add visibility of ciper and connection version strings

ok jsing@

1 files changed, 23 insertions, 3 deletions

diff --git a/src/lib/libtls/tls_init.3 b/src/lib/libtls/tls_init.3
index 90cbdb3f3b..ead2a8095d 100644
--- a/src/lib/libtls/tls_init.3
+++ b/src/lib/libtls/tls_init.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: tls_init.3,v 1.43 2015/09/12 21:00:38 beck Exp $
+.\" $OpenBSD: tls_init.3,v 1.44 2015/09/13 10:32:46 beck Exp $
 .\"
 .\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: September 12 2015 $
+.Dd $Mdocdate: September 13 2015 $
 .Dt TLS_INIT 3
 .Os
 .Sh NAME
@@ -127,6 +127,10 @@
 .Fn tls_peer_cert_subject "struct tls *ctx"
 .Ft "const char *"
 .Fn tls_peer_cert_hash "struct tls *ctx"
+.Ft "const char *"
+.Fn tls_conn_version "struct tls *ctx"
+.Ft "const char *"
+.Fn tls_conn_cipher "struct tls *ctx"
 .Ft "uint8_t *"
 .Fn tls_load_file "const char *file" "size_t *len" "char *password"
 .Ft "struct tls *"
@@ -416,7 +420,23 @@ h=$(openssl x509 -outform der -in mycert.crt | sha256)
 printf "SHA256:${h}\\n"
 .Ed
 .Pp
-.Fn tls_peer_cert_subject
+.It
+.Fn tls_conn_version
+returns a string
+corresponding to a TLS version negotiated with the peer
+connected to 
+.Ar ctx
+.It
+.Fn tls_conn_version
+will only succeed after the handshake is complete.
+.It
+.Fn tls_conn_cipher
+returns a string
+corresponding to a the cipher suite negotated with the peer
+connected to 
+.Ar ctx
+.It
+.Fn tls_conn_cipher
 will only succeed after the handshake is complete.
 .Em (Server and client)
 .It