SSL_CONF support for certificate_authorities

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3015)
This commit is contained in:
Dr. Stephen Henson 2017-03-18 13:44:13 +00:00
parent fa7c263747
commit be885d5075

View file

@ -465,7 +465,7 @@ static int cmd_VerifyCAFile(SSL_CONF_CTX *cctx, const char *value)
return do_store(cctx, value, NULL, 1);
}
static int cmd_ClientCAFile(SSL_CONF_CTX *cctx, const char *value)
static int cmd_RequestCAFile(SSL_CONF_CTX *cctx, const char *value)
{
if (cctx->canames == NULL)
cctx->canames = sk_X509_NAME_new_null();
@ -474,7 +474,12 @@ static int cmd_ClientCAFile(SSL_CONF_CTX *cctx, const char *value)
return SSL_add_file_cert_subjects_to_stack(cctx->canames, value);
}
static int cmd_ClientCAPath(SSL_CONF_CTX *cctx, const char *value)
static int cmd_ClientCAFile(SSL_CONF_CTX *cctx, const char *value)
{
return cmd_RequestCAFile(cctx, value);
}
static int cmd_RequestCAPath(SSL_CONF_CTX *cctx, const char *value)
{
if (cctx->canames == NULL)
cctx->canames = sk_X509_NAME_new_null();
@ -483,6 +488,11 @@ static int cmd_ClientCAPath(SSL_CONF_CTX *cctx, const char *value)
return SSL_add_dir_cert_subjects_to_stack(cctx->canames, value);
}
static int cmd_ClientCAPath(SSL_CONF_CTX *cctx, const char *value)
{
return cmd_RequestCAPath(cctx, value);
}
#ifndef OPENSSL_NO_DH
static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value)
{
@ -575,9 +585,13 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {
SSL_CONF_TYPE_DIR),
SSL_CONF_CMD(VerifyCAFile, "verifyCAfile", SSL_CONF_FLAG_CERTIFICATE,
SSL_CONF_TYPE_FILE),
SSL_CONF_CMD(RequestCAFile, "requestCAFile", SSL_CONF_FLAG_CERTIFICATE,
SSL_CONF_TYPE_FILE),
SSL_CONF_CMD(ClientCAFile, NULL,
SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE,
SSL_CONF_TYPE_FILE),
SSL_CONF_CMD(RequestCAPath, NULL, SSL_CONF_FLAG_CERTIFICATE,
SSL_CONF_TYPE_DIR),
SSL_CONF_CMD(ClientCAPath, NULL,
SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE,
SSL_CONF_TYPE_DIR),
@ -802,9 +816,9 @@ int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx)
}
if (cctx->canames) {
if (cctx->ssl)
SSL_set_client_CA_list(cctx->ssl, cctx->canames);
SSL_set0_CA_list(cctx->ssl, cctx->canames);
else if (cctx->ctx)
SSL_CTX_set_client_CA_list(cctx->ctx, cctx->canames);
SSL_CTX_set0_CA_list(cctx->ctx, cctx->canames);
else
sk_X509_NAME_pop_free(cctx->canames, X509_NAME_free);
cctx->canames = NULL;