Add ability to set default CA path and file locations individually

author Matt Caswell <matt@openssl.org>

Tue, 22 Sep 2015 15:50:32 +0000 (16:50 +0100)

committer Matt Caswell <matt@openssl.org>

Fri, 25 Sep 2015 13:49:59 +0000 (14:49 +0100)
author Matt Caswell <matt@openssl.org>
Tue, 22 Sep 2015 15:50:32 +0000 (16:50 +0100)
committer Matt Caswell <matt@openssl.org>
Fri, 25 Sep 2015 13:49:59 +0000 (14:49 +0100)
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h

index 192640e1dbee6ef7f04d63da63ff0203563191e0..04ef4d4972102b2b237c7f2d6cb5f7f0897af670 100644 (file)
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1637,6 +1637,8 @@ void SSL_set_shutdown(SSL *ssl, int mode);
  __owur int SSL_get_shutdown(const SSL *ssl);
  __owur int SSL_version(const SSL *ssl);
  __owur int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
+__owur int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx);
+__owur int SSL_CTX_set_default_verify_file(SSL_CTX *ctx);
  __owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
                                    const char *CApath);
  # define SSL_get0_session SSL_get_session/* just peek at pointer */
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c

index 6d1e4e8064ebc94a074060fd3f6fe931428e95cb..b68f16dadbf1da896fc4d2bf377b1bcdaed42c4a 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2787,6 +2787,37 @@ int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
      return (X509_STORE_set_default_paths(ctx->cert_store));
  }
  
+int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx)
+{
+    X509_LOOKUP *lookup;
+
+    lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_hash_dir());
+    if (lookup == NULL)
+        return 0;
+    X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
+
+    /* Clear any errors if the default directory does not exist */
+    ERR_clear_error();
+
+    return 1;
+}
+
+int SSL_CTX_set_default_verify_file(SSL_CTX *ctx)
+{
+    X509_LOOKUP *lookup;
+
+    lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_file());
+    if (lookup == NULL)
+        return 0;
+
+    X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
+
+    /* Clear any errors if the default file does not exist */
+    ERR_clear_error();
+
+    return 1;
+}
+
  int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
                                    const char *CApath)
  {
diff --git a/util/ssleay.num b/util/ssleay.num

index ddaf306da65904c4c03e4b90e5f4babc3871a838..4c7f8d3f8c5b822314a1d47c694e964eb2e77609 100755 (executable)
--- a/util/ssleay.num
+++ b/util/ssleay.num
@@ -403,3 +403,5 @@ SSL_get_server_random                   437 EXIST::FUNCTION:
  SSL_get_client_ciphers                  438    EXIST::FUNCTION:
  SSL_get_client_random                   439    EXIST::FUNCTION:
  SSL_SESSION_get_master_key              440    EXIST::FUNCTION:
+SSL_CTX_set_default_verify_dir          441    EXIST::FUNCTION:
+SSL_CTX_set_default_verify_file         442    EXIST::FUNCTION:
author	Matt Caswell <matt@openssl.org>
	Tue, 22 Sep 2015 15:50:32 +0000 (16:50 +0100)
committer	Matt Caswell <matt@openssl.org>
	Fri, 25 Sep 2015 13:49:59 +0000 (14:49 +0100)
include/openssl/ssl.h		patch \| blob \| history
ssl/ssl_lib.c		patch \| blob \| history
util/ssleay.num		patch \| blob \| history