2 files changed, 101 insertions, 12 deletions
diff --git a/src/lib/libssl/man/SSL_CTX_set_client_CA_list.3 b/src/lib/libssl/man/SSL_CTX_set_client_CA_list.3
index bcc53fb0d6..88e5cd5185 100644
--- a/src/lib/libssl/man/SSL_CTX_set_client_CA_list.3
+++ b/src/lib/libssl/man/SSL_CTX_set_client_CA_list.3
@@ -1,7 +1,54 @@
+.\"     $OpenBSD: SSL_CTX_set_client_CA_list.3,v 1.2 2016/11/30 17:26:09 schwarze Exp $
+.\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\"
-.\"     $OpenBSD: SSL_CTX_set_client_CA_list.3,v 1.1 2016/11/05 15:32:19 schwarze Exp $
+.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
+.\" Copyright (c) 2000, 2001, 2013 The OpenSSL Project.  All rights reserved.
 .\"
-.Dd $Mdocdate: November 5 2016 $
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in
+.\"    the documentation and/or other materials provided with the
+.\"    distribution.
+.\"
+.\" 3. All advertising materials mentioning features or use of this
+.\"    software must display the following acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+.\"
+.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+.\"    endorse or promote products derived from this software without
+.\"    prior written permission. For written permission, please contact
+.\"    openssl-core@openssl.org.
+.\"
+.\" 5. Products derived from this software may not be called "OpenSSL"
+.\"    nor may "OpenSSL" appear in their names without prior written
+.\"    permission of the OpenSSL Project.
+.\"
+.\" 6. Redistributions of any form whatsoever must retain the following
+.\"    acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+.\" OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: November 30 2016 $
 .Dt SSL_CTX_SET_CLIENT_CA_LIST 3
 .Os
 .Sh NAME
@@ -53,7 +100,7 @@ overriding the setting valid for
 .Fa ssl Ns 's
 .Va SSL_CTX
 object.
-.Sh NOTES
+.Pp
 When a TLS/SSL server requests a client certificate (see
 .Fn SSL_CTX_set_verify ) ,
 it sends a list of CAs for which it will accept certificates to the client.
diff --git a/src/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 b/src/lib/libssl/man/SSL_CTX_set_client_cert_cb.3
index c4057ae4cc..28002c1e5c 100644
--- a/src/lib/libssl/man/SSL_CTX_set_client_cert_cb.3
+++ b/src/lib/libssl/man/SSL_CTX_set_client_cert_cb.3
@@ -1,7 +1,54 @@
+.\"     $OpenBSD: SSL_CTX_set_client_cert_cb.3,v 1.2 2016/11/30 17:26:09 schwarze Exp $
+.\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\"
-.\"     $OpenBSD: SSL_CTX_set_client_cert_cb.3,v 1.1 2016/11/05 15:32:19 schwarze Exp $
+.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
+.\" Copyright (c) 2002 The OpenSSL Project.  All rights reserved.
 .\"
-.Dd $Mdocdate: November 5 2016 $
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in
+.\"    the documentation and/or other materials provided with the
+.\"    distribution.
+.\"
+.\" 3. All advertising materials mentioning features or use of this
+.\"    software must display the following acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+.\"
+.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+.\"    endorse or promote products derived from this software without
+.\"    prior written permission. For written permission, please contact
+.\"    openssl-core@openssl.org.
+.\"
+.\" 5. Products derived from this software may not be called "OpenSSL"
+.\"    nor may "OpenSSL" appear in their names without prior written
+.\"    permission of the OpenSSL Project.
+.\"
+.\" 6. Redistributions of any form whatsoever must retain the following
+.\"    acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+.\" OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: November 30 2016 $
 .Dt SSL_CTX_SET_CLIENT_CERT_CB 3
 .Os
 .Sh NAME
@@ -46,12 +93,7 @@ and
 .Fa pkey
 arguments and 1 must be returned.
 The certificate will be installed into
-.Fa ssl ;
+.Fa ssl .
-see the
-.Sx NOTES
-and
-.Sx BUGS
-sections.
 If no certificate should be set,
 0 has to be returned and no certificate will be sent.
 A negative return value will suspend the handshake and the handshake function
@@ -66,7 +108,7 @@ It is the job of the
 .Fa client_cert_cb()
 to store information
 about the state of the last call, if required to continue.
-.Sh NOTES
+.Pp
 During a handshake (or renegotiation)
 a server may request a certificate from the client.
 A client certificate must only be sent when the server did send the request.

diff --git a/src/lib/libssl/man/SSL_CTX_set_client_CA_list.3 b/src/lib/libssl/man/SSL_CTX_set_client_CA_list.3 index bcc53fb0d6..88e5cd5185 100644 --- a/src/lib/libssl/man/SSL_CTX_set_client_CA_list.3 +++ b/src/lib/libssl/man/SSL_CTX_set_client_CA_list.3
@@ -1,7 +1,54 @@
		1	.\" $OpenBSD: SSL_CTX_set_client_CA_list.3,v 1.2 2016/11/30 17:26:09 schwarze Exp $
		2	.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
1	.\"	3	.\"
2	.\" $OpenBSD: SSL_CTX_set_client_CA_list.3,v 1.1 2016/11/05 15:32:19 schwarze Exp $	4	.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
		5	.\" Copyright (c) 2000, 2001, 2013 The OpenSSL Project. All rights reserved.
3	.\"	6	.\"
4	.Dd $Mdocdate: November 5 2016 $	7	.\" Redistribution and use in source and binary forms, with or without
		8	.\" modification, are permitted provided that the following conditions
		9	.\" are met:
		10	.\"
		11	.\" 1. Redistributions of source code must retain the above copyright
		12	.\" notice, this list of conditions and the following disclaimer.
		13	.\"
		14	.\" 2. Redistributions in binary form must reproduce the above copyright
		15	.\" notice, this list of conditions and the following disclaimer in
		16	.\" the documentation and/or other materials provided with the
		17	.\" distribution.
		18	.\"
		19	.\" 3. All advertising materials mentioning features or use of this
		20	.\" software must display the following acknowledgment:
		21	.\" "This product includes software developed by the OpenSSL Project
		22	.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
		23	.\"
		24	.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
		25	.\" endorse or promote products derived from this software without
		26	.\" prior written permission. For written permission, please contact
		27	.\" openssl-core@openssl.org.
		28	.\"
		29	.\" 5. Products derived from this software may not be called "OpenSSL"
		30	.\" nor may "OpenSSL" appear in their names without prior written
		31	.\" permission of the OpenSSL Project.
		32	.\"
		33	.\" 6. Redistributions of any form whatsoever must retain the following
		34	.\" acknowledgment:
		35	.\" "This product includes software developed by the OpenSSL Project
		36	.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
		37	.\"
		38	.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
		39	.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
		40	.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
		41	.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
		42	.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
		43	.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
		44	.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
		45	.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
		46	.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
		47	.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
		48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
		49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
		50	.\"
		51	.Dd $Mdocdate: November 30 2016 $
5	.Dt SSL_CTX_SET_CLIENT_CA_LIST 3	52	.Dt SSL_CTX_SET_CLIENT_CA_LIST 3
6	.Os	53	.Os
7	.Sh NAME	54	.Sh NAME
@@ -53,7 +100,7 @@ overriding the setting valid for
53	.Fa ssl Ns 's	100	.Fa ssl Ns 's
54	.Va SSL_CTX	101	.Va SSL_CTX
55	object.	102	object.
56	.Sh NOTES	103	.Pp
57	When a TLS/SSL server requests a client certificate (see	104	When a TLS/SSL server requests a client certificate (see
58	.Fn SSL_CTX_set_verify ) ,	105	.Fn SSL_CTX_set_verify ) ,
59	it sends a list of CAs for which it will accept certificates to the client.	106	it sends a list of CAs for which it will accept certificates to the client.


diff --git a/src/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 b/src/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 index c4057ae4cc..28002c1e5c 100644 --- a/src/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 +++ b/src/lib/libssl/man/SSL_CTX_set_client_cert_cb.3
@@ -1,7 +1,54 @@
		1	.\" $OpenBSD: SSL_CTX_set_client_cert_cb.3,v 1.2 2016/11/30 17:26:09 schwarze Exp $
		2	.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
1	.\"	3	.\"
2	.\" $OpenBSD: SSL_CTX_set_client_cert_cb.3,v 1.1 2016/11/05 15:32:19 schwarze Exp $	4	.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
		5	.\" Copyright (c) 2002 The OpenSSL Project. All rights reserved.
3	.\"	6	.\"
4	.Dd $Mdocdate: November 5 2016 $	7	.\" Redistribution and use in source and binary forms, with or without
		8	.\" modification, are permitted provided that the following conditions
		9	.\" are met:
		10	.\"
		11	.\" 1. Redistributions of source code must retain the above copyright
		12	.\" notice, this list of conditions and the following disclaimer.
		13	.\"
		14	.\" 2. Redistributions in binary form must reproduce the above copyright
		15	.\" notice, this list of conditions and the following disclaimer in
		16	.\" the documentation and/or other materials provided with the
		17	.\" distribution.
		18	.\"
		19	.\" 3. All advertising materials mentioning features or use of this
		20	.\" software must display the following acknowledgment:
		21	.\" "This product includes software developed by the OpenSSL Project
		22	.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
		23	.\"
		24	.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
		25	.\" endorse or promote products derived from this software without
		26	.\" prior written permission. For written permission, please contact
		27	.\" openssl-core@openssl.org.
		28	.\"
		29	.\" 5. Products derived from this software may not be called "OpenSSL"
		30	.\" nor may "OpenSSL" appear in their names without prior written
		31	.\" permission of the OpenSSL Project.
		32	.\"
		33	.\" 6. Redistributions of any form whatsoever must retain the following
		34	.\" acknowledgment:
		35	.\" "This product includes software developed by the OpenSSL Project
		36	.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
		37	.\"
		38	.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
		39	.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
		40	.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
		41	.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
		42	.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
		43	.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
		44	.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
		45	.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
		46	.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
		47	.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
		48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
		49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
		50	.\"
		51	.Dd $Mdocdate: November 30 2016 $
5	.Dt SSL_CTX_SET_CLIENT_CERT_CB 3	52	.Dt SSL_CTX_SET_CLIENT_CERT_CB 3
6	.Os	53	.Os
7	.Sh NAME	54	.Sh NAME
@@ -46,12 +93,7 @@ and
46	.Fa pkey	93	.Fa pkey
47	arguments and 1 must be returned.	94	arguments and 1 must be returned.
48	The certificate will be installed into	95	The certificate will be installed into
49	.Fa ssl ;	96	.Fa ssl .
50	see the
51	.Sx NOTES
52	and
53	.Sx BUGS
54	sections.
55	If no certificate should be set,	97	If no certificate should be set,
56	0 has to be returned and no certificate will be sent.	98	0 has to be returned and no certificate will be sent.
57	A negative return value will suspend the handshake and the handshake function	99	A negative return value will suspend the handshake and the handshake function
@@ -66,7 +108,7 @@ It is the job of the
66	.Fa client_cert_cb()	108	.Fa client_cert_cb()
67	to store information	109	to store information
68	about the state of the last call, if required to continue.	110	about the state of the last call, if required to continue.
69	.Sh NOTES	111	.Pp
70	During a handshake (or renegotiation)	112	During a handshake (or renegotiation)
71	a server may request a certificate from the client.	113	a server may request a certificate from the client.
72	A client certificate must only be sent when the server did send the request.	114	A client certificate must only be sent when the server did send the request.