summaryrefslogtreecommitdiff
path: root/src/lib/libtls/man/tls_config_ocsp_require_stapling.3
diff options
context:
space:
mode:
authorbeck <>2017-01-31 16:18:57 +0000
committerbeck <>2017-01-31 16:18:57 +0000
commitfb9dca0f0ed93924626f04529bb4dfa85e3ef25e (patch)
tree6cf82628d4d8b9b0ed4d03dd90872a7deae8fcb3 /src/lib/libtls/man/tls_config_ocsp_require_stapling.3
parent5dc75c022fd90332aaa1050db40f77ae54a9f43d (diff)
downloadopenbsd-fb9dca0f0ed93924626f04529bb4dfa85e3ef25e.tar.gz
openbsd-fb9dca0f0ed93924626f04529bb4dfa85e3ef25e.tar.bz2
openbsd-fb9dca0f0ed93924626f04529bb4dfa85e3ef25e.zip
Add tls_config_[add|set]keypair_ocsp functions so that ocsp staples may be
added associated to a keypair used for SNI, and are usable for more than just the "main" certificate. Modify httpd to use this. Bump libtls minor. ok jsing@
Diffstat (limited to 'src/lib/libtls/man/tls_config_ocsp_require_stapling.3')
-rw-r--r--src/lib/libtls/man/tls_config_ocsp_require_stapling.333
1 files changed, 6 insertions, 27 deletions
diff --git a/src/lib/libtls/man/tls_config_ocsp_require_stapling.3 b/src/lib/libtls/man/tls_config_ocsp_require_stapling.3
index 0f532cf8c0..b8b7600904 100644
--- a/src/lib/libtls/man/tls_config_ocsp_require_stapling.3
+++ b/src/lib/libtls/man/tls_config_ocsp_require_stapling.3
@@ -1,4 +1,4 @@
1.\" $OpenBSD: tls_config_ocsp_require_stapling.3,v 1.3 2017/01/28 00:59:36 schwarze Exp $ 1.\" $OpenBSD: tls_config_ocsp_require_stapling.3,v 1.4 2017/01/31 16:18:57 beck Exp $
2.\" 2.\"
3.\" Copyright (c) 2016 Bob Beck <beck@openbsd.org> 3.\" Copyright (c) 2016 Bob Beck <beck@openbsd.org>
4.\" 4.\"
@@ -14,46 +14,25 @@
14.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16.\" 16.\"
17.Dd $Mdocdate: January 28 2017 $ 17.Dd $Mdocdate: January 31 2017 $
18.Dt TLS_CONFIG_OCSP_REQUIRE_STAPLING 3 18.Dt TLS_CONFIG_OCSP_REQUIRE_STAPLING 3
19.Os 19.Os
20.Sh NAME 20.Sh NAME
21.Nm tls_config_ocsp_require_stapling , 21.Nm tls_config_ocsp_require_stapling ,
22.Nm tls_config_set_ocsp_staple_mem ,
23.Nm tls_config_set_ocsp_staple_file
24.Nd OCSP configuration for libtls 22.Nd OCSP configuration for libtls
25.Sh SYNOPSIS 23.Sh SYNOPSIS
26.In tls.h 24.In tls.h
27.Ft void 25.Ft void
28.Fn tls_config_ocsp_require_stapling "struct tls_config *config" 26.Fn tls_config_ocsp_require_stapling "struct tls_config *config"
29.Ft int
30.Fo tls_config_set_ocsp_staple_mem
31.Fa "struct tls_config *config"
32.Fa "const char *staple"
33.Fa "size_t len"
34.Fc
35.Ft int
36.Fo tls_config_set_ocsp_staple_file
37.Fa "struct tls_config *config"
38.Fa "const char *staple_file"
39.Fc 27.Fc
40.Sh DESCRIPTION 28.Sh DESCRIPTION
41.Fn tls_config_ocsp_require_stapling 29.Fn tls_config_ocsp_require_stapling
42requires that a valid stapled OCSP response be provided during the TLS handshake. 30requires that a valid stapled OCSP response be provided during the TLS handshake.
43.Pp
44.Fn tls_config_set_ocsp_staple_file
45sets a DER-encoded OCSP response to be stapled during the TLS handshake from
46the specified file.
47.Pp
48.Fn tls_config_set_ocsp_staple_mem
49sets a DER-encoded OCSP response to be stapled during the TLS handshake from
50memory.
51.Sh RETURN VALUES
52.Fn tls_config_set_ocsp_staple_mem
53and
54.Fn tls_config_set_ocsp_staple_file
55return 0 on success or -1 on error.
56.Sh SEE ALSO 31.Sh SEE ALSO
32.Xr tls_config_set_keypair_file 3 ,
33.Xr tls_config_set_keypair_mem 3 ,
34.Xr tls_config_add_keypair_file 3 ,
35.Xr tls_config_add_keypair_mem 3 ,
57.Xr tls_handshake 3 , 36.Xr tls_handshake 3 ,
58.Xr tls_init 3 , 37.Xr tls_init 3 ,
59.Xr tls_ocsp_process_response 3 38.Xr tls_ocsp_process_response 3
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 09:45:09 +0000