diff options
| author | beck <> | 2017-01-29 17:52:11 +0000 |
|---|---|---|
| committer | beck <> | 2017-01-29 17:52:11 +0000 |
| commit | a2ee48f27a063262b94d5f6eb321659dc22d4146 (patch) | |
| tree | 87cead16195a1077918bc769c77b847b69cfdf34 /src/lib/libtls/tls_internal.h | |
| parent | 957b11334a7afb14537322f0e4795b2e368b3f59 (diff) | |
| download | openbsd-a2ee48f27a063262b94d5f6eb321659dc22d4146.tar.gz openbsd-a2ee48f27a063262b94d5f6eb321659dc22d4146.tar.bz2 openbsd-a2ee48f27a063262b94d5f6eb321659dc22d4146.zip | |
Move the ocsp staple to being part of the keypair structure internally,
so that it does not send back bogus staples when SNI is in use.
(Further change is required to be able to use staples on all keypairs
and not just the main one)
ok jsing@
Diffstat (limited to 'src/lib/libtls/tls_internal.h')
| -rw-r--r-- | src/lib/libtls/tls_internal.h | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/lib/libtls/tls_internal.h b/src/lib/libtls/tls_internal.h index 37737c3499..fbb139c84a 100644 --- a/src/lib/libtls/tls_internal.h +++ b/src/lib/libtls/tls_internal.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls_internal.h,v 1.52 2017/01/26 12:56:37 jsing Exp $ */ | 1 | /* $OpenBSD: tls_internal.h,v 1.53 2017/01/29 17:52:11 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org> | 3 | * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org> |
| 4 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 4 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
| @@ -51,6 +51,8 @@ struct tls_keypair { | |||
| 51 | size_t cert_len; | 51 | size_t cert_len; |
| 52 | char *key_mem; | 52 | char *key_mem; |
| 53 | size_t key_len; | 53 | size_t key_len; |
| 54 | char *ocsp_staple; | ||
| 55 | size_t ocsp_staple_len; | ||
| 54 | }; | 56 | }; |
| 55 | 57 | ||
| 56 | #define TLS_MIN_SESSION_TIMEOUT (4) | 58 | #define TLS_MIN_SESSION_TIMEOUT (4) |
| @@ -83,8 +85,6 @@ struct tls_config { | |||
| 83 | int ecdhecurve; | 85 | int ecdhecurve; |
| 84 | struct tls_keypair *keypair; | 86 | struct tls_keypair *keypair; |
| 85 | int ocsp_require_stapling; | 87 | int ocsp_require_stapling; |
| 86 | char *ocsp_staple; | ||
| 87 | size_t ocsp_staple_len; | ||
| 88 | uint32_t protocols; | 88 | uint32_t protocols; |
| 89 | unsigned char session_id[TLS_MAX_SESSION_ID_LENGTH]; | 89 | unsigned char session_id[TLS_MAX_SESSION_ID_LENGTH]; |
| 90 | int session_lifetime; | 90 | int session_lifetime; |