CLEANUP: assorted typo fixes in the code and comments

These are mostly comments in the code. A few error messages were fixed
and are of low enough importance not to deserve a backport. Some regtests
were also fixed.

include/common/defaults.h

@@ -111,7 +111,7 @@
 #define MAX_SESS_STKCTR 3
 #endif
 
-// max # of extra stick-table data types that can be registred at runtime
+// max # of extra stick-table data types that can be registered at runtime
 #ifndef STKTABLE_EXTRA_DATA_TYPES
 #define STKTABLE_EXTRA_DATA_TYPES 0
 #endif
@@ -153,14 +153,14 @@
 #define RUNQUEUE_DEPTH 200
 #endif
 
-// cookie delimitor in "prefix" mode. This character is inserted between the
+// cookie delimiter in "prefix" mode. This character is inserted between the
 // persistence cookie and the original value. The '~' is allowed by RFC6265,
 // and should not be too common in server names.
 #ifndef COOKIE_DELIM
 #define COOKIE_DELIM    '~'
 #endif
 
-// this delimitor is used between a server's name and a last visit date in
+// this delimiter is used between a server's name and a last visit date in
 // cookies exchanged with the client.
 #ifndef COOKIE_DELIM_DATE
 #define COOKIE_DELIM_DATE       '|'

include/common/h1.h

@@ -196,7 +196,7 @@ static inline const char *h1m_state_str(enum h1m_state msg_state)
  * returns the number of bytes parsed on success, so the caller can set msg_state
  * to HTTP_MSG_CHUNK_SIZE. If not enough data are available, the function does not
  * change anything and returns zero. Otherwise it returns a negative value
- * indicating the error positionn relative to <stop>. Note: this function is
+ * indicating the error position relative to <stop>. Note: this function is
  * designed to parse wrapped CRLF at the end of the buffer.
  */
 static inline int h1_skip_chunk_crlf(const struct buffer *buf, int start, int stop)

include/common/hpack-tbl.h

@@ -52,7 +52,7 @@
  * possible to maximize the delay before a collision of DTEs and data. In order
  * to always insert from the right, we need to keep a reference to the latest
  * inserted element and look before it. The last inserted cell's address defines
- * the lowest konwn address still in use, unless the area wraps in which case
+ * the lowest known address still in use, unless the area wraps in which case
  * the available space lies between the end of the tail and the beginning of the
  * head.
  *

include/common/http.h

@@ -27,7 +27,7 @@
 #include <common/ist.h>
 
 /*
- * some macros mainly used when parsing header fileds.
+ * some macros mainly used when parsing header fields.
  * from RFC7230:
  *   CTL                 = <any US-ASCII control character (octets 0 - 31) and DEL (127)>
  *   SEP                 = one of the 17 defined separators or SP or HT

include/common/htx.h

@@ -37,7 +37,7 @@
  * metadata (htx_blk) and the associated payload. Blocks' metadata are stored
  * starting from the end of the array while their payload are stored at the
  * beginning. Blocks' metadata are often simply called blocks. it is a misuse of
- * language that's simplify explainations.
+ * language that's simplify explanations.
  *
  *
  *  +-----+---------------+------------------------------+--------------+
@@ -196,7 +196,7 @@ struct htx_sl {
 			      * during parsing, from this start-line to the
 			      * corresponding EOH. -1 if unknown */
 
-	unsigned int len[3]; /* length of differnt parts of the start-line */
+	unsigned int len[3]; /* length of different parts of the start-line */
 	char         l[0];
 };
 
@@ -258,7 +258,7 @@ struct htx_blk *htx_add_last_data(struct htx *htx, struct ist data);
 void htx_move_blk_before(struct htx *htx, struct htx_blk **blk, struct htx_blk **ref);
 int htx_append_msg(struct htx *dst, const struct htx *src);
 
-/* Functions and macros to get parts of the start-line or legnth of these
+/* Functions and macros to get parts of the start-line or length of these
  * parts. Request and response start-lines are both composed of 3 parts.
  */
 #define HTX_SL_LEN(sl) ((sl)->len[0] + (sl)->len[1] + (sl)->len[2])
@@ -588,7 +588,7 @@ static inline struct ist htx_get_blk_name(const struct htx *htx, const struct ht
 
 
 /* Returns the value of the block <blk>, depending on its type. If there is no
- * value (for end-of blocks), an empty one is retruned.
+ * value (for end-of blocks), an empty one is returned.
  */
 static inline struct ist htx_get_blk_value(const struct htx *htx, const struct htx_blk *blk)
 {
@@ -617,9 +617,9 @@ static inline struct ist htx_get_blk_value(const struct htx *htx, const struct h
 
 /* Removes <n> bytes from the beginning of DATA block <blk>. The block's start
  * address and its length are adjusted, and the htx's total data count is
- * updated. This is used to mark that part of some data were transfered
+ * updated. This is used to mark that part of some data were transferred
  * from a DATA block without removing this DATA block. No sanity check is
- * performed, the caller is reponsible for doing this exclusively on DATA
+ * performed, the caller is responsible for doing this exclusively on DATA
  * blocks, and never removing more than the block's size.
  */
 static inline void htx_cut_data_blk(struct htx *htx, struct htx_blk *blk, uint32_t n)

include/common/ist.h

@@ -722,7 +722,7 @@ static inline struct ist istist(const struct ist ist, const struct ist pat)
 }
 
 /*
- * looks for the first occurence of <chr> in string <ist> and returns a shorter
+ * looks for the first occurrence of <chr> in string <ist> and returns a shorter
  * ist if char is found.
  */
 static inline struct ist iststop(const struct ist ist, char chr)

include/common/regex.h

@@ -84,9 +84,9 @@ extern THREAD_LOCAL regmatch_t pmatch[MAX_MATCH];
  * "cs" is the case sensitive flag. If cs is true, case sensitive is enabled.
  * "cap" is capture flag. If cap if true the regex can capture into
  *       parenthesis strings.
- * "err" is the standar error message pointer.
+ * "err" is the standard error message pointer.
  *
- * The function return 1 is succes case, else return 0 and err is filled.
+ * The function return 1 is success case, else return 0 and err is filled.
  */
 struct my_regex *regex_comp(const char *str, int cs, int cap, char **err);
 int exp_replace(char *dst, unsigned int dst_size, char *src, const char *str, const regmatch_t *matches);

include/common/standard.h

@@ -447,7 +447,7 @@ int cidr2dotted(int cidr, struct in_addr *mask);
 /*
  * converts <str> to two struct in_addr* which must be pre-allocated.
  * The format is "addr[/mask]", where "addr" cannot be empty, and mask
- * is optionnal and either in the dotted or CIDR notation.
+ * is optional and either in the dotted or CIDR notation.
  * Note: "addr" can also be a hostname. Returns 1 if OK, 0 if error.
  */
 int str2net(const char *str, int resolve, struct in_addr *addr, struct in_addr *mask);
@@ -480,7 +480,7 @@ static inline struct sockaddr_storage *str2ip(const char *str, struct sockaddr_s
 /*
  * converts <str> to two struct in6_addr* which must be pre-allocated.
  * The format is "addr[/mask]", where "addr" cannot be empty, and mask
- * is an optionnal number of bits (128 being the default).
+ * is an optional number of bits (128 being the default).
  * Returns 1 if OK, 0 if error.
  */
 int str62net(const char *str, struct in6_addr *addr, unsigned char *mask);
@@ -756,7 +756,7 @@ static inline char *alltrim(char *s, char c) {
 
 /* This function converts the time_t value <now> into a broken out struct tm
  * which must be allocated by the caller. It is highly recommended to use this
- * function intead of localtime() because that one requires a time_t* which
+ * function instead of localtime() because that one requires a time_t* which
  * is not always compatible with tv_sec depending on OS/hardware combinations.
  */
 static inline void get_localtime(const time_t now, struct tm *tm)
@@ -766,7 +766,7 @@ static inline void get_localtime(const time_t now, struct tm *tm)
 
 /* This function converts the time_t value <now> into a broken out struct tm
  * which must be allocated by the caller. It is highly recommended to use this
- * function intead of gmtime() because that one requires a time_t* which
+ * function instead of gmtime() because that one requires a time_t* which
  * is not always compatible with tv_sec depending on OS/hardware combinations.
  */
 static inline void get_gmtime(const time_t now, struct tm *tm)
@@ -779,7 +779,7 @@ static inline void get_gmtime(const time_t now, struct tm *tm)
  * serves as a temporary origin. It's worth remembering that it's the first
  * year of each period that is leap and not the last one, so for instance year
  * 1 sees 366 days since year 0 was leap. For this reason we have to apply
- * modular arithmetics which is why we offset the year by 399 before
+ * modular arithmetic which is why we offset the year by 399 before
  * subtracting the excess at the end. No overflow here before ~11.7 million
  * years.
  */
@@ -987,7 +987,7 @@ static inline int ha_bit_test(unsigned long bit, const long *map)
 
 /*
  * Parse binary string written in hexadecimal (source) and store the decoded
- * result into binstr and set binstrlen to the lengh of binstr. Memory for
+ * result into binstr and set binstrlen to the length of binstr. Memory for
  * binstr is allocated by the function. In case of error, returns 0 with an
  * error message in err.
  */
@@ -1251,7 +1251,7 @@ char *gmt2str_log(char *dst, struct tm *tm, size_t size);
 char *localdate2str_log(char *dst, time_t t, struct tm *tm, size_t size);
 
 /* These 3 functions parses date string and fills the
- * corresponding broken-down time in <tm>. In succes case,
+ * corresponding broken-down time in <tm>. In success case,
  * it returns 1, otherwise, it returns 0.
  */
 int parse_http_date(const char *date, int len, struct tm *tm);
@@ -1309,7 +1309,7 @@ int append_prefixed_str(struct buffer *out, const char *in, const char *pfx, cha
 /* removes environment variable <name> from the environment as found in
  * environ. This is only provided as an alternative for systems without
  * unsetenv() (old Solaris and AIX versions). THIS IS NOT THREAD SAFE.
- * The principle is to scan environ for each occurence of variable name
+ * The principle is to scan environ for each occurrence of variable name
  * <name> and to replace the matching pointers with the last pointer of
  * the array (since variables are not ordered).
  * It always returns 0 (success).

include/common/xref.h

@@ -46,7 +46,7 @@ static inline struct xref *xref_get_peer_and_lock(struct xref *xref)
 		if (local == XREF_BUSY)
 			continue;
 
-		/* We are locked, the peer cant disapear, try to acquire
+		/* We are locked, the peer can't disappear, try to acquire
 		 * the pper's lock. Note that remote can't be NULL.
 		 */
 		remote = _HA_ATOMIC_XCHG(&local->peer, XREF_BUSY);

include/proto/connection.h

@@ -681,7 +681,7 @@ static inline const char *conn_err_code_str(struct connection *c)
 	case CO_ER_SSL_TIMEOUT:   return "Timeout during SSL handshake";
 	case CO_ER_SSL_TOO_MANY:  return "Too many SSL connections";
 	case CO_ER_SSL_NO_MEM:    return "Out of memory when initializing an SSL connection";
-	case CO_ER_SSL_RENEG:     return "Rejected a client-initiated SSL renegociation attempt";
+	case CO_ER_SSL_RENEG:     return "Rejected a client-initiated SSL renegotiation attempt";
 	case CO_ER_SSL_CA_FAIL:   return "SSL client CA chain cannot be verified";
 	case CO_ER_SSL_CRT_FAIL:  return "SSL client certificate not trusted";
 	case CO_ER_SSL_MISMATCH:  return "Server presented an SSL certificate different from the configured one";

include/proto/fd.h

@@ -106,7 +106,7 @@ void fd_add_to_fd_list(volatile struct fdlist *list, int fd, int off);
 void fd_rm_from_fd_list(volatile struct fdlist *list, int fd, int off);
 void updt_fd_polling(const int fd);
 
-/* Called from the poller to acknoledge we read an entry from the global
+/* Called from the poller to acknowledge we read an entry from the global
  * update list, to remove our bit from the update_mask, and remove it from
  * the list if we were the last one.
  */

include/proto/log.h

@@ -172,13 +172,13 @@ char *lf_text_len(char *dst, const char *src, size_t len, size_t size, const str
 
 /*
  * Write a IP address to the log string
- * +X option write in hexadecimal notation, most signifant byte on the left
+ * +X option write in hexadecimal notation, most significant byte on the left
  */
 char *lf_ip(char *dst, const struct sockaddr *sockaddr, size_t size, const struct logformat_node *node);
 
 /*
  * Write a port to the log
- * +X option write in hexadecimal notation, most signifant byte on the left
+ * +X option write in hexadecimal notation, most significant byte on the left
  */
 char *lf_port(char *dst, const struct sockaddr *sockaddr, size_t size, const struct logformat_node *node);
 

include/proto/pattern.h

@@ -51,7 +51,7 @@ static inline int pat_find_match_name(const char *name)
 }
 
 /* This function executes a pattern match on a sample. It applies pattern <expr>
- * to sample <smp>. The function returns NULL if the sample dont match. It returns
+ * to sample <smp>. The function returns NULL if the sample don't match. It returns
  * non-null if the sample match. If <fill> is true and the sample match, the
  * function returns the matched pattern. In many cases, this pattern can be a
  * static buffer.

include/proto/proxy.h

@@ -147,7 +147,7 @@ static inline void proxy_inc_fe_req_ctr(struct proxy *fe)
 			     update_freq_ctr(&fe->fe_req_per_sec, 1));
 }
 
-/* Returns non-zero if the proxy is configured to retry a request if we got that status, 0 overwise */
+/* Returns non-zero if the proxy is configured to retry a request if we got that status, 0 otherwise */
 static inline int l7_status_match(struct proxy *p, int status)
 {
 	/* Just return 0 if no retry was configured for any status */

include/proto/server.h

@@ -95,7 +95,7 @@ struct srv_kw *srv_find_kw(const char *kw);
 void srv_dump_kws(char **out);
 
 /* Recomputes the server's eweight based on its state, uweight, the current time,
- * and the proxy's algorihtm. To be used after updating sv->uweight. The warmup
+ * and the proxy's algorithm. To be used after updating sv->uweight. The warmup
  * state is automatically disabled if the time is elapsed.
  */
 void server_recalc_eweight(struct server *sv, int must_update);

include/proto/sink.h

@@ -34,7 +34,7 @@ int sink_announce_dropped(struct sink *sink);
 
 
 /* tries to send <nmsg> message parts (up to 8, ignored above) from message
- * array <msg> to sink <sink>. Formating according to the sink's preference is
+ * array <msg> to sink <sink>. Formatting according to the sink's preference is
  * done here. Lost messages are accounted for in the sink's counter. If there
  * were lost messages, an attempt is first made to indicate it.
  */

include/proto/task.h

@@ -335,7 +335,7 @@ static inline void tasklet_init(struct tasklet *t)
 }
 
 /* Allocate and initialize a new tasklet, local to the thread by default. The
- * caller may assing its tid if it wants to own the tasklet.
+ * caller may assign its tid if it wants to own the tasklet.
  */
 static inline struct tasklet *tasklet_new(void)
 {
@@ -388,7 +388,7 @@ static inline void task_destroy(struct task *t)
 		return;
 
 	task_unlink_wq(t);
-	/* We don't have to explicitely remove from the run queue.
+	/* We don't have to explicitly remove from the run queue.
 	 * If we are in the runqueue, the test below will set t->process
 	 * to NULL, and the task will be free'd when it'll be its turn
 	 * to run.
@@ -494,7 +494,7 @@ static inline void task_schedule(struct task *task, int when)
  * execution context. It contains a pointer to the associated task.
  * "link" is a list head attached to an other task that must be wake
  * the lua task if an event occurs. This is useful with external
- * events like TCP I/O or sleep functions. This funcion allocate
+ * events like TCP I/O or sleep functions. This function allocate
  * memory for the signal.
  */
 static inline struct notification *notification_new(struct list *purge, struct list *event, struct task *wakeup)
@@ -535,7 +535,7 @@ static inline void notification_purge(struct list *purge)
 }
 
 /* In some cases, the disconnected notifications must be cleared.
- * This function just release memory blocs. The purge list is not
+ * This function just release memory blocks. The purge list is not
  * locked because it is owned by only one process. Before browsing
  * this list, the caller must ensure to be the only one browser.
  * The "com" is not locked because when com->task is NULL, the
@@ -627,7 +627,7 @@ void wake_expired_tasks();
 
 /* Checks the next timer for the current thread by looking into its own timer
  * list and the global one. It may return TICK_ETERNITY if no timer is present.
- * Note that the next timer might very well be slighly in the past.
+ * Note that the next timer might very well be slightly in the past.
  */
 int next_timer_expiry();
 

include/types/filters.h

@@ -65,7 +65,7 @@ struct flt_kw_list {
  * - init_per_thread      : Initializes the filter for a proxy for a specific
  *                          thread. Returns a negative value if an error
  *                          occurs.
- * - deinit_per_thread    : Cleans up what the init_per_thread funcion has
+ * - deinit_per_thread    : Cleans up what the init_per_thread function has
  *                          done.
  *
  *
@@ -128,7 +128,7 @@ struct flt_kw_list {
  *                          Returns a negative value if an error occurs, 0 if
  *                          it needs to wait for some reason, any other value
  *                          otherwise.
- *  - http_reset          : Called when the HTTP message is reseted. It happens
+ *  - http_reset          : Called when the HTTP message is reset. It happens
  *                          either when a 100-continue response is received.
  *                          that can be detected if s->txn->status is 10X, or
  *                          if we're attempting a L7 retry.
@@ -217,7 +217,7 @@ struct flt_conf {
  *
  * 2D-Array fields are used to store info per channel. The first index stands
  * for the request channel, and the second one for the response channel.
- * Especially, <next> and <fwd> are offets representing amount of data that the
+ * Especially, <next> and <fwd> are offsets representing amount of data that the
  * filter are, respectively, parsed and forwarded on a channel. Filters can
  * access these values using FLT_NXT and FLT_FWD macros.
  */

include/types/pattern.h

@@ -40,7 +40,7 @@
  *   - FAIL : no mattern may ever match
  *
  * We assign values 0, 1 and 3 to FAIL, MISS and PASS respectively, so that we
- * can make use of standard arithmetics for the truth tables below :
+ * can make use of standard arithmetic for the truth tables below :
  *
  *      x  | !x          x&y | F(0) | M(1) | P(3)     x|y | F(0) | M(1) | P(3)
  *   ------+-----       -----+------+------+-----    -----+------+------+-----
@@ -64,7 +64,7 @@ enum pat_match_res {
 /* possible flags for patterns matching or parsing */
 enum {
 	PAT_MF_IGNORE_CASE = 1 << 0,       /* ignore case */
-	PAT_MF_NO_DNS      = 1 << 1,       /* dont perform any DNS requests */
+	PAT_MF_NO_DNS      = 1 << 1,       /* don't perform any DNS requests */
 };
 
 /* possible flags for patterns storage */
@@ -186,7 +186,7 @@ struct pattern_expr {
 	struct pattern_head *pat_head; /* Point to the pattern_head that contain manipulation functions.
 	                                * Note that this link point on compatible head but not on the real
 	                                * head. You can use only the function, and you must not use the
-	                                * "head". Dont write "(struct pattern_expr *)any->pat_head->expr".
+	                                * "head". Don't write "(struct pattern_expr *)any->pat_head->expr".
 	                                */
 	struct list patterns;         /* list of acl_patterns */
 	struct eb_root pattern_tree;  /* may be used for lookup in large datasets */

include/types/protocol.h

@@ -50,7 +50,7 @@ struct connection;
 
 
 
-/* max length of a protcol name, including trailing zero */
+/* max length of a protocol name, including trailing zero */
 #define PROTO_NAME_LEN 16
 
 /* This structure contains all information needed to easily handle a protocol.

reg-tests/checks/4be_1srv_health_checks.vtc

@@ -19,7 +19,7 @@ feature ignore_unknown_macro
 # disabling the servers. Same thing, when we check that the servers are down
 # before enabling the servers.
 
-# Cyclic barrier to synchonize the CLI with the syslog servers
+# Cyclic barrier to synchronize the CLI with the syslog servers
 barrier b1 cond 5 -cyclic
 
 # These servers are there only for the health-check test.

reg-tests/http-errorfiles/errors/500-1.http

@@ -5,5 +5,5 @@ Content-Type: text/html
 x-err-type: errors-1
 
 <html><body><h1>500 Internal Server Error</h1>
-An internal server error occured.
+An internal server error occurred.
 </body></html>

reg-tests/http-errorfiles/errors/500.http

@@ -5,5 +5,5 @@ Content-Type: text/html
 x-err-type: default
 
 <html><body><h1>500 Internal Server Error</h1>
-An internal server error occured.
+An internal server error occurred.
 </body></html>

reg-tests/http-errorfiles/http_deny_errors.vtc

@@ -1,4 +1,4 @@
-varnishtest "Test the custom erorrs for HTTP deny rules"
+varnishtest "Test the custom errors for HTTP deny rules"
 #REQUIRE_VERSION=2.2
 
 # This config tests the custom errors for HTTP deny rules.

reg-tests/mailers/healthcheckmail.lua

@@ -93,7 +93,7 @@ core.register_service("mailservice", "tcp", function(applet)
 			end
 		end
 	end
-	core.Info("#### Body recieved OK")
+	core.Info("#### Body received OK")
 	applet:send("250 OK\r\n")
 
 	if RecieveAndCheck(applet, "QUIT") == false then

reg-tests/spoe/wrong_init.vtc

@@ -2,7 +2,7 @@
 # BUG/MINOR: spoe: Initialize variables used during conf parsing before any check
 #
 # Some initializations must be done at the beginning of parse_spoe_flt to avoid
-# segmentaion fault when first errors are catched, when the "filter spoe" line is
+# segmentation fault when first errors are caught, when the "filter spoe" line is
 # parsed.
 
 #REGTEST_TYPE=bug

src/ssl_sock.c

@@ -452,7 +452,7 @@ static int ssl_set_cert_crl_file(X509_STORE *store_ctx, char *path)
 	return 0;
 }
 
-/* SSL_CTX_load_verify_locations substitute, internaly call X509_STORE_load_locations */
+/* SSL_CTX_load_verify_locations substitute, internally call X509_STORE_load_locations */
 static int ssl_set_verify_locations_file(SSL_CTX *ctx, char *path)
 {
 	X509_STORE *store_ctx = SSL_CTX_get_cert_store(ctx);
@@ -1227,7 +1227,7 @@ struct tls_keys_ref *tlskeys_ref_lookupid(int unique_id)
         return NULL;
 }
 
-/* Update the key into ref: if keysize doesnt
+/* Update the key into ref: if keysize doesn't
  * match existing ones, this function returns -1
  * else it returns 0 on success.
  */
@@ -1703,7 +1703,7 @@ void ssl_sock_infocbk(const SSL *ssl, int where, int ret)
 	if ((where & SSL_CB_ACCEPT_LOOP) == SSL_CB_ACCEPT_LOOP) {
 		if (!(ctx->xprt_st & SSL_SOCK_ST_FL_16K_WBFSIZE)) {
 			/* Long certificate chains optimz
-			   If write and read bios are differents, we
+			   If write and read bios are different, we
 			   consider that the buffering was activated,
                            so we rise the output buffer size from 4k
 			   to 16k */
@@ -1813,7 +1813,7 @@ void ssl_sock_parse_clienthello(int write_p, int version, int content_type,
 		return;
 
 	/* First byte of the handshake message id the type of
-	 * message. The konwn types are:
+	 * message. The known types are:
 	 *  - hello_request(0)
 	 *  - client_hello(1)
 	 *  - server_hello(2)
@@ -1941,7 +1941,7 @@ static int ssl_sock_srv_select_protos(SSL *s, unsigned char **out, unsigned char
 
 #if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
 /* This callback is used so that the server advertises the list of
- * negociable protocols for NPN.
+ * negotiable protocols for NPN.
  */
 static int ssl_sock_advertise_npn_protos(SSL *s, const unsigned char **data,
                                          unsigned int *len, void *arg)
@@ -1956,7 +1956,7 @@ static int ssl_sock_advertise_npn_protos(SSL *s, const unsigned char **data,
 
 #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
 /* This callback is used so that the server advertises the list of
- * negociable protocols for ALPN.
+ * negotiable protocols for ALPN.
  */
 static int ssl_sock_advertise_alpn_protos(SSL *s, const unsigned char **out,
                                           unsigned char *outlen,
@@ -2440,7 +2440,7 @@ static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg)
 		goto abort;
 	}
 
-	/* extract/check clientHello informations */
+	/* extract/check clientHello information */
 #ifdef OPENSSL_IS_BORINGSSL
 	if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
 #else
@@ -3017,7 +3017,7 @@ struct eb_root ckchs_tree = EB_ROOT_UNIQUE;
 
 
 /* Loads Diffie-Hellman parameter from a ckchs to an SSL_CTX.
- *  If there is no DH paramater availaible in the ckchs, the global
+ *  If there is no DH parameter available in the ckchs, the global
  *  DH parameter is loaded into the SSL_CTX and if there is no
  *  DH parameter available in ckchs nor in global, the default
  *  DH parameters are applied on the SSL_CTX.
@@ -5008,7 +5008,7 @@ int sh_ssl_sess_new_cb(SSL *ssl, SSL_SESSION *sess)
 	const unsigned char *sid_data;
 
 	/* Session id is already stored in to key and session id is known
-	 * so we dont store it to keep size.
+	 * so we don't store it to keep size.
 	 * note: SSL_SESSION_set1_id is using
 	 * a memcpy so we need to use a different pointer
 	 * than sid_data or sid_ctx_data to avoid valgrind
@@ -6502,7 +6502,7 @@ static int ssl_sock_handshake(struct connection *conn, unsigned int flag)
 #if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
 	/* ASYNC engine API doesn't support moving read/write
 	 * buffers. So we disable ASYNC mode right after
-	 * the handshake to avoid buffer oveflows.
+	 * the handshake to avoid buffer overflow.
 	 */
 	if (global_ssl.async)
 		SSL_clear_mode(ctx->ssl, SSL_MODE_ASYNC);
@@ -7079,7 +7079,7 @@ static int cert_get_pkey_algo(X509 *crt, struct buffer *out)
 	return 1;
 }
 
-/* used for ppv2 pkey alog (can be used for logging) */
+/* used for ppv2 pkey algo (can be used for logging) */
 int ssl_sock_get_pkey_algo(struct connection *conn, struct buffer *out)
 {
 	struct ssl_sock_ctx *ctx;
@@ -11041,7 +11041,7 @@ static int cli_io_handler_commit_cert(struct appctx *appctx)
 					/* we need to initialize the SSL_CTX generated */
 					/* this iterate on the newly generated SNIs in the new instance to prepare their SSL_CTX */
 					list_for_each_entry_safe(sc0, sc0s, &new_inst->sni_ctx, by_ckch_inst) {
-						if (!sc0->order) { /* we initiliazed only the first SSL_CTX because it's the same in the other sni_ctx's */
+						if (!sc0->order) { /* we initialized only the first SSL_CTX because it's the same in the other sni_ctx's */
 							errcode |= ssl_sock_prepare_ctx(ckchi->bind_conf, ckchi->ssl_conf, sc0->ctx, &err);
 							if (errcode & ERR_CODE)
 								goto error;
@@ -11220,7 +11220,7 @@ static int cli_parse_set_cert(char **args, char *payload, struct appctx *appctx,
 		return cli_err(appctx, "Can't allocate memory\n");
 
 	if (!*args[3] || !payload)
-		return cli_err(appctx, "'set ssl cert expects a filename and a certificat as a payload\n");
+		return cli_err(appctx, "'set ssl cert expects a filename and a certificate as a payload\n");
 
 	/* The operations on the CKCH architecture are locked so we can
 	 * manipulate ckch_store and ckch_inst */
@@ -11550,7 +11550,7 @@ static int check_aes_gcm(struct arg *args, struct sample_conv *conv,
 	return 1;
 }
 
-/* Arguements: AES size in bits, nonce, key, tag. The last three arguments are base64 encoded */
+/* Arguments: AES size in bits, nonce, key, tag. The last three arguments are base64 encoded */
 static int sample_conv_aes_gcm_dec(const struct arg *arg_p, struct sample *smp, void *private)
 {
 	struct sample nonce, key, aead_tag;
@@ -11788,7 +11788,7 @@ static struct ssl_bind_kw ssl_bind_kws[] = {
 #if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
 	{ "ciphersuites",          ssl_bind_parse_ciphersuites,     1 }, /* set TLS 1.3 cipher suite */
 #endif
-	{ "crl-file",              ssl_bind_parse_crl_file,         1 }, /* set certificat revocation list file use on client cert verify */
+	{ "crl-file",              ssl_bind_parse_crl_file,         1 }, /* set certificate revocation list file use on client cert verify */
 	{ "curves",                ssl_bind_parse_curves,           1 }, /* set SSL curve suite */
 	{ "ecdhe",                 ssl_bind_parse_ecdhe,            1 }, /* defines named curve for elliptic curve Diffie-Hellman */
 	{ "no-ca-names",           ssl_bind_parse_no_ca_names,      0 }, /* do not send ca names to clients (ca_file related) */
@@ -11813,9 +11813,9 @@ static struct bind_kw_list bind_kws = { "SSL", { }, {
 #if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
 	{ "ciphersuites",          bind_parse_ciphersuites,       1 }, /* set TLS 1.3 cipher suite */
 #endif
-	{ "crl-file",              bind_parse_crl_file,           1 }, /* set certificat revocation list file use on client cert verify */
+	{ "crl-file",              bind_parse_crl_file,           1 }, /* set certificate revocation list file use on client cert verify */
 	{ "crt",                   bind_parse_crt,                1 }, /* load SSL certificates from this location */
-	{ "crt-ignore-err",        bind_parse_ignore_err,         1 }, /* set error IDs to ingore on verify depth == 0 */
+	{ "crt-ignore-err",        bind_parse_ignore_err,         1 }, /* set error IDs to ignore on verify depth == 0 */
 	{ "crt-list",              bind_parse_crt_list,           1 }, /* load a list of crt from this location */
 	{ "curves",                bind_parse_curves,             1 }, /* set SSL curve suite */
 	{ "ecdhe",                 bind_parse_ecdhe,              1 }, /* defines named curve for elliptic curve Diffie-Hellman */