1 files changed, 206 insertions, 0 deletions
diff --git a/static/freebsd/man3/SSL_CTX_set1_cert_comp_preference.3 b/static/freebsd/man3/SSL_CTX_set1_cert_comp_preference.3
new file mode 100644
index 00000000..54e0785c
--- /dev/null
+++ b/static/freebsd/man3/SSL_CTX_set1_cert_comp_preference.3
@@ -0,0 +1,206 @@
+.\" -*- mode: troff; coding: utf-8 -*-
+.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>.
+.ie n \{\
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds C`
+.    ds C'
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is >0, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
+..
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
+..
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
+.    \}
+.\}
+.rr rF
+.\"
+.\" Required to disable full justification in groff 1.23.0.
+.if n .ds AD l
+.\" ========================================================================
+.\"
+.IX Title "SSL_CTX_SET1_CERT_COMP_PREFERENCE 3ossl"
+.TH SSL_CTX_SET1_CERT_COMP_PREFERENCE 3ossl 2026-04-07 3.5.6 OpenSSL
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH NAME
+SSL_CTX_set1_cert_comp_preference,
+SSL_set1_cert_comp_preference,
+SSL_CTX_compress_certs,
+SSL_compress_certs,
+SSL_CTX_get1_compressed_cert,
+SSL_get1_compressed_cert,
+SSL_CTX_set1_compressed_cert,
+SSL_set1_compressed_cert \- Certificate compression functions
+.SH SYNOPSIS
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& int SSL_CTX_set1_cert_comp_preference(SSL_CTX *ctx, int *algs, size_t len);
+\& int SSL_set1_cert_comp_preference(SSL *ssl, int *algs, size_t len);
+\&
+\& int SSL_CTX_compress_certs(SSL_CTX *ctx, int alg);
+\& int SSL_compress_certs(SSL *ssl, int alg);
+\&
+\& size_t SSL_CTX_get1_compressed_cert(SSL_CTX *ctx, int alg, unsigned char **data,
+\&                                     size_t *orig_len);
+\& size_t SSL_get1_compressed_cert(SSL *ssl, int alg, unsigned char **data,
+\&                                 size_t *orig_len);
+\&
+\& int SSL_CTX_set1_compressed_cert(SSL_CTX *ctx, int alg,
+\&                                  unsigned char *comp_data,
+\&                                  size_t comp_length, size_t orig_length);
+\& int SSL_set1_compressed_cert(SSL *ssl, int alg, unsigned char *comp_data,
+\&                              size_t comp_length, size_t orig_length);
+.Ve
+.SH DESCRIPTION
+.IX Header "DESCRIPTION"
+These functions control the certificate compression feature. Certificate
+compression is only available for TLSv1.3 as defined in RFC8879.
+.PP
+\&\fBSSL_CTX_set1_cert_comp_preference()\fR and \fBSSL_set1_cert_comp_preference()\fR are used
+to specify the preferred compression algorithms. The \fBalgs\fR argument is an array
+of algorithms, and \fBlength\fR is number of elements in the \fBalgs\fR array. Only
+those algorithms enabled in the library will be accepted in \fBalgs\fR, unknown
+algorithms in \fBalgs\fR are ignored. On an error, the preference order is left
+unmodified.
+.PP
+The following compression algorithms (\fBalg\fR arguments) may be used:
+.IP \(bu 4
+TLSEXT_comp_cert_brotli
+.IP \(bu 4
+TLSEXT_comp_cert_zlib
+.IP \(bu 4
+TLSEXT_comp_cert_zstd
+.PP
+The above is also the default preference order. If a preference order is not
+specified, then the default preference order is sent to the peer and the
+received peer\*(Aqs preference order will be used when compressing a certificate.
+Otherwise, the configured preference order is sent to the peer and is used
+to filter the peer\*(Aqs preference order.
+.PP
+\&\fBSSL_CTX_compress_certs()\fR and \fBSSL_compress_certs()\fR are used to pre\-compress all
+the configured certificates on an SSL_CTX/SSL object with algorithm \fBalg\fR. If
+\&\fBalg\fR is 0, then the certificates are compressed with the algorithms specified
+in the preference list. Calling these functions on a client SSL_CTX/SSL object
+will result in an error, as only server certificates may be pre\-compressed.
+.PP
+\&\fBSSL_CTX_get1_compressed_cert()\fR and \fBSSL_get1_compressed_cert()\fR are used to get
+the pre\-compressed certificate most recently set that may be stored for later
+use. Calling these functions on a client SSL_CTX/SSL object will result in an
+error, as only server certificates may be pre\-compressed. The \fBdata\fR and
+\&\fBorig_len\fR arguments are required.
+.PP
+The compressed certificate data may be passed to \fBSSL_CTX_set1_compressed_cert()\fR
+or \fBSSL_set1_compressed_cert()\fR to provide a pre\-compressed version of the
+most recently set certificate. This pre\-compressed certificate can only be used
+by a server.
+.SH NOTES
+.IX Header "NOTES"
+Each side of the connection sends their compression algorithm preference list
+to their peer indicating compressed certificate support. The received preference
+list is filtered by the configured preference list (i.e. the intersection is
+saved). As the default list includes all the enabled algorithms, not specifying
+a preference will allow any enabled algorithm by the peer. The filtered peer\*(Aqs
+preference order is used to determine what algorithm to use when sending a
+compressed certificate.
+.PP
+Only server certificates may be pre\-compressed. Calling any of these functions
+(except \fBSSL_CTX_set1_cert_comp_preference()\fR/\fBSSL_set1_cert_comp_preference()\fR)
+on a client SSL_CTX/SSL object will return an error. Client certificates are
+compressed on\-demand as unique context data from the server is compressed along
+with the certificate.
+.PP
+For \fBSSL_CTX_set1_cert_comp_preference()\fR and \fBSSL_set1_cert_comp_preference()\fR
+the \fBlen\fR argument is the size of the \fBalgs\fR argument in bytes.
+.PP
+The compressed certificate returned by \fBSSL_CTX_get1_compressed_cert()\fR and
+\&\fBSSL_get1_compressed_cert()\fR is the last certificate set on the SSL_CTX/SSL object.
+The certificate is copied by the function and the caller must free \fB*data\fR via
+\&\fBOPENSSL_free()\fR.
+.PP
+The compressed certificate data set by \fBSSL_CTX_set1_compressed_cert()\fR and
+\&\fBSSL_set1_compressed_cert()\fR is copied into the SSL_CTX/SSL object.
+.PP
+\&\fBSSL_CTX_compress_certs()\fR and \fBSSL_compress_certs()\fR return an error under the
+following conditions:
+.IP \(bu 4
+If no certificates have been configured.
+.IP \(bu 4
+If the specified algorithm \fBalg\fR is not enabled.
+.IP \(bu 4
+If \fBalg\fR is 0 and no compression algorithms are enabled.
+.PP
+Sending compressed certificates may be disabled on a connection via the
+SSL_OP_NO_TX_CERTIFICATE_COMPRESSION option. Receiving compressed certificates
+may be disabled on a connection via the SSL_OP_NO_RX_CERTIFICATE_COMPRESSION
+option.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fBSSL_CTX_set1_cert_comp_preference()\fR,
+\&\fBSSL_set1_cert_comp_preference()\fR,
+\&\fBSSL_CTX_compress_certs()\fR,
+\&\fBSSL_compress_certs()\fR,
+\&\fBSSL_CTX_set1_compressed_cert()\fR, and
+\&\fBSSL_set1_compressed_cert()\fR
+return 1 for success and 0 on error.
+.PP
+\&\fBSSL_CTX_get1_compressed_cert()\fR and
+\&\fBSSL_get1_compressed_cert()\fR
+return the length of the allocated memory on success and 0 on error.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fBSSL_CTX_set_options\fR\|(3),
+\&\fBSSL_CTX_use_certificate\fR\|(3)
+.SH HISTORY
+.IX Header "HISTORY"
+These functions were added in OpenSSL 3.2.
+.SH COPYRIGHT
+.IX Header "COPYRIGHT"
+Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
+.PP
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+<https://www.openssl.org/source/license.html>.