diff options
Diffstat (limited to 'tls_config.c')
-rw-r--r-- | tls_config.c | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/tls_config.c b/tls_config.c index 9144dad..5eb5b69 100644 --- a/tls_config.c +++ b/tls_config.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_config.c,v 1.63 2021/01/21 22:03:25 eric Exp $ */ +/* $OpenBSD: tls_config.c,v 1.67 2023/07/02 06:37:27 beck Exp $ */ /* * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> * @@ -22,6 +22,7 @@ #include <fcntl.h> #include <pthread.h> #include <stdlib.h> +#include <string.h> #include <unistd.h> #include <tls.h> @@ -250,9 +251,9 @@ tls_config_parse_protocols(uint32_t *protocols, const char *protostr) if (strcasecmp(p, "tlsv1") == 0) proto = TLS_PROTOCOL_TLSv1; else if (strcasecmp(p, "tlsv1.0") == 0) - proto = TLS_PROTOCOL_TLSv1_0; + proto = TLS_PROTOCOL_TLSv1_2; else if (strcasecmp(p, "tlsv1.1") == 0) - proto = TLS_PROTOCOL_TLSv1_1; + proto = TLS_PROTOCOL_TLSv1_2; else if (strcasecmp(p, "tlsv1.2") == 0) proto = TLS_PROTOCOL_TLSv1_2; else if (strcasecmp(p, "tlsv1.3") == 0) @@ -722,7 +723,7 @@ tls_config_set_session_fd(struct tls_config *config, int session_fd) if (sb.st_uid != getuid()) { tls_config_set_errorx(config, "session file has incorrect " - "owner (uid %i != %i)", sb.st_uid, getuid()); + "owner (uid %u != %u)", sb.st_uid, getuid()); return (-1); } mugo = sb.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO); @@ -738,6 +739,17 @@ tls_config_set_session_fd(struct tls_config *config, int session_fd) } int +tls_config_set_sign_cb(struct tls_config *config, tls_sign_cb cb, void *cb_arg) +{ + config->use_fake_private_key = 1; + config->skip_private_key_check = 1; + config->sign_cb = cb; + config->sign_cb_arg = cb_arg; + + return (0); +} + +int tls_config_set_verify_depth(struct tls_config *config, int verify_depth) { config->verify_depth = verify_depth; |