Add some man page cross-references

The old/deprecated servername callback should refer back to the new/preferred early callback mechanism, as well as indicate that it is superseded by the early callback. The early callback should also mention the API for turning the raw cipherlist octets from the client into usable data structures. Reviewed-by: N Matt Caswell <matt@openssl.org> Reviewed-by: N Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3338)

Add some man page cross-references
The old/deprecated servername callback should refer back to the new/preferred early callback mechanism, as well as indicate that it is superseded by the early callback. The early callback should also mention the API for turning the raw cipherlist octets from the client into usable data structures. Reviewed-by: N Matt Caswell <matt@openssl.org> Reviewed-by: N Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3338)
e5db7fcf · Rich Salz · 1f9d203d · e5db7fcf · e5db7fcf
隐藏空白更改
内联并排

Showing with 12 addition and 5 deletion

doc/man3/SSL_CTX_set_early_cb.pod doc/man3/SSL_CTX_set_early_cb.pod +4 -2

doc/man3/SSL_CTX_set_tlsext_servername_callback.pod doc/man3/SSL_CTX_set_tlsext_servername_callback.pod +8 -3

未找到文件。
--- a/doc/man3/SSL_CTX_set_early_cb.pod
+++ b/doc/man3/SSL_CTX_set_early_cb.pod
@@ -62,7 +62,8 @@ by the client in order to select an appropriate certificate to present,
 and make other configuration adjustments relevant to that server name
 and its configuration.  Such configuration changes can include swapping out
 the associated SSL_CTX pointer, modifying the server's list of permitted TLS
-versions, changing the server's cipher list, etc.
+versions, changing the server's cipher list in response to the client's
+cipher list, etc.

 It is also recommended that applications utilize an early callback and
 not use a servername callback, in order to avoid unexpected behavior that
@@ -89,7 +90,8 @@ SSL_early_get0_ext() returns 1 if the extension of type 'type' is present, and

 =head1 SEE ALSO

-L<ssl(7)>, L<SSL_CTX_set_tlsext_servername_callback(3)>
+L<ssl(7)>, L<SSL_CTX_set_tlsext_servername_callback(3)>,
+L<SSL_bytes_to_cipher_list>

 =head1 HISTORY


--- a/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod
+++ b/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod
@@ -19,6 +19,10 @@ SSL_get_servername_type, SSL_get_servername - handle server name indication

 =head1 DESCRIPTION

+The functionality provided by the servername callback is superseded by
+the early callback, which can be set using SSL_CTX_set_early_cb().
+The servername callback is retained for historical compatibility.
+
 SSL_CTX_set_tlsext_servername_callback() sets the application callback B<cb>
 used by a server to perform any actions or configuration required based on
 the servername extension received in the incoming connection. When B<cb>
@@ -37,8 +41,9 @@ B<TLSEXT_NAMETYPE_host_name>.

 =head1 NOTES

-The ALPN and SNI callbacks are both executed during Client Hello processing.
-The servername callback is executed first, followed by the ALPN callback.
+Several callbacks are executed during ClientHello processing, including
+the early, ALPN, and servername callbacks.  The early callback is executed
+first, then the servername callback, followed by the ALPN callback.

 =head1 RETURN VALUES

@@ -48,7 +53,7 @@ SSL_CTX_set_tlsext_servername_arg() both always return 1 indicating success.
 =head1 SEE ALSO

 L<ssl(7)>, L<SSL_CTX_set_alpn_select_cb(3)>,
-L<SSL_get0_alpn_selected(3)>
+L<SSL_get0_alpn_selected(3)>, L<SSL_CTX_set_early_cb(3)>

 =head1 COPYRIGHT