diff options
| author | Ingo Schwarze <schwarze@cvs.openbsd.org> | 2018-02-14 17:20:30 +0000 |
|---|---|---|
| committer | Ingo Schwarze <schwarze@cvs.openbsd.org> | 2018-02-14 17:20:30 +0000 |
| commit | 33743ebca99b3e784dcc8c8735be5a28b911386e (patch) | |
| tree | cca27f9220d0f55d9e10c80abfea9583cd3767a4 | |
| parent | cd8c11ba4f7e5bf818441e06ca00203e54c644a5 (diff) | |
In ssl.h rev. 1.135 2018/02/14 16:16:10, jsing@ provided
SSL_CTX_get0_param(3) and SSL_get0_param(3).
Merge the related documentation from OpenSSL, with small tweaks.
| -rw-r--r-- | lib/libssl/man/SSL_set1_param.3 | 46 |
1 files changed, 42 insertions, 4 deletions
diff --git a/lib/libssl/man/SSL_set1_param.3 b/lib/libssl/man/SSL_set1_param.3 index ae67d4796e1..d1647460992 100644 --- a/lib/libssl/man/SSL_set1_param.3 +++ b/lib/libssl/man/SSL_set1_param.3 @@ -1,5 +1,6 @@ -.\" $OpenBSD: SSL_set1_param.3,v 1.1 2016/11/30 13:39:38 schwarze Exp $ -.\" OpenSSL SSL_CTX_get0_param.pod 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" $OpenBSD: SSL_set1_param.3,v 1.2 2018/02/14 17:20:29 schwarze Exp $ +.\" full merge up to: +.\" OpenSSL man3/SSL_CTX_get0_param 99d63d46 Oct 26 13:56:48 2016 -0400 .\" .\" This file was written by Dr. Stephen Henson <steve@openssl.org>. .\" Copyright (c) 2015 The OpenSSL Project. All rights reserved. @@ -48,15 +49,25 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: November 30 2016 $ +.Dd $Mdocdate: February 14 2018 $ .Dt SSL_SET1_PARAM 3 .Os .Sh NAME +.Nm SSL_CTX_get0_param , +.Nm SSL_get0_param , .Nm SSL_CTX_set1_param , .Nm SSL_set1_param -.Nd set verification parameters +.Nd get and set verification parameters .Sh SYNOPSIS .In openssl/ssl.h +.Ft X509_VERIFY_PARAM * +.Fo SSL_CTX_get0_param +.Fa "SSL_CTX *ctx" +.Fc +.Ft X509_VERIFY_PARAM * +.Fo SSL_get0_param +.Fa "SSL *ssl" +.Fc .Ft int .Fo SSL_CTX_set1_param .Fa "SSL_CTX *ctx" @@ -68,6 +79,18 @@ .Fa "X509_VERIFY_PARAM *vpm" .Fc .Sh DESCRIPTION +.Fn SSL_CTX_get0_param +and +.Fn SSL_get0_param +retrieve an internal pointer to the verification parameters for +.Fa ctx +or +.Fa ssl , +respectively. +The returned pointer must not be freed by the calling application, +but the application can modify the parameters pointed to +to suit its needs: for example to add a hostname check. +.Pp .Fn SSL_CTX_set1_param and .Fn SSL_set1_param @@ -78,10 +101,25 @@ for or .Fa ssl . .Sh RETURN VALUES +.Fn SSL_CTX_get0_param +and +.Fn SSL_get0_param +return a pointer to an +.Vt X509_VERIFY_PARAM +structure. +.Pp .Fn SSL_CTX_set1_param and .Fn SSL_set1_param return 1 for success or 0 for failure. +.Sh EXAMPLES +Check that the hostname matches +.Pa www.foo.com +in the peer certificate: +.Bd -literal -offset indent +X509_VERIFY_PARAM *vpm = SSL_get0_param(ssl); +X509_VERIFY_PARAM_set1_host(vpm, "www.foo.com", 0); +.Ed .Sh SEE ALSO .Xr X509_VERIFY_PARAM_set_flags 3 .Sh HISTORY |