Write SSL_renegotiate(3) manual from scratch; this function is listed

in ssl(3) and <openssl/ssl.h>, so it's clearly a public interface.

More could probably be said, the code looks somewhat mysterious to me,
but i think this stub is already better than nothing.

2 files changed, 58 insertions, 1 deletions

diff --git a/src/lib/libssl/man/Makefile b/src/lib/libssl/man/Makefile
index f6e38e2e14..f58f568de7 100644
--- a/src/lib/libssl/man/Makefile
+++ b/src/lib/libssl/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.49 2016/12/07 18:09:31 schwarze Exp $
+# $OpenBSD: Makefile,v 1.50 2016/12/07 20:11:55 schwarze Exp $
 
 .include <bsd.own.mk>
 
@@ -79,6 +79,7 @@ MAN =	BIO_f_ssl.3 \
         SSL_new.3 \
         SSL_pending.3 \
         SSL_read.3 \
+        SSL_renegotiate.3 \
         SSL_rstate_string.3 \
         SSL_session_reused.3 \
         SSL_set1_param.3 \
diff --git a/src/lib/libssl/man/SSL_renegotiate.3 b/src/lib/libssl/man/SSL_renegotiate.3
new file mode 100644
index 0000000000..c07a1e2c2a
--- /dev/null
+++ b/src/lib/libssl/man/SSL_renegotiate.3
@@ -0,0 +1,56 @@
+.\"     $OpenBSD: SSL_renegotiate.3,v 1.1 2016/12/07 20:11:55 schwarze Exp $
+.\"
+.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: December 7 2016 $
+.Dt SSL_RENEGOTIATE 3
+.Os
+.Sh NAME
+.Nm SSL_renegotiate
+.Nd request a new session
+.Sh SYNOPSIS
+.In openssl/ssl.h
+.Ft int
+.Fo SSL_renegotiate
+.Fa "SSL *ssl"
+.Fc
+.Sh DESCRIPTION
+.Fn SSL_renegotiate
+manually instructs
+.Fa ssl
+to renegotiate and generate a new session.
+.Pp
+This function is automatically called by
+.Xr SSL_read 3
+and
+.Xr SSL_write 3
+whenever the renegotiation byte count set by
+.Xr BIO_set_ssl_renegotiate_bytes 3
+or the timeout set by 
+.Xr BIO_set_ssl_renegotiate_timeout 3
+are exceeded.
+.Sh RETURN VALUES
+.Fn SSL_renegotiate
+always returns 1 unless the protocol-specific flag
+.Dv SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
+is set, in which case it may return 0.
+The API provides no function to set that flag;
+it can only be set by manipulating internal data structures.
+.Sh SEE ALSO
+.Xr SSL_read 3 ,
+.Xr SSL_write 3
+.Sh HISTORY
+.Fn SSL_renegotiate
+is available in all versions of OpenSSL.