diff options
| author |   jsing <jsing@openbsd.org> | 2017-01-23 05:13:02 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2017-01-23 05:13:02 +0000 |
| commit | 1d51f822e326152afaa63f92515d0e41ed6a6dd3 (patch) | |
| tree | 326e71c3996fe3d796d0214a7cab53d8c7bf6a70 /lib/libssl/ssl.h | |
| parent | pledge a tiny bit later. This results in the specified tty being (diff) | |
| download | wireguard-openbsd-1d51f822e326152afaa63f92515d0e41ed6a6dd3.tar.xz wireguard-openbsd-1d51f822e326152afaa63f92515d0e41ed6a6dd3.zip | |
Move most of the fields in SSL_CTX to internal - the ones that remain are
known to be in use.
ok beck@
Diffstat (limited to 'lib/libssl/ssl.h')
| -rw-r--r-- | lib/libssl/ssl.h | 55 |
1 files changed, 2 insertions, 53 deletions
diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h index 4080af8999e..9fc6c5e9766 100644 --- a/lib/libssl/ssl.h +++ b/lib/libssl/ssl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl.h,v 1.111 2017/01/23 04:55:27 beck Exp $ */ +/* $OpenBSD: ssl.h,v 1.112 2017/01/23 05:13:02 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -689,23 +689,8 @@ struct ssl_ctx_st { const SSL_METHOD *method; STACK_OF(SSL_CIPHER) *cipher_list; - /* same as above but sorted for lookup */ - STACK_OF(SSL_CIPHER) *cipher_list_by_id; struct x509_store_st /* X509_STORE */ *cert_store; - struct lhash_st_SSL_SESSION *sessions; - /* Most session-ids that will be cached, default is - * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */ - unsigned long session_cache_size; - struct ssl_session_st *session_cache_head; - struct ssl_session_st *session_cache_tail; - - /* This can have one of 2 values, ored together, - * SSL_SESS_CACHE_CLIENT, - * SSL_SESS_CACHE_SERVER, - * Default is SSL_SESSION_CACHE_SERVER, which means only - * SSL_accept which cache SSL_SESSIONS. */ - int session_cache_mode; /* If timeout is not 0, it is the default timeout value set * when SSL_new() is called. This has been put in to make @@ -714,26 +699,12 @@ struct ssl_ctx_st { int references; - CRYPTO_EX_DATA ex_data; - - const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ - const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3-sha1' */ - - STACK_OF(X509) *extra_certs; - - /* Default values used when no per-SSL value is defined follow */ - - /* what we put in client cert requests */ - STACK_OF(X509_NAME) *client_CA; - /* Default values to use in SSL structures follow (these are copied by SSL_new) */ unsigned long options; unsigned long mode; - long max_cert_list; - struct cert_st /* CERT */ *cert; - int read_ahead; + STACK_OF(X509) *extra_certs; int verify_mode; unsigned int sid_ctx_length; @@ -741,28 +712,6 @@ struct ssl_ctx_st { X509_VERIFY_PARAM *param; - int quiet_shutdown; - - /* Maximum amount of data to send in one fragment. - * actual record size can be more than this due to - * padding and MAC overheads. - */ - unsigned int max_send_fragment; - -#ifndef OPENSSL_NO_ENGINE - /* Engine to pass requests for client certs to - */ - ENGINE *client_cert_engine; -#endif - - /* RFC 4507 session ticket keys */ - unsigned char tlsext_tick_key_name[16]; - unsigned char tlsext_tick_hmac_key[16]; - unsigned char tlsext_tick_aes_key[16]; - - /* SRTP profiles we are willing to do from RFC 5764 */ - STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; - struct ssl_ctx_internal_st *internal; }; |