[mod_mbedtls] mbedTLS option for TLS

(experimental)

mod_mbedtls supports most ssl.* config options supported by mod_openssl

thx Ward Willats for the initial discussion and attempt in the comments
  https://redmine.lighttpd.net/boards/3/topics/7029

1 files changed, 8 insertions, 2 deletions

diff --git a/src/network.c b/src/network.c
index 05d1f074..432a0011 100644
--- a/src/network.c
+++ b/src/network.c
@@ -142,6 +142,7 @@ typedef struct {
     /* global or per-socket config; not patched per connection */
     int listen_backlog;
     unsigned char ssl_enabled;
+    unsigned char mbedtls_enabled; /* TODO: more integration needed ... */
     unsigned char use_ipv6;
     unsigned char set_v6only; /* set_v6only is only a temporary option */
     unsigned char defer_accept;
@@ -264,7 +265,7 @@ static int network_server_init(server *srv, network_socket_config *s, buffer *ho
 	memcpy(&srv_socket->addr, &addr, addr_len);
 	srv_socket->fd = -1;
 	srv_socket->sidx = sidx;
-	srv_socket->is_ssl = s->ssl_enabled;
+	srv_socket->is_ssl = (s->ssl_enabled || s->mbedtls_enabled);
 	srv_socket->srv = srv;
 	srv_socket->srv_token = buffer_init_buffer(host_token);
 
@@ -383,7 +384,7 @@ static int network_server_init(server *srv, network_socket_config *s, buffer *ho
 		return -1;
 	}
 
-	if (s->ssl_enabled) {
+	if (s->ssl_enabled || s->mbedtls_enabled) {
 #ifdef TCP_DEFER_ACCEPT
 	} else if (s->defer_accept) {
 		int v = s->defer_accept;
@@ -514,6 +515,11 @@ int network_init(server *srv, int stdin_fd) {
      ,{ CONST_STR_LEN("server.set-v6only"),
         T_CONFIG_BOOL,
         T_CONFIG_SCOPE_CONNECTION }
+    #if 0 /* TODO: more integration needed ... */
+     ,{ CONST_STR_LEN("mbedtls.engine"),
+        T_CONFIG_BOOL,
+        T_CONFIG_SCOPE_CONNECTION }
+    #endif
      ,{ NULL, 0,
         T_CONFIG_UNSET,
         T_CONFIG_SCOPE_UNSET }