diff options
| author | Tomas Mraz <tmraz@fedoraproject.org> | 2018-03-19 10:01:39 -0400 |
|---|---|---|
| committer | Rich Salz <rsalz@openssl.org> | 2018-03-19 10:22:49 -0400 |
| commit | 8a5ed9dce8ee36b4bb05cb928fa7a01aba6d8e41 (patch) | |
| tree | 3b942fbfeb7c69a11ed45db6993cd39455ea7e0a /ssl/ssl_mcnf.c | |
| parent | 440bce8f813fa661437ce52378c3df38e2fd073b (diff) | |
Apply system_default configuration on SSL_CTX_new().
When SSL_CTX is created preinitialize it with system default
configuration from system_default section.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4848)
Diffstat (limited to 'ssl/ssl_mcnf.c')
| -rw-r--r-- | ssl/ssl_mcnf.c | 25 |
1 files changed, 19 insertions, 6 deletions
diff --git a/ssl/ssl_mcnf.c b/ssl/ssl_mcnf.c index 59674f3d39..70c7ed811f 100644 --- a/ssl/ssl_mcnf.c +++ b/ssl/ssl_mcnf.c @@ -125,6 +125,7 @@ static const struct ssl_conf_name *ssl_name_find(const char *name) { size_t i; const struct ssl_conf_name *nm; + if (name == NULL) return NULL; for (i = 0, nm = ssl_names; i < ssl_names_count; i++, nm++) { @@ -134,7 +135,7 @@ static const struct ssl_conf_name *ssl_name_find(const char *name) return NULL; } -static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name) +static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name, int system) { SSL_CONF_CTX *cctx = NULL; size_t i; @@ -143,21 +144,28 @@ static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name) const SSL_METHOD *meth; const struct ssl_conf_name *nm; struct ssl_conf_cmd *cmd; + if (s == NULL && ctx == NULL) { SSLerr(SSL_F_SSL_DO_CONFIG, ERR_R_PASSED_NULL_PARAMETER); goto err; } + + if (name == NULL && system) + name = "system_default"; nm = ssl_name_find(name); if (nm == NULL) { - SSLerr(SSL_F_SSL_DO_CONFIG, SSL_R_INVALID_CONFIGURATION_NAME); - ERR_add_error_data(2, "name=", name); + if (!system) { + SSLerr(SSL_F_SSL_DO_CONFIG, SSL_R_INVALID_CONFIGURATION_NAME); + ERR_add_error_data(2, "name=", name); + } goto err; } cctx = SSL_CONF_CTX_new(); if (cctx == NULL) goto err; flags = SSL_CONF_FLAG_FILE; - flags |= SSL_CONF_FLAG_CERTIFICATE | SSL_CONF_FLAG_REQUIRE_PRIVATE; + if (!system) + flags |= SSL_CONF_FLAG_CERTIFICATE | SSL_CONF_FLAG_REQUIRE_PRIVATE; if (s != NULL) { meth = s->method; SSL_CONF_CTX_set_ssl(cctx, s); @@ -190,10 +198,15 @@ static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name) int SSL_config(SSL *s, const char *name) { - return ssl_do_config(s, NULL, name); + return ssl_do_config(s, NULL, name, 0); } int SSL_CTX_config(SSL_CTX *ctx, const char *name) { - return ssl_do_config(NULL, ctx, name); + return ssl_do_config(NULL, ctx, name, 0); +} + +void ssl_ctx_system_config(SSL_CTX *ctx) +{ + ssl_do_config(NULL, ctx, NULL, 1); } |