Convert libssl manpages from pod to mdoc(7).

libcrypto has not been started yet.

ok schwarze@ miod@

1 files changed, 108 insertions, 0 deletions

diff --git a/lib/libssl/src/doc/ssl/SSL_CTX_new.3 b/lib/libssl/src/doc/ssl/SSL_CTX_new.3
new file mode 100644
index 00000000000..b798d10a9e6
--- /dev/null
+++ b/lib/libssl/src/doc/ssl/SSL_CTX_new.3
@@ -0,0 +1,108 @@
+.Dd $Mdocdate: October 12 2014 $
+.Dt SSL_CTX_NEW 3
+.Os
+.Sh NAME
+.Nm SSL_CTX_new ,
+.Nm SSLv3_method ,
+.Nm SSLv3_server_method ,
+.Nm SSLv3_client_method ,
+.Nm TLSv1_method ,
+.Nm TLSv1_server_method ,
+.Nm TLSv1_client_method ,
+.Nm TLSv1_1_method ,
+.Nm TLSv1_1_server_method ,
+.Nm TLSv1_1_client_method ,
+.Nm SSLv23_method ,
+.Nm SSLv23_server_method ,
+.Nm SSLv23_client_method
+.Nd create a new SSL_CTX object as framework for TLS/SSL enabled functions
+.Sh SYNOPSIS
+.In openssl/ssl.h
+.Ft SSL_CTX *
+.Fn SSL_CTX_new "const SSL_METHOD *method"
+.Sh DESCRIPTION
+.Fn SSL_CTX_new
+creates a new
+.Vt SSL_CTX
+object as framework to establish TLS/SSL enabled connections.
+.Sh NOTES
+The
+.Vt SSL_CTX
+object uses
+.Fa method
+as its connection method.
+The methods exist in a generic type (for client and server use),
+a server only type, and a client only type.
+.Fa method
+can be of the following types:
+.Bl -tag -width Ds
+.It Fn SSLv3_method void , Fn SSLv3_server_method void , \
+Fn SSLv3_client_method void
+A TLS/SSL connection established with these methods will only understand the
+SSLv3 protocol.
+A client will send out SSLv3 client hello messages and will indicate that it
+only understands SSLv3.
+A server will only understand SSLv3 client hello messages.
+Importantly, this means that it will not understand SSLv2 client hello messages
+which are widely used for compatibility reasons; see
+.Fn SSLv23_*_method .
+.It Fn TLSv1_method void , Fn TLSv1_server_method void , \
+Fn TLSv1_client_method void
+A TLS/SSL connection established with these methods will only understand the
+TLSv1 protocol.
+A client will send out TLSv1 client hello messages and will indicate that it
+only understands TLSv1.
+A server will only understand TLSv1 client hello messages.
+Importantly, this means that it will not understand SSLv2 client hello messages
+which are widely used for compatibility reasons; see
+.Fn SSLv23_*_method .
+It will also not understand SSLv3 client hello messages.
+.It Fn SSLv23_method void , Fn SSLv23_server_method void , \
+Fn SSLv23_client_method void
+A TLS/SSL connection established with these methods may understand the SSLv3,
+TLSv1, TLSv1.1 and TLSv1.2 protocols.
+.Pp
+A client will send out TLSv1 client hello messages including extensions and
+will indicate that it also understands TLSv1.1, TLSv1.2 and permits a fallback
+to SSLv3.
+A server will support SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols.
+This is the best choice when compatibility is a concern.
+.El
+.Pp
+The list of protocols available can later be limited using the
+.Dv SSL_OP_NO_SSLv3 ,
+.Dv SSL_OP_NO_TLSv1 ,
+.Dv SSL_OP_NO_TLSv1_1 ,
+and
+.Dv SSL_OP_NO_TLSv1_2
+options of the
+.Fn SSL_CTX_set_options
+or
+.Fn SSL_set_options
+functions.
+Using these options it is possible to choose, for example,
+.Fn SSLv23_server_method
+and be able to negotiate with all possible clients,
+but to only allow newer protocols like TLSv1, TLSv1.1 or TLS v1.2.
+.Pp
+.Fn SSL_CTX_new
+initializes the list of ciphers, the session cache setting, the callbacks,
+the keys and certificates, and the options to its default values.
+.Sh RETURN VALUES
+The following return values can occur:
+.Bl -tag -width Ds
+.It Dv NULL
+The creation of a new
+.Vt SSL_CTX
+object failed.
+Check the error stack to find out the reason.
+.It Pointer to an SSL_CTX object
+The return value points to an allocated
+.Vt SSL_CTX
+object.
+.El
+.Sh SEE ALSO
+.Xr ssl 3 ,
+.Xr SSL_accept 3 ,
+.Xr SSL_CTX_free 3 ,
+.Xr SSL_set_connect_state 3