summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/libtls/Makefile4
-rw-r--r--src/lib/libtls/tls_init.318
2 files changed, 19 insertions, 3 deletions
diff --git a/src/lib/libtls/Makefile b/src/lib/libtls/Makefile
index 6b9270b50a..fa6279dcb1 100644
--- a/src/lib/libtls/Makefile
+++ b/src/lib/libtls/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.12 2015/09/10 14:19:01 jmc Exp $ 1# $OpenBSD: Makefile,v 1.13 2015/09/10 15:47:25 beck Exp $
2 2
3CFLAGS+= -Wall -Werror -Wimplicit 3CFLAGS+= -Wall -Werror -Wimplicit
4CFLAGS+= -DLIBRESSL_INTERNAL 4CFLAGS+= -DLIBRESSL_INTERNAL
@@ -42,6 +42,8 @@ MLINKS+=tls_init.3 tls_config_clear_keys.3
42MLINKS+=tls_init.3 tls_config_insecure_noverifycert.3 42MLINKS+=tls_init.3 tls_config_insecure_noverifycert.3
43MLINKS+=tls_init.3 tls_config_insecure_noverifyname.3 43MLINKS+=tls_init.3 tls_config_insecure_noverifyname.3
44MLINKS+=tls_init.3 tls_config_verify.3 44MLINKS+=tls_init.3 tls_config_verify.3
45MLINKS+=tls_init.3 tls_config_verify_client.3
46MLINKS+=tls_init.3 tls_config_verify_client_optional.3
45MLINKS+=tls_init.3 tls_load_file.3 47MLINKS+=tls_init.3 tls_load_file.3
46MLINKS+=tls_init.3 tls_client.3 48MLINKS+=tls_init.3 tls_client.3
47MLINKS+=tls_init.3 tls_server.3 49MLINKS+=tls_init.3 tls_server.3
diff --git a/src/lib/libtls/tls_init.3 b/src/lib/libtls/tls_init.3
index 62f52e4331..01c931bb41 100644
--- a/src/lib/libtls/tls_init.3
+++ b/src/lib/libtls/tls_init.3
@@ -1,4 +1,4 @@
1.\" $OpenBSD: tls_init.3,v 1.33 2015/09/10 14:57:29 beck Exp $ 1.\" $OpenBSD: tls_init.3,v 1.34 2015/09/10 15:47:25 beck Exp $
2.\" 2.\"
3.\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org> 3.\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
4.\" 4.\"
@@ -106,6 +106,10 @@
106.Fn tls_config_insecure_noverifyname "struct tls_config *config" 106.Fn tls_config_insecure_noverifyname "struct tls_config *config"
107.Ft "void" 107.Ft "void"
108.Fn tls_config_verify "struct tls_config *config" 108.Fn tls_config_verify "struct tls_config *config"
109.Ft "void"
110.Fn tls_config_verify_client "struct tls_config *config"
111.Ft "void"
112.Fn tls_config_verify_client_optional "struct tls_config *config"
109.Ft "uint8_t *" 113.Ft "uint8_t *"
110.Fn tls_load_file "const char *file" "size_t *len" "char *password" 114.Fn tls_load_file "const char *file" "size_t *len" "char *password"
111.Ft "struct tls *" 115.Ft "struct tls *"
@@ -322,7 +326,7 @@ clears any secret keys from memory.
322.Fn tls_config_insecure_noverifycert 326.Fn tls_config_insecure_noverifycert
323disables certificate verification. 327disables certificate verification.
324Be extremely careful when using this option. 328Be extremely careful when using this option.
325.Em (Client) 329.Em (Client and server)
326.It 330.It
327.Fn tls_config_insecure_noverifyname 331.Fn tls_config_insecure_noverifyname
328disables server name verification. 332disables server name verification.
@@ -333,6 +337,16 @@ Be careful when using this option.
333reenables server name and certificate verification. 337reenables server name and certificate verification.
334.Em (Client) 338.Em (Client)
335.It 339.It
340.Fn tls_config_verify_client
341enables client certificate verification, requiring the client to send
342a certificate.
343.Em (Server)
344.It
345.Fn tls_config_verify_client_opional
346enables client certificate verification, without requiring the client
347to send a certificate.
348.Em (Server)
349.It
336.Fn tls_load_file 350.Fn tls_load_file
337loads a certificate or key from disk into memory to be loaded with 351loads a certificate or key from disk into memory to be loaded with
338.Fn tls_config_set_ca_mem , 352.Fn tls_config_set_ca_mem ,
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 13:54:39 +0000