|TLS_INIT(3)||Library Functions Manual||TLS_INIT(3)|
struct tls_config *
const char *
tlsfamily of functions establishes a secure communications channel using the TLS socket protocol. Both clients and servers are supported.
tls_init() function initializes global
data structures. It is no longer necessary to call this function directly,
since it is invoked internally when needed. It may be called more than once,
and may be called concurrently.
Before a connection is created, a configuration must be created.
tls_config_new() function allocates,
initializes, and returns a new default configuration object that can be used
for future connections. Several functions exist to change the options of the
tls_config_error() function may be
used to retrieve a string containing more information about the most recent
error relating to a configuration.
A client connection is initiated after configuration by calling tls_connect(3). A server can accept a new client connection by calling tls_accept_socket(3) on an already established socket connection.
When no more contexts are to be configured, the configuration
object should be freed by calling
It is safe to call
tls_config_free() as soon as the
final call to
tls_configure() has been made. If
NULL, no action
tls_init() returns 0 on success or -1 on error.
NULL on error or an out of memory condition.
NULL if no error occurred with
config at all, or if memory allocation failed while
trying to assemble the string describing the most recent error related to
tlsAPI first appeared in OpenBSD 5.6 as a response to the unnecessary challenges other APIs present in order to use them safely.
All functions were renamed from
tls_*() for OpenBSD
tls_config_error() appeared in
Many others contributed to various parts of the library; see the individual manual pages for more information.
tls_config_error() returns an internal pointer. It must not be freed by the application, or a double free error will occur. The pointer will become invalid when the next error occurs with config. Consequently, if the application may need the message at a later time, it has to copy the string before calling the next libtls function involving config, or a segmentation fault or read access to unintended data is the likely result.
|July 9, 2018||OpenBSD-current|