diff options
author | Matt Caswell <matt@openssl.org> | 2015-09-22 16:50:32 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-09-25 14:49:59 +0100 |
commit | d84a7b20e3ce61fc8eb4ea74b62579c803e0772f (patch) | |
tree | 565587f3d39c4776603f2f5143099af1a230fac9 /ssl | |
parent | a93d3e06a9849deeceadf1b51c10492ae77c43eb (diff) |
Add ability to set default CA path and file locations individually
Previously you could only set both the default path and file locations
together. This adds the ability to set one without the other.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/ssl_lib.c | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 6d1e4e8064..b68f16dadb 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2787,6 +2787,37 @@ int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) return (X509_STORE_set_default_paths(ctx->cert_store)); } +int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx) +{ + X509_LOOKUP *lookup; + + lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_hash_dir()); + if (lookup == NULL) + return 0; + X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT); + + /* Clear any errors if the default directory does not exist */ + ERR_clear_error(); + + return 1; +} + +int SSL_CTX_set_default_verify_file(SSL_CTX *ctx) +{ + X509_LOOKUP *lookup; + + lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_file()); + if (lookup == NULL) + return 0; + + X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT); + + /* Clear any errors if the default file does not exist */ + ERR_clear_error(); + + return 1; +} + int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, const char *CApath) { |