1 1.1 christos /* 2 1.1 christos * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. 3 1.1 christos * 4 1.1 christos * Licensed under the OpenSSL license (the "License"). You may not use 5 1.1 christos * this file except in compliance with the License. You can obtain a copy 6 1.1 christos * in the file LICENSE in the source distribution or at 7 1.1 christos * https://www.openssl.org/source/license.html 8 1.1 christos */ 9 1.1 christos 10 1.1 christos #include <stdio.h> 11 1.1 christos #include <openssl/conf.h> 12 1.1 christos #include <openssl/ssl.h> 13 1.1 christos #include "ssl_local.h" 14 1.1 christos #include "internal/sslconf.h" 15 1.1 christos 16 1.1 christos /* SSL library configuration module. */ 17 1.1 christos 18 1.1 christos void SSL_add_ssl_module(void) 19 1.1 christos { 20 1.1 christos /* Do nothing. This will be added automatically by libcrypto */ 21 1.1 christos } 22 1.1 christos 23 1.1 christos static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name, int system) 24 1.1 christos { 25 1.1 christos SSL_CONF_CTX *cctx = NULL; 26 1.1 christos size_t i, idx, cmd_count; 27 1.1 christos int rv = 0; 28 1.1 christos unsigned int flags; 29 1.1 christos const SSL_METHOD *meth; 30 1.1 christos const SSL_CONF_CMD *cmds; 31 1.1 christos 32 1.1 christos if (s == NULL && ctx == NULL) { 33 1.1 christos SSLerr(SSL_F_SSL_DO_CONFIG, ERR_R_PASSED_NULL_PARAMETER); 34 1.1 christos goto err; 35 1.1 christos } 36 1.1 christos 37 1.1 christos if (name == NULL && system) 38 1.1 christos name = "system_default"; 39 1.1 christos if (!conf_ssl_name_find(name, &idx)) { 40 1.1 christos if (!system) { 41 1.1 christos SSLerr(SSL_F_SSL_DO_CONFIG, SSL_R_INVALID_CONFIGURATION_NAME); 42 1.1 christos ERR_add_error_data(2, "name=", name); 43 1.1 christos } 44 1.1 christos goto err; 45 1.1 christos } 46 1.1 christos cmds = conf_ssl_get(idx, &name, &cmd_count); 47 1.1 christos cctx = SSL_CONF_CTX_new(); 48 1.1 christos if (cctx == NULL) 49 1.1 christos goto err; 50 1.1 christos flags = SSL_CONF_FLAG_FILE; 51 1.1 christos if (!system) 52 1.1 christos flags |= SSL_CONF_FLAG_CERTIFICATE | SSL_CONF_FLAG_REQUIRE_PRIVATE; 53 1.1 christos if (s != NULL) { 54 1.1 christos meth = s->method; 55 1.1 christos SSL_CONF_CTX_set_ssl(cctx, s); 56 1.1 christos } else { 57 1.1 christos meth = ctx->method; 58 1.1 christos SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); 59 1.1 christos } 60 1.1 christos if (meth->ssl_accept != ssl_undefined_function) 61 1.1 christos flags |= SSL_CONF_FLAG_SERVER; 62 1.1 christos if (meth->ssl_connect != ssl_undefined_function) 63 1.1 christos flags |= SSL_CONF_FLAG_CLIENT; 64 1.1 christos SSL_CONF_CTX_set_flags(cctx, flags); 65 1.1 christos for (i = 0; i < cmd_count; i++) { 66 1.1 christos char *cmdstr, *arg; 67 1.1 christos 68 1.1 christos conf_ssl_get_cmd(cmds, i, &cmdstr, &arg); 69 1.1 christos rv = SSL_CONF_cmd(cctx, cmdstr, arg); 70 1.1 christos if (rv <= 0) { 71 1.1 christos if (rv == -2) 72 1.1 christos SSLerr(SSL_F_SSL_DO_CONFIG, SSL_R_UNKNOWN_COMMAND); 73 1.1 christos else 74 1.1 christos SSLerr(SSL_F_SSL_DO_CONFIG, SSL_R_BAD_VALUE); 75 1.1 christos ERR_add_error_data(6, "section=", name, ", cmd=", cmdstr, 76 1.1 christos ", arg=", arg); 77 1.1 christos goto err; 78 1.1 christos } 79 1.1 christos } 80 1.1 christos rv = SSL_CONF_CTX_finish(cctx); 81 1.1 christos err: 82 1.1 christos SSL_CONF_CTX_free(cctx); 83 1.1 christos return rv <= 0 ? 0 : 1; 84 1.1 christos } 85 1.1 christos 86 1.1 christos int SSL_config(SSL *s, const char *name) 87 1.1 christos { 88 1.1 christos return ssl_do_config(s, NULL, name, 0); 89 1.1 christos } 90 1.1 christos 91 1.1 christos int SSL_CTX_config(SSL_CTX *ctx, const char *name) 92 1.1 christos { 93 1.1 christos return ssl_do_config(NULL, ctx, name, 0); 94 1.1 christos } 95 1.1 christos 96 1.1 christos void ssl_ctx_system_config(SSL_CTX *ctx) 97 1.1 christos { 98 1.1 christos ssl_do_config(NULL, ctx, NULL, 1); 99 1.1 christos } 100
Indexes created Mon Mar 02 05:31:46 UTC 2026