summaryrefslogtreecommitdiff
path: root/secure/lib/libcrypto/man/SSL_CTX_use_psk_identity_hint.3
diff options
context:
space:
mode:
Diffstat (limited to 'secure/lib/libcrypto/man/SSL_CTX_use_psk_identity_hint.3')
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_use_psk_identity_hint.354
1 files changed, 29 insertions, 25 deletions
diff --git a/secure/lib/libcrypto/man/SSL_CTX_use_psk_identity_hint.3 b/secure/lib/libcrypto/man/SSL_CTX_use_psk_identity_hint.3
index 1b9cf02b8ca46..3fa1aaf8e7477 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_use_psk_identity_hint.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_use_psk_identity_hint.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_USE_PSK_IDENTITY_HINT 3"
-.TH SSL_CTX_USE_PSK_IDENTITY_HINT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_USE_PSK_IDENTITY_HINT 3 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -165,15 +169,15 @@ SSL_psk_server_cb_func, SSL_psk_find_session_cb_func, SSL_CTX_use_psk_identity_h
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
A client application wishing to use TLSv1.3 PSKs should set a callback
-using either \fISSL_CTX_set_psk_use_session_callback()\fR or
-\&\fISSL_set_psk_use_session_callback()\fR as appropriate.
+using either \fBSSL_CTX_set_psk_use_session_callback()\fR or
+\&\fBSSL_set_psk_use_session_callback()\fR as appropriate.
.PP
The callback function is given a pointer to the \s-1SSL\s0 connection in \fBssl\fR and
an identity in \fBidentity\fR of length \fBidentity_len\fR. The callback function
should identify an \s-1SSL_SESSION\s0 object that provides the \s-1PSK\s0 details and store it
in \fB*sess\fR. The \s-1SSL_SESSION\s0 object should, as a minimum, set the master key,
the ciphersuite and the protocol version. See
-\&\fISSL_CTX_set_psk_use_session_callback\fR\|(3) for details.
+\&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3) for details.
.PP
It is also possible for the callback to succeed but not supply a \s-1PSK.\s0 In this
case no \s-1PSK\s0 will be used but the handshake will continue. To do this the
@@ -181,9 +185,9 @@ callback should return successfully and ensure that \fB*sess\fR is
\&\s-1NULL.\s0
.PP
Identity hints are not relevant for TLSv1.3. A server application wishing to use
-\&\s-1PSK\s0 ciphersuites for TLSv1.2 and below may call \fISSL_CTX_use_psk_identity_hint()\fR
+\&\s-1PSK\s0 ciphersuites for TLSv1.2 and below may call \fBSSL_CTX_use_psk_identity_hint()\fR
to set the given \fB\s-1NUL\s0\fR\-terminated \s-1PSK\s0 identity hint \fBhint\fR for \s-1SSL\s0 context
-object \fBctx\fR. \fISSL_use_psk_identity_hint()\fR sets the given \fB\s-1NUL\s0\fR\-terminated \s-1PSK\s0
+object \fBctx\fR. \fBSSL_use_psk_identity_hint()\fR sets the given \fB\s-1NUL\s0\fR\-terminated \s-1PSK\s0
identity hint \fBhint\fR for the \s-1SSL\s0 connection object \fBssl\fR. If \fBhint\fR is
\&\fB\s-1NULL\s0\fR the current hint from \fBctx\fR or \fBssl\fR is deleted.
.PP
@@ -195,27 +199,27 @@ callback function which is called when the server receives the
ClientKeyExchange message from the client. The purpose of the callback function
is to validate the received \s-1PSK\s0 identity and to fetch the pre-shared key used
during the connection setup phase. The callback is set using the functions
-\&\fISSL_CTX_set_psk_server_callback()\fR or \fISSL_set_psk_server_callback()\fR. The callback
+\&\fBSSL_CTX_set_psk_server_callback()\fR or \fBSSL_set_psk_server_callback()\fR. The callback
function is given the connection in parameter \fBssl\fR, \fB\s-1NUL\s0\fR\-terminated \s-1PSK\s0
identity sent by the client in parameter \fBidentity\fR, and a buffer \fBpsk\fR of
length \fBmax_psk_len\fR bytes where the pre-shared key is to be stored.
.PP
The callback for use in TLSv1.2 will also work in TLSv1.3 although it is
-recommended to use \fISSL_CTX_set_psk_find_session_callback()\fR
-or \fISSL_set_psk_find_session_callback()\fR for this purpose instead. If TLSv1.3 has
+recommended to use \fBSSL_CTX_set_psk_find_session_callback()\fR
+or \fBSSL_set_psk_find_session_callback()\fR for this purpose instead. If TLSv1.3 has
been negotiated then OpenSSL will first check to see if a callback has been set
-via \fISSL_CTX_set_psk_find_session_callback()\fR or \fISSL_set_psk_find_session_callback()\fR
+via \fBSSL_CTX_set_psk_find_session_callback()\fR or \fBSSL_set_psk_find_session_callback()\fR
and it will use that in preference. If no such callback is present then it will
-check to see if a callback has been set via \fISSL_CTX_set_psk_server_callback()\fR or
-\&\fISSL_set_psk_server_callback()\fR and use that. In this case the handshake digest
+check to see if a callback has been set via \fBSSL_CTX_set_psk_server_callback()\fR or
+\&\fBSSL_set_psk_server_callback()\fR and use that. In this case the handshake digest
will default to \s-1SHA\-256\s0 for any returned \s-1PSK.\s0
.SH "NOTES"
.IX Header "NOTES"
A connection established via a TLSv1.3 \s-1PSK\s0 will appear as if session resumption
-has occurred so that \fISSL_session_reused\fR\|(3) will return true.
+has occurred so that \fBSSL_session_reused\fR\|(3) will return true.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fB\f(BISSL_CTX_use_psk_identity_hint()\fB\fR and \fB\f(BISSL_use_psk_identity_hint()\fB\fR return
+\&\fB\fBSSL_CTX_use_psk_identity_hint()\fB\fR and \fB\fBSSL_use_psk_identity_hint()\fB\fR return
1 on success, 0 otherwise.
.PP
Return values from the TLSv1.2 and below server callback are interpreted as
@@ -249,11 +253,11 @@ ensure safety from cross-protocol related output by not reusing PSKs between
\&\s-1TLS 1.3\s0 and \s-1TLS 1.2.\*(R"\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fISSL_CTX_set_psk_use_session_callback\fR\|(3),
-\&\fISSL_set_psk_use_session_callback\fR\|(3)
+\&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3),
+\&\fBSSL_set_psk_use_session_callback\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fISSL_CTX_set_psk_find_session_callback()\fR and \fISSL_set_psk_find_session_callback()\fR
+\&\fBSSL_CTX_set_psk_find_session_callback()\fR and \fBSSL_set_psk_find_session_callback()\fR
were added in OpenSSL 1.1.1.
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-03 04:58:59 +0000