85 lines
4.0 KiB
Diff
85 lines
4.0 KiB
Diff
--- google_boringssl/include/openssl/ssl.h 2021-02-03 18:29:04.000000000 -0800
|
|
+++ boringssl/include/openssl/ssl.h 2021-02-03 20:24:49.000000000 -0800
|
|
@@ -138,6 +138,25 @@
|
|
* OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
|
|
* OTHERWISE.
|
|
*/
|
|
+/* ====================================================================
|
|
+ * Copyright 2020 Apple Inc.
|
|
+ *
|
|
+ * Permission is hereby granted, free of charge, to any person obtaining a
|
|
+ * copy of this software and associated documentation files (the “Software”),
|
|
+ * to deal in the Software without restriction, including without limitation
|
|
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
|
|
+ * and/or sell copies of the Software, and to permit persons to whom
|
|
+ * the Software is furnished to do so, subject to the following conditions:
|
|
+ * The above copyright notice and this permission notice shall be included in
|
|
+ * all copies or substantial portions of the Software.
|
|
+ * THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS
|
|
+ * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
|
|
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
|
|
+ * IN THE SOFTWARE.
|
|
+ */
|
|
|
|
#ifndef OPENSSL_HEADER_SSL_H
|
|
#define OPENSSL_HEADER_SSL_H
|
|
@@ -1102,6 +1121,16 @@
|
|
SSL_CTX *ctx, CRYPTO_BUFFER *const *certs, size_t num_certs,
|
|
EVP_PKEY *privkey, const SSL_PRIVATE_KEY_METHOD *privkey_method);
|
|
|
|
+// SSL_CTX_set_nullchain_and_key sets the private key for a
|
|
+// TLS client or server. Reference to the given |EVP_PKEY|
|
|
+// object is added as needed. Exactly one of |privkey| or |privkey_method|
|
|
+// may be non-NULL. Returns one on success and zero on error.
|
|
+// Note the lack of a corresponding public-key certificate.
|
|
+// See SSL_CTX_set_server_raw_public_key_certificate.
|
|
+OPENSSL_EXPORT int SSL_CTX_set_nullchain_and_key(
|
|
+ SSL_CTX *ctx,
|
|
+ EVP_PKEY *privkey, const SSL_PRIVATE_KEY_METHOD *privkey_method);
|
|
+
|
|
// SSL_set_chain_and_key sets the certificate chain and private key for a TLS
|
|
// client or server. References to the given |CRYPTO_BUFFER| and |EVP_PKEY|
|
|
// objects are added as needed. Exactly one of |privkey| or |privkey_method|
|
|
@@ -1110,6 +1139,16 @@
|
|
SSL *ssl, CRYPTO_BUFFER *const *certs, size_t num_certs, EVP_PKEY *privkey,
|
|
const SSL_PRIVATE_KEY_METHOD *privkey_method);
|
|
|
|
+// SSL_set_nullchain_and_key sets the private key for a TLS
|
|
+// client or server. Reference to the given |EVP_PKEY|
|
|
+// object is added as needed. Exactly one of |privkey| or |privkey_method|
|
|
+// may be non-NULL. Returns one on success and zero on error.
|
|
+// Note the lack of a corresponding public-key certificate.
|
|
+// See SSL_set_server_raw_public_key_certificate.
|
|
+OPENSSL_EXPORT int SSL_set_nullchain_and_key(
|
|
+ SSL *ssl, EVP_PKEY *privkey,
|
|
+ const SSL_PRIVATE_KEY_METHOD *privkey_method);
|
|
+
|
|
// SSL_CTX_get0_chain returns the list of |CRYPTO_BUFFER|s that were set by
|
|
// |SSL_CTX_set_chain_and_key|. Reference counts are not incremented by this
|
|
// call. The return value may be |NULL| if no chain has been set.
|
|
@@ -2821,6 +2860,21 @@
|
|
OPENSSL_EXPORT int SSL_has_application_settings(const SSL *ssl);
|
|
|
|
|
|
+// Server Certificate Type.
|
|
+
|
|
+#define TLSEXT_CERTIFICATETYPE_X509 0
|
|
+#define TLSEXT_CERTIFICATETYPE_RAW_PUBLIC_KEY 2
|
|
+
|
|
+OPENSSL_EXPORT int SSL_CTX_set_server_raw_public_key_certificate(
|
|
+ SSL_CTX *ctx, const uint8_t *raw_public_key, unsigned raw_public_key_len);
|
|
+
|
|
+OPENSSL_EXPORT int SSL_CTX_has_server_raw_public_key_certificate(SSL_CTX *ctx);
|
|
+
|
|
+OPENSSL_EXPORT int SSL_set_server_raw_public_key_certificate(
|
|
+ SSL *ssl, const uint8_t *raw_public_key, unsigned raw_public_key_len);
|
|
+
|
|
+OPENSSL_EXPORT int SSL_has_server_raw_public_key_certificate(SSL *ssl);
|
|
+
|
|
// Certificate compression.
|
|
//
|
|
// Certificates in TLS 1.3 can be compressed (RFC 8879). BoringSSL supports this
|