diff options
author | Ralf S. Engelschall <rse@openssl.org> | 1999-02-25 14:40:29 +0000 |
---|---|---|
committer | Ralf S. Engelschall <rse@openssl.org> | 1999-02-25 14:40:29 +0000 |
commit | 15d21c2df4335f1cea72472b8e71a76d9004d38e (patch) | |
tree | 72e857ad82f33e54d9d54613d759fc84308df142 /ssl/ssl.h | |
parent | ea14a91f64c1d277f6899c5e451202d5a4e42f6d (diff) |
Add a bunch of SSL_xxx() functions for configuring the temporary RSA and DH
private keys and/or callback functions which directly correspond to their
SSL_CTX_xxx() counterparts but work on a per-connection basis. This is needed
for applications which have to configure certificates on a per-connection
basis (e.g. Apache+mod_ssl) instead of a per-context basis (e.g.
s_server).
For the RSA certificate situation is makes no difference, but for the DSA
certificate situation this fixes the "no shared cipher" problem where the
OpenSSL cipher selection procedure failed because the temporary keys were not
overtaken from the context and the API provided no way to reconfigure them.
The new functions now let applications reconfigure the stuff and they are in
detail: SSL_need_tmp_RSA, SSL_set_tmp_rsa, SSL_set_tmp_dh,
SSL_set_tmp_rsa_callback and SSL_set_tmp_dh_callback. Additionally a new
non-public-API function ssl_cert_instantiate() is used as a helper function
and also to reduce code redundancy inside ssl_rsa.c.
Submitted by: Ralf S. Engelschall
Reviewed by: Ben Laurie
Diffstat (limited to 'ssl/ssl.h')
-rw-r--r-- | ssl/ssl.h | 18 |
1 files changed, 18 insertions, 0 deletions
@@ -784,6 +784,13 @@ struct ssl_st #define SSL_CTX_set_tmp_dh(ctx,dh) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh) +#define SSL_need_tmp_RSA(ssl) \ + SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL) +#define SSL_set_tmp_rsa(ssl,rsa) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) +#define SSL_set_tmp_dh(ssl,dh) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh) + #define SSL_CTX_add_extra_chain_cert(ctx,x509) \ SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) @@ -1029,6 +1036,12 @@ void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*dh)(SSL *ssl,int export,int keylength)); +void SSL_set_tmp_rsa_callback(SSL *ssl, + RSA *(*cb)(SSL *ssl,int export, + int keylength)); +void SSL_set_tmp_dh_callback(SSL *ssl, + DH *(*dh)(SSL *ssl,int export,int keylength)); + #ifdef HEADER_COMP_H int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm); #else @@ -1258,6 +1271,9 @@ int SSL_COMP_add_compression_method(); void SSL_CTX_set_tmp_rsa_callback(); void SSL_CTX_set_tmp_dh_callback(); +void SSL_set_tmp_rsa_callback(); +void SSL_set_tmp_dh_callback(); + /* #endif */ #endif @@ -1378,6 +1394,8 @@ void SSL_CTX_set_tmp_dh_callback(); #define SSL_F_TLS1_ENC 210 #define SSL_F_TLS1_SETUP_KEY_BLOCK 211 #define SSL_F_WRITE_PENDING 212 +#define SSL_F_SSL3_CTRL 213 +#define SSL_F_SSL_CERT_INSTANTIATE 214 /* Reason codes. */ #define SSL_R_APP_DATA_IN_HANDSHAKE 100 |