From fb9dca0f0ed93924626f04529bb4dfa85e3ef25e Mon Sep 17 00:00:00 2001
From: beck <>
Date: Tue, 31 Jan 2017 16:18:57 +0000
Subject: Add tls_config_[add|set]keypair_ocsp functions so that ocsp staples
 may be added associated to a keypair used for SNI, and are usable for more
 than just the "main" certificate. Modify httpd to use this. Bump libtls
 minor.

ok jsing@
---
 .../libtls/man/tls_config_ocsp_require_stapling.3  | 33 ++++------------------
 1 file changed, 6 insertions(+), 27 deletions(-)

(limited to 'src/lib/libtls/man/tls_config_ocsp_require_stapling.3')

diff --git a/src/lib/libtls/man/tls_config_ocsp_require_stapling.3 b/src/lib/libtls/man/tls_config_ocsp_require_stapling.3
index 0f532cf8c0..b8b7600904 100644
--- a/src/lib/libtls/man/tls_config_ocsp_require_stapling.3
+++ b/src/lib/libtls/man/tls_config_ocsp_require_stapling.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: tls_config_ocsp_require_stapling.3,v 1.3 2017/01/28 00:59:36 schwarze Exp $
+.\" $OpenBSD: tls_config_ocsp_require_stapling.3,v 1.4 2017/01/31 16:18:57 beck Exp $
 .\"
 .\" Copyright (c) 2016 Bob Beck <beck@openbsd.org>
 .\"
@@ -14,46 +14,25 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: January 28 2017 $
+.Dd $Mdocdate: January 31 2017 $
 .Dt TLS_CONFIG_OCSP_REQUIRE_STAPLING 3
 .Os
 .Sh NAME
 .Nm tls_config_ocsp_require_stapling ,
-.Nm tls_config_set_ocsp_staple_mem ,
-.Nm tls_config_set_ocsp_staple_file
 .Nd OCSP configuration for libtls
 .Sh SYNOPSIS
 .In tls.h
 .Ft void
 .Fn tls_config_ocsp_require_stapling "struct tls_config *config"
-.Ft int
-.Fo tls_config_set_ocsp_staple_mem
-.Fa "struct tls_config *config"
-.Fa "const char *staple"
-.Fa "size_t len"
-.Fc
-.Ft int
-.Fo tls_config_set_ocsp_staple_file
-.Fa "struct tls_config *config"
-.Fa "const char *staple_file"
 .Fc
 .Sh DESCRIPTION
 .Fn tls_config_ocsp_require_stapling
 requires that a valid stapled OCSP response be provided during the TLS handshake.
-.Pp
-.Fn tls_config_set_ocsp_staple_file
-sets a DER-encoded OCSP response to be stapled during the TLS handshake from
-the specified file.
-.Pp
-.Fn tls_config_set_ocsp_staple_mem
-sets a DER-encoded OCSP response to be stapled during the TLS handshake from
-memory.
-.Sh RETURN VALUES
-.Fn tls_config_set_ocsp_staple_mem
-and
-.Fn tls_config_set_ocsp_staple_file
-return 0 on success or -1 on error.
 .Sh SEE ALSO
+.Xr tls_config_set_keypair_file 3 ,
+.Xr tls_config_set_keypair_mem 3 ,
+.Xr tls_config_add_keypair_file 3 ,
+.Xr tls_config_add_keypair_mem 3 ,
 .Xr tls_handshake 3 ,
 .Xr tls_init 3 ,
 .Xr tls_ocsp_process_response 3
-- 
cgit v1.2.3-55-g6feb