SSL_CTX_set_verify_depth, SSL_set_verify_depth,
SSL_verify_cb,
SSL_verify_client_post_handshake,
-SSL_set_post_handshake_auth
+SSL_set_post_handshake_auth,
+SSL_CTX_set_post_handshake_auth
- set peer certificate verification parameters
=head1 SYNOPSIS
void SSL_set_verify_depth(SSL *ssl, int depth);
int SSL_verify_client_post_handshake(SSL *ssl);
+ void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val);
void SSL_set_post_handshake_auth(SSL *ssl, int val);
=head1 DESCRIPTION
SSL_set_verify_depth() sets the maximum B<depth> for the certificate chain
verification that shall be allowed for B<ssl>.
-SSL_set_post_handshake_auth() enables the Post-Handshake Authentication
-extension to be added to the ClientHello such that post-handshake authentication
-can be requested by the server. If B<val> is 0 then the extension is not sent,
-otherwise it is. By default the extension is not sent. A certificate callback
-will need to be set via SSL_CTX_set_client_cert_cb() if no certificate is
-provided at initialization.
+SSL_CTX_set_post_handshake_auth() and SSL_set_post_handshake_auth() enable the
+Post-Handshake Authentication extension to be added to the ClientHello such that
+post-handshake authentication can be requested by the server. If B<val> is 0
+then the extension is not sent, otherwise it is. By default the extension is not
+sent. A certificate callback will need to be set via
+SSL_CTX_set_client_cert_cb() if no certificate is provided at initialization.
SSL_verify_client_post_handshake() causes a CertificateRequest message to be
sent by a server on the given B<ssl> connection. The SSL_VERIFY_PEER flag must
__owur int SSL_renegotiate_pending(SSL *s);
int SSL_shutdown(SSL *s);
__owur int SSL_verify_client_post_handshake(SSL *s);
+void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val);
void SSL_set_post_handshake_auth(SSL *s, int val);
__owur const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx);
s->max_early_data = ctx->max_early_data;
s->recv_max_early_data = ctx->recv_max_early_data;
s->num_tickets = ctx->num_tickets;
+ s->pha_enabled = ctx->pha_enabled;
/* Shallow copy of the ciphersuites stack */
s->tls13_ciphersuites = sk_SSL_CIPHER_dup(ctx->tls13_ciphersuites);
return -1;
}
+void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val)
+{
+ ctx->pha_enabled = val;
+}
+
void SSL_set_post_handshake_auth(SSL *ssl, int val)
{
ssl->pha_enabled = val;
/* Callback to determine if early_data is acceptable or not */
SSL_allow_early_data_cb_fn allow_early_data_cb;
void *allow_early_data_cb_data;
+
+ /* Do we advertise Post-handshake auth support? */
+ int pha_enabled;
};
struct ssl_st {
|| !TEST_true(SSL_CTX_set_max_proto_version(cctx, TLS1_3_VERSION)))
goto end;
+ SSL_CTX_set_post_handshake_auth(cctx, 1);
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
NULL, NULL)))
goto end;
- SSL_set_post_handshake_auth(clientssl, 1);
-
if (!TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE)))
goto end;
SSL_get_recv_max_early_data 497 1_1_1 EXIST::FUNCTION:
SSL_CTX_get_recv_max_early_data 498 1_1_1 EXIST::FUNCTION:
SSL_CTX_set_recv_max_early_data 499 1_1_1 EXIST::FUNCTION:
+SSL_CTX_set_post_handshake_auth 500 1_1_1 EXIST::FUNCTION: