diff options
| author | jsing <> | 2016-04-28 17:05:59 +0000 |
|---|---|---|
| committer | jsing <> | 2016-04-28 17:05:59 +0000 |
| commit | fc9e3dc14ffb94eed0f0165b2333d8e263e82106 (patch) | |
| tree | 046b15c71afb290bae07f4b238cfdc296f78ca6b /src/lib/libtls/tls_internal.h | |
| parent | 969e83487c1a522a380e5b1adf920edf92244e62 (diff) | |
| download | openbsd-fc9e3dc14ffb94eed0f0165b2333d8e263e82106.tar.gz openbsd-fc9e3dc14ffb94eed0f0165b2333d8e263e82106.tar.bz2 openbsd-fc9e3dc14ffb94eed0f0165b2333d8e263e82106.zip | |
Factor our the keypair handling in libtls. This results in more readable
and self-contained code, while preparing for the ability to handle
multiple keypairs. Also provide two additional functions that allow
a public certificate and private key to be set with a single function
call.
ok beck@
Diffstat (limited to 'src/lib/libtls/tls_internal.h')
| -rw-r--r-- | src/lib/libtls/tls_internal.h | 23 |
1 files changed, 15 insertions, 8 deletions
diff --git a/src/lib/libtls/tls_internal.h b/src/lib/libtls/tls_internal.h index 21bf2b4613..cb5d90f542 100644 --- a/src/lib/libtls/tls_internal.h +++ b/src/lib/libtls/tls_internal.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls_internal.h,v 1.27 2016/04/28 16:48:44 jsing Exp $ */ | 1 | /* $OpenBSD: tls_internal.h,v 1.28 2016/04/28 17:05:59 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org> | 3 | * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org> |
| 4 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 4 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
| @@ -39,6 +39,17 @@ struct tls_error { | |||
| 39 | int num; | 39 | int num; |
| 40 | }; | 40 | }; |
| 41 | 41 | ||
| 42 | struct tls_keypair { | ||
| 43 | struct tls_keypair *next; | ||
| 44 | |||
| 45 | const char *cert_file; | ||
| 46 | char *cert_mem; | ||
| 47 | size_t cert_len; | ||
| 48 | const char *key_file; | ||
| 49 | char *key_mem; | ||
| 50 | size_t key_len; | ||
| 51 | }; | ||
| 52 | |||
| 42 | struct tls_config { | 53 | struct tls_config { |
| 43 | struct tls_error error; | 54 | struct tls_error error; |
| 44 | 55 | ||
| @@ -46,16 +57,11 @@ struct tls_config { | |||
| 46 | const char *ca_path; | 57 | const char *ca_path; |
| 47 | char *ca_mem; | 58 | char *ca_mem; |
| 48 | size_t ca_len; | 59 | size_t ca_len; |
| 49 | const char *cert_file; | ||
| 50 | char *cert_mem; | ||
| 51 | size_t cert_len; | ||
| 52 | const char *ciphers; | 60 | const char *ciphers; |
| 53 | int ciphers_server; | 61 | int ciphers_server; |
| 54 | int dheparams; | 62 | int dheparams; |
| 55 | int ecdhecurve; | 63 | int ecdhecurve; |
| 56 | const char *key_file; | 64 | struct tls_keypair *keypair; |
| 57 | char *key_mem; | ||
| 58 | size_t key_len; | ||
| 59 | uint32_t protocols; | 65 | uint32_t protocols; |
| 60 | int verify_cert; | 66 | int verify_cert; |
| 61 | int verify_client; | 67 | int verify_client; |
| @@ -103,7 +109,8 @@ struct tls *tls_new(void); | |||
| 103 | struct tls *tls_server_conn(struct tls *ctx); | 109 | struct tls *tls_server_conn(struct tls *ctx); |
| 104 | 110 | ||
| 105 | int tls_check_name(struct tls *ctx, X509 *cert, const char *servername); | 111 | int tls_check_name(struct tls *ctx, X509 *cert, const char *servername); |
| 106 | int tls_configure_keypair(struct tls *ctx, int); | 112 | int tls_configure_keypair(struct tls *ctx, SSL_CTX *ssl_ctx, |
| 113 | struct tls_keypair *keypair, int required); | ||
| 107 | int tls_configure_server(struct tls *ctx); | 114 | int tls_configure_server(struct tls *ctx); |
| 108 | int tls_configure_ssl(struct tls *ctx); | 115 | int tls_configure_ssl(struct tls *ctx); |
| 109 | int tls_configure_ssl_verify(struct tls *ctx, int verify); | 116 | int tls_configure_ssl_verify(struct tls *ctx, int verify); |