diff options
| author | Eric Faurot <eric@cvs.openbsd.org> | 2014-02-04 13:44:42 +0000 |
|---|---|---|
| committer | Eric Faurot <eric@cvs.openbsd.org> | 2014-02-04 13:44:42 +0000 |
| commit | 5466a3045acfc02b1542c40152b69df386bcf9e0 (patch) | |
| tree | bd0ebdfd026b293d6b0de4ba08d970ce0ffbce92 /usr.sbin/smtpd/ssl.h | |
| parent | 18a6e075a482dcb67a689f725c9795e20a72a992 (diff) | |
pki code cleanup
- rename "struct ssl" and "cert" to "struct pki" and "cert" to "pki_name"
- inherit pki conf on fork instead of passing it through imsg at startup
- implement SNI on smtp listeners
Diffstat (limited to 'usr.sbin/smtpd/ssl.h')
| -rw-r--r-- | usr.sbin/smtpd/ssl.h | 46 |
1 files changed, 22 insertions, 24 deletions
diff --git a/usr.sbin/smtpd/ssl.h b/usr.sbin/smtpd/ssl.h index cbf5574da4b..d5eebe080c4 100644 --- a/usr.sbin/smtpd/ssl.h +++ b/usr.sbin/smtpd/ssl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl.h,v 1.4 2013/11/28 12:50:40 eric Exp $ */ +/* $OpenBSD: ssl.h,v 1.5 2014/02/04 13:44:41 eric Exp $ */ /* * Copyright (c) 2013 Gilles Chehade <gilles@poolp.org> * @@ -19,37 +19,35 @@ #define SSL_ECDH_CURVE "prime256v1" #define SSL_SESSION_TIMEOUT 300 -struct ssl { - char ssl_name[PATH_MAX]; +struct pki { + char pki_name[PATH_MAX]; - char *ssl_ca_file; - char *ssl_ca; - off_t ssl_ca_len; + char *pki_ca_file; + char *pki_ca; + off_t pki_ca_len; - char *ssl_cert_file; - char *ssl_cert; - off_t ssl_cert_len; + char *pki_cert_file; + char *pki_cert; + off_t pki_cert_len; - char *ssl_key_file; - char *ssl_key; - off_t ssl_key_len; + char *pki_key_file; + char *pki_key; + off_t pki_key_len; - char *ssl_dhparams_file; - char *ssl_dhparams; - off_t ssl_dhparams_len; + char *pki_dhparams_file; + char *pki_dhparams; + off_t pki_dhparams_len; }; /* ssl.c */ void ssl_init(void); -int ssl_setup(SSL_CTX **, struct ssl *); +int ssl_setup(SSL_CTX **, struct pki *); SSL_CTX *ssl_ctx_create(void); -void *ssl_mta_init(char *, off_t, char *, off_t); -void *ssl_smtp_init(void *, char *, off_t, char *, off_t); -int ssl_cmp(struct ssl *, struct ssl *); +int ssl_cmp(struct pki *, struct pki *); DH *get_dh1024(void); DH *get_dh_from_memory(char *, size_t); void ssl_set_ephemeral_key_exchange(SSL_CTX *, DH *); -void ssl_set_ecdh_curve(SSL_CTX *); +void ssl_set_ecdh_curve(SSL_CTX *, const char *); extern int ssl_ctx_load_verify_memory(SSL_CTX *, char *, off_t); char *ssl_load_file(const char *, off_t *, mode_t); char *ssl_load_key(const char *, off_t *, char *, mode_t, const char *); @@ -57,10 +55,10 @@ char *ssl_load_key(const char *, off_t *, char *, mode_t, const char *); const char *ssl_to_text(const SSL *); void ssl_error(const char *); -int ssl_load_certificate(struct ssl *, const char *); -int ssl_load_keyfile(struct ssl *, const char *, const char *); -int ssl_load_cafile(struct ssl *, const char *); -int ssl_load_dhparams(struct ssl *, const char *); +int ssl_load_certificate(struct pki *, const char *); +int ssl_load_keyfile(struct pki *, const char *, const char *); +int ssl_load_cafile(struct pki *, const char *); +int ssl_load_dhparams(struct pki *, const char *); /* ssl_privsep.c */ |