wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

SSL_CONF support for certificate_authorities

Browse source 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3015)
This commit is contained in:
Dr. Stephen Henson 2017-03-18 13:44:13 +00:00
parent fa7c263747
commit be885d5075
1 changed files with 18 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
ssl/ssl_conf.c
View file

@ -465,7 +465,7 @@ static int cmd_VerifyCAFile(SSL_CONF_CTX *cctx, const char *value)
return do_store(cctx, value, NULL, 1); return do_store(cctx, value, NULL, 1);
} }
static int cmd_ClientCAFile(SSL_CONF_CTX *cctx, const char *value) static int cmd_RequestCAFile(SSL_CONF_CTX *cctx, const char *value)
{ {
if (cctx->canames == NULL) if (cctx->canames == NULL)
cctx->canames = sk_X509_NAME_new_null(); cctx->canames = sk_X509_NAME_new_null();
@ -474,7 +474,12 @@ static int cmd_ClientCAFile(SSL_CONF_CTX *cctx, const char *value)
return SSL_add_file_cert_subjects_to_stack(cctx->canames, value); return SSL_add_file_cert_subjects_to_stack(cctx->canames, value);
} }
static int cmd_ClientCAPath(SSL_CONF_CTX *cctx, const char *value) static int cmd_ClientCAFile(SSL_CONF_CTX *cctx, const char *value)
{
return cmd_RequestCAFile(cctx, value);
}
static int cmd_RequestCAPath(SSL_CONF_CTX *cctx, const char *value)
{ {
if (cctx->canames == NULL) if (cctx->canames == NULL)
cctx->canames = sk_X509_NAME_new_null(); cctx->canames = sk_X509_NAME_new_null();
@ -483,6 +488,11 @@ static int cmd_ClientCAPath(SSL_CONF_CTX *cctx, const char *value)
return SSL_add_dir_cert_subjects_to_stack(cctx->canames, value); return SSL_add_dir_cert_subjects_to_stack(cctx->canames, value);
} }
static int cmd_ClientCAPath(SSL_CONF_CTX *cctx, const char *value)
{
return cmd_RequestCAPath(cctx, value);
}
#ifndef OPENSSL_NO_DH #ifndef OPENSSL_NO_DH
static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value) static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value)
{ {
@ -575,9 +585,13 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {
SSL_CONF_TYPE_DIR), SSL_CONF_TYPE_DIR),
SSL_CONF_CMD(VerifyCAFile, "verifyCAfile", SSL_CONF_FLAG_CERTIFICATE, SSL_CONF_CMD(VerifyCAFile, "verifyCAfile", SSL_CONF_FLAG_CERTIFICATE,
SSL_CONF_TYPE_FILE), SSL_CONF_TYPE_FILE),
SSL_CONF_CMD(RequestCAFile, "requestCAFile", SSL_CONF_FLAG_CERTIFICATE,
SSL_CONF_TYPE_FILE),
SSL_CONF_CMD(ClientCAFile, NULL, SSL_CONF_CMD(ClientCAFile, NULL,
SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE, SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE,
SSL_CONF_TYPE_FILE), SSL_CONF_TYPE_FILE),
SSL_CONF_CMD(RequestCAPath, NULL, SSL_CONF_FLAG_CERTIFICATE,
SSL_CONF_TYPE_DIR),
SSL_CONF_CMD(ClientCAPath, NULL, SSL_CONF_CMD(ClientCAPath, NULL,
SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE, SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE,
SSL_CONF_TYPE_DIR), SSL_CONF_TYPE_DIR),
@ -802,9 +816,9 @@ int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx)
} }
if (cctx->canames) { if (cctx->canames) {
if (cctx->ssl) if (cctx->ssl)
SSL_set_client_CA_list(cctx->ssl, cctx->canames); SSL_set0_CA_list(cctx->ssl, cctx->canames);
else if (cctx->ctx) else if (cctx->ctx)
SSL_CTX_set_client_CA_list(cctx->ctx, cctx->canames); SSL_CTX_set0_CA_list(cctx->ctx, cctx->canames);
else else
sk_X509_NAME_pop_free(cctx->canames, X509_NAME_free); sk_X509_NAME_pop_free(cctx->canames, X509_NAME_free);
cctx->canames = NULL; cctx->canames = NULL;