From c925d692349f58d74373089a5799657ef4f8cc85 Mon Sep 17 00:00:00 2001 From: schwarze Date: Sun, 18 Feb 2018 21:04:31 +0000 Subject: [PATCH] In tls1.h rev. 1.32 2018/02/17 15:08:21, jsing@ provided SSL_CTX_get_tlsext_status_cb(3) and SSL_CTX_get_tlsext_status_arg(3). Merge the documentation, mostly from Remi Gacogne via OpenSSL commit fddfc0af Aug 6 12:54:29 2016 +0200 plus the RETURN VALUES part by me. --- lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3 | 36 +++++++++++++++---- 1 file changed, 29 insertions(+), 7 deletions(-) diff --git a/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3 b/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3 index b195e16809f..6a3660a1c27 100644 --- a/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3 +++ b/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3 @@ -1,8 +1,9 @@ -.\" $OpenBSD: SSL_CTX_set_tlsext_status_cb.3,v 1.2 2017/04/10 14:00:51 schwarze Exp $ -.\" OpenSSL 43c34894 Nov 30 16:04:51 2015 +0000 +.\" $OpenBSD: SSL_CTX_set_tlsext_status_cb.3,v 1.3 2018/02/18 21:04:31 schwarze Exp $ +.\" full merge up to: OpenSSL 43c34894 Nov 30 16:04:51 2015 +0000 +.\" selective merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100 .\" .\" This file was written by Matt Caswell . -.\" Copyright (c) 2015 The OpenSSL Project. All rights reserved. +.\" Copyright (c) 2015, 2016 The OpenSSL Project. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions @@ -48,12 +49,14 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: April 10 2017 $ +.Dd $Mdocdate: February 18 2018 $ .Dt SSL_CTX_SET_TLSEXT_STATUS_CB 3 .Os .Sh NAME .Nm SSL_CTX_set_tlsext_status_cb , +.Nm SSL_CTX_get_tlsext_status_cb , .Nm SSL_CTX_set_tlsext_status_arg , +.Nm SSL_CTX_get_tlsext_status_arg , .Nm SSL_set_tlsext_status_type , .Nm SSL_get_tlsext_status_ocsp_resp , .Nm SSL_set_tlsext_status_ocsp_resp @@ -66,11 +69,21 @@ .Fa "int (*callback)(SSL *, void *)" .Fc .Ft long +.Fo SSL_CTX_get_tlsext_status_cb +.Fa "SSL_CTX *ctx" +.Fa "int (*callback)(SSL *, void *)" +.Fc +.Ft long .Fo SSL_CTX_set_tlsext_status_arg .Fa "SSL_CTX *ctx" .Fa "void *arg" .Fc .Ft long +.Fo SSL_CTX_get_tlsext_status_arg +.Fa "SSL_CTX *ctx" +.Fa "void **arg" +.Fc +.Ft long .Fo SSL_set_tlsext_status_type .Fa "SSL *s" .Fa "int type" @@ -112,6 +125,13 @@ Note that the callback will not be called in the event of a handshake where session resumption occurs (because there are no Certificates exchanged in such a handshake). .Pp +The callback previously set via +.Fn SSL_CTX_set_tlsext_status_cb +can be retrieved by calling +.Fn SSL_CTX_get_tlsext_status_cb , +and the argument by calling +.Fn SSL_CTX_get_tlsext_status_arg . +.Pp The response returned by the server can be obtained via a call to .Fn SSL_get_tlsext_status_ocsp_resp . The value @@ -155,14 +175,16 @@ The callback when used on the server side should return with either (meaning that a fatal error has occurred). .Pp .Fn SSL_CTX_set_tlsext_status_cb , +.Fn SSL_CTX_get_tlsext_status_cb , .Fn SSL_CTX_set_tlsext_status_arg , +.Fn SSL_CTX_get_tlsext_status_arg , .Fn SSL_set_tlsext_status_type , and .Fn SSL_set_tlsext_status_ocsp_resp -return 0 on error or 1 on success. +always return 1, indicating success. .Pp .Fn SSL_get_tlsext_status_ocsp_resp -returns the length of the OCSP response data or -1 if there is no OCSP -response data. +returns the length of the OCSP response data +or \-1 if there is no OCSP response data. .Sh SEE ALSO .Xr SSL_CTX_callback_ctrl 3 -- 2.20.1