Sortix nightly manual
This manual documents Sortix nightly, a development build that has not been officially released. You can instead view this document in the latest official manual.
| TLS_CONFIG_VERIFY(3) | Library Functions Manual | TLS_CONFIG_VERIFY(3) |
NAME
tls_config_verify,
tls_config_insecure_noverifycert,
tls_config_insecure_noverifyname,
tls_config_insecure_noverifytime —
insecure TLS configuration
SYNOPSIS
#include
<tls.h>
void
tls_config_verify(struct
tls_config *config);
void
tls_config_insecure_noverifycert(struct
tls_config *config);
void
tls_config_insecure_noverifyname(struct
tls_config *config);
void
tls_config_insecure_noverifytime(struct
tls_config *config);
DESCRIPTION
These functions disable parts of the normal certificate verification process, resulting in insecure configurations. Be very careful when using them.tls_config_insecure_noverifycert() disables
certificate verification and OCSP validation.
tls_config_insecure_noverifyname() disables
server name verification (client only).
tls_config_insecure_noverifytime() disables
validity checking of certificates and OCSP validation.
tls_config_verify() reenables server name and
certificate verification.
SEE ALSO
tls_client(3), tls_config_ocsp_require_stapling(3), tls_config_set_protocols(3), tls_conn_version(3), tls_connect(3), tls_handshake(3), tls_init(3)HISTORY
tls_config_verify() appeared in
OpenBSD 5.6 and got its final name in
OpenBSD 5.7.
tls_config_insecure_noverifycert() and
tls_config_insecure_noverifyname() appeared
in OpenBSD 5.7 and
tls_config_insecure_noverifytime in
OpenBSD 5.9.
AUTHORS
Joel Sing <jsing@openbsd.org>Ted Unangst <tedu@openbsd.org>
| March 2, 2017 | Debian |