diff options
| author | Matt Caswell <matt@openssl.org> | 2018-08-13 16:53:42 +0200 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2018-08-20 16:14:01 +0200 |
| commit | e97be718044fd9a296f05f13e3ad91427b212b7c (patch) | |
| tree | 33f7bfea18a11527ad535f97a7b41ca0bb8ddd31 /doc | |
| parent | Change Post Handshake auth so that it is opt-in (diff) | |
| download | openssl-e97be718044fd9a296f05f13e3ad91427b212b7c.tar.xz openssl-e97be718044fd9a296f05f13e3ad91427b212b7c.zip | |
Add support for SSL_CTX_set_post_handshake_auth()
We already have SSL_set_post_handshake_auth(). This just adds the SSL_CTX
equivalent.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6938)
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/man3/SSL_CTX_set_verify.pod | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/doc/man3/SSL_CTX_set_verify.pod b/doc/man3/SSL_CTX_set_verify.pod index 173f006eb6..c192f9af6f 100644 --- a/doc/man3/SSL_CTX_set_verify.pod +++ b/doc/man3/SSL_CTX_set_verify.pod @@ -7,7 +7,8 @@ SSL_CTX_set_verify, SSL_set_verify, SSL_CTX_set_verify_depth, SSL_set_verify_depth, SSL_verify_cb, SSL_verify_client_post_handshake, -SSL_set_post_handshake_auth +SSL_set_post_handshake_auth, +SSL_CTX_set_post_handshake_auth - set peer certificate verification parameters =head1 SYNOPSIS @@ -24,6 +25,7 @@ SSL_set_post_handshake_auth void SSL_set_verify_depth(SSL *ssl, int depth); int SSL_verify_client_post_handshake(SSL *ssl); + void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val); void SSL_set_post_handshake_auth(SSL *ssl, int val); =head1 DESCRIPTION @@ -48,12 +50,12 @@ verification that shall be allowed for B<ctx>. SSL_set_verify_depth() sets the maximum B<depth> for the certificate chain verification that shall be allowed for B<ssl>. -SSL_set_post_handshake_auth() enables the Post-Handshake Authentication -extension to be added to the ClientHello such that post-handshake authentication -can be requested by the server. If B<val> is 0 then the extension is not sent, -otherwise it is. By default the extension is not sent. A certificate callback -will need to be set via SSL_CTX_set_client_cert_cb() if no certificate is -provided at initialization. +SSL_CTX_set_post_handshake_auth() and SSL_set_post_handshake_auth() enable the +Post-Handshake Authentication extension to be added to the ClientHello such that +post-handshake authentication can be requested by the server. If B<val> is 0 +then the extension is not sent, otherwise it is. By default the extension is not +sent. A certificate callback will need to be set via +SSL_CTX_set_client_cert_cb() if no certificate is provided at initialization. SSL_verify_client_post_handshake() causes a CertificateRequest message to be sent by a server on the given B<ssl> connection. The SSL_VERIFY_PEER flag must |