| commit | d6f18b52e535c69df5255408015a88b2ff1b7ed7 | |
| author | Steffen (Daode) Nurpmeso <steffen@sdaoden.eu> | |
| Wed, 30 Aug 2017 20:04:59 +0000 (30 22:04 +0200) | ||
| committer | Steffen (Daode) Nurpmeso <steffen@sdaoden.eu> | |
| Mon, 18 Sep 2017 19:46:48 +0000 (18 21:46 +0200) | ||
| tree | 95517def9d8911d54327b8d7dda1025b02c617d9 | treesnapshot (tar.gz zip) |
| parent | c9c3144ebe9446663ec31cb065c6518a905bb81e | commitdiff |
Add more support surrounding OpenSSL config stuff++..
Some tweaks for OpenSSL:
. Instead of adding more and more specific variable( chain)(s)
introduce a new *ssl-config-pairs* chain that offers direct
interaction with SSL_CONF_cmd(3) if that is available, therefore
offering access to _all_ possible commands of said command, but
otherwise the well-known directives are supported via a builtin
parser.
Obsolete all variables superseded by this new mechanism:
ssl-cert, ssl-cipher-list, ssl-curves, ssl-key, ssl-protocol,
as well as ssl-method which was superseded by ssl-protocol
already.
. Support SSL_CTX_config(3).
The new *ssl-config-module* can now be used to outsource the
entire SSL/TLS configuration to a central configuration file.
*ssl-config-file* is now filename transformed if it is set to
anything but an empty string.
. Support more variable chains: *ssl-ca-dir*, *ssl-ca-file*,
*ssl-ca-flags*, *ssl-ca-no-defaults* are now all chains.
. Add a new read-only *ssl-features* variable which announces
availability of several options to the user.
Some tweaks for OpenSSL:
. Instead of adding more and more specific variable( chain)(s)
introduce a new *ssl-config-pairs* chain that offers direct
interaction with SSL_CONF_cmd(3) if that is available, therefore
offering access to _all_ possible commands of said command, but
otherwise the well-known directives are supported via a builtin
parser.
Obsolete all variables superseded by this new mechanism:
ssl-cert, ssl-cipher-list, ssl-curves, ssl-key, ssl-protocol,
as well as ssl-method which was superseded by ssl-protocol
already.
. Support SSL_CTX_config(3).
The new *ssl-config-module* can now be used to outsource the
entire SSL/TLS configuration to a central configuration file.
*ssl-config-file* is now filename transformed if it is set to
anything but an empty string.
. Support more variable chains: *ssl-ca-dir*, *ssl-ca-file*,
*ssl-ca-flags*, *ssl-ca-no-defaults* are now all chains.
. Add a new read-only *ssl-features* variable which announces
availability of several options to the user.
| make-config.sh | diffblobblamehistory | |
| nail.1 | diffblobblamehistory | |
| nail.h | diffblobblamehistory | |
| xssl.c | diffblobblamehistory |