From 677c623665ddbedb424360e3793fce4bb7032cd5 Mon Sep 17 00:00:00 2001 From: reyk <> Date: Sat, 7 Feb 2015 23:45:06 +0000 Subject: Add manpage bits for tls_load_file() and tls_accept_socket(). The tls_accept_socket() has been previously removed because the API is not fixed yet; but it is also already used by httpd(8) and spamd(8) so it is time to add it again and eventually change it later. OK tedu@ --- src/lib/libtls/Makefile | 4 +++- src/lib/libtls/tls_init.3 | 26 +++++++++++++++++++++++++- 2 files changed, 28 insertions(+), 2 deletions(-) (limited to 'src/lib') diff --git a/src/lib/libtls/Makefile b/src/lib/libtls/Makefile index bf7de202ff..4ae970d093 100644 --- a/src/lib/libtls/Makefile +++ b/src/lib/libtls/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.3 2015/02/07 06:19:26 jsing Exp $ +# $OpenBSD: Makefile,v 1.4 2015/02/07 23:45:06 reyk Exp $ CFLAGS+= -Wall -Werror -Wimplicit CFLAGS+= -DLIBRESSL_INTERNAL @@ -36,6 +36,7 @@ MLINKS+=tls_init.3 tls_config_clear_keys.3 MLINKS+=tls_init.3 tls_config_insecure_noverifyhost.3 MLINKS+=tls_init.3 tls_config_insecure_noverifycert.3 MLINKS+=tls_init.3 tls_config_verify.3 +MLINKS+=tls_init.3 tls_load_file.3 MLINKS+=tls_init.3 tls_client.3 MLINKS+=tls_init.3 tls_server.3 MLINKS+=tls_init.3 tls_configure.3 @@ -45,6 +46,7 @@ MLINKS+=tls_init.3 tls_free.3 MLINKS+=tls_init.3 tls_close.3 MLINKS+=tls_init.3 tls_connect.3 MLINKS+=tls_init.3 tls_connect_socket.3 +MLINKS+=tls_init.3 tls_accept_socket.3 MLINKS+=tls_init.3 tls_read.3 MLINKS+=tls_init.3 tls_write.3 diff --git a/src/lib/libtls/tls_init.3 b/src/lib/libtls/tls_init.3 index 48974cb326..73234a427d 100644 --- a/src/lib/libtls/tls_init.3 +++ b/src/lib/libtls/tls_init.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: tls_init.3,v 1.9 2015/02/07 06:19:26 jsing Exp $ +.\" $OpenBSD: tls_init.3,v 1.10 2015/02/07 23:45:06 reyk Exp $ .\" .\" Copyright (c) 2014 Ted Unangst .\" @@ -38,6 +38,7 @@ .Nm tls_config_insecure_noverifyhost , .Nm tls_config_insecure_noverifycert , .Nm tls_config_verify , +.Nm tls_load_file , .Nm tls_client , .Nm tls_server , .Nm tls_configure , @@ -47,6 +48,7 @@ .Nm tls_connect , .Nm tls_connect_fds , .Nm tls_connect_socket , +.Nm tls_accept_socket , .Nm tls_read , .Nm tls_write .Nd TLS client and server API @@ -92,6 +94,8 @@ .Fn tls_config_insecure_noverifycert "struct tls_config *config" .Ft "void" .Fn tls_config_verify "struct tls_config *config" +.Ft "uint8_t *" +.Fn tls_load_file "const char *file" "size_t *len" "char *password" .Ft "struct tls *" .Fn tls_client void .Ft "struct tls *" @@ -111,6 +115,8 @@ .Ft "int" .Fn tls_connect_socket "struct tls *ctx" "int s" "const char *hostname" .Ft "int" +.Fn tls_accept_socket "struct tls *tls" "struct tls **cctx" "int socket" +.Ft "int" .Fn tls_read "struct tls *ctx" "void *buf" "size_t buflen" "size_t *outlen" .Ft "int" .Fn tls_write "struct tls *ctx" "const void *buf" "size_t buflen" "size_t *outlen" @@ -159,6 +165,10 @@ Alternatively, a secure connection can be established over a pair of existing file descriptors by calling .Fn tls_connect_fds . .Pp +A server can accept a new client connection by calling +.Fn tls_accept_socket +on an already established socket connection. +.Pp Two functions are provided for input and output, .Fn tls_read and @@ -262,6 +272,17 @@ Be extremely careful when using this option. .Fn tls_config_verify reenables hostname and certificate verification. .Em (Client) +.It +.Fn tls_load_keys +loads a certificate or key from disk into memory to be loaded with +.Fn tls_config_set_ca_mem , +.Fn tls_config_set_cert_mem +or +.Fn tls_config_set_key_mem . +A private key will be decrypted if the optional +.Ar password +argument is specified. +.Em (Client and server) .El .Pp The following functions create, prepare, and free a connection context. @@ -306,6 +327,9 @@ connects a client context to a pair of existing file descriptors. .Fn tls_connect_socket connects a client context to an already established socket connection. .It +.Fn tls_accept_socket +accepts a client context on an already established socket connection. +.It .Fn tls_read reads .Fa buflen -- cgit v1.2.3-55-g6feb