diff options
| author |   beck <beck@openbsd.org> | 2015-09-10 15:47:25 +0000 |
|---|---|---|
| committer | beck <beck@openbsd.org> | 2015-09-10 15:47:25 +0000 |
| commit | 47e76b1b1a918de11be16149567d686950ae70fe (patch) | |
| tree | d5b0a9694ed83a14ed1c28280565d7a597b190c8 /lib/libtls/tls_init.3 | |
| parent | We don't want LIBRARY sections in OpenBSD, so delete it. (diff) | |
| download | wireguard-openbsd-47e76b1b1a918de11be16149567d686950ae70fe.tar.xz wireguard-openbsd-47e76b1b1a918de11be16149567d686950ae70fe.zip | |
document client side certificate verification functionality.
ok jsing@
Diffstat (limited to 'lib/libtls/tls_init.3')
| -rw-r--r-- | lib/libtls/tls_init.3 | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/lib/libtls/tls_init.3 b/lib/libtls/tls_init.3 index 62f52e4331b..01c931bb419 100644 --- a/lib/libtls/tls_init.3 +++ b/lib/libtls/tls_init.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: tls_init.3,v 1.33 2015/09/10 14:57:29 beck Exp $ +.\" $OpenBSD: tls_init.3,v 1.34 2015/09/10 15:47:25 beck Exp $ .\" .\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org> .\" @@ -106,6 +106,10 @@ .Fn tls_config_insecure_noverifyname "struct tls_config *config" .Ft "void" .Fn tls_config_verify "struct tls_config *config" +.Ft "void" +.Fn tls_config_verify_client "struct tls_config *config" +.Ft "void" +.Fn tls_config_verify_client_optional "struct tls_config *config" .Ft "uint8_t *" .Fn tls_load_file "const char *file" "size_t *len" "char *password" .Ft "struct tls *" @@ -322,7 +326,7 @@ clears any secret keys from memory. .Fn tls_config_insecure_noverifycert disables certificate verification. Be extremely careful when using this option. -.Em (Client) +.Em (Client and server) .It .Fn tls_config_insecure_noverifyname disables server name verification. @@ -333,6 +337,16 @@ Be careful when using this option. reenables server name and certificate verification. .Em (Client) .It +.Fn tls_config_verify_client +enables client certificate verification, requiring the client to send +a certificate. +.Em (Server) +.It +.Fn tls_config_verify_client_opional +enables client certificate verification, without requiring the client +to send a certificate. +.Em (Server) +.It .Fn tls_load_file loads a certificate or key from disk into memory to be loaded with .Fn tls_config_set_ca_mem , |