From deb01a995eb0565dce3696f8f42ed18eab735ce8 Mon Sep 17 00:00:00 2001 From: Garrett D'Amore Date: Tue, 16 Jan 2018 09:07:05 -0800 Subject: man page updates for 0.2.0 --- man/v0.2.0/libnng.html | 31 +- man/v0.2.0/nng_tls.html | 82 +--- man/v0.2.0/nng_tls_config_alloc.html | 9 +- man/v0.2.0/nng_tls_config_auth_mode.html | 6 +- man/v0.2.0/nng_tls_config_ca_chain.html | 635 ++++++++++++++++++++++++++ man/v0.2.0/nng_tls_config_ca_file.html | 636 +++++++++++++++++++++++++++ man/v0.2.0/nng_tls_config_cert_key_file.html | 623 ++++++++++++++++++++++++++ man/v0.2.0/nng_tls_config_own_cert.html | 616 ++++++++++++++++++++++++++ man/v0.2.0/nng_ws.html | 53 ++- 9 files changed, 2563 insertions(+), 128 deletions(-) create mode 100644 man/v0.2.0/nng_tls_config_ca_chain.html create mode 100644 man/v0.2.0/nng_tls_config_ca_file.html create mode 100644 man/v0.2.0/nng_tls_config_cert_key_file.html create mode 100644 man/v0.2.0/nng_tls_config_own_cert.html (limited to 'man') diff --git a/man/v0.2.0/libnng.html b/man/v0.2.0/libnng.html index 5f2a545b..6aa420fa 100644 --- a/man/v0.2.0/libnng.html +++ b/man/v0.2.0/libnng.html @@ -9,7 +9,7 @@ layout: default - + libnng(3) + + + + + +
+
+

SYNOPSIS

+
+
+
+
#include <nng/nng.h>
+
+int nng_tls_config_ca_cert(nni_tls_config *cfg, const char *chain,
+    const char *crl);
+
+
+
+
+
+

DESCRIPTION

+
+
+

The nng_tls_config_ca_chain() function configures a certificate or +certificate chain to be used when validating peers using the configuration +cfg.

+
+
+ + + + + +
+ + +Certificates must be configured when using the authentication mode +NNG_TLS_AUTH_MODE_REQUIRED. +
+
+
+ + + + + +
+ + +This function may be called multiple times, to add additional chains +to a configuration, without affecting those added previously. +
+
+
+

The certificates located in chain must be a zero-terminated C string in +PEM format. Multiple certificates may +appear concatenated together, with the leaf certificate listed first. +together.

+
+
+

The crl may be NULL, or may also be a C string containing a PEM format +certificate revocation list for the associated authority.

+
+
+
+
+

RETURN VALUES

+
+
+

This function returns 0 on success, and non-zero otherwise.

+
+
+
+
+

ERRORS

+
+
+
+
NNG_ENOMEM
+
+

Insufficient memory is available.

+
+
NNG_EBUSY
+
+

The configuration cfg is already in use, and cannot be modified.

+
+
NNG_EINVAL
+
+

An invalid chain or size was supplied.

+
+
+
+
+
+
+

SEE ALSO

+
+
+

nng_strerror(3), +nng_tls_config_alloc(3), +nng_tls_config_auth_mode(3), +nng_tls_config_ca_file(3), +nng(7)

+
+
+
+
+

COPYRIGHT

+
+
+

Copyright 2018 Staysail Systems, Inc.
+Copyright 2018 Capitar IT Group BV

+
+
+

This document is supplied under the terms of the +MIT License.

+
+
+
+
+ + + diff --git a/man/v0.2.0/nng_tls_config_ca_file.html b/man/v0.2.0/nng_tls_config_ca_file.html new file mode 100644 index 00000000..feaf796e --- /dev/null +++ b/man/v0.2.0/nng_tls_config_ca_file.html @@ -0,0 +1,636 @@ +--- +version: 0.2.0 +layout: default +--- + + + + + + + + +nng_tls_config_ca_file(3) + + + + + + + +
+
+

SYNOPSIS

+
+
+
+
#include <nng/nng.h>
+
+int nng_tls_config_ca_file(nni_tls_config *cfg, const char *path);
+
+
+
+
+
+

DESCRIPTION

+
+
+

The nng_tls_config_ca_file() function configures the certificate authority +certificate chain and optional revocation list by loading the certificates +(and revocation list if present) from a single named file. The file must +at least one X.509 certificate in PEM +format, and may contain multiple such certificates, as well as zero or +more PEM CRL objects. This information is used to validate certificates +that are presented by peers, when using the configuration cfg.

+
+
+ + + + + +
+ + +Certificates must be configured when using the authentication mode +NNG_TLS_AUTH_MODE_REQUIRED. +
+
+
+ + + + + +
+ + +This function may be called multiple times, to add additional chains +to a configuration, without affecting those added previously. +
+
+
+
+
+

RETURN VALUES

+
+
+

This function returns 0 on success, and non-zero otherwise.

+
+
+
+
+

ERRORS

+
+
+
+
NNG_ENOMEM
+
+

Insufficient memory is available.

+
+
NNG_EBUSY
+
+

The configuration cfg is already in use, and cannot be modified.

+
+
NNG_EINVAL
+
+

The contents of path are invalid or did not contain a valid PEM certificate.

+
+
NNG_ENOENT
+
+

The file path does not exist.

+
+
NNG_EPERM
+
+

The file path is not readable.

+
+
+
+
+
+
+

SEE ALSO

+
+
+

nng_strerror(3), +nng_tls_config_alloc(3), +nng_tls_config_auth_mode(3), +nng_tls_config_ca_chain(3), +nng(7)

+
+
+
+
+

COPYRIGHT

+
+
+

Copyright 2018 Staysail Systems, Inc.
+Copyright 2018 Capitar IT Group BV

+
+
+

This document is supplied under the terms of the +MIT License.

+
+
+
+
+ + + diff --git a/man/v0.2.0/nng_tls_config_cert_key_file.html b/man/v0.2.0/nng_tls_config_cert_key_file.html new file mode 100644 index 00000000..7076b53e --- /dev/null +++ b/man/v0.2.0/nng_tls_config_cert_key_file.html @@ -0,0 +1,623 @@ +--- +version: 0.2.0 +layout: default +--- + + + + + + + + +nng_tls_config_cert_key_file(3) + + + + + + + +
+
+

SYNOPSIS

+
+
+
+
#include <nng/nng.h>
+
+int nng_tls_config_cert_key_file(nni_tls_config *cfg, const char *path,
+    const char *pass);
+
+
+
+
+
+

DESCRIPTION

+
+
+

The nng_tls_config_cert_key_file() function loads a certificate (or +certificate chain) and a private key from the file named by path.

+
+
+

The file must contain both the PEM +encoded certificate and associated private key, which will be used when +establishing TLS sessions using cfg. It may contain additional certificates +leading to a validation chain, with the leaf certificate first. +There is no need to include the self-signed root, as the peer +will need to have that already in order to perform it’s own validation.

+
+
+

The private key may be encrypted with a password, in which can be supplied in +pass. The value NULL should be supplied for pass if the key is not +encrypted.

+
+
+

On servers, it is possible to call this function multiple times for the +same configuration. This can be useful for specifying different parameters +to be used for different cryptographic algorithms.

+
+
+
+
+

RETURN VALUES

+
+
+

This function returns 0 on success, and non-zero otherwise.

+
+
+
+
+

ERRORS

+
+
+
+
NNG_ENOMEM
+
+

Insufficient memory is available.

+
+
NNG_EBUSY
+
+

The configuration cfg is already in use, and cannot be modified.

+
+
NNG_EINVAL
+
+

The contents of path are invalid.

+
+
NNG_ENOENT
+
+

The file named by path does not exist.

+
+
NNG_EPERM
+
+

The file named by path cannot be opened.

+
+
+
+
+
+
+

SEE ALSO

+
+
+

nng_strerror(3), +nng_tls_config_alloc(3), +nng_tls_config_own_cert(3), +nng(7)

+
+
+
+
+

COPYRIGHT

+
+
+

Copyright 2018 Staysail Systems, Inc.
+Copyright 2018 Capitar IT Group BV

+
+
+

This document is supplied under the terms of the +MIT License.

+
+
+
+
+ + + diff --git a/man/v0.2.0/nng_tls_config_own_cert.html b/man/v0.2.0/nng_tls_config_own_cert.html new file mode 100644 index 00000000..671a402d --- /dev/null +++ b/man/v0.2.0/nng_tls_config_own_cert.html @@ -0,0 +1,616 @@ +--- +version: 0.2.0 +layout: default +--- + + + + + + + + +nng_tls_config_own_cert(3) + + + + + + + +
+
+

SYNOPSIS

+
+
+
+
#include <nng/nng.h>
+
+int nng_tls_config_own_cert(nni_tls_config *cfg, const char *cert,
+    const char *key, const char *pass);
+
+
+
+
+
+

DESCRIPTION

+
+
+

The nng_tls_config_own_cert() function configures a certificate cert +identifying the local side of a TLS connection used with cfg, along with an +associated private or secret key key. The certificate may be +a chain, with the leaf signer first and the root at the end. The +self-signed certificate at the end can be omitted. (The client should already +have it, and will have to in order to validate this certificate anyway).

+
+
+

The key may be encrypted with a password, in which can be supplied in +pass. The value NULL should be supplied for pass if the key is not +encrypted.

+
+
+

On servers, it is possible to call this function multiple times for the +same configuration. This can be useful for specifying different parameters +to be used for different cryptographic algorithms.

+
+
+

The certificate located in cert and key must be NUL terminated C +strings containing +PEM formatted material.

+
+
+
+
+

RETURN VALUES

+
+
+

This function returns 0 on success, and non-zero otherwise.

+
+
+
+
+

ERRORS

+
+
+
+
NNG_ENOMEM
+
+

Insufficient memory is available.

+
+
NNG_EBUSY
+
+

The configuration cfg is already in use, and cannot be modified.

+
+
NNG_EINVAL
+
+

An invalid cert or size was supplied.

+
+
+
+
+
+
+

SEE ALSO

+
+
+

nng_strerror(3), +nng_tls_config_alloc(3), +nng_tls_config_cert_key_file(3), +nng(7)

+
+
+
+
+

COPYRIGHT

+
+
+

Copyright 2018 Staysail Systems, Inc.
+Copyright 2018 Capitar IT Group BV

+
+
+

This document is supplied under the terms of the +MIT License.

+
+
+
+
+ + + diff --git a/man/v0.2.0/nng_ws.html b/man/v0.2.0/nng_ws.html index ff672e69..c0a2d72b 100644 --- a/man/v0.2.0/nng_ws.html +++ b/man/v0.2.0/nng_ws.html @@ -606,25 +606,12 @@ in the Host: HTTP header during HTTP negotiation.
-

The special value of 0 (INADDR_ANY) can be used for a listener -to indicate that it should listen on all interfaces on the host. -A short-hand for this form is to either omit the address, or specify -the asterisk (*) character. For example, the following three -URIs are all equivalent, and could be used to listen to port 9999 -on the host:

-
-
-
    -
  1. -

    ws://0.0.0.0:9999

    -
    2. -
  2. -

    ws://*:9999

    -
    3. -
  3. -

    ws://:9999

    -
    4. -
+

To listen to all ports on the system, the host name may be elided from +the URL on the listener. This will wind up listening to all interfaces +on the system, with possible caveats for IPv4 and IPv6 depending on what +the underlying system supports. (On most modern systems it will map to the +special IPv6 address ::, and both IPv4 and IPv6 connections will be +permitted, with IPv4 addresses mapped to IPv6 addresses.)

@@ -708,6 +695,32 @@ the server is already running. Furthermore, attempts to modify the configuration object will fail if it is already in active use. This object is only available for wss:// endpoints.

+
NNG_OPT_WSS_TLS_CA_FILE
+
+

This is a write-only option used to load certificates associated +associated private key from a file. The value is a C string +containing the path name of the file. The file itself must contain +PEM format objects for one or more +X.509 certificates. It may also contain certificate revocation list (CRL) +objects well. Note that attempts to call this will fail if the +configuration associated with the underlying endpoint +is already in use. This option is only available for wss:// endpoints.

+
+
NNG_OPT_WSS_TLS_CERT_KEY_FILE
+
+

This is a write-only option used to load the local certificate and +associated private key from a file. The value is a C string +containing the path name of the file. The file itself must contain PEM +format objects for the X.509 certificate and private key. Multiple +certificates may be listed in the file, to provide a validation chain, +with the leaf certificate listed first, and subsequent certificates listed +afterwards. Note that attempts to call this will fail if the +configuration associated with the underlying endpoint +is already in use. This option is only available for wss:// endpoints. +The private key must not be encrypted. (Use the NNG_OPT_WSS_TLS_CONFIG +option to get the underlying TLS configuration if more advanced +configuration is needed.)

+
@@ -745,7 +758,7 @@ Copyright 2018 Capitar IT Group BV

-- cgit v1.2.3-70-g09d2