Convert libssl manpages from pod to mdoc(7).

libcrypto has not been started yet. ok schwarze@ miod@
author: bentley <> 2014-10-12 09:33:04 +0000
committer: bentley <> 2014-10-12 09:33:04 +0000
commit: 78332233d01faa45e0bb0b1583d47cb5ad1ddc19 (patch)
tree: a5087bf8d016a6041c2b6822fbecfd8f6c5e70b1 /src/lib/libssl/doc/SSL_CTX_set_session_id_context.3
parent: 4e737c824fafe5f105e5f4849a9db2569b5d53d8 (diff)
download: openbsd-78332233d01faa45e0bb0b1583d47cb5ad1ddc19.tar.gz
openbsd-78332233d01faa45e0bb0b1583d47cb5ad1ddc19.tar.bz2
openbsd-78332233d01faa45e0bb0b1583d47cb5ad1ddc19.zip
1 files changed, 102 insertions, 0 deletions
diff --git a/src/lib/libssl/doc/SSL_CTX_set_session_id_context.3 b/src/lib/libssl/doc/SSL_CTX_set_session_id_context.3
new file mode 100644
index 0000000000..0411c687a4
--- /dev/null
+++ b/src/lib/libssl/doc/SSL_CTX_set_session_id_context.3
@@ -0,0 +1,102 @@
+.Dd $Mdocdate: October 12 2014 $
+.Dt SSL_CTX_SET_SESSION_ID_CONTEXT 3
+.Os
+.Sh NAME
+.Nm SSL_CTX_set_session_id_context ,
+.Nm SSL_set_session_id_context
+.Nd set context within which session can be reused (server side only)
+.Sh SYNOPSIS
+.In openssl/ssl.h
+.Ft int
+.Fo SSL_CTX_set_session_id_context
+.Fa "SSL_CTX *ctx"
+.Fa const unsigned char *sid_ctx"
+.Fa "unsigned int sid_ctx_len"
+.Fc
+.Ft int
+.Fo SSL_set_session_id_context
+.Fa "SSL *ssl"
+.Fa const unsigned char *sid_ctx"
+.Fa "unsigned int sid_ctx_len"
+.Fc
+.Sh DESCRIPTION
+.Fn SSL_CTX_set_session_id_context
+sets the context
+.Fa sid_ctx
+of length
+.Fa sid_ctx_len
+within which a session can be reused for the
+.Fa ctx
+object.
+.Pp
+.Fn SSL_set_session_id_context
+sets the context
+.Fa sid_ctx
+of length
+.Fa sid_ctx_len
+within which a session can be reused for the
+.Fa ssl
+object.
+.Sh NOTES
+Sessions are generated within a certain context.
+When exporting/importing sessions with
+.Xr i2d_SSL_SESSION 3
+and
+.Xr d2i_SSL_SESSION 3 ,
+it would be possible to re-import a session generated from another context
+(e.g., another application), which might lead to malfunctions.
+Therefore each application must set its own session id context
+.Fa sid_ctx
+which is used to distinguish the contexts and is stored in exported sessions.
+The
+.Fa sid_ctx
+can be any kind of binary data with a given length; it is therefore possible
+to use, for instance, the name of the application, the hostname, the service
+name...
+.Pp
+The session id context becomes part of the session.
+The session id context is set by the SSL/TLS server.
+The
+.Fn SSL_CTX_set_session_id_context
+and
+.Fn SSL_set_session_id_context
+functions are therefore only useful on the server side.
+.Pp
+OpenSSL clients will check the session id context returned by the server when
+reusing a session.
+.Pp
+The maximum length of the
+.Fa sid_ctx
+is limited to
+.Dv SSL_MAX_SSL_SESSION_ID_LENGTH .
+.Sh WARNINGS
+If the session id context is not set on an SSL/TLS server and client
+certificates are used, stored sessions will not be reused but a fatal error
+will be flagged and the handshake will fail.
+.Pp
+If a server returns a different session id context to an OpenSSL client
+when reusing a session, an error will be flagged and the handshake will
+fail.
+OpenSSL servers will always return the correct session id context,
+as an OpenSSL server checks the session id context itself before reusing
+a session as described above.
+.Sh RETURN VALUES
+.Fn SSL_CTX_set_session_id_context
+and
+.Fn SSL_set_session_id_context
+return the following values:
+.Bl -tag -width Ds
+.It 0
+The length
+.Fa sid_ctx_len
+of the session id context
+.Fa sid_ctx
+exceeded
+the maximum allowed length of
+.Dv SSL_MAX_SSL_SESSION_ID_LENGTH .
+The error is logged to the error stack.
+.It 1
+The operation succeeded.
+.El
+.Sh SEE ALSO
+.Xr ssl 3
author	bentley <>	2014-10-12 09:33:04 +0000
committer	bentley <>	2014-10-12 09:33:04 +0000
commit	78332233d01faa45e0bb0b1583d47cb5ad1ddc19 (patch)
tree	a5087bf8d016a6041c2b6822fbecfd8f6c5e70b1 /src/lib/libssl/doc/SSL_CTX_set_session_id_context.3
parent	4e737c824fafe5f105e5f4849a9db2569b5d53d8 (diff)
download	openbsd-78332233d01faa45e0bb0b1583d47cb5ad1ddc19.tar.gz openbsd-78332233d01faa45e0bb0b1583d47cb5ad1ddc19.tar.bz2 openbsd-78332233d01faa45e0bb0b1583d47cb5ad1ddc19.zip

diff --git a/src/lib/libssl/doc/SSL_CTX_set_session_id_context.3 b/src/lib/libssl/doc/SSL_CTX_set_session_id_context.3 new file mode 100644 index 0000000000..0411c687a4 --- /dev/null +++ b/src/lib/libssl/doc/SSL_CTX_set_session_id_context.3
@@ -0,0 +1,102 @@
	1	.Dd $Mdocdate: October 12 2014 $
	2	.Dt SSL_CTX_SET_SESSION_ID_CONTEXT 3
	3	.Os
	4	.Sh NAME
	5	.Nm SSL_CTX_set_session_id_context ,
	6	.Nm SSL_set_session_id_context
	7	.Nd set context within which session can be reused (server side only)
	8	.Sh SYNOPSIS
	9	.In openssl/ssl.h
	10	.Ft int
	11	.Fo SSL_CTX_set_session_id_context
	12	.Fa "SSL_CTX *ctx"
	13	.Fa const unsigned char *sid_ctx"
	14	.Fa "unsigned int sid_ctx_len"
	15	.Fc
	16	.Ft int
	17	.Fo SSL_set_session_id_context
	18	.Fa "SSL *ssl"
	19	.Fa const unsigned char *sid_ctx"
	20	.Fa "unsigned int sid_ctx_len"
	21	.Fc
	22	.Sh DESCRIPTION
	23	.Fn SSL_CTX_set_session_id_context
	24	sets the context
	25	.Fa sid_ctx
	26	of length
	27	.Fa sid_ctx_len
	28	within which a session can be reused for the
	29	.Fa ctx
	30	object.
	31	.Pp
	32	.Fn SSL_set_session_id_context
	33	sets the context
	34	.Fa sid_ctx
	35	of length
	36	.Fa sid_ctx_len
	37	within which a session can be reused for the
	38	.Fa ssl
	39	object.
	40	.Sh NOTES
	41	Sessions are generated within a certain context.
	42	When exporting/importing sessions with
	43	.Xr i2d_SSL_SESSION 3
	44	and
	45	.Xr d2i_SSL_SESSION 3 ,
	46	it would be possible to re-import a session generated from another context
	47	(e.g., another application), which might lead to malfunctions.
	48	Therefore each application must set its own session id context
	49	.Fa sid_ctx
	50	which is used to distinguish the contexts and is stored in exported sessions.
	51	The
	52	.Fa sid_ctx
	53	can be any kind of binary data with a given length; it is therefore possible
	54	to use, for instance, the name of the application, the hostname, the service
	55	name...
	56	.Pp
	57	The session id context becomes part of the session.
	58	The session id context is set by the SSL/TLS server.
	59	The
	60	.Fn SSL_CTX_set_session_id_context
	61	and
	62	.Fn SSL_set_session_id_context
	63	functions are therefore only useful on the server side.
	64	.Pp
	65	OpenSSL clients will check the session id context returned by the server when
	66	reusing a session.
	67	.Pp
	68	The maximum length of the
	69	.Fa sid_ctx
	70	is limited to
	71	.Dv SSL_MAX_SSL_SESSION_ID_LENGTH .
	72	.Sh WARNINGS
	73	If the session id context is not set on an SSL/TLS server and client
	74	certificates are used, stored sessions will not be reused but a fatal error
	75	will be flagged and the handshake will fail.
	76	.Pp
	77	If a server returns a different session id context to an OpenSSL client
	78	when reusing a session, an error will be flagged and the handshake will
	79	fail.
	80	OpenSSL servers will always return the correct session id context,
	81	as an OpenSSL server checks the session id context itself before reusing
	82	a session as described above.
	83	.Sh RETURN VALUES
	84	.Fn SSL_CTX_set_session_id_context
	85	and
	86	.Fn SSL_set_session_id_context
	87	return the following values:
	88	.Bl -tag -width Ds
	89	.It 0
	90	The length
	91	.Fa sid_ctx_len
	92	of the session id context
	93	.Fa sid_ctx
	94	exceeded
	95	the maximum allowed length of
	96	.Dv SSL_MAX_SSL_SESSION_ID_LENGTH .
	97	The error is logged to the error stack.
	98	.It 1
	99	The operation succeeded.
	100	.El
	101	.Sh SEE ALSO
	102	.Xr ssl 3