[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

Dr. Stephen Henson steve at openssl.org
Wed Mar 18 12:32:18 UTC 2015 

The branch OpenSSL_1_0_2-stable has been updated
       via  8b84495380098592ef7bb2fa9209ccb87803bf1d (commit)
      from  c1559f5046092b542f8033bb8eec8bd88ce0d8f2 (commit)


- Log -----------------------------------------------------------------
commit 8b84495380098592ef7bb2fa9209ccb87803bf1d
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Tue Mar 17 15:55:11 2015 +0000

    Add support for ServerInfo SSL_CONF option.
    
    Add support for ServerInfo SSL_CONF option and update documentation. This
    was wrongly omitted from the 1.0.2 release.
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 doc/ssl/SSL_CONF_cmd.pod |  5 +++++
 ssl/ssl_conf.c           | 13 +++++++++++++
 2 files changed, 18 insertions(+)

diff --git a/doc/ssl/SSL_CONF_cmd.pod b/doc/ssl/SSL_CONF_cmd.pod
index 6d073cb..2bf1a60 100644
--- a/doc/ssl/SSL_CONF_cmd.pod
+++ b/doc/ssl/SSL_CONF_cmd.pod
@@ -195,6 +195,11 @@ context. This option is only supported if certificate operations
 are permitted. Note: if no B<-key> option is set then a private key is
 not loaded: it does not currently use the B<Certificate> file.
 
+=item B<ServerInfoFile>
+
+Attempts to use the file B<value> in the "serverinfo" extension using the
+function SSL_CTX_use_serverinfo_file.
+
 =item B<DHParameters>
 
 Attempts to use the file B<value> as the set of temporary DH parameters for
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index d950242..5478840 100644
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -386,6 +386,18 @@ static int cmd_PrivateKey(SSL_CONF_CTX *cctx, const char *value)
     return rv > 0;
 }
 
+static int cmd_ServerInfoFile(SSL_CONF_CTX *cctx, const char *value)
+{
+    int rv = 1;
+    if (!(cctx->flags & SSL_CONF_FLAG_CERTIFICATE))
+        return -2;
+    if (!(cctx->flags & SSL_CONF_FLAG_SERVER))
+        return -2;
+    if (cctx->ctx)
+        rv = SSL_CTX_use_serverinfo_file(cctx->ctx, value);
+    return rv > 0;
+}
+
 #ifndef OPENSSL_NO_DH
 static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value)
 {
@@ -444,6 +456,7 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {
     SSL_CONF_CMD_STRING(Options, NULL),
     SSL_CONF_CMD(Certificate, "cert", SSL_CONF_TYPE_FILE),
     SSL_CONF_CMD(PrivateKey, "key", SSL_CONF_TYPE_FILE),
+    SSL_CONF_CMD(ServerInfoFile, NULL, SSL_CONF_TYPE_FILE),
 #ifndef OPENSSL_NO_DH
     SSL_CONF_CMD(DHParameters, "dhparam", SSL_CONF_TYPE_FILE)
 #endif

More information about the openssl-commits mailing list