Change the return value of tls_config_set_protocols() and

tls_config_set_verify_depth() from void to int. This makes them consistent
with all other tls_config_set_* functions and will allow for call time
validation to be implemented.

Rides libtls major bump.

ok beck@

3 files changed, 18 insertions, 12 deletions

diff --git a/src/lib/libtls/tls.h b/src/lib/libtls/tls.h
index 2f8c721a15..edf7343f2f 100644
--- a/src/lib/libtls/tls.h
+++ b/src/lib/libtls/tls.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls.h,v 1.41 2016/11/05 15:13:26 beck Exp $ */
+/* $OpenBSD: tls.h,v 1.42 2016/11/11 14:02:24 jsing Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -108,8 +108,8 @@ int tls_config_set_keypair_mem(struct tls_config *_config, const uint8_t *_cert,
     size_t _cert_len, const uint8_t *_key, size_t _key_len);
 int tls_config_set_ocsp_staple_mem(struct tls_config *_config, char *_staple, size_t _len);
 int tls_config_set_ocsp_staple_file(struct tls_config *_config, const char *_staple_file);
-void tls_config_set_protocols(struct tls_config *_config, uint32_t _protocols);
-void tls_config_set_verify_depth(struct tls_config *_config, int _verify_depth);
+int tls_config_set_protocols(struct tls_config *_config, uint32_t _protocols);
+int tls_config_set_verify_depth(struct tls_config *_config, int _verify_depth);
 
 void tls_config_prefer_ciphers_client(struct tls_config *_config);
 void tls_config_prefer_ciphers_server(struct tls_config *_config);
diff --git a/src/lib/libtls/tls_config.c b/src/lib/libtls/tls_config.c
index 3ac674e597..5bc671fc99 100644
--- a/src/lib/libtls/tls_config.c
+++ b/src/lib/libtls/tls_config.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_config.c,v 1.32 2016/11/05 15:13:26 beck Exp $ */
+/* $OpenBSD: tls_config.c,v 1.33 2016/11/11 14:02:24 jsing Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -194,8 +194,10 @@ tls_config_new(void)
         if (tls_config_set_ciphers(config, "secure") != 0)
                 goto err;
 
-        tls_config_set_protocols(config, TLS_PROTOCOLS_DEFAULT);
-        tls_config_set_verify_depth(config, 6);
+        if (tls_config_set_protocols(config, TLS_PROTOCOLS_DEFAULT) != 0)
+                goto err;
+        if (tls_config_set_verify_depth(config, 6) != 0)
+                goto err;
 
         tls_config_prefer_ciphers_server(config);
 
@@ -575,16 +577,20 @@ tls_config_set_keypair_mem(struct tls_config *config, const uint8_t *cert,
         return (0);
 }
 
-void
+int
 tls_config_set_protocols(struct tls_config *config, uint32_t protocols)
 {
         config->protocols = protocols;
+
+        return (0);
 }
 
-void
+int
 tls_config_set_verify_depth(struct tls_config *config, int verify_depth)
 {
         config->verify_depth = verify_depth;
+
+        return (0);
 }
 
 void
diff --git a/src/lib/libtls/tls_init.3 b/src/lib/libtls/tls_init.3
index dd167faa54..4e8c4a6627 100644
--- a/src/lib/libtls/tls_init.3
+++ b/src/lib/libtls/tls_init.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: tls_init.3,v 1.80 2016/11/05 18:30:02 bcook Exp $
+.\" $OpenBSD: tls_init.3,v 1.81 2016/11/11 14:02:24 jsing Exp $
 .\"
 .\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: November 5 2016 $
+.Dd $Mdocdate: November 11 2016 $
 .Dt TLS_INIT 3
 .Os
 .Sh NAME
@@ -140,9 +140,9 @@
 .Fn tls_config_set_ocsp_staple_mem "struct tls_config *config" "const char *staple" "size_t len"
 .Ft "int"
 .Fn tls_config_set_ocsp_staple_file "struct tls_config *config" "const char *staple_file"
-.Ft "void"
+.Ft "int"
 .Fn tls_config_set_protocols "struct tls_config *config" "uint32_t protocols"
-.Ft "void"
+.Ft "int"
 .Fn tls_config_set_verify_depth "struct tls_config *config" "int verify_depth"
 .Ft "void"
 .Fn tls_config_prefer_ciphers_client "struct tls_config *config"