diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2013-12-15 13:32:24 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2014-03-28 14:56:30 +0000 |
commit | b362ccab5c1d52086f19d29a32f4acc11073b86b (patch) | |
tree | a6a2de4f90c8ce9272164ad448ac78cf95371909 /ssl/ssl_rsa.c | |
parent | 66f96fe2d519147097c118d4bf60704c69ed0635 (diff) |
Security framework.
Security callback: selects which parameters are permitted including
sensible defaults based on bits of security.
The "parameters" which can be selected include: ciphersuites,
curves, key sizes, certificate signature algorithms, supported
signature algorithms, DH parameters, SSL/TLS version, session tickets
and compression.
In some cases prohibiting the use of a parameters will mean they are
not advertised to the peer: for example cipher suites and ECC curves.
In other cases it will abort the handshake: e.g DH parameters or the
peer key size.
Documentation to follow...
Diffstat (limited to 'ssl/ssl_rsa.c')
-rw-r--r-- | ssl/ssl_rsa.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index 49bd03596a..7c02878abb 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -68,11 +68,19 @@ static int ssl_set_cert(CERT *c, X509 *x509); static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey); int SSL_use_certificate(SSL *ssl, X509 *x) { + int rv; if (x == NULL) { SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER); return(0); } + rv = ssl_security_cert(ssl, NULL, x, 0, 1); + if (rv != 1) + { + SSLerr(SSL_F_SSL_USE_CERTIFICATE, rv); + return 0; + } + if (!ssl_cert_inst(&ssl->cert)) { SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE); @@ -393,11 +401,18 @@ int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) { + int rv; if (x == NULL) { SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER); return(0); } + rv = ssl_security_cert(NULL, ctx, x, 0, 1); + if (rv != 1) + { + SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, rv); + return 0; + } if (!ssl_cert_inst(&ctx->cert)) { SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE); |