Lines Matching full:config
96 struct tls_config *config;
99 if ((config = calloc(1, sizeof(*config))) == NULL)
102 if (pthread_mutex_init(&config->mutex, NULL) != 0)
105 config->refcount = 1;
106 config->session_fd = -1;
108 if ((config->keypair = tls_keypair_new()) == NULL)
114 if (tls_config_set_dheparams(config, "none") != 0)
116 if (tls_config_set_ecdhecurves(config, "default") != 0)
118 if (tls_config_set_ciphers(config, "secure") != 0)
121 if (tls_config_set_protocols(config, TLS_PROTOCOLS_DEFAULT) != 0)
123 if (tls_config_set_verify_depth(config, 6) != 0)
132 if (tls_config_set_session_id(config, sid, sizeof(sid)) != 0)
134 config->ticket_keyrev = arc4random();
135 config->ticket_autorekey = 1;
137 tls_config_prefer_ciphers_server(config);
139 tls_config_verify(config);
141 return (config);
144 tls_config_free(config);
158 tls_config_free(struct tls_config *config)
163 if (config == NULL)
166 pthread_mutex_lock(&config->mutex);
167 refcount = --config->refcount;
168 pthread_mutex_unlock(&config->mutex);
173 for (kp = config->keypair; kp != NULL; kp = nkp) {
178 free(config->error.msg);
180 free(config->alpn);
181 free((char *)config->ca_mem);
182 free((char *)config->ca_path);
183 free((char *)config->ciphers);
184 free((char *)config->crl_mem);
185 free(config->ecdhecurves);
187 pthread_mutex_destroy(&config->mutex);
189 free(config);
193 tls_config_keypair_add(struct tls_config *config, struct tls_keypair *keypair)
197 kp = config->keypair;
205 tls_config_error(struct tls_config *config)
207 return config->error.msg;
211 tls_config_error_code(struct tls_config *config)
213 return config->error.code;
217 tls_config_clear_keys(struct tls_config *config)
221 for (kp = config->keypair; kp != NULL; kp = kp->next)
291 tls_config_parse_alpn(struct tls_config *config, const char *alpn,
304 tls_config_set_errorx(config, TLS_ERROR_INVALID_ARGUMENT,
310 tls_config_set_errorx(config, TLS_ERROR_OUT_OF_MEMORY,
316 tls_config_set_errorx(config, TLS_ERROR_OUT_OF_MEMORY,
325 tls_config_set_errorx(config, TLS_ERROR_INVALID_ARGUMENT,
330 tls_config_set_errorx(config, TLS_ERROR_INVALID_ARGUMENT,
354 tls_config_set_alpn(struct tls_config *config, const char *alpn)
356 return tls_config_parse_alpn(config, alpn, &config->alpn,
357 &config->alpn_len);
361 tls_config_add_keypair_file_internal(struct tls_config *config,
368 if (tls_keypair_set_cert_file(keypair, &config->error, cert_file) != 0)
371 tls_keypair_set_key_file(keypair, &config->error, key_file) != 0)
374 tls_keypair_set_ocsp_staple_file(keypair, &config->error,
378 tls_config_keypair_add(config, keypair);
388 tls_config_add_keypair_mem_internal(struct tls_config *config, const uint8_t *cert,
396 if (tls_keypair_set_cert_mem(keypair, &config->error, cert, cert_len) != 0)
399 tls_keypair_set_key_mem(keypair, &config->error, key, key_len) != 0)
402 tls_keypair_set_ocsp_staple_mem(keypair, &config->error, staple,
406 tls_config_keypair_add(config, keypair);
416 tls_config_add_keypair_mem(struct tls_config *config, const uint8_t *cert,
419 return tls_config_add_keypair_mem_internal(config, cert, cert_len, key,
424 tls_config_add_keypair_file(struct tls_config *config,
427 return tls_config_add_keypair_file_internal(config, cert_file,
432 tls_config_add_keypair_ocsp_mem(struct tls_config *config, const uint8_t *cert,
436 return tls_config_add_keypair_mem_internal(config, cert, cert_len, key,
441 tls_config_add_keypair_ocsp_file(struct tls_config *config,
444 return tls_config_add_keypair_file_internal(config, cert_file,
449 tls_config_set_ca_file(struct tls_config *config, const char *ca_file)
451 return tls_config_load_file(&config->error, "CA", ca_file,
452 &config->ca_mem, &config->ca_len);
456 tls_config_set_ca_path(struct tls_config *config, const char *ca_path)
458 return tls_set_string(&config->ca_path, ca_path);
462 tls_config_set_ca_mem(struct tls_config *config, const uint8_t *ca, size_t len)
464 return tls_set_mem(&config->ca_mem, &config->ca_len, ca, len);
468 tls_config_set_cert_file(struct tls_config *config, const char *cert_file)
470 return tls_keypair_set_cert_file(config->keypair, &config->error,
475 tls_config_set_cert_mem(struct tls_config *config, const uint8_t *cert,
478 return tls_keypair_set_cert_mem(config->keypair, &config->error,
483 tls_config_set_ciphers(struct tls_config *config, const char *ciphers)
500 tls_config_set_errorx(config, TLS_ERROR_OUT_OF_MEMORY,
505 tls_config_set_errorx(config, TLS_ERROR_UNKNOWN,
511 return tls_set_string(&config->ciphers, ciphers);
519 tls_config_set_crl_file(struct tls_config *config, const char *crl_file)
521 return tls_config_load_file(&config->error, "CRL", crl_file,
522 &config->crl_mem, &config->crl_len);
526 tls_config_set_crl_mem(struct tls_config *config, const uint8_t *crl,
529 return tls_set_mem(&config->crl_mem, &config->crl_len, crl, len);
533 tls_config_set_dheparams(struct tls_config *config, const char *params)
544 tls_config_set_errorx(config, TLS_ERROR_UNKNOWN,
549 config->dheparams = keylen;
555 tls_config_set_ecdhecurve(struct tls_config *config, const char *curve)
562 tls_config_set_errorx(config, TLS_ERROR_UNKNOWN,
567 return tls_config_set_ecdhecurves(config, curve);
571 tls_config_set_ecdhecurves(struct tls_config *config, const char *curves)
580 free(config->ecdhecurves);
581 config->ecdhecurves = NULL;
582 config->ecdhecurves_len = 0;
588 tls_config_set_errorx(config, TLS_ERROR_OUT_OF_MEMORY,
604 tls_config_set_errorx(config, TLS_ERROR_UNKNOWN,
611 tls_config_set_errorx(config, TLS_ERROR_OUT_OF_MEMORY,
620 config->ecdhecurves = curves_list;
621 config->ecdhecurves_len = curves_num;
634 tls_config_set_key_file(struct tls_config *config, const char *key_file)
636 return tls_keypair_set_key_file(config->keypair, &config->error,
641 tls_config_set_key_mem(struct tls_config *config, const uint8_t *key,
644 return tls_keypair_set_key_mem(config->keypair, &config->error,
649 tls_config_set_keypair_file_internal(struct tls_config *config,
652 if (tls_config_set_cert_file(config, cert_file) != 0)
654 if (tls_config_set_key_file(config, key_file) != 0)
657 tls_config_set_ocsp_staple_file(config, ocsp_file) != 0)
664 tls_config_set_keypair_mem_internal(struct tls_config *config, const uint8_t *cert,
668 if (tls_config_set_cert_mem(config, cert, cert_len) != 0)
670 if (tls_config_set_key_mem(config, key, key_len) != 0)
673 (tls_config_set_ocsp_staple_mem(config, staple, staple_len) != 0))
680 tls_config_set_keypair_file(struct tls_config *config,
683 return tls_config_set_keypair_file_internal(config, cert_file, key_file,
688 tls_config_set_keypair_mem(struct tls_config *config, const uint8_t *cert,
691 return tls_config_set_keypair_mem_internal(config, cert, cert_len,
696 tls_config_set_keypair_ocsp_file(struct tls_config *config,
699 return tls_config_set_keypair_file_internal(config, cert_file, key_file,
704 tls_config_set_keypair_ocsp_mem(struct tls_config *config, const uint8_t *cert,
708 return tls_config_set_keypair_mem_internal(config, cert, cert_len,
714 tls_config_set_protocols(struct tls_config *config, uint32_t protocols)
716 config->protocols = protocols;
722 tls_config_set_session_fd(struct tls_config *config, int session_fd)
728 config->session_fd = session_fd;
733 tls_config_set_error(config, TLS_ERROR_UNKNOWN,
738 tls_config_set_errorx(config, TLS_ERROR_UNKNOWN,
744 tls_config_set_errorx(config, TLS_ERROR_UNKNOWN,
751 tls_config_set_errorx(config, TLS_ERROR_UNKNOWN,
756 config->session_fd = session_fd;
762 tls_config_set_sign_cb(struct tls_config *config, tls_sign_cb cb, void *cb_arg)
764 config->use_fake_private_key = 1;
765 config->skip_private_key_check = 1;
766 config->sign_cb = cb;
767 config->sign_cb_arg = cb_arg;
773 tls_config_set_verify_depth(struct tls_config *config, int verify_depth)
775 config->verify_depth = verify_depth;
781 tls_config_prefer_ciphers_client(struct tls_config *config)
783 config->ciphers_server = 0;
787 tls_config_prefer_ciphers_server(struct tls_config *config)
789 config->ciphers_server = 1;
793 tls_config_insecure_noverifycert(struct tls_config *config)
795 config->verify_cert = 0;
799 tls_config_insecure_noverifyname(struct tls_config *config)
801 config->verify_name = 0;
805 tls_config_insecure_noverifytime(struct tls_config *config)
807 config->verify_time = 0;
811 tls_config_verify(struct tls_config *config)
813 config->verify_cert = 1;
814 config->verify_name = 1;
815 config->verify_time = 1;
819 tls_config_ocsp_require_stapling(struct tls_config *config)
821 config->ocsp_require_stapling = 1;
825 tls_config_verify_client(struct tls_config *config)
827 config->verify_client = 1;
831 tls_config_verify_client_optional(struct tls_config *config)
833 config->verify_client = 2;
837 tls_config_skip_private_key_check(struct tls_config *config)
839 config->skip_private_key_check = 1;
843 tls_config_use_fake_private_key(struct tls_config *config)
845 config->use_fake_private_key = 1;
846 config->skip_private_key_check = 1;
850 tls_config_set_ocsp_staple_file(struct tls_config *config, const char *staple_file)
852 return tls_keypair_set_ocsp_staple_file(config->keypair, &config->error,
857 tls_config_set_ocsp_staple_mem(struct tls_config *config, const uint8_t *staple,
860 return tls_keypair_set_ocsp_staple_mem(config->keypair, &config->error,
865 tls_config_set_session_id(struct tls_config *config,
869 tls_config_set_errorx(config, TLS_ERROR_INVALID_ARGUMENT,
873 memset(config->session_id, 0, sizeof(config->session_id));
874 memcpy(config->session_id, session_id, len);
879 tls_config_set_session_lifetime(struct tls_config *config, int lifetime)
882 tls_config_set_errorx(config, TLS_ERROR_INVALID_ARGUMENT,
887 tls_config_set_errorx(config, TLS_ERROR_INVALID_ARGUMENT,
892 config->session_lifetime = lifetime;
897 tls_config_add_ticket_key(struct tls_config *config, uint32_t keyrev,
905 tls_config_set_errorx(config, TLS_ERROR_UNKNOWN,
919 struct tls_ticket_key *tk = &config->ticket_keys[i];
929 tls_config_set_errorx(config, TLS_ERROR_UNKNOWN,
934 memmove(&config->ticket_keys[1], &config->ticket_keys[0],
935 sizeof(config->ticket_keys) - sizeof(config->ticket_keys[0]));
936 config->ticket_keys[0] = newkey;
938 config->ticket_autorekey = 0;
944 tls_config_ticket_autorekey(struct tls_config *config)
950 rv = tls_config_add_ticket_key(config, config->ticket_keyrev++, key,
952 config->ticket_autorekey = 1;