logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

tls_config_verify, tls_config_insecure_noverifycert, tls_config_insecure_noverifyname,

Authors

       Joel Sing <jsing@openbsd.org>
       Ted Unangst <tedu@openbsd.org>

Debian                                            March 2, 2017                             TLS_CONFIG_VERIFY(3)

Description

       These functions disable parts of the normal  certificate  verification  process,  resulting  in  insecure
       configurations.  Be very careful when using them.

       tls_config_insecure_noverifycert() disables certificate verification and OCSP validation.

       tls_config_insecure_noverifyname() disables server name verification (client only).

       tls_config_insecure_noverifytime() disables validity checking of certificates and OCSP validation.

       tls_config_verify() reenables server name and certificate verification.

History

tls_config_verify() appeared in OpenBSD 5.6 and got its final name in OpenBSD 5.7.

       tls_config_insecure_noverifycert() and tls_config_insecure_noverifyname() appeared  in  OpenBSD  5.7  and
       tls_config_insecure_noverifytime in OpenBSD 5.9.

Name

       tls_config_verify,           tls_config_insecure_noverifycert,          tls_config_insecure_noverifyname,
       tls_config_insecure_noverifytime — insecure TLS configuration

See Also

tls_client(3),   tls_config_ocsp_require_stapling(3),  tls_config_set_protocols(3),  tls_conn_version(3),
       tls_connect(3), tls_handshake(3), tls_init(3)

Synopsis

#include<tls.h>voidtls_config_verify(structtls_config*config);

       voidtls_config_insecure_noverifycert(structtls_config*config);

       voidtls_config_insecure_noverifyname(structtls_config*config);

       voidtls_config_insecure_noverifytime(structtls_config*config);

See Also