/sys/man/*/*: fix perms (sorry)

[plan9front.git] / sys / man / 2 / pushtls

diff --git a/sys/man/2/pushtls b/sys/man/2/pushtls
index 48255d234e1de03d732f593f757bd581750c2d63..72a2605bff135c3ea39cafb407bd01022ad3ee56 100644 (file)
--- a/sys/man/2/pushtls
+++ b/sys/man/2/pushtls
@@ -1,6 +1,6 @@
 .TH PUSHTLS 2
 .SH NAME
-pushtls, tlsClient, tlsServer, initThumbprints, freeThumbprints, okThumbprint, readcert, readcertchain \- attach TLS1 or SSL3 encryption to a communication channel
+pushtls, tlsClient, tlsServer, initThumbprints, freeThumbprints, okThumbprint, okCertificate, readcert, readcertchain \- attach TLS1 or SSL3 encryption to a communication channel
 .SH SYNOPSIS
 .B #include <u.h>
 .br
@@ -29,13 +29,16 @@ uchar *readcert(char *filename, int *pcertlen)
 PEMchain *readcertchain(char *filename)
 .PP
 .B
-Thumbprint *initThumbprints(char *ok, char *crl)
+Thumbprint *initThumbprints(char *ok, char *crl, char *tag)
 .PP
 .B
 void   freeThumbprints(Thumbprint *table)
 .PP
 .B
-int    okThumbprint(uchar *hash, Thumbprint *table)
+int    okThumbprint(uchar *hash, int len, Thumbprint *table)
+.PP
+.B
+int    okCertificate(uchar *cert, int len, Thumbprint *table)
 .SH DESCRIPTION
 Transport Layer Security (TLS) comprises a record layer protocol,
 doing message digesting and encrypting in the kernel,
@@ -100,18 +103,21 @@ typedef struct TLSconn {
        char    dir[40];                /* OUT    connection directory */
        uchar *cert;            /* IN/OUT certificate */
        uchar *sessionID;       /* IN/OUT session ID */
-       int     certlen, sessionIDlen;
+       uchar *psk;             /* opt IN pre-shared key */
+       int     certlen, sessionIDlen, psklen;
        int     (*trace)(char*fmt, ...);
        PEMChain *chain;
        char    *sessionType;   /* opt IN  session type */
        uchar *sessionKey;      /* opt IN/OUT session key */
        int     sessionKeylen;  /* opt IN  session key length */
        char    *sessionConst;  /* opt IN  session constant */
+       char    *serverName;    /* opt IN  server name */
+       char    *pskID;         /* opt IN  pre-shared key ID */
 } TLSconn;
 .EE
 .PP
 defined in
-.IR tls.h .
+.IR libsec.h .
 On input, the caller can provide options such as
 .IR cert ,
 the local certificate, and
@@ -182,7 +188,7 @@ and return a pointer to a linked list of
 .IR malloc ed
 .B PEMChain
 structures, defined in
-.IR tls.h :
+.IR libsec.h :
 .IP
 .EX
 typedef struct PEMChain PEMChain;
@@ -210,13 +216,10 @@ be freed by the application whenever convenient.
 Start the client half of TLS and check the remote certificate:
 .IP
 .EX
-uchar hash[SHA1dlen];
-
 conn = (TLSconn*)mallocz(sizeof *conn, 1);
 fd = tlsClient(fd, conn);
-sha1(conn->cert, conn->certlen, hash, nil);
-if(!okThumbprint(hash,table))
-       exits("suspect server");
+if(!okCertificate(conn->cert, conn->certlen, table))
+       sysfatal("suspect server: %r");
 \fI...application begins...\fP
 .EE
 .PP