X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=apps%2Fapps.h;h=d9eb650eb21197a10696d5320c2c2e3016514635;hp=272b967d18a08556f0ef0972e4d2099355095c8f;hb=eae1c647dfc9c39db52f7c4a61faa09e6cbea92a;hpb=39556e63ef6c079d144b07d7f492152abf9efe77 diff --git a/apps/apps.h b/apps/apps.h index 272b967d18..d9eb650eb2 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -14,6 +14,12 @@ # include "internal/nelem.h" # include +# include +# ifndef OPENSSL_NO_POSIX_IO +# include +# include +# endif + # include # include # include @@ -55,6 +61,12 @@ BIO_METHOD *apps_bf_prefix(void); * remains unlikely for the foreseeable future and beyond. */ #define PREFIX_CTRL_SET_PREFIX (1 << 15) +/* + * apps_bf_prefix() returns a dynamically created BIO_METHOD, which we + * need to destroy at some point. When created internally, it's stored + * in an internal pointer which can be freed with the following function + */ +void destroy_prefix_method(void); BIO *dup_bio_in(int format); BIO *dup_bio_out(int format); @@ -217,8 +229,9 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate, OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_ALLOW_NO_DHE_KEX, \ OPT_S_PRIORITIZE_CHACHA, \ OPT_S_STRICT, OPT_S_SIGALGS, OPT_S_CLIENTSIGALGS, OPT_S_GROUPS, \ - OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, \ + OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, OPT_S_CIPHERSUITES, \ OPT_S_RECORD_PADDING, OPT_S_DEBUGBROKE, OPT_S_COMP, \ + OPT_S_MINPROTO, OPT_S_MAXPROTO, \ OPT_S_NO_RENEGOTIATION, OPT_S_NO_MIDDLEBOX, OPT_S__LAST # define OPT_S_OPTIONS \ @@ -260,13 +273,16 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate, "Groups to advertise (colon-separated list)" }, \ {"named_curve", OPT_S_NAMEDCURVE, 's', \ "Elliptic curve used for ECDHE (server-side only)" }, \ - {"cipher", OPT_S_CIPHER, 's', "Specify cipher list to be used"}, \ + {"cipher", OPT_S_CIPHER, 's', "Specify TLSv1.2 and below cipher list to be used"}, \ + {"ciphersuites", OPT_S_CIPHERSUITES, 's', "Specify TLSv1.3 ciphersuites to be used"}, \ + {"min_protocol", OPT_S_MINPROTO, 's', "Specify the minimum protocol version to be used"}, \ + {"max_protocol", OPT_S_MAXPROTO, 's', "Specify the maximum protocol version to be used"}, \ {"record_padding", OPT_S_RECORD_PADDING, 's', \ "Block size to pad TLS 1.3 records to."}, \ {"debug_broken_protocol", OPT_S_DEBUGBROKE, '-', \ "Perform all sorts of protocol violations for testing purposes"}, \ - {"no_middlebox", OPT_S_NO_MIDDLEBOX, '-', "Disable TLSv1.3 middlebox compat mode" } - + {"no_middlebox", OPT_S_NO_MIDDLEBOX, '-', \ + "Disable TLSv1.3 middlebox compat mode" } # define OPT_S_CASES \ OPT_S__FIRST: case OPT_S__LAST: break; \ @@ -293,8 +309,11 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate, case OPT_S_CURVES: \ case OPT_S_NAMEDCURVE: \ case OPT_S_CIPHER: \ + case OPT_S_CIPHERSUITES: \ case OPT_S_RECORD_PADDING: \ case OPT_S_NO_RENEGOTIATION: \ + case OPT_S_MINPROTO: \ + case OPT_S_MAXPROTO: \ case OPT_S_DEBUGBROKE: \ case OPT_S_NO_MIDDLEBOX @@ -350,7 +369,7 @@ typedef struct string_int_pair_st { # define OPT_FMT_SMIME (1L << 3) # define OPT_FMT_ENGINE (1L << 4) # define OPT_FMT_MSBLOB (1L << 5) -# define OPT_FMT_NETSCAPE (1L << 6) +/* (1L << 6) was OPT_FMT_NETSCAPE, but wasn't used */ # define OPT_FMT_NSS (1L << 7) # define OPT_FMT_TEXT (1L << 8) # define OPT_FMT_HTTP (1L << 9) @@ -359,8 +378,8 @@ typedef struct string_int_pair_st { # define OPT_FMT_PDS (OPT_FMT_PEMDER | OPT_FMT_SMIME) # define OPT_FMT_ANY ( \ OPT_FMT_PEMDER | OPT_FMT_PKCS12 | OPT_FMT_SMIME | \ - OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NETSCAPE | \ - OPT_FMT_NSS | OPT_FMT_TEXT | OPT_FMT_HTTP | OPT_FMT_PVK) + OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NSS | \ + OPT_FMT_TEXT | OPT_FMT_HTTP | OPT_FMT_PVK) char *opt_progname(const char *argv0); char *opt_getprog(void); @@ -503,6 +522,10 @@ typedef struct db_attr_st { typedef struct ca_db_st { DB_ATTR attributes; TXT_DB *db; + char *dbfname; +# ifndef OPENSSL_NO_POSIX_IO + struct stat dbst; +# endif } CA_DB; void* app_malloc(int sz, const char *what);