X509_LOOKUP_store: new X509_LOOKUP_METHOD that works by OSSL_STORE URI

[openssl.git] / ssl / ssl_lib.c
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c

index 61c90218e38851308dd7d18abfd0b1e6aa5e85e1..2c901ff176d466510db092fedf956d9e981c4777 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -4181,10 +4181,13 @@ int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx)
      lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_hash_dir());
      if (lookup == NULL)
          return 0;
      lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_hash_dir());
      if (lookup == NULL)
          return 0;
+
+    /* We ignore errors, in case the directory doesn't exist */
+    ERR_set_mark();
+
      X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
  
      X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
  
-    /* Clear any errors if the default directory does not exist */
-    ERR_clear_error();
+    ERR_pop_to_mark();
  
      return 1;
  }
  
      return 1;
  }
@@ -4197,19 +4200,62 @@ int SSL_CTX_set_default_verify_file(SSL_CTX *ctx)
      if (lookup == NULL)
          return 0;
  
      if (lookup == NULL)
          return 0;
  
+    /* We ignore errors, in case the directory doesn't exist */
+    ERR_set_mark();
+
      X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
  
      X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
  
-    /* Clear any errors if the default file does not exist */
-    ERR_clear_error();
+    ERR_pop_to_mark();
  
      return 1;
  }
  
  
      return 1;
  }
  
+int SSL_CTX_set_default_verify_store(SSL_CTX *ctx)
+{
+    X509_LOOKUP *lookup;
+
+    lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_store());
+    if (lookup == NULL)
+        return 0;
+
+    /* We ignore errors, in case the directory doesn't exist */
+    ERR_set_mark();
+
+    X509_LOOKUP_add_store(lookup, NULL);
+
+    ERR_pop_to_mark();
+
+    return 1;
+}
+
+int SSL_CTX_load_verify_file(SSL_CTX *ctx, const char *CAfile)
+{
+    return X509_STORE_load_file(ctx->cert_store, CAfile);
+}
+
+int SSL_CTX_load_verify_dir(SSL_CTX *ctx, const char *CApath)
+{
+    return X509_STORE_load_path(ctx->cert_store, CApath);
+}
+
+int SSL_CTX_load_verify_store(SSL_CTX *ctx, const char *CAstore)
+{
+    return X509_STORE_load_store(ctx->cert_store, CAstore);
+}
+
+#if OPENSSL_API_LEVEL < 3
  int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
                                    const char *CApath)
  {
  int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
                                    const char *CApath)
  {
-    return X509_STORE_load_locations(ctx->cert_store, CAfile, CApath);
+    if (CAfile == NULL && CApath == NULL)
+        return 0;
+    if (CAfile != NULL && !SSL_CTX_load_verify_file(ctx, CAfile))
+        return 0;
+    if (CApath != NULL && !SSL_CTX_load_verify_dir(ctx, CApath))
+        return 0;
+    return 1;
  }
  }
+#endif
  
  void SSL_set_info_callback(SSL *ssl,
                             void (*cb) (const SSL *ssl, int type, int val))
  
  void SSL_set_info_callback(SSL *ssl,
                             void (*cb) (const SSL *ssl, int type, int val))