split the tls_init(3) that had grown fat to allow healthy future growth;

suggested by jsing@; "i would just chuck it in" jmc@

1 files changed, 114 insertions, 0 deletions

diff --git a/src/lib/libtls/man/tls_connect.3 b/src/lib/libtls/man/tls_connect.3
new file mode 100644
index 0000000000..8137fba53b
--- /dev/null
+++ b/src/lib/libtls/man/tls_connect.3
@@ -0,0 +1,114 @@
+.\" $OpenBSD: tls_connect.3,v 1.1 2017/01/25 23:53:18 schwarze Exp $
+.\"
+.\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: January 25 2017 $
+.Dt TLS_CONNECT 3
+.Os
+.Sh NAME
+.Nm tls_connect ,
+.Nm tls_connect_fds ,
+.Nm tls_connect_servername ,
+.Nm tls_connect_socket ,
+.Nm tls_connect_cbs
+.Nd instruct a TLS client to establish a connection
+.Sh SYNOPSIS
+.In tls.h
+.Ft int
+.Fo tls_connect
+.Fa "struct tls *ctx"
+.Fa "const char *host"
+.Fa "const char *port"
+.Fc
+.Ft int
+.Fo tls_connect_fds
+.Fa "struct tls *ctx"
+.Fa "int fd_read"
+.Fa "int fd_write"
+.Fa "const char *servername"
+.Fc
+.Ft int
+.Fo tls_connect_servername
+.Fa "struct tls *ctx"
+.Fa "const char *host"
+.Fa "const char *port"
+.Fa "const char *servername"
+.Fc
+.Ft int
+.Fo tls_connect_socket
+.Fa "struct tls *ctx"
+.Fa "int s"
+.Fa "const char *servername"
+.Fc
+.Ft int
+.Fo tls_connect_cbs
+.Fa "struct tls *ctx"
+.Fa "ssize_t (*tls_read_cb)(struct tls *ctx,\
+ void *buf, size_t buflen, void *cb_arg)"
+.Fa "ssize_t (*tls_write_cb)(struct tls *ctx,\
+ const void *buf, size_t buflen, void *cb_arg)"
+.Fa "void *cb_arg"
+.Fa "const char *servername"
+.Fc
+.Sh DESCRIPTION
+After creating a TLS client context with
+.Xr tls_client 3
+and configuring it with
+.Xr tls_configure 3 ,
+a client connection is initiated by calling
+.Fn tls_connect .
+This function will create a new socket, connect to the specified
+.Fa host
+and
+.Fa port ,
+and then establish a secure connection.
+The
+.Fa port
+may be numeric or a service name.
+If it is
+.Dv NULL ,
+then a
+.Fa host
+of the format "hostname:port" is permitted.
+.Pp
+The
+.Fn tls_connect_servername
+function has the same behaviour, however the name to use for verification is
+explicitly provided, rather than being inferred from the
+.Ar host
+value.
+.Pp
+An already existing socket can be upgraded to a secure connection by calling
+.Fn tls_connect_socket .
+.Pp
+Alternatively, a secure connection can be established over a pair of existing
+file descriptors by calling
+.Fn tls_connect_fds .
+.Pp
+Calling
+.Fn tls_connect_cbs
+allows read and write callback functions to handle data transfers.
+The specified cb_arg parameter is passed back to the functions,
+and can contain a pointer to any caller-specified data.
+.Sh RETURN VALUES
+These functions return 0 on success or -1 on error.
+.Sh SEE ALSO
+.Xr tls_accept_socket 3 ,
+.Xr tls_client 3 ,
+.Xr tls_close 3 ,
+.Xr tls_config_ocsp_require_stapling 3 ,
+.Xr tls_configure 3 ,
+.Xr tls_handshake 3 ,
+.Xr tls_init 3