Index: tls_accept_socket.3 =================================================================== RCS file: /cvs/src/lib/libtls/man/tls_accept_socket.3,v diff -u -p -r1.4 tls_accept_socket.3 --- tls_accept_socket.3 26 May 2018 12:35:26 -0000 1.4 +++ tls_accept_socket.3 9 May 2024 23:55:14 -0000 @@ -30,7 +30,7 @@ .Fo tls_accept_socket .Fa "struct tls *tls" .Fa "struct tls **cctx" -.Fa "int socket" +.Fa "int fd" .Fc .Ft int .Fo tls_accept_fds @@ -58,7 +58,8 @@ and configuring it with .Xr tls_configure 3 , a server can accept a new client connection by calling .Fn tls_accept_socket -on an already established socket connection. +on an already connected file descriptor such as a stream socket or +pipe. .Pp Alternatively, a new client connection can be accepted over a pair of existing file descriptors by calling Index: tls_connect.3 =================================================================== RCS file: /cvs/src/lib/libtls/man/tls_connect.3,v diff -u -p -r1.4 tls_connect.3 --- tls_connect.3 9 Jul 2018 19:51:18 -0000 1.4 +++ tls_connect.3 9 May 2024 23:55:14 -0000 @@ -94,7 +94,8 @@ function has the same behaviour, however explicitly provided, for the case where the TLS server name differs from the DNS name. .Pp -An already existing socket can be upgraded to a secure connection by calling +An already connected file descriptor can be upgraded to a secure +connection by calling .Fn tls_connect_socket . .Pp Alternatively, a secure connection can be established over a pair of existing Index: tls_init.3 =================================================================== RCS file: /cvs/src/lib/libtls/man/tls_init.3,v diff -u -p -r1.13 tls_init.3 --- tls_init.3 9 Jul 2018 19:47:20 -0000 1.13 +++ tls_init.3 9 May 2024 23:55:14 -0000 @@ -39,7 +39,7 @@ The .Nm tls family of functions establishes a secure communications channel -using the TLS socket protocol. +using the TLS stream protocol. Both clients and servers are supported. .Pp The @@ -77,7 +77,7 @@ A client connection is initiated after c .Xr tls_connect 3 . A server can accept a new client connection by calling .Xr tls_accept_socket 3 -on an already established socket connection. +on an already connected file descriptor. .Pp Two functions are provided for input and output, .Xr tls_read 3 Index: tls_read.3 =================================================================== RCS file: /cvs/src/lib/libtls/man/tls_read.3,v diff -u -p -r1.7 tls_read.3 --- tls_read.3 9 Jul 2019 17:58:33 -0000 1.7 +++ tls_read.3 9 May 2024 23:55:14 -0000 @@ -55,7 +55,7 @@ .Fn tls_read reads .Fa buflen -bytes of data from the socket into +bytes of data from the connection into .Fa buf . It returns the amount of data read. .Pp @@ -64,7 +64,7 @@ writes .Fa buflen bytes of data from .Fa buf -to the socket. +to the connection. It returns the amount of data written. .Pp .Fn tls_handshake @@ -92,12 +92,18 @@ After closing the connection, .Fa ctx can be passed to .Xr tls_free 3 . +It is unnecessary +.\" is this true? +but still safe to call +.Fn tls_close +if the underlying file descriptor is no longer connected. .\" XXX Fn tls_reset does what? .Sh RETURN VALUES .Fn tls_read and .Fn tls_write -return a size on success or -1 on error. +return -1 on error, 0 if the file descriptor is no longer connected, +or a size on success. .Pp .Fn tls_handshake and @@ -165,6 +171,8 @@ while (len > 0) { continue; if (ret == -1) errx(1, "tls_write: %s", tls_error(ctx)); + if (ret == 0) + errx(1, "tls_write: disconnected"); buf += ret; len -= ret; } @@ -179,7 +187,7 @@ non-blocking file descriptor using pfd[0].fd = fd; pfd[0].events = POLLIN|POLLOUT; while (len > 0) { - nready = poll(pfd, 1, 0); + nready = poll(pfd, 1, INFTIM); if (nready == -1) err(1, "poll"); if ((pfd[0].revents & (POLLERR|POLLNVAL))) @@ -194,6 +202,8 @@ while (len > 0) { pfd[0].events = POLLOUT; else if (ret == -1) errx(1, "tls_write: %s", tls_error(ctx)); + else if (ret == 0) + errx(1, "tls_write: disconnected"); else { buf += ret; len -= ret;