summaryrefslogtreecommitdiff
path: root/src/lib/libtls/man (follow)
Commit message (Collapse)AuthorAgeFilesLines
* remove tls_reset(3) from the NAME, SYNOPSIS, and HISTORY sectionsschwarze2023-09-181-10/+5
| | | | because it is documented in the separate tls_client(3) manual page
* Remove the ability to do tls 1.0 and 1.1 from libtls.beck2023-07-021-9/+3
| | | | | | | | With this change any requests from configurations to request versions of tls before tls 1.2 will use tls 1.2. This prepares us to deprecate tls 1.0 and tls 1.1 support from libssl. ok tb@
* contibutions -> contributionsjsg2022-01-011-3/+3
|
* zap wonky commas;jmc2021-06-221-5/+5
|
* Clarify tls_config_set_*_file() file I/O semanticskn2021-06-221-13/+11
| | | | | | | | | | | | | | | | | | | | | | | | tls_config_set_*_file(3) do not just set the file paths like tls_config_set_*_path(3) do, they do load the given file(s) into memory directly using tls_config_load_file(). This distinction is important because it means a later tls_connect(3) will not do any file I/O (at least wrt. those files), which is relevant when for example pleding without "[rwc]path" after loading files into memory and before doing tls_connect(3). The manual's current wording made me use the following due to above way of pledging a program: tls_load_file() tls_config_set_ca_mem() tls_unload_file() While in fact a single tls_config_set_ca_file() call does the same. tls_config.c r1.26 (Aug 2016) change the code but forgot to amend the manual as noted by tb, thanks. Feedback OK tb
* Tweak previous:schwarze2021-01-021-19/+34
| | | | | | | * Do not abuse .Bl -tag for lists without bodies, use .Bl -item instead. * In tagged lists, put bodies into bodies, not into heads. * Add a few missing macros. * Drop some useless quoting.
* Make list of DHE parameters more prominentkn2021-01-021-6/+19
| | | | | | | Follow the previous commit and complete the manual page for consistency; better readable and tags for free. OK tb
* Make the list of supported protocols more prominentkn2020-12-301-5/+15
| | | | | | | | | | Manuals like httpd.conf(5) refer to this for valid protocol strings, but elements inlined into sentences are hard find to spot. Use a list as already done elsewhere in this manual. OK jmc on earlier version Feeback OK tb
* Note in the man page that the default protocols list includes 1.3beck2020-01-221-4/+4
| | | | ok jsing@
* Add support for TLSv1.3 as a protocol to libtls.jsing2020-01-201-6/+7
| | | | | | | This makes tls_config_parse_protocols() recognise and handle "tlsv1.3". If TLSv1.3 is enabled libtls will also request libssl to enable it. ok beck@ tb@
* Document tls_conn_cipher_strength().jsing2019-11-021-2/+14
| | | | ok schwarze@
* Group tls_{handshake,read,write,close}() return values documentation.jsing2019-07-091-21/+21
| | | | | | | | | | Move the documentation for tls_error() down so that both the special return values for tls_{handshake,read,write,close}() directly follow the standard return values for the same functions. Prompted by deraadt@. ok deraadt@ schwarze@
* tls_read() & tls_write() return 4 possible values: TLS_WANT_POLLOUT,deraadt2019-06-201-4/+4
| | | | | | TLS_WANT_POLLIN, -1, or 0. After handling the first two, check for -1 rather than vaguely "< 0". ok jsing
* fix examples (libtls uses its own error reporting mechanism)espie2019-03-201-4/+4
| | | | okay tb@
* Delete a note taken during the rev. 1.1 man page spliteschwarze2018-12-141-5/+2
| | | | | | that should have been deleted before commit. The cross reference is already present below SEE ALSO. Glitch noticed by jsing@.
* expose the default cert file as a function, not a define. it's reallytedu2018-11-291-3/+9
| | | | | | an internal detail of the library, so the string should live inside it, not in the application code. ok jsing
* typo in argument type, from Mario dot Andres dot Campos at gmail dot comschwarze2018-08-211-3/+3
|
* Use the same order in NAME, SYNOPSIS, DESCRIPTION, and RETURN VALUES totb2018-07-241-27/+28
| | | | | | | improve readability and ease of maintenance. Positive feedback jmc Detailed suggestion & ok schwarze
* Document tls_peer_ocsp_result() and use it in place of the non-existenttb2018-07-231-6/+12
| | | | | | | tls_peer_ocsp_result_msg() in the documentation. input & ok jsing Reads fine to jmc and makes sense to schwarze
* Move a detail on tls_connect(3) to its documentation and be a bit moretb2018-07-091-5/+7
| | | | | | explicit about the servername argument of tls_connect_servername(3). input & ok jsing, input & ok schwarze on earlier version
* wording tweak for tls_init() from jsingtb2018-07-091-4/+4
| | | | ok jsing, schwarze
* Simplify and shorten the description of tls_init(3),schwarze2018-07-081-4/+4
| | | | | fixing an awkward wording noticed by tb@. OK tb@
* minor markup improvement: .Fa *cctx -> .Pf * Fa cctxschwarze2018-05-261-3/+3
|
* Quote .Fa arguments containing blanks.schwarze2018-05-261-4/+4
| | | | Diff from Jack Burton <jack at saosce dot com dot au>.
* Automatically handle library initialisation for libtls.jsing2018-03-191-3/+4
| | | | | | | | | Now that we have tls_init() under pthread_once(), automatically initialise libtls from the entry point functions (tls_config(), tls_client() and tls_server()) - this makes an explicit tls_init() call no longer a requirement. ok bcook@ beck@ inoguchi@
* un-revert tls_init pthread_once change, now that stub is added so that ↵beck2018-03-081-3/+3
| | | | builds work
* backout. diff was not tested comprehensively, resulting in a broken tree.deraadt2018-03-071-2/+2
|
* Make tls_init() concurrently callable using pthread_once().beck2018-03-071-3/+3
| | | | | | | | | | | ok jsing@ This brings pthread_once usage into libressl, which will need to get dealt with correctly in portable. This sets us up to autoinit libtls, and we will also be using pthread_once to deal with autoinit stuff in libssl and libcrypto
* Be more specific about when the session file will be updated.jsing2018-02-101-2/+2
|
* Document functions for client-side TLS session support.jsing2018-02-102-9/+56
|
* hyphenate DER/PEM-encoded, for consistency;jmc2017-10-082-9/+9
|
* Document tls_peer_cert_chain_pem().jsing2017-10-071-2/+13
| | | | ok beck@
* Document tls_config_set_dheparams().jsing2017-08-121-4/+13
|
* Document tls_reset().jsing2017-08-121-2/+13
|
* new sentence, new line;jmc2017-08-111-3/+4
|
* Add a tls_config_set_ecdhecurves() function to libtls, which allows thejsing2017-08-101-6/+13
| | | | | | | | | | names of the elliptic curves that may be used during client and server key exchange to be specified. This deprecates tls_config_set_ecdhecurve(), which could only be used to specify a single supported curve. ok beck@
* correct function name;jmc2017-08-011-3/+3
| | | | from carlos cardenas
* Document tls_config_set_crl_file() and tls_config_set_crl_mem().jsing2017-07-061-3/+30
| | | | Based on a diff from Jack Burton <jack at saosce dot com dot au>, thanks!
* Be explicit about when it is safe to call tls_config_free().jsing2017-05-061-3/+8
| | | | Discussed with beck@
* Document tls_unload_file().jsing2017-05-061-3/+14
|
* tls_free(3) and tls_config_free(3) accept NULL;schwarze2017-04-272-4/+14
| | | | | patch from Matthew Martin <phy1729 at gmail dot com>, slightly tweaked by me
* fix error in Dt; from robert kleinjmc2017-03-021-3/+3
|
* spelling fix;jmc2017-02-201-2/+2
|
* document tls_config_error(3) RETURN VALUES, improve what is saidschwarze2017-02-202-6/+59
| | | | | about tls_error(3), and warn about some traps; OK jmc@
* tweak previous;jmc2017-01-312-12/+8
|
* Add tls_config_[add|set]keypair_ocsp functions so that ocsp staples may bebeck2017-01-312-39/+91
| | | | | | | | added associated to a keypair used for SNI, and are usable for more than just the "main" certificate. Modify httpd to use this. Bump libtls minor. ok jsing@
* Marko Kreen contributed significantly to the ocsp stuff for libtlsbeck2017-01-291-2/+3
|
* add HISTORY and AUTHORSschwarze2017-01-2812-24/+256
|
* Fix Copyright notices; ok beck@ jsing@ tedu@schwarze2017-01-2711-28/+43
|
* fix Dt;jmc2017-01-261-3/+3
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 00:19:46 +0000