MINOR: ssl: Export functions to manipulate generated certificates
Following functions are now available in the SSL public API:
* ssl_sock_create_cert
* ssl_sock_get_generated_cert
* ssl_sock_set_generated_cert
* ssl_sock_generated_cert_serial
These functions could be used to create a certificate by hand, set it in the
cache used to store generated certificates and retrieve it. Here is an example
(pseudo code):
X509 *cacert = ...;
EVP_PKEY *capkey = ...;
char *servername = ...;
unsigned int serial;
serial = ssl_sock_generated_cert_serial(servername, strlen(servername));
if (!ssl_sock_get_generated_cert(serial, cacert)) {
SSL_CTX *ctx = ssl_sock_create_cert(servername, serial, cacert, capkey);
ssl_sock_set_generated_cert(ctx, serial, cacert);
}
diff --git a/include/proto/ssl_sock.h b/include/proto/ssl_sock.h
index 7a9e988..ec616dc 100644
--- a/include/proto/ssl_sock.h
+++ b/include/proto/ssl_sock.h
@@ -69,6 +69,11 @@
int ssl_sock_load_global_dh_param_from_file(const char *filename);
#endif
+SSL_CTX *ssl_sock_create_cert(const char *servername, unsigned int serial, X509 *cacert, EVP_PKEY *capkey);
+SSL_CTX *ssl_sock_get_generated_cert(unsigned int serial, X509 *cacert);
+void ssl_sock_set_generated_cert(SSL_CTX *ctx, unsigned int serial, X509 *cacert);
+unsigned int ssl_sock_generated_cert_serial(void *data, size_t len);
+
#endif /* _PROTO_SSL_SOCK_H */
/*