summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl.h
diff options
context:
space:
mode:
authorjsing <>2019-04-04 15:03:21 +0000
committerjsing <>2019-04-04 15:03:21 +0000
commit3a7c85d931b2023a54a02c316fd13e9c48298d91 (patch)
tree3b602635dbbb5b70f50030b6207d774c40c1b7b8 /src/lib/libssl/ssl.h
parentd61714420284e2e4a83c802cc802309dea68369f (diff)
downloadopenbsd-3a7c85d931b2023a54a02c316fd13e9c48298d91.tar.gz
openbsd-3a7c85d931b2023a54a02c316fd13e9c48298d91.tar.bz2
openbsd-3a7c85d931b2023a54a02c316fd13e9c48298d91.zip
Provide SSL chain/cert chain APIs.
These allow for chains to be managed on a per-certificate basis rather than as a single "extra certificates" list. Note that "chain" in this context does not actually include the leaf certificate however, unlike SSL_CTX_use_certificate_chain_{file,mem}(). Thanks to sthen@ for running this through a bulk ports build. ok beck@ tb@
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/ssl.h37
1 files changed, 36 insertions, 1 deletions
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 58b1be6d0d..fc89b0ef6e 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl.h,v 1.165 2019/03/17 17:28:08 jsing Exp $ */ 1/* $OpenBSD: ssl.h,v 1.166 2019/04/04 15:03:21 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1118,6 +1118,9 @@ int PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x);
1118#define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 1118#define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82
1119#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 1119#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83
1120 1120
1121#define SSL_CTRL_CHAIN 88
1122#define SSL_CTRL_CHAIN_CERT 89
1123
1121#define SSL_CTRL_SET_GROUPS 91 1124#define SSL_CTRL_SET_GROUPS 91
1122#define SSL_CTRL_SET_GROUPS_LIST 92 1125#define SSL_CTRL_SET_GROUPS_LIST 92
1123 1126
@@ -1125,6 +1128,8 @@ int PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x);
1125 1128
1126#define SSL_CTRL_GET_SERVER_TMP_KEY 109 1129#define SSL_CTRL_GET_SERVER_TMP_KEY 109
1127 1130
1131#define SSL_CTRL_GET_CHAIN_CERTS 115
1132
1128#define SSL_CTRL_SET_DH_AUTO 118 1133#define SSL_CTRL_SET_DH_AUTO 118
1129 1134
1130#define SSL_CTRL_SET_MIN_PROTO_VERSION 123 1135#define SSL_CTRL_SET_MIN_PROTO_VERSION 123
@@ -1174,6 +1179,20 @@ int PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x);
1174#define SSL_set_ecdh_auto(s, onoff) \ 1179#define SSL_set_ecdh_auto(s, onoff) \
1175 SSL_ctrl(s,SSL_CTRL_SET_ECDH_AUTO,onoff,NULL) 1180 SSL_ctrl(s,SSL_CTRL_SET_ECDH_AUTO,onoff,NULL)
1176 1181
1182int SSL_CTX_set0_chain(SSL_CTX *ctx, STACK_OF(X509) *chain);
1183int SSL_CTX_set1_chain(SSL_CTX *ctx, STACK_OF(X509) *chain);
1184int SSL_CTX_add0_chain_cert(SSL_CTX *ctx, X509 *x509);
1185int SSL_CTX_add1_chain_cert(SSL_CTX *ctx, X509 *x509);
1186int SSL_CTX_get0_chain_certs(const SSL_CTX *ctx, STACK_OF(X509) **out_chain);
1187int SSL_CTX_clear_chain_certs(SSL_CTX *ctx);
1188
1189int SSL_set0_chain(SSL *ssl, STACK_OF(X509) *chain);
1190int SSL_set1_chain(SSL *ssl, STACK_OF(X509) *chain);
1191int SSL_add0_chain_cert(SSL *ssl, X509 *x509);
1192int SSL_add1_chain_cert(SSL *ssl, X509 *x509);
1193int SSL_get0_chain_certs(const SSL *ssl, STACK_OF(X509) **out_chain);
1194int SSL_clear_chain_certs(SSL *ssl);
1195
1177int SSL_CTX_set1_groups(SSL_CTX *ctx, const int *groups, size_t groups_len); 1196int SSL_CTX_set1_groups(SSL_CTX *ctx, const int *groups, size_t groups_len);
1178int SSL_CTX_set1_groups_list(SSL_CTX *ctx, const char *groups); 1197int SSL_CTX_set1_groups_list(SSL_CTX *ctx, const char *groups);
1179 1198
@@ -1215,14 +1234,30 @@ int SSL_set_max_proto_version(SSL *ssl, uint16_t version);
1215 * Also provide those functions as macros for compatibility with 1234 * Also provide those functions as macros for compatibility with
1216 * existing users. 1235 * existing users.
1217 */ 1236 */
1237#define SSL_CTX_set0_chain SSL_CTX_set0_chain
1238#define SSL_CTX_set1_chain SSL_CTX_set1_chain
1239#define SSL_CTX_add0_chain_cert SSL_CTX_add0_chain_cert
1240#define SSL_CTX_add1_chain_cert SSL_CTX_add1_chain_cert
1241#define SSL_CTX_get0_chain_certs SSL_CTX_get0_chain_certs
1242#define SSL_CTX_clear_chain_certs SSL_CTX_clear_chain_certs
1243
1244#define SSL_add0_chain_cert SSL_add0_chain_cert
1245#define SSL_add1_chain_cert SSL_add1_chain_cert
1246#define SSL_set0_chain SSL_set0_chain
1247#define SSL_set1_chain SSL_set1_chain
1248#define SSL_get0_chain_certs SSL_get0_chain_certs
1249#define SSL_clear_chain_certs SSL_clear_chain_certs
1250
1218#define SSL_CTX_set1_groups SSL_CTX_set1_groups 1251#define SSL_CTX_set1_groups SSL_CTX_set1_groups
1219#define SSL_CTX_set1_groups_list SSL_CTX_set1_groups_list 1252#define SSL_CTX_set1_groups_list SSL_CTX_set1_groups_list
1220#define SSL_set1_groups SSL_set1_groups 1253#define SSL_set1_groups SSL_set1_groups
1221#define SSL_set1_groups_list SSL_set1_groups_list 1254#define SSL_set1_groups_list SSL_set1_groups_list
1255
1222#define SSL_CTX_get_min_proto_version SSL_CTX_get_min_proto_version 1256#define SSL_CTX_get_min_proto_version SSL_CTX_get_min_proto_version
1223#define SSL_CTX_get_max_proto_version SSL_CTX_get_max_proto_version 1257#define SSL_CTX_get_max_proto_version SSL_CTX_get_max_proto_version
1224#define SSL_CTX_set_min_proto_version SSL_CTX_set_min_proto_version 1258#define SSL_CTX_set_min_proto_version SSL_CTX_set_min_proto_version
1225#define SSL_CTX_set_max_proto_version SSL_CTX_set_max_proto_version 1259#define SSL_CTX_set_max_proto_version SSL_CTX_set_max_proto_version
1260
1226#define SSL_get_min_proto_version SSL_get_min_proto_version 1261#define SSL_get_min_proto_version SSL_get_min_proto_version
1227#define SSL_get_max_proto_version SSL_get_max_proto_version 1262#define SSL_get_max_proto_version SSL_get_max_proto_version
1228#define SSL_set_min_proto_version SSL_set_min_proto_version 1263#define SSL_set_min_proto_version SSL_set_min_proto_version
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-01 22:49:10 +0000