-.\" $OpenBSD: SSL_set1_host.3,v 1.2 2020/09/22 16:31:37 schwarze Exp $
+.\" $OpenBSD: SSL_set1_host.3,v 1.3 2021/01/27 17:57:40 tb Exp $
.\" selective merge up to: OpenSSL 6328d367 Jul 4 21:58:30 2020 +0200
.\"
.\" This file was written by Viktor Dukhovni <viktor@openssl.org>
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: September 22 2020 $
+.Dd $Mdocdate: January 27 2021 $
.Dt SSL_SET1_HOST 3
.Os
.Sh NAME
.Nm SSL_set1_host
.ig \" won't make Ox 6.8 but will appear in 6.9
+.Nm SSL_set_hostflags
.Nm SSL_get0_peername
..
.Nd SSL server verification parameters
.Fa "const char *hostname"
.Fc
.ig
+.Ft void
+.Fo SSL_set_hostflags
+.Fa "SSL *ssl"
+.Fa "unsigned int flags"
+.Fc
.Ft const char *
.Fo SSL_get0_peername
.Fa "SSL *ssl"
set to 0.
.Pp
.ig
+.Fn SSL_set_hostflags
+sets the flags that will be passed to
+.Xr X509_check_host 3
+when name checks are applicable,
+by default the flags value is 0.
+See
+.Xr X509_check_host 3
+for the list of available flags and their meaning.
+.Pp
.Fn SSL_get0_peername
returns the DNS hostname or subject CommonName from the peer certificate
that matched one of the reference identifiers.
and has been available since
.Ox 6.5 .
.ig
-Both functions first appeared in OpenSSL 1.1.0.
+All three functions first appeared in OpenSSL 1.1.0.
.Fn SSL_set1_host
has been available since
.Ox 6.5 ,
and
+.Fn SSL_set_hostflags
+and
.Fn SSL_get0_peername
since
.Ox 6.9 .
projects / openbsd / commitdiff