5 files changed, 286 insertions, 4 deletions
diff --git a/src/lib/libssl/man/Makefile b/src/lib/libssl/man/Makefile
index f58f568de7..d1d7bf3cc6 100644
--- a/src/lib/libssl/man/Makefile
+++ b/src/lib/libssl/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.50 2016/12/07 20:11:55 schwarze Exp $
+# $OpenBSD: Makefile,v 1.51 2016/12/10 13:54:32 schwarze Exp $
 .include <bsd.own.mk>
@@ -60,6 +60,7 @@ MAN =	BIO_f_ssl.3 \
        SSL_dup_CA_list.3 \
        SSL_free.3 \
        SSL_get_SSL_CTX.3 \
+        SSL_get_certificate.3 \
        SSL_get_ciphers.3 \
        SSL_get_client_CA_list.3 \
        SSL_get_current_cipher.3 \
@@ -72,11 +73,13 @@ MAN =	BIO_f_ssl.3 \
        SSL_get_peer_certificate.3 \
        SSL_get_rbio.3 \
        SSL_get_session.3 \
+        SSL_get_state.3 \
        SSL_get_verify_result.3 \
        SSL_get_version.3 \
        SSL_library_init.3 \
        SSL_load_client_CA_file.3 \
        SSL_new.3 \
+        SSL_num_renegotiations.3 \
        SSL_pending.3 \
        SSL_read.3 \
        SSL_renegotiate.3 \
diff --git a/src/lib/libssl/man/SSL_get_certificate.3 b/src/lib/libssl/man/SSL_get_certificate.3
new file mode 100644
index 0000000000..35650c75b1
--- /dev/null
+++ b/src/lib/libssl/man/SSL_get_certificate.3
@@ -0,0 +1,61 @@
+.\"     $OpenBSD: SSL_get_certificate.3,v 1.1 2016/12/10 13:54:32 schwarze Exp $
+.\"
+.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: December 10 2016 $
+.Dt SSL_GET_CERTIFICATE 3
+.Os
+.Sh NAME
+.Nm SSL_get_certificate ,
+.Nm SSL_get_privatekey
+.Nd get SSL certificate and private key
+.Sh SYNOPSIS
+.In openssl/ssl.h
+.Ft X509 *
+.Fo SSL_get_certificate
+.Fa "const SSL *ssl"
+.Fc
+.Ft EVP_PKEY *
+.Fo SSL_get_privatekey
+.Fa "SSL *ssl"
+.Fc
+.Sh DESCRIPTION
+These functions retrieve certificate and key data from an
+.Vt SSL
+object.
+They return internal pointers that must not be freed by the application
+program.
+.Sh RETURN VALUES
+.Fn SSL_get_certificate
+returns the active X.509 certificate currently used by
+.Fa ssl
+or
+.Dv NULL
+if none is active.
+.Pp
+.Fn SSL_get_privatekey
+returns the active private key currently used by
+.Fa ssl
+or
+.Dv NULL
+if none is active.
+.Sh SEE ALSO
+.Xr SSL_check_private_key 3 ,
+.Xr SSL_use_certificate 3
+.Sh HISTORY
+.Fn SSL_get_certificate
+and
+.Fn SSL_get_privatekey
+are available in all versions of OpenSSL.
diff --git a/src/lib/libssl/man/SSL_get_state.3 b/src/lib/libssl/man/SSL_get_state.3
new file mode 100644
index 0000000000..d835b52291
--- /dev/null
+++ b/src/lib/libssl/man/SSL_get_state.3
@@ -0,0 +1,146 @@
+.\"     $OpenBSD: SSL_get_state.3,v 1.1 2016/12/10 13:54:32 schwarze Exp $
+.\"
+.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: December 10 2016 $
+.Dt SSL_GET_STATE 3
+.Os
+.Sh NAME
+.Nm SSL_get_state ,
+.Nm SSL_state ,
+.Nm SSL_in_accept_init ,
+.Nm SSL_in_before ,
+.Nm SSL_in_connect_init ,
+.Nm SSL_in_init ,
+.Nm SSL_is_init_finished
+.Nd inspect the state of the SSL state machine
+.Sh SYNOPSIS
+.In openssl/ssl.h
+.Ft int
+.Fo SSL_get_state
+.Fa "const SSL *ssl"
+.Fc
+.Ft int
+.Fo SSL_state
+.Fa "const SSL *ssl"
+.Fc
+.Ft int
+.Fo SSL_in_accept_init
+.Fa "const SSL *ssl"
+.Fc
+.Ft int
+.Fo SSL_in_before
+.Fa "const SSL *ssl"
+.Fc
+.Ft int
+.Fo SSL_in_connect_init
+.Fa "const SSL *ssl"
+.Fc
+.Ft int
+.Fo SSL_in_init
+.Fa "const SSL *ssl"
+.Fc
+.Ft int
+.Fo SSL_is_init_finished
+.Fa "const SSL *ssl"
+.Fc
+.Sh DESCRIPTION
+.Fn SSL_get_state
+returns an encoded representation of the current state of the SSL
+state machine.
+.Fn SSL_state
+is a deprecated alias for
+.Fn SSL_get_state .
+.Pp
+The following bits may be set:
+.Bl -tag -width Ds
+.It Dv SSL_ST_ACCEPT
+This bit is set by
+.Xr SSL_accept 3
+and by
+.Xr SSL_set_accept_state 3 .
+It indicates that
+.Fa ssl
+is set up for server mode and no client initiated the TLS handshake yet.
+The function
+.Fn SSL_in_accept_init
+returns non-zero if this bit is set or 0 otherwise.
+.It Dv SSL_ST_BEFORE
+This bit is set by the
+.Xr SSL_accept 3 ,
+.Xr SSL_connect 3 ,
+.Xr SSL_set_accept_state 3 ,
+and
+.Xr SSL_set_connect_state 3
+functions.
+It indicates that the TLS handshake was not initiated yet.
+The function
+.Fn SSL_in_before
+returns non-zero if this bit is set or 0 otherwise.
+.It Dv SSL_ST_CONNECT
+This bit is set by
+.Xr SSL_connect 3
+and by
+.Xr SSL_set_connect_state 3 .
+It indicates that
+.Fa ssl
+is set up for client mode and no TLS handshake was initiated yet.
+The function
+.Fn SSL_in_connect_init
+returns non-zero if this bit is set or 0 otherwise.
+.El
+.Pp
+The following masks can be used:
+.Bl -tag -width Ds
+.It Dv SSL_ST_INIT
+Set if
+.Dv SSL_ST_ACCEPT
+or
+.Dv SSL_ST_CONNECT
+is set.
+The function
+.Fn SSL_in_init
+returns a non-zero value if one of these is set or 0 otherwise.
+.It Dv SSL_ST_MASK
+This mask includes all bits except
+.Dv SSL_ST_ACCEPT ,
+.Dv SSL_ST_BEFORE ,
+and
+.Dv SSL_ST_CONNECT .
+.It Dv SSL_ST_OK
+The state is set to this value when a connection is established.
+The function
+.Fn SSL_is_init_finished
+returns a non-zero value if the state equals this constant, or 0 otherwise.
+.It Dv SSL_ST_RENEGOTIATE
+The program is about to renegotiate, for example when entering
+.Xr SSL_read 3
+or
+.Xr SSL_write 3
+right after
+.Xr SSL_renegotiate 3
+was called.
+.El
+.Pp
+The meaning of other bits is protocol-dependent.
+Application programs usually do not need to inspect any of those
+other bits.
+.Pp
+All these functions may be implemented as macros.
+.Sh SEE ALSO
+.Xr SSL_renegotiate 3 ,
+.Xr SSL_set_connect_state 3
+.Sh HISTORY
+These functions are available in all versions of OpenSSL.
diff --git a/src/lib/libssl/man/SSL_num_renegotiations.3 b/src/lib/libssl/man/SSL_num_renegotiations.3
new file mode 100644
index 0000000000..d1986a674c
--- /dev/null
+++ b/src/lib/libssl/man/SSL_num_renegotiations.3
@@ -0,0 +1,71 @@
+.\"     $OpenBSD: SSL_num_renegotiations.3,v 1.1 2016/12/10 13:54:32 schwarze Exp $
+.\"
+.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: December 10 2016 $
+.Dt SSL_NUM_RENEGOTIATIONS 3
+.Os
+.Sh NAME
+.Nm SSL_num_renegotiations ,
+.Nm SSL_clear_num_renegotiations ,
+.Nm SSL_total_renegotiations
+.Nd renegotiation counters
+.Sh SYNOPSIS
+.In openssl/ssl.h
+.Ft long
+.Fo SSL_num_renegotiations
+.Fa "SSL *ssl"
+.Fc
+.Ft long
+.Fo SSL_clear_num_renegotiations
+.Fa "SSL *ssl"
+.Fc
+.Ft long
+.Fo SSL_total_renegotiations
+.Fa "SSL *ssl"
+.Fc
+.Sh DESCRIPTION
+.Fn SSL_num_renegotiations
+reports the number of renegotiations initiated in
+.Fa ssl
+since
+.Xr SSL_new 3 ,
+.Xr SSL_clear 3 ,
+or
+.Xr SSL_clear_num_renegotiations 3
+was last called on that object.
+.Pp
+.Fn SSL_clear_num_renegotiations
+does the same and additionally resets the renegotiation counter to 0.
+.Pp
+.Fn SSL_total_renegotiations
+reports the number of renegotiations initiated in
+.Fa ssl
+since
+.Xr SSL_new 3
+or
+.Xr SSL_clear 3
+was last called on that object.
+.Pp
+These functions are implemented as macros.
+.Sh RETURN VALUES
+All these functions return a number of renegotiations.
+.Sh SEE ALSO
+.Xr BIO_set_ssl_renegotiate_bytes 3 ,
+.Xr SSL_read 3 ,
+.Xr SSL_renegotiate 3 ,
+.Xr SSL_write 3
+.Sh HISTORY
+These functions are available in all versions of OpenSSL.
diff --git a/src/lib/libssl/man/SSL_renegotiate.3 b/src/lib/libssl/man/SSL_renegotiate.3
index c07a1e2c2a..f5b59bae95 100644
--- a/src/lib/libssl/man/SSL_renegotiate.3
+++ b/src/lib/libssl/man/SSL_renegotiate.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: SSL_renegotiate.3,v 1.1 2016/12/07 20:11:55 schwarze Exp $
+.\"     $OpenBSD: SSL_renegotiate.3,v 1.2 2016/12/10 13:54:32 schwarze Exp $
 .\"
 .\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: December 7 2016 $
+.Dd $Mdocdate: December 10 2016 $
 .Dt SSL_RENEGOTIATE 3
 .Os
 .Sh NAME
@@ -38,7 +38,7 @@ and
 .Xr SSL_write 3
 whenever the renegotiation byte count set by
 .Xr BIO_set_ssl_renegotiate_bytes 3
-or the timeout set by 
+or the timeout set by
 .Xr BIO_set_ssl_renegotiate_timeout 3
 are exceeded.
 .Sh RETURN VALUES
@@ -49,6 +49,7 @@ is set, in which case it may return 0.
 The API provides no function to set that flag;
 it can only be set by manipulating internal data structures.
 .Sh SEE ALSO
+.Xr SSL_num_renegotiations 3 ,
 .Xr SSL_read 3 ,
 .Xr SSL_write 3
 .Sh HISTORY

diff --git a/src/lib/libssl/man/Makefile b/src/lib/libssl/man/Makefile index f58f568de7..d1d7bf3cc6 100644 --- a/src/lib/libssl/man/Makefile +++ b/src/lib/libssl/man/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.50 2016/12/07 20:11:55 schwarze Exp $	1	# $OpenBSD: Makefile,v 1.51 2016/12/10 13:54:32 schwarze Exp $
2		2
3	.include <bsd.own.mk>	3	.include <bsd.own.mk>
4		4
@@ -60,6 +60,7 @@ MAN = BIO_f_ssl.3 \
60	SSL_dup_CA_list.3 \	60	SSL_dup_CA_list.3 \
61	SSL_free.3 \	61	SSL_free.3 \
62	SSL_get_SSL_CTX.3 \	62	SSL_get_SSL_CTX.3 \
		63	SSL_get_certificate.3 \
63	SSL_get_ciphers.3 \	64	SSL_get_ciphers.3 \
64	SSL_get_client_CA_list.3 \	65	SSL_get_client_CA_list.3 \
65	SSL_get_current_cipher.3 \	66	SSL_get_current_cipher.3 \
@@ -72,11 +73,13 @@ MAN = BIO_f_ssl.3 \
72	SSL_get_peer_certificate.3 \	73	SSL_get_peer_certificate.3 \
73	SSL_get_rbio.3 \	74	SSL_get_rbio.3 \
74	SSL_get_session.3 \	75	SSL_get_session.3 \
		76	SSL_get_state.3 \
75	SSL_get_verify_result.3 \	77	SSL_get_verify_result.3 \
76	SSL_get_version.3 \	78	SSL_get_version.3 \
77	SSL_library_init.3 \	79	SSL_library_init.3 \
78	SSL_load_client_CA_file.3 \	80	SSL_load_client_CA_file.3 \
79	SSL_new.3 \	81	SSL_new.3 \
		82	SSL_num_renegotiations.3 \
80	SSL_pending.3 \	83	SSL_pending.3 \
81	SSL_read.3 \	84	SSL_read.3 \
82	SSL_renegotiate.3 \	85	SSL_renegotiate.3 \


diff --git a/src/lib/libssl/man/SSL_get_certificate.3 b/src/lib/libssl/man/SSL_get_certificate.3 new file mode 100644 index 0000000000..35650c75b1 --- /dev/null +++ b/src/lib/libssl/man/SSL_get_certificate.3
@@ -0,0 +1,61 @@
		1	.\" $OpenBSD: SSL_get_certificate.3,v 1.1 2016/12/10 13:54:32 schwarze Exp $
		2	.\"
		3	.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
		4	.\"
		5	.\" Permission to use, copy, modify, and distribute this software for any
		6	.\" purpose with or without fee is hereby granted, provided that the above
		7	.\" copyright notice and this permission notice appear in all copies.
		8	.\"
		9	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		10	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		11	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		12	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		13	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		16	.\"
		17	.Dd $Mdocdate: December 10 2016 $
		18	.Dt SSL_GET_CERTIFICATE 3
		19	.Os
		20	.Sh NAME
		21	.Nm SSL_get_certificate ,
		22	.Nm SSL_get_privatekey
		23	.Nd get SSL certificate and private key
		24	.Sh SYNOPSIS
		25	.In openssl/ssl.h
		26	.Ft X509 *
		27	.Fo SSL_get_certificate
		28	.Fa "const SSL *ssl"
		29	.Fc
		30	.Ft EVP_PKEY *
		31	.Fo SSL_get_privatekey
		32	.Fa "SSL *ssl"
		33	.Fc
		34	.Sh DESCRIPTION
		35	These functions retrieve certificate and key data from an
		36	.Vt SSL
		37	object.
		38	They return internal pointers that must not be freed by the application
		39	program.
		40	.Sh RETURN VALUES
		41	.Fn SSL_get_certificate
		42	returns the active X.509 certificate currently used by
		43	.Fa ssl
		44	or
		45	.Dv NULL
		46	if none is active.
		47	.Pp
		48	.Fn SSL_get_privatekey
		49	returns the active private key currently used by
		50	.Fa ssl
		51	or
		52	.Dv NULL
		53	if none is active.
		54	.Sh SEE ALSO
		55	.Xr SSL_check_private_key 3 ,
		56	.Xr SSL_use_certificate 3
		57	.Sh HISTORY
		58	.Fn SSL_get_certificate
		59	and
		60	.Fn SSL_get_privatekey
		61	are available in all versions of OpenSSL.


diff --git a/src/lib/libssl/man/SSL_get_state.3 b/src/lib/libssl/man/SSL_get_state.3 new file mode 100644 index 0000000000..d835b52291 --- /dev/null +++ b/src/lib/libssl/man/SSL_get_state.3
@@ -0,0 +1,146 @@
		1	.\" $OpenBSD: SSL_get_state.3,v 1.1 2016/12/10 13:54:32 schwarze Exp $
		2	.\"
		3	.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
		4	.\"
		5	.\" Permission to use, copy, modify, and distribute this software for any
		6	.\" purpose with or without fee is hereby granted, provided that the above
		7	.\" copyright notice and this permission notice appear in all copies.
		8	.\"
		9	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		10	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		11	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		12	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		13	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		16	.\"
		17	.Dd $Mdocdate: December 10 2016 $
		18	.Dt SSL_GET_STATE 3
		19	.Os
		20	.Sh NAME
		21	.Nm SSL_get_state ,
		22	.Nm SSL_state ,
		23	.Nm SSL_in_accept_init ,
		24	.Nm SSL_in_before ,
		25	.Nm SSL_in_connect_init ,
		26	.Nm SSL_in_init ,
		27	.Nm SSL_is_init_finished
		28	.Nd inspect the state of the SSL state machine
		29	.Sh SYNOPSIS
		30	.In openssl/ssl.h
		31	.Ft int
		32	.Fo SSL_get_state
		33	.Fa "const SSL *ssl"
		34	.Fc
		35	.Ft int
		36	.Fo SSL_state
		37	.Fa "const SSL *ssl"
		38	.Fc
		39	.Ft int
		40	.Fo SSL_in_accept_init
		41	.Fa "const SSL *ssl"
		42	.Fc
		43	.Ft int
		44	.Fo SSL_in_before
		45	.Fa "const SSL *ssl"
		46	.Fc
		47	.Ft int
		48	.Fo SSL_in_connect_init
		49	.Fa "const SSL *ssl"
		50	.Fc
		51	.Ft int
		52	.Fo SSL_in_init
		53	.Fa "const SSL *ssl"
		54	.Fc
		55	.Ft int
		56	.Fo SSL_is_init_finished
		57	.Fa "const SSL *ssl"
		58	.Fc
		59	.Sh DESCRIPTION
		60	.Fn SSL_get_state
		61	returns an encoded representation of the current state of the SSL
		62	state machine.
		63	.Fn SSL_state
		64	is a deprecated alias for
		65	.Fn SSL_get_state .
		66	.Pp
		67	The following bits may be set:
		68	.Bl -tag -width Ds
		69	.It Dv SSL_ST_ACCEPT
		70	This bit is set by
		71	.Xr SSL_accept 3
		72	and by
		73	.Xr SSL_set_accept_state 3 .
		74	It indicates that
		75	.Fa ssl
		76	is set up for server mode and no client initiated the TLS handshake yet.
		77	The function
		78	.Fn SSL_in_accept_init
		79	returns non-zero if this bit is set or 0 otherwise.
		80	.It Dv SSL_ST_BEFORE
		81	This bit is set by the
		82	.Xr SSL_accept 3 ,
		83	.Xr SSL_connect 3 ,
		84	.Xr SSL_set_accept_state 3 ,
		85	and
		86	.Xr SSL_set_connect_state 3
		87	functions.
		88	It indicates that the TLS handshake was not initiated yet.
		89	The function
		90	.Fn SSL_in_before
		91	returns non-zero if this bit is set or 0 otherwise.
		92	.It Dv SSL_ST_CONNECT
		93	This bit is set by
		94	.Xr SSL_connect 3
		95	and by
		96	.Xr SSL_set_connect_state 3 .
		97	It indicates that
		98	.Fa ssl
		99	is set up for client mode and no TLS handshake was initiated yet.
		100	The function
		101	.Fn SSL_in_connect_init
		102	returns non-zero if this bit is set or 0 otherwise.
		103	.El
		104	.Pp
		105	The following masks can be used:
		106	.Bl -tag -width Ds
		107	.It Dv SSL_ST_INIT
		108	Set if
		109	.Dv SSL_ST_ACCEPT
		110	or
		111	.Dv SSL_ST_CONNECT
		112	is set.
		113	The function
		114	.Fn SSL_in_init
		115	returns a non-zero value if one of these is set or 0 otherwise.
		116	.It Dv SSL_ST_MASK
		117	This mask includes all bits except
		118	.Dv SSL_ST_ACCEPT ,
		119	.Dv SSL_ST_BEFORE ,
		120	and
		121	.Dv SSL_ST_CONNECT .
		122	.It Dv SSL_ST_OK
		123	The state is set to this value when a connection is established.
		124	The function
		125	.Fn SSL_is_init_finished
		126	returns a non-zero value if the state equals this constant, or 0 otherwise.
		127	.It Dv SSL_ST_RENEGOTIATE
		128	The program is about to renegotiate, for example when entering
		129	.Xr SSL_read 3
		130	or
		131	.Xr SSL_write 3
		132	right after
		133	.Xr SSL_renegotiate 3
		134	was called.
		135	.El
		136	.Pp
		137	The meaning of other bits is protocol-dependent.
		138	Application programs usually do not need to inspect any of those
		139	other bits.
		140	.Pp
		141	All these functions may be implemented as macros.
		142	.Sh SEE ALSO
		143	.Xr SSL_renegotiate 3 ,
		144	.Xr SSL_set_connect_state 3
		145	.Sh HISTORY
		146	These functions are available in all versions of OpenSSL.


diff --git a/src/lib/libssl/man/SSL_num_renegotiations.3 b/src/lib/libssl/man/SSL_num_renegotiations.3 new file mode 100644 index 0000000000..d1986a674c --- /dev/null +++ b/src/lib/libssl/man/SSL_num_renegotiations.3
@@ -0,0 +1,71 @@
		1	.\" $OpenBSD: SSL_num_renegotiations.3,v 1.1 2016/12/10 13:54:32 schwarze Exp $
		2	.\"
		3	.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
		4	.\"
		5	.\" Permission to use, copy, modify, and distribute this software for any
		6	.\" purpose with or without fee is hereby granted, provided that the above
		7	.\" copyright notice and this permission notice appear in all copies.
		8	.\"
		9	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		10	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		11	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		12	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		13	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		16	.\"
		17	.Dd $Mdocdate: December 10 2016 $
		18	.Dt SSL_NUM_RENEGOTIATIONS 3
		19	.Os
		20	.Sh NAME
		21	.Nm SSL_num_renegotiations ,
		22	.Nm SSL_clear_num_renegotiations ,
		23	.Nm SSL_total_renegotiations
		24	.Nd renegotiation counters
		25	.Sh SYNOPSIS
		26	.In openssl/ssl.h
		27	.Ft long
		28	.Fo SSL_num_renegotiations
		29	.Fa "SSL *ssl"
		30	.Fc
		31	.Ft long
		32	.Fo SSL_clear_num_renegotiations
		33	.Fa "SSL *ssl"
		34	.Fc
		35	.Ft long
		36	.Fo SSL_total_renegotiations
		37	.Fa "SSL *ssl"
		38	.Fc
		39	.Sh DESCRIPTION
		40	.Fn SSL_num_renegotiations
		41	reports the number of renegotiations initiated in
		42	.Fa ssl
		43	since
		44	.Xr SSL_new 3 ,
		45	.Xr SSL_clear 3 ,
		46	or
		47	.Xr SSL_clear_num_renegotiations 3
		48	was last called on that object.
		49	.Pp
		50	.Fn SSL_clear_num_renegotiations
		51	does the same and additionally resets the renegotiation counter to 0.
		52	.Pp
		53	.Fn SSL_total_renegotiations
		54	reports the number of renegotiations initiated in
		55	.Fa ssl
		56	since
		57	.Xr SSL_new 3
		58	or
		59	.Xr SSL_clear 3
		60	was last called on that object.
		61	.Pp
		62	These functions are implemented as macros.
		63	.Sh RETURN VALUES
		64	All these functions return a number of renegotiations.
		65	.Sh SEE ALSO
		66	.Xr BIO_set_ssl_renegotiate_bytes 3 ,
		67	.Xr SSL_read 3 ,
		68	.Xr SSL_renegotiate 3 ,
		69	.Xr SSL_write 3
		70	.Sh HISTORY
		71	These functions are available in all versions of OpenSSL.


diff --git a/src/lib/libssl/man/SSL_renegotiate.3 b/src/lib/libssl/man/SSL_renegotiate.3 index c07a1e2c2a..f5b59bae95 100644 --- a/src/lib/libssl/man/SSL_renegotiate.3 +++ b/src/lib/libssl/man/SSL_renegotiate.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: SSL_renegotiate.3,v 1.1 2016/12/07 20:11:55 schwarze Exp $	1	.\" $OpenBSD: SSL_renegotiate.3,v 1.2 2016/12/10 13:54:32 schwarze Exp $
2	.\"	2	.\"
3	.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>	3	.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
4	.\"	4	.\"
@@ -14,7 +14,7 @@
14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF	14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.	15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	.\"	16	.\"
17	.Dd $Mdocdate: December 7 2016 $	17	.Dd $Mdocdate: December 10 2016 $
18	.Dt SSL_RENEGOTIATE 3	18	.Dt SSL_RENEGOTIATE 3
19	.Os	19	.Os
20	.Sh NAME	20	.Sh NAME
@@ -38,7 +38,7 @@ and
38	.Xr SSL_write 3	38	.Xr SSL_write 3
39	whenever the renegotiation byte count set by	39	whenever the renegotiation byte count set by
40	.Xr BIO_set_ssl_renegotiate_bytes 3	40	.Xr BIO_set_ssl_renegotiate_bytes 3
41	or the timeout set by	41	or the timeout set by
42	.Xr BIO_set_ssl_renegotiate_timeout 3	42	.Xr BIO_set_ssl_renegotiate_timeout 3
43	are exceeded.	43	are exceeded.
44	.Sh RETURN VALUES	44	.Sh RETURN VALUES
@@ -49,6 +49,7 @@ is set, in which case it may return 0.
49	The API provides no function to set that flag;	49	The API provides no function to set that flag;
50	it can only be set by manipulating internal data structures.	50	it can only be set by manipulating internal data structures.
51	.Sh SEE ALSO	51	.Sh SEE ALSO
		52	.Xr SSL_num_renegotiations 3 ,
52	.Xr SSL_read 3 ,	53	.Xr SSL_read 3 ,
53	.Xr SSL_write 3	54	.Xr SSL_write 3
54	.Sh HISTORY	55	.Sh HISTORY