[Midnightbsd-cvs] src [12157] trunk/secure/lib/libssl/man: add more man pages
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Sun Jan 20 00:40:53 EST 2019
Revision: 12157
http://svnweb.midnightbsd.org/src/?rev=12157
Author: laffer1
Date: 2019-01-20 00:40:52 -0500 (Sun, 20 Jan 2019)
Log Message:
-----------
add more man pages
Added Paths:
-----------
trunk/secure/lib/libssl/man/SSL_CONF_CTX_new.3
trunk/secure/lib/libssl/man/SSL_CONF_CTX_set1_prefix.3
trunk/secure/lib/libssl/man/SSL_CONF_CTX_set_flags.3
trunk/secure/lib/libssl/man/SSL_CONF_CTX_set_ssl_ctx.3
trunk/secure/lib/libssl/man/SSL_CONF_cmd.3
trunk/secure/lib/libssl/man/SSL_CONF_cmd_argv.3
trunk/secure/lib/libssl/man/SSL_CTX_add1_chain_cert.3
trunk/secure/lib/libssl/man/SSL_CTX_get0_param.3
trunk/secure/lib/libssl/man/SSL_CTX_set1_curves.3
trunk/secure/lib/libssl/man/SSL_CTX_set1_verify_cert_store.3
trunk/secure/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3
trunk/secure/lib/libssl/man/SSL_CTX_set_cert_cb.3
trunk/secure/lib/libssl/man/SSL_CTX_set_custom_cli_ext.3
trunk/secure/lib/libssl/man/SSL_CTX_set_tlsext_servername_callback.3
trunk/secure/lib/libssl/man/SSL_CTX_use_serverinfo.3
trunk/secure/lib/libssl/man/SSL_check_chain.3
trunk/secure/lib/libssl/man/SSL_export_keying_material.3
Added: trunk/secure/lib/libssl/man/SSL_CONF_CTX_new.3
===================================================================
--- trunk/secure/lib/libssl/man/SSL_CONF_CTX_new.3 (rev 0)
+++ trunk/secure/lib/libssl/man/SSL_CONF_CTX_new.3 2019-01-20 05:40:52 UTC (rev 12157)
@@ -0,0 +1,169 @@
+.\" $MidnightBSD$
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+. ds C`
+. ds C'
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is >0, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
+..
+.if !\nF .nr F 0
+.if \nF>0 \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CONF_CTX_new 3"
+.TH SSL_CONF_CTX_new 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CONF_CTX_new, SSL_CONF_CTX_free \- SSL configuration allocation functions
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& SSL_CONF_CTX *SSL_CONF_CTX_new(void);
+\& void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The function \fISSL_CONF_CTX_new()\fR allocates and initialises an \fB\s-1SSL_CONF_CTX\s0\fR
+structure for use with the \s-1SSL_CONF\s0 functions.
+.PP
+The function \fISSL_CONF_CTX_free()\fR frees up the context \fBcctx\fR.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fISSL_CONF_CTX_new()\fR returns either the newly allocated \fB\s-1SSL_CONF_CTX\s0\fR structure
+or \fB\s-1NULL\s0\fR if an error occurs.
+.PP
+\&\fISSL_CONF_CTX_free()\fR does not return a value.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fISSL_CONF_CTX_set_flags\fR\|(3),
+\&\fISSL_CONF_CTX_set_ssl_ctx\fR\|(3),
+\&\fISSL_CONF_CTX_set1_prefix\fR\|(3),
+\&\fISSL_CONF_cmd\fR\|(3),
+\&\fISSL_CONF_cmd_argv\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+These functions were first added to OpenSSL 1.0.2
Property changes on: trunk/secure/lib/libssl/man/SSL_CONF_CTX_new.3
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:keywords
## -0,0 +1 ##
+MidnightBSD=%H
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Added: trunk/secure/lib/libssl/man/SSL_CONF_CTX_set1_prefix.3
===================================================================
--- trunk/secure/lib/libssl/man/SSL_CONF_CTX_set1_prefix.3 (rev 0)
+++ trunk/secure/lib/libssl/man/SSL_CONF_CTX_set1_prefix.3 2019-01-20 05:40:52 UTC (rev 12157)
@@ -0,0 +1,177 @@
+.\" $MidnightBSD$
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+. ds C`
+. ds C'
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is >0, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
+..
+.if !\nF .nr F 0
+.if \nF>0 \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CONF_CTX_set1_prefix 3"
+.TH SSL_CONF_CTX_set1_prefix 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CONF_CTX_set1_prefix \- Set configuration context command prefix
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& unsigned int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *prefix);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The function \fISSL_CONF_CTX_set1_prefix()\fR sets the command prefix of \fBcctx\fR
+to \fBprefix\fR. If \fBprefix\fR is \fB\s-1NULL\s0\fR it is restored to the default value.
+.SH "NOTES"
+.IX Header "NOTES"
+Command prefixes alter the commands recognised by subsequent \fISSL_CTX_cmd()\fR
+calls. For example for files, if the prefix \*(L"\s-1SSL\*(R"\s0 is set then command names
+such as \*(L"SSLProtocol\*(R", \*(L"SSLOptions\*(R" etc. are recognised instead of \*(L"Protocol\*(R"
+and \*(L"Options\*(R". Similarly for command lines if the prefix is \*(L"\-\-ssl\-\*(R" then
+\&\*(L"\-\-ssl\-no_tls1_2\*(R" is recognised instead of \*(L"\-no_tls1_2\*(R".
+.PP
+If the \fB\s-1SSL_CONF_FLAG_CMDLINE\s0\fR flag is set then prefix checks are case
+sensitive and \*(L"\-\*(R" is the default. In the unlikely even an application
+explicitly wants to set no prefix it must be explicitly set to "".
+.PP
+If the \fB\s-1SSL_CONF_FLAG_FILE\s0\fR flag is set then prefix checks are case
+insensitive and no prefix is the default.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fISSL_CONF_CTX_set1_prefix()\fR returns 1 for success and 0 for failure.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fISSL_CONF_CTX_new\fR\|(3),
+\&\fISSL_CONF_CTX_set_flags\fR\|(3),
+\&\fISSL_CONF_CTX_set_ssl_ctx\fR\|(3),
+\&\fISSL_CONF_cmd\fR\|(3),
+\&\fISSL_CONF_cmd_argv\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+These functions were first added to OpenSSL 1.0.2
Property changes on: trunk/secure/lib/libssl/man/SSL_CONF_CTX_set1_prefix.3
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:keywords
## -0,0 +1 ##
+MidnightBSD=%H
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Added: trunk/secure/lib/libssl/man/SSL_CONF_CTX_set_flags.3
===================================================================
--- trunk/secure/lib/libssl/man/SSL_CONF_CTX_set_flags.3 (rev 0)
+++ trunk/secure/lib/libssl/man/SSL_CONF_CTX_set_flags.3 2019-01-20 05:40:52 UTC (rev 12157)
@@ -0,0 +1,188 @@
+.\" $MidnightBSD$
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+. ds C`
+. ds C'
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is >0, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
+..
+.if !\nF .nr F 0
+.if \nF>0 \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CONF_CTX_set_flags 3"
+.TH SSL_CONF_CTX_set_flags 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CONF_CTX_set_flags, SSL_CONF_CTX_clear_flags \- Set of clear SSL configuration context flags
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags);
+\& unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, unsigned int flags);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The function \fISSL_CONF_CTX_set_flags()\fR sets \fBflags\fR in the context \fBcctx\fR.
+.PP
+The function \fISSL_CONF_CTX_clear_flags()\fR clears \fBflags\fR in the context \fBcctx\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+The flags set affect how subsequent calls to \fISSL_CONF_cmd()\fR or
+\&\fISSL_CONF_argv()\fR behave.
+.PP
+Currently the following \fBflags\fR values are recognised:
+.IP "\s-1SSL_CONF_FLAG_CMDLINE, SSL_CONF_FLAG_FILE\s0" 4
+.IX Item "SSL_CONF_FLAG_CMDLINE, SSL_CONF_FLAG_FILE"
+recognise options intended for command line or configuration file use. At
+least one of these flags must be set.
+.IP "\s-1SSL_CONF_FLAG_CLIENT, SSL_CONF_FLAG_SERVER\s0" 4
+.IX Item "SSL_CONF_FLAG_CLIENT, SSL_CONF_FLAG_SERVER"
+recognise options intended for use in \s-1SSL/TLS\s0 clients or servers. One or
+both of these flags must be set.
+.IP "\s-1SSL_CONF_FLAG_CERTIFICATE\s0" 4
+.IX Item "SSL_CONF_FLAG_CERTIFICATE"
+recognise certificate and private key options.
+.IP "\s-1SSL_CONF_FLAG_SHOW_ERRORS\s0" 4
+.IX Item "SSL_CONF_FLAG_SHOW_ERRORS"
+indicate errors relating to unrecognised options or missing arguments in
+the error queue. If this option isn't set such errors are only reflected
+in the return values of \fISSL_CONF_set_cmd()\fR or \fISSL_CONF_set_argv()\fR
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fISSL_CONF_CTX_set_flags()\fR and \fISSL_CONF_CTX_clear_flags()\fR returns the new flags
+value after setting or clearing flags.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fISSL_CONF_CTX_new\fR\|(3),
+\&\fISSL_CONF_CTX_set_ssl_ctx\fR\|(3),
+\&\fISSL_CONF_CTX_set1_prefix\fR\|(3),
+\&\fISSL_CONF_cmd\fR\|(3),
+\&\fISSL_CONF_cmd_argv\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+These functions were first added to OpenSSL 1.0.2
Property changes on: trunk/secure/lib/libssl/man/SSL_CONF_CTX_set_flags.3
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:keywords
## -0,0 +1 ##
+MidnightBSD=%H
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Added: trunk/secure/lib/libssl/man/SSL_CONF_CTX_set_ssl_ctx.3
===================================================================
--- trunk/secure/lib/libssl/man/SSL_CONF_CTX_set_ssl_ctx.3 (rev 0)
+++ trunk/secure/lib/libssl/man/SSL_CONF_CTX_set_ssl_ctx.3 2019-01-20 05:40:52 UTC (rev 12157)
@@ -0,0 +1,175 @@
+.\" $MidnightBSD$
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+. ds C`
+. ds C'
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is >0, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
+..
+.if !\nF .nr F 0
+.if \nF>0 \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CONF_CTX_set_ssl_ctx 3"
+.TH SSL_CONF_CTX_set_ssl_ctx 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CONF_CTX_set_ssl_ctx, SSL_CONF_CTX_set_ssl \- set context to configure
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx);
+\& void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_CONF_CTX_set_ssl_ctx()\fR sets the context associated with \fBcctx\fR to the
+\&\fB\s-1SSL_CTX\s0\fR structure \fBctx\fR. Any previous \fB\s-1SSL\s0\fR or \fB\s-1SSL_CTX\s0\fR associated with
+\&\fBcctx\fR is cleared. Subsequent calls to \fISSL_CONF_cmd()\fR will be sent to
+\&\fBctx\fR.
+.PP
+\&\fISSL_CONF_CTX_set_ssl()\fR sets the context associated with \fBcctx\fR to the
+\&\fB\s-1SSL\s0\fR structure \fBssl\fR. Any previous \fB\s-1SSL\s0\fR or \fB\s-1SSL_CTX\s0\fR associated with
+\&\fBcctx\fR is cleared. Subsequent calls to \fISSL_CONF_cmd()\fR will be sent to
+\&\fBssl\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+The context need not be set or it can be set to \fB\s-1NULL\s0\fR in which case only
+syntax checking of commands is performed, where possible.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fISSL_CONF_CTX_set_ssl_ctx()\fR and \fISSL_CTX_set_ssl()\fR do not return a value.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fISSL_CONF_CTX_new\fR\|(3),
+\&\fISSL_CONF_CTX_set_flags\fR\|(3),
+\&\fISSL_CONF_CTX_set1_prefix\fR\|(3),
+\&\fISSL_CONF_cmd\fR\|(3),
+\&\fISSL_CONF_cmd_argv\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+These functions were first added to OpenSSL 1.0.2
Property changes on: trunk/secure/lib/libssl/man/SSL_CONF_CTX_set_ssl_ctx.3
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:keywords
## -0,0 +1 ##
+MidnightBSD=%H
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Added: trunk/secure/lib/libssl/man/SSL_CONF_cmd.3
===================================================================
--- trunk/secure/lib/libssl/man/SSL_CONF_cmd.3 (rev 0)
+++ trunk/secure/lib/libssl/man/SSL_CONF_cmd.3 2019-01-20 05:40:52 UTC (rev 12157)
@@ -0,0 +1,534 @@
+.\" $MidnightBSD$
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+. ds C`
+. ds C'
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is >0, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
+..
+.if !\nF .nr F 0
+.if \nF>0 \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CONF_cmd 3"
+.TH SSL_CONF_cmd 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CONF_cmd \- send configuration command
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value);
+\& int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd);
+\& int SSL_CONF_finish(SSL_CONF_CTX *cctx);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The function \fISSL_CONF_cmd()\fR performs configuration operation \fBcmd\fR with
+optional parameter \fBvalue\fR on \fBctx\fR. Its purpose is to simplify application
+configuration of \fB\s-1SSL_CTX\s0\fR or \fB\s-1SSL\s0\fR structures by providing a common
+framework for command line options or configuration files.
+.PP
+\&\fISSL_CONF_cmd_value_type()\fR returns the type of value that \fBcmd\fR refers to.
+.PP
+The function \fISSL_CONF_finish()\fR must be called after all configuration
+operations have been completed. It is used to finalise any operations
+or to process defaults.
+.SH "SUPPORTED COMMAND LINE COMMANDS"
+.IX Header "SUPPORTED COMMAND LINE COMMANDS"
+Currently supported \fBcmd\fR names for command lines (i.e. when the
+flag \fB\s-1SSL_CONF_CMDLINE\s0\fR is set) are listed below. Note: all \fBcmd\fR names
+are case sensitive. Unless otherwise stated commands can be used by
+both clients and servers and the \fBvalue\fR parameter is not used. The default
+prefix for command line commands is \fB\-\fR and that is reflected below.
+.IP "\fB\-sigalgs\fR" 4
+.IX Item "-sigalgs"
+This sets the supported signature algorithms for \s-1TLS\s0 v1.2. For clients this
+value is used directly for the supported signature algorithms extension. For
+servers it is used to determine which signature algorithms to support.
+.Sp
+The \fBvalue\fR argument should be a colon separated list of signature algorithms
+in order of decreasing preference of the form \fBalgorithm+hash\fR. \fBalgorithm\fR
+is one of \fB\s-1RSA\s0\fR, \fB\s-1DSA\s0\fR or \fB\s-1ECDSA\s0\fR and \fBhash\fR is a supported algorithm
+\&\s-1OID\s0 short name such as \fB\s-1SHA1\s0\fR, \fB\s-1SHA224\s0\fR, \fB\s-1SHA256\s0\fR, \fB\s-1SHA384\s0\fR of \fB\s-1SHA512\s0\fR.
+Note: algorithm and hash names are case sensitive.
+.Sp
+If this option is not set then all signature algorithms supported by the
+OpenSSL library are permissible.
+.IP "\fB\-client_sigalgs\fR" 4
+.IX Item "-client_sigalgs"
+This sets the supported signature algorithms associated with client
+authentication for \s-1TLS\s0 v1.2. For servers the value is used in the supported
+signature algorithms field of a certificate request. For clients it is
+used to determine which signature algorithm to with the client certificate.
+If a server does not request a certificate this option has no effect.
+.Sp
+The syntax of \fBvalue\fR is identical to \fB\-sigalgs\fR. If not set then
+the value set for \fB\-sigalgs\fR will be used instead.
+.IP "\fB\-curves\fR" 4
+.IX Item "-curves"
+This sets the supported elliptic curves. For clients the curves are
+sent using the supported curves extension. For servers it is used
+to determine which curve to use. This setting affects curves used for both
+signatures and key exchange, if applicable.
+.Sp
+The \fBvalue\fR argument is a colon separated list of curves. The curve can be
+either the \fB\s-1NIST\s0\fR name (e.g. \fBP\-256\fR) or an OpenSSL \s-1OID\s0 name (e.g
+\&\fBprime256v1\fR). Curve names are case sensitive.
+.IP "\fB\-named_curve\fR" 4
+.IX Item "-named_curve"
+This sets the temporary curve used for ephemeral \s-1ECDH\s0 modes. Only used by
+servers
+.Sp
+The \fBvalue\fR argument is a curve name or the special value \fBauto\fR which
+picks an appropriate curve based on client and server preferences. The curve
+can be either the \fB\s-1NIST\s0\fR name (e.g. \fBP\-256\fR) or an OpenSSL \s-1OID\s0 name
+(e.g \fBprime256v1\fR). Curve names are case sensitive.
+.IP "\fB\-cipher\fR" 4
+.IX Item "-cipher"
+Sets the cipher suite list to \fBvalue\fR. Note: syntax checking of \fBvalue\fR is
+currently not performed unless a \fB\s-1SSL\s0\fR or \fB\s-1SSL_CTX\s0\fR structure is
+associated with \fBcctx\fR.
+.IP "\fB\-cert\fR" 4
+.IX Item "-cert"
+Attempts to use the file \fBvalue\fR as the certificate for the appropriate
+context. It currently uses \fISSL_CTX_use_certificate_chain_file()\fR if an \fB\s-1SSL_CTX\s0\fR
+structure is set or \fISSL_use_certificate_file()\fR with filetype \s-1PEM\s0 if an \fB\s-1SSL\s0\fR
+structure is set. This option is only supported if certificate operations
+are permitted.
+.IP "\fB\-key\fR" 4
+.IX Item "-key"
+Attempts to use the file \fBvalue\fR as the private key for the appropriate
+context. This option is only supported if certificate operations
+are permitted. Note: if no \fB\-key\fR option is set then a private key is
+not loaded: it does not currently use the \fB\-cert\fR file.
+.IP "\fB\-dhparam\fR" 4
+.IX Item "-dhparam"
+Attempts to use the file \fBvalue\fR as the set of temporary \s-1DH\s0 parameters for
+the appropriate context. This option is only supported if certificate
+operations are permitted.
+.IP "\fB\-no_ssl2\fR, \fB\-no_ssl3\fR, \fB\-no_tls1\fR, \fB\-no_tls1_1\fR, \fB\-no_tls1_2\fR" 4
+.IX Item "-no_ssl2, -no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2"
+Disables protocol support for SSLv2, SSLv3, TLSv1.0, TLSv1.1 or TLSv1.2
+by setting the corresponding options \fBSSL_OP_NO_SSLv2\fR, \fBSSL_OP_NO_SSLv3\fR,
+\&\fBSSL_OP_NO_TLSv1\fR, \fBSSL_OP_NO_TLSv1_1\fR and \fBSSL_OP_NO_TLSv1_2\fR respectively.
+.IP "\fB\-bugs\fR" 4
+.IX Item "-bugs"
+Various bug workarounds are set, same as setting \fB\s-1SSL_OP_ALL\s0\fR.
+.IP "\fB\-no_comp\fR" 4
+.IX Item "-no_comp"
+Disables support for \s-1SSL/TLS\s0 compression, same as setting \fB\s-1SSL_OP_NO_COMPRESS\s0\fR.
+.IP "\fB\-no_ticket\fR" 4
+.IX Item "-no_ticket"
+Disables support for session tickets, same as setting \fB\s-1SSL_OP_NO_TICKET\s0\fR.
+.IP "\fB\-serverpref\fR" 4
+.IX Item "-serverpref"
+Use server and not client preference order when determining which cipher suite,
+signature algorithm or elliptic curve to use for an incoming connection.
+Equivalent to \fB\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0\fR. Only used by servers.
+.IP "\fB\-no_resumption_on_reneg\fR" 4
+.IX Item "-no_resumption_on_reneg"
+set \s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0 flag. Only used by servers.
+.IP "\fB\-legacyrenegotiation\fR" 4
+.IX Item "-legacyrenegotiation"
+permits the use of unsafe legacy renegotiation. Equivalent to setting
+\&\fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR.
+.IP "\fB\-legacy_server_connect\fR, \fB\-no_legacy_server_connect\fR" 4
+.IX Item "-legacy_server_connect, -no_legacy_server_connect"
+permits or prohibits the use of unsafe legacy renegotiation for OpenSSL
+clients only. Equivalent to setting or clearing \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR.
+Set by default.
+.IP "\fB\-strict\fR" 4
+.IX Item "-strict"
+enables strict mode protocol handling. Equivalent to setting
+\&\fB\s-1SSL_CERT_FLAG_TLS_STRICT\s0\fR.
+.IP "\fB\-debug_broken_protocol\fR" 4
+.IX Item "-debug_broken_protocol"
+disables various checks and permits several kinds of broken protocol behaviour
+for testing purposes: it should \fB\s-1NEVER\s0\fR be used in anything other than a test
+environment. Only supported if OpenSSL is configured with
+\&\fB\-DOPENSSL_SSL_DEBUG_BROKEN_PROTOCOL\fR.
+.SH "SUPPORTED CONFIGURATION FILE COMMANDS"
+.IX Header "SUPPORTED CONFIGURATION FILE COMMANDS"
+Currently supported \fBcmd\fR names for configuration files (i.e. when the
+flag \fB\s-1SSL_CONF_FLAG_FILE\s0\fR is set) are listed below. All configuration file
+\&\fBcmd\fR names and are case insensitive so \fBsignaturealgorithms\fR is recognised
+as well as \fBSignatureAlgorithms\fR. Unless otherwise stated the \fBvalue\fR names
+are also case insensitive.
+.PP
+Note: the command prefix (if set) alters the recognised \fBcmd\fR values.
+.IP "\fBCipherString\fR" 4
+.IX Item "CipherString"
+Sets the cipher suite list to \fBvalue\fR. Note: syntax checking of \fBvalue\fR is
+currently not performed unless an \fB\s-1SSL\s0\fR or \fB\s-1SSL_CTX\s0\fR structure is
+associated with \fBcctx\fR.
+.IP "\fBCertificate\fR" 4
+.IX Item "Certificate"
+Attempts to use the file \fBvalue\fR as the certificate for the appropriate
+context. It currently uses \fISSL_CTX_use_certificate_chain_file()\fR if an \fB\s-1SSL_CTX\s0\fR
+structure is set or \fISSL_use_certificate_file()\fR with filetype \s-1PEM\s0 if an \fB\s-1SSL\s0\fR
+structure is set. This option is only supported if certificate operations
+are permitted.
+.IP "\fBPrivateKey\fR" 4
+.IX Item "PrivateKey"
+Attempts to use the file \fBvalue\fR as the private key for the appropriate
+context. This option is only supported if certificate operations
+are permitted. Note: if no \fB\-key\fR option is set then a private key is
+not loaded: it does not currently use the \fBCertificate\fR file.
+.IP "\fBServerInfoFile\fR" 4
+.IX Item "ServerInfoFile"
+Attempts to use the file \fBvalue\fR in the \*(L"serverinfo\*(R" extension using the
+function SSL_CTX_use_serverinfo_file.
+.IP "\fBDHParameters\fR" 4
+.IX Item "DHParameters"
+Attempts to use the file \fBvalue\fR as the set of temporary \s-1DH\s0 parameters for
+the appropriate context. This option is only supported if certificate
+operations are permitted.
+.IP "\fBSignatureAlgorithms\fR" 4
+.IX Item "SignatureAlgorithms"
+This sets the supported signature algorithms for \s-1TLS\s0 v1.2. For clients this
+value is used directly for the supported signature algorithms extension. For
+servers it is used to determine which signature algorithms to support.
+.Sp
+The \fBvalue\fR argument should be a colon separated list of signature algorithms
+in order of decreasing preference of the form \fBalgorithm+hash\fR. \fBalgorithm\fR
+is one of \fB\s-1RSA\s0\fR, \fB\s-1DSA\s0\fR or \fB\s-1ECDSA\s0\fR and \fBhash\fR is a supported algorithm
+\&\s-1OID\s0 short name such as \fB\s-1SHA1\s0\fR, \fB\s-1SHA224\s0\fR, \fB\s-1SHA256\s0\fR, \fB\s-1SHA384\s0\fR of \fB\s-1SHA512\s0\fR.
+Note: algorithm and hash names are case sensitive.
+.Sp
+If this option is not set then all signature algorithms supported by the
+OpenSSL library are permissible.
+.IP "\fBClientSignatureAlgorithms\fR" 4
+.IX Item "ClientSignatureAlgorithms"
+This sets the supported signature algorithms associated with client
+authentication for \s-1TLS\s0 v1.2. For servers the value is used in the supported
+signature algorithms field of a certificate request. For clients it is
+used to determine which signature algorithm to with the client certificate.
+.Sp
+The syntax of \fBvalue\fR is identical to \fBSignatureAlgorithms\fR. If not set then
+the value set for \fBSignatureAlgorithms\fR will be used instead.
+.IP "\fBCurves\fR" 4
+.IX Item "Curves"
+This sets the supported elliptic curves. For clients the curves are
+sent using the supported curves extension. For servers it is used
+to determine which curve to use. This setting affects curves used for both
+signatures and key exchange, if applicable.
+.Sp
+The \fBvalue\fR argument is a colon separated list of curves. The curve can be
+either the \fB\s-1NIST\s0\fR name (e.g. \fBP\-256\fR) or an OpenSSL \s-1OID\s0 name (e.g
+\&\fBprime256v1\fR). Curve names are case sensitive.
+.IP "\fBECDHParameters\fR" 4
+.IX Item "ECDHParameters"
+This sets the temporary curve used for ephemeral \s-1ECDH\s0 modes. Only used by
+servers
+.Sp
+The \fBvalue\fR argument is a curve name or the special value \fBAutomatic\fR which
+picks an appropriate curve based on client and server preferences. The curve
+can be either the \fB\s-1NIST\s0\fR name (e.g. \fBP\-256\fR) or an OpenSSL \s-1OID\s0 name
+(e.g \fBprime256v1\fR). Curve names are case sensitive.
+.IP "\fBProtocol\fR" 4
+.IX Item "Protocol"
+The supported versions of the \s-1SSL\s0 or \s-1TLS\s0 protocol.
+.Sp
+The \fBvalue\fR argument is a comma separated list of supported protocols to
+enable or disable. If an protocol is preceded by \fB\-\fR that version is disabled.
+Currently supported protocol values are \fBSSLv2\fR, \fBSSLv3\fR, \fBTLSv1\fR,
+\&\fBTLSv1.1\fR and \fBTLSv1.2\fR.
+All protocol versions other than \fBSSLv2\fR are enabled by default.
+To avoid inadvertent enabling of \fBSSLv2\fR, when SSLv2 is disabled, it is not
+possible to enable it via the \fBProtocol\fR command.
+.IP "\fBOptions\fR" 4
+.IX Item "Options"
+The \fBvalue\fR argument is a comma separated list of various flags to set.
+If a flag string is preceded \fB\-\fR it is disabled. See the
+\&\fBSSL_CTX_set_options\fR function for more details of individual options.
+.Sp
+Each option is listed below. Where an operation is enabled by default
+the \fB\-flag\fR syntax is needed to disable it.
+.Sp
+\&\fBSessionTicket\fR: session ticket support, enabled by default. Inverse of
+\&\fB\s-1SSL_OP_NO_TICKET\s0\fR: that is \fB\-SessionTicket\fR is the same as setting
+\&\fB\s-1SSL_OP_NO_TICKET\s0\fR.
+.Sp
+\&\fBCompression\fR: \s-1SSL/TLS\s0 compression support, enabled by default. Inverse
+of \fB\s-1SSL_OP_NO_COMPRESSION\s0\fR.
+.Sp
+\&\fBEmptyFragments\fR: use empty fragments as a countermeasure against a
+\&\s-1SSL 3.0/TLS 1.0\s0 protocol vulnerability affecting \s-1CBC\s0 ciphers. It
+is set by default. Inverse of \fB\s-1SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS\s0\fR.
+.Sp
+\&\fBBugs\fR: enable various bug workarounds. Same as \fB\s-1SSL_OP_ALL\s0\fR.
+.Sp
+\&\fBDHSingle\fR: enable single use \s-1DH\s0 keys, set by default. Inverse of
+\&\fB\s-1SSL_OP_DH_SINGLE\s0\fR. Only used by servers.
+.Sp
+\&\fBECDHSingle\fR enable single use \s-1ECDH\s0 keys, set by default. Inverse of
+\&\fB\s-1SSL_OP_ECDH_SINGLE\s0\fR. Only used by servers.
+.Sp
+\&\fBServerPreference\fR use server and not client preference order when
+determining which cipher suite, signature algorithm or elliptic curve
+to use for an incoming connection. Equivalent to
+\&\fB\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0\fR. Only used by servers.
+.Sp
+\&\fBNoResumptionOnRenegotiation\fR set
+\&\fB\s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0\fR flag. Only used by servers.
+.Sp
+\&\fBUnsafeLegacyRenegotiation\fR permits the use of unsafe legacy renegotiation.
+Equivalent to \fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR.
+.Sp
+\&\fBUnsafeLegacyServerConnect\fR permits the use of unsafe legacy renegotiation
+for OpenSSL clients only. Equivalent to \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR.
+Set by default.
+.SH "SUPPORTED COMMAND TYPES"
+.IX Header "SUPPORTED COMMAND TYPES"
+The function \fISSL_CONF_cmd_value_type()\fR currently returns one of the following
+types:
+.IP "\fB\s-1SSL_CONF_TYPE_UNKNOWN\s0\fR" 4
+.IX Item "SSL_CONF_TYPE_UNKNOWN"
+The \fBcmd\fR string is unrecognised, this return value can be use to flag
+syntax errors.
+.IP "\fB\s-1SSL_CONF_TYPE_STRING\s0\fR" 4
+.IX Item "SSL_CONF_TYPE_STRING"
+The value is a string without any specific structure.
+.IP "\fB\s-1SSL_CONF_TYPE_FILE\s0\fR" 4
+.IX Item "SSL_CONF_TYPE_FILE"
+The value is a file name.
+.IP "\fB\s-1SSL_CONF_TYPE_DIR\s0\fR" 4
+.IX Item "SSL_CONF_TYPE_DIR"
+The value is a directory name.
+.SH "NOTES"
+.IX Header "NOTES"
+The order of operations is significant. This can be used to set either defaults
+or values which cannot be overridden. For example if an application calls:
+.PP
+.Vb 2
+\& SSL_CONF_cmd(ctx, "Protocol", "\-SSLv3");
+\& SSL_CONF_cmd(ctx, userparam, uservalue);
+.Ve
+.PP
+it will disable SSLv3 support by default but the user can override it. If
+however the call sequence is:
+.PP
+.Vb 2
+\& SSL_CONF_cmd(ctx, userparam, uservalue);
+\& SSL_CONF_cmd(ctx, "Protocol", "\-SSLv3");
+.Ve
+.PP
+then SSLv3 is \fBalways\fR disabled and attempt to override this by the user are
+ignored.
+.PP
+By checking the return code of \fISSL_CTX_cmd()\fR it is possible to query if a
+given \fBcmd\fR is recognised, this is useful is \fISSL_CTX_cmd()\fR values are
+mixed with additional application specific operations.
+.PP
+For example an application might call \fISSL_CTX_cmd()\fR and if it returns
+\&\-2 (unrecognised command) continue with processing of application specific
+commands.
+.PP
+Applications can also use \fISSL_CTX_cmd()\fR to process command lines though the
+utility function \fISSL_CTX_cmd_argv()\fR is normally used instead. One way
+to do this is to set the prefix to an appropriate value using
+\&\fISSL_CONF_CTX_set1_prefix()\fR, pass the current argument to \fBcmd\fR and the
+following argument to \fBvalue\fR (which may be \s-1NULL\s0).
+.PP
+In this case if the return value is positive then it is used to skip that
+number of arguments as they have been processed by \fISSL_CTX_cmd()\fR. If \-2 is
+returned then \fBcmd\fR is not recognised and application specific arguments
+can be checked instead. If \-3 is returned a required argument is missing
+and an error is indicated. If 0 is returned some other error occurred and
+this can be reported back to the user.
+.PP
+The function \fISSL_CONF_cmd_value_type()\fR can be used by applications to
+check for the existence of a command or to perform additional syntax
+checking or translation of the command value. For example if the return
+value is \fB\s-1SSL_CONF_TYPE_FILE\s0\fR an application could translate a relative
+pathname to an absolute pathname.
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+Set supported signature algorithms:
+.PP
+.Vb 1
+\& SSL_CONF_cmd(ctx, "SignatureAlgorithms", "ECDSA+SHA256:RSA+SHA256:DSA+SHA256");
+.Ve
+.PP
+Enable all protocols except SSLv3 and SSLv2:
+.PP
+.Vb 1
+\& SSL_CONF_cmd(ctx, "Protocol", "ALL,\-SSLv3,\-SSLv2");
+.Ve
+.PP
+Only enable TLSv1.2:
+.PP
+.Vb 1
+\& SSL_CONF_cmd(ctx, "Protocol", "\-ALL,TLSv1.2");
+.Ve
+.PP
+Disable \s-1TLS\s0 session tickets:
+.PP
+.Vb 1
+\& SSL_CONF_cmd(ctx, "Options", "\-SessionTicket");
+.Ve
+.PP
+Set supported curves to P\-256, P\-384:
+.PP
+.Vb 1
+\& SSL_CONF_cmd(ctx, "Curves", "P\-256:P\-384");
+.Ve
+.PP
+Set automatic support for any elliptic curve for key exchange:
+.PP
+.Vb 1
+\& SSL_CONF_cmd(ctx, "ECDHParameters", "Automatic");
+.Ve
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fISSL_CONF_cmd()\fR returns 1 if the value of \fBcmd\fR is recognised and \fBvalue\fR is
+\&\fB\s-1NOT\s0\fR used and 2 if both \fBcmd\fR and \fBvalue\fR are used. In other words it
+returns the number of arguments processed. This is useful when processing
+command lines.
+.PP
+A return value of \-2 means \fBcmd\fR is not recognised.
+.PP
+A return value of \-3 means \fBcmd\fR is recognised and the command requires a
+value but \fBvalue\fR is \s-1NULL.\s0
+.PP
+A return code of 0 indicates that both \fBcmd\fR and \fBvalue\fR are valid but an
+error occurred attempting to perform the operation: for example due to an
+error in the syntax of \fBvalue\fR in this case the error queue may provide
+additional information.
+.PP
+\&\fISSL_CONF_finish()\fR returns 1 for success and 0 for failure.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fISSL_CONF_CTX_new\fR\|(3),
+\&\fISSL_CONF_CTX_set_flags\fR\|(3),
+\&\fISSL_CONF_CTX_set1_prefix\fR\|(3),
+\&\fISSL_CONF_CTX_set_ssl_ctx\fR\|(3),
+\&\fISSL_CONF_cmd_argv\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fISSL_CONF_cmd()\fR was first added to OpenSSL 1.0.2
Property changes on: trunk/secure/lib/libssl/man/SSL_CONF_cmd.3
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:keywords
## -0,0 +1 ##
+MidnightBSD=%H
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Added: trunk/secure/lib/libssl/man/SSL_CONF_cmd_argv.3
===================================================================
--- trunk/secure/lib/libssl/man/SSL_CONF_cmd_argv.3 (rev 0)
+++ trunk/secure/lib/libssl/man/SSL_CONF_cmd_argv.3 2019-01-20 05:40:52 UTC (rev 12157)
@@ -0,0 +1,171 @@
+.\" $MidnightBSD$
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+. ds C`
+. ds C'
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is >0, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
+..
+.if !\nF .nr F 0
+.if \nF>0 \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CONF_cmd_argv 3"
+.TH SSL_CONF_cmd_argv 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CONF_cmd_argv \- SSL configuration command line processing.
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The function \fISSL_CONF_cmd_argv()\fR processes at most two command line
+arguments from \fBpargv\fR and \fBpargc\fR. The values of \fBpargv\fR and \fBpargc\fR
+are updated to reflect the number of command options processed. The \fBpargc\fR
+argument can be set to \fB\s-1NULL\s0\fR is it is not used.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fISSL_CONF_cmd_argv()\fR returns the number of command arguments processed: 0, 1, 2
+or a negative error code.
+.PP
+If \-2 is returned then an argument for a command is missing.
+.PP
+If \-1 is returned the command is recognised but couldn't be processed due
+to an error: for example a syntax error in the argument.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fISSL_CONF_CTX_new\fR\|(3),
+\&\fISSL_CONF_CTX_set_flags\fR\|(3),
+\&\fISSL_CONF_CTX_set1_prefix\fR\|(3),
+\&\fISSL_CONF_CTX_set_ssl_ctx\fR\|(3),
+\&\fISSL_CONF_cmd\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+These functions were first added to OpenSSL 1.0.2
Property changes on: trunk/secure/lib/libssl/man/SSL_CONF_cmd_argv.3
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:keywords
## -0,0 +1 ##
+MidnightBSD=%H
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Added: trunk/secure/lib/libssl/man/SSL_CTX_add1_chain_cert.3
===================================================================
--- trunk/secure/lib/libssl/man/SSL_CTX_add1_chain_cert.3 (rev 0)
+++ trunk/secure/lib/libssl/man/SSL_CTX_add1_chain_cert.3 2019-01-20 05:40:52 UTC (rev 12157)
@@ -0,0 +1,277 @@
+.\" $MidnightBSD$
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+. ds C`
+. ds C'
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is >0, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
+..
+.if !\nF .nr F 0
+.if \nF>0 \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CTX_add1_chain_cert 3"
+.TH SSL_CTX_add1_chain_cert 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CTX_set0_chain, SSL_CTX_set1_chain, SSL_CTX_add0_chain_cert,
+SSL_CTX_add1_chain_cert, SSL_CTX_get0_chain_certs, SSL_CTX_clear_chain_certs,
+SSL_set0_chain, SSL_set1_chain, SSL_add0_chain_cert, SSL_add1_chain_cert,
+SSL_get0_chain_certs, SSL_clear_chain_certs, SSL_CTX_build_cert_chain,
+SSL_build_cert_chain, SSL_CTX_select_current_cert,
+SSL_select_current_cert, SSL_CTX_set_current_cert, SSL_set_current_cert \- extra
+chain certificate processing
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& int SSL_CTX_set0_chain(SSL_CTX *ctx, STACK_OF(X509) *sk);
+\& int SSL_CTX_set1_chain(SSL_CTX *ctx, STACK_OF(X509) *sk);
+\& int SSL_CTX_add0_chain_cert(SSL_CTX *ctx, X509 *x509);
+\& int SSL_CTX_add1_chain_cert(SSL_CTX *ctx, X509 *x509);
+\& int SSL_CTX_get0_chain_certs(SSL_CTX *ctx, STACK_OF(X509) **sk);
+\& int SSL_CTX_clear_chain_certs(SSL_CTX *ctx);
+\&
+\& int SSL_set0_chain(SSL *ssl, STACK_OF(X509) *sk);
+\& int SSL_set1_chain(SSL *ssl, STACK_OF(X509) *sk);
+\& int SSL_add0_chain_cert(SSL *ssl, X509 *x509);
+\& int SSL_add1_chain_cert(SSL *ssl, X509 *x509);
+\& int SSL_get0_chain_certs(SSL *ssl, STACK_OF(X509) **sk);
+\& int SSL_clear_chain_certs(SSL *ssl);
+\&
+\& int SSL_CTX_build_cert_chain(SSL_CTX *ctx, flags);
+\& int SSL_build_cert_chain(SSL *ssl, flags);
+\&
+\& int SSL_CTX_select_current_cert(SSL_CTX *ctx, X509 *x509);
+\& int SSL_select_current_cert(SSL *ssl, X509 *x509);
+\& int SSL_CTX_set_current_cert(SSL_CTX *ctx, long op);
+\& int SSL_set_current_cert(SSL *ssl, long op);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_CTX_set0_chain()\fR and \fISSL_CTX_set1_chain()\fR set the certificate chain
+associated with the current certificate of \fBctx\fR to \fBsk\fR.
+.PP
+\&\fISSL_CTX_add0_chain_cert()\fR and \fISSL_CTX_add1_chain_cert()\fR append the single
+certificate \fBx509\fR to the chain associated with the current certificate of
+\&\fBctx\fR.
+.PP
+\&\fISSL_CTX_get0_chain_certs()\fR retrieves the chain associated with the current
+certificate of \fBctx\fR.
+.PP
+\&\fISSL_CTX_clear_chain_certs()\fR clears any existing chain associated with the
+current certificate of \fBctx\fR. (This is implemented by calling
+\&\fISSL_CTX_set0_chain()\fR with \fBsk\fR set to \fB\s-1NULL\s0\fR).
+.PP
+\&\fISSL_CTX_build_cert_chain()\fR builds the certificate chain for \fBctx\fR normally
+this uses the chain store or the verify store if the chain store is not set.
+If the function is successful the built chain will replace any existing chain.
+The \fBflags\fR parameter can be set to \fB\s-1SSL_BUILD_CHAIN_FLAG_UNTRUSTED\s0\fR to use
+existing chain certificates as untrusted CAs, \fB\s-1SSL_BUILD_CHAIN_FLAG_NO_ROOT\s0\fR
+to omit the root \s-1CA\s0 from the built chain, \fB\s-1SSL_BUILD_CHAIN_FLAG_CHECK\s0\fR to
+use all existing chain certificates only to build the chain (effectively
+sanity checking and rearranging them if necessary), the flag
+\&\fB\s-1SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR\s0\fR ignores any errors during verification:
+if flag \fB\s-1SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR\s0\fR is also set verification errors
+are cleared from the error queue.
+.PP
+Each of these functions operates on the \fIcurrent\fR end entity
+(i.e. server or client) certificate. This is the last certificate loaded or
+selected on the corresponding \fBctx\fR structure.
+.PP
+\&\fISSL_CTX_select_current_cert()\fR selects \fBx509\fR as the current end entity
+certificate, but only if \fBx509\fR has already been loaded into \fBctx\fR using a
+function such as \fISSL_CTX_use_certificate()\fR.
+.PP
+\&\fISSL_set0_chain()\fR, \fISSL_set1_chain()\fR, \fISSL_add0_chain_cert()\fR,
+\&\fISSL_add1_chain_cert()\fR, \fISSL_get0_chain_certs()\fR, \fISSL_clear_chain_certs()\fR,
+\&\fISSL_build_cert_chain()\fR, \fISSL_select_current_cert()\fR and \fISSL_set_current_cert()\fR
+are similar except they apply to \s-1SSL\s0 structure \fBssl\fR.
+.PP
+\&\fISSL_CTX_set_current_cert()\fR changes the current certificate to a value based
+on the \fBop\fR argument. Currently \fBop\fR can be \fB\s-1SSL_CERT_SET_FIRST\s0\fR to use
+the first valid certificate or \fB\s-1SSL_CERT_SET_NEXT\s0\fR to set the next valid
+certificate after the current certificate. These two operations can be
+used to iterate over all certificates in an \fB\s-1SSL_CTX\s0\fR structure.
+.PP
+\&\fISSL_set_current_cert()\fR also supports the option \fB\s-1SSL_CERT_SET_SERVER\s0\fR.
+If \fBssl\fR is a server and has sent a certificate to a connected client
+this option sets that certificate to the current certificate and returns 1.
+If the negotiated ciphersuite is anonymous (and thus no certificate will
+be sent) 2 is returned and the current certificate is unchanged. If \fBssl\fR
+is not a server or a certificate has not been sent 0 is returned and
+the current certificate is unchanged.
+.PP
+All these functions are implemented as macros. Those containing a \fB1\fR
+increment the reference count of the supplied certificate or chain so it must
+be freed at some point after the operation. Those containing a \fB0\fR do
+not increment reference counts and the supplied certificate or chain
+\&\fB\s-1MUST NOT\s0\fR be freed after the operation.
+.SH "NOTES"
+.IX Header "NOTES"
+The chains associate with an \s-1SSL_CTX\s0 structure are copied to any \s-1SSL\s0
+structures when \fISSL_new()\fR is called. \s-1SSL\s0 structures will not be affected
+by any chains subsequently changed in the parent \s-1SSL_CTX.\s0
+.PP
+One chain can be set for each key type supported by a server. So, for example,
+an \s-1RSA\s0 and a \s-1DSA\s0 certificate can (and often will) have different chains.
+.PP
+The functions \fISSL_CTX_build_cert_chain()\fR and \fISSL_build_cert_chain()\fR can
+be used to check application configuration and to ensure any necessary
+subordinate CAs are sent in the correct order. Misconfigured applications
+sending incorrect certificate chains often cause problems with peers.
+.PP
+For example an application can add any set of certificates using
+\&\fISSL_CTX_use_certificate_chain_file()\fR then call \fISSL_CTX_build_cert_chain()\fR
+with the option \fB\s-1SSL_BUILD_CHAIN_FLAG_CHECK\s0\fR to check and reorder them.
+.PP
+Applications can issue non fatal warnings when checking chains by setting
+the flag \fB\s-1SSL_BUILD_CHAIN_FLAG_IGNORE_ERRORS\s0\fR and checking the return
+value.
+.PP
+Calling \fISSL_CTX_build_cert_chain()\fR or \fISSL_build_cert_chain()\fR is more
+efficient than the automatic chain building as it is only performed once.
+Automatic chain building is performed on each new session.
+.PP
+If any certificates are added using these functions no certificates added
+using \fISSL_CTX_add_extra_chain_cert()\fR will be used.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fISSL_set_current_cert()\fR with \fB\s-1SSL_CERT_SET_SERVER\s0\fR return 1 for success, 2 if
+no server certificate is used because the ciphersuites is anonymous and 0
+for failure.
+.PP
+\&\fISSL_CTX_build_cert_chain()\fR and \fISSL_build_cert_chain()\fR return 1 for success
+and 0 for failure. If the flag \fB\s-1SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR\s0\fR and
+a verification error occurs then 2 is returned.
+.PP
+All other functions return 1 for success and 0 for failure.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fISSL_CTX_add_extra_chain_cert\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+These functions were first added to OpenSSL 1.0.2.
Property changes on: trunk/secure/lib/libssl/man/SSL_CTX_add1_chain_cert.3
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:keywords
## -0,0 +1 ##
+MidnightBSD=%H
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Added: trunk/secure/lib/libssl/man/SSL_CTX_get0_param.3
===================================================================
--- trunk/secure/lib/libssl/man/SSL_CTX_get0_param.3 (rev 0)
+++ trunk/secure/lib/libssl/man/SSL_CTX_get0_param.3 2019-01-20 05:40:52 UTC (rev 12157)
@@ -0,0 +1,184 @@
+.\" $MidnightBSD$
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+. ds C`
+. ds C'
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is >0, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
+..
+.if !\nF .nr F 0
+.if \nF>0 \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CTX_get0_param 3"
+.TH SSL_CTX_get0_param 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CTX_get0_param, SSL_get0_param, SSL_CTX_set1_param, SSL_set1_param \-
+get and set verification parameters
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx)
+\& X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl)
+\& int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
+\& int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_CTX_get0_param()\fR and \fISSL_get0_param()\fR retrieve an internal pointer to
+the verification parameters for \fBctx\fR or \fBssl\fR respectively. The returned
+pointer must not be freed by the calling application.
+.PP
+\&\fISSL_CTX_set1_param()\fR and \fISSL_set1_param()\fR set the verification parameters
+to \fBvpm\fR for \fBctx\fR or \fBssl\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+Typically parameters are retrieved from an \fB\s-1SSL_CTX\s0\fR or \fB\s-1SSL\s0\fR structure
+using \fISSL_CTX_get0_param()\fR or \fISSL_get0_param()\fR and an application modifies
+them to suit its needs: for example to add a hostname check.
+.SH "EXAMPLE"
+.IX Header "EXAMPLE"
+Check hostname matches \*(L"www.foo.com\*(R" in peer certificate:
+.PP
+.Vb 2
+\& X509_VERIFY_PARAM *vpm = SSL_get0_param(ssl);
+\& X509_VERIFY_PARAM_set1_host(vpm, "www.foo.com", 0);
+.Ve
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fISSL_CTX_get0_param()\fR and \fISSL_get0_param()\fR return a pointer to an
+\&\fBX509_VERIFY_PARAM\fR structure.
+.PP
+\&\fISSL_CTX_set1_param()\fR and \fISSL_set1_param()\fR return 1 for success and 0
+for failure.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIX509_VERIFY_PARAM_set_flags\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+These functions were first added to OpenSSL 1.0.2.
Property changes on: trunk/secure/lib/libssl/man/SSL_CTX_get0_param.3
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:keywords
## -0,0 +1 ##
+MidnightBSD=%H
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Added: trunk/secure/lib/libssl/man/SSL_CTX_set1_curves.3
===================================================================
--- trunk/secure/lib/libssl/man/SSL_CTX_set1_curves.3 (rev 0)
+++ trunk/secure/lib/libssl/man/SSL_CTX_set1_curves.3 2019-01-20 05:40:52 UTC (rev 12157)
@@ -0,0 +1,233 @@
+.\" $MidnightBSD$
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+. ds C`
+. ds C'
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is >0, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
+..
+.if !\nF .nr F 0
+.if \nF>0 \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CTX_set1_curves 3"
+.TH SSL_CTX_set1_curves 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CTX_set1_curves, SSL_CTX_set1_curves_list, SSL_set1_curves,
+SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve,
+SSL_CTX_set_ecdh_auto, SSL_set_ecdh_auto \- EC supported curve functions
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& int SSL_CTX_set1_curves(SSL_CTX *ctx, int *clist, int clistlen);
+\& int SSL_CTX_set1_curves_list(SSL_CTX *ctx, char *list);
+\&
+\& int SSL_set1_curves(SSL *ssl, int *clist, int clistlen);
+\& int SSL_set1_curves_list(SSL *ssl, char *list);
+\&
+\& int SSL_get1_curves(SSL *ssl, int *curves);
+\& int SSL_get_shared_curve(SSL *s, int n);
+\&
+\& int SSL_CTX_set_ecdh_auto(SSL_CTX *ctx, int onoff);
+\& int SSL_set_ecdh_auto(SSL *s, int onoff);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_CTX_set1_curves()\fR sets the supported curves for \fBctx\fR to \fBclistlen\fR
+curves in the array \fBclist\fR. The array consist of all NIDs of curves in
+preference order. For a \s-1TLS\s0 client the curves are used directly in the
+supported curves extension. For a \s-1TLS\s0 server the curves are used to
+determine the set of shared curves.
+.PP
+\&\fISSL_CTX_set1_curves_list()\fR sets the supported curves for \fBctx\fR to
+string \fBlist\fR. The string is a colon separated list of curve NIDs or
+names, for example \*(L"P\-521:P\-384:P\-256\*(R".
+.PP
+\&\fISSL_set1_curves()\fR and \fISSL_set1_curves_list()\fR are similar except they set
+supported curves for the \s-1SSL\s0 structure \fBssl\fR.
+.PP
+\&\fISSL_get1_curves()\fR returns the set of supported curves sent by a client
+in the supported curves extension. It returns the total number of
+supported curves. The \fBcurves\fR parameter can be \fB\s-1NULL\s0\fR to simply
+return the number of curves for memory allocation purposes. The
+\&\fBcurves\fR array is in the form of a set of curve NIDs in preference
+order. It can return zero if the client did not send a supported curves
+extension.
+.PP
+\&\fISSL_get_shared_curve()\fR returns shared curve \fBn\fR for a server-side
+\&\s-1SSL\s0 \fBssl\fR. If \fBn\fR is \-1 then the total number of shared curves is
+returned, which may be zero. Other than for diagnostic purposes,
+most applications will only be interested in the first shared curve
+so \fBn\fR is normally set to zero. If the value \fBn\fR is out of range,
+NID_undef is returned.
+.PP
+\&\fISSL_CTX_set_ecdh_auto()\fR and \fISSL_set_ecdh_auto()\fR set automatic curve
+selection for server \fBctx\fR or \fBssl\fR to \fBonoff\fR. If \fBonoff\fR is 1 then
+the highest preference curve is automatically used for \s-1ECDH\s0 temporary
+keys used during key exchange.
+.PP
+All these functions are implemented as macros.
+.SH "NOTES"
+.IX Header "NOTES"
+If an application wishes to make use of several of these functions for
+configuration purposes either on a command line or in a file it should
+consider using the \s-1SSL_CONF\s0 interface instead of manually parsing options.
+.PP
+The functions \fISSL_CTX_set_ecdh_auto()\fR and \fISSL_set_ecdh_auto()\fR can be used to
+make a server always choose the most appropriate curve for a client. If set
+it will override any temporary \s-1ECDH\s0 parameters set by a server. Previous
+versions of OpenSSL could effectively only use a single \s-1ECDH\s0 curve set
+using a function such as \fISSL_CTX_set_ecdh_tmp()\fR. Newer applications should
+just call:
+.PP
+.Vb 1
+\& SSL_CTX_set_ecdh_auto(ctx, 1);
+.Ve
+.PP
+and they will automatically support \s-1ECDH\s0 using the most appropriate shared
+curve.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fISSL_CTX_set1_curves()\fR, \fISSL_CTX_set1_curves_list()\fR, \fISSL_set1_curves()\fR,
+\&\fISSL_set1_curves_list()\fR, \fISSL_CTX_set_ecdh_auto()\fR and \fISSL_set_ecdh_auto()\fR
+return 1 for success and 0 for failure.
+.PP
+\&\fISSL_get1_curves()\fR returns the number of curves, which may be zero.
+.PP
+\&\fISSL_get_shared_curve()\fR returns the \s-1NID\s0 of shared curve \fBn\fR or NID_undef if there
+is no shared curve \fBn\fR; or the total number of shared curves if \fBn\fR
+is \-1.
+.PP
+When called on a client \fBssl\fR, \fISSL_get_shared_curve()\fR has no meaning and
+returns \-1.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fISSL_CTX_add_extra_chain_cert\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+These functions were first added to OpenSSL 1.0.2.
Property changes on: trunk/secure/lib/libssl/man/SSL_CTX_set1_curves.3
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:keywords
## -0,0 +1 ##
+MidnightBSD=%H
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Added: trunk/secure/lib/libssl/man/SSL_CTX_set1_verify_cert_store.3
===================================================================
--- trunk/secure/lib/libssl/man/SSL_CTX_set1_verify_cert_store.3 (rev 0)
+++ trunk/secure/lib/libssl/man/SSL_CTX_set1_verify_cert_store.3 2019-01-20 05:40:52 UTC (rev 12157)
@@ -0,0 +1,219 @@
+.\" $MidnightBSD$
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+. ds C`
+. ds C'
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is >0, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
+..
+.if !\nF .nr F 0
+.if \nF>0 \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CTX_set1_verify_cert_store 3"
+.TH SSL_CTX_set1_verify_cert_store 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CTX_set0_verify_cert_store, SSL_CTX_set1_verify_cert_store,
+SSL_CTX_set0_chain_cert_store, SSL_CTX_set1_chain_cert_store,
+SSL_set0_verify_cert_store, SSL_set1_verify_cert_store,
+SSL_set0_chain_cert_store, SSL_set1_chain_cert_store \- set certificate
+verification or chain store
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& int SSL_CTX_set0_verify_cert_store(SSL_CTX *ctx, X509_STORE *st);
+\& int SSL_CTX_set1_verify_cert_store(SSL_CTX *ctx, X509_STORE *st);
+\& int SSL_CTX_set0_chain_cert_store(SSL_CTX *ctx, X509_STORE *st);
+\& int SSL_CTX_set1_chain_cert_store(SSL_CTX *ctx, X509_STORE *st);
+\&
+\& int SSL_set0_verify_cert_store(SSL *ctx, X509_STORE *st);
+\& int SSL_set1_verify_cert_store(SSL *ctx, X509_STORE *st);
+\& int SSL_set0_chain_cert_store(SSL *ctx, X509_STORE *st);
+\& int SSL_set1_chain_cert_store(SSL *ctx, X509_STORE *st);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_CTX_set0_verify_cert_store()\fR and \fISSL_CTX_set1_verify_cert_store()\fR
+set the certificate store used for certificate verification to \fBst\fR.
+.PP
+\&\fISSL_CTX_set0_chain_cert_store()\fR and \fISSL_CTX_set1_chain_cert_store()\fR
+set the certificate store used for certificate chain building to \fBst\fR.
+.PP
+\&\fISSL_set0_verify_cert_store()\fR, \fISSL_set1_verify_cert_store()\fR,
+\&\fISSL_set0_chain_cert_store()\fR and \fISSL_set1_chain_cert_store()\fR are similar
+except they apply to \s-1SSL\s0 structure \fBssl\fR.
+.PP
+All these functions are implemented as macros. Those containing a \fB1\fR
+increment the reference count of the supplied store so it must
+be freed at some point after the operation. Those containing a \fB0\fR do
+not increment reference counts and the supplied store \fB\s-1MUST NOT\s0\fR be freed
+after the operation.
+.SH "NOTES"
+.IX Header "NOTES"
+The stores pointers associated with an \s-1SSL_CTX\s0 structure are copied to any \s-1SSL\s0
+structures when \fISSL_new()\fR is called. As a result \s-1SSL\s0 structures will not be
+affected if the parent \s-1SSL_CTX\s0 store pointer is set to a new value.
+.PP
+The verification store is used to verify the certificate chain sent by the
+peer: that is an \s-1SSL/TLS\s0 client will use the verification store to verify
+the server's certificate chain and a \s-1SSL/TLS\s0 server will use it to verify
+any client certificate chain.
+.PP
+The chain store is used to build the certificate chain.
+.PP
+If the mode \fB\s-1SSL_MODE_NO_AUTO_CHAIN\s0\fR is set or a certificate chain is
+configured already (for example using the functions such as
+\&\fISSL_CTX_add1_chain_cert\fR\|(3) or
+\&\fISSL_CTX_add_extra_chain_cert\fR\|(3)) then
+automatic chain building is disabled.
+.PP
+If the mode \fB\s-1SSL_MODE_NO_AUTO_CHAIN\s0\fR is set then automatic chain building
+is disabled.
+.PP
+If the chain or the verification store is not set then the store associated
+with the parent \s-1SSL_CTX\s0 is used instead to retain compatibility with previous
+versions of OpenSSL.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+All these functions return 1 for success and 0 for failure.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fISSL_CTX_add_extra_chain_cert\fR\|(3)
+\&\fISSL_CTX_set0_chain\fR\|(3)
+\&\fISSL_CTX_set1_chain\fR\|(3)
+\&\fISSL_CTX_add0_chain_cert\fR\|(3)
+\&\fISSL_CTX_add1_chain_cert\fR\|(3)
+\&\fISSL_set0_chain\fR\|(3)
+\&\fISSL_set1_chain\fR\|(3)
+\&\fISSL_add0_chain_cert\fR\|(3)
+\&\fISSL_add1_chain_cert\fR\|(3)
+\&\fISSL_CTX_build_cert_chain\fR\|(3)
+\&\fISSL_build_cert_chain\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+These functions were first added to OpenSSL 1.0.2.
Property changes on: trunk/secure/lib/libssl/man/SSL_CTX_set1_verify_cert_store.3
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:keywords
## -0,0 +1 ##
+MidnightBSD=%H
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Added: trunk/secure/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3
===================================================================
--- trunk/secure/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3 (rev 0)
+++ trunk/secure/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3 2019-01-20 05:40:52 UTC (rev 12157)
@@ -0,0 +1,245 @@
+.\" $MidnightBSD$
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+. ds C`
+. ds C'
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is >0, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
+..
+.if !\nF .nr F 0
+.if \nF>0 \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CTX_set_alpn_select_cb 3"
+.TH SSL_CTX_set_alpn_select_cb 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CTX_set_alpn_protos, SSL_set_alpn_protos, SSL_CTX_set_alpn_select_cb,
+SSL_select_next_proto, SSL_get0_alpn_selected \- handle application layer
+protocol negotiation (ALPN)
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
+\& unsigned protos_len);
+\& int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
+\& unsigned protos_len);
+\& void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
+\& int (*cb) (SSL *ssl,
+\& const unsigned char **out,
+\& unsigned char *outlen,
+\& const unsigned char *in,
+\& unsigned int inlen,
+\& void *arg), void *arg);
+\& int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
+\& const unsigned char *server,
+\& unsigned int server_len,
+\& const unsigned char *client,
+\& unsigned int client_len)
+\& void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
+\& unsigned int *len);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_CTX_set_alpn_protos()\fR and \fISSL_set_alpn_protos()\fR are used by the client to
+set the list of protocols available to be negotiated. The \fBprotos\fR must be in
+protocol-list format, described below. The length of \fBprotos\fR is specified in
+\&\fBprotos_len\fR.
+.PP
+\&\fISSL_CTX_set_alpn_select_cb()\fR sets the application callback \fBcb\fR used by a
+server to select which protocol to use for the incoming connection. When \fBcb\fR
+is \s-1NULL, ALPN\s0 is not used. The \fBarg\fR value is a pointer which is passed to
+the application callback.
+.PP
+\&\fBcb\fR is the application defined callback. The \fBin\fR, \fBinlen\fR parameters are a
+vector in protocol-list format. The value of the \fBout\fR, \fBoutlen\fR vector
+should be set to the value of a single protocol selected from the \fBin\fR,
+\&\fBinlen\fR vector. The \fBarg\fR parameter is the pointer set via
+\&\fISSL_CTX_set_alpn_select_cb()\fR.
+.PP
+\&\fISSL_select_next_proto()\fR is a helper function used to select protocols. It
+implements the standard protocol selection. It is expected that this function
+is called from the application callback \fBcb\fR. The protocol data in \fBserver\fR,
+\&\fBserver_len\fR and \fBclient\fR, \fBclient_len\fR must be in the protocol-list format
+described below. The first item in the \fBserver\fR, \fBserver_len\fR list that
+matches an item in the \fBclient\fR, \fBclient_len\fR list is selected, and returned
+in \fBout\fR, \fBoutlen\fR. The \fBout\fR value will point into either \fBserver\fR or
+\&\fBclient\fR, so it should be copied immediately. If no match is found, the first
+item in \fBclient\fR, \fBclient_len\fR is returned in \fBout\fR, \fBoutlen\fR. This
+function can also be used in the \s-1NPN\s0 callback.
+.PP
+\&\fISSL_get0_alpn_selected()\fR returns a pointer to the selected protocol in \fBdata\fR
+with length \fBlen\fR. It is not NUL-terminated. \fBdata\fR is set to \s-1NULL\s0 and \fBlen\fR
+is set to 0 if no protocol has been selected. \fBdata\fR must not be freed.
+.SH "NOTES"
+.IX Header "NOTES"
+The protocol-lists must be in wire-format, which is defined as a vector of
+non-empty, 8\-bit length-prefixed, byte strings. The length-prefix byte is not
+included in the length. Each string is limited to 255 bytes. A byte-string
+length of 0 is invalid. A truncated byte-string is invalid. The length of the
+vector is not in the vector itself, but in a separate variable.
+.PP
+Example:
+.PP
+.Vb 5
+\& unsigned char vector[] = {
+\& 6, \*(Aqs\*(Aq, \*(Aqp\*(Aq, \*(Aqd\*(Aq, \*(Aqy\*(Aq, \*(Aq/\*(Aq, \*(Aq1\*(Aq,
+\& 8, \*(Aqh\*(Aq, \*(Aqt\*(Aq, \*(Aqt\*(Aq, \*(Aqp\*(Aq, \*(Aq/\*(Aq, \*(Aq1\*(Aq, \*(Aq.\*(Aq, \*(Aq1\*(Aq
+\& };
+\& unsigned int length = sizeof(vector);
+.Ve
+.PP
+The \s-1ALPN\s0 callback is executed after the servername callback; as that servername
+callback may update the \s-1SSL_CTX,\s0 and subsequently, the \s-1ALPN\s0 callback.
+.PP
+If there is no \s-1ALPN\s0 proposed in the ClientHello, the \s-1ALPN\s0 callback is not
+invoked.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fISSL_CTX_set_alpn_protos()\fR and \fISSL_set_alpn_protos()\fR return 0 on success, and
+non\-0 on failure. \s-1WARNING:\s0 these functions reverse the return value convention.
+.PP
+\&\fISSL_select_next_proto()\fR returns one of the following:
+.IP "\s-1OPENSSL_NPN_NEGOTIATED\s0" 4
+.IX Item "OPENSSL_NPN_NEGOTIATED"
+A match was found and is returned in \fBout\fR, \fBoutlen\fR.
+.IP "\s-1OPENSSL_NPN_NO_OVERLAP\s0" 4
+.IX Item "OPENSSL_NPN_NO_OVERLAP"
+No match was found. The first item in \fBclient\fR, \fBclient_len\fR is returned in
+\&\fBout\fR, \fBoutlen\fR.
+.PP
+The \s-1ALPN\s0 select callback \fBcb\fR, must return one of the following:
+.IP "\s-1SSL_TLSEXT_ERR_OK\s0" 4
+.IX Item "SSL_TLSEXT_ERR_OK"
+\&\s-1ALPN\s0 protocol selected.
+.IP "\s-1SSL_TLSEXT_ERR_NOACK\s0" 4
+.IX Item "SSL_TLSEXT_ERR_NOACK"
+\&\s-1ALPN\s0 protocol not selected.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3), \fISSL_CTX_set_tlsext_servername_callback\fR\|(3),
+\&\fISSL_CTX_set_tlsext_servername_arg\fR\|(3)
Property changes on: trunk/secure/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:keywords
## -0,0 +1 ##
+MidnightBSD=%H
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Added: trunk/secure/lib/libssl/man/SSL_CTX_set_cert_cb.3
===================================================================
--- trunk/secure/lib/libssl/man/SSL_CTX_set_cert_cb.3 (rev 0)
+++ trunk/secure/lib/libssl/man/SSL_CTX_set_cert_cb.3 2019-01-20 05:40:52 UTC (rev 12157)
@@ -0,0 +1,198 @@
+.\" $MidnightBSD$
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+. ds C`
+. ds C'
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is >0, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
+..
+.if !\nF .nr F 0
+.if \nF>0 \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CTX_set_cert_cb 3"
+.TH SSL_CTX_set_cert_cb 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CTX_set_cert_cb, SSL_set_cert_cb \- handle certificate callback function
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cert_cb)(SSL *ssl, void *arg), void *arg);
+\& void SSL_set_cert_cb(SSL *s, int (*cert_cb)(SSL *ssl, void *arg), void *arg);
+\&
+\& int (*cert_cb)(SSL *ssl, void *arg);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_CTX_set_cert_cb()\fR and \fISSL_set_cert_cb()\fR sets the \fB\f(BIcert_cb()\fB\fR callback,
+\&\fBarg\fR value is pointer which is passed to the application callback.
+.PP
+When \fB\f(BIcert_cb()\fB\fR is \s-1NULL,\s0 no callback function is used.
+.PP
+\&\fIcert_cb()\fR is the application defined callback. It is called before a
+certificate will be used by a client or server. The callback can then inspect
+the passed \fBssl\fR structure and set or clear any appropriate certificates. If
+the callback is successful it \fB\s-1MUST\s0\fR return 1 even if no certificates have
+been set. A zero is returned on error which will abort the handshake with a
+fatal internal error alert. A negative return value will suspend the handshake
+and the handshake function will return immediately.
+\&\fISSL_get_error\fR\|(3) will return \s-1SSL_ERROR_WANT_X509_LOOKUP\s0 to
+indicate, that the handshake was suspended. The next call to the handshake
+function will again lead to the call of \fIcert_cb()\fR. It is the job of the
+\&\fIcert_cb()\fR to store information about the state of the last call,
+if required to continue.
+.SH "NOTES"
+.IX Header "NOTES"
+An application will typically call \fISSL_use_certificate()\fR and
+\&\fISSL_use_PrivateKey()\fR to set the end entity certificate and private key.
+It can add intermediate and optionally the root \s-1CA\s0 certificates using
+\&\fISSL_add1_chain_cert()\fR.
+.PP
+It might also call \fISSL_certs_clear()\fR to delete any certificates associated
+with the \fB\s-1SSL\s0\fR object.
+.PP
+The certificate callback functionality supercedes the (largely broken)
+functionality provided by the old client certificate callback interface.
+It is \fBalways\fR called even is a certificate is already set so the callback
+can modify or delete the existing certificate.
+.PP
+A more advanced callback might examine the handshake parameters and set
+whatever chain is appropriate. For example a legacy client supporting only
+\&\s-1TLS\s0 v1.0 might receive a certificate chain signed using \s-1SHA1\s0 whereas a
+\&\s-1TLS\s0 v1.2 client which advertises support for \s-1SHA256\s0 could receive a chain
+using \s-1SHA256.\s0
+.PP
+Normal server sanity checks are performed on any certificates set
+by the callback. So if an \s-1EC\s0 chain is set for a curve the client does not
+support it will \fBnot\fR be used.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3), \fISSL_use_certificate\fR\|(3),
+\&\fISSL_add1_chain_cert\fR\|(3),
+\&\fISSL_get_client_CA_list\fR\|(3),
+\&\fISSL_clear\fR\|(3), \fISSL_free\fR\|(3)
Property changes on: trunk/secure/lib/libssl/man/SSL_CTX_set_cert_cb.3
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:keywords
## -0,0 +1 ##
+MidnightBSD=%H
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Added: trunk/secure/lib/libssl/man/SSL_CTX_set_custom_cli_ext.3
===================================================================
--- trunk/secure/lib/libssl/man/SSL_CTX_set_custom_cli_ext.3 (rev 0)
+++ trunk/secure/lib/libssl/man/SSL_CTX_set_custom_cli_ext.3 2019-01-20 05:40:52 UTC (rev 12157)
@@ -0,0 +1,261 @@
+.\" $MidnightBSD$
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+. ds C`
+. ds C'
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is >0, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
+..
+.if !\nF .nr F 0
+.if \nF>0 \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CTX_set_custom_cli_ext 3"
+.TH SSL_CTX_set_custom_cli_ext 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CTX_add_client_custom_ext, SSL_CTX_add_server_custom_ext \- custom TLS extension handling
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
+\& custom_ext_add_cb add_cb,
+\& custom_ext_free_cb free_cb, void *add_arg,
+\& custom_ext_parse_cb parse_cb,
+\& void *parse_arg);
+\&
+\& int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
+\& custom_ext_add_cb add_cb,
+\& custom_ext_free_cb free_cb, void *add_arg,
+\& custom_ext_parse_cb parse_cb,
+\& void *parse_arg);
+\&
+\& int SSL_extension_supported(unsigned int ext_type);
+\&
+\& typedef int (*custom_ext_add_cb)(SSL *s, unsigned int ext_type,
+\& const unsigned char **out,
+\& size_t *outlen, int *al,
+\& void *add_arg);
+\&
+\& typedef void (*custom_ext_free_cb)(SSL *s, unsigned int ext_type,
+\& const unsigned char *out,
+\& void *add_arg);
+\&
+\& typedef int (*custom_ext_parse_cb)(SSL *s, unsigned int ext_type,
+\& const unsigned char *in,
+\& size_t inlen, int *al,
+\& void *parse_arg);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_CTX_add_client_custom_ext()\fR adds a custom extension for a \s-1TLS\s0 client
+with extension type \fBext_type\fR and callbacks \fBadd_cb\fR, \fBfree_cb\fR and
+\&\fBparse_cb\fR.
+.PP
+\&\fISSL_CTX_add_server_custom_ext()\fR adds a custom extension for a \s-1TLS\s0 server
+with extension type \fBext_type\fR and callbacks \fBadd_cb\fR, \fBfree_cb\fR and
+\&\fBparse_cb\fR.
+.PP
+In both cases the extension type must not be handled by OpenSSL internally
+or an error occurs.
+.PP
+\&\fISSL_extension_supported()\fR returns 1 if the extension \fBext_type\fR is handled
+internally by OpenSSL and 0 otherwise.
+.SH "EXTENSION CALLBACKS"
+.IX Header "EXTENSION CALLBACKS"
+The callback \fBadd_cb\fR is called to send custom extension data to be
+included in ClientHello for \s-1TLS\s0 clients or ServerHello for servers. The
+\&\fBext_type\fR parameter is set to the extension type which will be added and
+\&\fBadd_arg\fR to the value set when the extension handler was added.
+.PP
+If the application wishes to include the extension \fBext_type\fR it should
+set \fB*out\fR to the extension data, set \fB*outlen\fR to the length of the
+extension data and return 1.
+.PP
+If the \fBadd_cb\fR does not wish to include the extension it must return 0.
+.PP
+If \fBadd_cb\fR returns \-1 a fatal handshake error occurs using the \s-1TLS\s0
+alert value specified in \fB*al\fR.
+.PP
+For clients (but not servers) if \fBadd_cb\fR is set to \s-1NULL\s0 a zero length
+extension is added for \fBext_type\fR.
+.PP
+For clients every registered \fBadd_cb\fR is always called to see if the
+application wishes to add an extension to ClientHello.
+.PP
+For servers every registered \fBadd_cb\fR is called once if and only if the
+corresponding extension was received in ClientHello to see if the application
+wishes to add the extension to ServerHello. That is, if no corresponding extension
+was received in ClientHello then \fBadd_cb\fR will not be called.
+.PP
+If an extension is added (that is \fBadd_cb\fR returns 1) \fBfree_cb\fR is called
+(if it is set) with the value of \fBout\fR set by the add callback. It can be
+used to free up any dynamic extension data set by \fBadd_cb\fR. Since \fBout\fR is
+constant (to permit use of constant data in \fBadd_cb\fR) applications may need to
+cast away const to free the data.
+.PP
+The callback \fBparse_cb\fR receives data for \s-1TLS\s0 extensions. For \s-1TLS\s0 clients
+the extension data will come from ServerHello and for \s-1TLS\s0 servers it will
+come from ClientHello.
+.PP
+The extension data consists of \fBinlen\fR bytes in the buffer \fBin\fR for the
+extension \fBextension_type\fR.
+.PP
+If the \fBparse_cb\fR considers the extension data acceptable it must return
+1. If it returns 0 or a negative value a fatal handshake error occurs
+using the \s-1TLS\s0 alert value specified in \fB*al\fR.
+.PP
+The buffer \fBin\fR is a temporary internal buffer which will not be valid after
+the callback returns.
+.SH "NOTES"
+.IX Header "NOTES"
+The \fBadd_arg\fR and \fBparse_arg\fR parameters can be set to arbitrary values
+which will be passed to the corresponding callbacks. They can, for example,
+be used to store the extension data received in a convenient structure or
+pass the extension data to be added or freed when adding extensions.
+.PP
+The \fBext_type\fR parameter corresponds to the \fBextension_type\fR field of
+\&\s-1RFC5246\s0 et al. It is \fBnot\fR a \s-1NID.\s0
+.PP
+If the same custom extension type is received multiple times a fatal
+\&\fBdecode_error\fR alert is sent and the handshake aborts. If a custom extension
+is received in ServerHello which was not sent in ClientHello a fatal
+\&\fBunsupported_extension\fR alert is sent and the handshake is aborted. The
+ServerHello \fBadd_cb\fR callback is only called if the corresponding extension
+was received in ClientHello. This is compliant with the \s-1TLS\s0 specifications.
+This behaviour ensures that each callback is called at most once and that
+an application can never send unsolicited extensions.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fISSL_CTX_add_client_custom_ext()\fR and \fISSL_CTX_add_server_custom_ext()\fR return 1 for
+success and 0 for failure. A failure can occur if an attempt is made to
+add the same \fBext_type\fR more than once, if an attempt is made to use an
+extension type handled internally by OpenSSL or if an internal error occurs
+(for example a memory allocation failure).
+.PP
+\&\fISSL_extension_supported()\fR returns 1 if the extension \fBext_type\fR is handled
+internally by OpenSSL and 0 otherwise.
Property changes on: trunk/secure/lib/libssl/man/SSL_CTX_set_custom_cli_ext.3
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:keywords
## -0,0 +1 ##
+MidnightBSD=%H
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Added: trunk/secure/lib/libssl/man/SSL_CTX_set_tlsext_servername_callback.3
===================================================================
--- trunk/secure/lib/libssl/man/SSL_CTX_set_tlsext_servername_callback.3 (rev 0)
+++ trunk/secure/lib/libssl/man/SSL_CTX_set_tlsext_servername_callback.3 2019-01-20 05:40:52 UTC (rev 12157)
@@ -0,0 +1,190 @@
+.\" $MidnightBSD$
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+. ds C`
+. ds C'
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is >0, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
+..
+.if !\nF .nr F 0
+.if \nF>0 \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CTX_set_tlsext_servername_callback 3"
+.TH SSL_CTX_set_tlsext_servername_callback 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CTX_set_tlsext_servername_callback, SSL_CTX_set_tlsext_servername_arg,
+SSL_get_servername_type, SSL_get_servername \- handle server name indication
+(SNI)
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& long SSL_CTX_set_tlsext_servername_callback(SSL_CTX *ctx,
+\& int (*cb)(SSL *, int *, void *));
+\& long SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg);
+\&
+\& const char *SSL_get_servername(const SSL *s, const int type);
+\& int SSL_get_servername_type(const SSL *s);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_CTX_set_tlsext_servername_callback()\fR sets the application callback \fBcb\fR
+used by a server to perform any actions or configuration required based on
+the servername extension received in the incoming connection. When \fBcb\fR
+is \s-1NULL, SNI\s0 is not used. The \fBarg\fR value is a pointer which is passed to
+the application callback.
+.PP
+\&\fISSL_CTX_set_tlsext_servername_arg()\fR sets a context-specific argument to be
+passed into the callback for this \fB\s-1SSL_CTX\s0\fR.
+.PP
+\&\fISSL_get_servername()\fR returns a servername extension value of the specified
+type if provided in the Client Hello or \s-1NULL.\s0
+.PP
+\&\fISSL_get_servername_type()\fR returns the servername type or \-1 if no servername
+is present. Currently the only supported type (defined in \s-1RFC3546\s0) is
+\&\fBTLSEXT_NAMETYPE_host_name\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+The \s-1ALPN\s0 and \s-1SNI\s0 callbacks are both executed during Client Hello processing.
+The servername callback is executed first, followed by the \s-1ALPN\s0 callback.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fISSL_CTX_set_tlsext_servername_callback()\fR and
+\&\fISSL_CTX_set_tlsext_servername_arg()\fR both always return 1 indicating success.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(7), \fISSL_CTX_set_alpn_select_cb\fR\|(3),
+\&\fISSL_get0_alpn_selected\fR\|(3)
+.SH "COPYRIGHT"
+.IX Header "COPYRIGHT"
+Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+.PP
+Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file \s-1LICENSE\s0 in the source distribution or at
+<https://www.openssl.org/source/license.html>.
Property changes on: trunk/secure/lib/libssl/man/SSL_CTX_set_tlsext_servername_callback.3
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:keywords
## -0,0 +1 ##
+MidnightBSD=%H
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Added: trunk/secure/lib/libssl/man/SSL_CTX_use_serverinfo.3
===================================================================
--- trunk/secure/lib/libssl/man/SSL_CTX_use_serverinfo.3 (rev 0)
+++ trunk/secure/lib/libssl/man/SSL_CTX_use_serverinfo.3 2019-01-20 05:40:52 UTC (rev 12157)
@@ -0,0 +1,184 @@
+.\" $MidnightBSD$
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+. ds C`
+. ds C'
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is >0, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
+..
+.if !\nF .nr F 0
+.if \nF>0 \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CTX_use_serverinfo 3"
+.TH SSL_CTX_use_serverinfo 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CTX_use_serverinfo, SSL_CTX_use_serverinfo_file \- use serverinfo extension
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo,
+\& size_t serverinfo_length);
+\&
+\& int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+These functions load \*(L"serverinfo\*(R" \s-1TLS\s0 ServerHello Extensions into the \s-1SSL_CTX.
+A\s0 \*(L"serverinfo\*(R" extension is returned in response to an empty ClientHello
+Extension.
+.PP
+\&\fISSL_CTX_use_serverinfo()\fR loads one or more serverinfo extensions from
+a byte array into \fBctx\fR. The extensions must be concatenated into a
+sequence of bytes. Each extension must consist of a 2\-byte Extension Type,
+a 2\-byte length, and then length bytes of extension_data.
+.PP
+\&\fISSL_CTX_use_serverinfo_file()\fR loads one or more serverinfo extensions from
+\&\fBfile\fR into \fBctx\fR. The extensions must be in \s-1PEM\s0 format. Each extension
+must consist of a 2\-byte Extension Type, a 2\-byte length, and then length
+bytes of extension_data. Each \s-1PEM\s0 extension name must begin with the phrase
+\&\*(L"\s-1BEGIN SERVERINFO FOR \*(R".\s0
+.PP
+If more than one certificate (\s-1RSA/DSA\s0) is installed using
+\&\fISSL_CTX_use_certificate()\fR, the serverinfo extension will be loaded into the
+last certificate installed. If e.g. the last item was a \s-1RSA\s0 certificate, the
+loaded serverinfo extension data will be loaded for that certificate. To
+use the serverinfo extension for multiple certificates,
+\&\fISSL_CTX_use_serverinfo()\fR needs to be called multiple times, once \fBafter\fR
+each time a certificate is loaded.
+.SH "NOTES"
+.IX Header "NOTES"
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+On success, the functions return 1.
+On failure, the functions return 0. Check out the error stack to find out
+the reason.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+.SH "HISTORY"
+.IX Header "HISTORY"
Property changes on: trunk/secure/lib/libssl/man/SSL_CTX_use_serverinfo.3
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:keywords
## -0,0 +1 ##
+MidnightBSD=%H
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Added: trunk/secure/lib/libssl/man/SSL_check_chain.3
===================================================================
--- trunk/secure/lib/libssl/man/SSL_check_chain.3 (rev 0)
+++ trunk/secure/lib/libssl/man/SSL_check_chain.3 2019-01-20 05:40:52 UTC (rev 12157)
@@ -0,0 +1,214 @@
+.\" $MidnightBSD$
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+. ds C`
+. ds C'
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is >0, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
+..
+.if !\nF .nr F 0
+.if \nF>0 \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_check_chain 3"
+.TH SSL_check_chain 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_check_chain \- check certificate chain suitability
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_check_chain()\fR checks whether certificate \fBx\fR, private key \fBpk\fR and
+certificate chain \fBchain\fR is suitable for use with the current session
+\&\fBs\fR.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fISSL_check_chain()\fR returns a bitmap of flags indicating the validity of the
+chain.
+.PP
+\&\fB\s-1CERT_PKEY_VALID\s0\fR: the chain can be used with the current session.
+If this flag is \fBnot\fR set then the certificate will never be used even
+if the application tries to set it because it is inconsistent with the
+peer preferences.
+.PP
+\&\fB\s-1CERT_PKEY_SIGN\s0\fR: the \s-1EE\s0 key can be used for signing.
+.PP
+\&\fB\s-1CERT_PKEY_EE_SIGNATURE\s0\fR: the signature algorithm of the \s-1EE\s0 certificate is
+acceptable.
+.PP
+\&\fB\s-1CERT_PKEY_CA_SIGNATURE\s0\fR: the signature algorithms of all \s-1CA\s0 certificates
+are acceptable.
+.PP
+\&\fB\s-1CERT_PKEY_EE_PARAM\s0\fR: the parameters of the end entity certificate are
+acceptable (e.g. it is a supported curve).
+.PP
+\&\fB\s-1CERT_PKEY_CA_PARAM\s0\fR: the parameters of all \s-1CA\s0 certificates are acceptable.
+.PP
+\&\fB\s-1CERT_PKEY_EXPLICIT_SIGN\s0\fR: the end entity certificate algorithm
+can be used explicitly for signing (i.e. it is mentioned in the signature
+algorithms extension).
+.PP
+\&\fB\s-1CERT_PKEY_ISSUER_NAME\s0\fR: the issuer name is acceptable. This is only
+meaningful for client authentication.
+.PP
+\&\fB\s-1CERT_PKEY_CERT_TYPE\s0\fR: the certificate type is acceptable. Only meaningful
+for client authentication.
+.PP
+\&\fB\s-1CERT_PKEY_SUITEB\s0\fR: chain is suitable for Suite B use.
+.SH "NOTES"
+.IX Header "NOTES"
+\&\fISSL_check_chain()\fR must be called in servers after a client hello message or in
+clients after a certificate request message. It will typically be called
+in the certificate callback.
+.PP
+An application wishing to support multiple certificate chains may call this
+function on each chain in turn: starting with the one it considers the
+most secure. It could then use the chain of the first set which returns
+suitable flags.
+.PP
+As a minimum the flag \fB\s-1CERT_PKEY_VALID\s0\fR must be set for a chain to be
+usable. An application supporting multiple chains with different \s-1CA\s0 signature
+algorithms may also wish to check \fB\s-1CERT_PKEY_CA_SIGNATURE\s0\fR too. If no
+chain is suitable a server should fall back to the most secure chain which
+sets \fB\s-1CERT_PKEY_VALID\s0\fR.
+.PP
+The validity of a chain is determined by checking if it matches a supported
+signature algorithm, supported curves and in the case of client authentication
+certificate types and issuer names.
+.PP
+Since the supported signature algorithms extension is only used in \s-1TLS 1.2\s0
+and \s-1DTLS 1.2\s0 the results for earlier versions of \s-1TLS\s0 and \s-1DTLS\s0 may not be
+very useful. Applications may wish to specify a different \*(L"legacy\*(R" chain
+for earlier versions of \s-1TLS\s0 or \s-1DTLS.\s0
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fISSL_CTX_set_cert_cb\fR\|(3),
+\&\fIssl\fR\|(3)
Property changes on: trunk/secure/lib/libssl/man/SSL_check_chain.3
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:keywords
## -0,0 +1 ##
+MidnightBSD=%H
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Added: trunk/secure/lib/libssl/man/SSL_export_keying_material.3
===================================================================
--- trunk/secure/lib/libssl/man/SSL_export_keying_material.3 (rev 0)
+++ trunk/secure/lib/libssl/man/SSL_export_keying_material.3 2019-01-20 05:40:52 UTC (rev 12157)
@@ -0,0 +1,191 @@
+.\" $MidnightBSD$
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+. ds C`
+. ds C'
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is >0, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
+..
+.if !\nF .nr F 0
+.if \nF>0 \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_export_keying_material 3"
+.TH SSL_export_keying_material 3 "2018-11-20" "1.0.2q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_export_keying_material \- obtain keying material for application use
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
+\& const char *label, size_t llen,
+\& const unsigned char *context,
+\& size_t contextlen, int use_context);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+During the creation of a \s-1TLS\s0 or \s-1DTLS\s0 connection shared keying material is
+established between the two endpoints. The function \fISSL_export_keying_material()\fR
+enables an application to use some of this keying material for its own purposes
+in accordance with \s-1RFC5705.\s0
+.PP
+An application may need to securely establish the context within which this
+keying material will be used. For example this may include identifiers for the
+application session, application algorithms or parameters, or the lifetime of
+the context. The context value is left to the application but must be the same
+on both sides of the communication.
+.PP
+For a given \s-1SSL\s0 connection \fBs\fR, \fBolen\fR bytes of data will be written to
+\&\fBout\fR. The application specific context should be supplied in the location
+pointed to by \fBcontext\fR and should be \fBcontextlen\fR bytes long. Provision of
+a context is optional. If the context should be omitted entirely then
+\&\fBuse_context\fR should be set to 0. Otherwise it should be any other value. If
+\&\fBuse_context\fR is 0 then the values of \fBcontext\fR and \fBcontextlen\fR are ignored.
+Note that a zero length context is treated differently to no context at all, and
+will result in different keying material being returned.
+.PP
+An application specific label should be provided in the location pointed to by
+\&\fBlabel\fR and should be \fBllen\fR bytes long. Typically this will be a value from
+the \s-1IANA\s0 Exporter Label Registry
+(<https://www.iana.org/assignments/tls\-parameters/tls\-parameters.xhtml#exporter\-labels>).
+Alternatively labels beginning with \*(L"\s-1EXPERIMENTAL\*(R"\s0 are permitted by the standard
+to be used without registration.
+.PP
+Note that this function is only defined for TLSv1.0 and above, and DTLSv1.0 and
+above. Attempting to use it in SSLv3 will result in an error.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fISSL_export_keying_material()\fR returns 0 or \-1 on failure or 1 on success.
+.SH "COPYRIGHT"
+.IX Header "COPYRIGHT"
+Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+.PP
+Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file \s-1LICENSE\s0 in the source distribution or at
+<https://www.openssl.org/source/license.html>.
Property changes on: trunk/secure/lib/libssl/man/SSL_export_keying_material.3
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:keywords
## -0,0 +1 ##
+MidnightBSD=%H
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
More information about the Midnightbsd-cvs
mailing list