Lines Matching refs:cctx
108 static void ssl_set_option(SSL_CONF_CTX *cctx, unsigned int name_flags, in ssl_set_option() argument
113 if (cctx->poptions == NULL) in ssl_set_option()
120 pflags = cctx->pcert_flags; in ssl_set_option()
124 pflags = cctx->pvfy_flags; in ssl_set_option()
129 *cctx->poptions |= option_value; in ssl_set_option()
131 *cctx->poptions &= ~option_value; in ssl_set_option()
144 static int ssl_match_option(SSL_CONF_CTX *cctx, const ssl_flag_tbl *tbl, in ssl_match_option() argument
148 if (!(cctx->flags & tbl->name_flags & SSL_TFLAG_BOTH)) in ssl_match_option()
156 ssl_set_option(cctx, tbl->name_flags, tbl->option_value, onoff); in ssl_match_option()
162 SSL_CONF_CTX *cctx = usr; in ssl_set_option_list() local
183 for (i = 0, tbl = cctx->tbl; i < cctx->ntbl; i++, tbl++) { in ssl_set_option_list()
184 if (ssl_match_option(cctx, tbl, elem, len, onoff)) in ssl_set_option_list()
191 static int cmd_SignatureAlgorithms(SSL_CONF_CTX *cctx, const char *value) in cmd_SignatureAlgorithms() argument
194 if (cctx->ssl) in cmd_SignatureAlgorithms()
195 rv = SSL_set1_sigalgs_list(cctx->ssl, value); in cmd_SignatureAlgorithms()
198 rv = SSL_CTX_set1_sigalgs_list(cctx->ctx, value); in cmd_SignatureAlgorithms()
203 static int cmd_ClientSignatureAlgorithms(SSL_CONF_CTX *cctx, const char *value) in cmd_ClientSignatureAlgorithms() argument
206 if (cctx->ssl) in cmd_ClientSignatureAlgorithms()
207 rv = SSL_set1_client_sigalgs_list(cctx->ssl, value); in cmd_ClientSignatureAlgorithms()
210 rv = SSL_CTX_set1_client_sigalgs_list(cctx->ctx, value); in cmd_ClientSignatureAlgorithms()
214 static int cmd_Groups(SSL_CONF_CTX *cctx, const char *value) in cmd_Groups() argument
217 if (cctx->ssl) in cmd_Groups()
218 rv = SSL_set1_groups_list(cctx->ssl, value); in cmd_Groups()
221 rv = SSL_CTX_set1_groups_list(cctx->ctx, value); in cmd_Groups()
226 static int cmd_Curves(SSL_CONF_CTX *cctx, const char *value) in cmd_Curves() argument
228 return cmd_Groups(cctx, value); in cmd_Curves()
232 static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value) in cmd_ECDHParameters() argument
237 if ((cctx->flags & SSL_CONF_FLAG_FILE) in cmd_ECDHParameters()
241 if ((cctx->flags & SSL_CONF_FLAG_CMDLINE) && in cmd_ECDHParameters()
249 if (cctx->ctx) in cmd_ECDHParameters()
250 rv = SSL_CTX_set1_groups_list(cctx->ctx, value); in cmd_ECDHParameters()
251 else if (cctx->ssl) in cmd_ECDHParameters()
252 rv = SSL_set1_groups_list(cctx->ssl, value); in cmd_ECDHParameters()
257 static int cmd_CipherString(SSL_CONF_CTX *cctx, const char *value) in cmd_CipherString() argument
261 if (cctx->ctx) in cmd_CipherString()
262 rv = SSL_CTX_set_cipher_list(cctx->ctx, value); in cmd_CipherString()
263 if (cctx->ssl) in cmd_CipherString()
264 rv = SSL_set_cipher_list(cctx->ssl, value); in cmd_CipherString()
268 static int cmd_Ciphersuites(SSL_CONF_CTX *cctx, const char *value) in cmd_Ciphersuites() argument
272 if (cctx->ctx) in cmd_Ciphersuites()
273 rv = SSL_CTX_set_ciphersuites(cctx->ctx, value); in cmd_Ciphersuites()
274 if (cctx->ssl) in cmd_Ciphersuites()
275 rv = SSL_set_ciphersuites(cctx->ssl, value); in cmd_Ciphersuites()
279 static int cmd_Protocol(SSL_CONF_CTX *cctx, const char *value) in cmd_Protocol() argument
292 cctx->tbl = ssl_protocol_list; in cmd_Protocol()
293 cctx->ntbl = OSSL_NELEM(ssl_protocol_list); in cmd_Protocol()
294 return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx); in cmd_Protocol()
334 static int min_max_proto(SSL_CONF_CTX *cctx, const char *value, int *bound) in min_max_proto() argument
339 if (cctx->ctx != NULL) in min_max_proto()
340 method_version = cctx->ctx->method->version; in min_max_proto()
341 else if (cctx->ssl != NULL) in min_max_proto()
342 method_version = cctx->ssl->defltmeth->version; in min_max_proto()
357 static int cmd_MinProtocol(SSL_CONF_CTX *cctx, const char *value) in cmd_MinProtocol() argument
359 return min_max_proto(cctx, value, cctx->min_version); in cmd_MinProtocol()
369 static int cmd_MaxProtocol(SSL_CONF_CTX *cctx, const char *value) in cmd_MaxProtocol() argument
371 return min_max_proto(cctx, value, cctx->max_version); in cmd_MaxProtocol()
374 static int cmd_Options(SSL_CONF_CTX *cctx, const char *value) in cmd_Options() argument
411 cctx->tbl = ssl_option_list; in cmd_Options()
412 cctx->ntbl = OSSL_NELEM(ssl_option_list); in cmd_Options()
413 return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx); in cmd_Options()
416 static int cmd_VerifyMode(SSL_CONF_CTX *cctx, const char *value) in cmd_VerifyMode() argument
432 cctx->tbl = ssl_vfy_list; in cmd_VerifyMode()
433 cctx->ntbl = OSSL_NELEM(ssl_vfy_list); in cmd_VerifyMode()
434 return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx); in cmd_VerifyMode()
437 static int cmd_Certificate(SSL_CONF_CTX *cctx, const char *value) in cmd_Certificate() argument
441 if (cctx->ctx != NULL) { in cmd_Certificate()
442 rv = SSL_CTX_use_certificate_chain_file(cctx->ctx, value); in cmd_Certificate()
443 c = cctx->ctx->cert; in cmd_Certificate()
445 if (cctx->ssl != NULL) { in cmd_Certificate()
446 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(cctx->ssl); in cmd_Certificate()
449 rv = SSL_use_certificate_chain_file(cctx->ssl, value); in cmd_Certificate()
455 if (rv > 0 && c != NULL && cctx->flags & SSL_CONF_FLAG_REQUIRE_PRIVATE) { in cmd_Certificate()
456 char **pfilename = &cctx->cert_filename[c->key - c->pkeys]; in cmd_Certificate()
467 static int cmd_PrivateKey(SSL_CONF_CTX *cctx, const char *value) in cmd_PrivateKey() argument
470 if (!(cctx->flags & SSL_CONF_FLAG_CERTIFICATE)) in cmd_PrivateKey()
472 if (cctx->ctx) in cmd_PrivateKey()
473 rv = SSL_CTX_use_PrivateKey_file(cctx->ctx, value, SSL_FILETYPE_PEM); in cmd_PrivateKey()
474 if (cctx->ssl) in cmd_PrivateKey()
475 rv = SSL_use_PrivateKey_file(cctx->ssl, value, SSL_FILETYPE_PEM); in cmd_PrivateKey()
479 static int cmd_ServerInfoFile(SSL_CONF_CTX *cctx, const char *value) in cmd_ServerInfoFile() argument
482 if (cctx->ctx) in cmd_ServerInfoFile()
483 rv = SSL_CTX_use_serverinfo_file(cctx->ctx, value); in cmd_ServerInfoFile()
487 static int do_store(SSL_CONF_CTX *cctx, in do_store() argument
497 if (cctx->ctx != NULL) { in do_store()
498 cert = cctx->ctx->cert; in do_store()
499 ctx = cctx->ctx; in do_store()
500 } else if (cctx->ssl != NULL) { in do_store()
501 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(cctx->ssl); in do_store()
507 ctx = cctx->ssl->ctx; in do_store()
532 static int cmd_ChainCAPath(SSL_CONF_CTX *cctx, const char *value) in cmd_ChainCAPath() argument
534 return do_store(cctx, NULL, value, NULL, 0); in cmd_ChainCAPath()
537 static int cmd_ChainCAFile(SSL_CONF_CTX *cctx, const char *value) in cmd_ChainCAFile() argument
539 return do_store(cctx, value, NULL, NULL, 0); in cmd_ChainCAFile()
542 static int cmd_ChainCAStore(SSL_CONF_CTX *cctx, const char *value) in cmd_ChainCAStore() argument
544 return do_store(cctx, NULL, NULL, value, 0); in cmd_ChainCAStore()
547 static int cmd_VerifyCAPath(SSL_CONF_CTX *cctx, const char *value) in cmd_VerifyCAPath() argument
549 return do_store(cctx, NULL, value, NULL, 1); in cmd_VerifyCAPath()
552 static int cmd_VerifyCAFile(SSL_CONF_CTX *cctx, const char *value) in cmd_VerifyCAFile() argument
554 return do_store(cctx, value, NULL, NULL, 1); in cmd_VerifyCAFile()
557 static int cmd_VerifyCAStore(SSL_CONF_CTX *cctx, const char *value) in cmd_VerifyCAStore() argument
559 return do_store(cctx, NULL, NULL, value, 1); in cmd_VerifyCAStore()
562 static int cmd_RequestCAFile(SSL_CONF_CTX *cctx, const char *value) in cmd_RequestCAFile() argument
564 if (cctx->canames == NULL) in cmd_RequestCAFile()
565 cctx->canames = sk_X509_NAME_new_null(); in cmd_RequestCAFile()
566 if (cctx->canames == NULL) in cmd_RequestCAFile()
568 return SSL_add_file_cert_subjects_to_stack(cctx->canames, value); in cmd_RequestCAFile()
571 static int cmd_ClientCAFile(SSL_CONF_CTX *cctx, const char *value) in cmd_ClientCAFile() argument
573 return cmd_RequestCAFile(cctx, value); in cmd_ClientCAFile()
576 static int cmd_RequestCAPath(SSL_CONF_CTX *cctx, const char *value) in cmd_RequestCAPath() argument
578 if (cctx->canames == NULL) in cmd_RequestCAPath()
579 cctx->canames = sk_X509_NAME_new_null(); in cmd_RequestCAPath()
580 if (cctx->canames == NULL) in cmd_RequestCAPath()
582 return SSL_add_dir_cert_subjects_to_stack(cctx->canames, value); in cmd_RequestCAPath()
585 static int cmd_ClientCAPath(SSL_CONF_CTX *cctx, const char *value) in cmd_ClientCAPath() argument
587 return cmd_RequestCAPath(cctx, value); in cmd_ClientCAPath()
590 static int cmd_RequestCAStore(SSL_CONF_CTX *cctx, const char *value) in cmd_RequestCAStore() argument
592 if (cctx->canames == NULL) in cmd_RequestCAStore()
593 cctx->canames = sk_X509_NAME_new_null(); in cmd_RequestCAStore()
594 if (cctx->canames == NULL) in cmd_RequestCAStore()
596 return SSL_add_store_cert_subjects_to_stack(cctx->canames, value); in cmd_RequestCAStore()
599 static int cmd_ClientCAStore(SSL_CONF_CTX *cctx, const char *value) in cmd_ClientCAStore() argument
601 return cmd_RequestCAStore(cctx, value); in cmd_ClientCAStore()
604 static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value) in cmd_DHParameters() argument
609 SSL_CTX *sslctx = (cctx->ssl != NULL) ? cctx->ssl->ctx : cctx->ctx; in cmd_DHParameters()
612 if (cctx->ctx != NULL || cctx->ssl != NULL) { in cmd_DHParameters()
640 if (cctx->ctx != NULL) { in cmd_DHParameters()
641 if ((rv = SSL_CTX_set0_tmp_dh_pkey(cctx->ctx, dhpkey)) > 0) in cmd_DHParameters()
644 if (cctx->ssl != NULL) { in cmd_DHParameters()
645 if ((rv = SSL_set0_tmp_dh_pkey(cctx->ssl, dhpkey)) > 0) in cmd_DHParameters()
660 static int cmd_RecordPadding(SSL_CONF_CTX *cctx, const char *value) in cmd_RecordPadding() argument
687 if (cctx->ctx) in cmd_RecordPadding()
688 rv = SSL_CTX_set_block_padding_ex(cctx->ctx, (size_t)block_padding, in cmd_RecordPadding()
690 if (cctx->ssl) in cmd_RecordPadding()
691 rv = SSL_set_block_padding_ex(cctx->ssl, (size_t)block_padding, in cmd_RecordPadding()
699 static int cmd_NumTickets(SSL_CONF_CTX *cctx, const char *value) in cmd_NumTickets() argument
705 if (cctx->ctx) in cmd_NumTickets()
706 rv = SSL_CTX_set_num_tickets(cctx->ctx, num_tickets); in cmd_NumTickets()
707 if (cctx->ssl) in cmd_NumTickets()
708 rv = SSL_set_num_tickets(cctx->ssl, num_tickets); in cmd_NumTickets()
714 int (*cmd) (SSL_CONF_CTX *cctx, const char *value);
866 static int ssl_conf_cmd_skip_prefix(SSL_CONF_CTX *cctx, const char **pcmd) in ssl_conf_cmd_skip_prefix() argument
871 if (cctx->prefix) { in ssl_conf_cmd_skip_prefix()
872 if (strlen(*pcmd) <= cctx->prefixlen) in ssl_conf_cmd_skip_prefix()
874 if (cctx->flags & SSL_CONF_FLAG_CMDLINE && in ssl_conf_cmd_skip_prefix()
875 strncmp(*pcmd, cctx->prefix, cctx->prefixlen)) in ssl_conf_cmd_skip_prefix()
877 if (cctx->flags & SSL_CONF_FLAG_FILE && in ssl_conf_cmd_skip_prefix()
878 OPENSSL_strncasecmp(*pcmd, cctx->prefix, cctx->prefixlen)) in ssl_conf_cmd_skip_prefix()
880 *pcmd += cctx->prefixlen; in ssl_conf_cmd_skip_prefix()
881 } else if (cctx->flags & SSL_CONF_FLAG_CMDLINE) { in ssl_conf_cmd_skip_prefix()
890 static int ssl_conf_cmd_allowed(SSL_CONF_CTX *cctx, const ssl_conf_cmd_tbl *t) in ssl_conf_cmd_allowed() argument
893 unsigned int cfl = cctx->flags; in ssl_conf_cmd_allowed()
904 static const ssl_conf_cmd_tbl *ssl_conf_cmd_lookup(SSL_CONF_CTX *cctx, in ssl_conf_cmd_lookup() argument
914 if (ssl_conf_cmd_allowed(cctx, t)) { in ssl_conf_cmd_lookup()
915 if (cctx->flags & SSL_CONF_FLAG_CMDLINE) { in ssl_conf_cmd_lookup()
919 if (cctx->flags & SSL_CONF_FLAG_FILE) { in ssl_conf_cmd_lookup()
928 static int ctrl_switch_option(SSL_CONF_CTX *cctx, const ssl_conf_cmd_tbl *cmd) in ctrl_switch_option() argument
941 ssl_set_option(cctx, scmd->name_flags, scmd->option_value, 1); in ctrl_switch_option()
945 int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value) in SSL_CONF_cmd() argument
953 if (!ssl_conf_cmd_skip_prefix(cctx, &cmd)) in SSL_CONF_cmd()
956 runcmd = ssl_conf_cmd_lookup(cctx, cmd); in SSL_CONF_cmd()
962 return ctrl_switch_option(cctx, runcmd); in SSL_CONF_cmd()
966 rv = runcmd->cmd(cctx, value); in SSL_CONF_cmd()
973 if (cctx->flags & SSL_CONF_FLAG_SHOW_ERRORS) in SSL_CONF_cmd()
981 if (cctx->flags & SSL_CONF_FLAG_SHOW_ERRORS) in SSL_CONF_cmd()
987 int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv) in SSL_CONF_cmd_argv() argument
1002 cctx->flags &= ~SSL_CONF_FLAG_FILE; in SSL_CONF_cmd_argv()
1003 cctx->flags |= SSL_CONF_FLAG_CMDLINE; in SSL_CONF_cmd_argv()
1004 rv = SSL_CONF_cmd(cctx, arg, argn); in SSL_CONF_cmd_argv()
1021 int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd) in SSL_CONF_cmd_value_type() argument
1023 if (ssl_conf_cmd_skip_prefix(cctx, &cmd)) { in SSL_CONF_cmd_value_type()
1025 runcmd = ssl_conf_cmd_lookup(cctx, cmd); in SSL_CONF_cmd_value_type()
1039 int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx) in SSL_CONF_CTX_finish() argument
1045 if (cctx->ctx != NULL) { in SSL_CONF_CTX_finish()
1046 c = cctx->ctx->cert; in SSL_CONF_CTX_finish()
1047 } else if (cctx->ssl != NULL) { in SSL_CONF_CTX_finish()
1048 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(cctx->ssl); in SSL_CONF_CTX_finish()
1053 if (c != NULL && cctx->flags & SSL_CONF_FLAG_REQUIRE_PRIVATE) { in SSL_CONF_CTX_finish()
1055 const char *p = cctx->cert_filename[i]; in SSL_CONF_CTX_finish()
1060 if (!cmd_PrivateKey(cctx, p)) in SSL_CONF_CTX_finish()
1065 if (cctx->canames) { in SSL_CONF_CTX_finish()
1066 if (cctx->ssl) in SSL_CONF_CTX_finish()
1067 SSL_set0_CA_list(cctx->ssl, cctx->canames); in SSL_CONF_CTX_finish()
1068 else if (cctx->ctx) in SSL_CONF_CTX_finish()
1069 SSL_CTX_set0_CA_list(cctx->ctx, cctx->canames); in SSL_CONF_CTX_finish()
1071 sk_X509_NAME_pop_free(cctx->canames, X509_NAME_free); in SSL_CONF_CTX_finish()
1072 cctx->canames = NULL; in SSL_CONF_CTX_finish()
1077 void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx) in SSL_CONF_CTX_free() argument
1079 if (cctx) { in SSL_CONF_CTX_free()
1082 OPENSSL_free(cctx->cert_filename[i]); in SSL_CONF_CTX_free()
1083 OPENSSL_free(cctx->prefix); in SSL_CONF_CTX_free()
1084 sk_X509_NAME_pop_free(cctx->canames, X509_NAME_free); in SSL_CONF_CTX_free()
1085 OPENSSL_free(cctx); in SSL_CONF_CTX_free()
1089 unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags) in SSL_CONF_CTX_set_flags() argument
1091 cctx->flags |= flags; in SSL_CONF_CTX_set_flags()
1092 return cctx->flags; in SSL_CONF_CTX_set_flags()
1095 unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, unsigned int flags) in SSL_CONF_CTX_clear_flags() argument
1097 cctx->flags &= ~flags; in SSL_CONF_CTX_clear_flags()
1098 return cctx->flags; in SSL_CONF_CTX_clear_flags()
1101 int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *pre) in SSL_CONF_CTX_set1_prefix() argument
1109 OPENSSL_free(cctx->prefix); in SSL_CONF_CTX_set1_prefix()
1110 cctx->prefix = tmp; in SSL_CONF_CTX_set1_prefix()
1112 cctx->prefixlen = strlen(tmp); in SSL_CONF_CTX_set1_prefix()
1114 cctx->prefixlen = 0; in SSL_CONF_CTX_set1_prefix()
1118 void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl) in SSL_CONF_CTX_set_ssl() argument
1120 cctx->ssl = ssl; in SSL_CONF_CTX_set_ssl()
1121 cctx->ctx = NULL; in SSL_CONF_CTX_set_ssl()
1127 cctx->poptions = &sc->options; in SSL_CONF_CTX_set_ssl()
1128 cctx->min_version = &sc->min_proto_version; in SSL_CONF_CTX_set_ssl()
1129 cctx->max_version = &sc->max_proto_version; in SSL_CONF_CTX_set_ssl()
1130 cctx->pcert_flags = &sc->cert->cert_flags; in SSL_CONF_CTX_set_ssl()
1131 cctx->pvfy_flags = &sc->verify_mode; in SSL_CONF_CTX_set_ssl()
1133 cctx->poptions = NULL; in SSL_CONF_CTX_set_ssl()
1134 cctx->min_version = NULL; in SSL_CONF_CTX_set_ssl()
1135 cctx->max_version = NULL; in SSL_CONF_CTX_set_ssl()
1136 cctx->pcert_flags = NULL; in SSL_CONF_CTX_set_ssl()
1137 cctx->pvfy_flags = NULL; in SSL_CONF_CTX_set_ssl()
1141 void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx) in SSL_CONF_CTX_set_ssl_ctx() argument
1143 cctx->ctx = ctx; in SSL_CONF_CTX_set_ssl_ctx()
1144 cctx->ssl = NULL; in SSL_CONF_CTX_set_ssl_ctx()
1146 cctx->poptions = &ctx->options; in SSL_CONF_CTX_set_ssl_ctx()
1147 cctx->min_version = &ctx->min_proto_version; in SSL_CONF_CTX_set_ssl_ctx()
1148 cctx->max_version = &ctx->max_proto_version; in SSL_CONF_CTX_set_ssl_ctx()
1149 cctx->pcert_flags = &ctx->cert->cert_flags; in SSL_CONF_CTX_set_ssl_ctx()
1150 cctx->pvfy_flags = &ctx->verify_mode; in SSL_CONF_CTX_set_ssl_ctx()
1152 cctx->poptions = NULL; in SSL_CONF_CTX_set_ssl_ctx()
1153 cctx->min_version = NULL; in SSL_CONF_CTX_set_ssl_ctx()
1154 cctx->max_version = NULL; in SSL_CONF_CTX_set_ssl_ctx()
1155 cctx->pcert_flags = NULL; in SSL_CONF_CTX_set_ssl_ctx()
1156 cctx->pvfy_flags = NULL; in SSL_CONF_CTX_set_ssl_ctx()
