summaryrefslogtreecommitdiff
path: root/src/lib/libtls/tls_init.3 (follow)
Commit message (Collapse)AuthorAgeFilesLines
* update some client/server info; from jan klemkowjmc2015-11-091-5/+5
| | | | ok jsing
* Put tls_config_verify_client_optional() in the right place.jsing2015-10-161-6/+6
|
* Fix tpyo.jsing2015-10-161-3/+3
|
* trailing whitespace;jmc2015-10-081-6/+6
|
* Add tls_peer_cert_notbefore and tls_peer_cert_notafter to expose peer ↵beck2015-10-071-4/+30
| | | | | | | certificate validity times for tls connections. ok jsing@
* tweak previous;jmc2015-09-141-2/+2
|
* Provide tls_config_insecure_noverifytime() in order to be able to disablejsing2015-09-141-1/+9
| | | | | | certificate validity checking. ok beck@
* Remove useless quoting from .Fo and .Fn function names, to preventschwarze2015-09-141-4/+4
| | | | | | development of a cargo cult in case people look at existing files for examples. This achieves a consistent .Fo and .Fn quoting style across the whole tree.
* some conn_version and conn_cipher bits;jmc2015-09-141-8/+7
|
* add missing function return typesschwarze2015-09-141-2/+3
|
* add visibility of ciper and connection version stringsbeck2015-09-131-3/+23
| | | | ok jsing@
* Move connection info into it's own private structure allocated and filled inbeck2015-09-121-20/+10
| | | | | | at handshake time. change accessors to return const char * to remove need for caller to free memory. ok jsing@
* more for NAME;jmc2015-09-111-1/+4
|
* more cleanup;jmc2015-09-111-16/+15
|
* update NAME; various cleanupjmc2015-09-111-20/+20
|
* document tls_get_peer_subject, tls_get_peer_issuer, and tls_get_peer_hashbeck2015-09-111-2/+54
| | | | ok jsing@
* add tls_peer functions for checking names and issuers of peer certificates.beck2015-09-111-2/+29
| | | | ok jsing@
* specify what is permitted as an argument to tls_config_set_ciphers()beck2015-09-111-1/+11
|
* - add some missing NAME entriesjmc2015-09-111-6/+8
| | | | | - zap trailing whitespace - avoid "can not"
* improve examples,deraadt2015-09-101-8/+11
| | | | | | | 1. hoist pollfd fields which don't change upwards 2. show ret as ssize_t, it MUST BE, or there will be lots of crying 3. on first pass, must check for either POLLIN|POLLOUT ok millert beck
* document client side certificate verification functionality.beck2015-09-101-2/+16
| | | | ok jsing@
* document changed tls_read and tls_write semantics.beck2015-09-101-15/+58
| | | | | | | document functions that clear errno. change examples to provide demonstration of both the blocking and non-blocking cases. ok jsing@, bluhm@
* tweak previous;jmc2015-09-101-3/+3
|
* Correctly document the behaviour of tls_close() - the caller is responsiblejsing2015-09-101-5/+6
| | | | | | for closing the file descriptors unless libtls allocated them. ok beck@
* Replace TLS_{READ,WRITE}_AGAIN with TLS_WANT_POLL{IN,OUT} and correctlyjsing2015-09-101-20/+13
| | | | | | document the calling requirements. ok beck@
* Update libtls man page to reflect tls_handshake() related changes.jsing2015-09-101-35/+37
| | | | ok beck@
* revert accidental commitbeck2015-09-101-4/+4
|
* comment for errno clobbering, to indicate why we do this.beck2015-09-101-4/+4
| | | | ok deraadt@ jsing@
* Add support for preferring the server's cipher list or the client's cipherjsing2015-09-101-2/+19
| | | | | | | | list. Prefer the server's cipher list by default. Based on a diff from Kyle Thompson <jmp at giga dot moe>. ok beck@ bcook@
* tweak previous; ok dougjmc2015-07-191-4/+4
|
* Add documentation on how to use TLS_{READ,WRITE}_AGAIN.doug2015-07-191-2/+29
| | | | ok beck@
* comma fix;jmc2015-04-031-3/+3
|
* Handle the case where multiple calls to SSL_shutdown() are required tojsing2015-04-021-2/+5
| | | | | | close the connection. Also correctly handle the error on failure. Diff from cookieandscream via github.
* Correct man page title.jsing2015-04-021-2/+2
| | | | | | Diff from Tim van der Molen. ok jmc@
* Document the fact that the tls_accept_*() functions can returnjsing2015-04-021-7/+11
| | | | | | TLS_READ_AGAIN and TLS_WRITE_AGAIN. Based on a diff from Tim van der Molen.
* Provide a tls_accept_fds() function, which allows a TLS connection to bejsing2015-03-311-2/+18
| | | | | | accepted via an existing pair of file descriptors. Based on a diff from Jan Klemkow.
* Rename tls_config_insecure_noverifyhost() tojsing2015-02-221-11/+11
| | | | | | | tls_config_insecure_noverifyname(), so that it is more accurate and keeps inline with the distinction between DNS hostname and server name. Requested by tedu@ during s2k15.
* explain how tls_accept_socket works.tedu2015-02-211-2/+9
|
* tls_config_set_protocols is really void. Greg Martin.tedu2015-02-211-3/+3
|
* fill out docs a bit more, notably the read/write again behaviors.tedu2015-02-211-3/+27
| | | | ok jsing
* s/tls_load_keys/tls_load_file/jsing2015-02-151-2/+2
|
* Document tls_config_parse_protocols() and update documentation forjsing2015-02-151-4/+25
| | | | tls_config_set_protocols().
* Provide a tls_connect_servername() function that has the same behaviourjsing2015-02-111-1/+9
| | | | | | | | | as tls_connect(), however allows the name to use for verification to be explicitly provided, rather than being inferred from the host value. Requested by reyk@ ok reyk@ tedu@
* Be consistent with naming - only use "host" and "hostname" when referringjsing2015-02-111-4/+4
| | | | | | | | | | to an actual host and use "servername" when referring to the name of the TLS server that we expect to be indentified in the server certificate. Likewise, rename verify_host to verify_name and use the term "name" throughout the verification code (rather than host or hostname). Requested by and ok tedu@
* Add manpage bits for tls_load_file() and tls_accept_socket().reyk2015-02-071-1/+25
| | | | | | | | The tls_accept_socket() has been previously removed because the API is not fixed yet; but it is also already used by httpd(8) and spamd(8) so it is time to add it again and eventually change it later. OK tedu@
* Add tls_config_set_dheparams() to allow specification of the parameters tojsing2015-02-071-4/+7
| | | | | | | | | use for DHE. This enables the use of DHE cipher suites. Rename tls_config_set_ecdhcurve() to tls_config_set_ecdhecurve() since it is only used to specify the curve for ephemeral ECDH. Discussed with reyk@
* last entry in NAME should not have a trailing comma;jmc2015-01-221-2/+2
|
* Allow to to load the CA chain directly from memory instead ofreyk2015-01-221-2/+9
| | | | | | | | specifying a file. This enables CA verification in privsep'ed processes that are running chroot'ed without direct access to the certificate files. With feedback, tests, and OK from bluhm@
* Revert previous; tls_accept_socket() was intentionally undocumentedschwarze2015-01-011-7/+1
| | | | | because the API design isn't fully settled. Requested by jsing@ and tedu@.
* minimally document tls_accept_socket();schwarze2015-01-011-2/+8
| | | | patch from Sunil at Nimmagadda dot net
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-22 22:31:01 +0000