket_key_cb);\n" " ....\n" "\n" msgstr "" "Implémentation de référence :\n" " SSL_CTX_set_tlsext_ticket_key_cb(SSL,ssl_tlsext_ticket_key_cb);\n" " ...\n" "\n" #. type: verbatim #: C/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod:132 #, no-wrap msgid "" " static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], unsigned char *iv, EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc)\n" " {\n" " if (enc) { /* create new session */\n" " if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) ) {\n" " return -1; /* insufficient random */\n" " }\n" " \n" msgstr "" " static int ssl_tlsext_ticket_key_cb(SSL *s,\n" " unsigned char key_name[16],\n" " unsigned char *iv, EVP_CIPHER_CTX *ctx,\n" " HMAC_CTX *hctx, int enc)\n" " {\n" " if (enc) { /* créer une nouvelle session */\n" " if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) ) {\n" " return -1; /* entropie insuffisante */\n" " }\n" " \n" #. type: verbatim #: C/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod:139 #, no-wrap msgid "" " key = currentkey(); /* something that you need to implement */\n" " if ( !key ) {\n" " /* current key doesn't exist or isn't valid */\n" " key = createkey(); /* something that you need to implement.\n" " * createkey needs to initialise, a name,\n" " * an aes_key, a hmac_key and optionally\n" " * an expire time. */\n" " if ( !key ) { /* key couldn't be created */\n" " return 0;\n" " }\n" " }\n" " memcpy(key_name, key->name, 16);\n" " \n" msgstr "" " key = currentkey(); /* quelque chose à mettre en Å?uvre */\n" " if ( !key ) {\n" " /* la clef actuelle nâ??existe pas ou nâ??est pas valable */\n" " key = createkey(); /* quelque chose à mettre en Å?uvre.\n" " * createkey doit initialiser un nom,\n" " * une clef AES, une clef HMAC et\n" " * peut-être une date limite. */\n" " if ( !key ) { /* la clef nâ??a pu être créée */\n" " return 0;\n" " }\n" " }\n" " memcpy(key_name, key->name, 16);\n" " \n" #. type: verbatim #: C/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod:152 #, no-wrap msgid "" " EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->aes_key, iv);\n" " HMAC_Init_ex(&hctx, key->hmac_key, 16, EVP_sha256(), NULL);\n" " \n" msgstr "" " EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,\n" " key->aes_key, iv);\n" " HMAC_Init_ex(&hctx, key->hmac_key, 16, EVP_sha256(), NULL);\n" " \n" #. type: verbatim #: C/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod:155 #, no-wrap msgid "" " return 1;\n" " \n" msgstr "" " return 1;\n" " \n" #. type: verbatim #: C/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod:157 #, no-wrap msgid "" " } else { /* retrieve session */\n" " key = findkey(name);\n" " \n" msgstr "" " } else { /* retrouver une session */\n" " key = findkey(name);\n" " \n" #. type: verbatim #: C/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod:160 #, no-wrap msgid "" " if (!key || key->expire < now() ) {\n" " return 0;\n" " }\n" " \n" msgstr "" " if (!key || key->expire < now() ) {\n" " return 0;\n" " }\n" " \n" #. type: verbatim #: C/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod:164 #, no-wrap msgid "" " HMAC_Init_ex(&hctx, key->hmac_key, 16, EVP_sha256(), NULL);\n" " EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->aes_key, iv );\n" "\n" msgstr "" " HMAC_Init_ex(&hctx, key->hmac_key, 16, EVP_sha256(), NULL);\n" " EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,\n" " key->aes_key, iv);\n" "\n" #. type: verbatim #: C/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod:167 #, no-wrap msgid "" " if (key->expire < ( now() - RENEW_TIME ) ) {\n" " /* return 2 - this session will get a new ticket even though the current is still valid */\n" " return 2;\n" " }\n" " return 1;\n" " \n" msgstr "" " if (key->expire < ( now() - RENEW_TIME ) ) {\n" " /* return 2 ~ cette session doit obtenir un nouveau\n" " ticket même si lâ??actuel est encore valable */\n" " return 2;\n" " }\n" " return 1;\n" " \n" #. type: verbatim #: C/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod:173 #, no-wrap msgid "" " }\n" " }\n" "\n" msgstr "" " }\n" " }\n" "\n" #. type: textblock #: C/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod:180 msgid "returns 0 to indicate the callback function was set." msgstr "B<0> est renvoyé pour signifier quâ??une fonction de rappel est définie." #. type: textblock #: C/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod:184 msgid "" "L<ssl(3)|ssl(3)>, L<SSL_set_session(3)|SSL_set_session(3)>, " "L<SSL_session_reused(3)|SSL_session_reused(3)>, L<SSL_CTX_add_session(3)|" "SSL_CTX_add_session(3)>, L<SSL_CTX_sess_number(3)|SSL_CTX_sess_number(3)>, " "L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>, " "L<SSL_CTX_set_session_id_context(3)|SSL_CTX_set_session_id_context(3)>," msgstr "" "L<B<ssl>(3)|ssl(3)>, L<B<SSL_set_session>(3)|SSL_set_session(3)>, " "L<B<SSL_session_reused>(3)|SSL_session_reused(3)>, " "L<B<SSL_CTX_add_session>(3)|SSL_CTX_add_session(3)>, " "L<B<SSL_CTX_sess_number>(3)|SSL_CTX_sess_number(3)>, " "L<B<SSL_CTX_sess_set_get_cb>(3)|SSL_CTX_sess_set_get_cb(3)>, " "L<B<SSL_CTX_set_session_id_context>(3)|SSL_CTX_set_session_id_context(3)>," #. type: textblock #: C/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod:193 msgid "This function was introduced in OpenSSL 0.9.8h" msgstr "Cette fonction a été introduite dans OpenSSL 0.9.8h" #. type: textblock #: C/ssl/SSL_CTX_set_tmp_dh_callback.pod:5 msgid "" "SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, " "SSL_set_tmp_dh - handle DH keys for ephemeral key exchange" msgstr "" "SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, " "SSL_set_tmp_dh - Gérer les clefs DH pour lâ??échange de clefs éphémères" #. type: verbatim #: C/ssl/SSL_CTX_set_tmp_dh_callback.pod:11 #, no-wrap msgid "" " void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,\n" " DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength));\n" " long SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh);\n" "\n" msgstr "" "B< void SSL_CTX_set_tmp_dh_callback(SSL_CTX *>I<ctx>B<,>\n" " B<DH *(*>I<tmp_dh_callback>B<)(SSL *>I<ssl>B<, int> I<is_export>B<,>\n" " B<int> I<taille_clef>B<);>\n" " B<long SSL_CTX_set_tmp_dh(SSL_CTX *>I<ctx>B<, DH *>I<dh>B<);>\n" "\n" #. type: verbatim #: C/ssl/SSL_CTX_set_tmp_dh_callback.pod:15 #, no-wrap msgid "" " void SSL_set_tmp_dh_callback(SSL *ctx,\n" " DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength));\n" " long SSL_set_tmp_dh(SSL *ssl, DH *dh)\n" "\n" msgstr "" "B< void SSL_set_tmp_dh_callback(SSL *>I<ctx>B<,>\n" " B<DH *(*>I<tmp_dh_callback>B<)(SSL *>I<ssl>B<, int> I<is_export>B<,>\n" " B<int> I<taille_clef>B<));>\n" " B<long SSL_set_tmp_dh(SSL *>I<ssl>B<, DH *>I<dh>B<)>\n" "\n" #. type: textblock #: C/ssl/SSL_CTX_set_tmp_dh_callback.pod:21 msgid "" "SSL_CTX_set_tmp_dh_callback() sets the callback function for B<ctx> to be " "used when a DH parameters are required to B<tmp_dh_callback>. The callback " "is inherited by all B<ssl> objects created from B<ctx>." msgstr "" "B<SSL_CTX_set_tmp_dh_callback>() définit la fonction de rappel à utiliser " "pour I<ctx> lorsquâ??un paramètre DH est nécessaire pour I<tmp_dh_callback>. " "Tous les objets I<ssl> créés à partir de I<ctx> héritent du rappel." #. type: textblock #: C/ssl/SSL_CTX_set_tmp_dh_callback.pod:25 msgid "" "SSL_CTX_set_tmp_dh() sets DH parameters to be used to be B<dh>. The key is " "inherited by all B<ssl> objects created from B<ctx>." msgstr "" "B<SSL_CTX_set_tmp_dh>() définit les paramètres DH à utiliser à I<dh>. Tous " "les objets I<ssl> créés à partir de I<ctx> héritent de la clef." #. type: textblock #: C/ssl/SSL_CTX_set_tmp_dh_callback.pod:28 msgid "SSL_set_tmp_dh_callback() sets the callback only for B<ssl>." msgstr "B<SSL_set_tmp_dh_callback>() définit le rappel seulement pour I<ssl>." #. type: textblock #: C/ssl/SSL_CTX_set_tmp_dh_callback.pod:30 msgid "SSL_set_tmp_dh() sets the parameters only for B<ssl>." msgstr "B<SSL_set_tmp_dh>() définit les paramètres seulement pour I<ssl>." #. type: textblock #: C/ssl/SSL_CTX_set_tmp_dh_callback.pod:32 #: C/ssl/SSL_CTX_set_tmp_rsa_callback.pod:46 msgid "These functions apply to SSL/TLS servers only." msgstr "Ces fonctions sont applicables aux serveurs SSL/TLS uniquement." #. type: textblock #: C/ssl/SSL_CTX_set_tmp_dh_callback.pod:36 msgid "" "When using a cipher with RSA authentication, an ephemeral DH key exchange " "can take place. Ciphers with DSA keys always use ephemeral DH keys as well. " "In these cases, the session data are negotiated using the ephemeral/" "temporary DH key and the key supplied and certified by the certificate chain " "is only used for signing. Anonymous ciphers (without a permanent server " "key) also use ephemeral DH keys." msgstr "" "Lors de lâ??utilisation dâ??un algorithme de chiffrement avec authentification " "RSA, un échange de clefs éphémères DH peut survenir. Les algorithmes avec " "clefs DSA utilisent toujours des clefs éphémères DH. Dans ces cas, les " "données de session sont négociées en utilisant une clef éphémère/temporaire " "DH et la clef fournie et authentifiée par la chaîne de certificats est " "utilisée uniquement pour la signature. Les algorithmes anonymes (sans " "serveur permanent de clefs) utilisent aussi les clefs éphémères DH." #. type: textblock #: C/ssl/SSL_CTX_set_tmp_dh_callback.pod:43 msgid "" "Using ephemeral DH key exchange yields forward secrecy, as the connection " "can only be decrypted, when the DH key is known. By generating a temporary " "DH key inside the server application that is lost when the application is " "left, it becomes impossible for an attacker to decrypt past sessions, even " "if he gets hold of the normal (certified) key, as this key was only used for " "signing." msgstr "" "Lâ??usage de clef éphémère DH rend la confidentialité persistante, car la " "connexion ne peut être déchiffrée que lorsque la clef DH est connue. En " "créant une clef DH éphémère uniquement pendant la durée de la mise en Å?uvre " "du serveur, un attaquant ne peut absolument pas déchiffrer des sessions " "terminées même sâ??il se procure une clef conforme (certifiée), puisque la " "clef nâ??a été utilisée que pour la signature." #. type: textblock #: C/ssl/SSL_CTX_set_tmp_dh_callback.pod:50 msgid "" "In order to perform a DH key exchange the server must use a DH group (DH " "parameters) and generate a DH key. The server will always generate a new DH " "key during the negotiation if either the DH parameters are supplied via " "callback or the SSL_OP_SINGLE_DH_USE option of SSL_CTX_set_options(3) is set " "(or both). It will immediately create a DH key if DH parameters are " "supplied via SSL_CTX_set_tmp_dh() and SSL_OP_SINGLE_DH_USE is not set. In " "this case, it may happen that a key is generated on initialization without " "later being needed, while on the other hand the computer time during the " "negotiation is being saved." msgstr "" "Pour réaliser lâ??échange de clefs DH, le serveur doit utiliser un ensemble DH " "(paramètres DH) et créer une clef DH. Durant la négociation, le serveur " "générera toujours une nouvelle clef DH si les paramètres DH sont fournis à " "lâ??aide du rappel ou si lâ??option B<SSL_OP_SINGLE_DH_USE> de " "B<SSL_CTX_set_options>(3) est définie (ou les deux). Le serveur créera " "immédiatement une clef DH si les paramètres DH sont fournis à lâ??aide de " "B<SSL_CTX_set_tmp_dh>() et que B<SSL_OP_SINGLE_DH_USE> nâ??est pas définie. " "Dans ce cas, une clef peut être créée lors dâ??une initialisation et nâ??être " "jamais nécessaire, quoique dâ??un autre coté, le temps de calcul pendant la " "négociation est économisé." #. type: textblock #: C/ssl/SSL_CTX_set_tmp_dh_callback.pod:62 #, fuzzy #| msgid "" #| "If \"strong\" primes were used to generate the DH parameters, it is not " #| "strictly necessary to generate a new key for each handshake but it does " #| "improve forward secrecy. If it is not assured, that \"strong\" primes " #| "were used (see especially the section about DSA parameters below), " #| "SSL_OP_SINGLE_DH_USE must be used in order to prevent small subgroup " #| "attacks. Always using SSL_OP_SINGLE_DH_USE has an impact on the computer " #| "time needed during negotiation, but it is not very large, so application " #| "authors/users should consider to always enable this option." msgid "" "If \"strong\" primes were used to generate the DH parameters, it is not " "strictly necessary to generate a new key for each handshake but it does " "improve forward secrecy. If it is not assured that \"strong\" primes were " "used, SSL_OP_SINGLE_DH_USE must be used in order to prevent small subgroup " "attacks. Always using SSL_OP_SINGLE_DH_USE has an impact on the computer " "time needed during negotiation, but it is not very large, so application " "authors/users should consider always enabling this option. The option is " "required to implement perfect forward secrecy (PFS)." msgstr "" "Si des nombres premiers « forts » sont utilisés pour générer les paramètres " "DH, créer une nouvelle clef nâ??est pas strictement nécessaire à chaque " "initialisation de connexion mais cela améliore la confidentialité " "persistante. Si lâ??utilisation de nombres premiers « forts » nâ??est pas sûre, " "(consultez particulièrement la section ci-dessous à propos des paramètres " "DSA), B<SSL_OP_SINGLE_DH_USE> doit être utilisée pour empêcher les attaques " "par sous-groupes. Lâ??utilisation de B<SSL_OP_SINGLE_DH_USE> a toujours des " "incidences sur le temps de calcul nécessaire à la négociation, mais ce nâ??est " "pas très important et les créateurs ou utilisateurs devraient toujours " "activer cette option." #. type: textblock #: C/ssl/SSL_CTX_set_tmp_dh_callback.pod:71 #, fuzzy #| msgid "" #| "As generating DH parameters is extremely time consuming, an application " #| "should not generate the parameters on the fly but supply the parameters. " #| "DH parameters can be reused, as the actual key is newly generated during " #| "the negotiation. The risk in reusing DH parameters is that an attacker " #| "may specialize on a very often used DH group. Applications should " #| "therefore generate their own DH parameters during the installation " #| "process using the openssl L<dhparam(1)|dhparam(1)> application. In order " #| "to reduce the computer time needed for this generation, it is possible to " #| "use DSA parameters instead (see L<dhparam(1)|dhparam(1)>), but in this " #| "case SSL_OP_SINGLE_DH_USE is mandatory." msgid "" "As generating DH parameters is extremely time consuming, an application " "should not generate the parameters on the fly but supply the parameters. DH " "parameters can be reused, as the actual key is newly generated during the " "negotiation. The risk in reusing DH parameters is that an attacker may " "specialize on a very often used DH group. Applications should therefore " "generate their own DH parameters during the installation process using the " "openssl L<dhparam(1)|dhparam(1)> application. This application guarantees " "that \"strong\" primes are used." msgstr "" "Comme le temps pour générer les paramètres DH est extrêmement long, les " "applications ne devraient pas les créer à la volée mais les fournir. Ces " "paramètres DH peuvent être réutilisés puisque la clef effective est " "fraichement créée durant la négociation. Le risque de la réutilisation est " "quâ??un attaquant pourrait se focaliser sur un groupe DH très souvent utilisé. " "Les applications devraient donc créer leurs propres paramètres DH durant le " "processus dâ??installation en utilisant la fonction dâ??OpenSSL L<B<dhparam>(1)|" "dhparam(1)>. Dans le but de réduire le temps de calcul nécessaire, les " "paramètres DSA peuvent être utilisés à la place (consultez L<B<dhparam>(1)|" "dhparam(1)>), mais dans ce cas B<SSL_OP_SINGLE_DH_USE> est obligatoire." #. type: textblock #: C/ssl/SSL_CTX_set_tmp_dh_callback.pod:80 #, fuzzy #| msgid "" #| "Application authors may compile in DH parameters. Files dh512.pem, dh1024." #| "pem, dh2048.pem, and dh4096.pem in the 'apps' directory of current " #| "version of the OpenSSL distribution contain the 'SKIP' DH parameters, " #| "which use safe primes and were generated verifiably pseudo-randomly. " #| "These files can be converted into C code using the B<-C> option of the " #| "L<dhparam(1)|dhparam(1)> application. Authors may also generate their " #| "own set of parameters using L<dhparam(1)|dhparam(1)>, but a user may not " #| "be sure how the parameters were generated. The generation of DH " #| "parameters during installation is therefore recommended." msgid "" "Files dh2048.pem, and dh4096.pem in the 'apps' directory of the current " "version of the OpenSSL distribution contain the 'SKIP' DH parameters, which " "use safe primes and were generated verifiably pseudo-randomly. These files " "can be converted into C code using the B<-C> option of the L<dhparam(1)|" "dhparam(1)> application. Generation of custom DH parameters during " "installation should still be preferred to stop an attacker from specializing " "on a commonly used group. Files dh1024.pem and dh512.pem contain old " "parameters that must not be used by applications." msgstr "" "Les créateurs dâ??application peuvent compiler avec les paramètres DH. Les " "fichiers I<dh512.pem>, I<dh1024.pem>, I<dh2048.pem>, et I<dh4096.pem> dans " "le répertoire « apps » de lâ??actuelle distribution dâ??OpenSSL contenant le " "paramètre DH « SKIP », celui-ci utilisant des nombres premiers sûrs et, " "dâ??une manière vérifiable, générés de manière pseudo-aléatoire. Ces fichiers " "peuvent être convertis en code C avec lâ??option B<-C> de la fonction " "L<B<dhparam>(1)|dhparam(1)>. Les créateurs peuvent aussi générer leur propre " "jeu de paramètres en utilisant L<B<dhparam>(1)|dhparam(1)>, mais un " "utilisateur ne sera jamais certain de la manière dont ces paramètres ont été " "créés. La création des paramètres DH lors de lâ??installation est donc " "recommandée." #. type: textblock #: C/ssl/SSL_CTX_set_tmp_dh_callback.pod:90 #, fuzzy #| msgid "" #| "An application may either directly specify the DH parameters or can " #| "supply the DH parameters via a callback function. The callback approach " #| "has the advantage, that the callback may supply DH parameters for " #| "different key lengths." msgid "" "An application may either directly specify the DH parameters or can supply " "the DH parameters via a callback function." msgstr "" "Une application peut soit indiquer les paramètres DH, soit les fournir avec " "une fonction de rappel. La méthode avec rappel a lâ??avantage que le rappel " "peut fournir ces paramètres pour différentes longueurs de clef." #. type: textblock #: C/ssl/SSL_CTX_set_tmp_dh_callback.pod:93 msgid "" "Previous versions of the callback used B<is_export> and B<keylength> " "parameters to control parameter generation for export and non-export cipher " "suites. Modern servers that do not support export ciphersuites are advised " "to either use SSL_CTX_set_tmp_dh() in combination with SSL_OP_SINGLE_DH_USE, " "or alternatively, use the callback but ignore B<keylength> and B<is_export> " "and simply supply at least 2048-bit parameters in the callback." msgstr "" #. type: textblock #: C/ssl/SSL_CTX_set_tmp_dh_callback.pod:103 #, fuzzy #| msgid "" #| "Handle DH parameters for key lengths of 512 and 1024 bits. (Error " #| "handling partly left out.)" msgid "" "Setup DH parameters with a key length of 2048 bits. (Error handling partly " "left out.)" msgstr "" "Prise en charge des paramètres DH pour des longueurs de clef de 512 et " "1024 bits. (la gestion des erreurs est délaissée)." #. type: verbatim #: C/ssl/SSL_CTX_set_tmp_dh_callback.pod:106 #, no-wrap msgid "" " Command-line parameter generation:\n" " $ openssl dhparam -out dh_param_2048.pem 2048\n" "\n" msgstr "" #. type: verbatim #: C/ssl/SSL_CTX_set_tmp_dh_callback.pod:109 #, no-wrap msgid "" " Code for setting up parameters during server initialization:\n" "\n" msgstr "" #. type: verbatim #: C/ssl/SSL_CTX_set_tmp_dh_callback.pod:111 #, no-wrap msgid "" " ...\n" " SSL_CTX ctx = SSL_CTX_new();\n" " ...\n" "\n" msgstr "" #. type: verbatim #: C/ssl/SSL_CTX_set_tmp_dh_callback.pod:115 #, no-wrap msgid "" " /* Set up ephemeral DH parameters. */\n" " DH *dh_2048 = NULL;\n" " FILE *paramfile;\n" " paramfile = fopen(\"dh_param_2048.pem\", \"r\");\n" " if (paramfile) {\n" " dh_2048 = PEM_read_DHparams(paramfile, NULL, NULL, NULL);\n" " fclose(paramfile);\n" " } else {\n" " /* Error. */\n" " }\n" " if (dh_2048 == NULL) {\n" " /* Error. */\n" " }\n" " if (SSL_CTX_set_tmp_dh(ctx, dh_2048) != 1) {\n" " /* Error. */\n" " }\n" " SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE);\n" " ...\n" "\n" msgstr "" #. type: textblock #: C/ssl/SSL_CTX_set_tmp_dh_callback.pod:136 msgid "" "SSL_CTX_set_tmp_dh_callback() and SSL_set_tmp_dh_callback() do not return " "diagnostic output." msgstr "" "B<SSL_CTX_set_tmp_dh_callback>() et B<SSL_set_tmp_dh_callback>() ne " "renvoient pas dâ??information de diagnostic." #. type: textblock #: C/ssl/SSL_CTX_set_tmp_dh_callback.pod:139 msgid "" "SSL_CTX_set_tmp_dh() and SSL_set_tmp_dh() do return 1 on success and 0 on " "failure. Check the error queue to find out the reason of failure." msgstr "" "B<SSL_CTX_set_tmp_dh>() et B<SSL_set_tmp_dh>() renvoient B<1> en cas de " "réussite et B<0> en cas dâ??échec." #. type: textblock #: C/ssl/SSL_CTX_set_tmp_dh_callback.pod:144 msgid "" "L<ssl(3)|ssl(3)>, L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>, " "L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>, " "L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>, L<ciphers(1)|ciphers(1)>, " "L<dhparam(1)|dhparam(1)>" msgstr "" "L<B<ssl>(3)|ssl(3)>, L<B<SSL_CTX_set_cipher_list>(3)|" "SSL_CTX_set_cipher_list(3)>, L<B<SSL_CTX_set_tmp_rsa_callback>(3)|" "SSL_CTX_set_tmp_rsa_callback(3)>, L<B<SSL_CTX_set_options>(3)|" "SSL_CTX_set_options(3)>, L<B<ciphers>(1)|ciphers(1)>, L<B<dhparam>(1)|" "dhparam(1)>" #. type: textblock #: C/ssl/SSL_CTX_set_tmp_rsa_callback.pod:5 msgid "" "SSL_CTX_set_tmp_rsa_callback, SSL_CTX_set_tmp_rsa, SSL_CTX_need_tmp_rsa, " "SSL_set_tmp_rsa_callback, SSL_set_tmp_rsa, SSL_need_tmp_rsa - handle RSA " "keys for ephemeral key exchange" msgstr "" "SSL_CTX_set_tmp_rsa_callback, SSL_CTX_set_tmp_rsa, SSL_CTX_need_tmp_rsa, " "SSL_set_tmp_rsa_callback, SSL_set_tmp_rsa, SSL_need_tmp_rsa - Gérer les " "clefs RSA pour lâ??échange de clefs éphémères" #. type: verbatim #: C/ssl/SSL_CTX_set_tmp_rsa_callback.pod:11 #, no-wrap msgid "" " void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,\n" " RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength));\n" " long SSL_CTX_set_tmp_rsa(SSL_CTX *ctx, RSA *rsa);\n" " long SSL_CTX_need_tmp_rsa(SSL_CTX *ctx);\n" "\n" msgstr "" "B< void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *>I<ctx>B<,>\n" " B<RSA *(*>I<tmp_rsa_callback>B<)(SSL *>I<ssl>B<, int> I<is_export>B<,>\n" " B<int> I<taille_clef>B<));>\n" " B<long SSL_CTX_set_tmp_rsa(SSL_CTX *>I<ctx>B<, RSA *>I<rsa>B<);>\n" " B<long SSL_CTX_need_tmp_rsa(SSL_CTX *>I<ctx>B<);>\n" "\n" #. type: verbatim #: C/ssl/SSL_CTX_set_tmp_rsa_callback.pod:16 #, no-wrap msgid "" " void SSL_set_tmp_rsa_callback(SSL_CTX *ctx,\n" " RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength));\n" " long SSL_set_tmp_rsa(SSL *ssl, RSA *rsa)\n" " long SSL_need_tmp_rsa(SSL *ssl)\n" "\n" msgstr "" "B< void SSL_set_tmp_rsa_callback(SSL_CTX *>I<ctx>B<,>\n" " B<RSA *(*>I<tmp_rsa_callback>B<)(SSL *>I<ssl>B<, int> I<is_export>B<,>\n" " B<int> I<taille_clef>B<));>\n" " B<long SSL_set_tmp_rsa(SSL *>I<ssl>B<, RSA *>I<rsa>B<)>\n" " B<long SSL_need_tmp_rsa(SSL *>I<ssl>B<)>\n" "\n" #. type: verbatim #: C/ssl/SSL_CTX_set_tmp_rsa_callback.pod:21 #, no-wrap msgid "" " RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength);\n" "\n" msgstr "" "B< RSA *(*>I<tmp_rsa_callback>B<)(SSL *>I<ssl>B<, int> I<is_export>B<,>\n" " B<int> I<taille_clef>B<);>\n" "\n" #. type: textblock #: C/ssl/SSL_CTX_set_tmp_rsa_callback.pod:25 msgid "" "SSL_CTX_set_tmp_rsa_callback() sets the callback function for B<ctx> to be " "used when a temporary/ephemeral RSA key is required to B<tmp_rsa_callback>. " "The callback is inherited by all SSL objects newly created from B<ctx> with " "<SSL_new(3)|SSL_new(3)>. Already created SSL objects are not affected." msgstr "" "B<SSL_CTX_set_tmp_rsa_callback>() définit la fonction de rappel pour I<ctx> " "à utiliser quand une clef RSA temporaire ou éphémère est nécessaire pour " "I<tmp_rsa_callback>. Tous les objets SSL nouvellement créés à partir de " "I<ctx> avec L<B<SSL_new>(3)|SSL_new(3)> héritent du rappel. Les objets SSL " "déjà créés ne sont pas affectés." #. type: textblock #: C/ssl/SSL_CTX_set_tmp_rsa_callback.pod:30 msgid "" "SSL_CTX_set_tmp_rsa() sets the temporary/ephemeral RSA key to be used to be " "B<rsa>. The key is inherited by all SSL objects newly created from B<ctx> " "with <SSL_new(3)|SSL_new(3)>. Already created SSL objects are not affected." msgstr "" "B<SSL_CTX_set_tmp_rsa>() définit une clef RSA temporaire/éphémère à utiliser " "pour I<rsa>. Tous les objets SSL nouvellement créés à partir de I<ctx> avec " "L<B<SSL_new>(3)|SSL_new(3)> héritent de la clef. Les objets SSL déjà créés " "ne sont pas affectés." #. type: textblock #: C/ssl/SSL_CTX_set_tmp_rsa_callback.pod:34 msgid "" "SSL_CTX_need_tmp_rsa() returns 1, if a temporary/ephemeral RSA key is needed " "for RSA-based strength-limited 'exportable' ciphersuites because a RSA key " "with a keysize larger than 512 bits is installed." msgstr "" "B<SSL_CTX_need_tmp_rsa>() renvoie B<1>, si une clef RSA temporaire/éphémère " "est nécessaire pour les suites de chiffrement â?? « exportables », de force " "limitée, basées sur RSA â?? parce quâ??une longueur de clef supérieure à " "512 bits est en place." #. type: textblock #: C/ssl/SSL_CTX_set_tmp_rsa_callback.pod:38 msgid "SSL_set_tmp_rsa_callback() sets the callback only for B<ssl>." msgstr "B<SSL_set_tmp_rsa_callback>() définit le rappel seulement pour I<ssl>." #. type: textblock #: C/ssl/SSL_CTX_set_tmp_rsa_callback.pod:40 msgid "SSL_set_tmp_rsa() sets the key only for B<ssl>." msgstr "B<SSL_set_tmp_rsa3>() définit la clef seulement pour I<ssl>." #. type: textblock #: C/ssl/SSL_CTX_set_tmp_rsa_callback.pod:42 msgid "" "SSL_need_tmp_rsa() returns 1, if a temporary/ephemeral RSA key is needed, " "for RSA-based strength-limited 'exportable' ciphersuites because a RSA key " "with a keysize larger than 512 bits is installed." msgstr "" "B<SSL_need_tmp_rsa>() renvoie B<1>, si une clef RSA temporaire/éphémère est " "nécessaire pour les suites de chiffrement â?? « exportables », de force " "limitée, basées sur RSA â?? parce quâ??une longueur de clef supérieure à " "512 bits est en place." #. type: textblock #: C/ssl/SSL_CTX_set_tmp_rsa_callback.pod:50 msgid "" "When using a cipher with RSA authentication, an ephemeral RSA key exchange " "can take place. In this case the session data are negotiated using the " "ephemeral/temporary RSA key and the RSA key supplied and certified by the " "certificate chain is only used for signing." msgstr "" "Lors de lâ??utilisation dâ??un algorithme de chiffrement avec authentification " "RSA, un échange de clefs éphémères DH peut survenir. Dans ce cas, les " "données de session sont négociées en utilisant une clef éphémère/temporaire " "RSA et la clef fournie et authentifiée par la chaîne de certificats est " "utilisée uniquement pour la signature." #. type: textblock #: C/ssl/SSL_CTX_set_tmp_rsa_callback.pod:55 msgid "" "Under previous export restrictions, ciphers with RSA keys shorter (512 " "bits) than the usual key length of 1024 bits were created. To use these " "ciphers with RSA keys of usual length, an ephemeral key exchange must be " "performed, as the normal (certified) key cannot be directly used." msgstr "" "Sous de précédentes restrictions dâ??export, des chiffrements avec des clefs " "plus courtes (512 octets) que la longueur habituelle de 1024 octets ont été " "créés. Pour utiliser ces chiffrements, un échange de clefs éphémères doit " "être réalisé, puisque la clef normale (authentifiée) ne peut être " "directement utilisée." #. type: textblock #: C/ssl/SSL_CTX_set_tmp_rsa_callback.pod:60 msgid "" "Using ephemeral RSA key exchange yields forward secrecy, as the connection " "can only be decrypted, when the RSA key is known. By generating a temporary " "RSA key inside the server application that is lost when the application is " "left, it becomes impossible for an attacker to decrypt past sessions, even " "if he gets hold of the normal (certified) RSA key, as this key was used for " "signing only. The downside is that creating a RSA key is computationally " "expensive." msgstr "" "Lâ??usage de clef éphémère RSA rend la confidentialité persistante, car la " "connexion ne peut être déchiffrée que lorsque la clef RSA est connue. En " "créant une clef RSA temporaire uniquement pendant la durée de la mise en " "Å?uvre du serveur, un attaquant ne peut absolument pas déchiffrer des " "sessions terminées même sâ??il se procure la clef normale (authentifiée), " "puisque la clef nâ??a été utilisée que pour la signature. Lâ??inconvénient est " "que la génération dâ??une clef RSA est coûteuse en calculs." #. type: textblock #: C/ssl/SSL_CTX_set_tmp_rsa_callback.pod:68 msgid "" "Additionally, the use of ephemeral RSA key exchange is only allowed in the " "TLS standard, when the RSA key can be used for signing only, that is for " "export ciphers. Using ephemeral RSA key exchange for other purposes violates " "the standard and can break interoperability with clients. It is therefore " "strongly recommended to not use ephemeral RSA key exchange and use DHE " "(Ephemeral Diffie-Hellman) key exchange instead in order to achieve forward " "secrecy (see L<SSL_CTX_set_tmp_dh_callback(3)|" "SSL_CTX_set_tmp_dh_callback(3)>)." msgstr "" "En outre, lâ??utilisation dâ??échange de clefs éphémères est seulement permise " "par la norme TLS, quand la clef RSA peut être utilisée seulement pour " "signer, câ??est-à -dire pour les chiffrements exportés. Lâ??utilisation de " "lâ??échange de clefs RSA éphémères pour dâ??autres buts transgresse la norme et " "peut rompre lâ??interopérabilité entre clients. Donc, il est fortement " "recommandé de ne pas utiliser lâ??échange de clefs éphémères RSA et dâ??utiliser " "DHE (Diffie-Hellman éphémère) pour permettre la confidentialité persistante " "(consultez L<B<SSL_CTX_set_tmp_dh_callback>(3)|" "SSL_CTX_set_tmp_dh_callback(3)>)." #. type: textblock #: C/ssl/SSL_CTX_set_tmp_rsa_callback.pod:77 msgid "" "An application may either directly specify the key or can supply the key via " "a callback function. The callback approach has the advantage, that the " "callback may generate the key only in case it is actually needed. As the " "generation of a RSA key is however costly, it will lead to a significant " "delay in the handshake procedure. Another advantage of the callback " "function is that it can supply keys of different size while the explicit " "setting of the key is only useful for key size of 512 bits to satisfy the " "export restricted ciphers and does give away key length if a longer key " "would be allowed." msgstr "" "Une application peut soit indiquer la clef directement ou la fournir par une " "fonction de rappel. La méthode par le rappel a lâ??avantage que le rappel peut " "générer la clef que lorsque nécessaire. Comme cette génération est coûteuse, " "la durée de procédure de connexion augmentera de manière significative. Un " "autre avantage de la fonction de rappel est quâ??elle peut fournir des clefs " "de différentes longueurs, tandis que le réglage direct de la clef est " "seulement utile pour des longueurs de clef de 512 bits pour les algorithmes " "de chiffrement limité pour lâ??export et qui ne communiquent pas la longueur " "de clef si une clef plus importante est autorisée." #. type: textblock #: C/ssl/SSL_CTX_set_tmp_rsa_callback.pod:86 msgid "" "The B<tmp_rsa_callback> is called with the B<keylength> needed and the " "B<is_export> information. The B<is_export> flag is set, when the ephemeral " "RSA key exchange is performed with an export cipher." msgstr "" "I<tmp_rsa_callback> est appelée avec la I<taille_clef> désirée et " "lâ??information I<is_export>. Lâ??attribut I<is_export> est activé lorsque " "lâ??échange de clefs éphémères RSA est réalisé avec un algorithme de " "chiffrement pour lâ??export." #. type: textblock #: C/ssl/SSL_CTX_set_tmp_rsa_callback.pod:92 msgid "" "Generate temporary RSA keys to prepare ephemeral RSA key exchange. As the " "generation of a RSA key costs a lot of computer time, they saved for later " "reuse. For demonstration purposes, two keys for 512 bits and 1024 bits " "respectively are generated." msgstr "" "Générer des clefs RSA temporaires pour préparer un échange de clefs " "éphémères. Comme cette génération coûte beaucoup de temps de calcul, elles " "sont stockées pour une utilisation ultérieure. Ã? des fins de démonstrations, " "deux clefs pour 512 bits et 1024 bits respectivement sont créées." #. type: verbatim #: C/ssl/SSL_CTX_set_tmp_rsa_callback.pod:97 #, no-wrap msgid "" " ...\n" " /* Set up ephemeral RSA stuff */\n" " RSA *rsa_512 = NULL;\n" " RSA *rsa_1024 = NULL;\n" "\n" msgstr "" " ...\n" " /* Définir ce qui concerne RSA éphémère */\n" " RSA *rsa_512 = NULL;\n" " RSA *rsa_1024 = NULL;\n" "\n" #. type: verbatim #: C/ssl/SSL_CTX_set_tmp_rsa_callback.pod:102 #, no-wrap msgid "" " rsa_512 = RSA_generate_key(512,RSA_F4,NULL,NULL);\n" " if (rsa_512 == NULL)\n" " evaluate_error_queue();\n" "\n" msgstr "" " rsa_512 = RSA_generate_key(512,RSA_F4,NULL,NULL);\n" " if (rsa_512 == NULL)\n" " evaluate_error_queue();\n" "\n" #. type: verbatim #: C/ssl/SSL_CTX_set_tmp_rsa_callback.pod:106 #, no-wrap msgid "" " rsa_1024 = RSA_generate_key(1024,RSA_F4,NULL,NULL);\n" " if (rsa_1024 == NULL)\n" " evaluate_error_queue();\n" "\n" msgstr "" " rsa_1024 = RSA_generate_key(1024,RSA_F4,NULL,NULL);\n" " if (rsa_1024 == NULL)\n" " evaluate_error_queue();\n" "\n" #. type: verbatim #: C/ssl/SSL_CTX_set_tmp_rsa_callback.pod:110 #, no-wrap msgid "" " ...\n" "\n" msgstr "" " ...\n" "\n" #. type: verbatim #: C/ssl/SSL_CTX_set_tmp_rsa_callback.pod:112 #, no-wrap msgid "" " RSA *tmp_rsa_callback(SSL *s, int is_export, int keylength)\n" " {\n" " RSA *rsa_tmp=NULL;\n" "\n" msgstr "" " RSA *tmp_rsa_callback(SSL *s, int is_export, int taille_clef)\n" " {\n" " RSA *rsa_tmp=NULL;\n" "\n" #. type: verbatim #: C/ssl/SSL_CTX_set_tmp_rsa_callback.pod:116 #, no-wrap msgid "" " switch (keylength) {\n" " case 512:\n" " if (rsa_512)\n" " rsa_tmp = rsa_512;\n" " else { /* generate on the fly, should not happen in this example */\n" " rsa_tmp = RSA_generate_key(keylength,RSA_F4,NULL,NULL);\n" " rsa_512 = rsa_tmp; /* Remember for later reuse */\n" " }\n" " break;\n" " case 1024:\n" " if (rsa_1024)\n" " rsa_tmp=rsa_1024;\n" " else\n" " should_not_happen_in_this_example();\n" " break;\n" " default:\n" " /* Generating a key on the fly is very costly, so use what is there */\n" " if (rsa_1024)\n" " rsa_tmp=rsa_1024;\n" " else\n" " rsa_tmp=rsa_512; /* Use at least a shorter key */\n" " }\n" " return(rsa_tmp);\n" " }\n" "\n" msgstr "" " switch (taille_clef) {\n" " case 512:\n" " if (rsa_512)\n" " rsa_tmp = rsa_512;\n" " else { /* générer à la volée, ce qui nâ??est\n" " pas le cas dans cet exemple */\n" " rsa_tmp = RSA_generate_key(taille_clef,RSA_F4,NULL,NULL);\n" " rsa_512 = rsa_tmp; /* mémorisation pour un usage ultérieur */\n" " }\n" " break;\n" " case 1024:\n" " if (rsa_1024)\n" " rsa_tmp=rsa_1024;\n" " else\n" " should_not_happen_in_this_example();\n" " break;\n" " default:\n" " /* générer une clef à la volée est très coûteux,\n" " aussi utilisez ceci */\n" " if (rsa_1024)\n" " rsa_tmp=rsa_1024;\n" " else\n" " rsa_tmp=rsa_512; /* utiliser au moins une clef plus courte */\n" " }\n" " return(rsa_tmp);\n" " }\n" "\n" #. type: textblock #: C/ssl/SSL_CTX_set_tmp_rsa_callback.pod:143 msgid "" "SSL_CTX_set_tmp_rsa_callback() and SSL_set_tmp_rsa_callback() do not return " "diagnostic output." msgstr "" "B<SSL_CTX_set_tmp_rsa_callback>() et B<SSL_set_tmp_rsa_callback>() ne " "renvoient pas de sortie de diagnostic." #. type: textblock #: C/ssl/SSL_CTX_set_tmp_rsa_callback.pod:146 msgid "" "SSL_CTX_set_tmp_rsa() and SSL_set_tmp_rsa() do return 1 on success and 0 on " "failure. Check the error queue to find out the reason of failure." msgstr "" "B<SSL_CTX_set_tmp_rsa>() et B<SSL_set_tmp_rsa>() doivent renvoyer B<1> lors " "dâ??une réussite et B<0> pour un échec. Consultez la file dâ??erreurs pour " "trouver la raison de lâ??échec." #. type: textblock #: C/ssl/SSL_CTX_set_tmp_rsa_callback.pod:149 msgid "" "SSL_CTX_need_tmp_rsa() and SSL_need_tmp_rsa() return 1 if a temporary RSA " "key is needed and 0 otherwise." msgstr "" "B<SSL_CTX_need_tmp_rsa>() et B<SSL_need_tmp_rsa>() renvoient B<1> si une " "clef est nécessaire et B<0> autrement." #. type: textblock #: C/ssl/SSL_CTX_set_tmp_rsa_callback.pod:154 msgid "" "L<ssl(3)|ssl(3)>, L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>, " "L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>, " "L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>, " "L<SSL_new(3)|SSL_new(3)>, L<ciphers(1)|ciphers(1)>" msgstr "" "L<B<ssl>(3)|ssl(3)>, L<B<SSL_CTX_set_cipher_list>(3)|" "SSL_CTX_set_cipher_list(3)>, L<B<SSL_CTX_set_options>(3)|" "SSL_CTX_set_options(3)>, L<B<SSL_CTX_set_tmp_dh_callback>(3)|" "SSL_CTX_set_tmp_dh_callback(3)>, L<B<SSL_new>(3)|SSL_new(3)>, " "L<B<ciphers>(1)|ciphers(1)>" #. type: textblock #: C/ssl/SSL_CTX_set_verify.pod:5 msgid "" "SSL_CTX_set_verify, SSL_set_verify, SSL_CTX_set_verify_depth, " "SSL_set_verify_depth - set peer certificate verification parameters" msgstr "" "SSL_CTX_set_verify, SSL_set_verify, SSL_CTX_set_verify_depth, " "SSL_set_verify_depth - Définir les paramètres de vérification du certificat " "du pair" #. type: verbatim #: C/ssl/SSL_CTX_set_verify.pod:11 #, no-wrap msgid "" " void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,\n" " int (*verify_callback)(int, X509_STORE_CTX *));\n" " void SSL_set_verify(SSL *s, int mode,\n" " int (*verify_callback)(int, X509_STORE_CTX *));\n" " void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth);\n" " void SSL_set_verify_depth(SSL *s, int depth);\n" "\n" msgstr "" "B< void SSL_CTX_set_verify(SSL_CTX *>I<ctx>B<, int> I<mode>B<,>\n" " B<int (*>I<verify_callback>B<)(int, X509_STORE_CTX *));>\n" " B<void SSL_set_verify(SSL *s, int> I<mode>B<,>\n" " B<int (*>I<verify_callback>B<)(int, X509_STORE_CTX *));>\n" " B<void SSL_CTX_set_verify_depth(SSL_CTX *>I<ctx>B<,int> I<profondeur>B<);>\n" " B<void SSL_set_verify_depth(SSL *>I<s>B<, int> I<profondeur>B<);>\n" "\n" #. type: verbatim #: C/ssl/SSL_CTX_set_verify.pod:18 #, no-wrap msgid "" " int verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx);\n" "\n" msgstr "" "B< int verify_callback(int preverify_ok, X509_STORE_CTX *>I<x509_ctx>B<);>\n" "\n" #. type: textblock #: C/ssl/SSL_CTX_set_verify.pod:22 msgid "" "SSL_CTX_set_verify() sets the verification flags for B<ctx> to be B<mode> " "and specifies the B<verify_callback> function to be used. If no callback " "function shall be specified, the NULL pointer can be used for " "B<verify_callback>." msgstr "" "B<SSL_CTX_set_verify>() définit les attributs de vérification pour I<ctx> à " "I<mode> et précise la fonction I<verify_callback> à utiliser. Si aucune " "fonction de rappel nâ??est précisée, le pointeur NULL peut être utilisé pour " "I<verify_callback>." #. type: textblock #: C/ssl/SSL_CTX_set_verify.pod:26 msgid "" "SSL_set_verify() sets the verification flags for B<ssl> to be B<mode> and " "specifies the B<verify_callback> function to be used. If no callback " "function shall be specified, the NULL pointer can be used for " "B<verify_callback>. In this case last B<verify_callback> set specifically " "for this B<ssl> remains. If no special B<callback> was set before, the " "default callback for the underlying B<ctx> is used, that was valid at the " "time B<ssl> was created with L<SSL_new(3)|SSL_new(3)>." msgstr "" "B<SSL_CTX_set_verify>() définit les attributs de vérification pour I<ssl> à " "I<mode> et précise la fonction I<verify_callback> à utiliser. Si aucune " "fonction de rappel nâ??est précisée, le pointeur NULL peut être utilisé pour " "I<verify_callback>. Dans ce cas le dernier I<verify_callback> défini " "précisément pour ce I<ssl> est conservé. Si aucun I<rappel> nâ??était défini " "auparavant, le rappel par défaut pour le I<ctx> sous-jacent, et qui était " "valable au moment où I<ssl> a été créé avec L<B<SSL_new>(3)|SSL_new(3)>, est " "utilisé." #. type: textblock #: C/ssl/SSL_CTX_set_verify.pod:34 msgid "" "SSL_CTX_set_verify_depth() sets the maximum B<depth> for the certificate " "chain verification that shall be allowed for B<ctx>. (See the BUGS section.)" msgstr "" "B<SSL_CTX_set_verify_depth>() définit la I<profondeur> maximale pour la " "vérification de chaîne de certificats qui sera autorisée pour I<ctx> " "(consultez la section BOGUES)." #. type: textblock #: C/ssl/SSL_CTX_set_verify.pod:37 msgid "" "SSL_set_verify_depth() sets the maximum B<depth> for the certificate chain " "verification that shall be allowed for B<ssl>. (See the BUGS section.)" msgstr "" "B<SSL_CTX_set_verify_depth>() définit la I<profondeur> maximale pour la " "vérification de chaîne de certificats qui sera autorisée pour I<ssl> " "(consultez la section BOGUES)." #. type: textblock #: C/ssl/SSL_CTX_set_verify.pod:42 msgid "" "The verification of certificates can be controlled by a set of logically " "or'ed B<mode> flags:" msgstr "" "La vérification des certificats peut être contrôlée par une suite " "dâ??opérations « ou » logiques dâ??attributs I<mode>." #. type: =item #: C/ssl/SSL_CTX_set_verify.pod:47 msgid "SSL_VERIFY_NONE" msgstr "SSL_VERIFY_NONE" #. type: textblock #: C/ssl/SSL_CTX_set_verify.pod:49 msgid "" "B<Server mode:> the server will not send a client certificate request to the " "client, so the client will not send a certificate." msgstr "" "B<Mode serveur> : le serveur nâ??enverra pas de demande de certificat client " "au client, aussi le client nâ??enverra pas de certificat." #. type: textblock #: C/ssl/SSL_CTX_set_verify.pod:52 msgid "" "B<Client mode:> if not using an anonymous cipher (by default disabled), the " "server will send a certificate which will be checked. The result of the " "certificate verification process can be checked after the TLS/SSL handshake " "using the L<SSL_get_verify_result(3)|SSL_get_verify_result(3)> function. " "The handshake will be continued regardless of the verification result." msgstr "" "B<Mode client> : sâ??il nâ??utilise pas un algorithme de chiffrement anonyme " "(fonctionnement par défaut), le serveur enverra un certificat qui sera " "contrôlé. Le résultat du processus de vérification de certificat peut être " "contrôlé après lâ??initiation de connexion TLS/SSL en utilisant la fonction " "L<B<SSL_get_verify_result>(3)|SSL_get_verify_result(3)>. Lâ??initiation de " "connexion peut continuer indépendamment de la vérification du résultat." #. type: =item #: C/ssl/SSL_CTX_set_verify.pod:58 msgid "SSL_VERIFY_PEER" msgstr "SSL_VERIFY_PEER" #. type: textblock #: C/ssl/SSL_CTX_set_verify.pod:60 msgid "" "B<Server mode:> the server sends a client certificate request to the " "client. The certificate returned (if any) is checked. If the verification " "process fails, the TLS/SSL handshake is immediately terminated with an alert " "message containing the reason for the verification failure. The behaviour " "can be controlled by the additional SSL_VERIFY_FAIL_IF_NO_PEER_CERT and " "SSL_VERIFY_CLIENT_ONCE flags." msgstr "" "B<Mode serveur> : le serveur demande un certificat au client. Le certificat " "renvoyé (le cas échéant) est vérifié. Si la vérification échoue, " "lâ??initiation de connexion TLS/SSl se termine immédiatement avec un message " "dâ??alerte contenant le pourquoi de lâ??échec de vérification. Le comportement " "peut être contrôlé par les attributs additionnels " "B<SSL_VERIFY_FAIL_IF_NO_PEER_CERT> et B<SSL_VERIFY_CLIENT_ONCE>." #. type: textblock #: C/ssl/SSL_CTX_set_verify.pod:68 msgid "" "B<Client mode:> the server certificate is verified. If the verification " "process fails, the TLS/SSL handshake is immediately terminated with an alert " "message containing the reason for the verification failure. If no server " "certificate is sent, because an anonymous cipher is used, SSL_VERIFY_PEER is " "ignored." msgstr "" "B<Mode client> : le certificat du serveur est vérifié. Si la vérification " "échoue, lâ??initiation de connexion TLS/SSL se termine immédiatement avec un " "message dâ??alerte contenant le pourquoi de lâ??échec de vérification. Si aucun " "certificat de serveur est envoyé, à cause de lâ??utilisation dâ??un algorithme " "de chiffrement anonyme, B<SSL_VERIFY_PEER> est ignoré." #. type: =item #: C/ssl/SSL_CTX_set_verify.pod:74 msgid "SSL_VERIFY_FAIL_IF_NO_PEER_CERT" msgstr "SSL_VERIFY_FAIL_IF_NO_PEER_CERT" #. type: textblock #: C/ssl/SSL_CTX_set_verify.pod:76 msgid "" "B<Server mode:> if the client did not return a certificate, the TLS/SSL " "handshake is immediately terminated with a \"handshake failure\" alert. " "This flag must be used together with SSL_VERIFY_PEER." msgstr "" "B<Mode serveur> : si le client ne renvoie pas de certificat, " "lâ??initialisation de connexion TSL/SSL se termine immédiatement avec un " "message « handshake failure » (échec dâ??initialisation). Cet attribut doit " "être utilisé de concert avec SSL_VERIFY_PEER." #. type: textblock #: C/ssl/SSL_CTX_set_verify.pod:80 C/ssl/SSL_CTX_set_verify.pod:88 msgid "B<Client mode:> ignored" msgstr "B<Mode client> : mode ignoré." #. type: =item #: C/ssl/SSL_CTX_set_verify.pod:82 msgid "SSL_VERIFY_CLIENT_ONCE" msgstr "SSL_VERIFY_CLIENT_ONCE" #. type: textblock #: C/ssl/SSL_CTX_set_verify.pod:84 msgid "" "B<Server mode:> only request a client certificate on the initial TLS/SSL " "handshake. Do not ask for a client certificate again in case of a " "renegotiation. This flag must be used together with SSL_VERIFY_PEER." msgstr "" "B<Mode serveur> : requête uniquement dâ??un certificat de client lors de la " "première initiation de connexion TLS/SSL. Une nouvelle demande ne doit pas " "être faite dans le cas dâ??une renégociation. Cet attribut doit être utilisé " "de concert avec SSL_VERIFY_PEER." #. type: textblock #: C/ssl/SSL_CTX_set_verify.pod:92 msgid "" "Exactly one of the B<mode> flags SSL_VERIFY_NONE and SSL_VERIFY_PEER must be " "set at any time." msgstr "" "Un seul des attributs I<mode> B<SSL_VERIFY_NONE> et B<SSL_VERIFY_PEER> doit " "être activé à tout moment." #. type: textblock #: C/ssl/SSL_CTX_set_verify.pod:95 msgid "" "The actual verification procedure is performed either using the built-in " "verification procedure or using another application provided verification " "function set with L<SSL_CTX_set_cert_verify_callback(3)|" "SSL_CTX_set_cert_verify_callback(3)>. The following descriptions apply in " "the case of the built-in procedure. An application provided procedure also " "has access to the verify depth information and the verify_callback() " "function, but the way this information is used may be different." msgstr "" "La véritable procédure de vérification est réalisée en utilisant la " "procédure de vérification interne ou une autre application fournissant une " "fonction de vérification définie avec " "L<B<SSL_CTX_set_cert_verify_callback>(3)|" "SSL_CTX_set_cert_verify_callback(3)>. Les descriptions suivantes " "sâ??appliquent dans le cas dâ??une procédure interne. Une procédure fournie par " "une application a aussi accès à lâ??information de profondeur de vérification " "et à la fonction I<verify_callback>(), mais la façon dont lâ??information est " "utilisée peut être différente." #. type: textblock #: C/ssl/SSL_CTX_set_verify.pod:104 msgid "" "SSL_CTX_set_verify_depth() and SSL_set_verify_depth() set the limit up to " "which depth certificates in a chain are used during the verification " "procedure. If the certificate chain is longer than allowed, the certificates " "above the limit are ignored. Error messages are generated as if these " "certificates would not be present, most likely a " "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY will be issued. The depth " "count is \"level 0:peer certificate\", \"level 1: CA certificate\", \"level " "2: higher level CA certificate\", and so on. Setting the maximum depth to 2 " "allows the levels 0, 1, and 2. The default depth limit is 100, allowing for " "the peer certificate and additional 100 CA certificates." msgstr "" "B<SSL_CTX_set_verify_depth>() et B<SSL_set_verify_depth>() définissent la " "limite supérieure de profondeur jusquâ??à laquelle les certificats dans une " "chaîne sont utilisés pendant la procédure de vérification. Si la chaîne de " "certificats est plus grande que celle autorisée, les certificats après la " "limite sont ignorés. Les messages dâ??erreur ne tiennent pas compte des " "certificats au-dessus la limite, plus vraisemblablement un " "B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY> sera émis. Le compte " "dâ??erreurs est « level 0:peer certificate », « level 1: CA certificate >, " "« level 2: higher level CA certificate », etc. Définir la profondeur " "maximale à  B<2> autorise les niveaux B<0>, B<1> et B<2>. La limite de " "profondeur par défaut est B<100>, permettant le certificat du pair plus " "100 certificats de CA." #. type: textblock #: C/ssl/SSL_CTX_set_verify.pod:115 msgid "" "The B<verify_callback> function is used to control the behaviour when the " "SSL_VERIFY_PEER flag is set. It must be supplied by the application and " "receives two arguments: B<preverify_ok> indicates, whether the verification " "of the certificate in question was passed (preverify_ok=1) or not " "(preverify_ok=0). B<x509_ctx> is a pointer to the complete context used for " "the certificate chain verification." msgstr "" "La fonction I<verify_callback> est utilisée pour contrôler le fonctionnement " "lorsque lâ??attribut SSL_VERIFY_PEER flag est activé. Il doit être fourni par " "lâ??application et reçoit deux arguments : B<preverify_ok> indique si la " "vérification du certificat est demandée (B<preverify_ok>=B<1>) ou non " "(B<preverify_ok>=B<0>). B<x509_ctx> est un pointeur vers le contexte complet " "utilisé par la vérification de la chaîne de certificats." #. type: textblock #: C/ssl/SSL_CTX_set_verify.pod:122 msgid "" "The certificate chain is checked starting with the deepest nesting level " "(the root CA certificate) and worked upward to the peer's certificate. At " "each level signatures and issuer attributes are checked. Whenever a " "verification error is found, the error number is stored in B<x509_ctx> and " "B<verify_callback> is called with B<preverify_ok>=0. By applying " "X509_CTX_store_* functions B<verify_callback> can locate the certificate in " "question and perform additional steps (see EXAMPLES). If no error is found " "for a certificate, B<verify_callback> is called with B<preverify_ok>=1 " "before advancing to the next level." msgstr "" "La chaîne de certificats est vérifiée en commençant par le niveau " "dâ??emboitement le plus profond (le certificat de CA racine) et progresse " "jusquâ??au certificat de pair. Ã? chaque niveau, les signatures et les " "certificats dâ??émetteur sont contrôlées. Ã? chaque fois quâ??une erreur de " "vérification est trouvée, le numéro dâ??erreur est stocké dans B<x509_ctx> et " "I<verify_callback> est appelé avec B<preverify_ok>=B<0>. En utilisant les " "fonctions B<X509_CTX_store_*>, I<verify_callback> peut trouver le certificat " "en question et réaliser les étapes additionnelles (consultez EXEMPLES). Si " "aucune erreur nâ??est trouvée pour un certificat, I<verify_callback> est " "appelé avec B<preverify_ok>=B<1> avant accéder au prochain niveau." #. type: textblock #: C/ssl/SSL_CTX_set_verify.pod:132 msgid "" "The return value of B<verify_callback> controls the strategy of the further " "verification process. If B<verify_callback> returns 0, the verification " "process is immediately stopped with \"verification failed\" state. If " "SSL_VERIFY_PEER is set, a verification failure alert is sent to the peer and " "the TLS/SSL handshake is terminated. If B<verify_callback> returns 1, the " "verification process is continued. If B<verify_callback> always returns 1, " "the TLS/SSL handshake will not be terminated with respect to verification " "failures and the connection will be established. The calling process can " "however retrieve the error code of the last verification error using " "L<SSL_get_verify_result(3)|SSL_get_verify_result(3)> or by maintaining its " "own error storage managed by B<verify_callback>." msgstr "" "La valeur de retour de I<verify_callback> détermine la stratégie de la " "procédure de vérification suivante. Si I<verify_callback> renvoie B<0>, la " "procédure de vérification sâ??arrête avec un état « échec de vérification ». " "Si B<SSL_VERIFY_PEER> est activé, un message dâ??échec de vérification est " "envoyé au pair et la connexion TLS/SSL sâ??arrête. Si I<verify_callback> " "renvoie B<1>, la procédure continue. Si I<verify_callback> renvoie toujours " "B<1>, lâ??initialisation de connexion TLS/SSL ne sera pas achevée en ce qui " "concerne les erreurs de connexion et la connexion sera établie. Le processus " "demandeur peut cependant retrouver le code dâ??erreur de la dernière " "vérification en utilisant L<B<SSL_get_verify_result>(3)|" "SSL_get_verify_result(3)> ou en entretenant son propre stockage dâ??erreurs " "géré par I<verify_callback>." #. type: textblock #: C/ssl/SSL_CTX_set_verify.pod:144 msgid "" "If no B<verify_callback> is specified, the default callback will be used. " "Its return value is identical to B<preverify_ok>, so that any verification " "failure will lead to a termination of the TLS/SSL handshake with an alert " "message, if SSL_VERIFY_PEER is set." msgstr "" "Si aucun I<verify_callback> nâ??est indiqué, le rappel par défaut sera " "utilisé. Sa valeur de retour est identique à B<preverify_ok>, aussi toute " "erreur de vérification conduira à une fin de la connexion TLS/SSL, avec un " "message dâ??alerte si B<SSL_VERIFY_PEER> est activé." #. type: textblock #: C/ssl/SSL_CTX_set_verify.pod:151 msgid "" "In client mode, it is not checked whether the SSL_VERIFY_PEER flag is set, " "but whether SSL_VERIFY_NONE is not set. This can lead to unexpected " "behaviour, if the SSL_VERIFY_PEER and SSL_VERIFY_NONE are not used as " "required (exactly one must be set at any time)." msgstr "" "Dans le mode client, la vérification de chaîne nâ??est pas faite si lâ??attribut " "B<SSL_VERIFY_PEER> est activé, mais si B<SSL_VERIFY_NONE> nâ??est pas activé. " "Cela peut conduire à un fonctionnement inattendu si B<SSL_VERIFY_PEER> et " "B<SSL_VERIFY_NONE> ne sont pas utilisés comme exigé (seulement un seul " "actif)." #. type: textblock #: C/ssl/SSL_CTX_set_verify.pod:156 msgid "" "The certificate verification depth set with SSL[_CTX]_verify_depth() stops " "the verification at a certain depth. The error message produced will be that " "of an incomplete certificate chain and not X509_V_ERR_CERT_CHAIN_TOO_LONG as " "may be expected." msgstr "" "La profondeur de vérification de certificats définie avec " "B<SSL[_CTX]_verify_depth>() arrête la vérification à une certaine " "profondeur. Le message dâ??erreur fourni sera celui dâ??une chaîne de " "certificats incomplète et non B<X509_V_ERR_CERT_CHAIN_TOO_LONG> comme peut-" "être espéré." #. type: textblock #: C/ssl/SSL_CTX_set_verify.pod:163 msgid "The SSL*_set_verify*() functions do not provide diagnostic information." msgstr "" "Les fonctions B<SSL*_set_verify*>() ne fournissent pas dâ??information de " "diagnostic." #. type: textblock #: C/ssl/SSL_CTX_set_verify.pod:167 msgid "" "The following code sequence realizes an example B<verify_callback> function " "that will always continue the TLS/SSL handshake regardless of verification " "failure, if wished. The callback realizes a verification depth limit with " "more informational output." msgstr "" "Le code suivant réalise un exemple de la fonction I<verify_callback> qui " "continuera toujours lâ??initiation de connexion TLS/SSL indépendamment " "dâ??erreur de vérification, si voulu. Le rappel réalise une vérification avec " "limite de profondeur et avec le maximum dâ??informations." #. type: textblock #: C/ssl/SSL_CTX_set_verify.pod:172 msgid "" "All verification errors are printed; information about the certificate chain " "is printed on request. The example is realized for a server that does allow " "but not require client certificates." msgstr "" "Toutes les erreurs de vérification sont affichées ; lâ??information sur la " "chaîne de certificats est affichée sur demande. Cet exemple concerne un " "serveur qui autorise mais ne demande pas de certificat client." #. type: textblock #: C/ssl/SSL_CTX_set_verify.pod:177 msgid "" "The example makes use of the ex_data technique to store application data " "into/retrieve application data from the SSL structure (see " "L<SSL_get_ex_new_index(3)|SSL_get_ex_new_index(3)>, " "L<SSL_get_ex_data_X509_STORE_CTX_idx(3)|" "SSL_get_ex_data_X509_STORE_CTX_idx(3)>)." msgstr "" "Cet exemple utilise la technique « ex_data » pour stocker les données " "dâ??application dans la structure SSL ou les retrouver à partir de cette " "structure (consultez L<B<SSL_get_ex_new_index>(3)|SSL_get_ex_new_index(3)>, " "L<B<SSL_get_ex_data_X509_STORE_CTX_idx>(3)|" "SSL_get_ex_data_X509_STORE_CTX_idx(3)>)." #. type: verbatim #: C/ssl/SSL_CTX_set_verify.pod:182 #, no-wrap msgid "" " ...\n" " typedef struct {\n" " int verbose_mode;\n" " int verify_depth;\n" " int always_continue;\n" " } mydata_t;\n" " int mydata_index;\n" " ...\n" " static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx)\n" " {\n" " char buf[256];\n" " X509 *err_cert;\n" " int err, depth;\n" " SSL *ssl;\n" " mydata_t *mydata;\n" "\n" msgstr "" " ...\n" " typedef struct {\n" " int verbose_mode;\n" " int verify_depth;\n" " int always_continue;\n" " } mydata_t;\n" " int mydata_index;\n" " ...\n" " static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx)\n" " {\n" " char buf[256];\n" " X509 *err_cert;\n" " int err, depth;\n" " SSL *ssl;\n" " mydata_t *mydata;\n" "\n" #. type: verbatim #: C/ssl/SSL_CTX_set_verify.pod:198 #, no-wrap msgid "" " err_cert = X509_STORE_CTX_get_current_cert(ctx);\n" " err = X509_STORE_CTX_get_error(ctx);\n" " depth = X509_STORE_CTX_get_error_depth(ctx);\n" "\n" msgstr "" " err_cert = X509_STORE_CTX_get_current_cert(ctx);\n" " err = X509_STORE_CTX_get_error(ctx);\n" " depth = X509_STORE_CTX_get_error_depth(ctx);\n" "\n" #. type: verbatim #: C/ssl/SSL_CTX_set_verify.pod:202 #, no-wrap msgid "" " /*\n" " * Retrieve the pointer to the SSL of the connection currently treated\n" " * and the application specific data stored into the SSL object.\n" " */\n" " ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());\n" " mydata = SSL_get_ex_data(ssl, mydata_index);\n" "\n" msgstr "" " /*\n" " * Extraire le pointeur vers lâ??objet SSL de la connexion\n" " * actuellement traitée et les données spécifiques à \n" " * lâ??application stockées dans cet objet.\n" " */\n" " ssl = X509_STORE_CTX_get_ex_data(ctx,\n" " SSL_get_ex_data_X509_STORE_CTX_idx());\n" " mydata = SSL_get_ex_data(ssl, mydata_index);\n" "\n" #. type: verbatim #: C/ssl/SSL_CTX_set_verify.pod:209 #, no-wrap msgid "" " X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256);\n" "\n" msgstr "" " X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256);\n" "\n" #. type: verbatim #: C/ssl/SSL_CTX_set_verify.pod:211 #, no-wrap msgid "" " /*\n" " * Catch a too long certificate chain. The depth limit set using\n" " * SSL_CTX_set_verify_depth() is by purpose set to \"limit+1\" so\n" " * that whenever the \"depth>verify_depth\" condition is met, we\n" " * have violated the limit and want to log this error condition.\n" " * We must do it here, because the CHAIN_TOO_LONG error would not\n" " * be found explicitly; only errors introduced by cutting off the\n" " * additional certificates would be logged.\n" " */\n" " if (depth > mydata->verify_depth) {\n" " preverify_ok = 0;\n" " err = X509_V_ERR_CERT_CHAIN_TOO_LONG;\n" " X509_STORE_CTX_set_error(ctx, err);\n" " } \n" " if (!preverify_ok) {\n" " printf(\"verify error:num=%d:%s:depth=%d:%s\\n\", err,\n" " X509_verify_cert_error_string(err), depth, buf);\n" " }\n" " else if (mydata->verbose_mode)\n" " {\n" " printf(\"depth=%d:%s\\n\", depth, buf);\n" " }\n" "\n" msgstr "" " /*\n" " * Chaîne de certificats trop longue. La profondeur limite définie\n" " * par SSL_CTX_set_verify_depth() est en principe « limit+1 » aussi\n" " * si la condition « depth>verify_depth » est satisfaite, la limite\n" " * est dépassée et la journalisation de cette erreur doit être\n" " * faite. Cela doit être fait ici parce que lâ??erreur CHAIN_TOO_LONG\n" " * ne peut être trouvée explicitement ; les seules erreurs\n" " * introduites par des certificats additionnels sont journalisées.\n" " */\n" " if (depth > mydata->verify_depth) {\n" " preverify_ok = 0;\n" " err = X509_V_ERR_CERT_CHAIN_TOO_LONG;\n" " X509_STORE_CTX_set_error(ctx, err);\n" " } \n" " if (!preverify_ok) {\n" " printf(\"verify error:num=%d:%s:depth=%d:%s\\n\", err,\n" " X509_verify_cert_error_string(err), depth, buf);\n" " }\n" " else if (mydata->verbose_mode)\n" " {\n" " printf(\"depth=%d:%s\\n\", depth, buf);\n" " }\n" "\n" #. type: verbatim #: C/ssl/SSL_CTX_set_verify.pod:234 #, no-wrap msgid "" " /*\n" " * At this point, err contains the last verification error. We can use\n" " * it for something special\n" " */\n" " if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT))\n" " {\n" " X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, 256);\n" " printf(\"issuer= %s\\n\", buf);\n" " }\n" "\n" msgstr "" " /*\n" " * Ã? ce moment, err contient la dernière erreur de vérification.\n" " * Ce peut être utilisé pour un but particulier\n" " */\n" " if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT))\n" " {\n" " X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),\n" " buf, 256);\n" " printf(\"issuer= %s\\n\", buf);\n" " }\n" "\n" #. type: verbatim #: C/ssl/SSL_CTX_set_verify.pod:244 #, no-wrap msgid "" " if (mydata->always_continue)\n" " return 1;\n" " else\n" " return preverify_ok;\n" " }\n" " ...\n" "\n" msgstr "" " if (mydata->always_continue)\n" " return 1;\n" " else\n" " return preverify_ok;\n" " }\n" " ...\n" "\n" #. type: verbatim #: C/ssl/SSL_CTX_set_verify.pod:251 #, no-wrap msgid "" " mydata_t mydata;\n" "\n" msgstr "" " mydata_t mydata;\n" "\n" #. type: verbatim #: C/ssl/SSL_CTX_set_verify.pod:253 #, no-wrap msgid "" " ...\n" " mydata_index = SSL_get_ex_new_index(0, \"mydata index\", NULL, NULL, NULL);\n" "\n" msgstr "" " ...\n" " mydata_index = SSL_get_ex_new_index(0, \"mydata index\",\n" " NULL, NULL, NULL);\n" "\n" #. type: verbatim #: C/ssl/SSL_CTX_set_verify.pod:256 #, no-wrap msgid "" " ...\n" " SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,\n" " verify_callback);\n" "\n" msgstr "" " ...\n" " SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,\n" " verify_callback);\n" "\n" #. type: verbatim #: C/ssl/SSL_CTX_set_verify.pod:260 #, no-wrap msgid "" " /*\n" " * Let the verify_callback catch the verify_depth error so that we get\n" " * an appropriate error in the logfile.\n" " */\n" " SSL_CTX_set_verify_depth(verify_depth + 1);\n" "\n" msgstr "" " /*\n" " * Permettre à verify_callback de capturer lâ??erreur de verify_depth\n" " * pour obtenir une erreur appropriée dans le journal.\n" " */\n" " SSL_CTX_set_verify_depth(verify_depth + 1);\n" "\n" #. type: verbatim #: C/ssl/SSL_CTX_set_verify.pod:266 #, no-wrap msgid "" " /*\n" " * Set up the SSL specific data into \"mydata\" and store it into th SSL\n" " * structure.\n" " */\n" " mydata.verify_depth = verify_depth; ...\n" " SSL_set_ex_data(ssl, mydata_index, &mydata);\n" "\t\t\t\t\t \n" msgstr "" " /*\n" " * Définir les données spécifiques au SSL dans « mydata » et les\n" " * stocker dans la structure SSL.\n" " */\n" " mydata.verify_depth = verify_depth; ...\n" " SSL_set_ex_data(ssl, mydata_index, &mydata);\n" "\t\t\t\t\t \n" #. type: verbatim #: C/ssl/SSL_CTX_set_verify.pod:273 #, no-wrap msgid "" " ...\n" " SSL_accept(ssl);\t/* check of success left out for clarity */\n" " if (peer = SSL_get_peer_certificate(ssl))\n" " {\n" " if (SSL_get_verify_result(ssl) == X509_V_OK)\n" " {\n" " /* The client sent a certificate which verified OK */\n" " }\n" " }\n" "\n" msgstr "" " ...\n" " SSL_accept(ssl); /* Vérification dâ??une réussite omise pour clarté */\n" " if (peer = SSL_get_peer_certificate(ssl))\n" " {\n" " if (SSL_get_verify_result(ssl) == X509_V_OK)\n" " {\n" " /* Le client a envoyé un certificat valable */\n" " }\n" " }\n" "\n" #. type: textblock #: C/ssl/SSL_CTX_set_verify.pod:285 msgid "" "L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_CTX_get_verify_mode(3)|" "SSL_CTX_get_verify_mode(3)>, L<SSL_get_verify_result(3)|" "SSL_get_verify_result(3)>, L<SSL_CTX_load_verify_locations(3)|" "SSL_CTX_load_verify_locations(3)>, L<SSL_get_peer_certificate(3)|" "SSL_get_peer_certificate(3)>, L<SSL_CTX_set_cert_verify_callback(3)|" "SSL_CTX_set_cert_verify_callback(3)>, " "L<SSL_get_ex_data_X509_STORE_CTX_idx(3)|" "SSL_get_ex_data_X509_STORE_CTX_idx(3)>, L<SSL_get_ex_new_index(3)|" "SSL_get_ex_new_index(3)>" msgstr "" "L<B<ssl>(3)|ssl(3)>, L<B<SSL_new>(3)|SSL_new(3)>, " "L<B<SSL_CTX_get_verify_mode>(3)|SSL_CTX_get_verify_mode(3)>, " "L<B<SSL_get_verify_result>(3)|SSL_get_verify_result(3)>, " "L<B<SSL_CTX_load_verify_locations>(3)|SSL_CTX_load_verify_locations(3)>, " "L<B<SSL_get_peer_certificate>(3)|SSL_get_peer_certificate(3)>, " "L<B<SSL_CTX_set_cert_verify_callback>(3)|" "SSL_CTX_set_cert_verify_callback(3)>, " "L<B<SSL_get_ex_data_X509_STORE_CTX_idx>(3)|" "SSL_get_ex_data_X509_STORE_CTX_idx(3)>, L<B<SSL_get_ex_new_index(3)>|" "SSL_get_ex_new_index(3)>" #~ msgid "" #~ "The B<tmp_dh_callback> is called with the B<keylength> needed and the " #~ "B<is_export> information. The B<is_export> flag is set, when the " #~ "ephemeral DH key exchange is performed with an export cipher." #~ msgstr "" #~ "I<tmp_dh_callback> est appelée avec la I<taille_clef> désirée et " #~ "lâ??information I<is_export>. Lâ??attribut I<is_export> est activé lors de " #~ "lâ??échange de clefs éphémères DH est réalisé avec un algorithme de " #~ "chiffrement pour lâ??export." #~ msgid "" #~ " ...\n" #~ " /* Set up ephemeral DH stuff */\n" #~ " DH *dh_512 = NULL;\n" #~ " DH *dh_1024 = NULL;\n" #~ " FILE *paramfile;\n" #~ "\n" #~ msgstr "" #~ " ...\n" #~ " /* Définir ce qui concerne DH éphémère */\n" #~ " DH *dh_512 = NULL;\n" #~ " DH *dh_1024 = NULL;\n" #~ " FILE *<fich_param>;\n" #~ "\n" #~ msgid "" #~ " ...\n" #~ " /* \"openssl dhparam -out dh_param_512.pem -2 512\" */\n" #~ " paramfile = fopen(\"dh_param_512.pem\", \"r\");\n" #~ " if (paramfile) {\n" #~ " dh_512 = PEM_read_DHparams(paramfile, NULL, NULL, NULL);\n" #~ " fclose(paramfile);\n" #~ " }\n" #~ " /* \"openssl dhparam -out dh_param_1024.pem -2 1024\" */\n" #~ " paramfile = fopen(\"dh_param_1024.pem\", \"r\");\n" #~ " if (paramfile) {\n" #~ " dh_1024 = PEM_read_DHparams(paramfile, NULL, NULL, NULL);\n" #~ " fclose(paramfile);\n" #~ " }\n" #~ " ...\n" #~ "\n" #~ msgstr "" #~ " ...\n" #~ " /* \"openssl dhparam -out dh_param_512.pem -2 512\" */\n" #~ " I<fich_param> = fopen(\"dh_param_512.pem\", \"r\");\n" #~ " if (I<fich_param>) {\n" #~ " dh_512 = PEM_read_DHparams(I<fich_param>, NULL, NULL, NULL);\n" #~ " fclose(I<fich_param>);\n" #~ " }\n" #~ " /* \"openssl dhparam -out dh_param_1024.pem -2 1024\" */\n" #~ " I<fich_param> = fopen(\"dh_param_1024.pem\", \"r\");\n" #~ " if (I<fich_param>) {\n" #~ " dh_1024 = PEM_read_DHparams(I<fich_param>, NULL, NULL, NULL);\n" #~ " fclose(I<fich_param>);\n" #~ " }\n" #~ " ...\n" #~ "\n" #~ msgid "" #~ " /* \"openssl dhparam -C -2 512\" etc... */\n" #~ " DH *get_dh512() { ... }\n" #~ " DH *get_dh1024() { ... }\n" #~ "\n" #~ msgstr "" #~ " /* \"openssl dhparam -C -2 512\" etc. */\n" #~ " DH *get_dh512() { ... }\n" #~ " DH *get_dh1024() { ... }\n" #~ "\n" #~ msgid "" #~ " DH *tmp_dh_callback(SSL *s, int is_export, int keylength)\n" #~ " {\n" #~ " DH *dh_tmp=NULL;\n" #~ "\n" #~ msgstr "" #~ " DH *tmp_dh_callback(SSL *s, int is_export, int taille_clef)\n" #~ " {\n" #~ " DH *dh_tmp=NULL;\n" #~ "\n" #~ msgid "" #~ " switch (keylength) {\n" #~ " case 512:\n" #~ " if (!dh_512)\n" #~ " dh_512 = get_dh512();\n" #~ " dh_tmp = dh_512;\n" #~ " break;\n" #~ " case 1024:\n" #~ " if (!dh_1024)\n" #~ " dh_1024 = get_dh1024();\n" #~ " dh_tmp = dh_1024;\n" #~ " break;\n" #~ " default:\n" #~ " /* Generating a key on the fly is very costly, so use what is there */\n" #~ " setup_dh_parameters_like_above();\n" #~ " }\n" #~ " return(dh_tmp);\n" #~ " }\n" #~ "\n" #~ msgstr "" #~ " switch (taille_clef) {\n" #~ " case 512:\n" #~ " if (!dh_512)\n" #~ " dh_512 = get_dh512();\n" #~ " dh_tmp = dh_512;\n" #~ " break;\n" #~ " case 1024:\n" #~ " if (!dh_1024)\n" #~ " dh_1024 = get_dh1024();\n" #~ " dh_tmp = dh_1024;\n" #~ " break;\n" #~ " default:\n" #~ " /* Créer une clef à la volée est très cher, aussi utilisez ceci */\n" #~ " setup_dh_parameters_like_above();\n" #~ " }\n" #~ " return(dh_tmp);\n" #~ " }\n" #~ "\n" #~ msgid "" #~ "Always use ephemeral (temporary) RSA key when doing RSA operations (see " #~ "L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>). " #~ "According to the specifications this is only done, when a RSA key can " #~ "only be used for signature operations (namely under export ciphers with " #~ "restricted RSA keylength). By setting this option, ephemeral RSA keys are " #~ "always used. This option breaks compatibility with the SSL/TLS " #~ "specifications and may lead to interoperability problems with clients and " #~ "should therefore never be used. Ciphers with EDH (ephemeral Diffie-" #~ "Hellman) key exchange should be used instead." #~ msgstr "" #~ "Toujours utiliser des clefs RSA éphémères (temporaires) lors dâ??opérations " #~ "RSA (consultez L<B<SSL_CTX_set_tmp_rsa_callback>(3)|" #~ "SSL_CTX_set_tmp_rsa_callback(3)>). Suivant les spécifications cela est " #~ "fait uniquement quand une clef RSA peut être utilisée pour seulement les " #~ "opérations de signature (à savoir avec les algorithmes destinés à " #~ "lâ??export avec des longueurs limitées de clef RSA). En activant cette " #~ "option, les clefs éphémères sont toujours utilisées. Cette option rompt " #~ "la compatibilité avec spécifications SSL/TLS et peut mener à des " #~ "problèmes dâ??interopérabilité avec des clients, et devrait donc nâ??être " #~ "jamais utilisée. Lâ??échange de signatures avec EDH (Diffie-Hellman " #~ "éphémère) devrait plutôt être choisi." #~ msgid "" #~ "On OpenSSL servers ephemeral RSA key exchange is therefore disabled by " #~ "default and must be explicitly enabled using the SSL_OP_EPHEMERAL_RSA " #~ "option of L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>, violating the " #~ "TLS/SSL standard. When ephemeral RSA key exchange is required for export " #~ "ciphers, it will automatically be used without this option!" #~ msgstr "" #~ "Sur les serveurs SSL, lâ??échange de clefs RSA éphémères est donc désactivé " #~ "par défaut et doit être formellement activé en utilisant lâ??option " #~ "B<SSL_OP_EPHEMERAL_RSA> de L<B<SSL_CTX_set_options>(3)|" #~ "SSL_CTX_set_options(3)>, en enfreignant la norme TLS/SSL. Quand lâ??échange " #~ "de clefs éphémères RSA est nécessaire pour les algorithmes de chiffrement " #~ "pour lâ??export, cela est fait automatiquement sans cette option !" #~ msgid "C<0>" #~ msgstr "Z<>0" #~ msgid "C<1>" #~ msgstr "Z<>1" #~ msgid "1" #~ msgstr "1" #~ msgid "0" #~ msgstr "0"
Attachment:
signature.asc
Description: OpenPGP digital signature