Security framework.
Security callback: selects which parameters are permitted including sensible defaults based on bits of security. The "parameters" which can be selected include: ciphersuites, curves, key sizes, certificate signature algorithms, supported signature algorithms, DH parameters, SSL/TLS version, session tickets and compression. In some cases prohibiting the use of a parameters will mean they are not advertised to the peer: for example cipher suites and ECC curves. In other cases it will abort the handshake: e.g DH parameters or the peer key size. Documentation to follow...
This commit is contained in:
Dr. Stephen Henson
@@ -68,11 +68,19 @@ static int ssl_set_cert(CERT *c, X509 *x509);
|
||||
static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
|
||||
int SSL_use_certificate(SSL *ssl, X509 *x)
|
||||
{
|
||||
int rv;
|
||||
if (x == NULL)
|
||||
{
|
||||
SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
|
||||
return(0);
|
||||
}
|
||||
rv = ssl_security_cert(ssl, NULL, x, 0, 1);
|
||||
if (rv != 1)
|
||||
{
|
||||
SSLerr(SSL_F_SSL_USE_CERTIFICATE, rv);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (!ssl_cert_inst(&ssl->cert))
|
||||
{
|
||||
SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
|
||||
@@ -393,11 +401,18 @@ int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len
|
||||
|
||||
int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
|
||||
{
|
||||
int rv;
|
||||
if (x == NULL)
|
||||
{
|
||||
SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
|
||||
return(0);
|
||||
}
|
||||
rv = ssl_security_cert(NULL, ctx, x, 0, 1);
|
||||
if (rv != 1)
|
||||
{
|
||||
SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, rv);
|
||||
return 0;
|
||||
}
|
||||
if (!ssl_cert_inst(&ctx->cert))
|
||||
{
|
||||
SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
|
||||
|
||||
Reference in New Issue
Block a user