/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* https://www.openssl.org/source/license.html
*/
-#include "e_os.h"
+#if defined (__TANDEM) && defined (_SPT_MODEL_)
+ /*
+ * These definitions have to come first in SPT due to scoping of the
+ * declarations in c99 associated with SPT use of stat.
+ */
+# include <sys/types.h>
+# include <sys/stat.h>
+#endif
+
+#include "internal/e_os.h"
#include "internal/cryptlib.h"
#include <stdio.h>
#include <time.h>
switch (cmd) {
case X509_L_ADD_DIR:
if (argl == X509_FILETYPE_DEFAULT) {
- const char *dir = ossl_safe_getenv(X509_get_default_cert_dir_env());
+ /* If SSL_CERT_PATH is provided and non-empty, use that. */
+ const char *dir = ossl_safe_getenv(X509_get_default_cert_path_env());
+
+ /* Fallback to SSL_CERT_DIR. */
+ if (dir == NULL)
+ dir = ossl_safe_getenv(X509_get_default_cert_dir_env());
- if (dir)
- ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM);
- else
- ret = add_cert_dir(ld, X509_get_default_cert_dir(),
- X509_FILETYPE_PEM);
+ /* Fallback to built-in default. */
+ if (dir == NULL)
+ dir = X509_get_default_cert_dir();
+
+ ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM);
if (!ret) {
ERR_raise(ERR_LIB_X509, X509_R_LOADING_CERT_DIR);
}
}
ctx = (BY_DIR *)xl->method_data;
-
- h = X509_NAME_hash(name);
+ h = X509_NAME_hash_ex(name, libctx, propq, &i);
+ if (i == 0)
+ goto finish;
for (i = 0; i < sk_BY_DIR_ENTRY_num(ctx->dirs); i++) {
BY_DIR_ENTRY *ent;
int idx;
}
if (type == X509_LU_CRL && ent->hashes) {
htmp.hash = h;
- CRYPTO_THREAD_read_lock(ctx->lock);
+ if (!CRYPTO_THREAD_read_lock(ctx->lock))
+ goto finish;
idx = sk_BY_DIR_HASH_find(ent->hashes, &htmp);
if (idx >= 0) {
hent = sk_BY_DIR_HASH_value(ent->hashes, idx);
/* If a CRL, update the last file suffix added for this */
if (type == X509_LU_CRL) {
- CRYPTO_THREAD_write_lock(ctx->lock);
+ if (!CRYPTO_THREAD_write_lock(ctx->lock))
+ goto finish;
/*
* Look for entry again in case another thread added an entry
* first.