diff options
| author | reyk <> | 2015-02-07 23:45:06 +0000 |
|---|---|---|
| committer | reyk <> | 2015-02-07 23:45:06 +0000 |
| commit | 677c623665ddbedb424360e3793fce4bb7032cd5 (patch) | |
| tree | 374b49112d1a8b09bdf33d63100688e5a3026400 | |
| parent | 66c5af83b4df3fc9df8b20fbc3eb60a6696e84f3 (diff) | |
| download | openbsd-677c623665ddbedb424360e3793fce4bb7032cd5.tar.gz openbsd-677c623665ddbedb424360e3793fce4bb7032cd5.tar.bz2 openbsd-677c623665ddbedb424360e3793fce4bb7032cd5.zip | |
Add manpage bits for tls_load_file() and tls_accept_socket().
The tls_accept_socket() has been previously removed because the API is
not fixed yet; but it is also already used by httpd(8) and spamd(8) so
it is time to add it again and eventually change it later.
OK tedu@
| -rw-r--r-- | src/lib/libtls/Makefile | 4 | ||||
| -rw-r--r-- | src/lib/libtls/tls_init.3 | 26 |
2 files changed, 28 insertions, 2 deletions
diff --git a/src/lib/libtls/Makefile b/src/lib/libtls/Makefile index bf7de202ff..4ae970d093 100644 --- a/src/lib/libtls/Makefile +++ b/src/lib/libtls/Makefile | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.3 2015/02/07 06:19:26 jsing Exp $ | 1 | # $OpenBSD: Makefile,v 1.4 2015/02/07 23:45:06 reyk Exp $ |
| 2 | 2 | ||
| 3 | CFLAGS+= -Wall -Werror -Wimplicit | 3 | CFLAGS+= -Wall -Werror -Wimplicit |
| 4 | CFLAGS+= -DLIBRESSL_INTERNAL | 4 | CFLAGS+= -DLIBRESSL_INTERNAL |
| @@ -36,6 +36,7 @@ MLINKS+=tls_init.3 tls_config_clear_keys.3 | |||
| 36 | MLINKS+=tls_init.3 tls_config_insecure_noverifyhost.3 | 36 | MLINKS+=tls_init.3 tls_config_insecure_noverifyhost.3 |
| 37 | MLINKS+=tls_init.3 tls_config_insecure_noverifycert.3 | 37 | MLINKS+=tls_init.3 tls_config_insecure_noverifycert.3 |
| 38 | MLINKS+=tls_init.3 tls_config_verify.3 | 38 | MLINKS+=tls_init.3 tls_config_verify.3 |
| 39 | MLINKS+=tls_init.3 tls_load_file.3 | ||
| 39 | MLINKS+=tls_init.3 tls_client.3 | 40 | MLINKS+=tls_init.3 tls_client.3 |
| 40 | MLINKS+=tls_init.3 tls_server.3 | 41 | MLINKS+=tls_init.3 tls_server.3 |
| 41 | MLINKS+=tls_init.3 tls_configure.3 | 42 | MLINKS+=tls_init.3 tls_configure.3 |
| @@ -45,6 +46,7 @@ MLINKS+=tls_init.3 tls_free.3 | |||
| 45 | MLINKS+=tls_init.3 tls_close.3 | 46 | MLINKS+=tls_init.3 tls_close.3 |
| 46 | MLINKS+=tls_init.3 tls_connect.3 | 47 | MLINKS+=tls_init.3 tls_connect.3 |
| 47 | MLINKS+=tls_init.3 tls_connect_socket.3 | 48 | MLINKS+=tls_init.3 tls_connect_socket.3 |
| 49 | MLINKS+=tls_init.3 tls_accept_socket.3 | ||
| 48 | MLINKS+=tls_init.3 tls_read.3 | 50 | MLINKS+=tls_init.3 tls_read.3 |
| 49 | MLINKS+=tls_init.3 tls_write.3 | 51 | MLINKS+=tls_init.3 tls_write.3 |
| 50 | 52 | ||
diff --git a/src/lib/libtls/tls_init.3 b/src/lib/libtls/tls_init.3 index 48974cb326..73234a427d 100644 --- a/src/lib/libtls/tls_init.3 +++ b/src/lib/libtls/tls_init.3 | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | .\" $OpenBSD: tls_init.3,v 1.9 2015/02/07 06:19:26 jsing Exp $ | 1 | .\" $OpenBSD: tls_init.3,v 1.10 2015/02/07 23:45:06 reyk Exp $ |
| 2 | .\" | 2 | .\" |
| 3 | .\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org> | 3 | .\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org> |
| 4 | .\" | 4 | .\" |
| @@ -38,6 +38,7 @@ | |||
| 38 | .Nm tls_config_insecure_noverifyhost , | 38 | .Nm tls_config_insecure_noverifyhost , |
| 39 | .Nm tls_config_insecure_noverifycert , | 39 | .Nm tls_config_insecure_noverifycert , |
| 40 | .Nm tls_config_verify , | 40 | .Nm tls_config_verify , |
| 41 | .Nm tls_load_file , | ||
| 41 | .Nm tls_client , | 42 | .Nm tls_client , |
| 42 | .Nm tls_server , | 43 | .Nm tls_server , |
| 43 | .Nm tls_configure , | 44 | .Nm tls_configure , |
| @@ -47,6 +48,7 @@ | |||
| 47 | .Nm tls_connect , | 48 | .Nm tls_connect , |
| 48 | .Nm tls_connect_fds , | 49 | .Nm tls_connect_fds , |
| 49 | .Nm tls_connect_socket , | 50 | .Nm tls_connect_socket , |
| 51 | .Nm tls_accept_socket , | ||
| 50 | .Nm tls_read , | 52 | .Nm tls_read , |
| 51 | .Nm tls_write | 53 | .Nm tls_write |
| 52 | .Nd TLS client and server API | 54 | .Nd TLS client and server API |
| @@ -92,6 +94,8 @@ | |||
| 92 | .Fn tls_config_insecure_noverifycert "struct tls_config *config" | 94 | .Fn tls_config_insecure_noverifycert "struct tls_config *config" |
| 93 | .Ft "void" | 95 | .Ft "void" |
| 94 | .Fn tls_config_verify "struct tls_config *config" | 96 | .Fn tls_config_verify "struct tls_config *config" |
| 97 | .Ft "uint8_t *" | ||
| 98 | .Fn tls_load_file "const char *file" "size_t *len" "char *password" | ||
| 95 | .Ft "struct tls *" | 99 | .Ft "struct tls *" |
| 96 | .Fn tls_client void | 100 | .Fn tls_client void |
| 97 | .Ft "struct tls *" | 101 | .Ft "struct tls *" |
| @@ -111,6 +115,8 @@ | |||
| 111 | .Ft "int" | 115 | .Ft "int" |
| 112 | .Fn tls_connect_socket "struct tls *ctx" "int s" "const char *hostname" | 116 | .Fn tls_connect_socket "struct tls *ctx" "int s" "const char *hostname" |
| 113 | .Ft "int" | 117 | .Ft "int" |
| 118 | .Fn tls_accept_socket "struct tls *tls" "struct tls **cctx" "int socket" | ||
| 119 | .Ft "int" | ||
| 114 | .Fn tls_read "struct tls *ctx" "void *buf" "size_t buflen" "size_t *outlen" | 120 | .Fn tls_read "struct tls *ctx" "void *buf" "size_t buflen" "size_t *outlen" |
| 115 | .Ft "int" | 121 | .Ft "int" |
| 116 | .Fn tls_write "struct tls *ctx" "const void *buf" "size_t buflen" "size_t *outlen" | 122 | .Fn tls_write "struct tls *ctx" "const void *buf" "size_t buflen" "size_t *outlen" |
| @@ -159,6 +165,10 @@ Alternatively, a secure connection can be established over a pair of existing | |||
| 159 | file descriptors by calling | 165 | file descriptors by calling |
| 160 | .Fn tls_connect_fds . | 166 | .Fn tls_connect_fds . |
| 161 | .Pp | 167 | .Pp |
| 168 | A server can accept a new client connection by calling | ||
| 169 | .Fn tls_accept_socket | ||
| 170 | on an already established socket connection. | ||
| 171 | .Pp | ||
| 162 | Two functions are provided for input and output, | 172 | Two functions are provided for input and output, |
| 163 | .Fn tls_read | 173 | .Fn tls_read |
| 164 | and | 174 | and |
| @@ -262,6 +272,17 @@ Be extremely careful when using this option. | |||
| 262 | .Fn tls_config_verify | 272 | .Fn tls_config_verify |
| 263 | reenables hostname and certificate verification. | 273 | reenables hostname and certificate verification. |
| 264 | .Em (Client) | 274 | .Em (Client) |
| 275 | .It | ||
| 276 | .Fn tls_load_keys | ||
| 277 | loads a certificate or key from disk into memory to be loaded with | ||
| 278 | .Fn tls_config_set_ca_mem , | ||
| 279 | .Fn tls_config_set_cert_mem | ||
| 280 | or | ||
| 281 | .Fn tls_config_set_key_mem . | ||
| 282 | A private key will be decrypted if the optional | ||
| 283 | .Ar password | ||
| 284 | argument is specified. | ||
| 285 | .Em (Client and server) | ||
| 265 | .El | 286 | .El |
| 266 | .Pp | 287 | .Pp |
| 267 | The following functions create, prepare, and free a connection context. | 288 | The following functions create, prepare, and free a connection context. |
| @@ -306,6 +327,9 @@ connects a client context to a pair of existing file descriptors. | |||
| 306 | .Fn tls_connect_socket | 327 | .Fn tls_connect_socket |
| 307 | connects a client context to an already established socket connection. | 328 | connects a client context to an already established socket connection. |
| 308 | .It | 329 | .It |
| 330 | .Fn tls_accept_socket | ||
| 331 | accepts a client context on an already established socket connection. | ||
| 332 | .It | ||
| 309 | .Fn tls_read | 333 | .Fn tls_read |
| 310 | reads | 334 | reads |
| 311 | .Fa buflen | 335 | .Fa buflen |