summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl.h
diff options
context:
space:
mode:
authorjsing <>2017-01-24 09:03:21 +0000
committerjsing <>2017-01-24 09:03:21 +0000
commit71cc331549d24c7e6a825b6aa26d8c8064dfe01a (patch)
treeb493d9d91e40b334aae5a2cbf99981f9d4916d09 /src/lib/libssl/ssl.h
parent17a2441804c81d4524f94ae1c3fe8adbec4a0236 (diff)
downloadopenbsd-71cc331549d24c7e6a825b6aa26d8c8064dfe01a.tar.gz
openbsd-71cc331549d24c7e6a825b6aa26d8c8064dfe01a.tar.bz2
openbsd-71cc331549d24c7e6a825b6aa26d8c8064dfe01a.zip
Add support for setting the supported EC curves via
SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous SSL{_CTX}_set1_curves{_list} names. This also changes the default list of EC curves to be X25519, P-256 and P-384. If you want others (such a brainpool) you need to configure this yourself. Inspired by parts of BoringSSL and OpenSSL. ok beck@
Diffstat (limited to 'src/lib/libssl/ssl.h')
-rw-r--r--src/lib/libssl/ssl.h15
1 files changed, 14 insertions, 1 deletions
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 80e7558a2a..cf75130faf 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl.h,v 1.121 2017/01/24 02:56:17 jsing Exp $ */ 1/* $OpenBSD: ssl.h,v 1.122 2017/01/24 09:03:21 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1169,6 +1169,19 @@ int PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x);
1169#define SSL_set_ecdh_auto(s, onoff) \ 1169#define SSL_set_ecdh_auto(s, onoff) \
1170 SSL_ctrl(s,SSL_CTRL_SET_ECDH_AUTO,onoff,NULL) 1170 SSL_ctrl(s,SSL_CTRL_SET_ECDH_AUTO,onoff,NULL)
1171 1171
1172int SSL_CTX_set1_groups(SSL_CTX *ctx, const int *groups, size_t groups_len);
1173int SSL_CTX_set1_groups_list(SSL_CTX *ctx, const char *groups);
1174
1175int SSL_set1_groups(SSL *ssl, const int *groups, size_t groups_len);
1176int SSL_set1_groups_list(SSL *ssl, const char *groups);
1177
1178#ifndef LIBRESSL_INTERNAL
1179#define SSL_CTX_set1_curves SSL_CTX_set1_groups
1180#define SSL_CTX_set1_curves_list SSL_CTX_set1_groups_list
1181#define SSL_set1_curves SSL_set1_groups
1182#define SSL_set1_curves_list SSL_set1_groups_list
1183#endif
1184
1172#define SSL_CTX_add_extra_chain_cert(ctx,x509) \ 1185#define SSL_CTX_add_extra_chain_cert(ctx,x509) \
1173 SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) 1186 SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
1174#define SSL_CTX_get_extra_chain_certs(ctx,px509) \ 1187#define SSL_CTX_get_extra_chain_certs(ctx,px509) \