Commit d84a7b20 authored by Matt Caswell's avatar Matt Caswell
Browse files

Add ability to set default CA path and file locations individually 



Previously you could only set both the default path and file locations
together. This adds the ability to set one without the other.

Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
parent a93d3e06

include/openssl/ssl.h

+2 −0
Original line number Diff line number Diff line
@@ -1637,6 +1637,8 @@ void SSL_set_shutdown(SSL *ssl, int mode); 
__owur int SSL_get_shutdown(const SSL *ssl);

__owur int SSL_version(const SSL *ssl);

__owur int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);

__owur int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx);

__owur int SSL_CTX_set_default_verify_file(SSL_CTX *ctx);

__owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,

                                  const char *CApath);

# define SSL_get0_session SSL_get_session/* just peek at pointer */

ssl/ssl_lib.c

+31 −0
Original line number Diff line number Diff line
@@ -2787,6 +2787,37 @@ int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) 
    return (X509_STORE_set_default_paths(ctx->cert_store));

}



int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx)

{

    X509_LOOKUP *lookup;



    lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_hash_dir());

    if (lookup == NULL)

        return 0;

    X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);



    /* Clear any errors if the default directory does not exist */

    ERR_clear_error();



    return 1;

}



int SSL_CTX_set_default_verify_file(SSL_CTX *ctx)

{

    X509_LOOKUP *lookup;



    lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_file());

    if (lookup == NULL)

        return 0;



    X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);



    /* Clear any errors if the default file does not exist */

    ERR_clear_error();



    return 1;

}



int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,

                                  const char *CApath)

{

util/ssleay.num

+2 −0
Original line number Diff line number Diff line
@@ -403,3 +403,5 @@ SSL_get_server_random 437 EXIST::FUNCTION: 
SSL_get_client_ciphers                  438	EXIST::FUNCTION:

SSL_get_client_random                   439	EXIST::FUNCTION:

SSL_SESSION_get_master_key              440	EXIST::FUNCTION:

SSL_CTX_set_default_verify_dir          441	EXIST::FUNCTION:

SSL_CTX_set_default_verify_file         442	EXIST::FUNCTION: