summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorLaurent Bercot <ska-skaware@skarnet.org>2021-01-28 13:17:25 +0000
committerLaurent Bercot <ska-skaware@skarnet.org>2021-01-28 13:17:25 +0000
commita027959a7fe49483acf86bd65d4266e3cbc4d0b0 (patch)
tree4a3f23cd34d53a33c1e08374a4911e827bcbd669 /doc
parent0545d612be4529492a86a98b5f066d58d7c9436a (diff)
downloads6-networking-a027959a7fe49483acf86bd65d4266e3cbc4d0b0.tar.xz
Prepare for 2.4.1.0; add SSL_TLS_SNI_SERVERNAME
Diffstat (limited to 'doc')
-rw-r--r--doc/index.html10
-rw-r--r--doc/s6-tlsc-io.html7
-rw-r--r--doc/s6-tlsc.html2
-rw-r--r--doc/s6-tlsd-io.html7
-rw-r--r--doc/s6-tlsd.html2
-rw-r--r--doc/upgrade.html19
6 files changed, 38 insertions, 9 deletions
diff --git a/doc/index.html b/doc/index.html
index 904fc85..7d39b4e 100644
--- a/doc/index.html
+++ b/doc/index.html
@@ -44,15 +44,15 @@ compiled with IPv6 support, s6-networking is IPv6-ready.
<li> A POSIX-compliant system with a standard C development environment </li>
<li> GNU make, version 3.81 or later </li>
<li> <a href="//skarnet.org/software/skalibs/">skalibs</a> version
-2.10.0.0 or later. It's a build-time requirement. It's also a run-time
+2.10.0.1 or later. It's a build-time requirement. It's also a run-time
requirement if you link against the shared version of the skalibs
library. </li>
<li> (Optional, but recommended) <a href="//skarnet.org/software/execline/">execline</a> version
-2.7.0.0 or later. It's a build-time and run-time requirement. </li>
+2.7.0.1 or later. It's a build-time and run-time requirement. </li>
<li> <a href="//skarnet.org/software/s6/">s6</a> version
-2.10.0.0 or later. It's a build-time and run-time requirement. </li>
+2.10.0.1 or later. It's a build-time and run-time requirement. </li>
<li> <a href="//skarnet.org/software/s6-dns/">s6-dns</a> version
-2.3.3.0 or later. It's a build-time requirement. It's also a run-time
+2.3.5.0 or later. It's a build-time requirement. It's also a run-time
requirement if you link against the shared version of the s6-dns
libraries. </li>
<li> If you want to build the secure communication tools:
@@ -80,7 +80,7 @@ run-time requirement if you link against its shared version. </li>
<ul>
<li> The current released version of s6-networking is
-<a href="s6-networking-2.4.0.0.tar.gz">2.4.0.0</a>. </li>
+<a href="s6-networking-2.4.1.0.tar.gz">2.4.1.0</a>. </li>
<li> Alternatively, you can checkout a copy of the
<a href="//git.skarnet.org/cgi-bin/cgit.cgi/s6-networking/">s6-networking
git repository</a>:
diff --git a/doc/s6-tlsc-io.html b/doc/s6-tlsc-io.html
index b2e9ce1..9999d4f 100644
--- a/doc/s6-tlsc-io.html
+++ b/doc/s6-tlsc-io.html
@@ -205,8 +205,11 @@ TLS handshake has completed, some data (terminated by two null
characters) will be sent to file descriptor <em>notif</em>. The
data contains information about the TLS parameters of the connection;
its exact contents are left unspecified, but there's at least
-a <tt>SSL_PROTOCOL=<em>protocol</em></tt> string
-and a <tt>SSL_CIPHER=<em>cipher</em></tt> string, both null-terminated.
+a <tt>SSL_PROTOCOL=<em>protocol</em></tt> string,
+a <tt>SSL_CIPHER=<em>cipher</em></tt> string,
+and a <tt>SSL_TLS_SNI_SERVERNAME=<em>servername</em></tt> string
+ all null-terminated. (<em>servername</em> is the empty string if
+no SNI has been required.)
Sending this data serves a dual purpose: telling the <em>notif</em>
reader that the handshake has completed, and providing it with some
basic information about the connection. If this option is not given,
diff --git a/doc/s6-tlsc.html b/doc/s6-tlsc.html
index 5ff3431..32070c0 100644
--- a/doc/s6-tlsc.html
+++ b/doc/s6-tlsc.html
@@ -95,6 +95,8 @@ environment variables:
TLSv1, TLSv1.1, TLSv1.2... </li>
<li> <tt>SSL_CIPHER</tt> contains the name of the cipher
used. </li>
+ <li> <tt>SSL_TLS_SNI_SERVERNAME</tt> contains the required SNI
+server name, if any, or is empty otherwise. </li>
<li> More similar environment variables containing information
about the connection may be added in the future. </li>
</ul>
diff --git a/doc/s6-tlsd-io.html b/doc/s6-tlsd-io.html
index 8f84728..53b1282 100644
--- a/doc/s6-tlsd-io.html
+++ b/doc/s6-tlsd-io.html
@@ -200,8 +200,11 @@ TLS handshake has completed, some data (terminated by two null
characters) will be sent to file descriptor <em>notif</em>. The
data contains information about the TLS parameters of the connection;
its exact contents are left unspecified, but there's at least
-a <tt>SSL_PROTOCOL=<em>protocol</em></tt> string
-and a <tt>SSL_CIPHER=<em>cipher</em></tt> string, both null-terminated.
+a <tt>SSL_PROTOCOL=<em>protocol</em></tt> string,
+a <tt>SSL_CIPHER=<em>cipher</em></tt> string,
+and a <tt>SSL_TLS_SNI_SERVERNAME=<em>servername</em></tt> string
+ all null-terminated. (<em>servername</em> is the empty string if
+no SNI has been required.)
Sending this data serves a dual purpose: telling the <em>notif</em>
reader that the handshake has completed, and providing it with some
basic information about the connection. If this option is not given,
diff --git a/doc/s6-tlsd.html b/doc/s6-tlsd.html
index 579c63c..83b70c1 100644
--- a/doc/s6-tlsd.html
+++ b/doc/s6-tlsd.html
@@ -104,6 +104,8 @@ environment variables:
TLSv1, TLSv1.1, TLSv1.2... </li>
<li> <tt>SSL_CIPHER</tt> contains the name of the cipher
used. </li>
+ <li> <tt>SSL_TLS_SNI_SERVERNAME</tt> contains the required SNI
+server name, if any, or is empty otherwise. </li>
<li> More similar environment variables containing information
about the connection may be added in the future. </li>
</ul>
diff --git a/doc/upgrade.html b/doc/upgrade.html
index 4df1cb7..c285749 100644
--- a/doc/upgrade.html
+++ b/doc/upgrade.html
@@ -18,6 +18,25 @@
<h1> What has changed in s6-networking </h1>
+<h2> in 2.4.1.0 </h2>
+
+<ul>
+ <li> <a href="//skarnet.org/software/skalibs/">skalibs</a>
+dependency bumped to 2.10.0.1 </li>
+ <li> <a href="//skarnet.org/software/execline/">execline</a>
+dependency bumped to 2.7.0.1 </li>
+ <li> <a href="//skarnet.org/software/s6/">s6</a>
+dependency bumped to 2.10.0.1 </li>
+ <li> <a href="//skarnet.org/software/s6-dns/">s6-dns</a>
+dependency bumped to 2.3.5.0. </li>
+ <li> Handshake timeout is now functional with the <em>libtls</em>
+backend (previously it only was with the <em>bearssl</em> backend). </li>
+ <li> <a href="s6-tlsc-io.html">s6-tlsc-io</a> and
+<a href="s6-tlsd-io.html">s6-tlsd-io</a> now send the SNI server name,
+if any, in their notification message (when the <tt>-d</tt> option is
+active), in the <tt>SSL_TLS_SNI_SERVERNAME</tt> variable. </li>
+</ul>
+
<h2> in 2.4.0.0 </h2>
<ul>