diff options
| author |   beck <beck@openbsd.org> | 2015-09-10 15:47:25 +0000 |
|---|---|---|
| committer | beck <beck@openbsd.org> | 2015-09-10 15:47:25 +0000 |
| commit | 47e76b1b1a918de11be16149567d686950ae70fe (patch) | |
| tree | d5b0a9694ed83a14ed1c28280565d7a597b190c8 | |
| parent | We don't want LIBRARY sections in OpenBSD, so delete it. (diff) | |
| download | wireguard-openbsd-47e76b1b1a918de11be16149567d686950ae70fe.tar.xz wireguard-openbsd-47e76b1b1a918de11be16149567d686950ae70fe.zip | |
document client side certificate verification functionality.
ok jsing@
| -rw-r--r-- | lib/libtls/Makefile | 4 | ||||
| -rw-r--r-- | lib/libtls/tls_init.3 | 18 |
2 files changed, 19 insertions, 3 deletions
diff --git a/lib/libtls/Makefile b/lib/libtls/Makefile index 6b9270b50aa..fa6279dcb11 100644 --- a/lib/libtls/Makefile +++ b/lib/libtls/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.12 2015/09/10 14:19:01 jmc Exp $ +# $OpenBSD: Makefile,v 1.13 2015/09/10 15:47:25 beck Exp $ CFLAGS+= -Wall -Werror -Wimplicit CFLAGS+= -DLIBRESSL_INTERNAL @@ -42,6 +42,8 @@ MLINKS+=tls_init.3 tls_config_clear_keys.3 MLINKS+=tls_init.3 tls_config_insecure_noverifycert.3 MLINKS+=tls_init.3 tls_config_insecure_noverifyname.3 MLINKS+=tls_init.3 tls_config_verify.3 +MLINKS+=tls_init.3 tls_config_verify_client.3 +MLINKS+=tls_init.3 tls_config_verify_client_optional.3 MLINKS+=tls_init.3 tls_load_file.3 MLINKS+=tls_init.3 tls_client.3 MLINKS+=tls_init.3 tls_server.3 diff --git a/lib/libtls/tls_init.3 b/lib/libtls/tls_init.3 index 62f52e4331b..01c931bb419 100644 --- a/lib/libtls/tls_init.3 +++ b/lib/libtls/tls_init.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: tls_init.3,v 1.33 2015/09/10 14:57:29 beck Exp $ +.\" $OpenBSD: tls_init.3,v 1.34 2015/09/10 15:47:25 beck Exp $ .\" .\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org> .\" @@ -106,6 +106,10 @@ .Fn tls_config_insecure_noverifyname "struct tls_config *config" .Ft "void" .Fn tls_config_verify "struct tls_config *config" +.Ft "void" +.Fn tls_config_verify_client "struct tls_config *config" +.Ft "void" +.Fn tls_config_verify_client_optional "struct tls_config *config" .Ft "uint8_t *" .Fn tls_load_file "const char *file" "size_t *len" "char *password" .Ft "struct tls *" @@ -322,7 +326,7 @@ clears any secret keys from memory. .Fn tls_config_insecure_noverifycert disables certificate verification. Be extremely careful when using this option. -.Em (Client) +.Em (Client and server) .It .Fn tls_config_insecure_noverifyname disables server name verification. @@ -333,6 +337,16 @@ Be careful when using this option. reenables server name and certificate verification. .Em (Client) .It +.Fn tls_config_verify_client +enables client certificate verification, requiring the client to send +a certificate. +.Em (Server) +.It +.Fn tls_config_verify_client_opional +enables client certificate verification, without requiring the client +to send a certificate. +.Em (Server) +.It .Fn tls_load_file loads a certificate or key from disk into memory to be loaded with .Fn tls_config_set_ca_mem , |