Lines Matching refs:cctx
106 static void ssl_set_option(SSL_CONF_CTX *cctx, unsigned int name_flags, in ssl_set_option() argument
111 if (cctx->poptions == NULL) in ssl_set_option()
118 pflags = cctx->pcert_flags; in ssl_set_option()
122 pflags = cctx->pvfy_flags; in ssl_set_option()
127 *cctx->poptions |= option_value; in ssl_set_option()
129 *cctx->poptions &= ~option_value; in ssl_set_option()
142 static int ssl_match_option(SSL_CONF_CTX *cctx, const ssl_flag_tbl *tbl, in ssl_match_option() argument
146 if (!(cctx->flags & tbl->name_flags & SSL_TFLAG_BOTH)) in ssl_match_option()
154 ssl_set_option(cctx, tbl->name_flags, tbl->option_value, onoff); in ssl_match_option()
160 SSL_CONF_CTX *cctx = usr; in ssl_set_option_list() local
181 for (i = 0, tbl = cctx->tbl; i < cctx->ntbl; i++, tbl++) { in ssl_set_option_list()
182 if (ssl_match_option(cctx, tbl, elem, len, onoff)) in ssl_set_option_list()
189 static int cmd_SignatureAlgorithms(SSL_CONF_CTX *cctx, const char *value) in cmd_SignatureAlgorithms() argument
192 if (cctx->ssl) in cmd_SignatureAlgorithms()
193 rv = SSL_set1_sigalgs_list(cctx->ssl, value); in cmd_SignatureAlgorithms()
196 rv = SSL_CTX_set1_sigalgs_list(cctx->ctx, value); in cmd_SignatureAlgorithms()
201 static int cmd_ClientSignatureAlgorithms(SSL_CONF_CTX *cctx, const char *value) in cmd_ClientSignatureAlgorithms() argument
204 if (cctx->ssl) in cmd_ClientSignatureAlgorithms()
205 rv = SSL_set1_client_sigalgs_list(cctx->ssl, value); in cmd_ClientSignatureAlgorithms()
208 rv = SSL_CTX_set1_client_sigalgs_list(cctx->ctx, value); in cmd_ClientSignatureAlgorithms()
212 static int cmd_Groups(SSL_CONF_CTX *cctx, const char *value) in cmd_Groups() argument
215 if (cctx->ssl) in cmd_Groups()
216 rv = SSL_set1_groups_list(cctx->ssl, value); in cmd_Groups()
219 rv = SSL_CTX_set1_groups_list(cctx->ctx, value); in cmd_Groups()
224 static int cmd_Curves(SSL_CONF_CTX *cctx, const char *value) in cmd_Curves() argument
226 return cmd_Groups(cctx, value); in cmd_Curves()
230 static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value) in cmd_ECDHParameters() argument
235 if ((cctx->flags & SSL_CONF_FLAG_FILE) in cmd_ECDHParameters()
239 if ((cctx->flags & SSL_CONF_FLAG_CMDLINE) && in cmd_ECDHParameters()
247 if (cctx->ctx) in cmd_ECDHParameters()
248 rv = SSL_CTX_set1_groups_list(cctx->ctx, value); in cmd_ECDHParameters()
249 else if (cctx->ssl) in cmd_ECDHParameters()
250 rv = SSL_set1_groups_list(cctx->ssl, value); in cmd_ECDHParameters()
255 static int cmd_CipherString(SSL_CONF_CTX *cctx, const char *value) in cmd_CipherString() argument
259 if (cctx->ctx) in cmd_CipherString()
260 rv = SSL_CTX_set_cipher_list(cctx->ctx, value); in cmd_CipherString()
261 if (cctx->ssl) in cmd_CipherString()
262 rv = SSL_set_cipher_list(cctx->ssl, value); in cmd_CipherString()
266 static int cmd_Ciphersuites(SSL_CONF_CTX *cctx, const char *value) in cmd_Ciphersuites() argument
270 if (cctx->ctx) in cmd_Ciphersuites()
271 rv = SSL_CTX_set_ciphersuites(cctx->ctx, value); in cmd_Ciphersuites()
272 if (cctx->ssl) in cmd_Ciphersuites()
273 rv = SSL_set_ciphersuites(cctx->ssl, value); in cmd_Ciphersuites()
277 static int cmd_Protocol(SSL_CONF_CTX *cctx, const char *value) in cmd_Protocol() argument
290 cctx->tbl = ssl_protocol_list; in cmd_Protocol()
291 cctx->ntbl = OSSL_NELEM(ssl_protocol_list); in cmd_Protocol()
292 return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx); in cmd_Protocol()
332 static int min_max_proto(SSL_CONF_CTX *cctx, const char *value, int *bound) in min_max_proto() argument
337 if (cctx->ctx != NULL) in min_max_proto()
338 method_version = cctx->ctx->method->version; in min_max_proto()
339 else if (cctx->ssl != NULL) in min_max_proto()
340 method_version = cctx->ssl->ctx->method->version; in min_max_proto()
355 static int cmd_MinProtocol(SSL_CONF_CTX *cctx, const char *value) in cmd_MinProtocol() argument
357 return min_max_proto(cctx, value, cctx->min_version); in cmd_MinProtocol()
367 static int cmd_MaxProtocol(SSL_CONF_CTX *cctx, const char *value) in cmd_MaxProtocol() argument
369 return min_max_proto(cctx, value, cctx->max_version); in cmd_MaxProtocol()
372 static int cmd_Options(SSL_CONF_CTX *cctx, const char *value) in cmd_Options() argument
403 cctx->tbl = ssl_option_list; in cmd_Options()
404 cctx->ntbl = OSSL_NELEM(ssl_option_list); in cmd_Options()
405 return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx); in cmd_Options()
408 static int cmd_VerifyMode(SSL_CONF_CTX *cctx, const char *value) in cmd_VerifyMode() argument
424 cctx->tbl = ssl_vfy_list; in cmd_VerifyMode()
425 cctx->ntbl = OSSL_NELEM(ssl_vfy_list); in cmd_VerifyMode()
426 return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx); in cmd_VerifyMode()
429 static int cmd_Certificate(SSL_CONF_CTX *cctx, const char *value) in cmd_Certificate() argument
433 if (cctx->ctx) { in cmd_Certificate()
434 rv = SSL_CTX_use_certificate_chain_file(cctx->ctx, value); in cmd_Certificate()
435 c = cctx->ctx->cert; in cmd_Certificate()
437 if (cctx->ssl) { in cmd_Certificate()
438 rv = SSL_use_certificate_chain_file(cctx->ssl, value); in cmd_Certificate()
439 c = cctx->ssl->cert; in cmd_Certificate()
441 if (rv > 0 && c && cctx->flags & SSL_CONF_FLAG_REQUIRE_PRIVATE) { in cmd_Certificate()
442 char **pfilename = &cctx->cert_filename[c->key - c->pkeys]; in cmd_Certificate()
452 static int cmd_PrivateKey(SSL_CONF_CTX *cctx, const char *value) in cmd_PrivateKey() argument
455 if (!(cctx->flags & SSL_CONF_FLAG_CERTIFICATE)) in cmd_PrivateKey()
457 if (cctx->ctx) in cmd_PrivateKey()
458 rv = SSL_CTX_use_PrivateKey_file(cctx->ctx, value, SSL_FILETYPE_PEM); in cmd_PrivateKey()
459 if (cctx->ssl) in cmd_PrivateKey()
460 rv = SSL_use_PrivateKey_file(cctx->ssl, value, SSL_FILETYPE_PEM); in cmd_PrivateKey()
464 static int cmd_ServerInfoFile(SSL_CONF_CTX *cctx, const char *value) in cmd_ServerInfoFile() argument
467 if (cctx->ctx) in cmd_ServerInfoFile()
468 rv = SSL_CTX_use_serverinfo_file(cctx->ctx, value); in cmd_ServerInfoFile()
472 static int do_store(SSL_CONF_CTX *cctx, in do_store() argument
482 if (cctx->ctx != NULL) { in do_store()
483 cert = cctx->ctx->cert; in do_store()
484 ctx = cctx->ctx; in do_store()
485 } else if (cctx->ssl != NULL) { in do_store()
486 cert = cctx->ssl->cert; in do_store()
487 ctx = cctx->ssl->ctx; in do_store()
512 static int cmd_ChainCAPath(SSL_CONF_CTX *cctx, const char *value) in cmd_ChainCAPath() argument
514 return do_store(cctx, NULL, value, NULL, 0); in cmd_ChainCAPath()
517 static int cmd_ChainCAFile(SSL_CONF_CTX *cctx, const char *value) in cmd_ChainCAFile() argument
519 return do_store(cctx, value, NULL, NULL, 0); in cmd_ChainCAFile()
522 static int cmd_ChainCAStore(SSL_CONF_CTX *cctx, const char *value) in cmd_ChainCAStore() argument
524 return do_store(cctx, NULL, NULL, value, 0); in cmd_ChainCAStore()
527 static int cmd_VerifyCAPath(SSL_CONF_CTX *cctx, const char *value) in cmd_VerifyCAPath() argument
529 return do_store(cctx, NULL, value, NULL, 1); in cmd_VerifyCAPath()
532 static int cmd_VerifyCAFile(SSL_CONF_CTX *cctx, const char *value) in cmd_VerifyCAFile() argument
534 return do_store(cctx, value, NULL, NULL, 1); in cmd_VerifyCAFile()
537 static int cmd_VerifyCAStore(SSL_CONF_CTX *cctx, const char *value) in cmd_VerifyCAStore() argument
539 return do_store(cctx, NULL, NULL, value, 1); in cmd_VerifyCAStore()
542 static int cmd_RequestCAFile(SSL_CONF_CTX *cctx, const char *value) in cmd_RequestCAFile() argument
544 if (cctx->canames == NULL) in cmd_RequestCAFile()
545 cctx->canames = sk_X509_NAME_new_null(); in cmd_RequestCAFile()
546 if (cctx->canames == NULL) in cmd_RequestCAFile()
548 return SSL_add_file_cert_subjects_to_stack(cctx->canames, value); in cmd_RequestCAFile()
551 static int cmd_ClientCAFile(SSL_CONF_CTX *cctx, const char *value) in cmd_ClientCAFile() argument
553 return cmd_RequestCAFile(cctx, value); in cmd_ClientCAFile()
556 static int cmd_RequestCAPath(SSL_CONF_CTX *cctx, const char *value) in cmd_RequestCAPath() argument
558 if (cctx->canames == NULL) in cmd_RequestCAPath()
559 cctx->canames = sk_X509_NAME_new_null(); in cmd_RequestCAPath()
560 if (cctx->canames == NULL) in cmd_RequestCAPath()
562 return SSL_add_dir_cert_subjects_to_stack(cctx->canames, value); in cmd_RequestCAPath()
565 static int cmd_ClientCAPath(SSL_CONF_CTX *cctx, const char *value) in cmd_ClientCAPath() argument
567 return cmd_RequestCAPath(cctx, value); in cmd_ClientCAPath()
570 static int cmd_RequestCAStore(SSL_CONF_CTX *cctx, const char *value) in cmd_RequestCAStore() argument
572 if (cctx->canames == NULL) in cmd_RequestCAStore()
573 cctx->canames = sk_X509_NAME_new_null(); in cmd_RequestCAStore()
574 if (cctx->canames == NULL) in cmd_RequestCAStore()
576 return SSL_add_store_cert_subjects_to_stack(cctx->canames, value); in cmd_RequestCAStore()
579 static int cmd_ClientCAStore(SSL_CONF_CTX *cctx, const char *value) in cmd_ClientCAStore() argument
581 return cmd_RequestCAStore(cctx, value); in cmd_ClientCAStore()
584 static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value) in cmd_DHParameters() argument
589 SSL_CTX *sslctx = (cctx->ssl != NULL) ? cctx->ssl->ctx : cctx->ctx; in cmd_DHParameters()
592 if (cctx->ctx != NULL || cctx->ssl != NULL) { in cmd_DHParameters()
620 if (cctx->ctx != NULL) { in cmd_DHParameters()
621 if ((rv = SSL_CTX_set0_tmp_dh_pkey(cctx->ctx, dhpkey)) > 0) in cmd_DHParameters()
624 if (cctx->ssl != NULL) { in cmd_DHParameters()
625 if ((rv = SSL_set0_tmp_dh_pkey(cctx->ssl, dhpkey)) > 0) in cmd_DHParameters()
634 static int cmd_RecordPadding(SSL_CONF_CTX *cctx, const char *value) in cmd_RecordPadding() argument
644 if (cctx->ctx) in cmd_RecordPadding()
645 rv = SSL_CTX_set_block_padding(cctx->ctx, block_size); in cmd_RecordPadding()
646 if (cctx->ssl) in cmd_RecordPadding()
647 rv = SSL_set_block_padding(cctx->ssl, block_size); in cmd_RecordPadding()
653 static int cmd_NumTickets(SSL_CONF_CTX *cctx, const char *value) in cmd_NumTickets() argument
659 if (cctx->ctx) in cmd_NumTickets()
660 rv = SSL_CTX_set_num_tickets(cctx->ctx, num_tickets); in cmd_NumTickets()
661 if (cctx->ssl) in cmd_NumTickets()
662 rv = SSL_set_num_tickets(cctx->ssl, num_tickets); in cmd_NumTickets()
668 int (*cmd) (SSL_CONF_CTX *cctx, const char *value);
806 static int ssl_conf_cmd_skip_prefix(SSL_CONF_CTX *cctx, const char **pcmd) in ssl_conf_cmd_skip_prefix() argument
811 if (cctx->prefix) { in ssl_conf_cmd_skip_prefix()
812 if (strlen(*pcmd) <= cctx->prefixlen) in ssl_conf_cmd_skip_prefix()
814 if (cctx->flags & SSL_CONF_FLAG_CMDLINE && in ssl_conf_cmd_skip_prefix()
815 strncmp(*pcmd, cctx->prefix, cctx->prefixlen)) in ssl_conf_cmd_skip_prefix()
817 if (cctx->flags & SSL_CONF_FLAG_FILE && in ssl_conf_cmd_skip_prefix()
818 OPENSSL_strncasecmp(*pcmd, cctx->prefix, cctx->prefixlen)) in ssl_conf_cmd_skip_prefix()
820 *pcmd += cctx->prefixlen; in ssl_conf_cmd_skip_prefix()
821 } else if (cctx->flags & SSL_CONF_FLAG_CMDLINE) { in ssl_conf_cmd_skip_prefix()
830 static int ssl_conf_cmd_allowed(SSL_CONF_CTX *cctx, const ssl_conf_cmd_tbl * t) in ssl_conf_cmd_allowed() argument
833 unsigned int cfl = cctx->flags; in ssl_conf_cmd_allowed()
844 static const ssl_conf_cmd_tbl *ssl_conf_cmd_lookup(SSL_CONF_CTX *cctx, in ssl_conf_cmd_lookup() argument
854 if (ssl_conf_cmd_allowed(cctx, t)) { in ssl_conf_cmd_lookup()
855 if (cctx->flags & SSL_CONF_FLAG_CMDLINE) { in ssl_conf_cmd_lookup()
859 if (cctx->flags & SSL_CONF_FLAG_FILE) { in ssl_conf_cmd_lookup()
868 static int ctrl_switch_option(SSL_CONF_CTX *cctx, const ssl_conf_cmd_tbl * cmd) in ctrl_switch_option() argument
881 ssl_set_option(cctx, scmd->name_flags, scmd->option_value, 1); in ctrl_switch_option()
885 int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value) in SSL_CONF_cmd() argument
893 if (!ssl_conf_cmd_skip_prefix(cctx, &cmd)) in SSL_CONF_cmd()
896 runcmd = ssl_conf_cmd_lookup(cctx, cmd); in SSL_CONF_cmd()
902 return ctrl_switch_option(cctx, runcmd); in SSL_CONF_cmd()
906 rv = runcmd->cmd(cctx, value); in SSL_CONF_cmd()
913 if (cctx->flags & SSL_CONF_FLAG_SHOW_ERRORS) in SSL_CONF_cmd()
921 if (cctx->flags & SSL_CONF_FLAG_SHOW_ERRORS) in SSL_CONF_cmd()
927 int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv) in SSL_CONF_cmd_argv() argument
942 cctx->flags &= ~SSL_CONF_FLAG_FILE; in SSL_CONF_cmd_argv()
943 cctx->flags |= SSL_CONF_FLAG_CMDLINE; in SSL_CONF_cmd_argv()
944 rv = SSL_CONF_cmd(cctx, arg, argn); in SSL_CONF_cmd_argv()
961 int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd) in SSL_CONF_cmd_value_type() argument
963 if (ssl_conf_cmd_skip_prefix(cctx, &cmd)) { in SSL_CONF_cmd_value_type()
965 runcmd = ssl_conf_cmd_lookup(cctx, cmd); in SSL_CONF_cmd_value_type()
979 int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx) in SSL_CONF_CTX_finish() argument
984 if (cctx->ctx) in SSL_CONF_CTX_finish()
985 c = cctx->ctx->cert; in SSL_CONF_CTX_finish()
986 else if (cctx->ssl) in SSL_CONF_CTX_finish()
987 c = cctx->ssl->cert; in SSL_CONF_CTX_finish()
988 if (c && cctx->flags & SSL_CONF_FLAG_REQUIRE_PRIVATE) { in SSL_CONF_CTX_finish()
990 const char *p = cctx->cert_filename[i]; in SSL_CONF_CTX_finish()
995 if (!cmd_PrivateKey(cctx, p)) in SSL_CONF_CTX_finish()
1000 if (cctx->canames) { in SSL_CONF_CTX_finish()
1001 if (cctx->ssl) in SSL_CONF_CTX_finish()
1002 SSL_set0_CA_list(cctx->ssl, cctx->canames); in SSL_CONF_CTX_finish()
1003 else if (cctx->ctx) in SSL_CONF_CTX_finish()
1004 SSL_CTX_set0_CA_list(cctx->ctx, cctx->canames); in SSL_CONF_CTX_finish()
1006 sk_X509_NAME_pop_free(cctx->canames, X509_NAME_free); in SSL_CONF_CTX_finish()
1007 cctx->canames = NULL; in SSL_CONF_CTX_finish()
1012 void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx) in SSL_CONF_CTX_free() argument
1014 if (cctx) { in SSL_CONF_CTX_free()
1017 OPENSSL_free(cctx->cert_filename[i]); in SSL_CONF_CTX_free()
1018 OPENSSL_free(cctx->prefix); in SSL_CONF_CTX_free()
1019 sk_X509_NAME_pop_free(cctx->canames, X509_NAME_free); in SSL_CONF_CTX_free()
1020 OPENSSL_free(cctx); in SSL_CONF_CTX_free()
1024 unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags) in SSL_CONF_CTX_set_flags() argument
1026 cctx->flags |= flags; in SSL_CONF_CTX_set_flags()
1027 return cctx->flags; in SSL_CONF_CTX_set_flags()
1030 unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, unsigned int flags) in SSL_CONF_CTX_clear_flags() argument
1032 cctx->flags &= ~flags; in SSL_CONF_CTX_clear_flags()
1033 return cctx->flags; in SSL_CONF_CTX_clear_flags()
1036 int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *pre) in SSL_CONF_CTX_set1_prefix() argument
1044 OPENSSL_free(cctx->prefix); in SSL_CONF_CTX_set1_prefix()
1045 cctx->prefix = tmp; in SSL_CONF_CTX_set1_prefix()
1047 cctx->prefixlen = strlen(tmp); in SSL_CONF_CTX_set1_prefix()
1049 cctx->prefixlen = 0; in SSL_CONF_CTX_set1_prefix()
1053 void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl) in SSL_CONF_CTX_set_ssl() argument
1055 cctx->ssl = ssl; in SSL_CONF_CTX_set_ssl()
1056 cctx->ctx = NULL; in SSL_CONF_CTX_set_ssl()
1058 cctx->poptions = &ssl->options; in SSL_CONF_CTX_set_ssl()
1059 cctx->min_version = &ssl->min_proto_version; in SSL_CONF_CTX_set_ssl()
1060 cctx->max_version = &ssl->max_proto_version; in SSL_CONF_CTX_set_ssl()
1061 cctx->pcert_flags = &ssl->cert->cert_flags; in SSL_CONF_CTX_set_ssl()
1062 cctx->pvfy_flags = &ssl->verify_mode; in SSL_CONF_CTX_set_ssl()
1064 cctx->poptions = NULL; in SSL_CONF_CTX_set_ssl()
1065 cctx->min_version = NULL; in SSL_CONF_CTX_set_ssl()
1066 cctx->max_version = NULL; in SSL_CONF_CTX_set_ssl()
1067 cctx->pcert_flags = NULL; in SSL_CONF_CTX_set_ssl()
1068 cctx->pvfy_flags = NULL; in SSL_CONF_CTX_set_ssl()
1072 void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx) in SSL_CONF_CTX_set_ssl_ctx() argument
1074 cctx->ctx = ctx; in SSL_CONF_CTX_set_ssl_ctx()
1075 cctx->ssl = NULL; in SSL_CONF_CTX_set_ssl_ctx()
1077 cctx->poptions = &ctx->options; in SSL_CONF_CTX_set_ssl_ctx()
1078 cctx->min_version = &ctx->min_proto_version; in SSL_CONF_CTX_set_ssl_ctx()
1079 cctx->max_version = &ctx->max_proto_version; in SSL_CONF_CTX_set_ssl_ctx()
1080 cctx->pcert_flags = &ctx->cert->cert_flags; in SSL_CONF_CTX_set_ssl_ctx()
1081 cctx->pvfy_flags = &ctx->verify_mode; in SSL_CONF_CTX_set_ssl_ctx()
1083 cctx->poptions = NULL; in SSL_CONF_CTX_set_ssl_ctx()
1084 cctx->min_version = NULL; in SSL_CONF_CTX_set_ssl_ctx()
1085 cctx->max_version = NULL; in SSL_CONF_CTX_set_ssl_ctx()
1086 cctx->pcert_flags = NULL; in SSL_CONF_CTX_set_ssl_ctx()
1087 cctx->pvfy_flags = NULL; in SSL_CONF_CTX_set_ssl_ctx()