git.ipfire.org Git - thirdparty/haproxy.git/commit

author	Christopher Faulet <cfaulet@qualys.com>
	Thu, 11 Jun 2015 11:39:32 +0000 (13:39 +0200)
committer	Willy Tarreau <w@1wt.eu>
	Fri, 12 Jun 2015 16:06:59 +0000 (18:06 +0200)
commit	3054880e09bbff8a885d44f2a304db9a63da4d53
tree	f3054926e68b5c88a664990e302b27b6a5f57a43	tree
parent	31af49d62bb398f43d0e955ebf9a7157c38e2d56	commit \| diff

MINOR: ssl: Export functions to manipulate generated certificates

Following functions are now available in the SSL public API:

  * ssl_sock_create_cert
  * ssl_sock_get_generated_cert
  * ssl_sock_set_generated_cert
  * ssl_sock_generated_cert_serial

These functions could be used to create a certificate by hand, set it in the
cache used to store generated certificates and retrieve it. Here is an example
(pseudo code):

  X509        *cacert     = ...;
  EVP_PKEY    *capkey     = ...;
  char        *servername = ...;
  unsigned int serial;

  serial = ssl_sock_generated_cert_serial(servername, strlen(servername));
  if (!ssl_sock_get_generated_cert(serial, cacert)) {
      SSL_CTX *ctx = ssl_sock_create_cert(servername, serial, cacert, capkey);
      ssl_sock_set_generated_cert(ctx, serial, cacert);
  }

include/proto/ssl_sock.h		diff \| blob \| blame \| history
src/ssl_sock.c		diff \| blob \| blame \| history