#include "ssl_locl.h"
#include <openssl/conf.h>
#include <openssl/objects.h>
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#endif
/* structure holding name tables. This is used for pemitted elements in
* lists such as TLSv1 and single command line switches such as no_tls1
SSL_FLAG_TBL("no_tls1", SSL_OP_NO_TLSv1),
SSL_FLAG_TBL("no_tls1_1", SSL_OP_NO_TLSv1_1),
SSL_FLAG_TBL("no_tls1_2", SSL_OP_NO_TLSv1_2),
- SSL_FLAG_TBL("no_tls1_2", SSL_OP_NO_TLSv1_2),
SSL_FLAG_TBL("bugs", SSL_OP_ALL),
SSL_FLAG_TBL("no_comp", SSL_OP_NO_COMPRESSION),
+ SSL_FLAG_TBL_SRV("ecdh_single", SSL_OP_SINGLE_ECDH_USE),
#ifndef OPENSSL_NO_TLSEXT
SSL_FLAG_TBL("no_ticket", SSL_OP_NO_TICKET),
#endif
return rv > 0;
}
+static int cmd_ServerInfoFile(SSL_CONF_CTX *cctx, const char *value)
+ {
+ int rv = 1;
+ if (!(cctx->flags & SSL_CONF_FLAG_CERTIFICATE))
+ return -2;
+ if (!(cctx->flags & SSL_CONF_FLAG_SERVER))
+ return -2;
+ if (cctx->ctx)
+ rv = SSL_CTX_use_serverinfo_file(cctx->ctx, value);
+ return rv > 0;
+ }
+
+#ifndef OPENSSL_NO_DH
+static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value)
+ {
+ int rv = 0;
+ DH *dh = NULL;
+ BIO *in = NULL;
+ if (!(cctx->flags & SSL_CONF_FLAG_CERTIFICATE))
+ return -2;
+ if (cctx->ctx || cctx->ssl)
+ {
+ in = BIO_new(BIO_s_file_internal());
+ if (!in)
+ goto end;
+ if (BIO_read_filename(in, value) <= 0)
+ goto end;
+ dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
+ if (!dh)
+ goto end;
+ }
+ else
+ return 1;
+ if (cctx->ctx)
+ rv = SSL_CTX_set_tmp_dh(cctx->ctx, dh);
+ if (cctx->ssl)
+ rv = SSL_set_tmp_dh(cctx->ssl, dh);
+ end:
+ if (dh)
+ DH_free(dh);
+ if (in)
+ BIO_free(in);
+ return rv > 0;
+ }
+#endif
typedef struct
{
int (*cmd)(SSL_CONF_CTX *cctx, const char *value);
#define SSL_CONF_CMD_STRING(name, cmdopt) \
SSL_CONF_CMD(name, cmdopt, SSL_CONF_TYPE_STRING)
-static ssl_conf_cmd_tbl ssl_conf_cmds[] = {
+static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {
SSL_CONF_CMD_STRING(SignatureAlgorithms, "sigalgs"),
SSL_CONF_CMD_STRING(ClientSignatureAlgorithms, "client_sigalgs"),
SSL_CONF_CMD_STRING(Curves, "curves"),
SSL_CONF_CMD_STRING(Protocol, NULL),
SSL_CONF_CMD_STRING(Options, NULL),
SSL_CONF_CMD(Certificate, "cert", SSL_CONF_TYPE_FILE),
- SSL_CONF_CMD(PrivateKey, "key", SSL_CONF_TYPE_FILE)
+ SSL_CONF_CMD(PrivateKey, "key", SSL_CONF_TYPE_FILE),
+ SSL_CONF_CMD(ServerInfoFile, NULL, SSL_CONF_TYPE_FILE),
+#ifndef OPENSSL_NO_DH
+ SSL_CONF_CMD(DHParameters, "dhparam", SSL_CONF_TYPE_FILE)
+#endif
};
static int ssl_conf_cmd_skip_prefix(SSL_CONF_CTX *cctx, const char **pcmd)
}
else if (cctx->flags & SSL_CONF_FLAG_CMDLINE)
{
- if (**pcmd != '-' || !*pcmd[1])
+ if (**pcmd != '-' || !(*pcmd)[1])
return 0;
*pcmd += 1;
}
return 1;
}
-static ssl_conf_cmd_tbl *ssl_conf_cmd_lookup(SSL_CONF_CTX *cctx, const char *cmd)
+static const ssl_conf_cmd_tbl *ssl_conf_cmd_lookup(SSL_CONF_CTX *cctx, const char *cmd)
{
- ssl_conf_cmd_tbl *t;
+ const ssl_conf_cmd_tbl *t;
size_t i;
if (cmd == NULL)
return NULL;
int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value)
{
- ssl_conf_cmd_tbl *runcmd;
+ const ssl_conf_cmd_tbl *runcmd;
if (cmd == NULL)
{
SSLerr(SSL_F_SSL_CONF_CMD, SSL_R_INVALID_NULL_CMD_NAME);
{
if (ssl_conf_cmd_skip_prefix(cctx, &cmd))
{
- ssl_conf_cmd_tbl *runcmd;
+ const ssl_conf_cmd_tbl *runcmd;
runcmd = ssl_conf_cmd_lookup(cctx, cmd);
if (runcmd)
return runcmd->value_type;