Sortix
current nightly

Sortix nightly manual

This manual documents Sortix nightly, a development build that has not been officially released. You can instead view this document in the latest official manual.

NAME

tls_config_verify, tls_config_insecure_noverifycert, tls_config_insecure_noverifyname, tls_config_insecure_noverifytimeinsecure TLS configuration

SYNOPSIS

#include <tls.h>
void
tls_config_verify(struct tls_config *config);
void
tls_config_insecure_noverifycert(struct tls_config *config);
void
tls_config_insecure_noverifyname(struct tls_config *config);
void
tls_config_insecure_noverifytime(struct tls_config *config);

DESCRIPTION

These functions disable parts of the normal certificate verification process, resulting in insecure configurations. Be very careful when using them.
tls_config_insecure_noverifycert() disables certificate verification and OCSP validation.
tls_config_insecure_noverifyname() disables server name verification (client only).
tls_config_insecure_noverifytime() disables validity checking of certificates and OCSP validation.
tls_config_verify() reenables server name and certificate verification.

SEE ALSO

tls_client(3), tls_config_ocsp_require_stapling(3), tls_config_set_protocols(3), tls_conn_version(3), tls_connect(3), tls_handshake(3), tls_init(3)

HISTORY

tls_config_verify() appeared in OpenBSD 5.6 and got its final name in OpenBSD 5.7.
tls_config_insecure_noverifycert() and tls_config_insecure_noverifyname() appeared in OpenBSD 5.7 and tls_config_insecure_noverifytime in OpenBSD 5.9.

AUTHORS

Joel Sing <jsing@openbsd.org>
Ted Unangst <tedu@openbsd.org>
Copyright 2011-2023 Jonas 'Sortie' Termansen and contributors.
Sortix is free software under the ISC license. 		#sortix on irc.sortix.org
@sortix_org