diff options
| author | Eduardo Chappa <chappa@washington.edu> | 2020-02-03 21:15:19 -0700 |
|---|---|---|
| committer | Eduardo Chappa <chappa@washington.edu> | 2020-02-03 21:15:19 -0700 |
| commit | dba6c62a11eed30f7a4e3e625eec8ca88252ab6c (patch) | |
| tree | ad330ee9baf787e4ce638b5da2a9480e33b6c630 /imap/src/osdep/nt | |
| parent | 709dc44768db0c0e1123181f53fdba26484eceaa (diff) | |
| download | alpine-dba6c62a11eed30f7a4e3e625eec8ca88252ab6c.tar.xz | |
* Add variable system-certs-file to indicate the location of a container
of CA certificates. This complements the variable system-certs-path that
gives the location the directory that containes CA certificates.
Diffstat (limited to 'imap/src/osdep/nt')
| -rw-r--r-- | imap/src/osdep/nt/env_nt.c | 9 | ||||
| -rw-r--r-- | imap/src/osdep/nt/ssl_libressl.c | 9 |
2 files changed, 15 insertions, 3 deletions
diff --git a/imap/src/osdep/nt/env_nt.c b/imap/src/osdep/nt/env_nt.c index da84b10c..8fc72f0c 100644 --- a/imap/src/osdep/nt/env_nt.c +++ b/imap/src/osdep/nt/env_nt.c @@ -44,6 +44,7 @@ static unsigned int rndm = 0; /* initial `random' number */ static int server_nli = 0; /* server and not logged in */ static int logtry = 3; /* number of login tries */ static char *sslCApath = NIL; /* non-standard CA path */ +static char *sslCAfile = NIL; /* non-standard CA container */ /* block notification */ static blocknotify_t mailblocknotify = mm_blocknotify; /* callback to get username */ @@ -135,6 +136,13 @@ void *env_parameters (long function,void *value) case GET_SSLCAPATH: ret = (void *) sslCApath; break; + case SET_SSLCAFILE: /* this can be set null */ + if (sslCAfile) fs_give ((void **) &sslCAfile); + sslCAfile = value ? cpystr ((char *) value) : value; + break; + case GET_SSLCAFILE: + ret = (void *) sslCAfile; + break; } return ret; } @@ -786,4 +794,5 @@ void env_end(void) if(myNewsrc) fs_give((void **) &myNewsrc); if(sysInbox) fs_give((void **) &sysInbox); if(sslCApath) fs_give((void **) &sslCApath); + if(sslCAfile) fs_give((void **) &sslCAfile); } diff --git a/imap/src/osdep/nt/ssl_libressl.c b/imap/src/osdep/nt/ssl_libressl.c index 366fae01..5270a9f8 100644 --- a/imap/src/osdep/nt/ssl_libressl.c +++ b/imap/src/osdep/nt/ssl_libressl.c @@ -387,6 +387,7 @@ static char *ssl_start_work(SSLSTREAM *stream, char *host, unsigned long flags) int minv, maxv; int masklow, maskhigh; char *s, *t, *err, tmp[MAILTMPLEN], buf[256]; + char *CAfile, *CApath; sslcertificatequery_t scq = (sslcertificatequery_t)mail_parameters(NIL, GET_SSLCERTIFICATEQUERY, NIL); sslclientcert_t scc = @@ -406,10 +407,12 @@ static char *ssl_start_work(SSLSTREAM *stream, char *host, unsigned long flags) SSL_CTX_set_verify(stream->context, SSL_VERIFY_NONE, NIL); else SSL_CTX_set_verify(stream->context, SSL_VERIFY_PEER, ssl_open_verify); /* a non-standard path desired */ - if ((s = (char *)mail_parameters(NIL, GET_SSLCAPATH, NIL)) != NIL) - SSL_CTX_load_verify_locations(stream->context, NIL, (const char *)s); + CAfile = (char *) mail_parameters (NIL, GET_SSLCAFILE, NIL); + CApath = (char *) mail_parameters (NIL, GET_SSLCAPATH, NIL); + if (CAfile != NIL || CApath != NIL) + SSL_CTX_load_verify_locations (stream->context, CAfile, CApath); else /* otherwise we set default paths to CAs... */ - SSL_CTX_set_default_verify_paths(stream->context); + SSL_CTX_set_default_verify_paths(stream->context); /* want to send client certificate? */ if (scc && (s = (*scc) ()) && (sl = strlen(s))) { if ((cert = PEM_read_bio_X509(bio = BIO_new_mem_buf(s, sl), NIL, NIL, NIL)) != NIL) { |