summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/libssl/man/SSL_CTX_set_tlsext_status_cb.338
1 files changed, 35 insertions, 3 deletions
diff --git a/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3 b/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3
index f75d80785e8..d5979af1e87 100644
--- a/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3
+++ b/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3
@@ -1,6 +1,6 @@
-.\" $OpenBSD: SSL_CTX_set_tlsext_status_cb.3,v 1.7 2019/06/12 09:36:30 schwarze Exp $
+.\" $OpenBSD: SSL_CTX_set_tlsext_status_cb.3,v 1.8 2021/09/11 18:58:41 schwarze Exp $
.\" full merge up to: OpenSSL 43c34894 Nov 30 16:04:51 2015 +0000
-.\" selective merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100
+.\" selective merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100
.\"
.\" This file was written by Matt Caswell <matt@openssl.org>.
.\" Copyright (c) 2015, 2016 The OpenSSL Project. All rights reserved.
@@ -49,7 +49,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: June 12 2019 $
+.Dd $Mdocdate: September 11 2021 $
.Dt SSL_CTX_SET_TLSEXT_STATUS_CB 3
.Os
.Sh NAME
@@ -58,6 +58,7 @@
.Nm SSL_CTX_set_tlsext_status_arg ,
.Nm SSL_CTX_get_tlsext_status_arg ,
.Nm SSL_set_tlsext_status_type ,
+.Nm SSL_get_tlsext_status_type ,
.Nm SSL_get_tlsext_status_ocsp_resp ,
.Nm SSL_set_tlsext_status_ocsp_resp
.Nd OCSP Certificate Status Request functions
@@ -89,6 +90,10 @@
.Fa "int type"
.Fc
.Ft long
+.Fo SSL_get_tlsext_status_type
+.Fa "SSL *s"
+.Fc
+.Ft long
.Fo SSL_get_tlsext_status_ocsp_resp
.Fa ssl
.Fa "unsigned char **resp"
@@ -132,6 +137,20 @@ can be retrieved by calling
and the argument by calling
.Fn SSL_CTX_get_tlsext_status_arg .
.Pp
+On the client side,
+.Fn SSL_get_tlsext_status_type
+can be used to determine whether the client has previously called
+.Fn SSL_set_tlsext_status_type .
+It will return
+.Dv TLSEXT_STATUSTYPE_ocsp
+if it has been called or \-1 otherwise.
+On the server side,
+.Fn SSL_get_tlsext_status_type
+can be used to determine whether the client requested OCSP stapling.
+If the client requested it, then this function will return
+.Dv TLSEXT_STATUSTYPE_ocsp ,
+or \-1 otherwise.
+.Pp
The response returned by the server can be obtained via a call to
.Fn SSL_get_tlsext_status_ocsp_resp .
The value
@@ -183,6 +202,15 @@ and
.Fn SSL_set_tlsext_status_ocsp_resp
always return 1, indicating success.
.Pp
+.Fn SSL_get_tlsext_status_type
+returns
+.Dv TLSEXT_STATUSTYPE_ocsp
+on the client side if
+.Fn SSL_set_tlsext_status_type
+was previously called, or on the server side
+if the client requested OCSP stapling.
+Otherwise \-1 is returned.
+.Pp
.Fn SSL_get_tlsext_status_ocsp_resp
returns the length of the OCSP response data
or \-1 if there is no OCSP response data.
@@ -204,3 +232,7 @@ and
.Fn SSL_CTX_get_tlsext_status_arg
first appeared in OpenSSL 1.1.0 and have been available since
.Ox 6.3 .
+.Pp
+.Fn SSL_get_tlsext_status_type
+first appeared in OpenSSL 1.1.0 and has been available since
+.Ox 7.0 .