check EC tmp key matches preferences

[openssl.git] / ssl / ssl_locl.h

diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index e64228fbacfa9c92cb05f1ed7f69a56610aec515..8b0ea0ee71674be385e8cb5be0baa37bc654ff67 100644 (file)
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -583,6 +583,12 @@ typedef struct cert_st
        int (*cert_cb)(SSL *ssl, void *arg);
        void *cert_cb_arg;
 
+       /* Optional X509_STORE for chain building or certificate validation
+        * If NULL the parent SSL_CTX store is used instead.
+        */
+       X509_STORE *chain_store;
+       X509_STORE *verify_store;
+
        int references; /* >1 only if SSL_copy_session_id is used */
        } CERT;
 
@@ -925,6 +931,8 @@ void ssl_cert_set_cert_cb(CERT *c, int (*cb)(SSL *ssl, void *arg), void *arg);
 
 int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk);
 int ssl_add_cert_chain(SSL *s, CERT_PKEY *cpk, unsigned long *l);
+int ssl_build_cert_chain(CERT *c, X509_STORE *chain_store, int flags);
+int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref);
 int ssl_undefined_function(SSL *s);
 int ssl_undefined_void_function(void);
 int ssl_undefined_const_function(const SSL *s);
@@ -1178,6 +1186,7 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
 #ifndef OPENSSL_NO_EC
 int tls1_ec_curve_id2nid(int curve_id);
 int tls1_ec_nid2curve_id(int nid);
+int tls1_check_curve(SSL *s, const unsigned char *p, size_t len);
 int tls1_shared_curve(SSL *s, int nmatch);
 int tls1_set_curves(unsigned char **pext, size_t *pextlen,
                        int *curves, size_t ncurves);