From 277c01d4872af51c7ce52c92dc8bb37c50c129c6 Mon Sep 17 00:00:00 2001
From: schwarze <>
Date: Mon, 18 Mar 2019 18:31:15 +0000
Subject: * note that the handshake must be completed first * correct the
 description of "unknown" (the previous are both from OpenSSL 1.1.1, still
 under a free license) * add a comment saying that TLS1_get_version() and
 TLS1_get_client_version() are intentionally undocumented (reasons provided by
 jsing@)

---
 src/lib/libssl/man/SSL_get_version.3 | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libssl/man/SSL_get_version.3 b/src/lib/libssl/man/SSL_get_version.3
index f8999d8695..cc4297c5ba 100644
--- a/src/lib/libssl/man/SSL_get_version.3
+++ b/src/lib/libssl/man/SSL_get_version.3
@@ -1,5 +1,6 @@
-.\"	$OpenBSD: SSL_get_version.3,v 1.6 2019/01/21 12:35:33 schwarze Exp $
-.\"	OpenSSL bb9ad09e Jun 6 00:43:05 2016 -0400
+.\" $OpenBSD: SSL_get_version.3,v 1.7 2019/03/18 18:31:15 schwarze Exp $
+.\" full merge up to: OpenSSL bb9ad09e Jun 6 00:43:05 2016 -0400
+.\" selective merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100
 .\"
 .\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
 .\" Copyright (c) 2001, 2005, 2014 The OpenSSL Project.  All rights reserved.
@@ -48,12 +49,18 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: January 21 2019 $
+.Dd $Mdocdate: March 18 2019 $
 .Dt SSL_GET_VERSION 3
 .Os
 .Sh NAME
 .Nm SSL_get_version ,
 .Nm SSL_version
+.\" The following are intentionally undocumented because
+.\" - the longer term plan is to remove them
+.\" - nothing appears to be using them in the wild
+.\" - and they have the wrong namespace prefix
+.\" Nm TLS1_get_version
+.\" Nm TLS1_get_client_version
 .Nd get the protocol version of a connection
 .Sh SYNOPSIS
 .In openssl/ssl.h
@@ -68,6 +75,9 @@ returns the name of the protocol used for the connection
 .Pp
 .Fn SSL_version
 returns an integer constant representing that protocol.
+.Pp
+These functions only return reliable results
+after the initial handshake has been completed.
 .Sh RETURN VALUES
 The following strings or integers can be returned:
 .Bl -tag -width Ds
@@ -82,7 +92,8 @@ The connection uses the TLSv1.3 protocol.
 .It Qo DTLSv1 Qc No or Dv DTLS1_VERSION
 The connection uses the Datagram Transport Layer Security 1.0 protocol.
 .It Qq unknown
-This indicates that no version has been set (no connection established).
+This indicates an unknown protocol version;
+it cannot currently happen with LibreSSL.
 .El
 .Sh SEE ALSO
 .Xr ssl 3
-- 
cgit v1.2.3-55-g6feb