diff options
Diffstat (limited to 'secure/lib/libcrypto/man/SSL_CTX_use_psk_identity_hint.3')
-rw-r--r-- | secure/lib/libcrypto/man/SSL_CTX_use_psk_identity_hint.3 | 54 |
1 files changed, 29 insertions, 25 deletions
diff --git a/secure/lib/libcrypto/man/SSL_CTX_use_psk_identity_hint.3 b/secure/lib/libcrypto/man/SSL_CTX_use_psk_identity_hint.3 index 1b9cf02b8ca46..3fa1aaf8e7477 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_use_psk_identity_hint.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_use_psk_identity_hint.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_USE_PSK_IDENTITY_HINT 3" -.TH SSL_CTX_USE_PSK_IDENTITY_HINT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_USE_PSK_IDENTITY_HINT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -165,15 +169,15 @@ SSL_psk_server_cb_func, SSL_psk_find_session_cb_func, SSL_CTX_use_psk_identity_h .SH "DESCRIPTION" .IX Header "DESCRIPTION" A client application wishing to use TLSv1.3 PSKs should set a callback -using either \fISSL_CTX_set_psk_use_session_callback()\fR or -\&\fISSL_set_psk_use_session_callback()\fR as appropriate. +using either \fBSSL_CTX_set_psk_use_session_callback()\fR or +\&\fBSSL_set_psk_use_session_callback()\fR as appropriate. .PP The callback function is given a pointer to the \s-1SSL\s0 connection in \fBssl\fR and an identity in \fBidentity\fR of length \fBidentity_len\fR. The callback function should identify an \s-1SSL_SESSION\s0 object that provides the \s-1PSK\s0 details and store it in \fB*sess\fR. The \s-1SSL_SESSION\s0 object should, as a minimum, set the master key, the ciphersuite and the protocol version. See -\&\fISSL_CTX_set_psk_use_session_callback\fR\|(3) for details. +\&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3) for details. .PP It is also possible for the callback to succeed but not supply a \s-1PSK.\s0 In this case no \s-1PSK\s0 will be used but the handshake will continue. To do this the @@ -181,9 +185,9 @@ callback should return successfully and ensure that \fB*sess\fR is \&\s-1NULL.\s0 .PP Identity hints are not relevant for TLSv1.3. A server application wishing to use -\&\s-1PSK\s0 ciphersuites for TLSv1.2 and below may call \fISSL_CTX_use_psk_identity_hint()\fR +\&\s-1PSK\s0 ciphersuites for TLSv1.2 and below may call \fBSSL_CTX_use_psk_identity_hint()\fR to set the given \fB\s-1NUL\s0\fR\-terminated \s-1PSK\s0 identity hint \fBhint\fR for \s-1SSL\s0 context -object \fBctx\fR. \fISSL_use_psk_identity_hint()\fR sets the given \fB\s-1NUL\s0\fR\-terminated \s-1PSK\s0 +object \fBctx\fR. \fBSSL_use_psk_identity_hint()\fR sets the given \fB\s-1NUL\s0\fR\-terminated \s-1PSK\s0 identity hint \fBhint\fR for the \s-1SSL\s0 connection object \fBssl\fR. If \fBhint\fR is \&\fB\s-1NULL\s0\fR the current hint from \fBctx\fR or \fBssl\fR is deleted. .PP @@ -195,27 +199,27 @@ callback function which is called when the server receives the ClientKeyExchange message from the client. The purpose of the callback function is to validate the received \s-1PSK\s0 identity and to fetch the pre-shared key used during the connection setup phase. The callback is set using the functions -\&\fISSL_CTX_set_psk_server_callback()\fR or \fISSL_set_psk_server_callback()\fR. The callback +\&\fBSSL_CTX_set_psk_server_callback()\fR or \fBSSL_set_psk_server_callback()\fR. The callback function is given the connection in parameter \fBssl\fR, \fB\s-1NUL\s0\fR\-terminated \s-1PSK\s0 identity sent by the client in parameter \fBidentity\fR, and a buffer \fBpsk\fR of length \fBmax_psk_len\fR bytes where the pre-shared key is to be stored. .PP The callback for use in TLSv1.2 will also work in TLSv1.3 although it is -recommended to use \fISSL_CTX_set_psk_find_session_callback()\fR -or \fISSL_set_psk_find_session_callback()\fR for this purpose instead. If TLSv1.3 has +recommended to use \fBSSL_CTX_set_psk_find_session_callback()\fR +or \fBSSL_set_psk_find_session_callback()\fR for this purpose instead. If TLSv1.3 has been negotiated then OpenSSL will first check to see if a callback has been set -via \fISSL_CTX_set_psk_find_session_callback()\fR or \fISSL_set_psk_find_session_callback()\fR +via \fBSSL_CTX_set_psk_find_session_callback()\fR or \fBSSL_set_psk_find_session_callback()\fR and it will use that in preference. If no such callback is present then it will -check to see if a callback has been set via \fISSL_CTX_set_psk_server_callback()\fR or -\&\fISSL_set_psk_server_callback()\fR and use that. In this case the handshake digest +check to see if a callback has been set via \fBSSL_CTX_set_psk_server_callback()\fR or +\&\fBSSL_set_psk_server_callback()\fR and use that. In this case the handshake digest will default to \s-1SHA\-256\s0 for any returned \s-1PSK.\s0 .SH "NOTES" .IX Header "NOTES" A connection established via a TLSv1.3 \s-1PSK\s0 will appear as if session resumption -has occurred so that \fISSL_session_reused\fR\|(3) will return true. +has occurred so that \fBSSL_session_reused\fR\|(3) will return true. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fB\f(BISSL_CTX_use_psk_identity_hint()\fB\fR and \fB\f(BISSL_use_psk_identity_hint()\fB\fR return +\&\fB\fBSSL_CTX_use_psk_identity_hint()\fB\fR and \fB\fBSSL_use_psk_identity_hint()\fB\fR return 1 on success, 0 otherwise. .PP Return values from the TLSv1.2 and below server callback are interpreted as @@ -249,11 +253,11 @@ ensure safety from cross-protocol related output by not reusing PSKs between \&\s-1TLS 1.3\s0 and \s-1TLS 1.2.\*(R"\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_CTX_set_psk_use_session_callback\fR\|(3), -\&\fISSL_set_psk_use_session_callback\fR\|(3) +\&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3), +\&\fBSSL_set_psk_use_session_callback\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fISSL_CTX_set_psk_find_session_callback()\fR and \fISSL_set_psk_find_session_callback()\fR +\&\fBSSL_CTX_set_psk_find_session_callback()\fR and \fBSSL_set_psk_find_session_callback()\fR were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" |