fixes #206 Want NNG_OPT_TLS_VERIFIED option

It is useful to have support for validating that a peer *was*
verified, especially in the presence of optional validation.
We have added a property that does this, NNG_OPT_TLS_VERIFIED.

Further, all the old NNG_OPT_WSS_TLS_* property names have also been
renamed to generic NNG_OPT_TLS property names, which have been
moved to nng.h to facilitate reuse and sharing, with the comments
moved and corrected as well.

Finally, the man pages have been updated, with substantial
improvements to the nng_ws man page in particular.

2 files changed, 23 insertions, 13 deletions

diff --git a/tests/wss.c b/tests/wss.c
index c087ed1e..aee982c8 100644
--- a/tests/wss.c
+++ b/tests/wss.c
@@ -198,7 +198,7 @@ init_dialer_wss(trantest *tt, nng_dialer d)
 	    0) {
 		goto out;
 	}
-	rv = nng_dialer_setopt_ptr(d, NNG_OPT_WSS_TLS_CONFIG, cfg);
+	rv = nng_dialer_setopt_ptr(d, NNG_OPT_TLS_CONFIG, cfg);
 
 out:
 	nng_tls_config_free(cfg);
@@ -218,8 +218,7 @@ init_listener_wss(trantest *tt, nng_listener l)
 		goto out;
 	}
 
-	if ((rv = nng_listener_setopt_ptr(l, NNG_OPT_WSS_TLS_CONFIG, cfg)) !=
-	    0) {
+	if ((rv = nng_listener_setopt_ptr(l, NNG_OPT_TLS_CONFIG, cfg)) != 0) {
 		// We can wind up with EBUSY from the server already running.
 		if (rv == NNG_EBUSY) {
 			rv = 0;
diff --git a/tests/wssfile.c b/tests/wssfile.c
index 120e575d..73a0050b 100644
--- a/tests/wssfile.c
+++ b/tests/wssfile.c
@@ -138,6 +138,7 @@ check_props(nng_msg *msg, nng_listener l, nng_dialer d)
 	nng_sockaddr ra;
 	char *       buf;
 	size_t       len;
+	int          v;
 
 	p = nng_msg_get_pipe(msg);
 	So(p > 0);
@@ -176,6 +177,10 @@ check_props(nng_msg *msg, nng_listener l, nng_dialer d)
 	So(z == len);
 	nni_free(buf, len);
 
+	// Verified
+	So(nng_pipe_getopt_int(p, NNG_OPT_TLS_VERIFIED, &v) == 0);
+	So(v == 1);
+
 	return (0);
 }
 
@@ -200,7 +205,7 @@ init_dialer_wss_file(trantest *tt, nng_dialer d)
 		return (rv);
 	}
 
-	rv = nng_dialer_setopt_string(d, NNG_OPT_WSS_TLS_CA_FILE, pth);
+	rv = nng_dialer_setopt_string(d, NNG_OPT_TLS_CA_FILE, pth);
 	nni_file_delete(pth);
 	nni_strfree(pth);
 
@@ -237,7 +242,7 @@ init_listener_wss_file(trantest *tt, nng_listener l)
 		return (rv);
 	}
 
-	rv = nng_listener_setopt_string(l, NNG_OPT_WSS_TLS_CERT_KEY_FILE, pth);
+	rv = nng_listener_setopt_string(l, NNG_OPT_TLS_CERT_KEY_FILE, pth);
 	if (rv != 0) {
 		// We can wind up with EBUSY from the server already
 		// running.
@@ -284,7 +289,7 @@ TestMain("WebSocket Secure (TLS) Transport (file based)", {
 
 		// reset port back one
 		trantest_prev_address(addr, "wss://127.0.0.1:%u/test");
-		So(nng_setopt_int(s2, NNG_OPT_WSS_TLS_AUTH_MODE,
+		So(nng_setopt_int(s2, NNG_OPT_TLS_AUTH_MODE,
 		       NNG_TLS_AUTH_MODE_REQUIRED) == 0);
 
 		So(nng_dial(s2, addr, NULL, 0) == NNG_EPEERAUTH);
@@ -294,9 +299,10 @@ TestMain("WebSocket Secure (TLS) Transport (file based)", {
 		nng_socket   s1;
 		nng_socket   s2;
 		nng_listener l;
-		char *       buf;
-		size_t       sz;
 		char         addr[NNG_MAXADDRLEN];
+		nng_msg *    msg;
+		nng_pipe     p;
+		int          v;
 
 		So(nng_pair_open(&s1) == 0);
 		So(nng_pair_open(&s2) == 0);
@@ -312,17 +318,22 @@ TestMain("WebSocket Secure (TLS) Transport (file based)", {
 
 		// reset port back one
 		trantest_prev_address(addr, "wss://127.0.0.1:%u/test");
-		So(nng_setopt_int(s2, NNG_OPT_WSS_TLS_AUTH_MODE,
+		So(nng_setopt_int(s2, NNG_OPT_TLS_AUTH_MODE,
 		       NNG_TLS_AUTH_MODE_NONE) == 0);
 		So(nng_setopt_ms(s2, NNG_OPT_RECVTIMEO, 200) == 0);
 		So(nng_dial(s2, addr, NULL, 0) == 0);
 		nng_msleep(100);
 
 		So(nng_send(s1, "hello", 6, 0) == 0);
-		So(nng_recv(s2, &buf, &sz, NNG_FLAG_ALLOC) == 0);
-		So(sz == 6);
-		So(strcmp(buf, "hello") == 0);
-		nng_free(buf, sz);
+		So(nng_recvmsg(s2, &msg, 0) == 0);
+		So(msg != NULL);
+		So(nng_msg_len(msg) == 6);
+		So(strcmp(nng_msg_body(msg), "hello") == 0);
+		p = nng_msg_get_pipe(msg);
+		So(p > 0);
+		So(nng_pipe_getopt_int(p, NNG_OPT_TLS_VERIFIED, &v) == 0);
+		So(v == 0);
+		nng_msg_free(msg);
 	});
 
 	nng_fini();