From a554fd917ad5e5050665b441a614e66959938ede Mon Sep 17 00:00:00 2001
From: beck <>
Date: Sat, 5 Nov 2016 15:13:26 +0000
Subject: Add support for server side OCSP stapling to libtls. Add support for
 server side OCSP stapling to netcat.

---
 src/lib/libtls/tls_server.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'src/lib/libtls/tls_server.c')

diff --git a/src/lib/libtls/tls_server.c b/src/lib/libtls/tls_server.c
index e3b03e1301..a9a5902add 100644
--- a/src/lib/libtls/tls_server.c
+++ b/src/lib/libtls/tls_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_server.c,v 1.29 2016/11/04 19:01:29 jsing Exp $ */
+/* $OpenBSD: tls_server.c,v 1.30 2016/11/05 15:13:26 beck Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -48,6 +48,7 @@ tls_server_conn(struct tls *ctx)
 		return (NULL);
 
 	conn_ctx->flags |= TLS_SERVER_CONN;
+	conn_ctx->config = ctx->config;
 
 	return (conn_ctx);
 }
@@ -213,6 +214,11 @@ tls_configure_server_ssl(struct tls *ctx, SSL_CTX **ssl_ctx,
 	if (ctx->config->ciphers_server == 1)
 		SSL_CTX_set_options(*ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
 
+	if (SSL_CTX_set_tlsext_status_cb(ctx->ssl_ctx, tls_ocsp_stapling_cb) != 1) {
+		tls_set_errorx(ctx, "failed to add OCSP stapling callback");
+		goto err;
+	}
+
 	/*
 	 * Set session ID context to a random value.  We don't support
 	 * persistent caching of sessions so it is OK to set a temporary
-- 
cgit v1.2.3-55-g6feb