+static int do_store(SSL_CONF_CTX *cctx,
+ const char *CAfile, const char *CApath, int verify_store)
+{
+ CERT *cert;
+ X509_STORE **st;
+ if (cctx->ctx)
+ cert = cctx->ctx->cert;
+ else if (cctx->ssl)
+ cert = cctx->ssl->cert;
+ else
+ return 1;
+ st = verify_store ? &cert->verify_store : &cert->chain_store;
+ if (*st == NULL) {
+ *st = X509_STORE_new();
+ if (*st == NULL)
+ return 0;
+ }
+ return X509_STORE_load_locations(*st, CAfile, CApath) > 0;
+}
+
+static int cmd_ChainCAPath(SSL_CONF_CTX *cctx, const char *value)
+{
+ return do_store(cctx, NULL, value, 0);
+}
+
+static int cmd_ChainCAFile(SSL_CONF_CTX *cctx, const char *value)
+{
+ return do_store(cctx, value, NULL, 0);
+}
+
+static int cmd_VerifyCAPath(SSL_CONF_CTX *cctx, const char *value)
+{
+ return do_store(cctx, NULL, value, 1);
+}
+
+static int cmd_VerifyCAFile(SSL_CONF_CTX *cctx, const char *value)
+{
+ return do_store(cctx, value, NULL, 1);
+}
+
+static int cmd_ClientCAFile(SSL_CONF_CTX *cctx, const char *value)
+{
+ if (cctx->canames == NULL)
+ cctx->canames = sk_X509_NAME_new_null();
+ if (cctx->canames == NULL)
+ return 0;
+ return SSL_add_file_cert_subjects_to_stack(cctx->canames, value);
+}
+
+static int cmd_ClientCAPath(SSL_CONF_CTX *cctx, const char *value)
+{
+ if (cctx->canames == NULL)
+ cctx->canames = sk_X509_NAME_new_null();
+ if (cctx->canames == NULL)
+ return 0;
+ return SSL_add_dir_cert_subjects_to_stack(cctx->canames, value);
+}
+