Replumbing: Add include/openssl/core.h, initially with core types

[openssl.git] / doc / man3 / SSL_CTX_set_verify.pod

diff --git a/doc/man3/SSL_CTX_set_verify.pod b/doc/man3/SSL_CTX_set_verify.pod
index 89760f47fbe1aff990c0706f3ded898b745e4dc8..7c151a5f69a52d1aeacfa3c04c395dd561ab8517 100644 (file)
--- a/doc/man3/SSL_CTX_set_verify.pod
+++ b/doc/man3/SSL_CTX_set_verify.pod
@@ -7,7 +7,8 @@ SSL_CTX_set_verify, SSL_set_verify,
 SSL_CTX_set_verify_depth, SSL_set_verify_depth,
 SSL_verify_cb,
 SSL_verify_client_post_handshake,
-SSL_force_post_handshake_auth
+SSL_set_post_handshake_auth,
+SSL_CTX_set_post_handshake_auth
 - set peer certificate verification parameters
 
 =head1 SYNOPSIS
@@ -24,7 +25,8 @@ SSL_force_post_handshake_auth
  void SSL_set_verify_depth(SSL *ssl, int depth);
 
  int SSL_verify_client_post_handshake(SSL *ssl);
- void SSL_force_post_handshake_auth(SSL *ssl);
+ void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val);
+ void SSL_set_post_handshake_auth(SSL *ssl, int val);
 
 =head1 DESCRIPTION
 
@@ -48,10 +50,11 @@ verification that shall be allowed for B<ctx>.
 SSL_set_verify_depth() sets the maximum B<depth> for the certificate chain
 verification that shall be allowed for B<ssl>.
 
-SSL_force_post_handshake_auth() forces the Post-Handshake Authentication
-extension to be added to the ClientHello regardless of certificate configuration
-at the time of the initial handshake, such that post-handshake authentication
-can be requested by the server. A certificate callback will need to be set via
+SSL_CTX_set_post_handshake_auth() and SSL_set_post_handshake_auth() enable the
+Post-Handshake Authentication extension to be added to the ClientHello such that
+post-handshake authentication can be requested by the server. If B<val> is 0
+then the extension is not sent, otherwise it is. By default the extension is not
+sent. A certificate callback will need to be set via
 SSL_CTX_set_client_cert_cb() if no certificate is provided at initialization.
 
 SSL_verify_client_post_handshake() causes a CertificateRequest message to be
@@ -183,7 +186,7 @@ Its return value is identical to B<preverify_ok>, so that any verification
 failure will lead to a termination of the TLS/SSL handshake with an
 alert message, if SSL_VERIFY_PEER is set.
 
-After calling SSL_force_post_handshake_auth(), the client will need to add a
+After calling SSL_set_post_handshake_auth(), the client will need to add a
 certificate or certificate callback to its configuration before it can
 successfully authenticate. This must be called before SSL_connect().
 
@@ -341,13 +344,13 @@ L<CRYPTO_get_ex_new_index(3)>
 =head1 HISTORY
 
 The SSL_VERIFY_POST_HANDSHAKE option, and the SSL_verify_client_post_handshake()
-and SSL_force_post_handshake_auth() functions were added in OpenSSL 1.1.1.
+and SSL_set_post_handshake_auth() functions were added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
 
-Licensed under the OpenSSL license (the "License").  You may not use
+Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
 in the file LICENSE in the source distribution or at
 L<https://www.openssl.org/source/license.html>.