Write an SSL_get_shared_ciphers(3) manual from scratch; another one

where BUGS is longer than DESCRIPTION. The function is listed in ssl(3) and <openssl/ssl.h>, so it's clearly public. The code looks slightly mysterious to me, so it would be welcome if somebody more familiar with TLS protocols could check factual accuracy.
author: schwarze <> 2016-12-10 14:56:56 +0000
committer: schwarze <> 2016-12-10 14:56:56 +0000
commit: b769bcaecab85091f348cf5c186e7b820fe0489f (patch)
tree: d0236b0245d646660b95370081c543cd0a7920d9 /src/lib
parent: 7861e7da79ff45f2ba53802840b5e46511f3b002 (diff)
download: openbsd-b769bcaecab85091f348cf5c186e7b820fe0489f.tar.gz
openbsd-b769bcaecab85091f348cf5c186e7b820fe0489f.tar.bz2
openbsd-b769bcaecab85091f348cf5c186e7b820fe0489f.zip
2 files changed, 72 insertions, 1 deletions
diff --git a/src/lib/libssl/man/Makefile b/src/lib/libssl/man/Makefile
index d1d7bf3cc6..40e0d32a79 100644
--- a/src/lib/libssl/man/Makefile
+++ b/src/lib/libssl/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.51 2016/12/10 13:54:32 schwarze Exp $
+# $OpenBSD: Makefile,v 1.52 2016/12/10 14:56:56 schwarze Exp $
 .include <bsd.own.mk>
@@ -73,6 +73,7 @@ MAN =	BIO_f_ssl.3 \
        SSL_get_peer_certificate.3 \
        SSL_get_rbio.3 \
        SSL_get_session.3 \
+        SSL_get_shared_ciphers.3 \
        SSL_get_state.3 \
        SSL_get_verify_result.3 \
        SSL_get_version.3 \
diff --git a/src/lib/libssl/man/SSL_get_shared_ciphers.3 b/src/lib/libssl/man/SSL_get_shared_ciphers.3
new file mode 100644
index 0000000000..915ad68215
--- /dev/null
+++ b/src/lib/libssl/man/SSL_get_shared_ciphers.3
@@ -0,0 +1,70 @@
+.\"     $OpenBSD: SSL_get_shared_ciphers.3,v 1.1 2016/12/10 14:56:56 schwarze Exp $
+.\"
+.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: December 10 2016 $
+.Dt SSL_GET_SHARED_CIPHERS 3
+.Os
+.Sh NAME
+.Nm SSL_get_shared_ciphers
+.Nd ciphers supported by both client and server
+.Sh SYNOPSIS
+.In openssl/ssl.h
+.Ft char *
+.Fo SSL_get_shared_ciphers
+.Fa "const SSL *ssl"
+.Fa "char *buf"
+.Fa "int len"
+.Fc
+.Sh DESCRIPTION
+.Fn SSL_get_shared_ciphers
+puts the names of the ciphers that are supported by both the client
+and the server of
+.Fa ssl
+into the buffer
+.Fa buf .
+Names are separated by colons.
+At most
+.Fa len
+bytes are written to
+.Fa buf
+including the terminating NUL character.
+.Sh RETURN VALUES
+If
+.Fa ssl
+contains no session, if the session contains no shared ciphers,
+or if
+.Fa len
+is less than 2,
+.Fn SSL_get_shared_ciphers
+returns
+.Dv NULL .
+Otherwise, it returns
+.Fa buf .
+.Sh HISTORY
+.Fn SSL_get_shared_ciphers
+is available in all versions of OpenSSL.
+.Sh BUGS
+If the list is too long to fit into
+.Fa len
+bytes, it is silently truncated after the last cipher name that fits,
+and all following ciphers are skipped.
+If the buffer is very short such that even the first cipher name
+does not fit, an empty string is returned even when some shared
+ciphers are actually available.
+.Pp
+There is no easy way to find out how much space is required for
+.Fa buf
+or whether the supplied space was sufficient.
author	schwarze <>	2016-12-10 14:56:56 +0000
committer	schwarze <>	2016-12-10 14:56:56 +0000
commit	b769bcaecab85091f348cf5c186e7b820fe0489f (patch)
tree	d0236b0245d646660b95370081c543cd0a7920d9 /src/lib
parent	7861e7da79ff45f2ba53802840b5e46511f3b002 (diff)
download	openbsd-b769bcaecab85091f348cf5c186e7b820fe0489f.tar.gz openbsd-b769bcaecab85091f348cf5c186e7b820fe0489f.tar.bz2 openbsd-b769bcaecab85091f348cf5c186e7b820fe0489f.zip

diff --git a/src/lib/libssl/man/Makefile b/src/lib/libssl/man/Makefile index d1d7bf3cc6..40e0d32a79 100644 --- a/src/lib/libssl/man/Makefile +++ b/src/lib/libssl/man/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.51 2016/12/10 13:54:32 schwarze Exp $	1	# $OpenBSD: Makefile,v 1.52 2016/12/10 14:56:56 schwarze Exp $
2		2
3	.include <bsd.own.mk>	3	.include <bsd.own.mk>
4		4
@@ -73,6 +73,7 @@ MAN = BIO_f_ssl.3 \
73	SSL_get_peer_certificate.3 \	73	SSL_get_peer_certificate.3 \
74	SSL_get_rbio.3 \	74	SSL_get_rbio.3 \
75	SSL_get_session.3 \	75	SSL_get_session.3 \
		76	SSL_get_shared_ciphers.3 \
76	SSL_get_state.3 \	77	SSL_get_state.3 \
77	SSL_get_verify_result.3 \	78	SSL_get_verify_result.3 \
78	SSL_get_version.3 \	79	SSL_get_version.3 \


diff --git a/src/lib/libssl/man/SSL_get_shared_ciphers.3 b/src/lib/libssl/man/SSL_get_shared_ciphers.3 new file mode 100644 index 0000000000..915ad68215 --- /dev/null +++ b/src/lib/libssl/man/SSL_get_shared_ciphers.3
@@ -0,0 +1,70 @@
		1	.\" $OpenBSD: SSL_get_shared_ciphers.3,v 1.1 2016/12/10 14:56:56 schwarze Exp $
		2	.\"
		3	.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
		4	.\"
		5	.\" Permission to use, copy, modify, and distribute this software for any
		6	.\" purpose with or without fee is hereby granted, provided that the above
		7	.\" copyright notice and this permission notice appear in all copies.
		8	.\"
		9	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		10	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		11	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		12	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		13	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		16	.\"
		17	.Dd $Mdocdate: December 10 2016 $
		18	.Dt SSL_GET_SHARED_CIPHERS 3
		19	.Os
		20	.Sh NAME
		21	.Nm SSL_get_shared_ciphers
		22	.Nd ciphers supported by both client and server
		23	.Sh SYNOPSIS
		24	.In openssl/ssl.h
		25	.Ft char *
		26	.Fo SSL_get_shared_ciphers
		27	.Fa "const SSL *ssl"
		28	.Fa "char *buf"
		29	.Fa "int len"
		30	.Fc
		31	.Sh DESCRIPTION
		32	.Fn SSL_get_shared_ciphers
		33	puts the names of the ciphers that are supported by both the client
		34	and the server of
		35	.Fa ssl
		36	into the buffer
		37	.Fa buf .
		38	Names are separated by colons.
		39	At most
		40	.Fa len
		41	bytes are written to
		42	.Fa buf
		43	including the terminating NUL character.
		44	.Sh RETURN VALUES
		45	If
		46	.Fa ssl
		47	contains no session, if the session contains no shared ciphers,
		48	or if
		49	.Fa len
		50	is less than 2,
		51	.Fn SSL_get_shared_ciphers
		52	returns
		53	.Dv NULL .
		54	Otherwise, it returns
		55	.Fa buf .
		56	.Sh HISTORY
		57	.Fn SSL_get_shared_ciphers
		58	is available in all versions of OpenSSL.
		59	.Sh BUGS
		60	If the list is too long to fit into
		61	.Fa len
		62	bytes, it is silently truncated after the last cipher name that fits,
		63	and all following ciphers are skipped.
		64	If the buffer is very short such that even the first cipher name
		65	does not fit, an empty string is returned even when some shared
		66	ciphers are actually available.
		67	.Pp
		68	There is no easy way to find out how much space is required for
		69	.Fa buf
		70	or whether the supplied space was sufficient.