diff options
author | Richard Levitte <levitte@openssl.org> | 2019-03-07 15:26:34 +0100 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2019-11-03 18:38:23 +0100 |
commit | fd3397fc47bfd92e7e33d88aa566cb0c8bd29330 (patch) | |
tree | 463778bc2ded727930631bec442d7ec7b7509488 /apps/lib/s_cb.c | |
parent | 6dcb100f89d0ef081771d533fed342412ac7a13f (diff) |
Add -CAstore and similar to all openssl commands that have -CApath
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8442)
Diffstat (limited to 'apps/lib/s_cb.c')
-rw-r--r-- | apps/lib/s_cb.c | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c index 47b8afe9ef..7b81d60fe7 100644 --- a/apps/lib/s_cb.c +++ b/apps/lib/s_cb.c @@ -1262,27 +1262,37 @@ int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls, int crl_download) int ssl_load_stores(SSL_CTX *ctx, const char *vfyCApath, const char *vfyCAfile, + const char *vfyCAstore, const char *chCApath, const char *chCAfile, + const char *chCAstore, STACK_OF(X509_CRL) *crls, int crl_download) { X509_STORE *vfy = NULL, *ch = NULL; int rv = 0; - if (vfyCApath != NULL || vfyCAfile != NULL) { + if (vfyCApath != NULL || vfyCAfile != NULL || vfyCAstore != NULL) { vfy = X509_STORE_new(); if (vfy == NULL) goto err; - if (!X509_STORE_load_locations(vfy, vfyCAfile, vfyCApath)) + if (vfyCAfile != NULL && !X509_STORE_load_file(vfy, vfyCAfile)) + goto err; + if (vfyCApath != NULL && !X509_STORE_load_path(vfy, vfyCApath)) + goto err; + if (vfyCAstore != NULL && !X509_STORE_load_store(vfy, vfyCAstore)) goto err; add_crls_store(vfy, crls); SSL_CTX_set1_verify_cert_store(ctx, vfy); if (crl_download) store_setup_crl_download(vfy); } - if (chCApath != NULL || chCAfile != NULL) { + if (chCApath != NULL || chCAfile != NULL || chCAstore != NULL) { ch = X509_STORE_new(); if (ch == NULL) goto err; - if (!X509_STORE_load_locations(ch, chCAfile, chCApath)) + if (chCAfile != NULL && !X509_STORE_load_file(ch, chCAfile)) + goto err; + if (chCApath != NULL && !X509_STORE_load_path(ch, chCApath)) + goto err; + if (chCAstore != NULL && !X509_STORE_load_store(ch, chCAstore)) goto err; SSL_CTX_set1_chain_cert_store(ctx, ch); } |