diff options
Diffstat (limited to 'doc/libsbearssl')
| -rw-r--r-- | doc/libsbearssl/index.html | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/doc/libsbearssl/index.html b/doc/libsbearssl/index.html index 64a7c0b..291290d 100644 --- a/doc/libsbearssl/index.html +++ b/doc/libsbearssl/index.html @@ -22,8 +22,8 @@ <p> <tt>libsbearssl</tt> is a support library for the -<a href="../s6-tlsc.html">s6-tlsc</a> and -<a href="../s6-tlsd.html">s6-tlsd</a> executables when they're built +<a href="../s6-tlsc-io.html">s6-tlsc-io</a> and +<a href="../s6-tlsd-io.html">s6-tlsd-io</a> executables when they're built against the <a href="https://bearssl.org/">BearSSL</a> backend. Among other things, it offers interfaces to read private keys and certificates from a Unix filesystem, which BearSSL does @@ -533,7 +533,7 @@ DN of the end entity after validation. <em>eltstatus</em> must point to a user-supplied <tt>uint8_t</tt>, which after validation encodes the status of DN extraction: bit 7 of <em>eltstatus</em> is set if there was an issue during extraction (in which case the contents of <em>*eedn</em> are meaningless) and clear if -everything went well, and bits 0 to 6 are set iff the corresponding element +everything went well, and bits 0 to 5 are set iff the corresponding element of the DN is present, by increasing order C, ST, L, O, OU and CN. </p> @@ -603,9 +603,13 @@ a high-level function missing from BearSSL: it fully initializes a and all the hashes provided by BearSSL with a good degradation order, supporting TLS 1.0 to TLS 1.2, etc. What it doesn't set: the engine buffer, the certificate policy, the optional engine flags, and the optional client -certificate validation. +certificate validation. If the user wishes to be more conservative with the +TLS versions, they can use the +<a href="https://bearssl.org/apidoc/bearssl__ssl_8h.html#aca341c90ed49000ec1560101d6794e07">br_ssl_engine_set_versions()</a> +call on <em>&sc→eng</em> afterwards. </p> + <h4> <code> void sbearssl_sctx_set_policy_sni (br_ssl_server_context *sc, sbearssl_sni_policy_context *pol) </code> </h4> <p> @@ -725,6 +729,11 @@ server for client authentication. </li> <li> Bit 0: if clear, no close_notify is performed and the engine will transmit EOF as received. If set, close_notify will be performed to end the TLS connection. </li> + <li> Bit 1: if clear, on reception of an EOF from the peer without a +preceding close_notify, the EOF will be transmitted to the local program, +and the connection will eventually end normally, with the process exiting 0. +If set, if the peer closes the connection without sending a close_notify, +the process will exit 98 with a fatal error message. </li> </ul> </li> <li> <em>verbosity</em> defines the engine's verbosity: the higher the more verbose. This parameter is currently ignored. </li> |