OpenBSD manual page server

Manual Page Search Parameters

TLS_CONFIG_VERIFY(3) Library Functions Manual TLS_CONFIG_VERIFY(3)

tls_config_verify, tls_config_insecure_noverifycert, tls_config_insecure_noverifyname, tls_config_insecure_noverifytimeinsecure TLS configuration

#include <tls.h>

void
tls_config_verify(struct tls_config *config);

void
tls_config_insecure_noverifycert(struct tls_config *config);

void
tls_config_insecure_noverifyname(struct tls_config *config);

void
tls_config_insecure_noverifytime(struct tls_config *config);

These functions disable parts of the normal certificate verification process, resulting in insecure configurations. Be very careful when using them.

() disables certificate verification and OCSP validation.

() disables server name verification (client only).

() disables validity checking of certificates and OCSP validation.

() reenables server name and certificate verification.

tls_client(3), tls_config_ocsp_require_stapling(3), tls_config_set_protocols(3), tls_conn_version(3), tls_connect(3), tls_handshake(3), tls_init(3)

tls_config_verify() appeared in OpenBSD 5.6 and got its final name in OpenBSD 5.7.

tls_config_insecure_noverifycert() and tls_config_insecure_noverifyname() appeared in OpenBSD 5.7 and tls_config_insecure_noverifytime in OpenBSD 5.9.

Joel Sing <‍jsing@openbsd.org>
Ted Unangst <‍tedu@openbsd.org>

March 2, 2017 OpenBSD-current