Allow to to load the CA chain directly from memory instead of

specifying a file. This enables CA verification in privsep'ed processes that are running chroot'ed without direct access to the certificate files. With feedback, tests, and OK from bluhm@
author: reyk <reyk@openbsd.org> 2015-01-22 09:16:24 +0000
committer: reyk <reyk@openbsd.org> 2015-01-22 09:16:24 +0000
commit: 99cfb8c597f44ace647d8aa9d73b421b839f398e (patch)
tree: e3e0162c7f8ee0502d68083bc695f47b08418b05 /lib/libtls/tls_internal.h
parent: Support CA verification in chroot'ed processes without direct file (diff)
download: wireguard-openbsd-99cfb8c597f44ace647d8aa9d73b421b839f398e.tar.xz
wireguard-openbsd-99cfb8c597f44ace647d8aa9d73b421b839f398e.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/libtls/tls_internal.h b/lib/libtls/tls_internal.h
index 1a2bd388b7d..9a1a180e0bf 100644
--- a/lib/libtls/tls_internal.h
+++ b/lib/libtls/tls_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_internal.h,v 1.6 2015/01/13 17:35:35 bluhm Exp $ */
+/* $OpenBSD: tls_internal.h,v 1.7 2015/01/22 09:16:24 reyk Exp $ */
 /*
  * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
@@ -28,6 +28,8 @@
 struct tls_config {
 	const char *ca_file;
 	const char *ca_path;
+	char *ca_mem;
+	size_t ca_len;
 	const char *cert_file;
 	char *cert_mem;
 	size_t cert_len;
author	reyk <reyk@openbsd.org>	2015-01-22 09:16:24 +0000
committer	reyk <reyk@openbsd.org>	2015-01-22 09:16:24 +0000
commit	99cfb8c597f44ace647d8aa9d73b421b839f398e (patch)
tree	e3e0162c7f8ee0502d68083bc695f47b08418b05 /lib/libtls/tls_internal.h
parent	Support CA verification in chroot'ed processes without direct file (diff)
download	wireguard-openbsd-99cfb8c597f44ace647d8aa9d73b421b839f398e.tar.xz wireguard-openbsd-99cfb8c597f44ace647d8aa9d73b421b839f398e.zip