ssl_names_count = cnt;
for (i = 0; i < ssl_names_count; i++) {
struct ssl_conf_name *ssl_name = ssl_names + i;
- CONF_VALUE *sect = sk_CONF_VALUE_value(cmd_lists, i);
+ CONF_VALUE *sect = sk_CONF_VALUE_value(cmd_lists, (int)i);
STACK_OF(CONF_VALUE) *cmds = NCONF_get_section(cnf, sect->value);
if (sk_CONF_VALUE_num(cmds) <= 0) {
if (cmds == NULL)
ssl_name->cmd_count = cnt;
for (j = 0; j < cnt; j++) {
const char *name;
- CONF_VALUE *cmd_conf = sk_CONF_VALUE_value(cmds, j);
+ CONF_VALUE *cmd_conf = sk_CONF_VALUE_value(cmds, (int)j);
struct ssl_conf_cmd *cmd = ssl_name->cmds + j;
/* Skip any initial dot in name */
name = strchr(cmd_conf->name, '.');
{
size_t i;
const struct ssl_conf_name *nm;
+
if (name == NULL)
return NULL;
for (i = 0, nm = ssl_names; i < ssl_names_count; i++, nm++) {
return NULL;
}
-static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name)
+static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name, int system)
{
SSL_CONF_CTX *cctx = NULL;
size_t i;
const SSL_METHOD *meth;
const struct ssl_conf_name *nm;
struct ssl_conf_cmd *cmd;
+
if (s == NULL && ctx == NULL) {
SSLerr(SSL_F_SSL_DO_CONFIG, ERR_R_PASSED_NULL_PARAMETER);
goto err;
}
+
+ if (name == NULL && system)
+ name = "system_default";
nm = ssl_name_find(name);
if (nm == NULL) {
- SSLerr(SSL_F_SSL_DO_CONFIG, SSL_R_INVALID_CONFIGURATION_NAME);
- ERR_add_error_data(2, "name=", name);
+ if (!system) {
+ SSLerr(SSL_F_SSL_DO_CONFIG, SSL_R_INVALID_CONFIGURATION_NAME);
+ ERR_add_error_data(2, "name=", name);
+ }
goto err;
}
cctx = SSL_CONF_CTX_new();
if (cctx == NULL)
goto err;
flags = SSL_CONF_FLAG_FILE;
- flags |= SSL_CONF_FLAG_CERTIFICATE | SSL_CONF_FLAG_REQUIRE_PRIVATE;
+ if (!system)
+ flags |= SSL_CONF_FLAG_CERTIFICATE | SSL_CONF_FLAG_REQUIRE_PRIVATE;
if (s != NULL) {
meth = s->method;
SSL_CONF_CTX_set_ssl(cctx, s);
int SSL_config(SSL *s, const char *name)
{
- return ssl_do_config(s, NULL, name);
+ return ssl_do_config(s, NULL, name, 0);
}
int SSL_CTX_config(SSL_CTX *ctx, const char *name)
{
- return ssl_do_config(NULL, ctx, name);
+ return ssl_do_config(NULL, ctx, name, 0);
+}
+
+void ssl_ctx_system_config(SSL_CTX *ctx)
+{
+ ssl_do_config(NULL, ctx, NULL, 1);
}