Add ability to set default CA path and file locations individually

Previously you could only set both the default path and file locations together. This adds the ability to set one without the other. Reviewed-by: Andy Polyakov <appro@openssl.org>
author: Matt Caswell <matt@openssl.org> 2015-09-22 16:50:32 +0100
committer: Matt Caswell <matt@openssl.org> 2015-09-25 14:49:59 +0100
commit: d84a7b20e3ce61fc8eb4ea74b62579c803e0772f (patch)
tree: 565587f3d39c4776603f2f5143099af1a230fac9 /ssl
parent: a93d3e06a9849deeceadf1b51c10492ae77c43eb (diff)
1 files changed, 31 insertions, 0 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 6d1e4e8064..b68f16dadb 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2787,6 +2787,37 @@ int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
     return (X509_STORE_set_default_paths(ctx->cert_store));
 }
 
+int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx)
+{
+    X509_LOOKUP *lookup;
+
+    lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_hash_dir());
+    if (lookup == NULL)
+        return 0;
+    X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
+
+    /* Clear any errors if the default directory does not exist */
+    ERR_clear_error();
+
+    return 1;
+}
+
+int SSL_CTX_set_default_verify_file(SSL_CTX *ctx)
+{
+    X509_LOOKUP *lookup;
+
+    lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_file());
+    if (lookup == NULL)
+        return 0;
+
+    X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
+
+    /* Clear any errors if the default file does not exist */
+    ERR_clear_error();
+
+    return 1;
+}
+
 int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
                                   const char *CApath)
 {
author	Matt Caswell <matt@openssl.org>	2015-09-22 16:50:32 +0100
committer	Matt Caswell <matt@openssl.org>	2015-09-25 14:49:59 +0100
commit	d84a7b20e3ce61fc8eb4ea74b62579c803e0772f (patch)
tree	565587f3d39c4776603f2f5143099af1a230fac9 /ssl
parent	a93d3e06a9849deeceadf1b51c10492ae77c43eb (diff)