diff options
author | Bob Beck <beck@cvs.openbsd.org> | 2015-09-10 15:47:26 +0000 |
---|---|---|
committer | Bob Beck <beck@cvs.openbsd.org> | 2015-09-10 15:47:26 +0000 |
commit | 9f6d13d198bc7918b71e9fbb00281dbfbac0d198 (patch) | |
tree | 27c1ba67c205468f3a397afd56eb9b1166f91d90 /lib/libtls | |
parent | 2825aaacddf975ed7cafde0352ee35a0f5d9276c (diff) |
document client side certificate verification functionality.
ok jsing@
Diffstat (limited to 'lib/libtls')
-rw-r--r-- | lib/libtls/Makefile | 4 | ||||
-rw-r--r-- | lib/libtls/tls_init.3 | 18 |
2 files changed, 19 insertions, 3 deletions
diff --git a/lib/libtls/Makefile b/lib/libtls/Makefile index 6b9270b50aa..fa6279dcb11 100644 --- a/lib/libtls/Makefile +++ b/lib/libtls/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.12 2015/09/10 14:19:01 jmc Exp $ +# $OpenBSD: Makefile,v 1.13 2015/09/10 15:47:25 beck Exp $ CFLAGS+= -Wall -Werror -Wimplicit CFLAGS+= -DLIBRESSL_INTERNAL @@ -42,6 +42,8 @@ MLINKS+=tls_init.3 tls_config_clear_keys.3 MLINKS+=tls_init.3 tls_config_insecure_noverifycert.3 MLINKS+=tls_init.3 tls_config_insecure_noverifyname.3 MLINKS+=tls_init.3 tls_config_verify.3 +MLINKS+=tls_init.3 tls_config_verify_client.3 +MLINKS+=tls_init.3 tls_config_verify_client_optional.3 MLINKS+=tls_init.3 tls_load_file.3 MLINKS+=tls_init.3 tls_client.3 MLINKS+=tls_init.3 tls_server.3 diff --git a/lib/libtls/tls_init.3 b/lib/libtls/tls_init.3 index 62f52e4331b..01c931bb419 100644 --- a/lib/libtls/tls_init.3 +++ b/lib/libtls/tls_init.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: tls_init.3,v 1.33 2015/09/10 14:57:29 beck Exp $ +.\" $OpenBSD: tls_init.3,v 1.34 2015/09/10 15:47:25 beck Exp $ .\" .\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org> .\" @@ -106,6 +106,10 @@ .Fn tls_config_insecure_noverifyname "struct tls_config *config" .Ft "void" .Fn tls_config_verify "struct tls_config *config" +.Ft "void" +.Fn tls_config_verify_client "struct tls_config *config" +.Ft "void" +.Fn tls_config_verify_client_optional "struct tls_config *config" .Ft "uint8_t *" .Fn tls_load_file "const char *file" "size_t *len" "char *password" .Ft "struct tls *" @@ -322,7 +326,7 @@ clears any secret keys from memory. .Fn tls_config_insecure_noverifycert disables certificate verification. Be extremely careful when using this option. -.Em (Client) +.Em (Client and server) .It .Fn tls_config_insecure_noverifyname disables server name verification. @@ -333,6 +337,16 @@ Be careful when using this option. reenables server name and certificate verification. .Em (Client) .It +.Fn tls_config_verify_client +enables client certificate verification, requiring the client to send +a certificate. +.Em (Server) +.It +.Fn tls_config_verify_client_opional +enables client certificate verification, without requiring the client +to send a certificate. +.Em (Server) +.It .Fn tls_load_file loads a certificate or key from disk into memory to be loaded with .Fn tls_config_set_ca_mem , |