M minidentd.1 => minidentd.1 +1 -1
@@ 60,7 60,7 @@ Log queries and replies.
.It Fl n
Send ERROR : HIDDEN-USER replies if the user has a
.Pa .ident
-file in his home directory.
+file in their home directory.
.It Fl i
User-defined answers.
The first 14 chars of the user's
M s6-tcpserver.1 => s6-tcpserver.1 +1 -1
@@ 27,7 27,7 @@ connection.
.Nm
executes into
.Xr s6-tcpserver4 1
-or
+or into
.Xr s6-tcpserver6 1
depending on whether
.Ar ip
M s6-tlsc-io.1 => s6-tlsc-io.1 +0 -4
@@ 157,10 157,6 @@ If the peer fails to send data for
milliseconds during the handshake, close the connection.
The default is 0, which means infinite timeout (never kill the
connection).
-This option is ignored by the
-.Ql libtls
-backend, which does not have a way to interrupt the handshake after a
-timeout.
.It Fl d Ar notif
Handshake notification.
.Ar notif
M s6-tlsc.1 => s6-tlsc.1 +6 -0
@@ 181,6 181,12 @@ is run with the following additional environment variables:
Contains the protocol version: TLSv1, TLSv1.1, TLSv1.2...
.It Ev SSL_CIPHER
Contains the name of the cipher used.
+.It Ev SSL_TLS_SNI_SERVERNAME
+Contains
+.Ar servername ,
+if the
+.Fl k
+option has been given; otherwise it is removed from the environment.
.El
.Pp
More similar environment variables containing information about the
M s6-tlsd-io.1 => s6-tlsd-io.1 +0 -4
@@ 144,10 144,6 @@ If the peer fails to send data for
milliseconds during the handshake, close the connection.
The default is 0, which means infinite timeout (never kill the
connection).
-This option is ignored by the
-.Ql libtls
-backend, which does not have a way to interrupt the handshake after a
-timeout.
.It Fl d Ar notif
Handshake notification.
.Ar notif
M s6-tlsd.1 => s6-tlsd.1 +4 -0
@@ 172,6 172,10 @@ is run with the following additional environment variables:
Contains the protocol version: TLSv1, TLSv1.1, TLSv1.2...
.It Ev SSL_CIPHER
Contains the name of the cipher used.
+.It Ev SSL_TLS_SNI_SERVERNAME
+Contains the required SNI server name, if any.
+It is removed from the environment if no SNI has been sent by the
+client.
.El
.Pp
More similar environment variables containing information about the
M s6-tlsserver.1 => s6-tlsserver.1 +1 -2
@@ 172,7 172,6 @@ or
.Fl Y ,
.Fl y
.It
-.Fl k Ar servername
.Fl K Ar kimeout
.El
.Ss Options passed to Xr s6-applyuidgid 1
@@ 293,7 292,7 @@ user
.Po
.Ql 65534:65534 Ns
.Pc .
-The server is authentified by the certificate in
+The server is authenticated by the certificate in
.Pa /etc/ssl/public/mycert.pem
that it sends to the client, and the private key in
.Pa /etc/ssl/private/mykey.der
M s6-ucspitlsc.1 => s6-ucspitlsc.1 +4 -4
@@ 99,11 99,11 @@ Use Server Name Indication, and send
.Ar servername .
The default is not to use SNI, which may be a security risk.
.It Fl K Ar kimeout
-Close the connection if
+Close the connection if the handshake takes more than
.Ar kimeout
-milliseconds elapse without any data being received from either side.
-The default is 0, which means infinite timeout (never kill the
-connection).
+milliseconds to complete.
+The default is 0, which means infinite timeout: let the handshake
+complete at its own pace, no matter how slow.
.It Fl 6 Ar fdr
Expect an open file descriptor numbered
.Ar fdr
M s6-ucspitlsd.1 => s6-ucspitlsd.1 +4 -4
@@ 101,11 101,11 @@ nor the
.Fl y
option, is not to require a client certificate at all.
.It Fl K Ar kimeout
-Close the connection if
+Close the connection if the handshake takes more than
.Ar kimeout
-milliseconds elapse without any data being received from either side.
-The default is 0, which means infinite timeout (never kill the
-connection).
+milliseconds to complete.
+The default is 0, which means infinite timeout: let the handshake
+complete at its own pace, no matter how slow.
.El
.Sh ENVIRONMENT
.Ss Read