summaryrefslogtreecommitdiff
path: root/src/lib/libtls/tls_server.c
diff options
context:
space:
mode:
authorbeck <>2015-09-09 19:23:04 +0000
committerbeck <>2015-09-09 19:23:04 +0000
commitcc008b2d6bedfbbad46502f4d5ac035f96f3a623 (patch)
tree54b585991caa7fede927175ee5ff75d793342b8f /src/lib/libtls/tls_server.c
parent8e3f7ae09db7a69fa93309c91e8f6b29f5bf53db (diff)
downloadopenbsd-cc008b2d6bedfbbad46502f4d5ac035f96f3a623.tar.gz
openbsd-cc008b2d6bedfbbad46502f4d5ac035f96f3a623.tar.bz2
openbsd-cc008b2d6bedfbbad46502f4d5ac035f96f3a623.zip
Add client certificate support. Still needs a few tweaks but this will
ride upcoming minor bump ok jsing@
Diffstat (limited to '')
-rw-r--r--src/lib/libtls/tls_server.c11
1 files changed, 9 insertions, 2 deletions
diff --git a/src/lib/libtls/tls_server.c b/src/lib/libtls/tls_server.c
index 190682e630..6f8daa0aca 100644
--- a/src/lib/libtls/tls_server.c
+++ b/src/lib/libtls/tls_server.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls_server.c,v 1.11 2015/09/09 14:32:06 jsing Exp $ */ 1/* $OpenBSD: tls_server.c,v 1.12 2015/09/09 19:23:04 beck Exp $ */
2/* 2/*
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -60,8 +60,15 @@ tls_configure_server(struct tls *ctx)
60 60
61 if (tls_configure_ssl(ctx) != 0) 61 if (tls_configure_ssl(ctx) != 0)
62 goto err; 62 goto err;
63 if (tls_configure_keypair(ctx) != 0) 63 if (tls_configure_keypair(ctx, 1) != 0)
64 goto err; 64 goto err;
65 if (ctx->config->verify_client != 0) {
66 int verify = SSL_VERIFY_PEER;
67 if (ctx->config->verify_client == 1)
68 verify |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
69 if (tls_configure_ssl_verify(ctx, verify) == -1)
70 goto err;
71 }
65 72
66 if (ctx->config->dheparams == -1) 73 if (ctx->config->dheparams == -1)
67 SSL_CTX_set_dh_auto(ctx->ssl_ctx, 1); 74 SSL_CTX_set_dh_auto(ctx->ssl_ctx, 1);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-26 18:54:07 +0000