diff options
author | jsing <> | 2017-01-24 09:03:21 +0000 |
---|---|---|
committer | jsing <> | 2017-01-24 09:03:21 +0000 |
commit | 71cc331549d24c7e6a825b6aa26d8c8064dfe01a (patch) | |
tree | b493d9d91e40b334aae5a2cbf99981f9d4916d09 /src/lib/libssl/ssl.h | |
parent | 17a2441804c81d4524f94ae1c3fe8adbec4a0236 (diff) | |
download | openbsd-71cc331549d24c7e6a825b6aa26d8c8064dfe01a.tar.gz openbsd-71cc331549d24c7e6a825b6aa26d8c8064dfe01a.tar.bz2 openbsd-71cc331549d24c7e6a825b6aa26d8c8064dfe01a.zip |
Add support for setting the supported EC curves via
SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous
SSL{_CTX}_set1_curves{_list} names.
This also changes the default list of EC curves to be X25519, P-256 and
P-384. If you want others (such a brainpool) you need to configure this
yourself.
Inspired by parts of BoringSSL and OpenSSL.
ok beck@
Diffstat (limited to 'src/lib/libssl/ssl.h')
-rw-r--r-- | src/lib/libssl/ssl.h | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index 80e7558a2a..cf75130faf 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssl.h,v 1.121 2017/01/24 02:56:17 jsing Exp $ */ | 1 | /* $OpenBSD: ssl.h,v 1.122 2017/01/24 09:03:21 jsing Exp $ */ |
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 | * All rights reserved. | 3 | * All rights reserved. |
4 | * | 4 | * |
@@ -1169,6 +1169,19 @@ int PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x); | |||
1169 | #define SSL_set_ecdh_auto(s, onoff) \ | 1169 | #define SSL_set_ecdh_auto(s, onoff) \ |
1170 | SSL_ctrl(s,SSL_CTRL_SET_ECDH_AUTO,onoff,NULL) | 1170 | SSL_ctrl(s,SSL_CTRL_SET_ECDH_AUTO,onoff,NULL) |
1171 | 1171 | ||
1172 | int SSL_CTX_set1_groups(SSL_CTX *ctx, const int *groups, size_t groups_len); | ||
1173 | int SSL_CTX_set1_groups_list(SSL_CTX *ctx, const char *groups); | ||
1174 | |||
1175 | int SSL_set1_groups(SSL *ssl, const int *groups, size_t groups_len); | ||
1176 | int SSL_set1_groups_list(SSL *ssl, const char *groups); | ||
1177 | |||
1178 | #ifndef LIBRESSL_INTERNAL | ||
1179 | #define SSL_CTX_set1_curves SSL_CTX_set1_groups | ||
1180 | #define SSL_CTX_set1_curves_list SSL_CTX_set1_groups_list | ||
1181 | #define SSL_set1_curves SSL_set1_groups | ||
1182 | #define SSL_set1_curves_list SSL_set1_groups_list | ||
1183 | #endif | ||
1184 | |||
1172 | #define SSL_CTX_add_extra_chain_cert(ctx,x509) \ | 1185 | #define SSL_CTX_add_extra_chain_cert(ctx,x509) \ |
1173 | SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) | 1186 | SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) |
1174 | #define SSL_CTX_get_extra_chain_certs(ctx,px509) \ | 1187 | #define SSL_CTX_get_extra_chain_certs(ctx,px509) \ |