Comment out SSL_get0_peername(3) for the OpenBSD 6.8 release

because tb@ decided to not enable it before the release. OK tb@
author: schwarze <> 2020-09-22 16:31:37 +0000
committer: schwarze <> 2020-09-22 16:31:37 +0000
commit: 55b453e738ce161fd2fc7e9c03c42366d9f70723 (patch)
tree: 41d5388e48bc2ef2498d9dc6c5f63ac3177cad69
parent: dd00a0340e1416c314e2c7eebe339ed2259861c4 (diff)
download: openbsd-55b453e738ce161fd2fc7e9c03c42366d9f70723.tar.gz
openbsd-55b453e738ce161fd2fc7e9c03c42366d9f70723.tar.bz2
openbsd-55b453e738ce161fd2fc7e9c03c42366d9f70723.zip
1 files changed, 18 insertions, 4 deletions
diff --git a/src/lib/libssl/man/SSL_set1_host.3 b/src/lib/libssl/man/SSL_set1_host.3
index 29623498f5..bc54e30161 100644
--- a/src/lib/libssl/man/SSL_set1_host.3
+++ b/src/lib/libssl/man/SSL_set1_host.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: SSL_set1_host.3,v 1.1 2020/09/17 07:56:38 schwarze Exp $
+.\" $OpenBSD: SSL_set1_host.3,v 1.2 2020/09/22 16:31:37 schwarze Exp $
 .\" selective merge up to: OpenSSL 6328d367 Jul 4 21:58:30 2020 +0200
 .\"
 .\" This file was written by Viktor Dukhovni <viktor@openssl.org>
@@ -48,12 +48,14 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: September 17 2020 $
+.Dd $Mdocdate: September 22 2020 $
 .Dt SSL_SET1_HOST 3
 .Os
 .Sh NAME
-.Nm SSL_set1_host ,
+.Nm SSL_set1_host
+.ig  \" won't make Ox 6.8 but will appear in 6.9
 .Nm SSL_get0_peername
+..
 .Nd SSL server verification parameters
 .Sh SYNOPSIS
 .In openssl/ssl.h
@@ -62,10 +64,12 @@
 .Fa "SSL *ssl"
 .Fa "const char *hostname"
 .Fc
+.ig
 .Ft const char *
 .Fo SSL_get0_peername
 .Fa "SSL *ssl"
 .Fc
+..
 .Sh DESCRIPTION
 .Fn SSL_set1_host
 configures a server hostname check in the
@@ -87,6 +91,7 @@ with
 .Fa flags
 set to 0.
 .Pp
+.ig
 .Fn SSL_get0_peername
 returns the DNS hostname or subject CommonName from the peer certificate
 that matched one of the reference identifiers.
@@ -104,11 +109,14 @@ object is cleared or freed, or if a renegotiation takes place.
 Applications must not free the return value.
 .Pp
 SSL clients are advised to use these functions in preference to
+..
+SSL clients are advised to use this function in preference to
 explicitly calling
 .Xr X509_check_host 3 .
 .Sh RETURN VALUES
 .Fn SSL_set1_host
 returns 1 for success or 0 for failure.
+.ig
 .Pp
 .Fn SSL_get0_peername
 returns the matched peername or
@@ -137,6 +145,7 @@ if (SSL_get_verify_result(ssl) == X509_V_OK) {
                /* Name checks were in scope and matched the peername */
 }
 .Ed
+..
 .Sh SEE ALSO
 .Xr ssl 3 ,
 .Xr SSL_CTX_set_verify 3 ,
@@ -145,6 +154,10 @@ if (SSL_get_verify_result(ssl) == X509_V_OK) {
 .Xr X509_check_host 3 ,
 .Xr X509_VERIFY_PARAM_set1_host 3
 .Sh HISTORY
+This function first appeared in OpenSSL 1.1.0
+and has been available since
+.Ox 6.5 .
+.ig
 Both functions first appeared in OpenSSL 1.1.0.
 .Fn SSL_set1_host
 has been available since
@@ -152,4 +165,5 @@ has been available since
 and
 .Fn SSL_get0_peername
 since
-.Ox 6.8 .
+.Ox 6.9 .
+..
author	schwarze <>	2020-09-22 16:31:37 +0000
committer	schwarze <>	2020-09-22 16:31:37 +0000
commit	55b453e738ce161fd2fc7e9c03c42366d9f70723 (patch)
tree	41d5388e48bc2ef2498d9dc6c5f63ac3177cad69
parent	dd00a0340e1416c314e2c7eebe339ed2259861c4 (diff)
download	openbsd-55b453e738ce161fd2fc7e9c03c42366d9f70723.tar.gz openbsd-55b453e738ce161fd2fc7e9c03c42366d9f70723.tar.bz2 openbsd-55b453e738ce161fd2fc7e9c03c42366d9f70723.zip

diff --git a/src/lib/libssl/man/SSL_set1_host.3 b/src/lib/libssl/man/SSL_set1_host.3 index 29623498f5..bc54e30161 100644 --- a/src/lib/libssl/man/SSL_set1_host.3 +++ b/src/lib/libssl/man/SSL_set1_host.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: SSL_set1_host.3,v 1.1 2020/09/17 07:56:38 schwarze Exp $	1	.\" $OpenBSD: SSL_set1_host.3,v 1.2 2020/09/22 16:31:37 schwarze Exp $
2	.\" selective merge up to: OpenSSL 6328d367 Jul 4 21:58:30 2020 +0200	2	.\" selective merge up to: OpenSSL 6328d367 Jul 4 21:58:30 2020 +0200
3	.\"	3	.\"
4	.\" This file was written by Viktor Dukhovni <viktor@openssl.org>	4	.\" This file was written by Viktor Dukhovni <viktor@openssl.org>
@@ -48,12 +48,14 @@
48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
50	.\"	50	.\"
51	.Dd $Mdocdate: September 17 2020 $	51	.Dd $Mdocdate: September 22 2020 $
52	.Dt SSL_SET1_HOST 3	52	.Dt SSL_SET1_HOST 3
53	.Os	53	.Os
54	.Sh NAME	54	.Sh NAME
55	.Nm SSL_set1_host ,	55	.Nm SSL_set1_host
		56	.ig \" won't make Ox 6.8 but will appear in 6.9
56	.Nm SSL_get0_peername	57	.Nm SSL_get0_peername
		58	..
57	.Nd SSL server verification parameters	59	.Nd SSL server verification parameters
58	.Sh SYNOPSIS	60	.Sh SYNOPSIS
59	.In openssl/ssl.h	61	.In openssl/ssl.h
@@ -62,10 +64,12 @@
62	.Fa "SSL *ssl"	64	.Fa "SSL *ssl"
63	.Fa "const char *hostname"	65	.Fa "const char *hostname"
64	.Fc	66	.Fc
		67	.ig
65	.Ft const char *	68	.Ft const char *
66	.Fo SSL_get0_peername	69	.Fo SSL_get0_peername
67	.Fa "SSL *ssl"	70	.Fa "SSL *ssl"
68	.Fc	71	.Fc
		72	..
69	.Sh DESCRIPTION	73	.Sh DESCRIPTION
70	.Fn SSL_set1_host	74	.Fn SSL_set1_host
71	configures a server hostname check in the	75	configures a server hostname check in the
@@ -87,6 +91,7 @@ with
87	.Fa flags	91	.Fa flags
88	set to 0.	92	set to 0.
89	.Pp	93	.Pp
		94	.ig
90	.Fn SSL_get0_peername	95	.Fn SSL_get0_peername
91	returns the DNS hostname or subject CommonName from the peer certificate	96	returns the DNS hostname or subject CommonName from the peer certificate
92	that matched one of the reference identifiers.	97	that matched one of the reference identifiers.
@@ -104,11 +109,14 @@ object is cleared or freed, or if a renegotiation takes place.
104	Applications must not free the return value.	109	Applications must not free the return value.
105	.Pp	110	.Pp
106	SSL clients are advised to use these functions in preference to	111	SSL clients are advised to use these functions in preference to
		112	..
		113	SSL clients are advised to use this function in preference to
107	explicitly calling	114	explicitly calling
108	.Xr X509_check_host 3 .	115	.Xr X509_check_host 3 .
109	.Sh RETURN VALUES	116	.Sh RETURN VALUES
110	.Fn SSL_set1_host	117	.Fn SSL_set1_host
111	returns 1 for success or 0 for failure.	118	returns 1 for success or 0 for failure.
		119	.ig
112	.Pp	120	.Pp
113	.Fn SSL_get0_peername	121	.Fn SSL_get0_peername
114	returns the matched peername or	122	returns the matched peername or
@@ -137,6 +145,7 @@ if (SSL_get_verify_result(ssl) == X509_V_OK) {
137	/* Name checks were in scope and matched the peername */	145	/* Name checks were in scope and matched the peername */
138	}	146	}
139	.Ed	147	.Ed
		148	..
140	.Sh SEE ALSO	149	.Sh SEE ALSO
141	.Xr ssl 3 ,	150	.Xr ssl 3 ,
142	.Xr SSL_CTX_set_verify 3 ,	151	.Xr SSL_CTX_set_verify 3 ,
@@ -145,6 +154,10 @@ if (SSL_get_verify_result(ssl) == X509_V_OK) {
145	.Xr X509_check_host 3 ,	154	.Xr X509_check_host 3 ,
146	.Xr X509_VERIFY_PARAM_set1_host 3	155	.Xr X509_VERIFY_PARAM_set1_host 3
147	.Sh HISTORY	156	.Sh HISTORY
		157	This function first appeared in OpenSSL 1.1.0
		158	and has been available since
		159	.Ox 6.5 .
		160	.ig
148	Both functions first appeared in OpenSSL 1.1.0.	161	Both functions first appeared in OpenSSL 1.1.0.
149	.Fn SSL_set1_host	162	.Fn SSL_set1_host
150	has been available since	163	has been available since
@@ -152,4 +165,5 @@ has been available since
152	and	165	and
153	.Fn SSL_get0_peername	166	.Fn SSL_get0_peername
154	since	167	since
155	.Ox 6.8 .	168	.Ox 6.9 .
		169	..