From 5802b7206a96d5d55ba7408d05151a1887b21d28 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Fri, 12 Aug 2016 15:10:59 +0000 Subject: Add ALPN support to libtls. ok beck@ doug@ --- src/lib/libtls/tls_init.3 | 36 ++++++++++++++++++++++++++++-------- 1 file changed, 28 insertions(+), 8 deletions(-) (limited to 'src/lib/libtls/tls_init.3') diff --git a/src/lib/libtls/tls_init.3 b/src/lib/libtls/tls_init.3 index 6ba2cb28be..e7f10ef556 100644 --- a/src/lib/libtls/tls_init.3 +++ b/src/lib/libtls/tls_init.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: tls_init.3,v 1.64 2016/08/02 07:47:11 jsing Exp $ +.\" $OpenBSD: tls_init.3,v 1.65 2016/08/12 15:10:59 jsing Exp $ .\" .\" Copyright (c) 2014 Ted Unangst .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: August 2 2016 $ +.Dd $Mdocdate: August 12 2016 $ .Dt TLS_INIT 3 .Os .Sh NAME @@ -24,6 +24,7 @@ .Nm tls_config_new , .Nm tls_config_free , .Nm tls_config_parse_protocols , +.Nm tls_config_set_alpn , .Nm tls_config_set_ca_file , .Nm tls_config_set_ca_path , .Nm tls_config_set_ca_mem , @@ -54,8 +55,9 @@ .Nm tls_peer_cert_hash , .Nm tls_peer_cert_notbefore , .Nm tls_peer_cert_notafter , -.Nm tls_conn_version , +.Nm tls_conn_alpn_selected , .Nm tls_conn_cipher , +.Nm tls_conn_version , .Nm tls_load_file , .Nm tls_client , .Nm tls_server , @@ -88,6 +90,8 @@ .Ft "int" .Fn tls_config_parse_protocols "uint32_t *protocols" "const char *protostr" .Ft "int" +.Fn tls_config_set_alpn "struct tls_config *config" "const char *alpn" +.Ft "int" .Fn tls_config_set_ca_file "struct tls_config *config" "const char *ca_file" .Ft "int" .Fn tls_config_set_ca_path "struct tls_config *config" "const char *ca_path" @@ -148,9 +152,11 @@ .Ft "time_t" .Fn tls_peer_cert_notafter "struct tls *ctx" .Ft "const char *" -.Fn tls_conn_version "struct tls *ctx" +.Fn tls_conn_alpn_selected "struct tls *ctx" .Ft "const char *" .Fn tls_conn_cipher "struct tls *ctx" +.Ft "const char *" +.Fn tls_conn_version "struct tls *ctx" .Ft "uint8_t *" .Fn tls_load_file "const char *file" "size_t *len" "char *password" .Ft "struct tls *" @@ -295,6 +301,11 @@ The following functions modify a configuration by setting parameters. Configuration options may apply to only clients or only servers or both. .Bl -bullet -offset four .It +.Fn tls_config_set_alpn +sets the ALPN protocols that are supported. +The alpn string is a comma separated list of protocols, in order of preference. +.Em (Client and Server) +.It .Fn tls_config_set_ca_file sets the filename used to load a file containing the root certificates. @@ -480,13 +491,14 @@ the peer certificate from will only succeed after the handshake is complete. .Em (Server and client) .It -.Fn tls_conn_version -returns a string -corresponding to a TLS version negotiated with the peer +.Fn tls_conn_alpn_selected +returns a string that specifies the ALPN protocol selected for use with the peer connected to .Ar ctx . -.Fn tls_conn_version +If no protocol was selected then NULL is returned. +.Fn tls_conn_alpn_selected will only succeed after the handshake is complete. +.Em (Server and Client) .It .Fn tls_conn_cipher returns a string @@ -497,6 +509,14 @@ connected to will only succeed after the handshake is complete. .Em (Server and client) .It +.Fn tls_conn_version +returns a string +corresponding to a TLS version negotiated with the peer +connected to +.Ar ctx . +.Fn tls_conn_version +will only succeed after the handshake is complete. +.It .Fn tls_load_file loads a certificate or key from disk into memory to be loaded with .Fn tls_config_set_ca_mem , -- cgit v1.2.3-55-g6feb