diff options
| author | beck <> | 2015-09-10 15:47:25 +0000 |
|---|---|---|
| committer | beck <> | 2015-09-10 15:47:25 +0000 |
| commit | 82208d32389873dc0a35e1efb027536202112bf6 (patch) | |
| tree | facb809e6f6d6d64a8e4365e869a58377b661977 | |
| parent | 678175782998e1d646a67560e930e6b1cefa1912 (diff) | |
| download | openbsd-82208d32389873dc0a35e1efb027536202112bf6.tar.gz openbsd-82208d32389873dc0a35e1efb027536202112bf6.tar.bz2 openbsd-82208d32389873dc0a35e1efb027536202112bf6.zip | |
document client side certificate verification functionality.
ok jsing@
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libtls/Makefile | 4 | ||||
| -rw-r--r-- | src/lib/libtls/tls_init.3 | 18 |
2 files changed, 19 insertions, 3 deletions
diff --git a/src/lib/libtls/Makefile b/src/lib/libtls/Makefile index 6b9270b50a..fa6279dcb1 100644 --- a/src/lib/libtls/Makefile +++ b/src/lib/libtls/Makefile | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.12 2015/09/10 14:19:01 jmc Exp $ | 1 | # $OpenBSD: Makefile,v 1.13 2015/09/10 15:47:25 beck Exp $ |
| 2 | 2 | ||
| 3 | CFLAGS+= -Wall -Werror -Wimplicit | 3 | CFLAGS+= -Wall -Werror -Wimplicit |
| 4 | CFLAGS+= -DLIBRESSL_INTERNAL | 4 | CFLAGS+= -DLIBRESSL_INTERNAL |
| @@ -42,6 +42,8 @@ MLINKS+=tls_init.3 tls_config_clear_keys.3 | |||
| 42 | MLINKS+=tls_init.3 tls_config_insecure_noverifycert.3 | 42 | MLINKS+=tls_init.3 tls_config_insecure_noverifycert.3 |
| 43 | MLINKS+=tls_init.3 tls_config_insecure_noverifyname.3 | 43 | MLINKS+=tls_init.3 tls_config_insecure_noverifyname.3 |
| 44 | MLINKS+=tls_init.3 tls_config_verify.3 | 44 | MLINKS+=tls_init.3 tls_config_verify.3 |
| 45 | MLINKS+=tls_init.3 tls_config_verify_client.3 | ||
| 46 | MLINKS+=tls_init.3 tls_config_verify_client_optional.3 | ||
| 45 | MLINKS+=tls_init.3 tls_load_file.3 | 47 | MLINKS+=tls_init.3 tls_load_file.3 |
| 46 | MLINKS+=tls_init.3 tls_client.3 | 48 | MLINKS+=tls_init.3 tls_client.3 |
| 47 | MLINKS+=tls_init.3 tls_server.3 | 49 | MLINKS+=tls_init.3 tls_server.3 |
diff --git a/src/lib/libtls/tls_init.3 b/src/lib/libtls/tls_init.3 index 62f52e4331..01c931bb41 100644 --- a/src/lib/libtls/tls_init.3 +++ b/src/lib/libtls/tls_init.3 | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | .\" $OpenBSD: tls_init.3,v 1.33 2015/09/10 14:57:29 beck Exp $ | 1 | .\" $OpenBSD: tls_init.3,v 1.34 2015/09/10 15:47:25 beck Exp $ |
| 2 | .\" | 2 | .\" |
| 3 | .\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org> | 3 | .\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org> |
| 4 | .\" | 4 | .\" |
| @@ -106,6 +106,10 @@ | |||
| 106 | .Fn tls_config_insecure_noverifyname "struct tls_config *config" | 106 | .Fn tls_config_insecure_noverifyname "struct tls_config *config" |
| 107 | .Ft "void" | 107 | .Ft "void" |
| 108 | .Fn tls_config_verify "struct tls_config *config" | 108 | .Fn tls_config_verify "struct tls_config *config" |
| 109 | .Ft "void" | ||
| 110 | .Fn tls_config_verify_client "struct tls_config *config" | ||
| 111 | .Ft "void" | ||
| 112 | .Fn tls_config_verify_client_optional "struct tls_config *config" | ||
| 109 | .Ft "uint8_t *" | 113 | .Ft "uint8_t *" |
| 110 | .Fn tls_load_file "const char *file" "size_t *len" "char *password" | 114 | .Fn tls_load_file "const char *file" "size_t *len" "char *password" |
| 111 | .Ft "struct tls *" | 115 | .Ft "struct tls *" |
| @@ -322,7 +326,7 @@ clears any secret keys from memory. | |||
| 322 | .Fn tls_config_insecure_noverifycert | 326 | .Fn tls_config_insecure_noverifycert |
| 323 | disables certificate verification. | 327 | disables certificate verification. |
| 324 | Be extremely careful when using this option. | 328 | Be extremely careful when using this option. |
| 325 | .Em (Client) | 329 | .Em (Client and server) |
| 326 | .It | 330 | .It |
| 327 | .Fn tls_config_insecure_noverifyname | 331 | .Fn tls_config_insecure_noverifyname |
| 328 | disables server name verification. | 332 | disables server name verification. |
| @@ -333,6 +337,16 @@ Be careful when using this option. | |||
| 333 | reenables server name and certificate verification. | 337 | reenables server name and certificate verification. |
| 334 | .Em (Client) | 338 | .Em (Client) |
| 335 | .It | 339 | .It |
| 340 | .Fn tls_config_verify_client | ||
| 341 | enables client certificate verification, requiring the client to send | ||
| 342 | a certificate. | ||
| 343 | .Em (Server) | ||
| 344 | .It | ||
| 345 | .Fn tls_config_verify_client_opional | ||
| 346 | enables client certificate verification, without requiring the client | ||
| 347 | to send a certificate. | ||
| 348 | .Em (Server) | ||
| 349 | .It | ||
| 336 | .Fn tls_load_file | 350 | .Fn tls_load_file |
| 337 | loads a certificate or key from disk into memory to be loaded with | 351 | loads a certificate or key from disk into memory to be loaded with |
| 338 | .Fn tls_config_set_ca_mem , | 352 | .Fn tls_config_set_ca_mem , |