From 3be606cbfd9e9814f4991e6f02571112828b31ab Mon Sep 17 00:00:00 2001 From: schwarze Date: Wed, 14 Feb 2018 17:20:29 +0000 Subject: [PATCH] In ssl.h rev. 1.135 2018/02/14 16:16:10, jsing@ provided SSL_CTX_get0_param(3) and SSL_get0_param(3). Merge the related documentation from OpenSSL, with small tweaks. --- lib/libssl/man/SSL_set1_param.3 | 46 ++++++++++++++++++++++++++++++--- 1 file changed, 42 insertions(+), 4 deletions(-) diff --git a/lib/libssl/man/SSL_set1_param.3 b/lib/libssl/man/SSL_set1_param.3 index ae67d4796e1..d1647460992 100644 --- a/lib/libssl/man/SSL_set1_param.3 +++ b/lib/libssl/man/SSL_set1_param.3 @@ -1,5 +1,6 @@ -.\" $OpenBSD: SSL_set1_param.3,v 1.1 2016/11/30 13:39:38 schwarze Exp $ -.\" OpenSSL SSL_CTX_get0_param.pod 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" $OpenBSD: SSL_set1_param.3,v 1.2 2018/02/14 17:20:29 schwarze Exp $ +.\" full merge up to: +.\" OpenSSL man3/SSL_CTX_get0_param 99d63d46 Oct 26 13:56:48 2016 -0400 .\" .\" This file was written by Dr. Stephen Henson . .\" Copyright (c) 2015 The OpenSSL Project. All rights reserved. @@ -48,15 +49,25 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: November 30 2016 $ +.Dd $Mdocdate: February 14 2018 $ .Dt SSL_SET1_PARAM 3 .Os .Sh NAME +.Nm SSL_CTX_get0_param , +.Nm SSL_get0_param , .Nm SSL_CTX_set1_param , .Nm SSL_set1_param -.Nd set verification parameters +.Nd get and set verification parameters .Sh SYNOPSIS .In openssl/ssl.h +.Ft X509_VERIFY_PARAM * +.Fo SSL_CTX_get0_param +.Fa "SSL_CTX *ctx" +.Fc +.Ft X509_VERIFY_PARAM * +.Fo SSL_get0_param +.Fa "SSL *ssl" +.Fc .Ft int .Fo SSL_CTX_set1_param .Fa "SSL_CTX *ctx" @@ -68,6 +79,18 @@ .Fa "X509_VERIFY_PARAM *vpm" .Fc .Sh DESCRIPTION +.Fn SSL_CTX_get0_param +and +.Fn SSL_get0_param +retrieve an internal pointer to the verification parameters for +.Fa ctx +or +.Fa ssl , +respectively. +The returned pointer must not be freed by the calling application, +but the application can modify the parameters pointed to +to suit its needs: for example to add a hostname check. +.Pp .Fn SSL_CTX_set1_param and .Fn SSL_set1_param @@ -78,10 +101,25 @@ for or .Fa ssl . .Sh RETURN VALUES +.Fn SSL_CTX_get0_param +and +.Fn SSL_get0_param +return a pointer to an +.Vt X509_VERIFY_PARAM +structure. +.Pp .Fn SSL_CTX_set1_param and .Fn SSL_set1_param return 1 for success or 0 for failure. +.Sh EXAMPLES +Check that the hostname matches +.Pa www.foo.com +in the peer certificate: +.Bd -literal -offset indent +X509_VERIFY_PARAM *vpm = SSL_get0_param(ssl); +X509_VERIFY_PARAM_set1_host(vpm, "www.foo.com", 0); +.Ed .Sh SEE ALSO .Xr X509_VERIFY_PARAM_set_flags 3 .Sh HISTORY -- 2.20.1