polarssl: disable RC4 support (for security reasons)

[oweals/openwrt-ustream-ssl.git] / ustream-polarssl.h

diff --git a/ustream-polarssl.h b/ustream-polarssl.h
index 1da2ff6cb2426fef79a0d5aff3213dbcfe21dc41..32654720d904cadbdee62a67cb8c3d47d517d2fc 100644 (file)
--- a/ustream-polarssl.h
+++ b/ustream-polarssl.h
@@ -26,6 +26,7 @@
 #include <polarssl/rsa.h>
 #include <polarssl/error.h>
 #include <polarssl/version.h>
+#include <polarssl/entropy.h>
 
 #if POLARSSL_VERSION_MAJOR > 1 || POLARSSL_VERSION_MINOR >= 3
 #define USE_VERSION_1_3
@@ -39,8 +40,8 @@ struct ustream_ssl_ctx {
 #else
        rsa_context key;
 #endif
+       x509_crt ca_cert;
        x509_crt cert;
-       int auth;
        bool server;
 };
 
@@ -50,6 +51,12 @@ static inline char *__ustream_ssl_strerror(int error, char *buffer, int len)
        return buffer;
 }
 
+static inline void __ustream_ssl_set_server_name(struct ustream_ssl *us)
+{
+       ssl_set_hostname(us->ssl, us->server_name);
+}
+
+void __ustream_ssl_update_peer_cn(struct ustream_ssl *us);
 void __ustream_ssl_session_free(void *ssl);
 void *__ustream_ssl_session_new(struct ustream_ssl_ctx *ctx);