diff options
| author | Reyk Floeter <reyk@cvs.openbsd.org> | 2015-01-22 09:16:25 +0000 |
|---|---|---|
| committer | Reyk Floeter <reyk@cvs.openbsd.org> | 2015-01-22 09:16:25 +0000 |
| commit | d8c6bc473f24342a7779cf1d21ce977aa7fd6dd1 (patch) | |
| tree | b25654cf0edc56cfa1c4aaf65f90e9cde61ce16d /lib/libtls/tls.h | |
| parent | f266595e8e39b262d34c368300f37fa3d65c2056 (diff) | |
Allow to to load the CA chain directly from memory instead of
specifying a file. This enables CA verification in privsep'ed
processes that are running chroot'ed without direct access to the
certificate files.
With feedback, tests, and OK from bluhm@
Diffstat (limited to 'lib/libtls/tls.h')
| -rw-r--r-- | lib/libtls/tls.h | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/libtls/tls.h b/lib/libtls/tls.h index 21e1d74b357..8dcf1257654 100644 --- a/lib/libtls/tls.h +++ b/lib/libtls/tls.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls.h,v 1.2 2014/11/02 14:45:05 jsing Exp $ */ +/* $OpenBSD: tls.h,v 1.3 2015/01/22 09:16:24 reyk Exp $ */ /* * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> * @@ -42,6 +42,8 @@ void tls_config_free(struct tls_config *config); int tls_config_set_ca_file(struct tls_config *config, const char *ca_file); int tls_config_set_ca_path(struct tls_config *config, const char *ca_path); +int tls_config_set_ca_mem(struct tls_config *config, const uint8_t *ca, + size_t len); int tls_config_set_cert_file(struct tls_config *config, const char *cert_file); int tls_config_set_cert_mem(struct tls_config *config, const uint8_t *cert, size_t len); |