diff options
| author | jmc <> | 2015-09-11 14:20:14 +0000 |
|---|---|---|
| committer | jmc <> | 2015-09-11 14:20:14 +0000 |
| commit | a265ed602c8178adca9e93782bef7421b5e089bd (patch) | |
| tree | 82d57b237cf5573c87fa10108d9907468786c060 /src | |
| parent | 774db32073b8b5964d8bb5940ad2543bee934b66 (diff) | |
| download | openbsd-a265ed602c8178adca9e93782bef7421b5e089bd.tar.gz openbsd-a265ed602c8178adca9e93782bef7421b5e089bd.tar.bz2 openbsd-a265ed602c8178adca9e93782bef7421b5e089bd.zip | |
more cleanup;
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libtls/tls_init.3 | 31 |
1 files changed, 15 insertions, 16 deletions
diff --git a/src/lib/libtls/tls_init.3 b/src/lib/libtls/tls_init.3 index 9eb825d463..4e67e26b9b 100644 --- a/src/lib/libtls/tls_init.3 +++ b/src/lib/libtls/tls_init.3 | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | .\" $OpenBSD: tls_init.3,v 1.40 2015/09/11 14:15:19 jmc Exp $ | 1 | .\" $OpenBSD: tls_init.3,v 1.41 2015/09/11 14:20:14 jmc Exp $ |
| 2 | .\" | 2 | .\" |
| 3 | .\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org> | 3 | .\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org> |
| 4 | .\" | 4 | .\" |
| @@ -118,7 +118,7 @@ | |||
| 118 | .Fn tls_peer_cert_provided "struct tls *ctx" | 118 | .Fn tls_peer_cert_provided "struct tls *ctx" |
| 119 | .Ft "int" | 119 | .Ft "int" |
| 120 | .Fn tls_peer_cert_contains_name "struct tls *ctx" "const char *name" | 120 | .Fn tls_peer_cert_contains_name "struct tls *ctx" "const char *name" |
| 121 | .Ft "int | 121 | .Ft "int" |
| 122 | .Fn tls_peer_cert_issuer "struct tls *ctx" "char **issuer" | 122 | .Fn tls_peer_cert_issuer "struct tls *ctx" "char **issuer" |
| 123 | .Ft "int" | 123 | .Ft "int" |
| 124 | .Fn tls_peer_cert_subject "struct tls *ctx" "char **subject" | 124 | .Fn tls_peer_cert_subject "struct tls *ctx" "char **subject" |
| @@ -369,7 +369,7 @@ checks if the peer of | |||
| 369 | .Ar ctx | 369 | .Ar ctx |
| 370 | has provided a certificate. | 370 | has provided a certificate. |
| 371 | .Fn tls_peer_cert_provided | 371 | .Fn tls_peer_cert_provided |
| 372 | can only succeed after the handshake is complete. | 372 | can only succeed after the handshake is complete. |
| 373 | .Em (Server and client) | 373 | .Em (Server and client) |
| 374 | .It | 374 | .It |
| 375 | .Fn tls_peer_cert_contains_name | 375 | .Fn tls_peer_cert_contains_name |
| @@ -379,7 +379,7 @@ has povided a certificate that contains a | |||
| 379 | SAN or CN that matches | 379 | SAN or CN that matches |
| 380 | .Ar name . | 380 | .Ar name . |
| 381 | .Fn tls_peer_cert_contains_name | 381 | .Fn tls_peer_cert_contains_name |
| 382 | can only succeed after the handshake is complete. | 382 | can only succeed after the handshake is complete. |
| 383 | .Em (Server and client) | 383 | .Em (Server and client) |
| 384 | .It | 384 | .It |
| 385 | .Fn tls_peer_cert_subject | 385 | .Fn tls_peer_cert_subject |
| @@ -388,19 +388,19 @@ returns a string in | |||
| 388 | corresponding to the subject of the peer certificate from | 388 | corresponding to the subject of the peer certificate from |
| 389 | .Ar ctx . | 389 | .Ar ctx . |
| 390 | .Fn tls_peer_cert_subject | 390 | .Fn tls_peer_cert_subject |
| 391 | will only succeed after the handshake is complete. | 391 | will only succeed after the handshake is complete. |
| 392 | Callers must free the string returned in | 392 | Callers must free the string returned in |
| 393 | .Ar subject . | 393 | .Ar subject . |
| 394 | .Em (Server and client) | 394 | .Em (Server and client) |
| 395 | .It | 395 | .It |
| 396 | .Fn tls_peer_cert_issuer | 396 | .Fn tls_peer_cert_issuer |
| 397 | returns a string in | 397 | returns a string in |
| 398 | .Ar subject | 398 | .Ar subject |
| 399 | corresponding to the issuer of the peer certificate from | 399 | corresponding to the issuer of the peer certificate from |
| 400 | .Ar ctx . | 400 | .Ar ctx . |
| 401 | .Fn tls_peer_cert_issuer | 401 | .Fn tls_peer_cert_issuer |
| 402 | will only succeed after the handshake is complete. | 402 | will only succeed after the handshake is complete. |
| 403 | Callers must free the string returned in | 403 | Callers must free the string returned in |
| 404 | .Ar issuer . | 404 | .Ar issuer . |
| 405 | .Em (Server and client) | 405 | .Em (Server and client) |
| 406 | .It | 406 | .It |
| @@ -410,10 +410,10 @@ in | |||
| 410 | .Ar hash | 410 | .Ar hash |
| 411 | corresponding to a hash of the raw peer certificate from | 411 | corresponding to a hash of the raw peer certificate from |
| 412 | .Ar ctx | 412 | .Ar ctx |
| 413 | prefixed by a hash name followed by a colon. | 413 | prefixed by a hash name followed by a colon. |
| 414 | The hash currently used is SHA256, however this | 414 | The hash currently used is SHA256, though this |
| 415 | can change in the future. The hash string for a certificate | 415 | could change in the future. |
| 416 | in file | 416 | The hash string for a certificate in file |
| 417 | .Ar mycert.crt | 417 | .Ar mycert.crt |
| 418 | can be generated using the commands: | 418 | can be generated using the commands: |
| 419 | .Bd -literal -offset indent | 419 | .Bd -literal -offset indent |
| @@ -422,8 +422,8 @@ printf "SHA256:${h}\\n" | |||
| 422 | .Ed | 422 | .Ed |
| 423 | .Pp | 423 | .Pp |
| 424 | .Fn tls_peer_cert_subject | 424 | .Fn tls_peer_cert_subject |
| 425 | will only succeed after the handshake is complete. | 425 | will only succeed after the handshake is complete. |
| 426 | Callers must free the string returned in | 426 | Callers must free the string returned in |
| 427 | .Ar hash . | 427 | .Ar hash . |
| 428 | .Em (Server and client) | 428 | .Em (Server and client) |
| 429 | .It | 429 | .It |
| @@ -589,7 +589,6 @@ while (len > 0) { | |||
| 589 | } | 589 | } |
| 590 | \&... | 590 | \&... |
| 591 | .Ed | 591 | .Ed |
| 592 | .Bd -literal -offset indent | ||
| 593 | .Pp | 592 | .Pp |
| 594 | The following example demonstrates how to handle TLS writes on a | 593 | The following example demonstrates how to handle TLS writes on a |
| 595 | non-blocking file descriptor using | 594 | non-blocking file descriptor using |