From 9d8e62d07fb25e66d41179adb5bd43bb03ff48be Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sun, 22 Feb 2015 15:09:54 +0000
Subject: Rename tls_config_insecure_noverifyhost() to
 tls_config_insecure_noverifyname(), so that it is more accurate and keeps
 inline with the distinction between DNS hostname and server name.

Requested by tedu@ during s2k15.
---
 src/lib/libtls/Makefile     |  4 ++--
 src/lib/libtls/tls.h        |  4 ++--
 src/lib/libtls/tls_config.c | 11 +++++------
 src/lib/libtls/tls_init.3   | 22 +++++++++++-----------
 4 files changed, 20 insertions(+), 21 deletions(-)

diff --git a/src/lib/libtls/Makefile b/src/lib/libtls/Makefile
index 6baf210143..e5434f5071 100644
--- a/src/lib/libtls/Makefile
+++ b/src/lib/libtls/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.6 2015/02/15 13:33:14 jsing Exp $
+#	$OpenBSD: Makefile,v 1.7 2015/02/22 15:09:54 jsing Exp $
 
 CFLAGS+= -Wall -Werror -Wimplicit
 CFLAGS+= -DLIBRESSL_INTERNAL
@@ -34,8 +34,8 @@ MLINKS+=tls_init.3 tls_config_set_key_mem.3
 MLINKS+=tls_init.3 tls_config_set_protocols.3
 MLINKS+=tls_init.3 tls_config_set_verify_depth.3
 MLINKS+=tls_init.3 tls_config_clear_keys.3
-MLINKS+=tls_init.3 tls_config_insecure_noverifyhost.3
 MLINKS+=tls_init.3 tls_config_insecure_noverifycert.3
+MLINKS+=tls_init.3 tls_config_insecure_noverifyname.3
 MLINKS+=tls_init.3 tls_config_verify.3
 MLINKS+=tls_init.3 tls_load_file.3
 MLINKS+=tls_init.3 tls_client.3
diff --git a/src/lib/libtls/tls.h b/src/lib/libtls/tls.h
index 0af6194879..071309242f 100644
--- a/src/lib/libtls/tls.h
+++ b/src/lib/libtls/tls.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls.h,v 1.9 2015/02/12 04:35:17 jsing Exp $ */
+/* $OpenBSD: tls.h,v 1.10 2015/02/22 15:09:54 jsing Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -61,8 +61,8 @@ void tls_config_set_verify_depth(struct tls_config *config, int verify_depth);
 void tls_config_clear_keys(struct tls_config *config);
 int tls_config_parse_protocols(uint32_t *protocols, const char *protostr);
 
-void tls_config_insecure_noverifyhost(struct tls_config *config);
 void tls_config_insecure_noverifycert(struct tls_config *config);
+void tls_config_insecure_noverifyname(struct tls_config *config);
 void tls_config_verify(struct tls_config *config);
 
 struct tls *tls_client(void);
diff --git a/src/lib/libtls/tls_config.c b/src/lib/libtls/tls_config.c
index 0b0a8120a4..4c25a79303 100644
--- a/src/lib/libtls/tls_config.c
+++ b/src/lib/libtls/tls_config.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_config.c,v 1.8 2015/02/22 14:59:37 jsing Exp $ */
+/* $OpenBSD: tls_config.c,v 1.9 2015/02/22 15:09:54 jsing Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -282,17 +282,16 @@ tls_config_set_verify_depth(struct tls_config *config, int verify_depth)
 	config->verify_depth = verify_depth;
 }
 
-/* XXX - rename to noverifyname. */
 void
-tls_config_insecure_noverifyhost(struct tls_config *config)
+tls_config_insecure_noverifycert(struct tls_config *config)
 {
-	config->verify_name = 0;
+	config->verify_cert = 0;
 }
 
 void
-tls_config_insecure_noverifycert(struct tls_config *config)
+tls_config_insecure_noverifyname(struct tls_config *config)
 {
-	config->verify_cert = 0;
+	config->verify_name = 0;
 }
 
 void
diff --git a/src/lib/libtls/tls_init.3 b/src/lib/libtls/tls_init.3
index 52220fa449..3e888115e8 100644
--- a/src/lib/libtls/tls_init.3
+++ b/src/lib/libtls/tls_init.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: tls_init.3,v 1.17 2015/02/21 21:41:00 tedu Exp $
+.\" $OpenBSD: tls_init.3,v 1.18 2015/02/22 15:09:54 jsing Exp $
 .\"
 .\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: February 21 2015 $
+.Dd $Mdocdate: February 22 2015 $
 .Dt TLS 3
 .Os
 .Sh NAME
@@ -36,8 +36,8 @@
 .Nm tls_config_set_protocols ,
 .Nm tls_config_set_verify_depth ,
 .Nm tls_config_clear_keys ,
-.Nm tls_config_insecure_noverifyhost ,
 .Nm tls_config_insecure_noverifycert ,
+.Nm tls_config_insecure_noverifyname ,
 .Nm tls_config_verify ,
 .Nm tls_load_file ,
 .Nm tls_client ,
@@ -93,10 +93,10 @@
 .Ft "void"
 .Fn tls_config_clear_keys "struct tls_config *config"
 .Ft "void"
-.Fn tls_config_insecure_noverifyhost "struct tls_config *config"
-.Ft "void"
 .Fn tls_config_insecure_noverifycert "struct tls_config *config"
 .Ft "void"
+.Fn tls_config_insecure_noverifyname "struct tls_config *config"
+.Ft "void"
 .Fn tls_config_verify "struct tls_config *config"
 .Ft "uint8_t *"
 .Fn tls_load_file "const char *file" "size_t *len" "char *password"
@@ -289,18 +289,18 @@ Additionally, the values
 clears any secret keys from memory.
 .Em (Server)
 .It
-.Fn tls_config_insecure_noverifyhost
-disables hostname verification.
-Be careful when using this option.
-.Em (Client)
-.It
 .Fn tls_config_insecure_noverifycert
 disables certificate verification.
 Be extremely careful when using this option.
 .Em (Client)
 .It
+.Fn tls_config_insecure_noverifyname
+disables server name verification.
+Be careful when using this option.
+.Em (Client)
+.It
 .Fn tls_config_verify
-reenables hostname and certificate verification.
+reenables server name and certificate verification.
 .Em (Client)
 .It
 .Fn tls_load_file
-- 
cgit v1.2.3-55-g6feb