From 51eeb7ff1e9ea33451d6369eff4a51f7eaa5e93b Mon Sep 17 00:00:00 2001
From: schwarze <>
Date: Wed, 12 Jun 2019 09:03:43 +0000
Subject: List all 17 SSL pages that were missing. Split some excessively long
 lists into useful sub-categories. Add a new, very short subsection "Obsolete
 functions" at the end. OK tb@ jmc@

---
 src/lib/libssl/man/ssl.3 | 140 ++++++++++++++++++++++++++++++-----------------
 1 file changed, 89 insertions(+), 51 deletions(-)

(limited to 'src')

diff --git a/src/lib/libssl/man/ssl.3 b/src/lib/libssl/man/ssl.3
index 4877342ba1..7683599652 100644
--- a/src/lib/libssl/man/ssl.3
+++ b/src/lib/libssl/man/ssl.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssl.3,v 1.15 2019/04/05 18:29:43 schwarze Exp $
+.\" $OpenBSD: ssl.3,v 1.16 2019/06/12 09:03:43 schwarze Exp $
 .\" full merge up to: OpenSSL e330f55d Nov 11 00:51:04 2016 +0100
 .\" selective merge up to: OpenSSL cbade361 Dec 12 13:14:45 2017 +0100
 .\"
@@ -51,7 +51,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: April 5 2019 $
+.Dd $Mdocdate: June 12 2019 $
 .Dt SSL 3
 .Os
 .Sh NAME
@@ -191,50 +191,77 @@ objects:
 The following pages describe functions acting on
 .Vt SSL_CTX
 objects.
-Many of these pages also document variants providing similar
-functionality for individual connection objects.
 .Pp
 Constructors and destructors:
 .Xr SSL_CTX_new 3 ,
 .Xr SSL_CTX_set_ssl_version 3 ,
 .Xr SSL_CTX_free 3
 .Pp
-Configuration functions:
-.Xr SSL_CTX_add1_chain_cert 3 ,
+Certificate configuration:
 .Xr SSL_CTX_add_extra_chain_cert 3 ,
-.Xr SSL_CTX_ctrl 3 ,
-.Xr SSL_CTX_flush_sessions 3 ,
-.Xr SSL_CTX_get_verify_mode 3 ,
+.Xr SSL_CTX_get0_certificate 3 ,
 .Xr SSL_CTX_load_verify_locations 3 ,
-.Xr SSL_CTX_sess_set_get_cb 3 ,
-.Xr SSL_CTX_set_alpn_select_cb 3 ,
 .Xr SSL_CTX_set_cert_store 3 ,
 .Xr SSL_CTX_set_cert_verify_callback 3 ,
-.Xr SSL_CTX_set_cipher_list 3 ,
-.Xr SSL_CTX_set_client_CA_list 3 ,
 .Xr SSL_CTX_set_client_cert_cb 3 ,
 .Xr SSL_CTX_set_default_passwd_cb 3 ,
-.Xr SSL_CTX_set_generate_session_id 3 ,
-.Xr SSL_CTX_set_info_callback 3 ,
+.Xr SSL_CTX_set_tlsext_status_cb 3
+.Pp
+Session configuration:
+.Xr SSL_CTX_add_session 3 ,
+.Xr SSL_CTX_flush_sessions 3 ,
+.Xr SSL_CTX_sess_number 3 ,
+.Xr SSL_CTX_sess_set_cache_size 3 ,
+.Xr SSL_CTX_sess_set_get_cb 3 ,
+.Xr SSL_CTX_sessions 3 ,
+.Xr SSL_CTX_set_session_cache_mode 3 ,
+.Xr SSL_CTX_set_timeout 3 ,
+.Xr SSL_CTX_set_tlsext_ticket_key_cb 3
+.Pp
+Various configuration:
+.Xr SSL_CTX_get_ex_new_index 3 ,
+.Xr SSL_CTX_set_tlsext_servername_callback 3
+.Ss Common configuration of contexts and connections
+The functions on the following pages each come in two variants:
+one to directly configure a single
+.Vt SSL
+connection and another to be called on an
+.Vt SSL_CTX
+object, to set up defaults for all future
+.Vt SSL
+connections created from that context.
+.Pp
+Protocol and algorithm configuration:
+.Xr SSL_CTX_set_alpn_select_cb 3 ,
+.Xr SSL_CTX_set_cipher_list 3 ,
 .Xr SSL_CTX_set_min_proto_version 3 ,
-.Xr SSL_CTX_set_msg_callback 3 ,
 .Xr SSL_CTX_set_options 3 ,
-.Xr SSL_CTX_set_quiet_shutdown 3 ,
-.Xr SSL_CTX_set_read_ahead 3 ,
-.Xr SSL_CTX_set_session_id_context 3 ,
-.Xr SSL_CTX_set_timeout 3 ,
+.Xr SSL_CTX_set_tlsext_use_srtp 3 ,
 .Xr SSL_CTX_set_tmp_dh_callback 3 ,
-.Xr SSL_CTX_set_tmp_rsa_callback 3 ,
+.Xr SSL_CTX_set1_groups 3
+.Pp
+Certificate configuration:
+.Xr SSL_CTX_add1_chain_cert 3 ,
+.Xr SSL_CTX_get_verify_mode 3 ,
+.Xr SSL_CTX_set_client_CA_list 3 ,
+.Xr SSL_CTX_set_max_cert_list 3 ,
 .Xr SSL_CTX_set_verify 3 ,
-.Xr SSL_CTX_set1_groups 3 ,
 .Xr SSL_CTX_use_certificate 3 ,
-.Xr SSL_set_tmp_ecdh 3 ,
+.Xr SSL_get_client_CA_list 3
 .Xr SSL_set1_param 3
 .Pp
-Accessors:
-.Xr SSL_CTX_get_ex_new_index 3 ,
-.Xr SSL_CTX_sessions 3 ,
-.Xr SSL_get_client_CA_list 3
+Session configuration:
+.Xr SSL_CTX_set_generate_session_id 3 ,
+.Xr SSL_CTX_set_session_id_context 3
+.Pp
+Various configuration:
+.Xr SSL_CTX_ctrl 3 ,
+.Xr SSL_CTX_set_info_callback 3 ,
+.Xr SSL_CTX_set_mode 3 ,
+.Xr SSL_CTX_set_msg_callback 3 ,
+.Xr SSL_CTX_set_quiet_shutdown 3 ,
+.Xr SSL_CTX_set_read_ahead 3 ,
+.Xr SSL_set_max_send_fragment 3
 .Ss Sessions
 The following pages describe functions acting on
 .Vt SSL_SESSION
@@ -258,11 +285,6 @@ Encoding and decoding:
 .Xr d2i_SSL_SESSION 3 ,
 .Xr PEM_read_SSL_SESSION 3 ,
 .Xr SSL_SESSION_print 3
-.Pp
-Use by other objects:
-.Xr SSL_CTX_add_session 3 ,
-.Xr SSL_set_session 3 ,
-.Xr SSL_get_session 3
 .Ss Connections
 The following pages describe functions acting on
 .Vt SSL
@@ -270,15 +292,28 @@ connection objects:
 .Pp
 Constructors and destructors:
 .Xr SSL_new 3 ,
-.Xr SSL_set_connect_state 3 ,
 .Xr SSL_dup 3 ,
+.Xr SSL_free 3 ,
+.Xr BIO_f_ssl 3
+.Pp
+To change the configuration:
+.Xr SSL_clear 3 ,
+.Xr SSL_copy_session_id 3 ,
 .Xr SSL_set_bio 3 ,
+.Xr SSL_set_connect_state 3 ,
 .Xr SSL_set_fd 3 ,
-.Xr BIO_f_ssl 3 ,
-.Xr SSL_clear 3 ,
-.Xr SSL_free 3
+.Xr SSL_set_session 3 ,
+.Xr SSL_set_verify_result 3
 .Pp
-I/O:
+To inspect the configuration:
+.Xr SSL_get_certificate 3 ,
+.Xr SSL_get_default_timeout 3 ,
+.Xr SSL_get_ex_new_index 3 ,
+.Xr SSL_get_fd 3 ,
+.Xr SSL_get_rbio 3 ,
+.Xr SSL_get_SSL_CTX 3
+.Pp
+To transmit data:
 .Xr DTLSv1_listen 3 ,
 .Xr SSL_accept 3 ,
 .Xr SSL_connect 3 ,
@@ -288,35 +323,38 @@ I/O:
 .Xr SSL_shutdown 3 ,
 .Xr SSL_write 3
 .Pp
-Accessors:
-.Xr SSL_copy_session_id 3 ,
+To inspect the state after a connection is established:
 .Xr SSL_export_keying_material 3 ,
-.Xr SSL_get_SSL_CTX 3 ,
-.Xr SSL_get_certificate 3 ,
 .Xr SSL_get_client_random 3 ,
-.Xr SSL_get_default_timeout 3 ,
-.Xr SSL_get_error 3 ,
 .Xr SSL_get_ex_data_X509_STORE_CTX_idx 3 ,
-.Xr SSL_get_ex_new_index 3 ,
-.Xr SSL_get_fd 3 ,
 .Xr SSL_get_peer_cert_chain 3 ,
 .Xr SSL_get_peer_certificate 3 ,
-.Xr SSL_get_rbio 3 ,
+.Xr SSL_get_server_tmp_key 3 ,
+.Xr SSL_get_servername 3 ,
+.Xr SSL_get_session 3 ,
 .Xr SSL_get_shared_ciphers 3 ,
-.Xr SSL_get_state 3 ,
 .Xr SSL_get_verify_result 3 ,
 .Xr SSL_get_version 3 ,
+.Xr SSL_session_reused 3
+.Pp
+To inspect the state during ongoing communication:
+.Xr SSL_get_error 3 ,
+.Xr SSL_get_shutdown 3 ,
+.Xr SSL_get_state 3 ,
+.Xr SSL_num_renegotiations 3 ,
 .Xr SSL_pending 3 ,
 .Xr SSL_rstate_string 3 ,
-.Xr SSL_set_shutdown 3 ,
-.Xr SSL_set_verify_result 3 ,
 .Xr SSL_state_string 3 ,
 .Xr SSL_want 3
-.Pp
-Utility functions:
+.Ss Utility functions
 .Xr SSL_alert_type_string 3 ,
 .Xr SSL_dup_CA_list 3 ,
 .Xr SSL_load_client_CA_file 3
+.Ss Obsolete functions
+.Xr OPENSSL_init_ssl 3 ,
+.Xr SSL_COMP_add_compression_method 3 ,
+.Xr SSL_CTX_set_tmp_rsa_callback 3 ,
+.Xr SSL_set_tmp_ecdh 3
 .Sh SEE ALSO
 .Xr openssl 1 ,
 .Xr crypto 3 ,
-- 
cgit v1.2.3-55-g6feb