Lines Matching refs:tlsconf
843 auto &tlsconf = config->tls;
845 auto it = tlsconf.psk_secrets.find(StringRef{identity});
846 if (it == std::end(tlsconf.psk_secrets)) {
870 auto &tlsconf = config->tls;
872 auto &identity = tlsconf.client.psk.identity;
873 auto &secret = tlsconf.client.psk.secret;
957 auto &tlsconf = config->tls;
960 if (tlsconf.ktls) {
965 SSL_CTX_set_options(ssl_ctx, ssl_opts | tlsconf.tls_proto_mask);
968 ssl_ctx, tlsconf.min_proto_version, tlsconf.max_proto_version) != 0) {
977 if (!tlsconf.session_cache.memcached.host.empty()) {
982 SSL_CTX_set_timeout(ssl_ctx, tlsconf.session_timeout.count());
984 if (SSL_CTX_set_cipher_list(ssl_ctx, tlsconf.ciphers.c_str()) == 0) {
985 LOG(FATAL) << "SSL_CTX_set_cipher_list " << tlsconf.ciphers
991 if (SSL_CTX_set_ciphersuites(ssl_ctx, tlsconf.tls13_ciphers.c_str()) == 0) {
992 LOG(FATAL) << "SSL_CTX_set_ciphersuites " << tlsconf.tls13_ciphers
1000 if (SSL_CTX_set1_curves_list(ssl_ctx, tlsconf.ecdh_curves.c_str()) != 1) {
1001 LOG(FATAL) << "SSL_CTX_set1_curves_list " << tlsconf.ecdh_curves
1024 if (!tlsconf.dh_param_file.empty()) {
1026 auto bio = BIO_new_file(tlsconf.dh_param_file.c_str(), "rb");
1069 if (!tlsconf.cacert.empty()) {
1070 if (SSL_CTX_load_verify_locations(ssl_ctx, tlsconf.cacert.c_str(),
1073 << tlsconf.cacert << ": "
1079 if (!tlsconf.private_key_passwd.empty()) {
1110 if (tlsconf.client_verify.enabled) {
1111 if (!tlsconf.client_verify.cacert.empty()) {
1113 ssl_ctx, tlsconf.client_verify.cacert.c_str(), nullptr) != 1) {
1116 << tlsconf.client_verify.cacert << ": "
1124 auto list = SSL_load_client_CA_file(tlsconf.client_verify.cacert.c_str());
1127 << tlsconf.client_verify.cacert << ": "
1212 if (SSL_CTX_set_max_early_data(ssl_ctx, tlsconf.max_early_data) != 1) {
1257 auto &tlsconf = config->tls;
1278 SSL_CTX_set_timeout(ssl_ctx, tlsconf.session_timeout.count());
1280 if (SSL_CTX_set_cipher_list(ssl_ctx, tlsconf.ciphers.c_str()) == 0) {
1281 LOG(FATAL) << "SSL_CTX_set_cipher_list " << tlsconf.ciphers
1287 if (SSL_CTX_set_ciphersuites(ssl_ctx, tlsconf.tls13_ciphers.c_str()) == 0) {
1288 LOG(FATAL) << "SSL_CTX_set_ciphersuites " << tlsconf.tls13_ciphers
1296 if (SSL_CTX_set1_curves_list(ssl_ctx, tlsconf.ecdh_curves.c_str()) != 1) {
1297 LOG(FATAL) << "SSL_CTX_set1_curves_list " << tlsconf.ecdh_curves
1320 if (!tlsconf.dh_param_file.empty()) {
1322 auto bio = BIO_new_file(tlsconf.dh_param_file.c_str(), "rb");
1365 if (!tlsconf.cacert.empty()) {
1366 if (SSL_CTX_load_verify_locations(ssl_ctx, tlsconf.cacert.c_str(),
1369 << tlsconf.cacert << ": "
1375 if (!tlsconf.private_key_passwd.empty()) {
1406 if (tlsconf.client_verify.enabled) {
1407 if (!tlsconf.client_verify.cacert.empty()) {
1409 ssl_ctx, tlsconf.client_verify.cacert.c_str(), nullptr) != 1) {
1412 << tlsconf.client_verify.cacert << ": "
1420 auto list = SSL_load_client_CA_file(tlsconf.client_verify.cacert.c_str());
1423 << tlsconf.client_verify.cacert << ": "
1584 auto &tlsconf = get_config()->tls;
1587 if (tlsconf.ktls) {
1592 SSL_CTX_set_options(ssl_ctx, ssl_opts | tlsconf.tls_proto_mask);
1599 ssl_ctx, tlsconf.min_proto_version, tlsconf.max_proto_version) != 0) {
1604 if (SSL_CTX_set_cipher_list(ssl_ctx, tlsconf.client.ciphers.c_str()) == 0) {
1605 LOG(FATAL) << "SSL_CTX_set_cipher_list " << tlsconf.client.ciphers
1611 if (SSL_CTX_set_ciphersuites(ssl_ctx, tlsconf.client.tls13_ciphers.c_str()) ==
1613 LOG(FATAL) << "SSL_CTX_set_ciphersuites " << tlsconf.client.tls13_ciphers
1635 if (!tlsconf.insecure) {
2285 auto &tlsconf = config->tls;
2287 auto ssl_ctx = create_ssl_context(tlsconf.private_key_file.c_str(),
2288 tlsconf.cert_file.c_str(), tlsconf.sct_data
2304 for (auto &c : tlsconf.subcerts) {
2340 auto &tlsconf = config->tls;
2343 create_quic_ssl_context(tlsconf.private_key_file.c_str(),
2344 tlsconf.cert_file.c_str(), tlsconf.sct_data
2360 for (auto &c : tlsconf.subcerts) {
2386 auto &tlsconf = get_config()->tls;
2392 tlsconf.cacert, tlsconf.client.cert_file, tlsconf.client.private_key_file,