1 files changed, 15 insertions, 0 deletions

diff --git a/usr.sbin/nsd/nsd.h b/usr.sbin/nsd/nsd.h
index c900ca6cbaa..de3ae8e1d43 100644
--- a/usr.sbin/nsd/nsd.h
+++ b/usr.sbin/nsd/nsd.h
@@ -11,6 +11,9 @@
 #define	_NSD_H_
 
 #include <signal.h>
+#ifdef HAVE_OPENSSL_SSL_H
+#include <openssl/ssl.h>
+#endif
 
 #include "dns.h"
 #include "edns.h"
@@ -244,6 +247,7 @@ struct	nsd
 		stc_type qclass[4];	/* Class IN or Class CH or other */
 		stc_type qudp, qudp6;	/* Number of queries udp and udp6 */
 		stc_type ctcp, ctcp6;	/* Number of tcp and tcp6 connections */
+		stc_type ctls, ctls6;	/* Number of tls and tls6 connections */
 		stc_type rcode[17], opcode[6]; /* Rcodes & opcodes */
 		/* Dropped, truncated, queries for nonconfigured zone, tx errors */
 		stc_type dropped, truncated, wrongzone, txerr, rxerr;
@@ -276,6 +280,11 @@ struct	nsd
 	unsigned int err_limit_count;
 
 	struct nsd_options* options;
+
+#ifdef HAVE_SSL
+	/* TLS specific configuration */
+	SSL_CTX *tls_ctx;
+#endif
 };
 
 extern struct nsd nsd;
@@ -295,6 +304,7 @@ void server_child(struct nsd *nsd);
 void server_shutdown(struct nsd *nsd) ATTR_NORETURN;
 void server_close_all_sockets(struct nsd_socket sockets[], size_t n);
 struct event_base* nsd_child_event_base(void);
+void service_remaining_tcp(struct nsd* nsd);
 /* extra domain numbers for temporary domains */
 #define EXTRA_DOMAIN_NUMBERS 1024
 #define SLOW_ACCEPT_TIMEOUT 2 /* in seconds */
@@ -311,6 +321,11 @@ void server_prepare_xfrd(struct nsd *nsd);
 void server_start_xfrd(struct nsd *nsd, int del_db, int reload_active);
 /* send SOA serial numbers to xfrd */
 void server_send_soa_xfrd(struct nsd *nsd, int shortsoa);
+#ifdef HAVE_SSL
+SSL_CTX* server_tls_ctx_setup(char* key, char* pem, char* verifypem);
+SSL_CTX* server_tls_ctx_create(struct nsd *nsd, char* verifypem, char* ocspfile);
+void perform_openssl_init(void);
+#endif
 ssize_t block_read(struct nsd* nsd, int s, void* p, ssize_t sz, int timeout);
 
 #endif	/* _NSD_H_ */