tls_config_verify, tls_config_insecure_noverifycert, tls_config_insecure_noverifyname,
Contents
Description
These functions disable parts of the normal certificate verification process, resulting in insecure
configurations. Be very careful when using them.
tls_config_insecure_noverifycert() disables certificate verification and OCSP validation.
tls_config_insecure_noverifyname() disables server name verification (client only).
tls_config_insecure_noverifytime() disables validity checking of certificates and OCSP validation.
tls_config_verify() reenables server name and certificate verification.
History
tls_config_verify() appeared in OpenBSD 5.6 and got its final name in OpenBSD 5.7.
tls_config_insecure_noverifycert() and tls_config_insecure_noverifyname() appeared in OpenBSD 5.7 and
tls_config_insecure_noverifytime in OpenBSD 5.9.
Name
tls_config_verify, tls_config_insecure_noverifycert, tls_config_insecure_noverifyname,
tls_config_insecure_noverifytime — insecure TLS configuration
See Also
tls_client(3), tls_config_ocsp_require_stapling(3), tls_config_set_protocols(3), tls_conn_version(3), tls_connect(3), tls_handshake(3), tls_init(3)
Synopsis
#include<tls.h>voidtls_config_verify(structtls_config*config);
voidtls_config_insecure_noverifycert(structtls_config*config);
voidtls_config_insecure_noverifyname(structtls_config*config);
voidtls_config_insecure_noverifytime(structtls_config*config);
