diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2017-03-18 13:44:13 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2017-04-03 23:47:21 +0100 |
| commit | be885d50758f887520e6fa0a5edeaec7c5e70b65 (patch) | |
| tree | 070c2db78a4324548e9c7a2454e730233022a68f /ssl | |
| parent | fa7c263747cb73f03b321399a1452cc40516d9a4 (diff) | |
SSL_CONF support for certificate_authorities
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3015)
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/ssl_conf.c | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index 954e421129..4b4619279e 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -465,7 +465,7 @@ static int cmd_VerifyCAFile(SSL_CONF_CTX *cctx, const char *value) return do_store(cctx, value, NULL, 1); } -static int cmd_ClientCAFile(SSL_CONF_CTX *cctx, const char *value) +static int cmd_RequestCAFile(SSL_CONF_CTX *cctx, const char *value) { if (cctx->canames == NULL) cctx->canames = sk_X509_NAME_new_null(); @@ -474,7 +474,12 @@ static int cmd_ClientCAFile(SSL_CONF_CTX *cctx, const char *value) return SSL_add_file_cert_subjects_to_stack(cctx->canames, value); } -static int cmd_ClientCAPath(SSL_CONF_CTX *cctx, const char *value) +static int cmd_ClientCAFile(SSL_CONF_CTX *cctx, const char *value) +{ + return cmd_RequestCAFile(cctx, value); +} + +static int cmd_RequestCAPath(SSL_CONF_CTX *cctx, const char *value) { if (cctx->canames == NULL) cctx->canames = sk_X509_NAME_new_null(); @@ -483,6 +488,11 @@ static int cmd_ClientCAPath(SSL_CONF_CTX *cctx, const char *value) return SSL_add_dir_cert_subjects_to_stack(cctx->canames, value); } +static int cmd_ClientCAPath(SSL_CONF_CTX *cctx, const char *value) +{ + return cmd_RequestCAPath(cctx, value); +} + #ifndef OPENSSL_NO_DH static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value) { @@ -575,9 +585,13 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = { SSL_CONF_TYPE_DIR), SSL_CONF_CMD(VerifyCAFile, "verifyCAfile", SSL_CONF_FLAG_CERTIFICATE, SSL_CONF_TYPE_FILE), + SSL_CONF_CMD(RequestCAFile, "requestCAFile", SSL_CONF_FLAG_CERTIFICATE, + SSL_CONF_TYPE_FILE), SSL_CONF_CMD(ClientCAFile, NULL, SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE, SSL_CONF_TYPE_FILE), + SSL_CONF_CMD(RequestCAPath, NULL, SSL_CONF_FLAG_CERTIFICATE, + SSL_CONF_TYPE_DIR), SSL_CONF_CMD(ClientCAPath, NULL, SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE, SSL_CONF_TYPE_DIR), @@ -802,9 +816,9 @@ int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx) } if (cctx->canames) { if (cctx->ssl) - SSL_set_client_CA_list(cctx->ssl, cctx->canames); + SSL_set0_CA_list(cctx->ssl, cctx->canames); else if (cctx->ctx) - SSL_CTX_set_client_CA_list(cctx->ctx, cctx->canames); + SSL_CTX_set0_CA_list(cctx->ctx, cctx->canames); else sk_X509_NAME_pop_free(cctx->canames, X509_NAME_free); cctx->canames = NULL; |