+ SSL_CONF_CMD_STRING(CipherString, "cipher", 0),
+ SSL_CONF_CMD_STRING(Ciphersuites, "ciphersuites", 0),
+ SSL_CONF_CMD_STRING(Protocol, NULL, 0),
+ SSL_CONF_CMD_STRING(MinProtocol, "min_protocol", 0),
+ SSL_CONF_CMD_STRING(MaxProtocol, "max_protocol", 0),
+ SSL_CONF_CMD_STRING(Options, NULL, 0),
+ SSL_CONF_CMD_STRING(VerifyMode, NULL, 0),
+ SSL_CONF_CMD(Certificate, "cert", SSL_CONF_FLAG_CERTIFICATE,
+ SSL_CONF_TYPE_FILE),
+ SSL_CONF_CMD(PrivateKey, "key", SSL_CONF_FLAG_CERTIFICATE,
+ SSL_CONF_TYPE_FILE),
+ SSL_CONF_CMD(ServerInfoFile, NULL,
+ SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE,
+ SSL_CONF_TYPE_FILE),
+ SSL_CONF_CMD(ChainCAPath, "chainCApath", SSL_CONF_FLAG_CERTIFICATE,
+ SSL_CONF_TYPE_DIR),
+ SSL_CONF_CMD(ChainCAFile, "chainCAfile", SSL_CONF_FLAG_CERTIFICATE,
+ SSL_CONF_TYPE_FILE),
+ SSL_CONF_CMD(VerifyCAPath, "verifyCApath", SSL_CONF_FLAG_CERTIFICATE,
+ SSL_CONF_TYPE_DIR),
+ SSL_CONF_CMD(VerifyCAFile, "verifyCAfile", SSL_CONF_FLAG_CERTIFICATE,
+ SSL_CONF_TYPE_FILE),
+ SSL_CONF_CMD(RequestCAFile, "requestCAFile", SSL_CONF_FLAG_CERTIFICATE,
+ SSL_CONF_TYPE_FILE),
+ SSL_CONF_CMD(ClientCAFile, NULL,
+ SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE,
+ SSL_CONF_TYPE_FILE),
+ SSL_CONF_CMD(RequestCAPath, NULL, SSL_CONF_FLAG_CERTIFICATE,
+ SSL_CONF_TYPE_DIR),
+ SSL_CONF_CMD(ClientCAPath, NULL,
+ SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE,
+ SSL_CONF_TYPE_DIR),
+#ifndef OPENSSL_NO_DH
+ SSL_CONF_CMD(DHParameters, "dhparam",
+ SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE,
+ SSL_CONF_TYPE_FILE),
+#endif
+ SSL_CONF_CMD_STRING(RecordPadding, "record_padding", 0),
+ SSL_CONF_CMD_STRING(NumTickets, "num_tickets", SSL_CONF_FLAG_SERVER),
+};
+
+/* Supported switches: must match order of switches in ssl_conf_cmds */
+static const ssl_switch_tbl ssl_cmd_switches[] = {
+ {SSL_OP_NO_SSLv3, 0}, /* no_ssl3 */
+ {SSL_OP_NO_TLSv1, 0}, /* no_tls1 */
+ {SSL_OP_NO_TLSv1_1, 0}, /* no_tls1_1 */
+ {SSL_OP_NO_TLSv1_2, 0}, /* no_tls1_2 */
+ {SSL_OP_NO_TLSv1_3, 0}, /* no_tls1_3 */
+ {SSL_OP_ALL, 0}, /* bugs */
+ {SSL_OP_NO_COMPRESSION, 0}, /* no_comp */
+ {SSL_OP_NO_COMPRESSION, SSL_TFLAG_INV}, /* comp */
+ {SSL_OP_SINGLE_ECDH_USE, 0}, /* ecdh_single */
+ {SSL_OP_NO_TICKET, 0}, /* no_ticket */
+ {SSL_OP_CIPHER_SERVER_PREFERENCE, 0}, /* serverpref */
+ /* legacy_renegotiation */
+ {SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, 0},
+ /* legacy_server_connect */
+ {SSL_OP_LEGACY_SERVER_CONNECT, 0},
+ /* no_renegotiation */
+ {SSL_OP_NO_RENEGOTIATION, 0},
+ /* no_resumption_on_reneg */
+ {SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION, 0},
+ /* no_legacy_server_connect */
+ {SSL_OP_LEGACY_SERVER_CONNECT, SSL_TFLAG_INV},
+ /* allow_no_dhe_kex */
+ {SSL_OP_ALLOW_NO_DHE_KEX, 0},
+ /* chacha reprioritization */
+ {SSL_OP_PRIORITIZE_CHACHA, 0},
+ {SSL_CERT_FLAG_TLS_STRICT, SSL_TFLAG_CERT}, /* strict */
+ /* no_middlebox */
+ {SSL_OP_ENABLE_MIDDLEBOX_COMPAT, SSL_TFLAG_INV},
+ /* anti_replay */
+ {SSL_OP_NO_ANTI_REPLAY, SSL_TFLAG_INV},
+ /* no_anti_replay */
+ {SSL_OP_NO_ANTI_REPLAY, 0},