1 files changed, 108 insertions, 0 deletions
diff --git a/src/lib/libssl/doc/SSL_CTX_new.3 b/src/lib/libssl/doc/SSL_CTX_new.3
new file mode 100644
index 0000000000..b798d10a9e
--- /dev/null
+++ b/src/lib/libssl/doc/SSL_CTX_new.3
@@ -0,0 +1,108 @@
+.Dd $Mdocdate: October 12 2014 $
+.Dt SSL_CTX_NEW 3
+.Os
+.Sh NAME
+.Nm SSL_CTX_new ,
+.Nm SSLv3_method ,
+.Nm SSLv3_server_method ,
+.Nm SSLv3_client_method ,
+.Nm TLSv1_method ,
+.Nm TLSv1_server_method ,
+.Nm TLSv1_client_method ,
+.Nm TLSv1_1_method ,
+.Nm TLSv1_1_server_method ,
+.Nm TLSv1_1_client_method ,
+.Nm SSLv23_method ,
+.Nm SSLv23_server_method ,
+.Nm SSLv23_client_method
+.Nd create a new SSL_CTX object as framework for TLS/SSL enabled functions
+.Sh SYNOPSIS
+.In openssl/ssl.h
+.Ft SSL_CTX *
+.Fn SSL_CTX_new "const SSL_METHOD *method"
+.Sh DESCRIPTION
+.Fn SSL_CTX_new
+creates a new
+.Vt SSL_CTX
+object as framework to establish TLS/SSL enabled connections.
+.Sh NOTES
+The
+.Vt SSL_CTX
+object uses
+.Fa method
+as its connection method.
+The methods exist in a generic type (for client and server use),
+a server only type, and a client only type.
+.Fa method
+can be of the following types:
+.Bl -tag -width Ds
+.It Fn SSLv3_method void , Fn SSLv3_server_method void , \
+Fn SSLv3_client_method void
+A TLS/SSL connection established with these methods will only understand the
+SSLv3 protocol.
+A client will send out SSLv3 client hello messages and will indicate that it
+only understands SSLv3.
+A server will only understand SSLv3 client hello messages.
+Importantly, this means that it will not understand SSLv2 client hello messages
+which are widely used for compatibility reasons; see
+.Fn SSLv23_*_method .
+.It Fn TLSv1_method void , Fn TLSv1_server_method void , \
+Fn TLSv1_client_method void
+A TLS/SSL connection established with these methods will only understand the
+TLSv1 protocol.
+A client will send out TLSv1 client hello messages and will indicate that it
+only understands TLSv1.
+A server will only understand TLSv1 client hello messages.
+Importantly, this means that it will not understand SSLv2 client hello messages
+which are widely used for compatibility reasons; see
+.Fn SSLv23_*_method .
+It will also not understand SSLv3 client hello messages.
+.It Fn SSLv23_method void , Fn SSLv23_server_method void , \
+Fn SSLv23_client_method void
+A TLS/SSL connection established with these methods may understand the SSLv3,
+TLSv1, TLSv1.1 and TLSv1.2 protocols.
+.Pp
+A client will send out TLSv1 client hello messages including extensions and
+will indicate that it also understands TLSv1.1, TLSv1.2 and permits a fallback
+to SSLv3.
+A server will support SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols.
+This is the best choice when compatibility is a concern.
+.El
+.Pp
+The list of protocols available can later be limited using the
+.Dv SSL_OP_NO_SSLv3 ,
+.Dv SSL_OP_NO_TLSv1 ,
+.Dv SSL_OP_NO_TLSv1_1 ,
+and
+.Dv SSL_OP_NO_TLSv1_2
+options of the
+.Fn SSL_CTX_set_options
+or
+.Fn SSL_set_options
+functions.
+Using these options it is possible to choose, for example,
+.Fn SSLv23_server_method
+and be able to negotiate with all possible clients,
+but to only allow newer protocols like TLSv1, TLSv1.1 or TLS v1.2.
+.Pp
+.Fn SSL_CTX_new
+initializes the list of ciphers, the session cache setting, the callbacks,
+the keys and certificates, and the options to its default values.
+.Sh RETURN VALUES
+The following return values can occur:
+.Bl -tag -width Ds
+.It Dv NULL
+The creation of a new
+.Vt SSL_CTX
+object failed.
+Check the error stack to find out the reason.
+.It Pointer to an SSL_CTX object
+The return value points to an allocated
+.Vt SSL_CTX
+object.
+.El
+.Sh SEE ALSO
+.Xr ssl 3 ,
+.Xr SSL_accept 3 ,
+.Xr SSL_CTX_free 3 ,
+.Xr SSL_set_connect_state 3

diff --git a/src/lib/libssl/doc/SSL_CTX_new.3 b/src/lib/libssl/doc/SSL_CTX_new.3 new file mode 100644 index 0000000000..b798d10a9e --- /dev/null +++ b/src/lib/libssl/doc/SSL_CTX_new.3
@@ -0,0 +1,108 @@
	1	.Dd $Mdocdate: October 12 2014 $
	2	.Dt SSL_CTX_NEW 3
	3	.Os
	4	.Sh NAME
	5	.Nm SSL_CTX_new ,
	6	.Nm SSLv3_method ,
	7	.Nm SSLv3_server_method ,
	8	.Nm SSLv3_client_method ,
	9	.Nm TLSv1_method ,
	10	.Nm TLSv1_server_method ,
	11	.Nm TLSv1_client_method ,
	12	.Nm TLSv1_1_method ,
	13	.Nm TLSv1_1_server_method ,
	14	.Nm TLSv1_1_client_method ,
	15	.Nm SSLv23_method ,
	16	.Nm SSLv23_server_method ,
	17	.Nm SSLv23_client_method
	18	.Nd create a new SSL_CTX object as framework for TLS/SSL enabled functions
	19	.Sh SYNOPSIS
	20	.In openssl/ssl.h
	21	.Ft SSL_CTX *
	22	.Fn SSL_CTX_new "const SSL_METHOD *method"
	23	.Sh DESCRIPTION
	24	.Fn SSL_CTX_new
	25	creates a new
	26	.Vt SSL_CTX
	27	object as framework to establish TLS/SSL enabled connections.
	28	.Sh NOTES
	29	The
	30	.Vt SSL_CTX
	31	object uses
	32	.Fa method
	33	as its connection method.
	34	The methods exist in a generic type (for client and server use),
	35	a server only type, and a client only type.
	36	.Fa method
	37	can be of the following types:
	38	.Bl -tag -width Ds
	39	.It Fn SSLv3_method void , Fn SSLv3_server_method void , \
	40	Fn SSLv3_client_method void
	41	A TLS/SSL connection established with these methods will only understand the
	42	SSLv3 protocol.
	43	A client will send out SSLv3 client hello messages and will indicate that it
	44	only understands SSLv3.
	45	A server will only understand SSLv3 client hello messages.
	46	Importantly, this means that it will not understand SSLv2 client hello messages
	47	which are widely used for compatibility reasons; see
	48	.Fn SSLv23_*_method .
	49	.It Fn TLSv1_method void , Fn TLSv1_server_method void , \
	50	Fn TLSv1_client_method void
	51	A TLS/SSL connection established with these methods will only understand the
	52	TLSv1 protocol.
	53	A client will send out TLSv1 client hello messages and will indicate that it
	54	only understands TLSv1.
	55	A server will only understand TLSv1 client hello messages.
	56	Importantly, this means that it will not understand SSLv2 client hello messages
	57	which are widely used for compatibility reasons; see
	58	.Fn SSLv23_*_method .
	59	It will also not understand SSLv3 client hello messages.
	60	.It Fn SSLv23_method void , Fn SSLv23_server_method void , \
	61	Fn SSLv23_client_method void
	62	A TLS/SSL connection established with these methods may understand the SSLv3,
	63	TLSv1, TLSv1.1 and TLSv1.2 protocols.
	64	.Pp
	65	A client will send out TLSv1 client hello messages including extensions and
	66	will indicate that it also understands TLSv1.1, TLSv1.2 and permits a fallback
	67	to SSLv3.
	68	A server will support SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols.
	69	This is the best choice when compatibility is a concern.
	70	.El
	71	.Pp
	72	The list of protocols available can later be limited using the
	73	.Dv SSL_OP_NO_SSLv3 ,
	74	.Dv SSL_OP_NO_TLSv1 ,
	75	.Dv SSL_OP_NO_TLSv1_1 ,
	76	and
	77	.Dv SSL_OP_NO_TLSv1_2
	78	options of the
	79	.Fn SSL_CTX_set_options
	80	or
	81	.Fn SSL_set_options
	82	functions.
	83	Using these options it is possible to choose, for example,
	84	.Fn SSLv23_server_method
	85	and be able to negotiate with all possible clients,
	86	but to only allow newer protocols like TLSv1, TLSv1.1 or TLS v1.2.
	87	.Pp
	88	.Fn SSL_CTX_new
	89	initializes the list of ciphers, the session cache setting, the callbacks,
	90	the keys and certificates, and the options to its default values.
	91	.Sh RETURN VALUES
	92	The following return values can occur:
	93	.Bl -tag -width Ds
	94	.It Dv NULL
	95	The creation of a new
	96	.Vt SSL_CTX
	97	object failed.
	98	Check the error stack to find out the reason.
	99	.It Pointer to an SSL_CTX object
	100	The return value points to an allocated
	101	.Vt SSL_CTX
	102	object.
	103	.El
	104	.Sh SEE ALSO
	105	.Xr ssl 3 ,
	106	.Xr SSL_accept 3 ,
	107	.Xr SSL_CTX_free 3 ,
	108	.Xr SSL_set_connect_state 3