andj

--- /tmp/removed123.txt	2011-10-06 21:16:39.370554427 +0200
+++ /tmp/added123.txt	2011-10-06 21:16:39.380559427 +0200
@@ -1,13 +1,11 @@
--- a/options.c
--- a/ssl_verify.c
-      if ((tmp_file=x509_write_cert(cert, verify_export_cert,&gc)))
--- a/ssl_verify_backend.h
-
-const char *x509_write_cert(x509_cert_t *cert, const char *tmp_dir,
-    struct gc_arena *gc);

andj

diff --git a/pf.c b/pf.c
index 6b4cba4..311495a 100644
--- a/pf.c
+++ b/pf.c
@@ -411,7 +411,7 @@ lookup_cn_rule (struct hash *h, const char *cn, const uint32
 bool
 pf_cn_test (struct pf_set *pfs, const struct tls_multi *tm, const int type, con
 {
-  if (!pfs->kill)
+  if (pfs && !pfs->kill)

andj

--- /tmp/removed123.txt	2011-08-25 21:00:53.981466290 +0200
+++ /tmp/added123.txt	2011-08-25 21:00:54.021486290 +0200
@@ -1,17 +1,34 @@
--- a/ssl.c
-  else
-    {
-      /* Use seperate PEM files for key, cert and CA certs */
+++ b/ssl.c
+  else if (options->pkcs11_providers[0])
+      if (0 != tls_ctx_load_pkcs11(new_ctx, options->pkcs11_id_management, options->pkcs11_id))

andj

--- /tmp/removed123.txt	2011-08-25 20:57:38.503776323 +0200
+++ /tmp/added123.txt	2011-08-25 20:57:38.533791323 +0200
@@ -1,8 +1,72 @@
--- a/ssl.c
+++ b/ssl.c
+	      status = key_state_read_plaintext (&ks->ks_ssl, buf, TLS_CHANNEL_BUF_SIZE);
+		  int status = key_state_read_ciphertext (&ks->ks_ssl, buf, PAYLOAD_SIZE_DYNAMIC (&multi->opt.frame));
+++ b/ssl_backend.h
+/**************************************************************************/
+/** @addtogroup control_tls

andj

--- /tmp/removed123.txt	2011-08-25 20:56:30.059571334 +0200
+++ /tmp/added123.txt	2011-08-25 20:56:30.099591333 +0200
@@ -1,22 +1,43 @@
--- a/ssl.c
+++ b/ssl.c
+		    print_details (&ks->ks_ssl, "Control Channel:");
+++ b/ssl_backend.h
+/* **************************************
+ *
+ * Information functions

andj

--- /tmp/removed123.txt	2011-08-25 20:51:12.490866386 +0200
+++ /tmp/added123.txt	2011-08-25 20:51:12.520881386 +0200
@@ -1,4 +1,40 @@
--- a/ssl.c
+++ b/ssl.c
+  CLEAR (*ks);
+
+  key_state_ssl_init(&ks->ks_ssl, &session->opt->ssl_ctx, session->opt->server,
+      session);
+++ b/ssl_backend.h

andj

--- /tmp/removed123.txt	2011-08-25 20:50:10.709991396 +0200
+++ /tmp/added123.txt	2011-08-25 20:50:10.740006395 +0200
@@ -1,32 +1,33 @@
--- a/init.c
-  to.ssl_ctx = c->c1.ks.ssl_ctx.ctx;
--- a/ssl.c
-  ret = bio_write (multi, ks->ssl_bio, BPTR(buf), BLEN(buf), "tls_write_plaintext");
-  ret = bio_write (multi, ks->ssl_bio, data, len, "tls_write_plaintext_const");
-  ret = bio_read (multi, ks->ct_out, buf, maxlen, "tls_read_ciphertext");
-  ret = bio_write (multi, ks->ct_in, BPTR(buf), BLEN(buf), "tls_write_ciphertext");

andj

--- /tmp/removed123.txt	2011-08-25 20:40:46.007781486 +0200
+++ /tmp/added123.txt	2011-08-25 20:40:46.037796486 +0200
@@ -1,50 +1,47 @@
--- a/ssl.c
+++ b/ssl.c
+  ctx = new_ctx->ctx;
+  if (options->ca_file || options->ca_path)
+      tls_ctx_load_ca(new_ctx, options->ca_file, options->ca_file_inline,
+	  options->ca_path, options->tls_server);
+      tls_ctx_load_extra_certs(new_ctx, options->extra_certs_file, options->extra_certs_file_inline);

andj

--- /tmp/removed123.txt	2011-08-25 20:37:20.895276521 +0200
+++ /tmp/added123.txt	2011-08-25 20:37:20.925291521 +0200
@@ -1,4 +1,27 @@
--- a/ssl.c
+++ b/ssl.c
+  else if ((options->management_flags & MF_EXTERNAL_KEY) && options->cert_file)
+      tls_ctx_load_cert_file(new_ctx, options->cert_file, options->cert_file_inline,
+	  &my_cert);
+      tls_ctx_use_external_private_key(new_ctx, my_cert);
+++ b/ssl_backend.h

andj

--- /tmp/removed123.txt	2011-08-25 20:33:49.899831556 +0200
+++ /tmp/added123.txt	2011-08-25 20:33:49.919841556 +0200
@@ -1,4 +1,25 @@
--- a/ssl.c
+++ b/ssl.c
+          if (0 != tls_ctx_load_priv_file(new_ctx, options->priv_key_file, options->priv_key_file_inline))
+++ b/ssl_backend.h
+ * Load private key file into the given TLS context.
+ *
+ * @param ctx			TLS context to use