document client side certificate verification functionality.

ok jsing@
author: beck <> 2015-09-10 15:47:25 +0000
committer: beck <> 2015-09-10 15:47:25 +0000
commit: e1b77a3f14ebb06ead650e78b43ddd6546237b0a (patch)
tree: facb809e6f6d6d64a8e4365e869a58377b661977
parent: f2bd802aea0d7a8b444b8a973324924233c4df02 (diff)
download: openbsd-e1b77a3f14ebb06ead650e78b43ddd6546237b0a.tar.gz
openbsd-e1b77a3f14ebb06ead650e78b43ddd6546237b0a.tar.bz2
openbsd-e1b77a3f14ebb06ead650e78b43ddd6546237b0a.zip
2 files changed, 19 insertions, 3 deletions
diff --git a/src/lib/libtls/Makefile b/src/lib/libtls/Makefile
index 6b9270b50a..fa6279dcb1 100644
--- a/src/lib/libtls/Makefile
+++ b/src/lib/libtls/Makefile
@@ -1,4 +1,4 @@
-#       $OpenBSD: Makefile,v 1.12 2015/09/10 14:19:01 jmc Exp $
+#       $OpenBSD: Makefile,v 1.13 2015/09/10 15:47:25 beck Exp $
 CFLAGS+= -Wall -Werror -Wimplicit
 CFLAGS+= -DLIBRESSL_INTERNAL
@@ -42,6 +42,8 @@ MLINKS+=tls_init.3 tls_config_clear_keys.3
 MLINKS+=tls_init.3 tls_config_insecure_noverifycert.3
 MLINKS+=tls_init.3 tls_config_insecure_noverifyname.3
 MLINKS+=tls_init.3 tls_config_verify.3
+MLINKS+=tls_init.3 tls_config_verify_client.3
+MLINKS+=tls_init.3 tls_config_verify_client_optional.3
 MLINKS+=tls_init.3 tls_load_file.3
 MLINKS+=tls_init.3 tls_client.3
 MLINKS+=tls_init.3 tls_server.3
diff --git a/src/lib/libtls/tls_init.3 b/src/lib/libtls/tls_init.3
index 62f52e4331..01c931bb41 100644
--- a/src/lib/libtls/tls_init.3
+++ b/src/lib/libtls/tls_init.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: tls_init.3,v 1.33 2015/09/10 14:57:29 beck Exp $
+.\" $OpenBSD: tls_init.3,v 1.34 2015/09/10 15:47:25 beck Exp $
 .\"
 .\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
 .\"
@@ -106,6 +106,10 @@
 .Fn tls_config_insecure_noverifyname "struct tls_config *config"
 .Ft "void"
 .Fn tls_config_verify "struct tls_config *config"
+.Ft "void"
+.Fn tls_config_verify_client "struct tls_config *config"
+.Ft "void"
+.Fn tls_config_verify_client_optional "struct tls_config *config"
 .Ft "uint8_t *"
 .Fn tls_load_file "const char *file" "size_t *len" "char *password"
 .Ft "struct tls *"
@@ -322,7 +326,7 @@ clears any secret keys from memory.
 .Fn tls_config_insecure_noverifycert
 disables certificate verification.
 Be extremely careful when using this option.
-.Em (Client)
+.Em (Client and server) 
 .It
 .Fn tls_config_insecure_noverifyname
 disables server name verification.
@@ -333,6 +337,16 @@ Be careful when using this option.
 reenables server name and certificate verification.
 .Em (Client)
 .It
+.Fn tls_config_verify_client
+enables client certificate verification, requiring the client to send
+a certificate.
+.Em (Server)
+.It
+.Fn tls_config_verify_client_opional
+enables client certificate verification, without requiring the client
+to send a certificate.
+.Em (Server)
+.It
 .Fn tls_load_file
 loads a certificate or key from disk into memory to be loaded with
 .Fn tls_config_set_ca_mem ,
author	beck <>	2015-09-10 15:47:25 +0000
committer	beck <>	2015-09-10 15:47:25 +0000
commit	e1b77a3f14ebb06ead650e78b43ddd6546237b0a (patch)
tree	facb809e6f6d6d64a8e4365e869a58377b661977
parent	f2bd802aea0d7a8b444b8a973324924233c4df02 (diff)
download	openbsd-e1b77a3f14ebb06ead650e78b43ddd6546237b0a.tar.gz openbsd-e1b77a3f14ebb06ead650e78b43ddd6546237b0a.tar.bz2 openbsd-e1b77a3f14ebb06ead650e78b43ddd6546237b0a.zip