summary refs log tree commit diff
path: root/man/tls_config_verify.3
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--man/tls_config_verify.379
1 files changed, 79 insertions, 0 deletions
diff --git a/man/tls_config_verify.3 b/man/tls_config_verify.3
new file mode 100644
index 0000000..4a43c83
--- /dev/null
+++ b/man/tls_config_verify.3
@@ -0,0 +1,79 @@
+.\" $OpenBSD: tls_config_verify.3,v 1.4 2017/03/02 11:05:50 jmc Exp $
+.\"
+.\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
+.\" Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: March 2 2017 $
+.Dt TLS_CONFIG_VERIFY 3
+.Os
+.Sh NAME
+.Nm tls_config_verify ,
+.Nm tls_config_insecure_noverifycert ,
+.Nm tls_config_insecure_noverifyname ,
+.Nm tls_config_insecure_noverifytime
+.Nd insecure TLS configuration
+.Sh SYNOPSIS
+.In tls.h
+.Ft void
+.Fn tls_config_verify "struct tls_config *config"
+.Ft void
+.Fn tls_config_insecure_noverifycert "struct tls_config *config"
+.Ft void
+.Fn tls_config_insecure_noverifyname "struct tls_config *config"
+.Ft void
+.Fn tls_config_insecure_noverifytime "struct tls_config *config"
+.Sh DESCRIPTION
+These functions disable parts of the normal certificate verification
+process, resulting in insecure configurations.
+Be very careful when using them.
+.Pp
+.Fn tls_config_insecure_noverifycert
+disables certificate verification and OCSP validation.
+.Pp
+.Fn tls_config_insecure_noverifyname
+disables server name verification (client only).
+.Pp
+.Fn tls_config_insecure_noverifytime
+disables validity checking of certificates and OCSP validation.
+.Pp
+.Fn tls_config_verify
+reenables server name and certificate verification.
+.Sh SEE ALSO
+.Xr tls_client 3 ,
+.Xr tls_config_ocsp_require_stapling 3 ,
+.Xr tls_config_set_protocols 3 ,
+.Xr tls_conn_version 3 ,
+.Xr tls_connect 3 ,
+.Xr tls_handshake 3 ,
+.Xr tls_init 3
+.Sh HISTORY
+.Fn tls_config_verify
+appeared in
+.Ox 5.6
+and got its final name in
+.Ox 5.7 .
+.Pp
+.Fn tls_config_insecure_noverifycert
+and
+.Fn tls_config_insecure_noverifyname
+appeared in
+.Ox 5.7
+and
+.Nm tls_config_insecure_noverifytime
+in
+.Ox 5.9 .
+.Sh AUTHORS
+.An Joel Sing Aq Mt jsing@openbsd.org
+.An Ted Unangst Aq Mt tedu@openbsd.org