diff options
| author | Todd Short <tshort@akamai.com> | 2021-01-27 14:23:33 -0500 |
|---|---|---|
| committer | Todd Short <todd.short@me.com> | 2023-03-28 13:49:54 -0400 |
| commit | 3c95ef22df55cb2d9dc64ce1f3be6e5a8ee63206 (patch) | |
| tree | 0f7fcff4ec4735c778595db4f4a85bce70715d8b /util | |
| parent | 5ab3f71a33cb0140fc29ae9244cd4f8331c2f3a5 (diff) | |
| download | openssl-new-3c95ef22df55cb2d9dc64ce1f3be6e5a8ee63206.tar.gz | |
RFC7250 (RPK) support
Add support for the RFC7250 certificate-type extensions.
Alows the use of only private keys for connection (i.e. certs not needed).
Add APIs
Add unit tests
Add documentation
Add s_client/s_server support
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18185)
Diffstat (limited to 'util')
| -rw-r--r-- | util/libcrypto.num | 3 | ||||
| -rw-r--r-- | util/libssl.num | 14 | ||||
| -rw-r--r-- | util/perl/TLSProxy/Message.pm | 2 |
3 files changed, 19 insertions, 0 deletions
diff --git a/util/libcrypto.num b/util/libcrypto.num index 311f0c205f..d3298ab4c6 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5514,3 +5514,6 @@ ASN1_item_unpack_ex ? 3_2_0 EXIST::FUNCTION: PKCS12_SAFEBAG_get1_cert_ex ? 3_2_0 EXIST::FUNCTION: PKCS12_SAFEBAG_get1_crl_ex ? 3_2_0 EXIST::FUNCTION: EC_GROUP_to_params ? 3_2_0 EXIST::FUNCTION:EC +X509_STORE_CTX_init_rpk ? 3_2_0 EXIST::FUNCTION: +X509_STORE_CTX_get0_rpk ? 3_2_0 EXIST::FUNCTION: +X509_STORE_CTX_set0_rpk ? 3_2_0 EXIST::FUNCTION: diff --git a/util/libssl.num b/util/libssl.num index f697f31114..6bb916d63e 100644 --- a/util/libssl.num +++ b/util/libssl.num @@ -544,3 +544,17 @@ SSL_net_write_desired ? 3_2_0 EXIST::FUNCTION: SSL_shutdown_ex ? 3_2_0 EXIST::FUNCTION: SSL_stream_conclude ? 3_2_0 EXIST::FUNCTION: SSL_inject_net_dgram ? 3_2_0 EXIST::FUNCTION:QUIC +SSL_get0_peer_rpk ? 3_2_0 EXIST::FUNCTION: +SSL_SESSION_get0_peer_rpk ? 3_2_0 EXIST::FUNCTION: +SSL_set1_client_cert_type ? 3_2_0 EXIST::FUNCTION: +SSL_get0_client_cert_type ? 3_2_0 EXIST::FUNCTION: +SSL_set1_server_cert_type ? 3_2_0 EXIST::FUNCTION: +SSL_get0_server_cert_type ? 3_2_0 EXIST::FUNCTION: +SSL_CTX_set1_client_cert_type ? 3_2_0 EXIST::FUNCTION: +SSL_CTX_get0_client_cert_type ? 3_2_0 EXIST::FUNCTION: +SSL_CTX_set1_server_cert_type ? 3_2_0 EXIST::FUNCTION: +SSL_CTX_get0_server_cert_type ? 3_2_0 EXIST::FUNCTION: +SSL_get_negotiated_client_cert_type ? 3_2_0 EXIST::FUNCTION: +SSL_get_negotiated_server_cert_type ? 3_2_0 EXIST::FUNCTION: +SSL_add_expected_rpk ? 3_2_0 EXIST::FUNCTION: +d2i_SSL_SESSION_ex ? 3_2_0 EXIST::FUNCTION: diff --git a/util/perl/TLSProxy/Message.pm b/util/perl/TLSProxy/Message.pm index 648d986342..21e04a5cbc 100644 --- a/util/perl/TLSProxy/Message.pm +++ b/util/perl/TLSProxy/Message.pm @@ -75,6 +75,8 @@ use constant { EXT_USE_SRTP => 14, EXT_ALPN => 16, EXT_SCT => 18, + EXT_CLIENT_CERT_TYPE => 19, + EXT_SERVER_CERT_TYPE => 20, EXT_PADDING => 21, EXT_ENCRYPT_THEN_MAC => 22, EXT_EXTENDED_MASTER_SECRET => 23, |