summaryrefslogtreecommitdiff
path: root/src/lib/libtls/tls_init.3
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libtls/tls_init.3')
-rw-r--r--src/lib/libtls/tls_init.334
1 files changed, 30 insertions, 4 deletions
diff --git a/src/lib/libtls/tls_init.3 b/src/lib/libtls/tls_init.3
index bf34b71466..d10c7cf73a 100644
--- a/src/lib/libtls/tls_init.3
+++ b/src/lib/libtls/tls_init.3
@@ -1,4 +1,4 @@
1.\" $OpenBSD: tls_init.3,v 1.49 2015/09/14 21:23:00 jmc Exp $ 1.\" $OpenBSD: tls_init.3,v 1.50 2015/10/07 23:33:38 beck Exp $
2.\" 2.\"
3.\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org> 3.\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
4.\" 4.\"
@@ -14,7 +14,7 @@
14.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16.\" 16.\"
17.Dd $Mdocdate: September 14 2015 $ 17.Dd $Mdocdate: October 7 2015 $
18.Dt TLS_INIT 3 18.Dt TLS_INIT 3
19.Os 19.Os
20.Sh NAME 20.Sh NAME
@@ -49,6 +49,8 @@
49.Nm tls_peer_cert_issuer , 49.Nm tls_peer_cert_issuer ,
50.Nm tls_peer_cert_subject , 50.Nm tls_peer_cert_subject ,
51.Nm tls_peer_cert_hash , 51.Nm tls_peer_cert_hash ,
52.Nm tls_peer_cert_notbefore ,
53.Nm tls_peer_cert_notafter ,
52.Nm tls_conn_version , 54.Nm tls_conn_version ,
53.Nm tls_conn_cipher , 55.Nm tls_conn_cipher ,
54.Nm tls_load_file , 56.Nm tls_load_file ,
@@ -132,6 +134,10 @@
132.Fn tls_peer_cert_subject "struct tls *ctx" 134.Fn tls_peer_cert_subject "struct tls *ctx"
133.Ft "const char *" 135.Ft "const char *"
134.Fn tls_peer_cert_hash "struct tls *ctx" 136.Fn tls_peer_cert_hash "struct tls *ctx"
137.Ft "time_t"
138.Fn tls_peer_cert_notbefore "struct tls *ctx"
139.Ft "time_t"
140.Fn tls_peer_cert_notafter "struct tls *ctx"
135.Ft "const char *" 141.Ft "const char *"
136.Fn tls_conn_version "struct tls *ctx" 142.Fn tls_conn_version "struct tls *ctx"
137.Ft "const char *" 143.Ft "const char *"
@@ -431,6 +437,22 @@ h=$(openssl x509 -outform der -in mycert.crt | sha256)
431printf "SHA256:${h}\\n" 437printf "SHA256:${h}\\n"
432.Ed 438.Ed
433.It 439.It
440.Fn tls_peer_cert_notbefore
441returns the time corresponding to the start of the validity period of
442the peer certificate from
443.Ar ctx .
444.Fn tls_peer_cert_notbefore
445will only succeed after the handshake is complete.
446.Em (Server and client)
447.It
448.Fn tls_peer_cert_notafter
449returns the time corresponding to the end of the validity period of
450the peer certificate from
451.Ar ctx .
452.Fn tls_peer_cert_notafter
453will only succeed after the handshake is complete.
454.Em (Server and client)
455.It
434.Fn tls_conn_version 456.Fn tls_conn_version
435returns a string 457returns a string
436corresponding to a TLS version negotiated with the peer 458corresponding to a TLS version negotiated with the peer
@@ -554,10 +576,14 @@ The
554and 576and
555.Fn tls_peer_cert_contains_name 577.Fn tls_peer_cert_contains_name
556functions return 1 if the check succeeds, and 0 if it does not. 578functions return 1 if the check succeeds, and 0 if it does not.
579Functions that return a
580.Vt time_t
581will return a time in epoch-seconds on success, and -1 on error.
582Functions that return a
583.Vt ssize_t
584will return a size on success, and -1 on error.
557All other functions that return 585All other functions that return
558.Vt int 586.Vt int
559or
560.Vt ssize_t
561will return 0 on success and -1 on error. 587will return 0 on success and -1 on error.
562Functions that return a pointer will return NULL on error, which indicates an 588Functions that return a pointer will return NULL on error, which indicates an
563out of memory condition. 589out of memory condition.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-28 15:41:15 +0000