+#define SSL_CONF_CMD(name, cmdopt, flags, type) \
+ {cmd_##name, #name, cmdopt, flags, type}
+
+#define SSL_CONF_CMD_STRING(name, cmdopt, flags) \
+ SSL_CONF_CMD(name, cmdopt, flags, SSL_CONF_TYPE_STRING)
+
+#define SSL_CONF_CMD_SWITCH(name, flags) \
+ {0, NULL, name, flags, SSL_CONF_TYPE_NONE}
+
+/* See apps/apps.h if you change this table. */
+static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {
+ SSL_CONF_CMD_SWITCH("no_ssl3", 0),
+ SSL_CONF_CMD_SWITCH("no_tls1", 0),
+ SSL_CONF_CMD_SWITCH("no_tls1_1", 0),
+ SSL_CONF_CMD_SWITCH("no_tls1_2", 0),
+ SSL_CONF_CMD_SWITCH("bugs", 0),
+ SSL_CONF_CMD_SWITCH("no_comp", 0),
+ SSL_CONF_CMD_SWITCH("comp", 0),
+ SSL_CONF_CMD_SWITCH("ecdh_single", SSL_CONF_FLAG_SERVER),
+ SSL_CONF_CMD_SWITCH("no_ticket", 0),
+ SSL_CONF_CMD_SWITCH("serverpref", SSL_CONF_FLAG_SERVER),
+ SSL_CONF_CMD_SWITCH("legacy_renegotiation", 0),
+ SSL_CONF_CMD_SWITCH("legacy_server_connect", SSL_CONF_FLAG_SERVER),
+ SSL_CONF_CMD_SWITCH("no_resumption_on_reneg", SSL_CONF_FLAG_SERVER),
+ SSL_CONF_CMD_SWITCH("no_legacy_server_connect", SSL_CONF_FLAG_SERVER),
+ SSL_CONF_CMD_SWITCH("strict", 0),
+ SSL_CONF_CMD_STRING(SignatureAlgorithms, "sigalgs", 0),
+ SSL_CONF_CMD_STRING(ClientSignatureAlgorithms, "client_sigalgs", 0),
+ SSL_CONF_CMD_STRING(Curves, "curves", 0),
+#ifndef OPENSSL_NO_EC
+ SSL_CONF_CMD_STRING(ECDHParameters, "named_curve", SSL_CONF_FLAG_SERVER),
+#endif
+ SSL_CONF_CMD_STRING(CipherString, "cipher", 0),
+ SSL_CONF_CMD_STRING(Protocol, NULL, 0),
+ SSL_CONF_CMD_STRING(MinProtocol, "min_protocol", SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CLIENT),
+ SSL_CONF_CMD_STRING(MaxProtocol, "max_protocol", SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CLIENT),
+ SSL_CONF_CMD_STRING(Options, NULL, 0),
+ SSL_CONF_CMD_STRING(VerifyMode, NULL, 0),
+ SSL_CONF_CMD(Certificate, "cert", SSL_CONF_FLAG_CERTIFICATE,
+ SSL_CONF_TYPE_FILE),
+ SSL_CONF_CMD(PrivateKey, "key", SSL_CONF_FLAG_CERTIFICATE,
+ SSL_CONF_TYPE_FILE),
+ SSL_CONF_CMD(ServerInfoFile, NULL,
+ SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE,
+ SSL_CONF_TYPE_FILE),
+ SSL_CONF_CMD(ChainCAPath, "chainCApath", SSL_CONF_FLAG_CERTIFICATE,
+ SSL_CONF_TYPE_DIR),
+ SSL_CONF_CMD(ChainCAFile, "chainCAfile", SSL_CONF_FLAG_CERTIFICATE,
+ SSL_CONF_TYPE_FILE),
+ SSL_CONF_CMD(VerifyCAPath, "verifyCApath", SSL_CONF_FLAG_CERTIFICATE,
+ SSL_CONF_TYPE_DIR),
+ SSL_CONF_CMD(VerifyCAFile, "verifyCAfile", SSL_CONF_FLAG_CERTIFICATE,
+ SSL_CONF_TYPE_FILE),
+ SSL_CONF_CMD(ClientCAFile, NULL,
+ SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE,
+ SSL_CONF_TYPE_FILE),
+ SSL_CONF_CMD(ClientCAPath, NULL,
+ SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE,
+ SSL_CONF_TYPE_DIR),
+#ifndef OPENSSL_NO_DH
+ SSL_CONF_CMD(DHParameters, "dhparam",
+ SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE,
+ SSL_CONF_TYPE_FILE)