Add ServerInfoFile to SSL_CONF, update docs.

diff --git a/doc/ssl/SSL_CONF_cmd.pod b/doc/ssl/SSL_CONF_cmd.pod
index c55f63128be9ff0be62c7bc3423e980c9ce9bbe3..ee3896b62cf4aeff7b80292fcd4490cb2c7db7d6 100644 (file)
--- a/doc/ssl/SSL_CONF_cmd.pod
+++ b/doc/ssl/SSL_CONF_cmd.pod
@@ -191,6 +191,11 @@ context. This option is only supported if certificate operations
 are permitted. Note: if no B<-key> option is set then a private key is
 not loaded: it does not currently use the B<Certificate> file.
 
+=item B<ServerInfoFile>
+
+Attempts to use the file B<value> in the "serverinfo" extension using the
+function SSL_CTX_use_serverinfo_file.
+
 =item B<DHParameters>
 
 Attempts to use the file B<value> as the set of temporary DH parameters for

diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index fc6caa9b6ca628875fb6368d052f13937e01045f..419400aa2408f6757784f3301c92105955600287 100644 (file)
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -391,6 +391,19 @@ static int cmd_PrivateKey(SSL_CONF_CTX *cctx, const char *value)
                rv = SSL_use_PrivateKey_file(cctx->ssl, value, SSL_FILETYPE_PEM);
        return rv > 0;
        }
+
+static int cmd_ServerInfoFile(SSL_CONF_CTX *cctx, const char *value)
+       {
+       int rv = 1;
+       if (!(cctx->flags & SSL_CONF_FLAG_CERTIFICATE))
+               return -2;
+       if (!(cctx->flags & SSL_CONF_FLAG_SERVER))
+               return -2;
+       if (cctx->ctx)
+               rv = SSL_CTX_use_serverinfo_file(cctx->ctx, value);
+       return rv > 0;
+       }
+
 #ifndef OPENSSL_NO_DH
 static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value)
        {
@@ -452,6 +465,7 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {
        SSL_CONF_CMD_STRING(Options, NULL),
        SSL_CONF_CMD(Certificate, "cert", SSL_CONF_TYPE_FILE),
        SSL_CONF_CMD(PrivateKey, "key", SSL_CONF_TYPE_FILE),
+       SSL_CONF_CMD(ServerInfoFile, NULL, SSL_CONF_TYPE_FILE),
 #ifndef OPENSSL_NO_DH
        SSL_CONF_CMD(DHParameters, "dhparam", SSL_CONF_TYPE_FILE)
 #endif