421 static int tls_cryptoapi_ca_cert(SSL_CTX *ssl_ctx, SSL *ssl, const char *name)
467 		if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) {
779 void tls_deinit(void *ssl_ctx)
781 	SSL_CTX *ssl = ssl_ctx;
899 int tls_get_errors(void *ssl_ctx)
913 struct tls_connection * tls_connection_init(void *ssl_ctx)
915 	SSL_CTX *ssl = ssl_ctx;
963 void tls_connection_deinit(void *ssl_ctx, struct tls_connection *conn)
976 int tls_connection_established(void *ssl_ctx, struct tls_connection *conn)
982 int tls_connection_shutdown(void *ssl_ctx, struct tls_connection *conn)
1292 	SSL_CTX *ssl_ctx = _ssl_ctx;
1296 	lookup = X509_STORE_add_lookup(ssl_ctx->cert_store,
1339 	SSL_CTX *ssl_ctx = _ssl_ctx;
1345 	X509_STORE_free(ssl_ctx->cert_store);
1346 	ssl_ctx->cert_store = X509_STORE_new();
1347 	if (ssl_ctx->cert_store == NULL) {
1403 		if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) {
1441 				X509_STORE_add_cert(ssl_ctx->cert_store,
1445 				X509_STORE_add_crl(ssl_ctx->cert_store,
1456 	if (ca_cert && tls_cryptoapi_ca_cert(ssl_ctx, conn->ssl, ca_cert) ==
1466 		if (SSL_CTX_load_verify_locations(ssl_ctx, ca_cert, ca_path) !=
1471 			    tls_load_ca_der(ssl_ctx, ca_cert) == 0) {
1480 			tls_get_errors(ssl_ctx);
1497 static int tls_global_ca_cert(SSL_CTX *ssl_ctx, const char *ca_cert)
1500 		if (SSL_CTX_load_verify_locations(ssl_ctx, ca_cert, NULL) != 1)
1512 		SSL_CTX_set_client_CA_list(ssl_ctx,
1521 int tls_global_set_verify(void *ssl_ctx, int check_crl)
1526 		X509_STORE *cs = SSL_CTX_get_cert_store(ssl_ctx);
1566 int tls_connection_set_verify(void *ssl_ctx, struct tls_connection *conn,
1669 static int tls_global_client_cert(SSL_CTX *ssl_ctx, const char *client_cert)
1675 	if (SSL_CTX_use_certificate_file(ssl_ctx, client_cert,
1677 	    SSL_CTX_use_certificate_chain_file(ssl_ctx, client_cert) != 1 &&
1678 	    SSL_CTX_use_certificate_file(ssl_ctx, client_cert,
1705 static int tls_parse_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, PKCS12 *p12,
1734 			if (SSL_CTX_use_certificate(ssl_ctx, cert) != 1)
1746 			if (SSL_CTX_use_PrivateKey(ssl_ctx, pkey) != 1)
1762 			if (SSL_CTX_add_extra_chain_cert(ssl_ctx, cert) != 1) {
1773 		tls_get_errors(ssl_ctx);
1780 static int tls_read_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, const char *private_key,
1800 	return tls_parse_pkcs12(ssl_ctx, ssl, p12, passwd);
1810 static int tls_read_pkcs12_blob(SSL_CTX *ssl_ctx, SSL *ssl,
1823 	return tls_parse_pkcs12(ssl_ctx, ssl, p12, passwd);
1896 	SSL_CTX *ssl_ctx = _ssl_ctx;
1902 	X509_STORE_free(ssl_ctx->cert_store);
1903 	ssl_ctx->cert_store = X509_STORE_new();
1904 	if (ssl_ctx->cert_store == NULL) {
1910 	if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) {
1968 	SSL_CTX *ssl_ctx = _ssl_ctx;
1982 	SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb);
1983 	SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd);
2014 		if (tls_read_pkcs12_blob(ssl_ctx, conn->ssl, private_key_blob,
2067 		if (tls_read_pkcs12(ssl_ctx, conn->ssl, private_key, passwd)
2092 	SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL);
2106 static int tls_global_private_key(SSL_CTX *ssl_ctx, const char *private_key,
2121 	SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb);
2122 	SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd);
2125 	    SSL_CTX_use_PrivateKey_file(ssl_ctx, private_key,
2127 	    SSL_CTX_use_PrivateKey_file(ssl_ctx, private_key,
2130 	    tls_read_pkcs12(ssl_ctx, NULL, private_key, passwd)) {
2139 	SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL);
2141 	if (!SSL_CTX_check_private_key(ssl_ctx)) {
2225 static int tls_global_dh(SSL_CTX *ssl_ctx, const char *dh_file)
2240 	if (ssl_ctx == NULL)
2286 	if (SSL_CTX_set_tmp_dh(ssl_ctx, dh) != 1) {
2299 int tls_connection_get_keys(void *ssl_ctx, struct tls_connection *conn,
2475 tls_connection_handshake(void *ssl_ctx, struct tls_connection *conn,
2575 int tls_connection_resumed(void *ssl_ctx, struct tls_connection *conn)
2637 int tls_get_cipher(void *ssl_ctx, struct tls_connection *conn,
2653 int tls_connection_enable_workaround(void *ssl_ctx,
2666 int tls_connection_client_hello_ext(void *ssl_ctx, struct tls_connection *conn,
2688 int tls_connection_get_failed(void *ssl_ctx, struct tls_connection *conn)
2696 int tls_connection_get_read_alerts(void *ssl_ctx, struct tls_connection *conn)
2704 int tls_connection_get_write_alerts(void *ssl_ctx, struct tls_connection *conn)
2795 	SSL_CTX *ssl_ctx = tls_ctx;
2803 	if (tls_global_ca_cert(ssl_ctx, params->ca_cert))
2806 	if (tls_global_client_cert(ssl_ctx, params->client_cert))
2809 	if (tls_global_private_key(ssl_ctx, params->private_key,
2813 	if (tls_global_dh(ssl_ctx, params->dh_file)) {
2821 		SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TICKET);
2823 		SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TICKET);

Indexes created Thu Jun 20 12:38:36 MDT 2024