Add support for providing CRLs to libtls - once a CRL is provided we

enable CRL checking for the full certificate chain. Based on a diff from Jack Burton <jack at saosce dot com dot au>, thanks! Discussed with beck@
author: jsing <> 2017-07-06 17:12:22 +0000
committer: jsing <> 2017-07-06 17:12:22 +0000
commit: 40916534e3bc6be103b1cf19f2f976ccbed2b4ed (patch)
tree: b0d09612d5975b84d46270853c8da03a6d034575 /src/lib/libtls/tls_internal.h
parent: a21f0c405df345f9ac6e331f71f09db8e340ca31 (diff)
download: openbsd-40916534e3bc6be103b1cf19f2f976ccbed2b4ed.tar.gz
openbsd-40916534e3bc6be103b1cf19f2f976ccbed2b4ed.tar.bz2
openbsd-40916534e3bc6be103b1cf19f2f976ccbed2b4ed.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/src/lib/libtls/tls_internal.h b/src/lib/libtls/tls_internal.h
index c0c55216df..bed9d6e7f4 100644
--- a/src/lib/libtls/tls_internal.h
+++ b/src/lib/libtls/tls_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_internal.h,v 1.61 2017/06/22 18:03:57 jsing Exp $ */
+/* $OpenBSD: tls_internal.h,v 1.62 2017/07/06 17:12:22 jsing Exp $ */
 /*
 * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
@@ -84,6 +84,8 @@ struct tls_config {
        size_t ca_len;
        const char *ciphers;
        int ciphers_server;
+        char *crl_mem;
+        size_t crl_len;
        int dheparams;
        int ecdhecurve;
        struct tls_keypair *keypair;
author	jsing <>	2017-07-06 17:12:22 +0000
committer	jsing <>	2017-07-06 17:12:22 +0000
commit	40916534e3bc6be103b1cf19f2f976ccbed2b4ed (patch)
tree	b0d09612d5975b84d46270853c8da03a6d034575 /src/lib/libtls/tls_internal.h
parent	a21f0c405df345f9ac6e331f71f09db8e340ca31 (diff)
download	openbsd-40916534e3bc6be103b1cf19f2f976ccbed2b4ed.tar.gz openbsd-40916534e3bc6be103b1cf19f2f976ccbed2b4ed.tar.bz2 openbsd-40916534e3bc6be103b1cf19f2f976ccbed2b4ed.zip