Rename tls_config_insecure_noverifyhost() to

tls_config_insecure_noverifyname(), so that it is more accurate and keeps inline with the distinction between DNS hostname and server name. Requested by tedu@ during s2k15.
author: jsing <> 2015-02-22 15:09:54 +0000
committer: jsing <> 2015-02-22 15:09:54 +0000
commit: 9d8e62d07fb25e66d41179adb5bd43bb03ff48be (patch)
tree: 69b0669eadef9fd82894ac6c78503dabca4e3010 /src/lib
parent: 47d9c013d2b64ba954050caea6bdcefaaca3cac5 (diff)
download: openbsd-9d8e62d07fb25e66d41179adb5bd43bb03ff48be.tar.gz
openbsd-9d8e62d07fb25e66d41179adb5bd43bb03ff48be.tar.bz2
openbsd-9d8e62d07fb25e66d41179adb5bd43bb03ff48be.zip
4 files changed, 20 insertions, 21 deletions
diff --git a/src/lib/libtls/Makefile b/src/lib/libtls/Makefile
index 6baf210143..e5434f5071 100644
--- a/src/lib/libtls/Makefile
+++ b/src/lib/libtls/Makefile
@@ -1,4 +1,4 @@
-#       $OpenBSD: Makefile,v 1.6 2015/02/15 13:33:14 jsing Exp $
+#       $OpenBSD: Makefile,v 1.7 2015/02/22 15:09:54 jsing Exp $
 CFLAGS+= -Wall -Werror -Wimplicit
 CFLAGS+= -DLIBRESSL_INTERNAL
@@ -34,8 +34,8 @@ MLINKS+=tls_init.3 tls_config_set_key_mem.3
 MLINKS+=tls_init.3 tls_config_set_protocols.3
 MLINKS+=tls_init.3 tls_config_set_verify_depth.3
 MLINKS+=tls_init.3 tls_config_clear_keys.3
-MLINKS+=tls_init.3 tls_config_insecure_noverifyhost.3
 MLINKS+=tls_init.3 tls_config_insecure_noverifycert.3
+MLINKS+=tls_init.3 tls_config_insecure_noverifyname.3
 MLINKS+=tls_init.3 tls_config_verify.3
 MLINKS+=tls_init.3 tls_load_file.3
 MLINKS+=tls_init.3 tls_client.3
diff --git a/src/lib/libtls/tls.h b/src/lib/libtls/tls.h
index 0af6194879..071309242f 100644
--- a/src/lib/libtls/tls.h
+++ b/src/lib/libtls/tls.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls.h,v 1.9 2015/02/12 04:35:17 jsing Exp $ */
+/* $OpenBSD: tls.h,v 1.10 2015/02/22 15:09:54 jsing Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
@@ -61,8 +61,8 @@ void tls_config_set_verify_depth(struct tls_config *config, int verify_depth);
 void tls_config_clear_keys(struct tls_config *config);
 int tls_config_parse_protocols(uint32_t *protocols, const char *protostr);
-void tls_config_insecure_noverifyhost(struct tls_config *config);
 void tls_config_insecure_noverifycert(struct tls_config *config);
+void tls_config_insecure_noverifyname(struct tls_config *config);
 void tls_config_verify(struct tls_config *config);
 struct tls *tls_client(void);
diff --git a/src/lib/libtls/tls_config.c b/src/lib/libtls/tls_config.c
index 0b0a8120a4..4c25a79303 100644
--- a/src/lib/libtls/tls_config.c
+++ b/src/lib/libtls/tls_config.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_config.c,v 1.8 2015/02/22 14:59:37 jsing Exp $ */
+/* $OpenBSD: tls_config.c,v 1.9 2015/02/22 15:09:54 jsing Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
@@ -282,17 +282,16 @@ tls_config_set_verify_depth(struct tls_config *config, int verify_depth)
        config->verify_depth = verify_depth;
 }
-/* XXX - rename to noverifyname. */
 void
-tls_config_insecure_noverifyhost(struct tls_config *config)
+tls_config_insecure_noverifycert(struct tls_config *config)
 {
-        config->verify_name = 0;
+        config->verify_cert = 0;
 }
 void
-tls_config_insecure_noverifycert(struct tls_config *config)
+tls_config_insecure_noverifyname(struct tls_config *config)
 {
-        config->verify_cert = 0;
+        config->verify_name = 0;
 }
 void
diff --git a/src/lib/libtls/tls_init.3 b/src/lib/libtls/tls_init.3
index 52220fa449..3e888115e8 100644
--- a/src/lib/libtls/tls_init.3
+++ b/src/lib/libtls/tls_init.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: tls_init.3,v 1.17 2015/02/21 21:41:00 tedu Exp $
+.\" $OpenBSD: tls_init.3,v 1.18 2015/02/22 15:09:54 jsing Exp $
 .\"
 .\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: February 21 2015 $
+.Dd $Mdocdate: February 22 2015 $
 .Dt TLS 3
 .Os
 .Sh NAME
@@ -36,8 +36,8 @@
 .Nm tls_config_set_protocols ,
 .Nm tls_config_set_verify_depth ,
 .Nm tls_config_clear_keys ,
-.Nm tls_config_insecure_noverifyhost ,
 .Nm tls_config_insecure_noverifycert ,
+.Nm tls_config_insecure_noverifyname ,
 .Nm tls_config_verify ,
 .Nm tls_load_file ,
 .Nm tls_client ,
@@ -93,10 +93,10 @@
 .Ft "void"
 .Fn tls_config_clear_keys "struct tls_config *config"
 .Ft "void"
-.Fn tls_config_insecure_noverifyhost "struct tls_config *config"
-.Ft "void"
 .Fn tls_config_insecure_noverifycert "struct tls_config *config"
 .Ft "void"
+.Fn tls_config_insecure_noverifyname "struct tls_config *config"
+.Ft "void"
 .Fn tls_config_verify "struct tls_config *config"
 .Ft "uint8_t *"
 .Fn tls_load_file "const char *file" "size_t *len" "char *password"
@@ -289,18 +289,18 @@ Additionally, the values
 clears any secret keys from memory.
 .Em (Server)
 .It
-.Fn tls_config_insecure_noverifyhost
-disables hostname verification.
-Be careful when using this option.
-.Em (Client)
-.It
 .Fn tls_config_insecure_noverifycert
 disables certificate verification.
 Be extremely careful when using this option.
 .Em (Client)
 .It
+.Fn tls_config_insecure_noverifyname
+disables server name verification.
+Be careful when using this option.
+.Em (Client)
+.It
 .Fn tls_config_verify
-reenables hostname and certificate verification.
+reenables server name and certificate verification.
 .Em (Client)
 .It
 .Fn tls_load_file
author	jsing <>	2015-02-22 15:09:54 +0000
committer	jsing <>	2015-02-22 15:09:54 +0000
commit	9d8e62d07fb25e66d41179adb5bd43bb03ff48be (patch)
tree	69b0669eadef9fd82894ac6c78503dabca4e3010 /src/lib
parent	47d9c013d2b64ba954050caea6bdcefaaca3cac5 (diff)
download	openbsd-9d8e62d07fb25e66d41179adb5bd43bb03ff48be.tar.gz openbsd-9d8e62d07fb25e66d41179adb5bd43bb03ff48be.tar.bz2 openbsd-9d8e62d07fb25e66d41179adb5bd43bb03ff48be.zip