Add support for ServerInfo SSL_CONF option.

Add support for ServerInfo SSL_CONF option and update documentation. This
was wrongly omitted from the 1.0.2 release.

Reviewed-by: Richard Levitte <levitte@openssl.org>

diff --git a/doc/ssl/SSL_CONF_cmd.pod b/doc/ssl/SSL_CONF_cmd.pod
index 6d073cb9fc180e23056b224e28743274d4903fb2..2bf1a60e9013fd09c3fd51982caba7eea2e9a0c7 100644 (file)
--- a/doc/ssl/SSL_CONF_cmd.pod
+++ b/doc/ssl/SSL_CONF_cmd.pod
@@ -195,6 +195,11 @@ context. This option is only supported if certificate operations
 are permitted. Note: if no B<-key> option is set then a private key is
 not loaded: it does not currently use the B<Certificate> file.
 
+=item B<ServerInfoFile>
+
+Attempts to use the file B<value> in the "serverinfo" extension using the
+function SSL_CTX_use_serverinfo_file.
+
 =item B<DHParameters>
 
 Attempts to use the file B<value> as the set of temporary DH parameters for

diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index d950242f0ba7049055806a21af40a8d25ad191cd..5478840deae9947b73631ad500057ac398965993 100644 (file)
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -386,6 +386,18 @@ static int cmd_PrivateKey(SSL_CONF_CTX *cctx, const char *value)
     return rv > 0;
 }
 
+static int cmd_ServerInfoFile(SSL_CONF_CTX *cctx, const char *value)
+{
+    int rv = 1;
+    if (!(cctx->flags & SSL_CONF_FLAG_CERTIFICATE))
+        return -2;
+    if (!(cctx->flags & SSL_CONF_FLAG_SERVER))
+        return -2;
+    if (cctx->ctx)
+        rv = SSL_CTX_use_serverinfo_file(cctx->ctx, value);
+    return rv > 0;
+}
+
 #ifndef OPENSSL_NO_DH
 static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value)
 {
@@ -444,6 +456,7 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {
     SSL_CONF_CMD_STRING(Options, NULL),
     SSL_CONF_CMD(Certificate, "cert", SSL_CONF_TYPE_FILE),
     SSL_CONF_CMD(PrivateKey, "key", SSL_CONF_TYPE_FILE),
+    SSL_CONF_CMD(ServerInfoFile, NULL, SSL_CONF_TYPE_FILE),
 #ifndef OPENSSL_NO_DH
     SSL_CONF_CMD(DHParameters, "dhparam", SSL_CONF_TYPE_FILE)
 #endif