1 files changed, 0 insertions, 172 deletions
diff --git a/src/lib/libssl/man/SSL_set1_host.3 b/src/lib/libssl/man/SSL_set1_host.3
deleted file mode 100644
index 2a3935c3f2..0000000000
--- a/src/lib/libssl/man/SSL_set1_host.3
+++ /dev/null
@@ -1,172 +0,0 @@
-.\" $OpenBSD: SSL_set1_host.3,v 1.4 2021/03/31 16:56:46 tb Exp $
-.\" selective merge up to: OpenSSL 6328d367 Jul 4 21:58:30 2020 +0200
-.\"
-.\" This file was written by Viktor Dukhovni <viktor@openssl.org>
-.\" Copyright (c) 2015 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 31 2021 $
-.Dt SSL_SET1_HOST 3
-.Os
-.Sh NAME
-.Nm SSL_set1_host ,
-.Nm SSL_set_hostflags ,
-.Nm SSL_get0_peername
-.Nd SSL server verification parameters
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft int
-.Fo SSL_set1_host
-.Fa "SSL *ssl"
-.Fa "const char *hostname"
-.Fc
-.Ft void
-.Fo SSL_set_hostflags
-.Fa "SSL *ssl"
-.Fa "unsigned int flags"
-.Fc
-.Ft const char *
-.Fo SSL_get0_peername
-.Fa "SSL *ssl"
-.Fc
-.Sh DESCRIPTION
-.Fn SSL_set1_host
-configures a server hostname check in the
-.Fa ssl
-client, setting the expected DNS hostname to
-.Fa hostname
-and clearing any previously specified hostname.
-If
-.Fa hostname
-is
-.Dv NULL
-or the empty string, name checks are not performed on the peer certificate.
-If a nonempty
-.Fa hostname
-is specified, certificate verification automatically checks the peer
-hostname via
-.Xr X509_check_host 3
-with
-.Fa flags
-set to 0.
-.Pp
-.Fn SSL_set_hostflags
-sets the flags that will be passed to
-.Xr X509_check_host 3
-when name checks are applicable,
-by default the flags value is 0.
-See
-.Xr X509_check_host 3
-for the list of available flags and their meaning.
-.Pp
-.Fn SSL_get0_peername
-returns the DNS hostname or subject CommonName from the peer certificate
-that matched one of the reference identifiers.
-Unless wildcard matching is disabled, the name matched in the peer
-certificate may be a wildcard name.
-A reference identifier starting with
-.Sq \&.
-indicates a parent domain prefix rather than a fixed name.
-In this case, the matched peername may be a sub-domain
-of the reference identifier.
-The returned string is owned by the library and is no longer valid
-once the associated
-.Fa ssl
-object is cleared or freed, or if a renegotiation takes place.
-Applications must not free the return value.
-.Pp
-SSL clients are advised to use these functions in preference to
-explicitly calling
-.Xr X509_check_host 3 .
-.Sh RETURN VALUES
-.Fn SSL_set1_host
-returns 1 for success or 0 for failure.
-.Pp
-.Fn SSL_get0_peername
-returns the matched peername or
-.Dv NULL
-if peername verification is not applicable
-or no trusted peername was matched.
-Use
-.Xr SSL_get_verify_result 3
-to determine whether verification succeeded.
-.Sh EXAMPLES
-The calls below check the hostname.
-Wildcards are supported, but they must match the entire label.
-The actual name matched in the certificate (which might be a wildcard)
-is retrieved, and must be copied by the application if it is to be
-retained beyond the lifetime of the SSL connection.
-.Bd -literal
-if (!SSL_set1_host(ssl, "smtp.example.com"))
-        /* error */
-/* XXX: Perform SSL_connect() handshake and handle errors here */
-if (SSL_get_verify_result(ssl) == X509_V_OK) {
-        const char *peername = SSL_get0_peername(ssl);
-        if (peername != NULL)
-                /* Name checks were in scope and matched the peername */
-}
-.Ed
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_CTX_set_verify 3 ,
-.Xr SSL_get_peer_certificate 3 ,
-.Xr SSL_get_verify_result 3 ,
-.Xr X509_check_host 3 ,
-.Xr X509_VERIFY_PARAM_set1_host 3
-.Sh HISTORY
-All three functions first appeared in OpenSSL 1.1.0.
-.Fn SSL_set1_host
-has been available since
-.Ox 6.5 ,
-and
-.Fn SSL_set_hostflags
-and
-.Fn SSL_get0_peername
-since
-.Ox 6.9 .

diff --git a/src/lib/libssl/man/SSL_set1_host.3 b/src/lib/libssl/man/SSL_set1_host.3 deleted file mode 100644 index 2a3935c3f2..0000000000 --- a/src/lib/libssl/man/SSL_set1_host.3 +++ /dev/null
@@ -1,172 +0,0 @@
1	.\" $OpenBSD: SSL_set1_host.3,v 1.4 2021/03/31 16:56:46 tb Exp $
2	.\" selective merge up to: OpenSSL 6328d367 Jul 4 21:58:30 2020 +0200
3	.\"
4	.\" This file was written by Viktor Dukhovni <viktor@openssl.org>
5	.\" Copyright (c) 2015 The OpenSSL Project. All rights reserved.
6	.\"
7	.\" Redistribution and use in source and binary forms, with or without
8	.\" modification, are permitted provided that the following conditions
9	.\" are met:
10	.\"
11	.\" 1. Redistributions of source code must retain the above copyright
12	.\" notice, this list of conditions and the following disclaimer.
13	.\"
14	.\" 2. Redistributions in binary form must reproduce the above copyright
15	.\" notice, this list of conditions and the following disclaimer in
16	.\" the documentation and/or other materials provided with the
17	.\" distribution.
18	.\"
19	.\" 3. All advertising materials mentioning features or use of this
20	.\" software must display the following acknowledgment:
21	.\" "This product includes software developed by the OpenSSL Project
22	.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
23	.\"
24	.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
25	.\" endorse or promote products derived from this software without
26	.\" prior written permission. For written permission, please contact
27	.\" openssl-core@openssl.org.
28	.\"
29	.\" 5. Products derived from this software may not be called "OpenSSL"
30	.\" nor may "OpenSSL" appear in their names without prior written
31	.\" permission of the OpenSSL Project.
32	.\"
33	.\" 6. Redistributions of any form whatsoever must retain the following
34	.\" acknowledgment:
35	.\" "This product includes software developed by the OpenSSL Project
36	.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
37	.\"
38	.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
39	.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
40	.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
41	.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
42	.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
43	.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
44	.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
45	.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
46	.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
47	.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
50	.\"
51	.Dd $Mdocdate: March 31 2021 $
52	.Dt SSL_SET1_HOST 3
53	.Os
54	.Sh NAME
55	.Nm SSL_set1_host ,
56	.Nm SSL_set_hostflags ,
57	.Nm SSL_get0_peername
58	.Nd SSL server verification parameters
59	.Sh SYNOPSIS
60	.In openssl/ssl.h
61	.Ft int
62	.Fo SSL_set1_host
63	.Fa "SSL *ssl"
64	.Fa "const char *hostname"
65	.Fc
66	.Ft void
67	.Fo SSL_set_hostflags
68	.Fa "SSL *ssl"
69	.Fa "unsigned int flags"
70	.Fc
71	.Ft const char *
72	.Fo SSL_get0_peername
73	.Fa "SSL *ssl"
74	.Fc
75	.Sh DESCRIPTION
76	.Fn SSL_set1_host
77	configures a server hostname check in the
78	.Fa ssl
79	client, setting the expected DNS hostname to
80	.Fa hostname
81	and clearing any previously specified hostname.
82	If
83	.Fa hostname
84	is
85	.Dv NULL
86	or the empty string, name checks are not performed on the peer certificate.
87	If a nonempty
88	.Fa hostname
89	is specified, certificate verification automatically checks the peer
90	hostname via
91	.Xr X509_check_host 3
92	with
93	.Fa flags
94	set to 0.
95	.Pp
96	.Fn SSL_set_hostflags
97	sets the flags that will be passed to
98	.Xr X509_check_host 3
99	when name checks are applicable,
100	by default the flags value is 0.
101	See
102	.Xr X509_check_host 3
103	for the list of available flags and their meaning.
104	.Pp
105	.Fn SSL_get0_peername
106	returns the DNS hostname or subject CommonName from the peer certificate
107	that matched one of the reference identifiers.
108	Unless wildcard matching is disabled, the name matched in the peer
109	certificate may be a wildcard name.
110	A reference identifier starting with
111	.Sq \&.
112	indicates a parent domain prefix rather than a fixed name.
113	In this case, the matched peername may be a sub-domain
114	of the reference identifier.
115	The returned string is owned by the library and is no longer valid
116	once the associated
117	.Fa ssl
118	object is cleared or freed, or if a renegotiation takes place.
119	Applications must not free the return value.
120	.Pp
121	SSL clients are advised to use these functions in preference to
122	explicitly calling
123	.Xr X509_check_host 3 .
124	.Sh RETURN VALUES
125	.Fn SSL_set1_host
126	returns 1 for success or 0 for failure.
127	.Pp
128	.Fn SSL_get0_peername
129	returns the matched peername or
130	.Dv NULL
131	if peername verification is not applicable
132	or no trusted peername was matched.
133	Use
134	.Xr SSL_get_verify_result 3
135	to determine whether verification succeeded.
136	.Sh EXAMPLES
137	The calls below check the hostname.
138	Wildcards are supported, but they must match the entire label.
139	The actual name matched in the certificate (which might be a wildcard)
140	is retrieved, and must be copied by the application if it is to be
141	retained beyond the lifetime of the SSL connection.
142	.Bd -literal
143	if (!SSL_set1_host(ssl, "smtp.example.com"))
144	/* error */
145
146	/* XXX: Perform SSL_connect() handshake and handle errors here */
147
148	if (SSL_get_verify_result(ssl) == X509_V_OK) {
149	const char *peername = SSL_get0_peername(ssl);
150
151	if (peername != NULL)
152	/* Name checks were in scope and matched the peername */
153	}
154	.Ed
155	.Sh SEE ALSO
156	.Xr ssl 3 ,
157	.Xr SSL_CTX_set_verify 3 ,
158	.Xr SSL_get_peer_certificate 3 ,
159	.Xr SSL_get_verify_result 3 ,
160	.Xr X509_check_host 3 ,
161	.Xr X509_VERIFY_PARAM_set1_host 3
162	.Sh HISTORY
163	All three functions first appeared in OpenSSL 1.1.0.
164	.Fn SSL_set1_host
165	has been available since
166	.Ox 6.5 ,
167	and
168	.Fn SSL_set_hostflags
169	and
170	.Fn SSL_get0_peername
171	since
172	.Ox 6.9 .