diff options
| author | schwarze <> | 2017-03-28 18:19:53 +0000 |
|---|---|---|
| committer | schwarze <> | 2017-03-28 18:19:53 +0000 |
| commit | 042281ef2d25ebf7aad0cf50cc01a03e363f5604 (patch) | |
| tree | 6cf774fc13a11e18521b46fb47db605515415c8d | |
| parent | 06ce7cc7b17cedf5b49fc95e428b235b764aaa4e (diff) | |
| download | openbsd-042281ef2d25ebf7aad0cf50cc01a03e363f5604.tar.gz openbsd-042281ef2d25ebf7aad0cf50cc01a03e363f5604.tar.bz2 openbsd-042281ef2d25ebf7aad0cf50cc01a03e363f5604.zip | |
After i wrote SSL_renegotiate(3) from scratch, OpenSSL also
documented the function. Merge the more detailed descriptions
and the additional documentation of SSL_renegotiate_abbreviated(3)
and SSL_renegotiate_pending(3).
From Matt Caswell, OpenSSL commit 39820637.
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/man/SSL_renegotiate.3 | 121 |
1 files changed, 109 insertions, 12 deletions
diff --git a/src/lib/libssl/man/SSL_renegotiate.3 b/src/lib/libssl/man/SSL_renegotiate.3 index f5b59bae95..586425683c 100644 --- a/src/lib/libssl/man/SSL_renegotiate.3 +++ b/src/lib/libssl/man/SSL_renegotiate.3 | |||
| @@ -1,6 +1,10 @@ | |||
| 1 | .\" $OpenBSD: SSL_renegotiate.3,v 1.2 2016/12/10 13:54:32 schwarze Exp $ | 1 | .\" $OpenBSD: SSL_renegotiate.3,v 1.3 2017/03/28 18:19:53 schwarze Exp $ |
| 2 | .\" OpenSSL SSL_key_update.pod 4fbfe86a Feb 16 17:04:40 2017 +0000 | ||
| 2 | .\" | 3 | .\" |
| 3 | .\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org> | 4 | .\" This file is a derived work. |
| 5 | .\" Some parts are covered by the following Copyright and license: | ||
| 6 | .\" | ||
| 7 | .\" Copyright (c) 2016, 2017 Ingo Schwarze <schwarze@openbsd.org> | ||
| 4 | .\" | 8 | .\" |
| 5 | .\" Permission to use, copy, modify, and distribute this software for any | 9 | .\" Permission to use, copy, modify, and distribute this software for any |
| 6 | .\" purpose with or without fee is hereby granted, provided that the above | 10 | .\" purpose with or without fee is hereby granted, provided that the above |
| @@ -14,23 +18,85 @@ | |||
| 14 | .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | 18 | .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
| 15 | .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | 19 | .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
| 16 | .\" | 20 | .\" |
| 17 | .Dd $Mdocdate: December 10 2016 $ | 21 | .\" Other parts were written by Matt Caswell <matt@openssl.org>. |
| 22 | .\" Copyright (c) 2017 The OpenSSL Project. All rights reserved. | ||
| 23 | .\" | ||
| 24 | .\" Redistribution and use in source and binary forms, with or without | ||
| 25 | .\" modification, are permitted provided that the following conditions | ||
| 26 | .\" are met: | ||
| 27 | .\" | ||
| 28 | .\" 1. Redistributions of source code must retain the above copyright | ||
| 29 | .\" notice, this list of conditions and the following disclaimer. | ||
| 30 | .\" | ||
| 31 | .\" 2. Redistributions in binary form must reproduce the above copyright | ||
| 32 | .\" notice, this list of conditions and the following disclaimer in | ||
| 33 | .\" the documentation and/or other materials provided with the | ||
| 34 | .\" distribution. | ||
| 35 | .\" | ||
| 36 | .\" 3. All advertising materials mentioning features or use of this | ||
| 37 | .\" software must display the following acknowledgment: | ||
| 38 | .\" "This product includes software developed by the OpenSSL Project | ||
| 39 | .\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 40 | .\" | ||
| 41 | .\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 42 | .\" endorse or promote products derived from this software without | ||
| 43 | .\" prior written permission. For written permission, please contact | ||
| 44 | .\" openssl-core@openssl.org. | ||
| 45 | .\" | ||
| 46 | .\" 5. Products derived from this software may not be called "OpenSSL" | ||
| 47 | .\" nor may "OpenSSL" appear in their names without prior written | ||
| 48 | .\" permission of the OpenSSL Project. | ||
| 49 | .\" | ||
| 50 | .\" 6. Redistributions of any form whatsoever must retain the following | ||
| 51 | .\" acknowledgment: | ||
| 52 | .\" "This product includes software developed by the OpenSSL Project | ||
| 53 | .\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 54 | .\" | ||
| 55 | .\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 56 | .\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 57 | .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 58 | .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 59 | .\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 60 | .\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 61 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 62 | .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 63 | .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 64 | .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 65 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 66 | .\" OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 67 | .\" | ||
| 68 | .Dd $Mdocdate: March 28 2017 $ | ||
| 18 | .Dt SSL_RENEGOTIATE 3 | 69 | .Dt SSL_RENEGOTIATE 3 |
| 19 | .Os | 70 | .Os |
| 20 | .Sh NAME | 71 | .Sh NAME |
| 21 | .Nm SSL_renegotiate | 72 | .Nm SSL_renegotiate |
| 22 | .Nd request a new session | 73 | .Nd initiate a new TLS handshake |
| 23 | .Sh SYNOPSIS | 74 | .Sh SYNOPSIS |
| 24 | .In openssl/ssl.h | 75 | .In openssl/ssl.h |
| 25 | .Ft int | 76 | .Ft int |
| 26 | .Fo SSL_renegotiate | 77 | .Fo SSL_renegotiate |
| 27 | .Fa "SSL *ssl" | 78 | .Fa "SSL *ssl" |
| 28 | .Fc | 79 | .Fc |
| 80 | .Ft int | ||
| 81 | .Fo SSL_renegotiate_abbreviated | ||
| 82 | .Fa "SSL *ssl" | ||
| 83 | .Fc | ||
| 84 | .Ft int | ||
| 85 | .Fo SSL_renegotiate_pending | ||
| 86 | .Fa "SSL *ssl" | ||
| 87 | .Fc | ||
| 29 | .Sh DESCRIPTION | 88 | .Sh DESCRIPTION |
| 89 | When called from the client side, | ||
| 30 | .Fn SSL_renegotiate | 90 | .Fn SSL_renegotiate |
| 31 | manually instructs | 91 | schedules a completely new handshake over an existing TLS connection. |
| 32 | .Fa ssl | 92 | The next time an I/O operation such as |
| 33 | to renegotiate and generate a new session. | 93 | .Fn SSL_read |
| 94 | or | ||
| 95 | .Fn SSL_write | ||
| 96 | takes place on the connection, a check is performed to confirm | ||
| 97 | that it is a suitable time to start a renegotiation. | ||
| 98 | If so, a new handshake is initiated immediately. | ||
| 99 | An existing session associated with the connection is not resumed. | ||
| 34 | .Pp | 100 | .Pp |
| 35 | This function is automatically called by | 101 | This function is automatically called by |
| 36 | .Xr SSL_read 3 | 102 | .Xr SSL_read 3 |
| @@ -41,14 +107,45 @@ whenever the renegotiation byte count set by | |||
| 41 | or the timeout set by | 107 | or the timeout set by |
| 42 | .Xr BIO_set_ssl_renegotiate_timeout 3 | 108 | .Xr BIO_set_ssl_renegotiate_timeout 3 |
| 43 | are exceeded. | 109 | are exceeded. |
| 110 | .Pp | ||
| 111 | When called from the client side, | ||
| 112 | .Fn SSL_renegotiate_abbreviated | ||
| 113 | is similar to | ||
| 114 | .Fn SSL_renegotiate | ||
| 115 | except that resuming the session associated with the current | ||
| 116 | connection is attempted in the new handshake. | ||
| 117 | .Pp | ||
| 118 | When called from the server side, | ||
| 119 | .Fn SSL_renegotiate | ||
| 120 | and | ||
| 121 | .Fn SSL_renegotiate_abbreviated | ||
| 122 | behave identically. | ||
| 123 | They both schedule a request for a new handshake to be sent to the client. | ||
| 124 | The next time an I/O operation is performed, the same checks as on | ||
| 125 | the client side are performed and then, if appropriate, the request | ||
| 126 | is sent. | ||
| 127 | The client may or may not respond with a new handshake and it may | ||
| 128 | or may not attempt to resume an existing session. | ||
| 129 | If a new handshake is started, it is handled transparently during | ||
| 130 | any I/O function. | ||
| 131 | .Pp | ||
| 132 | If a LibreSSL client receives a renegotiation request from a server, | ||
| 133 | it is also handled transparently during any I/O function. | ||
| 134 | The client attempts to resume the current session in the new | ||
| 135 | handshake. | ||
| 136 | For historical reasons, DTLS clients do not attempt to resume | ||
| 137 | the session in the new handshake. | ||
| 44 | .Sh RETURN VALUES | 138 | .Sh RETURN VALUES |
| 45 | .Fn SSL_renegotiate | 139 | .Fn SSL_renegotiate |
| 46 | always returns 1 unless the protocol-specific flag | 140 | and |
| 47 | .Dv SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS | 141 | .Fn SSL_renegotiate_abbreviated |
| 48 | is set, in which case it may return 0. | 142 | return 1 on success or 0 on error. |
| 49 | The API provides no function to set that flag; | 143 | .Pp |
| 50 | it can only be set by manipulating internal data structures. | 144 | .Fn SSL_renegotiate_pending |
| 145 | returns 1 if a renegotiation or renegotiation request has been | ||
| 146 | scheduled but not yet acted on, or 0 otherwise. | ||
| 51 | .Sh SEE ALSO | 147 | .Sh SEE ALSO |
| 148 | .Xr SSL_do_handshake 3 , | ||
| 52 | .Xr SSL_num_renegotiations 3 , | 149 | .Xr SSL_num_renegotiations 3 , |
| 53 | .Xr SSL_read 3 , | 150 | .Xr SSL_read 3 , |
| 54 | .Xr SSL_write 3 | 151 | .Xr SSL_write 3 |