Lines Matching defs:ctx
199 to->dane.dctx = &to->ctx->dane;
636 if (s->method != s->ctx->method) {
638 s->method = s->ctx->method;
653 int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
657 ctx->method = meth;
659 if (!SSL_CTX_set_ciphersuites(ctx, OSSL_default_ciphersuites())) {
663 sk = ssl_create_cipher_list(ctx,
664 ctx->tls13_ciphersuites,
665 &(ctx->cipher_list),
666 &(ctx->cipher_list_by_id),
667 OSSL_default_cipher_list(), ctx->cert);
676 SSL *SSL_new(SSL_CTX *ctx)
680 if (ctx == NULL) {
684 if (ctx->method == NULL) {
703 s->options = ctx->options;
704 s->dane.flags = ctx->dane.flags;
705 s->min_proto_version = ctx->min_proto_version;
706 s->max_proto_version = ctx->max_proto_version;
707 s->mode = ctx->mode;
708 s->max_cert_list = ctx->max_cert_list;
709 s->max_early_data = ctx->max_early_data;
710 s->recv_max_early_data = ctx->recv_max_early_data;
711 s->num_tickets = ctx->num_tickets;
712 s->pha_enabled = ctx->pha_enabled;
715 s->tls13_ciphersuites = sk_SSL_CIPHER_dup(ctx->tls13_ciphersuites);
725 * used to be known as s->ctx->default_cert). Now we don't look at the
728 s->cert = ssl_cert_dup(ctx->cert);
732 RECORD_LAYER_set_read_ahead(&s->rlayer, ctx->read_ahead);
733 s->msg_callback = ctx->msg_callback;
734 s->msg_callback_arg = ctx->msg_callback_arg;
735 s->verify_mode = ctx->verify_mode;
736 s->not_resumable_session_cb = ctx->not_resumable_session_cb;
737 s->record_padding_cb = ctx->record_padding_cb;
738 s->record_padding_arg = ctx->record_padding_arg;
739 s->block_padding = ctx->block_padding;
740 s->sid_ctx_length = ctx->sid_ctx_length;
743 memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx));
744 s->verify_callback = ctx->default_verify_callback;
745 s->generate_session_id = ctx->generate_session_id;
750 X509_VERIFY_PARAM_inherit(s->param, ctx->param);
751 s->quiet_shutdown = ctx->quiet_shutdown;
753 s->ext.max_fragment_len_mode = ctx->ext.max_fragment_len_mode;
754 s->max_send_fragment = ctx->max_send_fragment;
755 s->split_send_fragment = ctx->split_send_fragment;
756 s->max_pipelines = ctx->max_pipelines;
759 if (ctx->default_read_buf_len > 0)
760 SSL_set_default_read_buffer_len(s, ctx->default_read_buf_len);
762 SSL_CTX_up_ref(ctx);
763 s->ctx = ctx;
767 s->ext.status_type = ctx->ext.status_type;
773 SSL_CTX_up_ref(ctx);
774 s->session_ctx = ctx;
775 if (ctx->ext.ecpointformats) {
777 OPENSSL_memdup(ctx->ext.ecpointformats,
778 ctx->ext.ecpointformats_len);
784 ctx->ext.ecpointformats_len;
786 if (ctx->ext.supportedgroups) {
788 OPENSSL_memdup(ctx->ext.supportedgroups,
789 ctx->ext.supportedgroups_len
790 * sizeof(*ctx->ext.supportedgroups));
795 s->ext.supportedgroups_len = ctx->ext.supportedgroups_len;
802 if (s->ctx->ext.alpn) {
803 s->ext.alpn = OPENSSL_malloc(s->ctx->ext.alpn_len);
808 memcpy(s->ext.alpn, s->ctx->ext.alpn, s->ctx->ext.alpn_len);
809 s->ext.alpn_len = s->ctx->ext.alpn_len;
815 s->default_passwd_callback = ctx->default_passwd_callback;
816 s->default_passwd_callback_userdata = ctx->default_passwd_callback_userdata;
818 s->method = ctx->method;
822 s->allow_early_data_cb = ctx->allow_early_data_cb;
823 s->allow_early_data_cb_data = ctx->allow_early_data_cb_data;
828 s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1;
837 s->psk_client_callback = ctx->psk_client_callback;
838 s->psk_server_callback = ctx->psk_server_callback;
840 s->psk_find_session_cb = ctx->psk_find_session_cb;
841 s->psk_use_session_cb = ctx->psk_use_session_cb;
843 s->async_cb = ctx->async_cb;
844 s->async_cb_arg = ctx->async_cb_arg;
849 if (!SSL_set_ct_validation_callback(s, ctx->ct_validation_callback,
850 ctx->ct_validation_callback_arg))
878 int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
885 ctx->sid_ctx_length = sid_ctx_len;
886 memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len);
904 int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
906 if (!CRYPTO_THREAD_write_lock(ctx->lock))
908 ctx->generate_session_id = cb;
909 CRYPTO_THREAD_unlock(ctx->lock);
1017 int SSL_CTX_dane_enable(SSL_CTX *ctx)
1019 return dane_ctx_enable(&ctx->dane);
1022 unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags)
1024 unsigned long orig = ctx->dane.flags;
1026 ctx->dane.flags |= flags;
1030 unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags)
1032 unsigned long orig = ctx->dane.flags;
1034 ctx->dane.flags &= ~flags;
1042 if (s->ctx->dane.mdmax == 0) {
1071 dane->dctx = &s->ctx->dane;
1145 int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, uint8_t mtype,
1148 return dane_mtype_set(&ctx->dane, md, mtype, ord);
1151 int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
1153 return X509_VERIFY_PARAM_set1(ctx->param, vpm);
1161 X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx)
1163 return ctx->param;
1255 SSL_CTX_free(s->ctx);
1499 int SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
1501 return ctx->verify_mode;
1504 int SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
1506 return X509_VERIFY_PARAM_get_depth(ctx->param);
1509 int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx)) (int, X509_STORE_CTX *) {
1510 return ctx->default_verify_callback;
1514 int (*callback) (int ok, X509_STORE_CTX *ctx))
1651 int SSL_CTX_check_private_key(const SSL_CTX *ctx)
1653 if ((ctx == NULL) || (ctx->cert->key->x509 == NULL)) {
1657 if (ctx->cert->key->privatekey == NULL) {
1662 (ctx->cert->key->x509, ctx->cert->key->privatekey);
1694 ASYNC_WAIT_CTX *ctx = s->waitctx;
1696 if (ctx == NULL)
1698 return ASYNC_WAIT_CTX_get_all_fds(ctx, fds, numfds);
1704 ASYNC_WAIT_CTX *ctx = s->waitctx;
1706 if (ctx == NULL)
1708 return ASYNC_WAIT_CTX_get_changed_fds(ctx, addfd, numaddfds, delfd,
1712 int SSL_CTX_set_async_callback(SSL_CTX *ctx, SSL_async_callback_fn callback)
1714 ctx->async_cb = callback;
1718 int SSL_CTX_set_async_callback_arg(SSL_CTX *ctx, void *arg)
1720 ctx->async_cb_arg = arg;
1738 ASYNC_WAIT_CTX *ctx = s->waitctx;
1740 if (ctx == NULL)
1742 *status = ASYNC_WAIT_CTX_get_status(ctx);
2441 && ssl_set_version_bound(s->ctx->method->version, (int)larg,
2447 && ssl_set_version_bound(s->ctx->method->version, (int)larg,
2471 LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx)
2473 return ctx->sessions;
2476 static int ssl_tsan_load(SSL_CTX *ctx, TSAN_QUALIFIER int *stat)
2480 if (ssl_tsan_lock(ctx)) {
2482 ssl_tsan_unlock(ctx);
2487 long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
2490 /* For some cases with ctx == NULL perform syntax checks */
2491 if (ctx == NULL) {
2494 return tls1_set_groups_list(ctx, NULL, NULL, parg);
2505 return ctx->read_ahead;
2507 l = ctx->read_ahead;
2508 ctx->read_ahead = larg;
2512 ctx->msg_callback_arg = parg;
2516 return (long)ctx->max_cert_list;
2520 l = (long)ctx->max_cert_list;
2521 ctx->max_cert_list = (size_t)larg;
2527 l = (long)ctx->session_cache_size;
2528 ctx->session_cache_size = (size_t)larg;
2531 return (long)ctx->session_cache_size;
2533 l = ctx->session_cache_mode;
2534 ctx->session_cache_mode = larg;
2537 return ctx->session_cache_mode;
2540 return lh_SSL_SESSION_num_items(ctx->sessions);
2542 return ssl_tsan_load(ctx, &ctx->stats.sess_connect);
2544 return ssl_tsan_load(ctx, &ctx->stats.sess_connect_good);
2546 return ssl_tsan_load(ctx, &ctx->stats.sess_connect_renegotiate);
2548 return ssl_tsan_load(ctx, &ctx->stats.sess_accept);
2550 return ssl_tsan_load(ctx, &ctx->stats.sess_accept_good);
2552 return ssl_tsan_load(ctx, &ctx->stats.sess_accept_renegotiate);
2554 return ssl_tsan_load(ctx, &ctx->stats.sess_hit);
2556 return ssl_tsan_load(ctx, &ctx->stats.sess_cb_hit);
2558 return ssl_tsan_load(ctx, &ctx->stats.sess_miss);
2560 return ssl_tsan_load(ctx, &ctx->stats.sess_timeout);
2562 return ssl_tsan_load(ctx, &ctx->stats.sess_cache_full);
2564 return (ctx->mode |= larg);
2566 return (ctx->mode &= ~larg);
2570 ctx->max_send_fragment = larg;
2571 if (ctx->max_send_fragment < ctx->split_send_fragment)
2572 ctx->split_send_fragment = ctx->max_send_fragment;
2575 if ((size_t)larg > ctx->max_send_fragment || larg == 0)
2577 ctx->split_send_fragment = larg;
2582 ctx->max_pipelines = larg;
2585 return (ctx->cert->cert_flags |= larg);
2587 return (ctx->cert->cert_flags &= ~larg);
2589 return ssl_check_allowed_versions(larg, ctx->max_proto_version)
2590 && ssl_set_version_bound(ctx->method->version, (int)larg,
2591 &ctx->min_proto_version);
2593 return ctx->min_proto_version;
2595 return ssl_check_allowed_versions(ctx->min_proto_version, larg)
2596 && ssl_set_version_bound(ctx->method->version, (int)larg,
2597 &ctx->max_proto_version);
2599 return ctx->max_proto_version;
2601 return ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg);
2605 long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
2609 ctx->msg_callback = (void (*)
2616 return ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp);
2646 } else if ((s->ctx != NULL) && (s->ctx->cipher_list != NULL)) {
2647 return s->ctx->cipher_list;
2693 } else if ((s->ctx != NULL) && (s->ctx->cipher_list_by_id != NULL)) {
2694 return s->ctx->cipher_list_by_id;
2719 STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx)
2721 if (ctx != NULL)
2722 return ctx->cipher_list;
2747 int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
2751 sk = ssl_create_cipher_list(ctx, ctx->tls13_ciphersuites,
2752 &ctx->cipher_list, &ctx->cipher_list_by_id, str,
2753 ctx->cert);
2759 * ctx->cipher_list and ctx->cipher_list_by_id has been updated.
2775 sk = ssl_create_cipher_list(s->ctx, s->tls13_ciphersuites,
3020 void SSL_CTX_set_npn_advertised_cb(SSL_CTX *ctx,
3024 ctx->ext.npn_advertised_cb = cb;
3025 ctx->ext.npn_advertised_cb_arg = arg;
3038 void SSL_CTX_set_npn_select_cb(SSL_CTX *ctx,
3042 ctx->ext.npn_select_cb = cb;
3043 ctx->ext.npn_select_cb_arg = arg;
3061 * SSL_CTX_set_alpn_protos sets the ALPN protocol list on |ctx| to |protos|.
3065 int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
3071 OPENSSL_free(ctx->ext.alpn);
3072 ctx->ext.alpn = NULL;
3073 ctx->ext.alpn_len = 0;
3085 OPENSSL_free(ctx->ext.alpn);
3086 ctx->ext.alpn = alpn;
3087 ctx->ext.alpn_len = protos_len;
3125 * SSL_CTX_set_alpn_select_cb sets a callback function on |ctx| that is
3129 void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
3133 ctx->ext.alpn_select_cb = cb;
3134 ctx->ext.alpn_select_cb_arg = arg;
3383 * SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION);
3438 int SSL_CTX_up_ref(SSL_CTX *ctx)
3442 if (CRYPTO_UP_REF(&ctx->references, &i, ctx->lock) <= 0)
3445 REF_PRINT_COUNT("SSL_CTX", ctx);
3535 void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
3537 ctx->default_passwd_callback = cb;
3540 void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u)
3542 ctx->default_passwd_callback_userdata = u;
3545 pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
3547 return ctx->default_passwd_callback;
3550 void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx)
3552 return ctx->default_passwd_callback_userdata;
3575 void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
3579 ctx->app_verify_callback = cb;
3580 ctx->app_verify_arg = arg;
3583 void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
3586 ctx->verify_mode = mode;
3587 ctx->default_verify_callback = cb;
3590 void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth)
3592 X509_VERIFY_PARAM_set_depth(ctx->param, depth);
3808 const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx)
3810 return ctx->method;
4212 X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx)
4214 if (ctx->cert != NULL)
4215 return ctx->cert->key->x509;
4220 EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx)
4222 if (ctx->cert != NULL)
4223 return ctx->cert->key->privatekey;
4292 void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode)
4294 ctx->quiet_shutdown = mode;
4297 int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx)
4299 return ctx->quiet_shutdown;
4334 return ssl->ctx;
4337 SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx)
4340 if (ssl->ctx == ctx)
4341 return ssl->ctx;
4342 if (ctx == NULL)
4343 ctx = ssl->session_ctx;
4344 new_cert = ssl_cert_dup(ctx->cert);
4370 if ((ssl->ctx != NULL) &&
4371 (ssl->sid_ctx_length == ssl->ctx->sid_ctx_length) &&
4372 (memcmp(ssl->sid_ctx, ssl->ctx->sid_ctx, ssl->sid_ctx_length) == 0)) {
4373 ssl->sid_ctx_length = ctx->sid_ctx_length;
4374 memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx));
4377 SSL_CTX_up_ref(ctx);
4378 SSL_CTX_free(ssl->ctx); /* decrement reference count */
4379 ssl->ctx = ctx;
4381 return ssl->ctx;
4384 int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
4386 return X509_STORE_set_default_paths_ex(ctx->cert_store, ctx->libctx,
4387 ctx->propq);
4390 int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx)
4394 lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_hash_dir());
4408 int SSL_CTX_set_default_verify_file(SSL_CTX *ctx)
4412 lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_file());
4419 X509_LOOKUP_load_file_ex(lookup, NULL, X509_FILETYPE_DEFAULT, ctx->libctx,
4420 ctx->propq);
4427 int SSL_CTX_set_default_verify_store(SSL_CTX *ctx)
4431 lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_store());
4438 X509_LOOKUP_add_store_ex(lookup, NULL, ctx->libctx, ctx->propq);
4445 int SSL_CTX_load_verify_file(SSL_CTX *ctx, const char *CAfile)
4447 return X509_STORE_load_file_ex(ctx->cert_store, CAfile, ctx->libctx,
4448 ctx->propq);
4451 int SSL_CTX_load_verify_dir(SSL_CTX *ctx, const char *CApath)
4453 return X509_STORE_load_path(ctx->cert_store, CApath);
4456 int SSL_CTX_load_verify_store(SSL_CTX *ctx, const char *CAstore)
4458 return X509_STORE_load_store_ex(ctx->cert_store, CAstore, ctx->libctx,
4459 ctx->propq);
4462 int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
4467 if (CAfile != NULL && !SSL_CTX_load_verify_file(ctx, CAfile))
4469 if (CApath != NULL && !SSL_CTX_load_verify_dir(ctx, CApath))
4563 X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx)
4565 return ctx->cert_store;
4568 void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store)
4570 X509_STORE_free(ctx->cert_store);
4571 ctx->cert_store = store;
4574 void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store)
4578 SSL_CTX_set_cert_store(ctx, store);
4587 int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint)
4593 OPENSSL_free(ctx->cert->psk_identity_hint);
4595 ctx->cert->psk_identity_hint = OPENSSL_strdup(identity_hint);
4596 if (ctx->cert->psk_identity_hint == NULL)
4599 ctx->cert->psk_identity_hint = NULL;
4641 void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb)
4643 ctx->psk_client_callback = cb;
4651 void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb)
4653 ctx->psk_server_callback = cb;
4662 void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx,
4665 ctx->psk_find_session_cb = cb;
4673 void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx,
4676 ctx->psk_use_session_cb = cb;
4679 void SSL_CTX_set_msg_callback(SSL_CTX *ctx,
4684 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
4695 void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx,
4700 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB,
4712 void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx,
4716 ctx->record_padding_cb = cb;
4719 void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg)
4721 ctx->record_padding_arg = arg;
4724 void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx)
4726 return ctx->record_padding_arg;
4729 int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size)
4733 ctx->block_padding = 0;
4735 ctx->block_padding = block_size;
4789 int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets)
4791 ctx->num_tickets = num_tickets;
4796 size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx)
4798 return ctx->num_tickets;
4804 * If EVP_MD pointer is passed, initializes ctx with this |md|.
4805 * Returns the newly allocated ctx;
4831 EVP_MD_CTX *ctx = NULL;
4841 ctx = EVP_MD_CTX_new();
4842 if (ctx == NULL) {
4847 if (!EVP_MD_CTX_copy_ex(ctx, hdgst)
4848 || EVP_DigestFinal_ex(ctx, out, NULL) <= 0) {
4857 EVP_MD_CTX_free(ctx);
4891 int (*cb) (const SSL *s, const SSL_CTX *ctx,
4899 const SSL_CTX *ctx, int op,
4915 void SSL_CTX_set_security_level(SSL_CTX *ctx, int level)
4917 ctx->cert->sec_level = level;
4920 int SSL_CTX_get_security_level(const SSL_CTX *ctx)
4922 return ctx->cert->sec_level;
4925 void SSL_CTX_set_security_callback(SSL_CTX *ctx,
4926 int (*cb) (const SSL *s, const SSL_CTX *ctx,
4930 ctx->cert->sec_cb = cb;
4933 int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s,
4934 const SSL_CTX *ctx,
4939 return ctx->cert->sec_cb;
4942 void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex)
4944 ctx->cert->sec_ex = ex;
4947 void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx)
4949 return ctx->cert->sec_ex;
4952 uint64_t SSL_CTX_get_options(const SSL_CTX *ctx)
4954 return ctx->options;
4962 uint64_t SSL_CTX_set_options(SSL_CTX *ctx, uint64_t op)
4964 return ctx->options |= op;
4972 uint64_t SSL_CTX_clear_options(SSL_CTX *ctx, uint64_t op)
4974 return ctx->options &= ~op;
5146 static int ct_permissive(const CT_POLICY_EVAL_CTX * ctx,
5152 static int ct_strict(const CT_POLICY_EVAL_CTX * ctx,
5176 if (callback != NULL && SSL_CTX_has_client_custom_ext(s->ctx,
5197 int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx,
5204 if (callback != NULL && SSL_CTX_has_client_custom_ext(ctx,
5211 ctx->ct_validation_callback = callback;
5212 ctx->ct_validation_callback_arg = arg;
5221 int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx)
5223 return ctx->ct_validation_callback != NULL;
5232 CT_POLICY_EVAL_CTX *ctx = NULL;
5263 ctx = CT_POLICY_EVAL_CTX_new_ex(s->ctx->libctx, s->ctx->propq);
5264 if (ctx == NULL) {
5270 CT_POLICY_EVAL_CTX_set1_cert(ctx, cert);
5271 CT_POLICY_EVAL_CTX_set1_issuer(ctx, issuer);
5272 CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(ctx, s->ctx->ctlog_store);
5274 ctx, (uint64_t)SSL_SESSION_get_time(SSL_get0_session(s)) * 1000);
5292 if (SCT_LIST_validate(scts, ctx) < 0) {
5297 ret = s->ct_validation_callback(ctx, scts, s->ct_validation_callback_arg);
5304 CT_POLICY_EVAL_CTX_free(ctx);
5325 int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode)
5332 return SSL_CTX_set_ct_validation_callback(ctx, ct_permissive, NULL);
5334 return SSL_CTX_set_ct_validation_callback(ctx, ct_strict, NULL);
5351 int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx)
5353 return CTLOG_STORE_load_default_file(ctx->ctlog_store);
5356 int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path)
5358 return CTLOG_STORE_load_file(ctx->ctlog_store, path);
5361 void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE * logs)
5363 CTLOG_STORE_free(ctx->ctlog_store);
5364 ctx->ctlog_store = logs;
5367 const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx)
5369 return ctx->ctlog_store;
5509 void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb)
5511 ctx->keylog_callback = cb;
5514 SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx)
5516 return ctx->keylog_callback;
5532 if (ssl->ctx->keylog_callback == NULL)
5566 ssl->ctx->keylog_callback(ssl, (const char *)out);
5769 int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data)
5771 ctx->max_early_data = max_early_data;
5776 uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx)
5778 return ctx->max_early_data;
5793 int SSL_CTX_set_recv_max_early_data(SSL_CTX *ctx, uint32_t recv_max_early_data)
5795 ctx->recv_max_early_data = recv_max_early_data;
5800 uint32_t SSL_CTX_get_recv_max_early_data(const SSL_CTX *ctx)
5802 return ctx->recv_max_early_data;
5865 void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val)
5867 ctx->pha_enabled = val;
5922 int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx,
5927 ctx->generate_ticket_cb = gen_cb;
5928 ctx->decrypt_ticket_cb = dec_cb;
5929 ctx->ticket_cb_data = arg;
5933 void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx,
5937 ctx->allow_early_data_cb = cb;
5938 ctx->allow_early_data_cb_data = arg;
6053 int SSL_CTX_set0_tmp_dh_pkey(SSL_CTX *ctx, EVP_PKEY *dhpkey)
6055 if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
6060 EVP_PKEY_free(ctx->cert->dh_tmp);
6061 ctx->cert->dh_tmp = dhpkey;