diff options
| author |   eric <eric@openbsd.org> | 2021-01-21 19:09:10 +0000 |
|---|---|---|
| committer | eric <eric@openbsd.org> | 2021-01-21 19:09:10 +0000 |
| commit | 15339a8c6b46d6aea4f5df0384c38a8aef15f986 (patch) | |
| tree | d41e970b6bc1645a9aa37f725a58dc9f9ea35b26 /lib/libtls/tls_internal.h | |
| parent | Mop up unused dtls1_build_sequence_number() function. (diff) | |
| download | wireguard-openbsd-15339a8c6b46d6aea4f5df0384c38a8aef15f986.tar.xz wireguard-openbsd-15339a8c6b46d6aea4f5df0384c38a8aef15f986.zip | |
Allow setting a keypair on a tls context without specifying the private
key, and fake it internally with the certificate public key instead.
It makes it easier for privsep engines like relayd that don't have to
use bogus keys anymore.
ok beck@ tb@ jsing@
Diffstat (limited to 'lib/libtls/tls_internal.h')
| -rw-r--r-- | lib/libtls/tls_internal.h | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/libtls/tls_internal.h b/lib/libtls/tls_internal.h index 1dd5f45dddb..5487b123ec6 100644 --- a/lib/libtls/tls_internal.h +++ b/lib/libtls/tls_internal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_internal.h,v 1.77 2019/11/16 21:39:52 beck Exp $ */ +/* $OpenBSD: tls_internal.h,v 1.78 2021/01/21 19:09:10 eric Exp $ */ /* * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org> * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> @@ -111,6 +111,7 @@ struct tls_config { int verify_name; int verify_time; int skip_private_key_check; + int use_fake_private_key; }; struct tls_conninfo { @@ -294,5 +295,6 @@ __END_HIDDEN_DECLS /* XXX this function is not fully hidden so relayd can use it */ void tls_config_skip_private_key_check(struct tls_config *config); +void tls_config_use_fake_private_key(struct tls_config *config); #endif /* HEADER_TLS_INTERNAL_H */ |