* Addition of the variables User Certs Dir and User Certs File, which allow

a user to specify the location of server certificates that the user trusts.
author: Eduardo Chappa <chappa@washington.edu> 2020-07-18 00:53:34 -0600
committer: Eduardo Chappa <chappa@washington.edu> 2020-07-18 00:53:34 -0600
commit: ef159279c142ec4f3b3a1938cfeadc74d5891070 (patch)
tree: 6a670c9b33666abcb81c824bb36fdc7c920d697d /imap/src/osdep/unix/ssl_unix.c
parent: 50f4fdaa40ab3195377f22243c3ba4287389d207 (diff)
download: alpine-ef159279c142ec4f3b3a1938cfeadc74d5891070.tar.xz
1 files changed, 5 insertions, 0 deletions
diff --git a/imap/src/osdep/unix/ssl_unix.c b/imap/src/osdep/unix/ssl_unix.c
index 4ebe1ae7..1f64b57e 100644
--- a/imap/src/osdep/unix/ssl_unix.c
+++ b/imap/src/osdep/unix/ssl_unix.c
@@ -421,6 +421,11 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags)
     SSL_CTX_load_verify_locations (stream->context, CAfile, CApath);
   else				/* set default paths to CAs... */
   SSL_CTX_set_default_verify_paths (stream->context);
+				/* Load app certificates */
+  CAfile = (char *) mail_parameters (NIL,GET_SSLAPPCAFILE,NIL);
+  CApath = (char *) mail_parameters (NIL,GET_SSLAPPCAPATH,NIL);
+  if (CAfile != NIL || CApath != NIL)
+    SSL_CTX_load_verify_locations (stream->context, CAfile, CApath);
 				/* want to send client certificate? */
   if (scc && (s = (*scc) ()) && (sl = strlen (s))) {
     if ((cert = PEM_read_bio_X509 (bio = BIO_new_mem_buf (s,sl),NIL,NIL,NIL)) != NULL) {
author	Eduardo Chappa <chappa@washington.edu>	2020-07-18 00:53:34 -0600
committer	Eduardo Chappa <chappa@washington.edu>	2020-07-18 00:53:34 -0600
commit	ef159279c142ec4f3b3a1938cfeadc74d5891070 (patch)
tree	6a670c9b33666abcb81c824bb36fdc7c920d697d /imap/src/osdep/unix/ssl_unix.c
parent	50f4fdaa40ab3195377f22243c3ba4287389d207 (diff)
download	alpine-ef159279c142ec4f3b3a1938cfeadc74d5891070.tar.xz