diff options
Diffstat (limited to 'src/lib/libtls/tls_init.3')
| -rw-r--r-- | src/lib/libtls/tls_init.3 | 29 |
1 files changed, 28 insertions, 1 deletions
diff --git a/src/lib/libtls/tls_init.3 b/src/lib/libtls/tls_init.3 index 05474016f4..f5cada93a5 100644 --- a/src/lib/libtls/tls_init.3 +++ b/src/lib/libtls/tls_init.3 | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | .\" $OpenBSD: tls_init.3,v 1.84 2017/01/24 01:16:26 claudio Exp $ | 1 | .\" $OpenBSD: tls_init.3,v 1.85 2017/01/24 01:48:05 claudio Exp $ |
| 2 | .\" | 2 | .\" |
| 3 | .\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org> | 3 | .\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org> |
| 4 | .\" | 4 | .\" |
| @@ -26,6 +26,7 @@ | |||
| 26 | .Nm tls_config_parse_protocols , | 26 | .Nm tls_config_parse_protocols , |
| 27 | .Nm tls_config_add_keypair_file , | 27 | .Nm tls_config_add_keypair_file , |
| 28 | .Nm tls_config_add_keypair_mem , | 28 | .Nm tls_config_add_keypair_mem , |
| 29 | .Nm tls_config_add_ticket_key , | ||
| 29 | .Nm tls_config_set_alpn , | 30 | .Nm tls_config_set_alpn , |
| 30 | .Nm tls_config_set_ca_file , | 31 | .Nm tls_config_set_ca_file , |
| 31 | .Nm tls_config_set_ca_path , | 32 | .Nm tls_config_set_ca_path , |
| @@ -42,6 +43,8 @@ | |||
| 42 | .Nm tls_config_set_ocsp_staple_mem , | 43 | .Nm tls_config_set_ocsp_staple_mem , |
| 43 | .Nm tls_config_set_ocsp_staple_file , | 44 | .Nm tls_config_set_ocsp_staple_file , |
| 44 | .Nm tls_config_set_protocols , | 45 | .Nm tls_config_set_protocols , |
| 46 | .Nm tls_config_set_session_id , | ||
| 47 | .Nm tls_config_set_session_lifetime , | ||
| 45 | .Nm tls_config_set_verify_depth , | 48 | .Nm tls_config_set_verify_depth , |
| 46 | .Nm tls_config_prefer_ciphers_client , | 49 | .Nm tls_config_prefer_ciphers_client , |
| 47 | .Nm tls_config_prefer_ciphers_server , | 50 | .Nm tls_config_prefer_ciphers_server , |
| @@ -111,6 +114,8 @@ | |||
| 111 | .Ft "int" | 114 | .Ft "int" |
| 112 | .Fn tls_config_add_keypair_mem "struct tls_config *config" "const uint8_t *cert" "size_t cert_len" "const uint8_t *key" "size_t key_len" | 115 | .Fn tls_config_add_keypair_mem "struct tls_config *config" "const uint8_t *cert" "size_t cert_len" "const uint8_t *key" "size_t key_len" |
| 113 | .Ft "int" | 116 | .Ft "int" |
| 117 | .Fn tls_config_add_ticket_key "struct tls_config *config" "uint32_t keyrev" "unsigned char *key" "size_t keylen" | ||
| 118 | .Ft "int" | ||
| 114 | .Fn tls_config_set_alpn "struct tls_config *config" "const char *alpn" | 119 | .Fn tls_config_set_alpn "struct tls_config *config" "const char *alpn" |
| 115 | .Ft "int" | 120 | .Ft "int" |
| 116 | .Fn tls_config_set_ca_file "struct tls_config *config" "const char *ca_file" | 121 | .Fn tls_config_set_ca_file "struct tls_config *config" "const char *ca_file" |
| @@ -143,6 +148,10 @@ | |||
| 143 | .Ft "int" | 148 | .Ft "int" |
| 144 | .Fn tls_config_set_protocols "struct tls_config *config" "uint32_t protocols" | 149 | .Fn tls_config_set_protocols "struct tls_config *config" "uint32_t protocols" |
| 145 | .Ft "int" | 150 | .Ft "int" |
| 151 | .Fn tls_config_set_session_id "struct tls_config *config" "const unsigned char *session_id" "size_t len" | ||
| 152 | .Ft "int" | ||
| 153 | .Fn tls_config_set_session_lifetime "struct tls_config *config" "int lifetime" | ||
| 154 | .Ft "int" | ||
| 146 | .Fn tls_config_set_verify_depth "struct tls_config *config" "int verify_depth" | 155 | .Fn tls_config_set_verify_depth "struct tls_config *config" "int verify_depth" |
| 147 | .Ft "void" | 156 | .Ft "void" |
| 148 | .Fn tls_config_prefer_ciphers_client "struct tls_config *config" | 157 | .Fn tls_config_prefer_ciphers_client "struct tls_config *config" |
| @@ -371,6 +380,14 @@ used as an alternative certificate for Server Name Indication (server only). | |||
| 371 | adds an additional public certificate and private key from memory, | 380 | adds an additional public certificate and private key from memory, |
| 372 | used as an alternative certificate for Server Name Indication (server only). | 381 | used as an alternative certificate for Server Name Indication (server only). |
| 373 | .It | 382 | .It |
| 383 | .Fn tls_config_add_ticket_key | ||
| 384 | adds a key used for the encryption and authentication of TLS tickets. | ||
| 385 | By default keys are generated and rotated automatically based on their lifetime. | ||
| 386 | This function should only be used to synchronise ticket encryption key accross | ||
| 387 | multiple processes. | ||
| 388 | Re-adding a known key will result in an error, unless it is the most recently | ||
| 389 | added key. | ||
| 390 | .It | ||
| 374 | .Fn tls_config_set_alpn | 391 | .Fn tls_config_set_alpn |
| 375 | sets the ALPN protocols that are supported. | 392 | sets the ALPN protocols that are supported. |
| 376 | The alpn string is a comma separated list of protocols, in order of preference. | 393 | The alpn string is a comma separated list of protocols, in order of preference. |
| @@ -447,6 +464,16 @@ Additionally, the values | |||
| 447 | .Dv TLS_PROTOCOLS_DEFAULT | 464 | .Dv TLS_PROTOCOLS_DEFAULT |
| 448 | (TLSv1.2 only) may be used. | 465 | (TLSv1.2 only) may be used. |
| 449 | .It | 466 | .It |
| 467 | .Fn tls_config_set_session_id | ||
| 468 | sets the session identifier that will be used by the TLS server when | ||
| 469 | sessions are enabled. | ||
| 470 | By default a random value is used. | ||
| 471 | .It | ||
| 472 | .Fn tls_config_set_session_lifetime | ||
| 473 | sets the lifetime to be used for TLS sessions. | ||
| 474 | Session support is disabled if a lifetime of zero is specified, which is the | ||
| 475 | default. | ||
| 476 | .It | ||
| 450 | .Fn tls_config_set_verify_depth | 477 | .Fn tls_config_set_verify_depth |
| 451 | limits the number of intermediate certificates that will be followed during | 478 | limits the number of intermediate certificates that will be followed during |
| 452 | certificate validation. | 479 | certificate validation. |