235 	SSL_CTX *ssl_ctx;
654 static int tls_cryptoapi_ca_cert(SSL_CTX *ssl_ctx, SSL *ssl, const char *name)
701 		if (!X509_STORE_add_cert(SSL_CTX_get_cert_store(ssl_ctx),
1112 void tls_deinit(void *ssl_ctx)
1114 	struct tls_data *data = ssl_ctx;
1308 int tls_get_errors(void *ssl_ctx)
1530 struct tls_connection * tls_connection_init(void *ssl_ctx)
1532 	struct tls_data *data = ssl_ctx;
1562 	conn->ssl_ctx = ssl;
1612 void tls_connection_deinit(void *ssl_ctx, struct tls_connection *conn)
1636 int tls_connection_established(void *ssl_ctx, struct tls_connection *conn)
1667 int tls_connection_shutdown(void *ssl_ctx, struct tls_connection *conn)
2520 		res = check_ocsp_resp(conn->ssl_ctx, conn->ssl, err_cert,
2552 	SSL_CTX *ssl_ctx = data->ssl;
2556 	lookup = X509_STORE_add_lookup(SSL_CTX_get_cert_store(ssl_ctx),
2587 	SSL_CTX *ssl_ctx = data->ssl;
2600 	SSL_CTX_set_cert_store(ssl_ctx, store);
2667 		if (!X509_STORE_add_cert(SSL_CTX_get_cert_store(ssl_ctx),
2693 		if (tls_add_ca_from_keystore(SSL_CTX_get_cert_store(ssl_ctx),
2713 				    SSL_CTX_get_cert_store(ssl_ctx), alias)) {
2731 	if (ca_cert && tls_cryptoapi_ca_cert(ssl_ctx, conn->ssl, ca_cert) ==
2741 		if (SSL_CTX_load_verify_locations(ssl_ctx, ca_cert, ca_path) !=
2774 	SSL_CTX *ssl_ctx = data->ssl;
2777 		if (SSL_CTX_load_verify_locations(ssl_ctx, ca_cert, NULL) != 1)
2789 		SSL_CTX_set_client_CA_list(ssl_ctx,
2801 int tls_global_set_verify(void *ssl_ctx, int check_crl, int strict)
2806 		struct tls_data *data = ssl_ctx;
2981 	SSL_CTX_set_verify_algorithm_prefs(conn->ssl_ctx, NULL, 0);
3035 		if (SSL_CTX_set_verify_algorithm_prefs(conn->ssl_ctx, sigalgs,
3073 		if (SSL_CTX_set_verify_algorithm_prefs(conn->ssl_ctx, sigalgs,
3136 int tls_connection_set_verify(void *ssl_ctx, struct tls_connection *conn,
3141 	struct tls_data *data = ssl_ctx;
3196 	SSL_CTX_clear_extra_chain_certs(conn->ssl_ctx);
3283 	SSL_CTX *ssl_ctx = data->ssl;
3288 	if (SSL_CTX_use_certificate_file(ssl_ctx, client_cert,
3290 	    SSL_CTX_use_certificate_chain_file(ssl_ctx, client_cert) != 1 &&
3291 	    SSL_CTX_use_certificate_file(ssl_ctx, client_cert,
3559 	SSL_CTX *ssl_ctx = data->ssl;
3573 	SSL_CTX_set_cert_store(ssl_ctx, store);
3783 	SSL_CTX *ssl_ctx = data->ssl;
3798 	if (!SSL_CTX_check_private_key(ssl_ctx)) {
3891 	SSL_CTX *ssl_ctx = data->ssl;
3898 	if (ssl_ctx == NULL)
3944 	if (SSL_CTX_set_tmp_dh(ssl_ctx, dh) != 1) {
3957 int tls_connection_get_random(void *ssl_ctx, struct tls_connection *conn,
4307 			   tls_connection_resumed(conn->ssl_ctx, conn));
4344 tls_connection_handshake(void *ssl_ctx, struct tls_connection *conn,
4451 int tls_connection_resumed(void *ssl_ctx, struct tls_connection *conn)
4538 int tls_get_version(void *ssl_ctx, struct tls_connection *conn,
4554 int tls_get_cipher(void *ssl_ctx, struct tls_connection *conn,
4570 int tls_connection_enable_workaround(void *ssl_ctx,
4583 int tls_connection_client_hello_ext(void *ssl_ctx, struct tls_connection *conn,
4599 int tls_connection_get_failed(void *ssl_ctx, struct tls_connection *conn)
4607 int tls_connection_get_read_alerts(void *ssl_ctx, struct tls_connection *conn)
4615 int tls_connection_get_write_alerts(void *ssl_ctx, struct tls_connection *conn)
4735 	store = SSL_CTX_get_cert_store(conn->ssl_ctx);
5090 		SSL_CTX *ssl_ctx = data->ssl;
5092 		SSL_CTX_set_tlsext_status_cb(ssl_ctx, ocsp_resp_cb);
5093 		SSL_CTX_set_tlsext_status_arg(ssl_ctx, conn);
5116 static void openssl_debug_dump_cipher_list(SSL_CTX *ssl_ctx)
5121 	ssl = SSL_new(ssl_ctx);
5184 static void openssl_debug_dump_certificates(SSL_CTX *ssl_ctx)
5189 	if (SSL_CTX_get0_chain_certs(ssl_ctx, &certs) == 1) {
5196 	openssl_debug_dump_certificate(0, SSL_CTX_get0_certificate(ssl_ctx));
5202 static void openssl_debug_dump_certificate_chains(SSL_CTX *ssl_ctx)
5207 	for (res = SSL_CTX_set_current_cert(ssl_ctx, SSL_CERT_SET_FIRST);
5209 	     res = SSL_CTX_set_current_cert(ssl_ctx, SSL_CERT_SET_NEXT))
5210 		openssl_debug_dump_certificates(ssl_ctx);
5212 	SSL_CTX_set_current_cert(ssl_ctx, SSL_CERT_SET_FIRST);
5217 static void openssl_debug_dump_ctx(SSL_CTX *ssl_ctx)
5219 	openssl_debug_dump_cipher_list(ssl_ctx);
5220 	openssl_debug_dump_certificate_chains(ssl_ctx);
5228 	SSL_CTX *ssl_ctx = data->ssl;
5258 	    SSL_CTX_set_cipher_list(ssl_ctx, params->openssl_ciphers) != 1) {
5270 		if (SSL_CTX_set_ecdh_auto(ssl_ctx, 1) != 1) {
5286 		SSL_CTX_set_ecdh_auto(ssl_ctx, 1);
5288 		if (SSL_CTX_set1_curves_list(ssl_ctx,
5305 		SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TICKET);
5307 		SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TICKET);
5311 	SSL_CTX_set_tlsext_status_cb(ssl_ctx, ocsp_status_cb);
5312 	SSL_CTX_set_tlsext_status_arg(ssl_ctx, ssl_ctx);
5321 	openssl_debug_dump_ctx(ssl_ctx);
5511 	if (SSL_CTX_remove_session(conn->ssl_ctx, sess) != 1)

Indexes created Tue Jun 11 21:59:41 MDT 2024