Allow to to load the CA chain directly from memory instead of

specifying a file. This enables CA verification in privsep'ed processes that are running chroot'ed without direct access to the certificate files. With feedback, tests, and OK from bluhm@
author: reyk <> 2015-01-22 09:16:24 +0000
committer: reyk <> 2015-01-22 09:16:24 +0000
commit: 138944aeef27fb00df60db6f46ef653726b4ca5a (patch)
tree: 0cd70582ac032f525e31a6921611469898b556c3 /src/lib/libtls/tls.h
parent: d0ef2b563d4291f81a8f9ed7cd02bdfbaa8cc5f4 (diff)
download: openbsd-138944aeef27fb00df60db6f46ef653726b4ca5a.tar.gz
openbsd-138944aeef27fb00df60db6f46ef653726b4ca5a.tar.bz2
openbsd-138944aeef27fb00df60db6f46ef653726b4ca5a.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/src/lib/libtls/tls.h b/src/lib/libtls/tls.h
index 21e1d74b35..8dcf125765 100644
--- a/src/lib/libtls/tls.h
+++ b/src/lib/libtls/tls.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls.h,v 1.2 2014/11/02 14:45:05 jsing Exp $ */
+/* $OpenBSD: tls.h,v 1.3 2015/01/22 09:16:24 reyk Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
@@ -42,6 +42,8 @@ void tls_config_free(struct tls_config *config);
 int tls_config_set_ca_file(struct tls_config *config, const char *ca_file);
 int tls_config_set_ca_path(struct tls_config *config, const char *ca_path);
+int tls_config_set_ca_mem(struct tls_config *config, const uint8_t *ca,
+    size_t len);
 int tls_config_set_cert_file(struct tls_config *config, const char *cert_file);
 int tls_config_set_cert_mem(struct tls_config *config, const uint8_t *cert,
    size_t len);
author	reyk <>	2015-01-22 09:16:24 +0000
committer	reyk <>	2015-01-22 09:16:24 +0000
commit	138944aeef27fb00df60db6f46ef653726b4ca5a (patch)
tree	0cd70582ac032f525e31a6921611469898b556c3 /src/lib/libtls/tls.h
parent	d0ef2b563d4291f81a8f9ed7cd02bdfbaa8cc5f4 (diff)
download	openbsd-138944aeef27fb00df60db6f46ef653726b4ca5a.tar.gz openbsd-138944aeef27fb00df60db6f46ef653726b4ca5a.tar.bz2 openbsd-138944aeef27fb00df60db6f46ef653726b4ca5a.zip