summary refs log tree commit diff
path: root/man/tls_config_ocsp_require_stapling.3
blob: a0694d304f876b8c9dee9f825e2db0de179be60e (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
.\" $OpenBSD: tls_config_ocsp_require_stapling.3,v 1.5 2017/01/31 20:53:50 jmc Exp $
.\"
.\" Copyright (c) 2016 Bob Beck <beck@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: January 31 2017 $
.Dt TLS_CONFIG_OCSP_REQUIRE_STAPLING 3
.Os
.Sh NAME
.Nm tls_config_ocsp_require_stapling
.Nd OCSP configuration for libtls
.Sh SYNOPSIS
.In tls.h
.Ft void
.Fn tls_config_ocsp_require_stapling "struct tls_config *config"
.Sh DESCRIPTION
.Fn tls_config_ocsp_require_stapling
requires that a valid stapled OCSP response be provided
during the TLS handshake.
.Sh SEE ALSO
.Xr tls_config_add_keypair_file 3 ,
.Xr tls_handshake 3 ,
.Xr tls_init 3 ,
.Xr tls_ocsp_process_response 3
.Sh HISTORY
These functions appeared in
.Ox 6.1 .
.Sh AUTHORS
.An Bob Beck Aq Mt beck@openbsd.org
lass='logmsg'> This breaks compat with the previous LUA_IMPLEMENTATION but gives more flexibility in that user can specify the pkg-config package name directly. Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> 2014-01-20tests: only do lua tests if lua is compiled-inJason A. Donenfeld Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2014-01-20cgit: add --version argument for printing infoJason A. Donenfeld We need this to do runtime tests for make test. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2014-01-19cache: use sendfile() instead of a pair of read() + write()Sebastian Andrzej Siewior sendfile() does the same job and avoids to copy the content into userland and back. One has to define NO_SENDFILE in case the OS (kernel / libc) does not supported. It is disabled by default on non-linux environemnts. According to the glibc, sendfile64() was added in Linux 2.4 (so it has been there for a while) but after browsing over the mapage of FreeBSD's I noticed that the prototype is little different. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> 2014-01-19README: document pkg-config for luajitJason A. Donenfeld Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2014-01-17makefile: bump versionJason A. Donenfeld Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2014-01-17mailmap: source before lighttpdJason A. Donenfeld Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2014-01-17ui-shared: do not allow negative minutesJason A. Donenfeld Do to timestamp differences, sometimes cgit would should "-0 min", which doesn't make any sense. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2014-01-17auth: document tweakables in lua scriptJason A. Donenfeld Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2014-01-17repolist: make owner clickable to searchJason A. Donenfeld Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2014-01-17ui-shared: move about tab all the way to the leftJason A. Donenfeld There were no objections (at the time of committing this): http://lists.zx2c4.com/pipermail/cgit/2013-May/001393.html http://lists.zx2c4.com/pipermail/cgit/2014-January/001904.html Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2014-01-17filter: don't forget to reap the auth filterJason A. Donenfeld Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2014-01-17cgit.c: free tmp variableJason A. Donenfeld Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2014-01-17Switch to exclusively using global ctxLukas Fleischer Drop the context parameter from the following functions (and all static helpers used by them) and use the global context instead: * cgit_print_http_headers() * cgit_print_docstart() * cgit_print_pageheader() Remove context parameter from all commands Drop the context parameter from the following functions (and all static helpers used by them) and use the global context instead: * cgit_get_cmd() * All cgit command functions. * cgit_clone_info() * cgit_clone_objects() * cgit_clone_head() * cgit_print_plain() * cgit_show_stats() In initialization routines, use the global context variable instead of passing a pointer around locally. Remove callback data parameter for cache slots This is no longer needed since the context is always read from the global context variable. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> 2014-01-16auth: have cgit calculate login addressJason A. Donenfeld This way we're sure to use virtual root, or any other strangeness encountered. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2014-01-16auth: lua string comparisons are time invariantJason A. Donenfeld By default, strings are compared by hash, so we can remove this comment. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2014-01-16authentication: use hidden form instead of refererJason A. Donenfeld This also gives us some CSRF protection. Note that we make use of the hmac to protect the redirect value. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2014-01-16auth: add basic authentication filter frameworkJason A. Donenfeld This leverages the new lua support. See filters/simple-authentication.lua for explaination of how this works. There is also additional documentation in cgitrc.5.txt. Though this is a cookie-based approach, cgit's caching mechanism is preserved for authenticated pages. Very plugable and extendable depending on user needs. The sample script uses an HMAC-SHA1 based cookie to store the currently logged in user, with an expiration date. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2014-01-16t0111: Additions and fixesLukas Fleischer * Rename the capitalize-* filters to dump.* since they also dump the arguments. * Add full argument validation to the email filters. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> 2014-01-16parsing.c: Remove leading space from committerLukas Fleischer