summaryrefslogtreecommitdiff
path: root/src/lib/libtls/tls_init.3 (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Fix mangled function signatures.jsing2016-05-091-5/+5
| | | | From Carlin Bingham <cb at viennan dot net>, thanks!
* spelling fix;jmc2016-04-281-2/+2
|
* Factor our the keypair handling in libtls. This results in more readablejsing2016-04-281-3/+17
| | | | | | | | | and self-contained code, while preparing for the ability to handle multiple keypairs. Also provide two additional functions that allow a public certificate and private key to be set with a single function call. ok beck@
* Rework the error handling in libtls so that we can associate errors withjsing2016-04-281-5/+10
| | | | | | | | | | | both configuration and contexts. This allows us to propagate errors that occur during configuration, rather than either just failing with no reason or delaying the failure until it can be propagated via the tls context. Also provide a tls_config_error() function for retrieving the last error from a tls_config *. ok bcook@
* no more outlen; from remcojmc2016-04-241-5/+3
| | | | ok bcook deraadt
* typos;jmc2016-04-241-3/+3
|
* update some client/server info; from jan klemkowjmc2015-11-091-5/+5
| | | | ok jsing
* Put tls_config_verify_client_optional() in the right place.jsing2015-10-161-6/+6
|
* Fix tpyo.jsing2015-10-161-3/+3
|
* trailing whitespace;jmc2015-10-081-6/+6
|
* Add tls_peer_cert_notbefore and tls_peer_cert_notafter to expose peer ↵beck2015-10-071-4/+30
| | | | | | | certificate validity times for tls connections. ok jsing@
* tweak previous;jmc2015-09-141-2/+2
|
* Provide tls_config_insecure_noverifytime() in order to be able to disablejsing2015-09-141-1/+9
| | | | | | certificate validity checking. ok beck@
* Remove useless quoting from .Fo and .Fn function names, to preventschwarze2015-09-141-4/+4
| | | | | | development of a cargo cult in case people look at existing files for examples. This achieves a consistent .Fo and .Fn quoting style across the whole tree.
* some conn_version and conn_cipher bits;jmc2015-09-141-8/+7
|
* add missing function return typesschwarze2015-09-141-2/+3
|
* add visibility of ciper and connection version stringsbeck2015-09-131-3/+23
| | | | ok jsing@
* Move connection info into it's own private structure allocated and filled inbeck2015-09-121-20/+10
| | | | | | at handshake time. change accessors to return const char * to remove need for caller to free memory. ok jsing@
* more for NAME;jmc2015-09-111-1/+4
|
* more cleanup;jmc2015-09-111-16/+15
|
* update NAME; various cleanupjmc2015-09-111-20/+20
|
* document tls_get_peer_subject, tls_get_peer_issuer, and tls_get_peer_hashbeck2015-09-111-2/+54
| | | | ok jsing@
* add tls_peer functions for checking names and issuers of peer certificates.beck2015-09-111-2/+29
| | | | ok jsing@
* specify what is permitted as an argument to tls_config_set_ciphers()beck2015-09-111-1/+11
|
* - add some missing NAME entriesjmc2015-09-111-6/+8
| | | | | - zap trailing whitespace - avoid "can not"
* improve examples,deraadt2015-09-101-8/+11
| | | | | | | 1. hoist pollfd fields which don't change upwards 2. show ret as ssize_t, it MUST BE, or there will be lots of crying 3. on first pass, must check for either POLLIN|POLLOUT ok millert beck
* document client side certificate verification functionality.beck2015-09-101-2/+16
| | | | ok jsing@
* document changed tls_read and tls_write semantics.beck2015-09-101-15/+58
| | | | | | | document functions that clear errno. change examples to provide demonstration of both the blocking and non-blocking cases. ok jsing@, bluhm@
* tweak previous;jmc2015-09-101-3/+3
|
* Correctly document the behaviour of tls_close() - the caller is responsiblejsing2015-09-101-5/+6
| | | | | | for closing the file descriptors unless libtls allocated them. ok beck@
* Replace TLS_{READ,WRITE}_AGAIN with TLS_WANT_POLL{IN,OUT} and correctlyjsing2015-09-101-20/+13
| | | | | | document the calling requirements. ok beck@
* Update libtls man page to reflect tls_handshake() related changes.jsing2015-09-101-35/+37
| | | | ok beck@
* revert accidental commitbeck2015-09-101-4/+4
|
* comment for errno clobbering, to indicate why we do this.beck2015-09-101-4/+4
| | | | ok deraadt@ jsing@
* Add support for preferring the server's cipher list or the client's cipherjsing2015-09-101-2/+19
| | | | | | | | list. Prefer the server's cipher list by default. Based on a diff from Kyle Thompson <jmp at giga dot moe>. ok beck@ bcook@
* tweak previous; ok dougjmc2015-07-191-4/+4
|
* Add documentation on how to use TLS_{READ,WRITE}_AGAIN.doug2015-07-191-2/+29
| | | | ok beck@
* comma fix;jmc2015-04-031-3/+3
|
* Handle the case where multiple calls to SSL_shutdown() are required tojsing2015-04-021-2/+5
| | | | | | close the connection. Also correctly handle the error on failure. Diff from cookieandscream via github.
* Correct man page title.jsing2015-04-021-2/+2
| | | | | | Diff from Tim van der Molen. ok jmc@
* Document the fact that the tls_accept_*() functions can returnjsing2015-04-021-7/+11
| | | | | | TLS_READ_AGAIN and TLS_WRITE_AGAIN. Based on a diff from Tim van der Molen.
* Provide a tls_accept_fds() function, which allows a TLS connection to bejsing2015-03-311-2/+18
| | | | | | accepted via an existing pair of file descriptors. Based on a diff from Jan Klemkow.
* Rename tls_config_insecure_noverifyhost() tojsing2015-02-221-11/+11
| | | | | | | tls_config_insecure_noverifyname(), so that it is more accurate and keeps inline with the distinction between DNS hostname and server name. Requested by tedu@ during s2k15.
* explain how tls_accept_socket works.tedu2015-02-211-2/+9
|
* tls_config_set_protocols is really void. Greg Martin.tedu2015-02-211-3/+3
|
* fill out docs a bit more, notably the read/write again behaviors.tedu2015-02-211-3/+27
| | | | ok jsing
* s/tls_load_keys/tls_load_file/jsing2015-02-151-2/+2
|
* Document tls_config_parse_protocols() and update documentation forjsing2015-02-151-4/+25
| | | | tls_config_set_protocols().
* Provide a tls_connect_servername() function that has the same behaviourjsing2015-02-111-1/+9
| | | | | | | | | as tls_connect(), however allows the name to use for verification to be explicitly provided, rather than being inferred from the host value. Requested by reyk@ ok reyk@ tedu@
* Be consistent with naming - only use "host" and "hostname" when referringjsing2015-02-111-4/+4
| | | | | | | | | | to an actual host and use "servername" when referring to the name of the TLS server that we expect to be indentified in the server certificate. Likewise, rename verify_host to verify_name and use the term "name" throughout the verification code (rather than host or hostname). Requested by and ok tedu@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-09-07 16:51:05 +0000