diff options
-rw-r--r-- | lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3 | 38 |
1 files changed, 35 insertions, 3 deletions
diff --git a/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3 b/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3 index f75d80785e8..d5979af1e87 100644 --- a/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3 +++ b/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3 @@ -1,6 +1,6 @@ -.\" $OpenBSD: SSL_CTX_set_tlsext_status_cb.3,v 1.7 2019/06/12 09:36:30 schwarze Exp $ +.\" $OpenBSD: SSL_CTX_set_tlsext_status_cb.3,v 1.8 2021/09/11 18:58:41 schwarze Exp $ .\" full merge up to: OpenSSL 43c34894 Nov 30 16:04:51 2015 +0000 -.\" selective merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100 +.\" selective merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100 .\" .\" This file was written by Matt Caswell <matt@openssl.org>. .\" Copyright (c) 2015, 2016 The OpenSSL Project. All rights reserved. @@ -49,7 +49,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 12 2019 $ +.Dd $Mdocdate: September 11 2021 $ .Dt SSL_CTX_SET_TLSEXT_STATUS_CB 3 .Os .Sh NAME @@ -58,6 +58,7 @@ .Nm SSL_CTX_set_tlsext_status_arg , .Nm SSL_CTX_get_tlsext_status_arg , .Nm SSL_set_tlsext_status_type , +.Nm SSL_get_tlsext_status_type , .Nm SSL_get_tlsext_status_ocsp_resp , .Nm SSL_set_tlsext_status_ocsp_resp .Nd OCSP Certificate Status Request functions @@ -89,6 +90,10 @@ .Fa "int type" .Fc .Ft long +.Fo SSL_get_tlsext_status_type +.Fa "SSL *s" +.Fc +.Ft long .Fo SSL_get_tlsext_status_ocsp_resp .Fa ssl .Fa "unsigned char **resp" @@ -132,6 +137,20 @@ can be retrieved by calling and the argument by calling .Fn SSL_CTX_get_tlsext_status_arg . .Pp +On the client side, +.Fn SSL_get_tlsext_status_type +can be used to determine whether the client has previously called +.Fn SSL_set_tlsext_status_type . +It will return +.Dv TLSEXT_STATUSTYPE_ocsp +if it has been called or \-1 otherwise. +On the server side, +.Fn SSL_get_tlsext_status_type +can be used to determine whether the client requested OCSP stapling. +If the client requested it, then this function will return +.Dv TLSEXT_STATUSTYPE_ocsp , +or \-1 otherwise. +.Pp The response returned by the server can be obtained via a call to .Fn SSL_get_tlsext_status_ocsp_resp . The value @@ -183,6 +202,15 @@ and .Fn SSL_set_tlsext_status_ocsp_resp always return 1, indicating success. .Pp +.Fn SSL_get_tlsext_status_type +returns +.Dv TLSEXT_STATUSTYPE_ocsp +on the client side if +.Fn SSL_set_tlsext_status_type +was previously called, or on the server side +if the client requested OCSP stapling. +Otherwise \-1 is returned. +.Pp .Fn SSL_get_tlsext_status_ocsp_resp returns the length of the OCSP response data or \-1 if there is no OCSP response data. @@ -204,3 +232,7 @@ and .Fn SSL_CTX_get_tlsext_status_arg first appeared in OpenSSL 1.1.0 and have been available since .Ox 6.3 . +.Pp +.Fn SSL_get_tlsext_status_type +first appeared in OpenSSL 1.1.0 and has been available since +.Ox 7.0 . |