tls_config
tls_config_set_error(struct tls_config *config, int code, const char *fmt, ...)
tls_config_set_errorx(struct tls_config *config, int code, const char *fmt, ...)
tls_configure(struct tls *ctx, struct tls_config *config)
static struct tls_config *tls_config_default;
int tls_config_error_code(struct tls_config *_config);
struct tls_config *tls_config_new(void);
void tls_config_free(struct tls_config *_config);
int tls_config_add_keypair_file(struct tls_config *_config,
int tls_config_add_keypair_mem(struct tls_config *_config, const uint8_t *_cert,
int tls_config_add_keypair_ocsp_file(struct tls_config *_config,
int tls_config_add_keypair_ocsp_mem(struct tls_config *_config, const uint8_t *_cert,
int tls_config_set_alpn(struct tls_config *_config, const char *_alpn);
int tls_config_set_ca_file(struct tls_config *_config, const char *_ca_file);
int tls_config_set_ca_path(struct tls_config *_config, const char *_ca_path);
int tls_config_set_ca_mem(struct tls_config *_config, const uint8_t *_ca,
int tls_config_set_cert_file(struct tls_config *_config,
int tls_config_set_cert_mem(struct tls_config *_config, const uint8_t *_cert,
int tls_config_set_ciphers(struct tls_config *_config, const char *_ciphers);
int tls_config_set_crl_file(struct tls_config *_config, const char *_crl_file);
int tls_config_set_crl_mem(struct tls_config *_config, const uint8_t *_crl,
int tls_config_set_dheparams(struct tls_config *_config, const char *_params);
int tls_config_set_ecdhecurve(struct tls_config *_config, const char *_curve);
int tls_config_set_ecdhecurves(struct tls_config *_config, const char *_curves);
int tls_config_set_key_file(struct tls_config *_config, const char *_key_file);
int tls_config_set_key_mem(struct tls_config *_config, const uint8_t *_key,
int tls_config_set_keypair_file(struct tls_config *_config,
int tls_config_set_keypair_mem(struct tls_config *_config, const uint8_t *_cert,
int tls_config_set_keypair_ocsp_file(struct tls_config *_config,
int tls_config_set_keypair_ocsp_mem(struct tls_config *_config, const uint8_t *_cert,
int tls_config_set_ocsp_staple_mem(struct tls_config *_config,
int tls_config_set_ocsp_staple_file(struct tls_config *_config,
int tls_config_set_protocols(struct tls_config *_config, uint32_t _protocols);
int tls_config_set_session_fd(struct tls_config *_config, int _session_fd);
int tls_config_set_verify_depth(struct tls_config *_config, int _verify_depth);
void tls_config_prefer_ciphers_client(struct tls_config *_config);
void tls_config_prefer_ciphers_server(struct tls_config *_config);
void tls_config_insecure_noverifycert(struct tls_config *_config);
void tls_config_insecure_noverifyname(struct tls_config *_config);
void tls_config_insecure_noverifytime(struct tls_config *_config);
void tls_config_verify(struct tls_config *_config);
void tls_config_ocsp_require_stapling(struct tls_config *_config);
void tls_config_verify_client(struct tls_config *_config);
void tls_config_verify_client_optional(struct tls_config *_config);
void tls_config_clear_keys(struct tls_config *_config);
int tls_config_set_session_id(struct tls_config *_config,
int tls_config_set_session_lifetime(struct tls_config *_config, int _lifetime);
int tls_config_add_ticket_key(struct tls_config *_config, uint32_t _keyrev,
int tls_configure(struct tls *_ctx, struct tls_config *_config);
struct tls_config;
const char *tls_config_error(struct tls_config *_config);
struct tls_config *
tls_config_free(struct tls_config *config)
tls_config_keypair_add(struct tls_config *config, struct tls_keypair *keypair)
tls_config_error(struct tls_config *config)
tls_config_error_code(struct tls_config *config)
tls_config_clear_keys(struct tls_config *config)
tls_config_parse_alpn(struct tls_config *config, const char *alpn,
tls_config_set_alpn(struct tls_config *config, const char *alpn)
tls_config_add_keypair_file_internal(struct tls_config *config,
tls_config_add_keypair_mem_internal(struct tls_config *config, const uint8_t *cert,
tls_config_add_keypair_mem(struct tls_config *config, const uint8_t *cert,
tls_config_add_keypair_file(struct tls_config *config,
tls_config_add_keypair_ocsp_mem(struct tls_config *config, const uint8_t *cert,
tls_config_add_keypair_ocsp_file(struct tls_config *config,
tls_config_set_ca_file(struct tls_config *config, const char *ca_file)
tls_config_set_ca_path(struct tls_config *config, const char *ca_path)
tls_config_set_ca_mem(struct tls_config *config, const uint8_t *ca, size_t len)
tls_config_set_cert_file(struct tls_config *config, const char *cert_file)
tls_config_set_cert_mem(struct tls_config *config, const uint8_t *cert,
tls_config_set_ciphers(struct tls_config *config, const char *ciphers)
tls_config_set_crl_file(struct tls_config *config, const char *crl_file)
tls_config_set_crl_mem(struct tls_config *config, const uint8_t *crl,
tls_config_set_dheparams(struct tls_config *config, const char *params)
tls_config_set_ecdhecurve(struct tls_config *config, const char *curve)
tls_config_set_ecdhecurves(struct tls_config *config, const char *curves)
tls_config_set_key_file(struct tls_config *config, const char *key_file)
tls_config_set_key_mem(struct tls_config *config, const uint8_t *key,
tls_config_set_keypair_file_internal(struct tls_config *config,
tls_config_set_keypair_mem_internal(struct tls_config *config, const uint8_t *cert,
tls_config_set_keypair_file(struct tls_config *config,
tls_config_set_keypair_mem(struct tls_config *config, const uint8_t *cert,
tls_config_set_keypair_ocsp_file(struct tls_config *config,
tls_config_set_keypair_ocsp_mem(struct tls_config *config, const uint8_t *cert,
tls_config_set_protocols(struct tls_config *config, uint32_t protocols)
tls_config_set_session_fd(struct tls_config *config, int session_fd)
tls_config_set_sign_cb(struct tls_config *config, tls_sign_cb cb, void *cb_arg)
tls_config_set_verify_depth(struct tls_config *config, int verify_depth)
tls_config_prefer_ciphers_client(struct tls_config *config)
tls_config_prefer_ciphers_server(struct tls_config *config)
tls_config_insecure_noverifycert(struct tls_config *config)
tls_config_insecure_noverifyname(struct tls_config *config)
tls_config_insecure_noverifytime(struct tls_config *config)
tls_config_verify(struct tls_config *config)
tls_config_ocsp_require_stapling(struct tls_config *config)
tls_config_verify_client(struct tls_config *config)
tls_config_verify_client_optional(struct tls_config *config)
tls_config_skip_private_key_check(struct tls_config *config)
tls_config_use_fake_private_key(struct tls_config *config)
tls_config_set_ocsp_staple_file(struct tls_config *config, const char *staple_file)
tls_config_set_ocsp_staple_mem(struct tls_config *config, const uint8_t *staple,
tls_config_set_session_id(struct tls_config *config,
tls_config_set_session_lifetime(struct tls_config *config, int lifetime)
tls_config_add_ticket_key(struct tls_config *config, uint32_t keyrev,
struct tls_config *
tls_config_ticket_autorekey(struct tls_config *config)
struct tls_config *config;
struct tls_config *config;
struct tls_config *tls_config_new_internal(void);
int tls_config_ticket_autorekey(struct tls_config *config);
int tls_config_set_error(struct tls_config *cfg, int code, const char *fmt, ...)
int tls_config_set_errorx(struct tls_config *cfg, int code, const char *fmt, ...)
int tls_config_set_sign_cb(struct tls_config *_config, tls_sign_cb _cb,
void tls_config_skip_private_key_check(struct tls_config *config);
void tls_config_use_fake_private_key(struct tls_config *config);
tls_server_ticket_key(struct tls_config *config, unsigned char *keyname)
struct tls_config *config;
struct tls_config *config;
aldap_tls(struct aldap *ldap, struct tls_config *cfg, const char *name)
int aldap_tls(struct aldap *, struct tls_config *,
struct tls_config *tls_config;
if ((tls_config = tls_config_new()) == NULL) {
tls_config_set_ca_file(tls_config, ctx->cacert) == -1) {
tls_config_set_ca_path(tls_config, ctx->cacertdir) == -1) {
if (aldap_tls(ctx->ld, tls_config, url->host) < 0) {
struct tls_config *tlscfg;
struct tls_config *client_cfg, *server_cfg;
struct tls_config *client_cfg, *server_cfg;
struct tls_config *client_cfg, *server_cfg;
struct tls_config *client_cfg, *server_cfg;
struct tls_config *client_cfg, *server_cfg;
if (tls_configure(tls, tls_config) != 0) {
extern struct tls_config *tls_config;
struct tls_config *tls_config;
if (tls_config_set_ca_file(tls_config, str) != 0)
tls_config_error(tls_config));
if (tls_config_set_ca_path(tls_config, str) != 0)
tls_config_error(tls_config));
if (tls_config_set_ciphers(tls_config, str) != 0)
tls_config_error(tls_config));
tls_config_insecure_noverifycert(tls_config);
tls_config_insecure_noverifyname(tls_config);
tls_config_verify(tls_config);
tls_config_set_verify_depth(tls_config, depth);
tls_config_ocsp_require_stapling(tls_config);
tls_config_insecure_noverifytime(tls_config);
if (tls_config_set_session_fd(tls_config,
tls_config_error(tls_config));
if (tls_config_set_protocols(tls_config, protocols) != 0)
tls_config_error(tls_config));
if (tls_config == NULL) {
tls_config = tls_config_new();
if (tls_config == NULL)
if (tls_config_set_protocols(tls_config,
tls_config_error(tls_config));
if (tls_config_set_ciphers(tls_config, "legacy") != 0)
tls_config_error(tls_config));
aldap_tls(struct aldap *ldap, struct tls_config *cfg, const char *name)
int aldap_tls(struct aldap *, struct tls_config *,
struct tls_config *tls_config;
if ((tls_config = tls_config_new()) == NULL) {
if (tls_config_set_ca_file(tls_config,
if (aldap_tls(ldap->ldap_al, tls_config, ldap->ldap_host) < 0) {
struct tls_config *tls_cfg = NULL;
struct tls_config *tls_cfg;
struct tls_config *tlscfg;
struct tls_config tls;
struct tls_config *tls_conf, const char *label, uint8_t *data, size_t len,
struct tls_config tls_conf;
struct tls_config *srv_tls_config;
struct tls_config *config;
struct tls_config *tls_config;
if ((httpsdate->tls_config = tls_config_new()) == NULL)
if (tls_config_set_ca_mem(httpsdate->tls_config, ca, ca_len) == -1)
tls_config_insecure_noverifytime(httpsdate->tls_config);
tls_config_free(httpsdate->tls_config);
if (tls_configure(httpsdate->tls_ctx, httpsdate->tls_config) == -1)
struct tls_config *tlscfg;
struct tls_config *tls_cfg;
struct tls_config *tls_cfg;
relay_tls_ctx_create_proto(struct protocol *proto, struct tls_config *tls_cfg)
void tls_config_use_fake_private_key(struct tls_config *config);
struct tls_config *tls_cfg, *tls_client_cfg;
struct tls_config *tls_cfg;
struct tls_config *tls_cfg;
struct tls_config *tls_cfg;
struct tls_config *rl_tls_cfg;
struct tls_config *rl_tls_client_cfg;
if (tls_configure(conn->tls, tls_config) == -1) {
static struct tls_config *tls_config;
tls_config = tls_config_new();
if (tls_config == NULL)
if (tls_config_set_protocols(tls_config, TLS_PROTOCOLS_ALL) == -1)
tls_config_error(tls_config));
if (tls_config_set_ciphers(tls_config, "legacy") == -1)
tls_config_error(tls_config));
tls_config_set_ca_mem(tls_config, tls_ca_mem, tls_ca_size);
void tls_config_use_fake_private_key(struct tls_config *config);
struct tls_config *config;
remote->tls_config = config;
tls_config_verify(remote->tls_config);
if (tls_configure(tls, remote->tls_config) == -1) {
struct tls_config *config;
void tls_config_use_fake_private_key(struct tls_config *config);
tls_config = tls_config_new();
if (tls_config == NULL)
if (tls_config_set_protocols(tls_config, protos) == -1)
tls_config_error(tls_config));
if (ciphers && tls_config_set_ciphers(tls_config, ciphers) == -1)
tls_config_error(tls_config));
if (tls_config_set_ca_file(tls_config, cafile) == -1)
fatalx("tls_set_ca_file: %s", tls_config_error(tls_config));
tls_config_insecure_noverifycert(tls_config);
tls_config_insecure_noverifyname(tls_config);
tls_config_insecure_noverifytime(tls_config);
tls_config_verify(tls_config);
static struct tls_config *tls_config;
if (tls_configure(tls, tls_config) == -1)
struct tls_config *tls_config;
struct tls_config *client_config, *server_config;
aldap_tls(struct aldap *ldap, struct tls_config *cfg, const char *name)
int aldap_tls(struct aldap *, struct tls_config *,
struct tls_config *idm_tls_config;