summaryrefslogtreecommitdiff
path: root/src/lib/libtls/tls_internal.h
diff options
context:
space:
mode:
authoreric <>2021-01-21 19:09:10 +0000
committereric <>2021-01-21 19:09:10 +0000
commitb6080b52f179de6a4d935e9b00d1daefb76f3f83 (patch)
treecef0da52413de065f06dfb4111338c722b5d63c9 /src/lib/libtls/tls_internal.h
parent56cb8632a04478fa825a640e148efb0caaea8105 (diff)
downloadopenbsd-b6080b52f179de6a4d935e9b00d1daefb76f3f83.tar.gz
openbsd-b6080b52f179de6a4d935e9b00d1daefb76f3f83.tar.bz2
openbsd-b6080b52f179de6a4d935e9b00d1daefb76f3f83.zip
Allow setting a keypair on a tls context without specifying the private
key, and fake it internally with the certificate public key instead. It makes it easier for privsep engines like relayd that don't have to use bogus keys anymore. ok beck@ tb@ jsing@
Diffstat (limited to 'src/lib/libtls/tls_internal.h')
-rw-r--r--src/lib/libtls/tls_internal.h4
1 files changed, 3 insertions, 1 deletions
diff --git a/src/lib/libtls/tls_internal.h b/src/lib/libtls/tls_internal.h
index 1dd5f45ddd..5487b123ec 100644
--- a/src/lib/libtls/tls_internal.h
+++ b/src/lib/libtls/tls_internal.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls_internal.h,v 1.77 2019/11/16 21:39:52 beck Exp $ */ 1/* $OpenBSD: tls_internal.h,v 1.78 2021/01/21 19:09:10 eric Exp $ */
2/* 2/*
3 * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org> 3 * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
4 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> 4 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
@@ -111,6 +111,7 @@ struct tls_config {
111 int verify_name; 111 int verify_name;
112 int verify_time; 112 int verify_time;
113 int skip_private_key_check; 113 int skip_private_key_check;
114 int use_fake_private_key;
114}; 115};
115 116
116struct tls_conninfo { 117struct tls_conninfo {
@@ -294,5 +295,6 @@ __END_HIDDEN_DECLS
294 295
295/* XXX this function is not fully hidden so relayd can use it */ 296/* XXX this function is not fully hidden so relayd can use it */
296void tls_config_skip_private_key_check(struct tls_config *config); 297void tls_config_skip_private_key_check(struct tls_config *config);
298void tls_config_use_fake_private_key(struct tls_config *config);
297 299
298#endif /* HEADER_TLS_INTERNAL_H */ 300#endif /* HEADER_TLS_INTERNAL_H */
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-16 16:55:15 +0000