diff options
| author | Viktor Dukhovni <openssl-users@dukhovni.org> | 2024-04-15 00:09:02 -0400 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2024-04-26 09:03:44 +0200 |
| commit | 6d018570407606acc1eabe68921496d77f27aeb9 (patch) | |
| tree | 372eeefa99230672b15033e0d864218a46588bfb /crypto | |
| parent | 15d6114d99d93468876697b62d543b0e2efd45d5 (diff) | |
Avoid duplicate default CApath lookups
Fixes #21067
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24140)
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/x509/by_store.c | 16 | ||||
| -rw-r--r-- | crypto/x509/x509_d2.c | 5 |
2 files changed, 11 insertions, 10 deletions
diff --git a/crypto/x509/by_store.c b/crypto/x509/by_store.c index ee92f4b16f..7cc622ef79 100644 --- a/crypto/x509/by_store.c +++ b/crypto/x509/by_store.c @@ -111,14 +111,7 @@ static int by_store_ctrl_ex(X509_LOOKUP *ctx, int cmd, const char *argp, { switch (cmd) { case X509_L_ADD_STORE: - /* If no URI is given, use the default cert dir as default URI */ - if (argp == NULL) - argp = ossl_safe_getenv(X509_get_default_cert_dir_env()); - - if (argp == NULL) - argp = X509_get_default_cert_dir(); - - { + if (argp != NULL) { STACK_OF(OPENSSL_STRING) *uris = X509_LOOKUP_get_method_data(ctx); char *data = OPENSSL_strdup(argp); @@ -131,12 +124,15 @@ static int by_store_ctrl_ex(X509_LOOKUP *ctx, int cmd, const char *argp, } return sk_OPENSSL_STRING_push(uris, data) > 0; } + /* NOP if no URI is given. */ + return 1; case X509_L_LOAD_STORE: /* This is a shortcut for quick loading of specific containers */ return cache_objects(ctx, argp, NULL, 0, libctx, propq); + default: + /* Unsupported command */ + return 0; } - - return 0; } static int by_store_ctrl(X509_LOOKUP *ctx, int cmd, diff --git a/crypto/x509/x509_d2.c b/crypto/x509/x509_d2.c index 7838b703d4..2b410b5e35 100644 --- a/crypto/x509/x509_d2.c +++ b/crypto/x509/x509_d2.c @@ -30,6 +30,11 @@ int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OSSL_LIB_CTX *libctx, lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_store()); if (lookup == NULL) return 0; + /* + * The NULL URI argument will activate any default URIs (presently none), + * DO NOT pass the default CApath or CAfile, they're already handled above, + * likely much more efficiently. + */ X509_LOOKUP_add_store_ex(lookup, NULL, libctx, propq); /* clear any errors */ |