1TLS_CONFIG_VERIFY(3)     BSD Library Functions Manual     TLS_CONFIG_VERIFY(3)
2

NAME

4     tls_config_verify, tls_config_insecure_noverifycert,
5     tls_config_insecure_noverifyname, tls_config_insecure_noverifytime 
6     insecure TLS configuration
7

SYNOPSIS

9     #include <tls.h>
10
11     void
12     tls_config_verify(struct tls_config *config);
13
14     void
15     tls_config_insecure_noverifycert(struct tls_config *config);
16
17     void
18     tls_config_insecure_noverifyname(struct tls_config *config);
19
20     void
21     tls_config_insecure_noverifytime(struct tls_config *config);
22

DESCRIPTION

24     These functions disable parts of the normal certificate verification
25     process, resulting in insecure configurations.  Be very careful when
26     using them.
27
28     tls_config_insecure_noverifycert() disables certificate verification and
29     OCSP validation.
30
31     tls_config_insecure_noverifyname() disables server name verification
32     (client only).
33
34     tls_config_insecure_noverifytime() disables validity checking of certifi‐
35     cates and OCSP validation.
36
37     tls_config_verify() reenables server name and certificate verification.
38

SEE ALSO

40     tls_client(3), tls_config_ocsp_require_stapling(3),
41     tls_config_set_protocols(3), tls_conn_version(3), tls_connect(3),
42     tls_handshake(3), tls_init(3)
43

HISTORY

45     tls_config_verify() appeared in OpenBSD 5.6 and got its final name in
46     OpenBSD 5.7.
47
48     tls_config_insecure_noverifycert() and tls_config_insecure_noverifyname()
49     appeared in OpenBSD 5.7 and tls_config_insecure_noverifytime in
50     OpenBSD 5.9.
51

AUTHORS

53     Joel Sing <jsing@openbsd.org>
54     Ted Unangst <tedu@openbsd.org>
55
56BSD                              March 2, 2017                             BSD
Impressum