summary refs log tree commit diff
path: root/bounce.h
diff options
context:
space:
mode:
authorJune McEnroe <june@causal.agency>2020-01-12 18:07:54 -0500
committerJune McEnroe <june@causal.agency>2020-01-12 18:07:54 -0500
commit5e6094e437a5437ceb6b083d16995ea629a4d720 (patch)
tree34ad1b244212caab1b832a6243988e388282434a /bounce.h
parentAdd a vendor capability for passive clients (diff)
downloadpounce-5e6094e437a5437ceb6b083d16995ea629a4d720.tar.gz
pounce-5e6094e437a5437ceb6b083d16995ea629a4d720.zip
Add option to set local client CA
This is a little bit messy. Allows setting either -A or -W or both.
Implements SASL EXTERNAL for clients that expect that when connecting
with a client certificate.

Need to test that reloading still works inside capsicum, since I suspect
that rewind call may be blocked.
Diffstat (limited to '')
-rw-r--r--bounce.h3
1 files changed, 2 insertions, 1 deletions
diff --git a/bounce.h b/bounce.h
index 5bff619..a0f9160 100644
--- a/bounce.h
+++ b/bounce.h
@@ -127,7 +127,7 @@ void ringInfo(void);
 int ringSave(FILE *file);
 void ringLoad(FILE *file);
 
-void localConfig(FILE *cert, FILE *priv);
+void localConfig(FILE *cert, FILE *priv, FILE *ca, bool require);
 size_t localBind(int fds[], size_t cap, const char *host, const char *port);
 size_t localUnix(int fds[], size_t cap, const char *path);
 struct tls *localAccept(int *fd, int bind);
@@ -139,6 +139,7 @@ void serverSend(const char *ptr, size_t len);
 void serverFormat(const char *format, ...)
 	__attribute__((format(printf, 1, 2)));
 
+extern bool clientCA;
 extern char *clientPass;
 extern char *clientAway;
 struct Client *clientAlloc(struct tls *tls);