1 files changed, 42 insertions, 4 deletions
diff --git a/src/lib/libssl/man/SSL_set1_param.3 b/src/lib/libssl/man/SSL_set1_param.3
index ae67d4796e..d164746099 100644
--- a/src/lib/libssl/man/SSL_set1_param.3
+++ b/src/lib/libssl/man/SSL_set1_param.3
@@ -1,5 +1,6 @@
-.\"     $OpenBSD: SSL_set1_param.3,v 1.1 2016/11/30 13:39:38 schwarze Exp $
+.\" $OpenBSD: SSL_set1_param.3,v 1.2 2018/02/14 17:20:29 schwarze Exp $
-.\"     OpenSSL SSL_CTX_get0_param.pod 99d63d46 Oct 26 13:56:48 2016 -0400
+.\" full merge up to:
+.\" OpenSSL man3/SSL_CTX_get0_param 99d63d46 Oct 26 13:56:48 2016 -0400
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
 .\" Copyright (c) 2015 The OpenSSL Project.  All rights reserved.
@@ -48,15 +49,25 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: November 30 2016 $
+.Dd $Mdocdate: February 14 2018 $
 .Dt SSL_SET1_PARAM 3
 .Os
 .Sh NAME
+.Nm SSL_CTX_get0_param ,
+.Nm SSL_get0_param ,
 .Nm SSL_CTX_set1_param ,
 .Nm SSL_set1_param
-.Nd set verification parameters
+.Nd get and set verification parameters
 .Sh SYNOPSIS
 .In openssl/ssl.h
+.Ft X509_VERIFY_PARAM *
+.Fo SSL_CTX_get0_param
+.Fa "SSL_CTX *ctx"
+.Fc
+.Ft X509_VERIFY_PARAM *
+.Fo SSL_get0_param
+.Fa "SSL *ssl"
+.Fc
 .Ft int
 .Fo SSL_CTX_set1_param
 .Fa "SSL_CTX *ctx"
@@ -68,6 +79,18 @@
 .Fa "X509_VERIFY_PARAM *vpm"
 .Fc
 .Sh DESCRIPTION
+.Fn SSL_CTX_get0_param
+and
+.Fn SSL_get0_param
+retrieve an internal pointer to the verification parameters for
+.Fa ctx
+or
+.Fa ssl ,
+respectively.
+The returned pointer must not be freed by the calling application,
+but the application can modify the parameters pointed to
+to suit its needs: for example to add a hostname check.
+.Pp
 .Fn SSL_CTX_set1_param
 and
 .Fn SSL_set1_param
@@ -78,10 +101,25 @@ for
 or
 .Fa ssl .
 .Sh RETURN VALUES
+.Fn SSL_CTX_get0_param
+and
+.Fn SSL_get0_param
+return a pointer to an
+.Vt X509_VERIFY_PARAM
+structure.
+.Pp
 .Fn SSL_CTX_set1_param
 and
 .Fn SSL_set1_param
 return 1 for success or 0 for failure.
+.Sh EXAMPLES
+Check that the hostname matches
+.Pa www.foo.com
+in the peer certificate:
+.Bd -literal -offset indent
+X509_VERIFY_PARAM *vpm = SSL_get0_param(ssl);
+X509_VERIFY_PARAM_set1_host(vpm, "www.foo.com", 0);
+.Ed
 .Sh SEE ALSO
 .Xr X509_VERIFY_PARAM_set_flags 3
 .Sh HISTORY

diff --git a/src/lib/libssl/man/SSL_set1_param.3 b/src/lib/libssl/man/SSL_set1_param.3 index ae67d4796e..d164746099 100644 --- a/src/lib/libssl/man/SSL_set1_param.3 +++ b/src/lib/libssl/man/SSL_set1_param.3
@@ -1,5 +1,6 @@
1	.\" $OpenBSD: SSL_set1_param.3,v 1.1 2016/11/30 13:39:38 schwarze Exp $	1	.\" $OpenBSD: SSL_set1_param.3,v 1.2 2018/02/14 17:20:29 schwarze Exp $
2	.\" OpenSSL SSL_CTX_get0_param.pod 99d63d46 Oct 26 13:56:48 2016 -0400	2	.\" full merge up to:
		3	.\" OpenSSL man3/SSL_CTX_get0_param 99d63d46 Oct 26 13:56:48 2016 -0400
3	.\"	4	.\"
4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.	5	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
5	.\" Copyright (c) 2015 The OpenSSL Project. All rights reserved.	6	.\" Copyright (c) 2015 The OpenSSL Project. All rights reserved.
@@ -48,15 +49,25 @@
48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	49	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	50	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
50	.\"	51	.\"
51	.Dd $Mdocdate: November 30 2016 $	52	.Dd $Mdocdate: February 14 2018 $
52	.Dt SSL_SET1_PARAM 3	53	.Dt SSL_SET1_PARAM 3
53	.Os	54	.Os
54	.Sh NAME	55	.Sh NAME
		56	.Nm SSL_CTX_get0_param ,
		57	.Nm SSL_get0_param ,
55	.Nm SSL_CTX_set1_param ,	58	.Nm SSL_CTX_set1_param ,
56	.Nm SSL_set1_param	59	.Nm SSL_set1_param
57	.Nd set verification parameters	60	.Nd get and set verification parameters
58	.Sh SYNOPSIS	61	.Sh SYNOPSIS
59	.In openssl/ssl.h	62	.In openssl/ssl.h
		63	.Ft X509_VERIFY_PARAM *
		64	.Fo SSL_CTX_get0_param
		65	.Fa "SSL_CTX *ctx"
		66	.Fc
		67	.Ft X509_VERIFY_PARAM *
		68	.Fo SSL_get0_param
		69	.Fa "SSL *ssl"
		70	.Fc
60	.Ft int	71	.Ft int
61	.Fo SSL_CTX_set1_param	72	.Fo SSL_CTX_set1_param
62	.Fa "SSL_CTX *ctx"	73	.Fa "SSL_CTX *ctx"
@@ -68,6 +79,18 @@
68	.Fa "X509_VERIFY_PARAM *vpm"	79	.Fa "X509_VERIFY_PARAM *vpm"
69	.Fc	80	.Fc
70	.Sh DESCRIPTION	81	.Sh DESCRIPTION
		82	.Fn SSL_CTX_get0_param
		83	and
		84	.Fn SSL_get0_param
		85	retrieve an internal pointer to the verification parameters for
		86	.Fa ctx
		87	or
		88	.Fa ssl ,
		89	respectively.
		90	The returned pointer must not be freed by the calling application,
		91	but the application can modify the parameters pointed to
		92	to suit its needs: for example to add a hostname check.
		93	.Pp
71	.Fn SSL_CTX_set1_param	94	.Fn SSL_CTX_set1_param
72	and	95	and
73	.Fn SSL_set1_param	96	.Fn SSL_set1_param
@@ -78,10 +101,25 @@ for
78	or	101	or
79	.Fa ssl .	102	.Fa ssl .
80	.Sh RETURN VALUES	103	.Sh RETURN VALUES
		104	.Fn SSL_CTX_get0_param
		105	and
		106	.Fn SSL_get0_param
		107	return a pointer to an
		108	.Vt X509_VERIFY_PARAM
		109	structure.
		110	.Pp
81	.Fn SSL_CTX_set1_param	111	.Fn SSL_CTX_set1_param
82	and	112	and
83	.Fn SSL_set1_param	113	.Fn SSL_set1_param
84	return 1 for success or 0 for failure.	114	return 1 for success or 0 for failure.
		115	.Sh EXAMPLES
		116	Check that the hostname matches
		117	.Pa www.foo.com
		118	in the peer certificate:
		119	.Bd -literal -offset indent
		120	X509_VERIFY_PARAM *vpm = SSL_get0_param(ssl);
		121	X509_VERIFY_PARAM_set1_host(vpm, "www.foo.com", 0);
		122	.Ed
85	.Sh SEE ALSO	123	.Sh SEE ALSO
86	.Xr X509_VERIFY_PARAM_set_flags 3	124	.Xr X509_VERIFY_PARAM_set_flags 3
87	.Sh HISTORY	125	.Sh HISTORY