Update SSL_get_shared_ciphers() documentation for ssl_lib.c r1.240

From schwarze, who explains: * Even though i wrote the original version of our documentation for this function, i now think the design of this function is so atrocious that it is better to call out the main limitations up front (server side only and silent truncation) rather than first giving the impression that it achieves something it actually doesn't and then later try to row back in a piece-meal manner. * Using a .Bl list for failure conditions in the RETURN VALUES section is no doubt unusual, but the conditions are so numerous and some of them are so surprising that i think it makes sense in this case. If a function is badly designed and has surprising properties, precision and clarity in the description are even more important than usual, and conciseness is better sacrificed. * Adding .Xr SSL_get_ciphers 3 seems helpful. ok beck inoguchi jsing tb
author: tb <> 2021-01-09 10:50:02 +0000
committer: tb <> 2021-01-09 10:50:02 +0000
commit: 58d3abd1b5ad90b469e5f6e262640b283fcce28b (patch)
tree: 2c8eb40c47834fcd11886e3611c4be219ac56c67 /src/lib
parent: 326615a6e0d9c026a95e75db78bdfb2e53aa2972 (diff)
download: openbsd-58d3abd1b5ad90b469e5f6e262640b283fcce28b.tar.gz
openbsd-58d3abd1b5ad90b469e5f6e262640b283fcce28b.tar.bz2
openbsd-58d3abd1b5ad90b469e5f6e262640b283fcce28b.zip
1 files changed, 47 insertions, 17 deletions
diff --git a/src/lib/libssl/man/SSL_get_shared_ciphers.3 b/src/lib/libssl/man/SSL_get_shared_ciphers.3
index 6b75439f86..207e8c42eb 100644
--- a/src/lib/libssl/man/SSL_get_shared_ciphers.3
+++ b/src/lib/libssl/man/SSL_get_shared_ciphers.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: SSL_get_shared_ciphers.3,v 1.4 2019/06/12 09:36:30 schwarze Exp $
+.\" $OpenBSD: SSL_get_shared_ciphers.3,v 1.5 2021/01/09 10:50:02 tb Exp $
 .\"
 .\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: June 12 2019 $
+.Dd $Mdocdate: January 9 2021 $
 .Dt SSL_GET_SHARED_CIPHERS 3
 .Os
 .Sh NAME
@@ -29,12 +29,14 @@
 .Fa "int len"
 .Fc
 .Sh DESCRIPTION
-.Fn SSL_get_shared_ciphers
+If
-puts the names of the ciphers that are supported by both the client
-and the server of
 .Fa ssl
-into the buffer
+contains a session in server mode,
-.Fa buf .
+.Fn SSL_get_shared_ciphers
+puts as many names of ciphers that are supported by both the client
+and the server into the buffer
+.Fa buf
+as the buffer is long enough to contain.
 Names are separated by colons.
 At most
 .Fa len
@@ -42,19 +44,47 @@ bytes are written to
 .Fa buf
 including the terminating NUL character.
 .Sh RETURN VALUES
-If
-.Fa ssl
-contains no session, if the session contains no shared ciphers,
-or if
-.Fa len
-is less than 2,
 .Fn SSL_get_shared_ciphers
 returns
-.Dv NULL .
+.Fa buf
-Otherwise, it returns
+on success or
-.Fa buf .
+.Dv NULL
+on failure.
+The following situations cause failure:
+.Bl -bullet
+.It
+.Xr SSL_is_server 3
+is false, i.e.,
+.Ar ssl
+is not set to server mode.
+.It
+.Xr SSL_get_ciphers 3
+is
+.Dv NULL
+or empty, i.e., no ciphers are available for use by the server.
+.It
+.Xr SSL_get_session 3
+is
+.Dv NULL ,
+i.e.,
+.Ar ssl
+contains no session.
+.It
+.Xr SSL_get_client_ciphers 3
+is
+.Dv NULL
+or empty, i.e.,
+.Ar ssl
+contains no information about ciphers supported by the client,
+or the client does not support any ciphers.
+.It
+The
+.Fa len
+argument is less than 2.
+.El
 .Sh SEE ALSO
-.Xr ssl 3
+.Xr ssl 3 ,
+.Xr SSL_get_ciphers 3
 .Sh HISTORY
 .Fn SSL_get_shared_ciphers
 first appeared in SSLeay 0.4.5b and has been available since
author	tb <>	2021-01-09 10:50:02 +0000
committer	tb <>	2021-01-09 10:50:02 +0000
commit	58d3abd1b5ad90b469e5f6e262640b283fcce28b (patch)
tree	2c8eb40c47834fcd11886e3611c4be219ac56c67 /src/lib
parent	326615a6e0d9c026a95e75db78bdfb2e53aa2972 (diff)
download	openbsd-58d3abd1b5ad90b469e5f6e262640b283fcce28b.tar.gz openbsd-58d3abd1b5ad90b469e5f6e262640b283fcce28b.tar.bz2 openbsd-58d3abd1b5ad90b469e5f6e262640b283fcce28b.zip

diff --git a/src/lib/libssl/man/SSL_get_shared_ciphers.3 b/src/lib/libssl/man/SSL_get_shared_ciphers.3 index 6b75439f86..207e8c42eb 100644 --- a/src/lib/libssl/man/SSL_get_shared_ciphers.3 +++ b/src/lib/libssl/man/SSL_get_shared_ciphers.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: SSL_get_shared_ciphers.3,v 1.4 2019/06/12 09:36:30 schwarze Exp $	1	.\" $OpenBSD: SSL_get_shared_ciphers.3,v 1.5 2021/01/09 10:50:02 tb Exp $
2	.\"	2	.\"
3	.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>	3	.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
4	.\"	4	.\"
@@ -14,7 +14,7 @@
14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF	14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.	15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	.\"	16	.\"
17	.Dd $Mdocdate: June 12 2019 $	17	.Dd $Mdocdate: January 9 2021 $
18	.Dt SSL_GET_SHARED_CIPHERS 3	18	.Dt SSL_GET_SHARED_CIPHERS 3
19	.Os	19	.Os
20	.Sh NAME	20	.Sh NAME
@@ -29,12 +29,14 @@
29	.Fa "int len"	29	.Fa "int len"
30	.Fc	30	.Fc
31	.Sh DESCRIPTION	31	.Sh DESCRIPTION
32	.Fn SSL_get_shared_ciphers	32	If
33	puts the names of the ciphers that are supported by both the client
34	and the server of
35	.Fa ssl	33	.Fa ssl
36	into the buffer	34	contains a session in server mode,
37	.Fa buf .	35	.Fn SSL_get_shared_ciphers
		36	puts as many names of ciphers that are supported by both the client
		37	and the server into the buffer
		38	.Fa buf
		39	as the buffer is long enough to contain.
38	Names are separated by colons.	40	Names are separated by colons.
39	At most	41	At most
40	.Fa len	42	.Fa len
@@ -42,19 +44,47 @@ bytes are written to
42	.Fa buf	44	.Fa buf
43	including the terminating NUL character.	45	including the terminating NUL character.
44	.Sh RETURN VALUES	46	.Sh RETURN VALUES
45	If
46	.Fa ssl
47	contains no session, if the session contains no shared ciphers,
48	or if
49	.Fa len
50	is less than 2,
51	.Fn SSL_get_shared_ciphers	47	.Fn SSL_get_shared_ciphers
52	returns	48	returns
53	.Dv NULL .	49	.Fa buf
54	Otherwise, it returns	50	on success or
55	.Fa buf .	51	.Dv NULL
		52	on failure.
		53	The following situations cause failure:
		54	.Bl -bullet
		55	.It
		56	.Xr SSL_is_server 3
		57	is false, i.e.,
		58	.Ar ssl
		59	is not set to server mode.
		60	.It
		61	.Xr SSL_get_ciphers 3
		62	is
		63	.Dv NULL
		64	or empty, i.e., no ciphers are available for use by the server.
		65	.It
		66	.Xr SSL_get_session 3
		67	is
		68	.Dv NULL ,
		69	i.e.,
		70	.Ar ssl
		71	contains no session.
		72	.It
		73	.Xr SSL_get_client_ciphers 3
		74	is
		75	.Dv NULL
		76	or empty, i.e.,
		77	.Ar ssl
		78	contains no information about ciphers supported by the client,
		79	or the client does not support any ciphers.
		80	.It
		81	The
		82	.Fa len
		83	argument is less than 2.
		84	.El
56	.Sh SEE ALSO	85	.Sh SEE ALSO
57	.Xr ssl 3	86	.Xr ssl 3 ,
		87	.Xr SSL_get_ciphers 3
58	.Sh HISTORY	88	.Sh HISTORY
59	.Fn SSL_get_shared_ciphers	89	.Fn SSL_get_shared_ciphers
60	first appeared in SSLeay 0.4.5b and has been available since	90	first appeared in SSLeay 0.4.5b and has been available since