new manual page SSL_CTX_set_tlsext_servername_callback(3) for SNI;

from <Jon dot Spillett at oracle dot com>
via OpenSSL commit 8c55c461

2 files changed, 126 insertions, 1 deletions

diff --git a/lib/libssl/man/Makefile b/lib/libssl/man/Makefile
index 40e0d32a791..f57c638a179 100644
--- a/lib/libssl/man/Makefile
+++ b/lib/libssl/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.52 2016/12/10 14:56:56 schwarze Exp $
+# $OpenBSD: Makefile,v 1.53 2017/04/10 13:05:06 schwarze Exp $
 
 .include <bsd.own.mk>
 
@@ -39,6 +39,7 @@ MAN =	BIO_f_ssl.3 \
 	SSL_CTX_set_session_id_context.3 \
 	SSL_CTX_set_ssl_version.3 \
 	SSL_CTX_set_timeout.3 \
+	SSL_CTX_set_tlsext_servername_callback.3 \
 	SSL_CTX_set_tlsext_status_cb.3 \
 	SSL_CTX_set_tlsext_ticket_key_cb.3 \
 	SSL_CTX_set_tmp_dh_callback.3 \
diff --git a/lib/libssl/man/SSL_CTX_set_tlsext_servername_callback.3 b/lib/libssl/man/SSL_CTX_set_tlsext_servername_callback.3
new file mode 100644
index 00000000000..fc0e4536aa3
--- /dev/null
+++ b/lib/libssl/man/SSL_CTX_set_tlsext_servername_callback.3
@@ -0,0 +1,124 @@
+.\"	$OpenBSD: SSL_CTX_set_tlsext_servername_callback.3,v 1.1 2017/04/10 13:05:06 schwarze Exp $
+.\"	OpenSSL 8c55c461 Mar 29 08:34:37 2017 +1000
+.\"
+.\" This file was written by Jon Spillett <jon.spillett@oracle.com>
+.\" Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in
+.\"    the documentation and/or other materials provided with the
+.\"    distribution.
+.\"
+.\" 3. All advertising materials mentioning features or use of this
+.\"    software must display the following acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+.\"
+.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+.\"    endorse or promote products derived from this software without
+.\"    prior written permission. For written permission, please contact
+.\"    openssl-core@openssl.org.
+.\"
+.\" 5. Products derived from this software may not be called "OpenSSL"
+.\"    nor may "OpenSSL" appear in their names without prior written
+.\"    permission of the OpenSSL Project.
+.\"
+.\" 6. Redistributions of any form whatsoever must retain the following
+.\"    acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+.\" OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: April 10 2017 $
+.Dt SSL_CTX_SET_TLSEXT_SERVERNAME_CALLBACK 3
+.Os
+.Sh NAME
+.Nm SSL_CTX_set_tlsext_servername_callback ,
+.Nm SSL_CTX_set_tlsext_servername_arg ,
+.Nm SSL_get_servername_type ,
+.Nm SSL_get_servername
+.Nd handle server name indication (SNI)
+.Sh SYNOPSIS
+.In openssl/ssl.h
+.Ft long
+.Fo SSL_CTX_set_tlsext_servername_callback
+.Fa "SSL_CTX *ctx"
+.Fa "int (*cb)(SSL_CTX *, int *, void *)"
+.Fc
+.Ft long
+.Fo SSL_CTX_set_tlsext_servername_arg
+.Fa "SSL_CTX *ctx"
+.Fa "void *arg"
+.Fc
+.Ft const char *
+.Fo SSL_get_servername
+.Fa "const SSL *s"
+.Fa "const int type"
+.Fc
+.Ft int
+.Fo SSL_get_servername_type
+.Fa "const SSL *s"
+.Fc
+.Sh DESCRIPTION
+.Fn SSL_CTX_set_tlsext_servername_callback
+sets the application callback
+.Fa cb
+used by a server to perform any actions or configuration required based
+on the servername extension received in the incoming connection.
+When
+.Fa cb
+is
+.Dv NULL ,
+SNI is not used.
+The
+.Fa arg
+value is a pointer which is passed to the application callback.
+.Pp
+.Fn SSL_CTX_set_tlsext_servername_arg
+sets a context-specific argument to be passed into the callback for
+.Fa ctx .
+.Pp
+Both functions are implemented as macros.
+.Pp
+The ALPN and SNI callbacks are both executed during Client Hello
+processing.
+The servername callback is executed first, followed by the ALPN
+callback.
+.Sh RETURN VALUES
+.Fn SSL_CTX_set_tlsext_servername_callback
+and
+.Fn SSL_CTX_set_tlsext_servername_arg
+always return 1 indicating success.
+.Pp
+.Fn SSL_get_servername
+returns a servername extension value of the specified type if provided
+in the Client Hello, or
+.Dv NULL
+otherwise.
+.Pp
+.Fn SSL_get_servername_type
+returns the servername type or -1 if no servername is present.
+Currently the only supported type (defined in RFC 3546) is
+.Dv TLSEXT_NAMETYPE_host_name .
+.Sh SEE ALSO
+.Xr SSL_CTX_callback_ctrl 3 ,
+.Xr SSL_CTX_set_alpn_select_cb 3