DragonFly On-Line Manual Pages

TLS(2)                   DragonFly System Calls Manual                  TLS(2)

NAME
     set_tls_area, get_tls_area -- kernel TLS (thread local storage) support

LIBRARY
     Standard C Library (libc, -lc)

SYNOPSIS
     #include <sys/tls.h>

     int
     set_tls_area(int which, struct tls_info *info, size_t infosize);

     int
     get_tls_area(int which, struct tls_info *info, size_t infosize);

DESCRIPTION
     The set_tls_area() system call creates an entry for the TLS facility
     which representing thread local storage as specified by the info
     structure.  A descriptor representing the facility is returned, or -1 if
     an error occurred.  The facility may be cleared by specifying a NULL
     pointer and an infosize of 0.  The get_tls_area() system call retrieves
     the requested TLS facility.  A descriptor representing the facility is
     returned, or -1 if an error occurred.  If you simply want the descriptor
     you may specify a NULL pointer and an infosize of 0.

     The returned descriptor and the TLS mechanism is machine-dependent.  On
     IA32 three global segment descriptors are supported  (0, 1, and 2) and
     the %gs load value is returned.

     The tls_info structure passed to set_tls_area() should first be zerod (to
     remain compatible with future extensions) and then initialized.

     struct tls_info {
             void    *base;          /* base address of TLS area */
             int     size;           /* size of TLS area in bytes */
     };

     The actual implementation of the area is machine-dependent.  If the
     kernel is unable to accommodate the supplied size it may create a larger
     area.  If the kernel is unable to accommodate the supplied base address
     an error will be returned.

RETURN VALUES
     A return value of 0 is returned on success, -1 on error.

EXAMPLES
     /*
      * Pseudo example showing how the TLS system calls work on IA32.
      */
     #include <stdio.h>
     #include <unistd.h>
     #include <stdlib.h>
     #include <errno.h>
     #include <sys/tls.h>

     int X;

     static int getdata(int offset);

     int
     main(int ac, char **av)
     {
         int i;
         int gs;
         struct tls_info info;

         info.base = &X;
         info.size = sizeof(X);
         if ((gs = set_tls_area(0, &info, sizeof(info))) < 0) {
             perror("setarea");
             exit(1);
         }
         printf("gs = %04x\n", gs);
         __asm __volatile("mov %0,%%gs" : : "g" (gs) );

         if (get_tls_area(0, &info, sizeof(info)) < 0) {
             perror("getarea");
             exit(1);
         }
         printf("%p/%d\n", info.base, info.size);

         X = 1;
         printf("should be 1: %d\n", getdata(0));
         X = 2;
         printf("should be 2: %d\n", getdata(0));

         printf("this should fault:\n");
         fflush(stdout);
         getdata(4);

         return(0);
     }

     static int
     getdata(int offset)
     {
         int rv;
         __asm __volatile("movl %%gs:(%0),%%eax; movl %%eax,%1" : "+r" (offset) : "m"
      (rv) : "ax");
         return (rv);
     }

ERRORS
     [ERANGE]           The specified facility index, which, is not supported.

     [EINVAL]           An invalid parameter has been specified.

     [ENOENT]           (get_tls_area) The specified facility has not been
                        initialized with sys_set_tls_area().

SEE ALSO
     umtx(2)

HISTORY
     The set_tls_area(), and get_tls_area() function calls first appeared in
     DragonFly 1.1.

DragonFly 5.5                  February 21, 2005                 DragonFly 5.5
TLS_CONFIG_VERIFY(3)  DragonFly Library Functions Manual  TLS_CONFIG_VERIFY(3)

NAME
     tls_config_verify, tls_config_insecure_noverifycert,
     tls_config_insecure_noverifyname, tls_config_insecure_noverifytime --
     insecure TLS configuration

SYNOPSIS
     #include <tls.h>

     void
     tls_config_verify(struct tls_config *config);

     void
     tls_config_insecure_noverifycert(struct tls_config *config);

     void
     tls_config_insecure_noverifyname(struct tls_config *config);

     void
     tls_config_insecure_noverifytime(struct tls_config *config);

DESCRIPTION
     These functions disable parts of the normal certificate verification
     process, resulting in insecure configurations.  Be very careful when
     using them.

     tls_config_insecure_noverifycert() disables certificate verification and
     OCSP validation.

     tls_config_insecure_noverifyname() disables server name verification
     (client only).

     tls_config_insecure_noverifytime() disables validity checking of certifi-
     cates and OCSP validation.

     tls_config_verify() reenables server name and certificate verification.

SEE ALSO
     tls_client(3), tls_config_ocsp_require_stapling(3),
     tls_config_set_protocols(3), tls_conn_version(3), tls_connect(3),
     tls_handshake(3), tls_init(3)

HISTORY
     tls_config_verify() appeared in OpenBSD 5.6 and got its final name in
     OpenBSD 5.7.

     tls_config_insecure_noverifycert() and tls_config_insecure_noverifyname()
     appeared in OpenBSD 5.7 and tls_config_insecure_noverifytime in
     OpenBSD 5.9.

AUTHORS
     Joel Sing <jsing@openbsd.org>
     Ted Unangst <tedu@openbsd.org>

DragonFly 5.5			 March 2, 2017			 DragonFly 5.5