summaryrefslogtreecommitdiff
path: root/src/lib/libtls/tls_init.3
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libtls/tls_init.3')
-rw-r--r--src/lib/libtls/tls_init.336
1 files changed, 8 insertions, 28 deletions
diff --git a/src/lib/libtls/tls_init.3 b/src/lib/libtls/tls_init.3
index 0969c093a1..6ba2cb28be 100644
--- a/src/lib/libtls/tls_init.3
+++ b/src/lib/libtls/tls_init.3
@@ -1,4 +1,4 @@
1.\" $OpenBSD: tls_init.3,v 1.63 2016/08/01 17:32:19 jsing Exp $ 1.\" $OpenBSD: tls_init.3,v 1.64 2016/08/02 07:47:11 jsing Exp $
2.\" 2.\"
3.\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org> 3.\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
4.\" 4.\"
@@ -14,7 +14,7 @@
14.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16.\" 16.\"
17.Dd $Mdocdate: August 1 2016 $ 17.Dd $Mdocdate: August 2 2016 $
18.Dt TLS_INIT 3 18.Dt TLS_INIT 3
19.Os 19.Os
20.Sh NAME 20.Sh NAME
@@ -24,7 +24,6 @@
24.Nm tls_config_new , 24.Nm tls_config_new ,
25.Nm tls_config_free , 25.Nm tls_config_free ,
26.Nm tls_config_parse_protocols , 26.Nm tls_config_parse_protocols ,
27.Nm tls_config_set_alpn ,
28.Nm tls_config_set_ca_file , 27.Nm tls_config_set_ca_file ,
29.Nm tls_config_set_ca_path , 28.Nm tls_config_set_ca_path ,
30.Nm tls_config_set_ca_mem , 29.Nm tls_config_set_ca_mem ,
@@ -55,9 +54,8 @@
55.Nm tls_peer_cert_hash , 54.Nm tls_peer_cert_hash ,
56.Nm tls_peer_cert_notbefore , 55.Nm tls_peer_cert_notbefore ,
57.Nm tls_peer_cert_notafter , 56.Nm tls_peer_cert_notafter ,
58.Nm tls_conn_alpn_selected ,
59.Nm tls_conn_cipher ,
60.Nm tls_conn_version , 57.Nm tls_conn_version ,
58.Nm tls_conn_cipher ,
61.Nm tls_load_file , 59.Nm tls_load_file ,
62.Nm tls_client , 60.Nm tls_client ,
63.Nm tls_server , 61.Nm tls_server ,
@@ -90,8 +88,6 @@
90.Ft "int" 88.Ft "int"
91.Fn tls_config_parse_protocols "uint32_t *protocols" "const char *protostr" 89.Fn tls_config_parse_protocols "uint32_t *protocols" "const char *protostr"
92.Ft "int" 90.Ft "int"
93.Fn tls_config_set_alpn "struct tls_config *config" "const char *alpn"
94.Ft "int"
95.Fn tls_config_set_ca_file "struct tls_config *config" "const char *ca_file" 91.Fn tls_config_set_ca_file "struct tls_config *config" "const char *ca_file"
96.Ft "int" 92.Ft "int"
97.Fn tls_config_set_ca_path "struct tls_config *config" "const char *ca_path" 93.Fn tls_config_set_ca_path "struct tls_config *config" "const char *ca_path"
@@ -152,11 +148,9 @@
152.Ft "time_t" 148.Ft "time_t"
153.Fn tls_peer_cert_notafter "struct tls *ctx" 149.Fn tls_peer_cert_notafter "struct tls *ctx"
154.Ft "const char *" 150.Ft "const char *"
155.Fn tls_conn_alpn_selected "struct tls *ctx" 151.Fn tls_conn_version "struct tls *ctx"
156.Ft "const char *" 152.Ft "const char *"
157.Fn tls_conn_cipher "struct tls *ctx" 153.Fn tls_conn_cipher "struct tls *ctx"
158.Ft "const char *"
159.Fn tls_conn_version "struct tls *ctx"
160.Ft "uint8_t *" 154.Ft "uint8_t *"
161.Fn tls_load_file "const char *file" "size_t *len" "char *password" 155.Fn tls_load_file "const char *file" "size_t *len" "char *password"
162.Ft "struct tls *" 156.Ft "struct tls *"
@@ -301,11 +295,6 @@ The following functions modify a configuration by setting parameters.
301Configuration options may apply to only clients or only servers or both. 295Configuration options may apply to only clients or only servers or both.
302.Bl -bullet -offset four 296.Bl -bullet -offset four
303.It 297.It
304.Fn tls_config_set_alpn
305sets the ALPN protocols that are supported.
306The alpn string is a comma separated list of protocols, in order of preference.
307.Em (Client and Server)
308.It
309.Fn tls_config_set_ca_file 298.Fn tls_config_set_ca_file
310sets the filename used to load a file 299sets the filename used to load a file
311containing the root certificates. 300containing the root certificates.
@@ -491,14 +480,13 @@ the peer certificate from
491will only succeed after the handshake is complete. 480will only succeed after the handshake is complete.
492.Em (Server and client) 481.Em (Server and client)
493.It 482.It
494.Fn tls_conn_alpn_selected 483.Fn tls_conn_version
495returns a string that specifies the ALPN protocol selected for use with the peer 484returns a string
485corresponding to a TLS version negotiated with the peer
496connected to 486connected to
497.Ar ctx . 487.Ar ctx .
498If no protocol was selected then NULL is returned. 488.Fn tls_conn_version
499.Fn tls_conn_alpn_selected
500will only succeed after the handshake is complete. 489will only succeed after the handshake is complete.
501.Em (Server and Client)
502.It 490.It
503.Fn tls_conn_cipher 491.Fn tls_conn_cipher
504returns a string 492returns a string
@@ -509,14 +497,6 @@ connected to
509will only succeed after the handshake is complete. 497will only succeed after the handshake is complete.
510.Em (Server and client) 498.Em (Server and client)
511.It 499.It
512.Fn tls_conn_version
513returns a string
514corresponding to a TLS version negotiated with the peer
515connected to
516.Ar ctx .
517.Fn tls_conn_version
518will only succeed after the handshake is complete.
519.It
520.Fn tls_load_file 500.Fn tls_load_file
521loads a certificate or key from disk into memory to be loaded with 501loads a certificate or key from disk into memory to be loaded with
522.Fn tls_config_set_ca_mem , 502.Fn tls_config_set_ca_mem ,