summaryrefslogtreecommitdiff
path: root/src/lib/libtls/man (follow)
Commit message (Collapse)AuthorAgeFilesLines
* zap wonky commas;jmc2021-06-221-5/+5
|
* Clarify tls_config_set_*_file() file I/O semanticskn2021-06-221-13/+11
| | | | | | | | | | | | | | | | | | | | | | | | tls_config_set_*_file(3) do not just set the file paths like tls_config_set_*_path(3) do, they do load the given file(s) into memory directly using tls_config_load_file(). This distinction is important because it means a later tls_connect(3) will not do any file I/O (at least wrt. those files), which is relevant when for example pleding without "[rwc]path" after loading files into memory and before doing tls_connect(3). The manual's current wording made me use the following due to above way of pledging a program: tls_load_file() tls_config_set_ca_mem() tls_unload_file() While in fact a single tls_config_set_ca_file() call does the same. tls_config.c r1.26 (Aug 2016) change the code but forgot to amend the manual as noted by tb, thanks. Feedback OK tb
* Tweak previous:schwarze2021-01-021-19/+34
| | | | | | | * Do not abuse .Bl -tag for lists without bodies, use .Bl -item instead. * In tagged lists, put bodies into bodies, not into heads. * Add a few missing macros. * Drop some useless quoting.
* Make list of DHE parameters more prominentkn2021-01-021-6/+19
| | | | | | | Follow the previous commit and complete the manual page for consistency; better readable and tags for free. OK tb
* Make the list of supported protocols more prominentkn2020-12-301-5/+15
| | | | | | | | | | Manuals like httpd.conf(5) refer to this for valid protocol strings, but elements inlined into sentences are hard find to spot. Use a list as already done elsewhere in this manual. OK jmc on earlier version Feeback OK tb
* Note in the man page that the default protocols list includes 1.3beck2020-01-221-4/+4
| | | | ok jsing@
* Add support for TLSv1.3 as a protocol to libtls.jsing2020-01-201-6/+7
| | | | | | | This makes tls_config_parse_protocols() recognise and handle "tlsv1.3". If TLSv1.3 is enabled libtls will also request libssl to enable it. ok beck@ tb@
* Document tls_conn_cipher_strength().jsing2019-11-021-2/+14
| | | | ok schwarze@
* Group tls_{handshake,read,write,close}() return values documentation.jsing2019-07-091-21/+21
| | | | | | | | | | Move the documentation for tls_error() down so that both the special return values for tls_{handshake,read,write,close}() directly follow the standard return values for the same functions. Prompted by deraadt@. ok deraadt@ schwarze@
* tls_read() & tls_write() return 4 possible values: TLS_WANT_POLLOUT,deraadt2019-06-201-4/+4
| | | | | | TLS_WANT_POLLIN, -1, or 0. After handling the first two, check for -1 rather than vaguely "< 0". ok jsing
* fix examples (libtls uses its own error reporting mechanism)espie2019-03-201-4/+4
| | | | okay tb@
* Delete a note taken during the rev. 1.1 man page spliteschwarze2018-12-141-5/+2
| | | | | | that should have been deleted before commit. The cross reference is already present below SEE ALSO. Glitch noticed by jsing@.
* expose the default cert file as a function, not a define. it's reallytedu2018-11-291-3/+9
| | | | | | an internal detail of the library, so the string should live inside it, not in the application code. ok jsing
* typo in argument type, from Mario dot Andres dot Campos at gmail dot comschwarze2018-08-211-3/+3
|
* Use the same order in NAME, SYNOPSIS, DESCRIPTION, and RETURN VALUES totb2018-07-241-27/+28
| | | | | | | improve readability and ease of maintenance. Positive feedback jmc Detailed suggestion & ok schwarze
* Document tls_peer_ocsp_result() and use it in place of the non-existenttb2018-07-231-6/+12
| | | | | | | tls_peer_ocsp_result_msg() in the documentation. input & ok jsing Reads fine to jmc and makes sense to schwarze
* Move a detail on tls_connect(3) to its documentation and be a bit moretb2018-07-091-5/+7
| | | | | | explicit about the servername argument of tls_connect_servername(3). input & ok jsing, input & ok schwarze on earlier version
* wording tweak for tls_init() from jsingtb2018-07-091-4/+4
| | | | ok jsing, schwarze
* Simplify and shorten the description of tls_init(3),schwarze2018-07-081-4/+4
| | | | | fixing an awkward wording noticed by tb@. OK tb@
* minor markup improvement: .Fa *cctx -> .Pf * Fa cctxschwarze2018-05-261-3/+3
|
* Quote .Fa arguments containing blanks.schwarze2018-05-261-4/+4
| | | | Diff from Jack Burton <jack at saosce dot com dot au>.
* Automatically handle library initialisation for libtls.jsing2018-03-191-3/+4
| | | | | | | | | Now that we have tls_init() under pthread_once(), automatically initialise libtls from the entry point functions (tls_config(), tls_client() and tls_server()) - this makes an explicit tls_init() call no longer a requirement. ok bcook@ beck@ inoguchi@
* un-revert tls_init pthread_once change, now that stub is added so that ↵beck2018-03-081-3/+3
| | | | builds work
* backout. diff was not tested comprehensively, resulting in a broken tree.deraadt2018-03-071-2/+2
|
* Make tls_init() concurrently callable using pthread_once().beck2018-03-071-3/+3
| | | | | | | | | | | ok jsing@ This brings pthread_once usage into libressl, which will need to get dealt with correctly in portable. This sets us up to autoinit libtls, and we will also be using pthread_once to deal with autoinit stuff in libssl and libcrypto
* Be more specific about when the session file will be updated.jsing2018-02-101-2/+2
|
* Document functions for client-side TLS session support.jsing2018-02-102-9/+56
|
* hyphenate DER/PEM-encoded, for consistency;jmc2017-10-082-9/+9
|
* Document tls_peer_cert_chain_pem().jsing2017-10-071-2/+13
| | | | ok beck@
* Document tls_config_set_dheparams().jsing2017-08-121-4/+13
|
* Document tls_reset().jsing2017-08-121-2/+13
|
* new sentence, new line;jmc2017-08-111-3/+4
|
* Add a tls_config_set_ecdhecurves() function to libtls, which allows thejsing2017-08-101-6/+13
| | | | | | | | | | names of the elliptic curves that may be used during client and server key exchange to be specified. This deprecates tls_config_set_ecdhecurve(), which could only be used to specify a single supported curve. ok beck@
* correct function name;jmc2017-08-011-3/+3
| | | | from carlos cardenas
* Document tls_config_set_crl_file() and tls_config_set_crl_mem().jsing2017-07-061-3/+30
| | | | Based on a diff from Jack Burton <jack at saosce dot com dot au>, thanks!
* Be explicit about when it is safe to call tls_config_free().jsing2017-05-061-3/+8
| | | | Discussed with beck@
* Document tls_unload_file().jsing2017-05-061-3/+14
|
* tls_free(3) and tls_config_free(3) accept NULL;schwarze2017-04-272-4/+14
| | | | | patch from Matthew Martin <phy1729 at gmail dot com>, slightly tweaked by me
* fix error in Dt; from robert kleinjmc2017-03-021-3/+3
|
* spelling fix;jmc2017-02-201-2/+2
|
* document tls_config_error(3) RETURN VALUES, improve what is saidschwarze2017-02-202-6/+59
| | | | | about tls_error(3), and warn about some traps; OK jmc@
* tweak previous;jmc2017-01-312-12/+8
|
* Add tls_config_[add|set]keypair_ocsp functions so that ocsp staples may bebeck2017-01-312-39/+91
| | | | | | | | added associated to a keypair used for SNI, and are usable for more than just the "main" certificate. Modify httpd to use this. Bump libtls minor. ok jsing@
* Marko Kreen contributed significantly to the ocsp stuff for libtlsbeck2017-01-291-2/+3
|
* add HISTORY and AUTHORSschwarze2017-01-2812-24/+256
|
* Fix Copyright notices; ok beck@ jsing@ tedu@schwarze2017-01-2711-28/+43
|
* fix Dt;jmc2017-01-261-3/+3
|
* split the tls_init(3) that had grown fat to allow healthy future growth;schwarze2017-01-2513-0/+1468
suggested by jsing@; "i would just chuck it in" jmc@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-19 20:22:40 +0000