Skip to content
  • Ralf S. Engelschall's avatar
    Add a bunch of SSL_xxx() functions for configuring the temporary RSA and DH · 15d21c2d
    Ralf S. Engelschall authored
    private keys and/or callback functions which directly correspond to their
    SSL_CTX_xxx() counterparts but work on a per-connection basis. This is needed
    for applications which have to configure certificates on a per-connection
    basis (e.g. Apache+mod_ssl) instead of a per-context basis (e.g.
    s_server).
    
    For the RSA certificate situation is makes no difference, but for the DSA
    certificate situation this fixes the "no shared cipher" problem where the
    OpenSSL cipher selection procedure failed because the temporary keys were not
    overtaken from the context and the API provided no way to reconfigure them.
    
    The new functions now let applications reconfigure the stuff and they are in
    detail: SSL_need_tmp_RSA, SSL_set_tmp_rsa, SSL_set_tmp_dh,
    SSL_set_tmp_rsa_callback and SSL_set_tmp_dh_callback.  Additionally a new
    non-public-API function ssl_cert_instantiate() is used as a helper function
    and also to reduce code redundancy inside ssl_rsa.c.
    
    Submitted by: Ralf S. Engelschall
    Reviewed by: Ben Laurie
    15d21c2d
To find the state of this project's repository at the time of any of these versions, check out the tags.