Scroll to navigation

TLS_CONFIG_VERIFY(3) Library Functions Manual TLS_CONFIG_VERIFY(3)

NAME

tls_config_verify,tls_config_insecure_noverifycert,tls_config_insecure_noverifyname,tls_config_insecure_noverifytimeinsecure TLS configuration

SYNOPSIS

#include<tls.h>

void
tls_config_verify(struct tls_config *config);

void
tls_config_insecure_noverifycert(struct tls_config *config);

void
tls_config_insecure_noverifyname(struct tls_config *config);

void
tls_config_insecure_noverifytime(struct tls_config *config);

DESCRIPTION

These functions disable parts of the normal certificate verificationprocess, resulting in insecure configurations.Be very careful when using them.

()disables certificate verification and OCSP validation.

()disables server name verification (client only).

()disables validity checking of certificates and OCSP validation.

()reenables server name and certificate verification.

SEE ALSO

tls_client(3),tls_config_ocsp_require_stapling(3),tls_config_set_protocols(3),tls_conn_version(3),tls_connect(3),tls_handshake(3),tls_init(3)

HISTORY

tls_config_verify()appeared inOpenBSD5.6and got its final name inOpenBSD5.7.

tls_config_insecure_noverifycert()andtls_config_insecure_noverifyname()appeared inOpenBSD5.7andtls_config_insecure_noverifytimeinOpenBSD5.9.

AUTHORS

Joel Sing<jsing@openbsd.org>
Ted Unangst<tedu@openbsd.org>

March 2, 2017 Debian