diff options
author | Eduardo Chappa <chappa@washington.edu> | 2020-02-03 21:15:19 -0700 |
---|---|---|
committer | Eduardo Chappa <chappa@washington.edu> | 2020-02-03 21:15:19 -0700 |
commit | dba6c62a11eed30f7a4e3e625eec8ca88252ab6c (patch) | |
tree | ad330ee9baf787e4ce638b5da2a9480e33b6c630 /imap/src/osdep/unix | |
parent | 709dc44768db0c0e1123181f53fdba26484eceaa (diff) | |
download | alpine-dba6c62a11eed30f7a4e3e625eec8ca88252ab6c.tar.xz |
* Add variable system-certs-file to indicate the location of a container
of CA certificates. This complements the variable system-certs-path that
gives the location the directory that containes CA certificates.
Diffstat (limited to 'imap/src/osdep/unix')
-rw-r--r-- | imap/src/osdep/unix/env_unix.c | 11 | ||||
-rw-r--r-- | imap/src/osdep/unix/ssl_unix.c | 7 |
2 files changed, 16 insertions, 2 deletions
diff --git a/imap/src/osdep/unix/env_unix.c b/imap/src/osdep/unix/env_unix.c index 322ab61a..fe1b91d4 100644 --- a/imap/src/osdep/unix/env_unix.c +++ b/imap/src/osdep/unix/env_unix.c @@ -73,6 +73,7 @@ static char *blackBoxDir = NIL; /* black box directory name */ /* black box default home directory */ static char *blackBoxDefaultHome = NIL; static char *sslCApath = NIL; /* non-standard CA path */ +static char *sslCAfile = NIL; /* non-standard CA container */ static short anonymous = NIL; /* is anonymous */ static short blackBox = NIL; /* is a black box */ static short closedBox = NIL; /* is a closed box (uses chroot() jail) */ @@ -346,6 +347,13 @@ void *env_parameters (long function,void *value) case GET_SSLCAPATH: ret = (void *) sslCApath; break; + case SET_SSLCAFILE: /* this can be set null */ + if (sslCAfile) fs_give ((void **) &sslCAfile); + sslCAfile = value ? cpystr ((char *) value) : value; + break; + case GET_SSLCAFILE: + ret = (void *) sslCAfile; + break; case SET_LISTMAXLEVEL: list_max_level = (long) value; case GET_LISTMAXLEVEL: @@ -1766,6 +1774,8 @@ void dorc (char *file,long flag) */ else if (!compare_cstring (s,"set CA-certificate-path")) sslCApath = cpystr (k); + else if (!compare_cstring (s,"set CA-certificate-container")) + sslCAfile = cpystr (k); else if (!compare_cstring (s,"set disable-plaintext")) disablePlaintext = atoi (k); else if (!compare_cstring (s,"set allowed-login-attempts")) @@ -1872,6 +1882,7 @@ void env_end(void) if(blackBoxDefaultHome) fs_give((void **)&blackBoxDefaultHome); if(sslCApath) fs_give((void **)&sslCApath); + if(sslCAfile) fs_give((void **)&sslCAfile); if(userFlags){ int i; for(i = 0; i < NUSERFLAGS; i++) diff --git a/imap/src/osdep/unix/ssl_unix.c b/imap/src/osdep/unix/ssl_unix.c index 57931525..4ebe1ae7 100644 --- a/imap/src/osdep/unix/ssl_unix.c +++ b/imap/src/osdep/unix/ssl_unix.c @@ -395,6 +395,7 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags) int minv, maxv; int masklow, maskhigh; char *s,*t,*err,tmp[MAILTMPLEN], buf[256]; + char *CAfile, *CApath; sslcertificatequery_t scq = (sslcertificatequery_t) mail_parameters (NIL,GET_SSLCERTIFICATEQUERY,NIL); sslclientcert_t scc = @@ -414,8 +415,10 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags) SSL_CTX_set_verify (stream->context,SSL_VERIFY_NONE,NIL); else SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify); /* if a non-standard path desired */ - if ((s = (char *) mail_parameters (NIL,GET_SSLCAPATH,NIL)) != NULL) - SSL_CTX_load_verify_locations (stream->context,NIL,s); + CAfile = (char *) mail_parameters (NIL,GET_SSLCAFILE,NIL); + CApath = (char *) mail_parameters (NIL,GET_SSLCAPATH,NIL); + if (CAfile != NIL || CApath != NIL) + SSL_CTX_load_verify_locations (stream->context, CAfile, CApath); else /* set default paths to CAs... */ SSL_CTX_set_default_verify_paths (stream->context); /* want to send client certificate? */ |