From 8f893d2599ab84649f4191a0d3b4d6321ff08314 Mon Sep 17 00:00:00 2001 From: tb <> Date: Mon, 9 Jul 2018 19:51:18 +0000 Subject: Move a detail on tls_connect(3) to its documentation and be a bit more explicit about the servername argument of tls_connect_servername(3). input & ok jsing, input & ok schwarze on earlier version --- src/lib/libtls/man/tls_connect.3 | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/src/lib/libtls/man/tls_connect.3 b/src/lib/libtls/man/tls_connect.3 index 161e0d644d..4c4f01c256 100644 --- a/src/lib/libtls/man/tls_connect.3 +++ b/src/lib/libtls/man/tls_connect.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: tls_connect.3,v 1.3 2017/01/28 00:59:36 schwarze Exp $ +.\" $OpenBSD: tls_connect.3,v 1.4 2018/07/09 19:51:18 tb Exp $ .\" .\" Copyright (c) 2014 Ted Unangst .\" Copyright (c) 2014, 2015 Joel Sing @@ -16,7 +16,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: January 28 2017 $ +.Dd $Mdocdate: July 9 2018 $ .Dt TLS_CONNECT 3 .Os .Sh NAME @@ -84,13 +84,15 @@ If it is then a .Fa host of the format "hostname:port" is permitted. +The name to use for verification is inferred from the +.Ar host +value. .Pp The .Fn tls_connect_servername function has the same behaviour, however the name to use for verification is -explicitly provided, rather than being inferred from the -.Ar host -value. +explicitly provided, for the case where the TLS server name differs from the +DNS name. .Pp An already existing socket can be upgraded to a secure connection by calling .Fn tls_connect_socket . -- cgit v1.2.3-55-g6feb