openbsd/src/lib/libtls/man, branch libressl-v3.4.1 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v3.4.1 2021-06-22T20:01:19+00:00 zap wonky commas; 2021-06-22T20:01:19+00:00 jmc 2021-06-22T20:01:19+00:00 urn:sha1:3650508f3facd1163d6549d6fab59a6f81db17d2 Clarify tls_config_set_*_file() file I/O semantics 2021-06-22T17:59:48+00:00 kn 2021-06-22T17:59:48+00:00 urn:sha1:7464c3881edf2f952d355d3ed4e23a63ef9051fa tls_config_set_*_file(3) do not just set the file paths like tls_config_set_*_path(3) do, they do load the given file(s) into memory directly using tls_config_load_file(). This distinction is important because it means a later tls_connect(3) will not do any file I/O (at least wrt. those files), which is relevant when for example pleding without "[rwc]path" after loading files into memory and before doing tls_connect(3). The manual's current wording made me use the following due to above way of pledging a program: tls_load_file() tls_config_set_ca_mem() tls_unload_file() While in fact a single tls_config_set_ca_file() call does the same. tls_config.c r1.26 (Aug 2016) change the code but forgot to amend the manual as noted by tb, thanks. Feedback OK tb Tweak previous: 2021-01-02T19:58:44+00:00 schwarze 2021-01-02T19:58:44+00:00 urn:sha1:c0a13098b65e31155a7ddfa3514859fcc685e498 * Do not abuse .Bl -tag for lists without bodies, use .Bl -item instead. * In tagged lists, put bodies into bodies, not into heads. * Add a few missing macros. * Drop some useless quoting. Make list of DHE parameters more prominent 2021-01-02T19:15:04+00:00 kn 2021-01-02T19:15:04+00:00 urn:sha1:1810ecb83b1849023a93ebdb181e2054f991f1b4 Follow the previous commit and complete the manual page for consistency; better readable and tags for free. OK tb Make the list of supported protocols more prominent 2020-12-30T13:38:13+00:00 kn 2020-12-30T13:38:13+00:00 urn:sha1:e510ae695c6796e2c5638d83018f97c4f02b460f Manuals like httpd.conf(5) refer to this for valid protocol strings, but elements inlined into sentences are hard find to spot. Use a list as already done elsewhere in this manual. OK jmc on earlier version Feeback OK tb Note in the man page that the default protocols list includes 1.3 2020-01-22T06:46:34+00:00 beck 2020-01-22T06:46:34+00:00 urn:sha1:70165c1ccc36585328dc1800b0b9d35a6e4ddd76 ok jsing@ Add support for TLSv1.3 as a protocol to libtls. 2020-01-20T08:39:21+00:00 jsing 2020-01-20T08:39:21+00:00 urn:sha1:4964c87c6ff167d81b09c143dff53c224a573ccb This makes tls_config_parse_protocols() recognise and handle "tlsv1.3". If TLSv1.3 is enabled libtls will also request libssl to enable it. ok beck@ tb@ Document tls_conn_cipher_strength(). 2019-11-02T13:43:14+00:00 jsing 2019-11-02T13:43:14+00:00 urn:sha1:7b65da8eb0a399e1e221439826be2ec486036a70 ok schwarze@ Group tls_{handshake,read,write,close}() return values documentation. 2019-07-09T17:58:33+00:00 jsing 2019-07-09T17:58:33+00:00 urn:sha1:ee433ef57027dc35958a9c56ad878f679d66886b Move the documentation for tls_error() down so that both the special return values for tls_{handshake,read,write,close}() directly follow the standard return values for the same functions. Prompted by deraadt@. ok deraadt@ schwarze@ tls_read() & tls_write() return 4 possible values: TLS_WANT_POLLOUT, 2019-06-20T15:47:44+00:00 deraadt 2019-06-20T15:47:44+00:00 urn:sha1:9fddbc1119a5bde8e0230cd05995f60c60c3596b TLS_WANT_POLLIN, -1, or 0. After handling the first two, check for -1 rather than vaguely "< 0". ok jsing