diff options
| author |   jsing <jsing@openbsd.org> | 2015-02-15 13:33:14 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2015-02-15 13:33:14 +0000 |
| commit | 00bd55a9de80cfd71a2cea9a96f62b86ab875390 (patch) | |
| tree | e044655446119ecf1e4353db0272d75d13bcdbcf /lib | |
| parent | -a is documented (diff) | |
| download | wireguard-openbsd-00bd55a9de80cfd71a2cea9a96f62b86ab875390.tar.xz wireguard-openbsd-00bd55a9de80cfd71a2cea9a96f62b86ab875390.zip | |
Document tls_config_parse_protocols() and update documentation for
tls_config_set_protocols().
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libtls/Makefile | 3 | ||||
| -rw-r--r-- | lib/libtls/tls_init.3 | 29 |
2 files changed, 27 insertions, 5 deletions
diff --git a/lib/libtls/Makefile b/lib/libtls/Makefile index 61368bccfd4..6baf210143b 100644 --- a/lib/libtls/Makefile +++ b/lib/libtls/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.5 2015/02/11 07:01:10 jsing Exp $ +# $OpenBSD: Makefile,v 1.6 2015/02/15 13:33:14 jsing Exp $ CFLAGS+= -Wall -Werror -Wimplicit CFLAGS+= -DLIBRESSL_INTERNAL @@ -20,6 +20,7 @@ MAN= tls_init.3 MLINKS+=tls_init.3 tls_config_new.3 MLINKS+=tls_init.3 tls_config_free.3 +MLINKS+=tls_init.3 tls_config_parse_protocols.3 MLINKS+=tls_init.3 tls_config_set_ca_file.3 MLINKS+=tls_init.3 tls_config_set_ca_path.3 MLINKS+=tls_init.3 tls_config_set_ca_mem.3 diff --git a/lib/libtls/tls_init.3 b/lib/libtls/tls_init.3 index c1e59383c46..5f72d9549bb 100644 --- a/lib/libtls/tls_init.3 +++ b/lib/libtls/tls_init.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: tls_init.3,v 1.12 2015/02/11 07:01:10 jsing Exp $ +.\" $OpenBSD: tls_init.3,v 1.13 2015/02/15 13:33:14 jsing Exp $ .\" .\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org> .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: February 11 2015 $ +.Dd $Mdocdate: February 15 2015 $ .Dt TLS 3 .Os .Sh NAME @@ -22,6 +22,7 @@ .Nm tls_error , .Nm tls_config_new , .Nm tls_config_free , +.Nm tls_config_parse_protocols , .Nm tls_config_set_ca_file , .Nm tls_config_set_ca_path , .Nm tls_config_set_ca_mem , @@ -64,6 +65,8 @@ .Ft "void" .Fn tls_config_free "struct tls_config *config" .Ft "int" +.Fn tls_config_parse_protocols "uint32_t *protocols" "const char *protostr" +.Ft "int" .Fn tls_config_set_ca_file "struct tls_config *config" "const char *ca_file" .Ft "int" .Fn tls_config_set_ca_path "struct tls_config *config" "const char *ca_path" @@ -208,6 +211,22 @@ allocates a new default configuration object. frees a configuration object. .El .Pp +The +.Fn tls_config_parse_protocols +function parses a protocol string and returns the corresponding value via the +.Ar protocols +argument. +This value can then be passed to the +.Fn tls_config_set_protocols +function. +The protocol string is a comma or colon separated list of keywords. +Valid keywords are tlsv1.0, tlsv1.1, tlsv1.2, all (all supported protocols), +default (an alias for secure), legacy (an alias for all) and secure (currently +TLSv1.2 only). +If a value has a negative prefix (in the form of a leading exclamation mark) +then it is removed from the list of available protocols, rather than being +added to it. +.Pp The following functions modify a configuration by setting parameters. Configuration options may apply to only clients or only servers or both. .Bl -bullet -offset four @@ -258,9 +277,11 @@ Possible values are the bitwise OR of: .Pp Additionally, the values .Dv TLS_PROTOCOL_TLSv1 -(all TLS versions) and +(TLSv1.0, TLSv1.1 and TLSv1.2), +.Dv TLS_PROTOCOLS_ALL +(all supported protocols) and .Dv TLS_PROTOCOLS_DEFAULT -(currently all TLS versions) may be used. +(TLSv1.2 only) may be used. .Em (Client and server) .It .Fn tls_config_clear_keys |