summaryrefslogtreecommitdiff
path: root/imap/src/osdep/nt
diff options
context:
space:
mode:
authorEduardo Chappa <chappa@washington.edu>2020-02-03 21:15:19 -0700
committerEduardo Chappa <chappa@washington.edu>2020-02-03 21:15:19 -0700
commitdba6c62a11eed30f7a4e3e625eec8ca88252ab6c (patch)
treead330ee9baf787e4ce638b5da2a9480e33b6c630 /imap/src/osdep/nt
parent709dc44768db0c0e1123181f53fdba26484eceaa (diff)
downloadalpine-dba6c62a11eed30f7a4e3e625eec8ca88252ab6c.tar.xz
* Add variable system-certs-file to indicate the location of a container
of CA certificates. This complements the variable system-certs-path that gives the location the directory that containes CA certificates.
Diffstat (limited to 'imap/src/osdep/nt')
-rw-r--r--imap/src/osdep/nt/env_nt.c9
-rw-r--r--imap/src/osdep/nt/ssl_libressl.c9
2 files changed, 15 insertions, 3 deletions
diff --git a/imap/src/osdep/nt/env_nt.c b/imap/src/osdep/nt/env_nt.c
index da84b10c..8fc72f0c 100644
--- a/imap/src/osdep/nt/env_nt.c
+++ b/imap/src/osdep/nt/env_nt.c
@@ -44,6 +44,7 @@ static unsigned int rndm = 0; /* initial `random' number */
static int server_nli = 0; /* server and not logged in */
static int logtry = 3; /* number of login tries */
static char *sslCApath = NIL; /* non-standard CA path */
+static char *sslCAfile = NIL; /* non-standard CA container */
/* block notification */
static blocknotify_t mailblocknotify = mm_blocknotify;
/* callback to get username */
@@ -135,6 +136,13 @@ void *env_parameters (long function,void *value)
case GET_SSLCAPATH:
ret = (void *) sslCApath;
break;
+ case SET_SSLCAFILE: /* this can be set null */
+ if (sslCAfile) fs_give ((void **) &sslCAfile);
+ sslCAfile = value ? cpystr ((char *) value) : value;
+ break;
+ case GET_SSLCAFILE:
+ ret = (void *) sslCAfile;
+ break;
}
return ret;
}
@@ -786,4 +794,5 @@ void env_end(void)
if(myNewsrc) fs_give((void **) &myNewsrc);
if(sysInbox) fs_give((void **) &sysInbox);
if(sslCApath) fs_give((void **) &sslCApath);
+ if(sslCAfile) fs_give((void **) &sslCAfile);
}
diff --git a/imap/src/osdep/nt/ssl_libressl.c b/imap/src/osdep/nt/ssl_libressl.c
index 366fae01..5270a9f8 100644
--- a/imap/src/osdep/nt/ssl_libressl.c
+++ b/imap/src/osdep/nt/ssl_libressl.c
@@ -387,6 +387,7 @@ static char *ssl_start_work(SSLSTREAM *stream, char *host, unsigned long flags)
int minv, maxv;
int masklow, maskhigh;
char *s, *t, *err, tmp[MAILTMPLEN], buf[256];
+ char *CAfile, *CApath;
sslcertificatequery_t scq =
(sslcertificatequery_t)mail_parameters(NIL, GET_SSLCERTIFICATEQUERY, NIL);
sslclientcert_t scc =
@@ -406,10 +407,12 @@ static char *ssl_start_work(SSLSTREAM *stream, char *host, unsigned long flags)
SSL_CTX_set_verify(stream->context, SSL_VERIFY_NONE, NIL);
else SSL_CTX_set_verify(stream->context, SSL_VERIFY_PEER, ssl_open_verify);
/* a non-standard path desired */
- if ((s = (char *)mail_parameters(NIL, GET_SSLCAPATH, NIL)) != NIL)
- SSL_CTX_load_verify_locations(stream->context, NIL, (const char *)s);
+ CAfile = (char *) mail_parameters (NIL, GET_SSLCAFILE, NIL);
+ CApath = (char *) mail_parameters (NIL, GET_SSLCAPATH, NIL);
+ if (CAfile != NIL || CApath != NIL)
+ SSL_CTX_load_verify_locations (stream->context, CAfile, CApath);
else /* otherwise we set default paths to CAs... */
- SSL_CTX_set_default_verify_paths(stream->context);
+ SSL_CTX_set_default_verify_paths(stream->context);
/* want to send client certificate? */
if (scc && (s = (*scc) ()) && (sl = strlen(s))) {
if ((cert = PEM_read_bio_X509(bio = BIO_new_mem_buf(s, sl), NIL, NIL, NIL)) != NIL) {