2 files changed, 126 insertions, 1 deletions
diff --git a/src/lib/libssl/man/Makefile b/src/lib/libssl/man/Makefile
index 40e0d32a79..f57c638a17 100644
--- a/src/lib/libssl/man/Makefile
+++ b/src/lib/libssl/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.52 2016/12/10 14:56:56 schwarze Exp $
+# $OpenBSD: Makefile,v 1.53 2017/04/10 13:05:06 schwarze Exp $
 .include <bsd.own.mk>
@@ -39,6 +39,7 @@ MAN =	BIO_f_ssl.3 \
        SSL_CTX_set_session_id_context.3 \
        SSL_CTX_set_ssl_version.3 \
        SSL_CTX_set_timeout.3 \
+        SSL_CTX_set_tlsext_servername_callback.3 \
        SSL_CTX_set_tlsext_status_cb.3 \
        SSL_CTX_set_tlsext_ticket_key_cb.3 \
        SSL_CTX_set_tmp_dh_callback.3 \
diff --git a/src/lib/libssl/man/SSL_CTX_set_tlsext_servername_callback.3 b/src/lib/libssl/man/SSL_CTX_set_tlsext_servername_callback.3
new file mode 100644
index 0000000000..fc0e4536aa
--- /dev/null
+++ b/src/lib/libssl/man/SSL_CTX_set_tlsext_servername_callback.3
@@ -0,0 +1,124 @@
+.\"     $OpenBSD: SSL_CTX_set_tlsext_servername_callback.3,v 1.1 2017/04/10 13:05:06 schwarze Exp $
+.\"     OpenSSL 8c55c461 Mar 29 08:34:37 2017 +1000
+.\"
+.\" This file was written by Jon Spillett <jon.spillett@oracle.com>
+.\" Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in
+.\"    the documentation and/or other materials provided with the
+.\"    distribution.
+.\"
+.\" 3. All advertising materials mentioning features or use of this
+.\"    software must display the following acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+.\"
+.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+.\"    endorse or promote products derived from this software without
+.\"    prior written permission. For written permission, please contact
+.\"    openssl-core@openssl.org.
+.\"
+.\" 5. Products derived from this software may not be called "OpenSSL"
+.\"    nor may "OpenSSL" appear in their names without prior written
+.\"    permission of the OpenSSL Project.
+.\"
+.\" 6. Redistributions of any form whatsoever must retain the following
+.\"    acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+.\" OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: April 10 2017 $
+.Dt SSL_CTX_SET_TLSEXT_SERVERNAME_CALLBACK 3
+.Os
+.Sh NAME
+.Nm SSL_CTX_set_tlsext_servername_callback ,
+.Nm SSL_CTX_set_tlsext_servername_arg ,
+.Nm SSL_get_servername_type ,
+.Nm SSL_get_servername
+.Nd handle server name indication (SNI)
+.Sh SYNOPSIS
+.In openssl/ssl.h
+.Ft long
+.Fo SSL_CTX_set_tlsext_servername_callback
+.Fa "SSL_CTX *ctx"
+.Fa "int (*cb)(SSL_CTX *, int *, void *)"
+.Fc
+.Ft long
+.Fo SSL_CTX_set_tlsext_servername_arg
+.Fa "SSL_CTX *ctx"
+.Fa "void *arg"
+.Fc
+.Ft const char *
+.Fo SSL_get_servername
+.Fa "const SSL *s"
+.Fa "const int type"
+.Fc
+.Ft int
+.Fo SSL_get_servername_type
+.Fa "const SSL *s"
+.Fc
+.Sh DESCRIPTION
+.Fn SSL_CTX_set_tlsext_servername_callback
+sets the application callback
+.Fa cb
+used by a server to perform any actions or configuration required based
+on the servername extension received in the incoming connection.
+When
+.Fa cb
+is
+.Dv NULL ,
+SNI is not used.
+The
+.Fa arg
+value is a pointer which is passed to the application callback.
+.Pp
+.Fn SSL_CTX_set_tlsext_servername_arg
+sets a context-specific argument to be passed into the callback for
+.Fa ctx .
+.Pp
+Both functions are implemented as macros.
+.Pp
+The ALPN and SNI callbacks are both executed during Client Hello
+processing.
+The servername callback is executed first, followed by the ALPN
+callback.
+.Sh RETURN VALUES
+.Fn SSL_CTX_set_tlsext_servername_callback
+and
+.Fn SSL_CTX_set_tlsext_servername_arg
+always return 1 indicating success.
+.Pp
+.Fn SSL_get_servername
+returns a servername extension value of the specified type if provided
+in the Client Hello, or
+.Dv NULL
+otherwise.
+.Pp
+.Fn SSL_get_servername_type
+returns the servername type or -1 if no servername is present.
+Currently the only supported type (defined in RFC 3546) is
+.Dv TLSEXT_NAMETYPE_host_name .
+.Sh SEE ALSO
+.Xr SSL_CTX_callback_ctrl 3 ,
+.Xr SSL_CTX_set_alpn_select_cb 3

diff --git a/src/lib/libssl/man/Makefile b/src/lib/libssl/man/Makefile index 40e0d32a79..f57c638a17 100644 --- a/src/lib/libssl/man/Makefile +++ b/src/lib/libssl/man/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.52 2016/12/10 14:56:56 schwarze Exp $	1	# $OpenBSD: Makefile,v 1.53 2017/04/10 13:05:06 schwarze Exp $
2		2
3	.include <bsd.own.mk>	3	.include <bsd.own.mk>
4		4
@@ -39,6 +39,7 @@ MAN = BIO_f_ssl.3 \
39	SSL_CTX_set_session_id_context.3 \	39	SSL_CTX_set_session_id_context.3 \
40	SSL_CTX_set_ssl_version.3 \	40	SSL_CTX_set_ssl_version.3 \
41	SSL_CTX_set_timeout.3 \	41	SSL_CTX_set_timeout.3 \
		42	SSL_CTX_set_tlsext_servername_callback.3 \
42	SSL_CTX_set_tlsext_status_cb.3 \	43	SSL_CTX_set_tlsext_status_cb.3 \
43	SSL_CTX_set_tlsext_ticket_key_cb.3 \	44	SSL_CTX_set_tlsext_ticket_key_cb.3 \
44	SSL_CTX_set_tmp_dh_callback.3 \	45	SSL_CTX_set_tmp_dh_callback.3 \


diff --git a/src/lib/libssl/man/SSL_CTX_set_tlsext_servername_callback.3 b/src/lib/libssl/man/SSL_CTX_set_tlsext_servername_callback.3 new file mode 100644 index 0000000000..fc0e4536aa --- /dev/null +++ b/src/lib/libssl/man/SSL_CTX_set_tlsext_servername_callback.3
@@ -0,0 +1,124 @@
		1	.\" $OpenBSD: SSL_CTX_set_tlsext_servername_callback.3,v 1.1 2017/04/10 13:05:06 schwarze Exp $
		2	.\" OpenSSL 8c55c461 Mar 29 08:34:37 2017 +1000
		3	.\"
		4	.\" This file was written by Jon Spillett <jon.spillett@oracle.com>
		5	.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved.
		6	.\"
		7	.\" Redistribution and use in source and binary forms, with or without
		8	.\" modification, are permitted provided that the following conditions
		9	.\" are met:
		10	.\"
		11	.\" 1. Redistributions of source code must retain the above copyright
		12	.\" notice, this list of conditions and the following disclaimer.
		13	.\"
		14	.\" 2. Redistributions in binary form must reproduce the above copyright
		15	.\" notice, this list of conditions and the following disclaimer in
		16	.\" the documentation and/or other materials provided with the
		17	.\" distribution.
		18	.\"
		19	.\" 3. All advertising materials mentioning features or use of this
		20	.\" software must display the following acknowledgment:
		21	.\" "This product includes software developed by the OpenSSL Project
		22	.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
		23	.\"
		24	.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
		25	.\" endorse or promote products derived from this software without
		26	.\" prior written permission. For written permission, please contact
		27	.\" openssl-core@openssl.org.
		28	.\"
		29	.\" 5. Products derived from this software may not be called "OpenSSL"
		30	.\" nor may "OpenSSL" appear in their names without prior written
		31	.\" permission of the OpenSSL Project.
		32	.\"
		33	.\" 6. Redistributions of any form whatsoever must retain the following
		34	.\" acknowledgment:
		35	.\" "This product includes software developed by the OpenSSL Project
		36	.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
		37	.\"
		38	.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
		39	.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
		40	.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
		41	.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
		42	.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
		43	.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
		44	.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
		45	.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
		46	.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
		47	.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
		48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
		49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
		50	.\"
		51	.Dd $Mdocdate: April 10 2017 $
		52	.Dt SSL_CTX_SET_TLSEXT_SERVERNAME_CALLBACK 3
		53	.Os
		54	.Sh NAME
		55	.Nm SSL_CTX_set_tlsext_servername_callback ,
		56	.Nm SSL_CTX_set_tlsext_servername_arg ,
		57	.Nm SSL_get_servername_type ,
		58	.Nm SSL_get_servername
		59	.Nd handle server name indication (SNI)
		60	.Sh SYNOPSIS
		61	.In openssl/ssl.h
		62	.Ft long
		63	.Fo SSL_CTX_set_tlsext_servername_callback
		64	.Fa "SSL_CTX *ctx"
		65	.Fa "int (cb)(SSL_CTX , int , void )"
		66	.Fc
		67	.Ft long
		68	.Fo SSL_CTX_set_tlsext_servername_arg
		69	.Fa "SSL_CTX *ctx"
		70	.Fa "void *arg"
		71	.Fc
		72	.Ft const char *
		73	.Fo SSL_get_servername
		74	.Fa "const SSL *s"
		75	.Fa "const int type"
		76	.Fc
		77	.Ft int
		78	.Fo SSL_get_servername_type
		79	.Fa "const SSL *s"
		80	.Fc
		81	.Sh DESCRIPTION
		82	.Fn SSL_CTX_set_tlsext_servername_callback
		83	sets the application callback
		84	.Fa cb
		85	used by a server to perform any actions or configuration required based
		86	on the servername extension received in the incoming connection.
		87	When
		88	.Fa cb
		89	is
		90	.Dv NULL ,
		91	SNI is not used.
		92	The
		93	.Fa arg
		94	value is a pointer which is passed to the application callback.
		95	.Pp
		96	.Fn SSL_CTX_set_tlsext_servername_arg
		97	sets a context-specific argument to be passed into the callback for
		98	.Fa ctx .
		99	.Pp
		100	Both functions are implemented as macros.
		101	.Pp
		102	The ALPN and SNI callbacks are both executed during Client Hello
		103	processing.
		104	The servername callback is executed first, followed by the ALPN
		105	callback.
		106	.Sh RETURN VALUES
		107	.Fn SSL_CTX_set_tlsext_servername_callback
		108	and
		109	.Fn SSL_CTX_set_tlsext_servername_arg
		110	always return 1 indicating success.
		111	.Pp
		112	.Fn SSL_get_servername
		113	returns a servername extension value of the specified type if provided
		114	in the Client Hello, or
		115	.Dv NULL
		116	otherwise.
		117	.Pp
		118	.Fn SSL_get_servername_type
		119	returns the servername type or -1 if no servername is present.
		120	Currently the only supported type (defined in RFC 3546) is
		121	.Dv TLSEXT_NAMETYPE_host_name .
		122	.Sh SEE ALSO
		123	.Xr SSL_CTX_callback_ctrl 3 ,
		124	.Xr SSL_CTX_set_alpn_select_cb 3