Add option to set local client CA

This is a little bit messy. Allows setting either -A or -W or both. Implements SASL EXTERNAL for clients that expect that when connecting with a client certificate. Need to test that reloading still works inside capsicum, since I suspect that rewind call may be blocked.
author: June McEnroe <june@causal.agency> 2020-01-12 18:07:54 -0500
committer: June McEnroe <june@causal.agency> 2020-01-12 18:07:54 -0500
commit: 5e6094e437a5437ceb6b083d16995ea629a4d720 (patch)
tree: 34ad1b244212caab1b832a6243988e388282434a /bounce.h
parent: Add a vendor capability for passive clients (diff)
download: pounce-5e6094e437a5437ceb6b083d16995ea629a4d720.tar.gz
pounce-5e6094e437a5437ceb6b083d16995ea629a4d720.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/bounce.h b/bounce.h
index 5bff619..a0f9160 100644
--- a/bounce.h
+++ b/bounce.h
@@ -127,7 +127,7 @@ void ringInfo(void);
 int ringSave(FILE *file);
 void ringLoad(FILE *file);
 
-void localConfig(FILE *cert, FILE *priv);
+void localConfig(FILE *cert, FILE *priv, FILE *ca, bool require);
 size_t localBind(int fds[], size_t cap, const char *host, const char *port);
 size_t localUnix(int fds[], size_t cap, const char *path);
 struct tls *localAccept(int *fd, int bind);
@@ -139,6 +139,7 @@ void serverSend(const char *ptr, size_t len);
 void serverFormat(const char *format, ...)
 	__attribute__((format(printf, 1, 2)));
 
+extern bool clientCA;
 extern char *clientPass;
 extern char *clientAway;
 struct Client *clientAlloc(struct tls *tls);
author	June McEnroe <june@causal.agency>	2020-01-12 18:07:54 -0500
committer	June McEnroe <june@causal.agency>	2020-01-12 18:07:54 -0500
commit	5e6094e437a5437ceb6b083d16995ea629a4d720 (patch)
tree	34ad1b244212caab1b832a6243988e388282434a /bounce.h
parent	Add a vendor capability for passive clients (diff)
download	pounce-5e6094e437a5437ceb6b083d16995ea629a4d720.tar.gz pounce-5e6094e437a5437ceb6b083d16995ea629a4d720.zip