1*7b98e4f2Sjmc.\" $OpenBSD: tls_config_verify.3,v 1.4 2017/03/02 11:05:50 jmc Exp $ 2e690d60fSschwarze.\" 3e690d60fSschwarze.\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org> 44801fc0bSschwarze.\" Copyright (c) 2015 Joel Sing <jsing@openbsd.org> 5e690d60fSschwarze.\" 6e690d60fSschwarze.\" Permission to use, copy, modify, and distribute this software for any 7e690d60fSschwarze.\" purpose with or without fee is hereby granted, provided that the above 8e690d60fSschwarze.\" copyright notice and this permission notice appear in all copies. 9e690d60fSschwarze.\" 10e690d60fSschwarze.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11e690d60fSschwarze.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12e690d60fSschwarze.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13e690d60fSschwarze.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14e690d60fSschwarze.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15e690d60fSschwarze.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16e690d60fSschwarze.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17e690d60fSschwarze.\" 18*7b98e4f2Sjmc.Dd $Mdocdate: March 2 2017 $ 19*7b98e4f2Sjmc.Dt TLS_CONFIG_VERIFY 3 20e690d60fSschwarze.Os 21e690d60fSschwarze.Sh NAME 22e690d60fSschwarze.Nm tls_config_verify , 23e690d60fSschwarze.Nm tls_config_insecure_noverifycert , 24e690d60fSschwarze.Nm tls_config_insecure_noverifyname , 25e690d60fSschwarze.Nm tls_config_insecure_noverifytime 26e690d60fSschwarze.Nd insecure TLS configuration 27e690d60fSschwarze.Sh SYNOPSIS 28e690d60fSschwarze.In tls.h 29e690d60fSschwarze.Ft void 30e690d60fSschwarze.Fn tls_config_verify "struct tls_config *config" 31e690d60fSschwarze.Ft void 32e690d60fSschwarze.Fn tls_config_insecure_noverifycert "struct tls_config *config" 33e690d60fSschwarze.Ft void 34e690d60fSschwarze.Fn tls_config_insecure_noverifyname "struct tls_config *config" 35e690d60fSschwarze.Ft void 36e690d60fSschwarze.Fn tls_config_insecure_noverifytime "struct tls_config *config" 37e690d60fSschwarze.Sh DESCRIPTION 38e690d60fSschwarzeThese functions disable parts of the normal certificate verification 39e690d60fSschwarzeprocess, resulting in insecure configurations. 40e690d60fSschwarzeBe very careful when using them. 41e690d60fSschwarze.Pp 42e690d60fSschwarze.Fn tls_config_insecure_noverifycert 43e690d60fSschwarzedisables certificate verification and OCSP validation. 44e690d60fSschwarze.Pp 45e690d60fSschwarze.Fn tls_config_insecure_noverifyname 46e690d60fSschwarzedisables server name verification (client only). 47e690d60fSschwarze.Pp 48e690d60fSschwarze.Fn tls_config_insecure_noverifytime 49e690d60fSschwarzedisables validity checking of certificates and OCSP validation. 50e690d60fSschwarze.Pp 51e690d60fSschwarze.Fn tls_config_verify 52e690d60fSschwarzereenables server name and certificate verification. 53e690d60fSschwarze.Sh SEE ALSO 54e690d60fSschwarze.Xr tls_client 3 , 55e690d60fSschwarze.Xr tls_config_ocsp_require_stapling 3 , 56e690d60fSschwarze.Xr tls_config_set_protocols 3 , 57e690d60fSschwarze.Xr tls_conn_version 3 , 58e690d60fSschwarze.Xr tls_connect 3 , 59e690d60fSschwarze.Xr tls_handshake 3 , 60e690d60fSschwarze.Xr tls_init 3 618b02f64eSschwarze.Sh HISTORY 628b02f64eSschwarze.Fn tls_config_verify 638b02f64eSschwarzeappeared in 648b02f64eSschwarze.Ox 5.6 658b02f64eSschwarzeand got its final name in 668b02f64eSschwarze.Ox 5.7 . 678b02f64eSschwarze.Pp 688b02f64eSschwarze.Fn tls_config_insecure_noverifycert 698b02f64eSschwarzeand 708b02f64eSschwarze.Fn tls_config_insecure_noverifyname 718b02f64eSschwarzeappeared in 728b02f64eSschwarze.Ox 5.7 738b02f64eSschwarzeand 748b02f64eSschwarze.Nm tls_config_insecure_noverifytime 758b02f64eSschwarzein 768b02f64eSschwarze.Ox 5.9 . 778b02f64eSschwarze.Sh AUTHORS 788b02f64eSschwarze.An Joel Sing Aq Mt jsing@openbsd.org 798b02f64eSschwarze.An Ted Unangst Aq Mt tedu@openbsd.org 80