Optionally validate certificates on TLS server links

[ngircd-alex.git] / src / ngircd / conf.h

diff --git a/src/ngircd/conf.h b/src/ngircd/conf.h
index aa80b8dd94942536c29ff4fce85c18e316e591ce..12ad6f547aa9280a6101717c7a86dd898e2a0f1a 100644 (file)
--- a/src/ngircd/conf.h
+++ b/src/ngircd/conf.h
@@ -61,6 +61,7 @@ typedef struct _Conf_Server
        ng_ipaddr_t dst_addr[2];        /**< List of addresses to connect to */
 #ifdef SSL_SUPPORT
        bool SSLConnect;                /**< Establish connection using SSL? */
+       bool SSLVerify;                 /**< Verify server certificate using CA? */
 #endif
        char svs_mask[CLIENT_ID_LEN];   /**< Mask of nicknames that should be
                                             treated and counted as services */
@@ -76,6 +77,9 @@ struct SSLOptions {
        array ListenPorts;              /**< Array of listening SSL ports */
        array KeyFilePassword;          /**< Key file password */
        char *CipherList;               /**< Set SSL cipher list to use */
+       char *CAFile;                   /**< Trusted CA certificates file */
+       char *CRLFile;                  /**< Certificate revocation file */
+       bool RequireClientCert;         /**< Enforce client certifiactes? */
 };
 #endif