diff options
-rw-r--r-- | include/openssl/ssl.h | 2 | ||||
-rw-r--r-- | ssl/ssl_lib.c | 31 | ||||
-rwxr-xr-x | util/ssleay.num | 2 |
3 files changed, 35 insertions, 0 deletions
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 192640e1db..04ef4d4972 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1637,6 +1637,8 @@ void SSL_set_shutdown(SSL *ssl, int mode); __owur int SSL_get_shutdown(const SSL *ssl); __owur int SSL_version(const SSL *ssl); __owur int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); +__owur int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx); +__owur int SSL_CTX_set_default_verify_file(SSL_CTX *ctx); __owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, const char *CApath); # define SSL_get0_session SSL_get_session/* just peek at pointer */ diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 6d1e4e8064..b68f16dadb 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2787,6 +2787,37 @@ int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) return (X509_STORE_set_default_paths(ctx->cert_store)); } +int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx) +{ + X509_LOOKUP *lookup; + + lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_hash_dir()); + if (lookup == NULL) + return 0; + X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT); + + /* Clear any errors if the default directory does not exist */ + ERR_clear_error(); + + return 1; +} + +int SSL_CTX_set_default_verify_file(SSL_CTX *ctx) +{ + X509_LOOKUP *lookup; + + lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_file()); + if (lookup == NULL) + return 0; + + X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT); + + /* Clear any errors if the default file does not exist */ + ERR_clear_error(); + + return 1; +} + int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, const char *CApath) { diff --git a/util/ssleay.num b/util/ssleay.num index ddaf306da6..4c7f8d3f8c 100755 --- a/util/ssleay.num +++ b/util/ssleay.num @@ -403,3 +403,5 @@ SSL_get_server_random 437 EXIST::FUNCTION: SSL_get_client_ciphers 438 EXIST::FUNCTION: SSL_get_client_random 439 EXIST::FUNCTION: SSL_SESSION_get_master_key 440 EXIST::FUNCTION: +SSL_CTX_set_default_verify_dir 441 EXIST::FUNCTION: +SSL_CTX_set_default_verify_file 442 EXIST::FUNCTION: |