From 8b84495380098592ef7bb2fa9209ccb87803bf1d Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 17 Mar 2015 15:55:11 +0000 Subject: [PATCH] Add support for ServerInfo SSL_CONF option. Add support for ServerInfo SSL_CONF option and update documentation. This was wrongly omitted from the 1.0.2 release. Reviewed-by: Richard Levitte --- doc/ssl/SSL_CONF_cmd.pod | 5 +++++ ssl/ssl_conf.c | 13 +++++++++++++ 2 files changed, 18 insertions(+) diff --git a/doc/ssl/SSL_CONF_cmd.pod b/doc/ssl/SSL_CONF_cmd.pod index 6d073cb9fc..2bf1a60e90 100644 --- a/doc/ssl/SSL_CONF_cmd.pod +++ b/doc/ssl/SSL_CONF_cmd.pod @@ -195,6 +195,11 @@ context. This option is only supported if certificate operations are permitted. Note: if no B<-key> option is set then a private key is not loaded: it does not currently use the B file. +=item B + +Attempts to use the file B in the "serverinfo" extension using the +function SSL_CTX_use_serverinfo_file. + =item B Attempts to use the file B as the set of temporary DH parameters for diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index d950242f0b..5478840dea 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -386,6 +386,18 @@ static int cmd_PrivateKey(SSL_CONF_CTX *cctx, const char *value) return rv > 0; } +static int cmd_ServerInfoFile(SSL_CONF_CTX *cctx, const char *value) +{ + int rv = 1; + if (!(cctx->flags & SSL_CONF_FLAG_CERTIFICATE)) + return -2; + if (!(cctx->flags & SSL_CONF_FLAG_SERVER)) + return -2; + if (cctx->ctx) + rv = SSL_CTX_use_serverinfo_file(cctx->ctx, value); + return rv > 0; +} + #ifndef OPENSSL_NO_DH static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value) { @@ -444,6 +456,7 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = { SSL_CONF_CMD_STRING(Options, NULL), SSL_CONF_CMD(Certificate, "cert", SSL_CONF_TYPE_FILE), SSL_CONF_CMD(PrivateKey, "key", SSL_CONF_TYPE_FILE), + SSL_CONF_CMD(ServerInfoFile, NULL, SSL_CONF_TYPE_FILE), #ifndef OPENSSL_NO_DH SSL_CONF_CMD(DHParameters, "dhparam", SSL_CONF_TYPE_FILE) #endif -- 2.25.1