From 47cbbb1619ace4013856843ef8f7d68279c74faa Mon Sep 17 00:00:00 2001 From: Laurent Bercot Date: Sun, 22 Nov 2020 00:16:06 +0000 Subject: Add documentation, fix tiny privdrop bug --- doc/s6-tlsclient.html | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) (limited to 'doc/s6-tlsclient.html') diff --git a/doc/s6-tlsclient.html b/doc/s6-tlsclient.html index 2553637..fc357a7 100644 --- a/doc/s6-tlsclient.html +++ b/doc/s6-tlsclient.html @@ -40,22 +40,20 @@ involving: establishes a TCP connection to host host port port.
  • s6-tlsc, which establishes a TLS transport (client-side) over that connection.
    • -
  • prog..., your client program, which is run as a -child of s6-tlsc.
    • +
  • prog..., your client program, which is executed into by +s6-tlsc once the +s6-tlsc-io child it has spawned has +set up the TLS connection and performed the handshake.
    • -
  • It runs until the connection closes.
    • -
  • It exits either with a s6-tlsc -error code (and error message), or with an -approximation -of prog's exit code.
    • +
  • prog... is run with the same pid as s6-tlsclient.

    • prog is expected to read from its peer on descriptor 6 and write to its peer on descriptor 7. -Since there will be a s6-tlsc +Since there will be a s6-tlsc-io program between prog and the network to perform -the SSL encryption/decryption, those descriptors will not +the TLS encryption/decryption, those descriptors will not be a network socket - they will be pipes.

    @@ -79,7 +77,7 @@ used, which may be a security risk.

    The following variables should be set before invoking s6-tlsclient, because they will be used by -s6-tlsc: +s6-tlsc-io: