From 5b7f36e85792faaf0f9a4e3e7fddc90f15021da2 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 3 Jan 2014 23:13:40 +0000 Subject: [PATCH] Add ServerInfoFile to SSL_CONF, update docs. --- doc/ssl/SSL_CONF_cmd.pod | 5 +++++ ssl/ssl_conf.c | 14 ++++++++++++++ 2 files changed, 19 insertions(+) diff --git a/doc/ssl/SSL_CONF_cmd.pod b/doc/ssl/SSL_CONF_cmd.pod index c55f63128..ee3896b62 100644 --- a/doc/ssl/SSL_CONF_cmd.pod +++ b/doc/ssl/SSL_CONF_cmd.pod @@ -191,6 +191,11 @@ context. This option is only supported if certificate operations are permitted. Note: if no B<-key> option is set then a private key is not loaded: it does not currently use the B file. +=item B + +Attempts to use the file B in the "serverinfo" extension using the +function SSL_CTX_use_serverinfo_file. + =item B Attempts to use the file B as the set of temporary DH parameters for diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index fc6caa9b6..419400aa2 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -391,6 +391,19 @@ static int cmd_PrivateKey(SSL_CONF_CTX *cctx, const char *value) rv = SSL_use_PrivateKey_file(cctx->ssl, value, SSL_FILETYPE_PEM); return rv > 0; } + +static int cmd_ServerInfoFile(SSL_CONF_CTX *cctx, const char *value) + { + int rv = 1; + if (!(cctx->flags & SSL_CONF_FLAG_CERTIFICATE)) + return -2; + if (!(cctx->flags & SSL_CONF_FLAG_SERVER)) + return -2; + if (cctx->ctx) + rv = SSL_CTX_use_serverinfo_file(cctx->ctx, value); + return rv > 0; + } + #ifndef OPENSSL_NO_DH static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value) { @@ -452,6 +465,7 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = { SSL_CONF_CMD_STRING(Options, NULL), SSL_CONF_CMD(Certificate, "cert", SSL_CONF_TYPE_FILE), SSL_CONF_CMD(PrivateKey, "key", SSL_CONF_TYPE_FILE), + SSL_CONF_CMD(ServerInfoFile, NULL, SSL_CONF_TYPE_FILE), #ifndef OPENSSL_NO_DH SSL_CONF_CMD(DHParameters, "dhparam", SSL_CONF_TYPE_FILE) #endif