summaryrefslogtreecommitdiff
path: root/src/lib/libtls/tls_init.3 (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* specify what is permitted as an argument to tls_config_set_ciphers()beck2015-09-111-1/+11
|
* - add some missing NAME entriesjmc2015-09-111-6/+8
| | | | | - zap trailing whitespace - avoid "can not"
* improve examples,deraadt2015-09-101-8/+11
| | | | | | | 1. hoist pollfd fields which don't change upwards 2. show ret as ssize_t, it MUST BE, or there will be lots of crying 3. on first pass, must check for either POLLIN|POLLOUT ok millert beck
* document client side certificate verification functionality.beck2015-09-101-2/+16
| | | | ok jsing@
* document changed tls_read and tls_write semantics.beck2015-09-101-15/+58
| | | | | | | document functions that clear errno. change examples to provide demonstration of both the blocking and non-blocking cases. ok jsing@, bluhm@
* tweak previous;jmc2015-09-101-3/+3
|
* Correctly document the behaviour of tls_close() - the caller is responsiblejsing2015-09-101-5/+6
| | | | | | for closing the file descriptors unless libtls allocated them. ok beck@
* Replace TLS_{READ,WRITE}_AGAIN with TLS_WANT_POLL{IN,OUT} and correctlyjsing2015-09-101-20/+13
| | | | | | document the calling requirements. ok beck@
* Update libtls man page to reflect tls_handshake() related changes.jsing2015-09-101-35/+37
| | | | ok beck@
* revert accidental commitbeck2015-09-101-4/+4
|
* comment for errno clobbering, to indicate why we do this.beck2015-09-101-4/+4
| | | | ok deraadt@ jsing@
* Add support for preferring the server's cipher list or the client's cipherjsing2015-09-101-2/+19
| | | | | | | | list. Prefer the server's cipher list by default. Based on a diff from Kyle Thompson <jmp at giga dot moe>. ok beck@ bcook@
* tweak previous; ok dougjmc2015-07-191-4/+4
|
* Add documentation on how to use TLS_{READ,WRITE}_AGAIN.doug2015-07-191-2/+29
| | | | ok beck@
* comma fix;jmc2015-04-031-3/+3
|
* Handle the case where multiple calls to SSL_shutdown() are required tojsing2015-04-021-2/+5
| | | | | | close the connection. Also correctly handle the error on failure. Diff from cookieandscream via github.
* Correct man page title.jsing2015-04-021-2/+2
| | | | | | Diff from Tim van der Molen. ok jmc@
* Document the fact that the tls_accept_*() functions can returnjsing2015-04-021-7/+11
| | | | | | TLS_READ_AGAIN and TLS_WRITE_AGAIN. Based on a diff from Tim van der Molen.
* Provide a tls_accept_fds() function, which allows a TLS connection to bejsing2015-03-311-2/+18
| | | | | | accepted via an existing pair of file descriptors. Based on a diff from Jan Klemkow.
* Rename tls_config_insecure_noverifyhost() tojsing2015-02-221-11/+11
| | | | | | | tls_config_insecure_noverifyname(), so that it is more accurate and keeps inline with the distinction between DNS hostname and server name. Requested by tedu@ during s2k15.
* explain how tls_accept_socket works.tedu2015-02-211-2/+9
|
* tls_config_set_protocols is really void. Greg Martin.tedu2015-02-211-3/+3
|
* fill out docs a bit more, notably the read/write again behaviors.tedu2015-02-211-3/+27
| | | | ok jsing
* s/tls_load_keys/tls_load_file/jsing2015-02-151-2/+2
|
* Document tls_config_parse_protocols() and update documentation forjsing2015-02-151-4/+25
| | | | tls_config_set_protocols().
* Provide a tls_connect_servername() function that has the same behaviourjsing2015-02-111-1/+9
| | | | | | | | | as tls_connect(), however allows the name to use for verification to be explicitly provided, rather than being inferred from the host value. Requested by reyk@ ok reyk@ tedu@
* Be consistent with naming - only use "host" and "hostname" when referringjsing2015-02-111-4/+4
| | | | | | | | | | to an actual host and use "servername" when referring to the name of the TLS server that we expect to be indentified in the server certificate. Likewise, rename verify_host to verify_name and use the term "name" throughout the verification code (rather than host or hostname). Requested by and ok tedu@
* Add manpage bits for tls_load_file() and tls_accept_socket().reyk2015-02-071-1/+25
| | | | | | | | The tls_accept_socket() has been previously removed because the API is not fixed yet; but it is also already used by httpd(8) and spamd(8) so it is time to add it again and eventually change it later. OK tedu@
* Add tls_config_set_dheparams() to allow specification of the parameters tojsing2015-02-071-4/+7
| | | | | | | | | use for DHE. This enables the use of DHE cipher suites. Rename tls_config_set_ecdhcurve() to tls_config_set_ecdhecurve() since it is only used to specify the curve for ephemeral ECDH. Discussed with reyk@
* last entry in NAME should not have a trailing comma;jmc2015-01-221-2/+2
|
* Allow to to load the CA chain directly from memory instead ofreyk2015-01-221-2/+9
| | | | | | | | specifying a file. This enables CA verification in privsep'ed processes that are running chroot'ed without direct access to the certificate files. With feedback, tests, and OK from bluhm@
* Revert previous; tls_accept_socket() was intentionally undocumentedschwarze2015-01-011-7/+1
| | | | | because the API design isn't fully settled. Requested by jsing@ and tedu@.
* minimally document tls_accept_socket();schwarze2015-01-011-2/+8
| | | | patch from Sunil at Nimmagadda dot net
* delete extra word in Ndderaadt2014-11-111-3/+3
|
* missing outlen in tls_write decltedu2014-11-071-3/+3
|
* Add a tls_connect_fds() function that allows a secure connection to bejsing2014-11-021-2/+15
| | | | | | | | | | established using a pair of existing file descriptors. Based on a diff/request from Jan Klemkow. Rides previous libtls rename/library bump. Discussed with tedu@.
* Rename libressl to libtls to avoid confusion and to make it easier tojsing2014-10-311-0/+316
distinguish between LibreSSL (the project) and libressl (the library). Discussed with many.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-25 23:04:04 +0000