Scroll to navigation

TLS_CONFIG_VERIFY(3) Library Functions Manual TLS_CONFIG_VERIFY(3)

NAME

tls_config_verify, tls_config_insecure_noverifycert, tls_config_insecure_noverifyname, tls_config_insecure_noverifytimeinsecure TLS configuration

SYNOPSIS

#include <tls.h>

void
tls_config_verify(struct tls_config *config);

void
tls_config_insecure_noverifycert(struct tls_config *config);

void
tls_config_insecure_noverifyname(struct tls_config *config);

void
tls_config_insecure_noverifytime(struct tls_config *config);

DESCRIPTION

These functions disable parts of the normal certificate verification process, resulting in insecure configurations. Be very careful when using them.

() disables certificate verification and OCSP validation.

() disables server name verification (client only).

() disables validity checking of certificates and OCSP validation.

() reenables server name and certificate verification.

SEE ALSO

tls_client(3), tls_config_ocsp_require_stapling(3), tls_config_set_protocols(3), tls_conn_version(3), tls_connect(3), tls_handshake(3), tls_init(3)

HISTORY

tls_config_verify() appeared in OpenBSD 5.6 and got its final name in OpenBSD 5.7.

tls_config_insecure_noverifycert() and tls_config_insecure_noverifyname() appeared in OpenBSD 5.7 and tls_config_insecure_noverifytime in OpenBSD 5.9.

AUTHORS

Joel Sing <jsing@openbsd.org>
Ted Unangst <tedu@openbsd.org>

March 2, 2017 Debian