From c101a7a0210bd0d3e287de9b7513e7fd806a5e3a Mon Sep 17 00:00:00 2001 From: Jim Hague Date: Tue, 27 Nov 2018 15:41:23 +0000 Subject: [PATCH] Abstract context DANE initialisation. --- src/context.c | 9 +-------- src/openssl/tls.c | 12 ++++++++++++ src/tls.h | 8 +++++++- 3 files changed, 20 insertions(+), 9 deletions(-) diff --git a/src/context.c b/src/context.c index e5ddf9a6..ddda54de 100644 --- a/src/context.c +++ b/src/context.c @@ -3572,14 +3572,7 @@ _getdns_context_prepare_for_resolution(getdns_context *context) if (context->tls_auth_min == GETDNS_AUTHENTICATION_REQUIRED) return GETDNS_RETURN_BAD_CONTEXT; } -# if defined(STUB_DEBUG) && STUB_DEBUG - int osr = -# else - (void) -# endif - SSL_CTX_dane_enable(context->tls_ctx->ssl); - DEBUG_STUB("%s %-35s: DEBUG: SSL_CTX_dane_enable() -> %d\n" - , STUB_DEBUG_SETUP_TLS, __FUNC__, osr); + _getdns_tls_context_dane_init(context->tls_ctx); } } diff --git a/src/openssl/tls.c b/src/openssl/tls.c index 72e8645b..2387faf4 100644 --- a/src/openssl/tls.c +++ b/src/openssl/tls.c @@ -216,6 +216,18 @@ getdns_return_t _getdns_tls_context_free(struct mem_funcs* mfs, _getdns_tls_cont return GETDNS_RETURN_GOOD; } +void _getdns_tls_context_dane_init(_getdns_tls_context* ctx) +{ +# if defined(STUB_DEBUG) && STUB_DEBUG + int osr = +# else + (void) +# endif + SSL_CTX_dane_enable(ctx->ssl); + DEBUG_STUB("%s %-35s: DEBUG: SSL_CTX_dane_enable() -> %d\n" + , STUB_DEBUG_SETUP_TLS, __FUNC__, osr); +} + getdns_return_t _getdns_tls_context_set_min_proto_1_2(_getdns_tls_context* ctx) { #ifdef HAVE_SSL_CTX_SET_MIN_PROTO_VERSION diff --git a/src/tls.h b/src/tls.h index 434d79fb..7a98a140 100644 --- a/src/tls.h +++ b/src/tls.h @@ -70,6 +70,13 @@ _getdns_tls_context* _getdns_tls_context_new(struct mem_funcs* mfs); */ getdns_return_t _getdns_tls_context_free(struct mem_funcs* mfs, _getdns_tls_context* ctx); +/** + * Initialise any shared state for DANE checking. + * + * @param ctx the context to initialise. + */ +void _getdns_tls_context_dane_init(_getdns_tls_context* ctx); + /** * Set TLS 1.2 as minimum TLS version. * @@ -103,7 +110,6 @@ getdns_return_t _getdns_tls_context_set_cipher_list(_getdns_tls_context* ctx, co */ getdns_return_t _getdns_tls_context_set_curves_list(_getdns_tls_context* ctx, const char* list); - /** * Set certificate authority details. *