diff options
Diffstat (limited to 'imap/src/osdep/nt')
| -rw-r--r-- | imap/src/osdep/nt/env_nt.c | 16 | ||||
| -rw-r--r-- | imap/src/osdep/nt/ssl_libressl.c | 6 |
2 files changed, 21 insertions, 1 deletions
diff --git a/imap/src/osdep/nt/env_nt.c b/imap/src/osdep/nt/env_nt.c index 8fc72f0c..52211ea2 100644 --- a/imap/src/osdep/nt/env_nt.c +++ b/imap/src/osdep/nt/env_nt.c @@ -45,6 +45,8 @@ static int server_nli = 0; /* server and not logged in */ static int logtry = 3; /* number of login tries */ static char *sslCApath = NIL; /* non-standard CA path */ static char *sslCAfile = NIL; /* non-standard CA container */ +static char *sslAppCApath = NIL; /* App SSL Certs CA path */ +static char *sslAppCAfile = NIL; /* App SSL CA container */ /* block notification */ static blocknotify_t mailblocknotify = mm_blocknotify; /* callback to get username */ @@ -143,6 +145,20 @@ void *env_parameters (long function,void *value) case GET_SSLCAFILE: ret = (void *) sslCAfile; break; + case SET_SSLAPPCAPATH: /* this can be set null */ + if (sslAppCApath) fs_give ((void **) &sslAppCApath); + sslAppCApath = value ? cpystr ((char *) value) : value; + break; + case GET_SSLAPPCAPATH: + ret = (void *) sslAppCApath; + break; + case SET_SSLCAFILE: /* this can be set null */ + if (sslAppCAfile) fs_give ((void **) &sslAppCAfile); + sslAppCAfile = value ? cpystr ((char *) value) : value; + break; + case GET_SSLAPPCAFILE: + ret = (void *) sslAppCAfile; + break; } return ret; } diff --git a/imap/src/osdep/nt/ssl_libressl.c b/imap/src/osdep/nt/ssl_libressl.c index 5270a9f8..04dfb36e 100644 --- a/imap/src/osdep/nt/ssl_libressl.c +++ b/imap/src/osdep/nt/ssl_libressl.c @@ -8,7 +8,7 @@ * * Author: Eduardo Chappa, based on ssl_unix.c * - * Last Edited: January 25, 2020 + * Last Edited: July 17, 2020 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -413,6 +413,10 @@ static char *ssl_start_work(SSLSTREAM *stream, char *host, unsigned long flags) SSL_CTX_load_verify_locations (stream->context, CAfile, CApath); else /* otherwise we set default paths to CAs... */ SSL_CTX_set_default_verify_paths(stream->context); + CAfile = (char *) mail_parameters (NIL,GET_SSLAPPCAFILE,NIL); + CApath = (char *) mail_parameters (NIL,GET_SSLAPPCAPATH,NIL); + if (CAfile != NIL || CApath != NIL) + SSL_CTX_load_verify_locations (stream->context, CAfile, CApath); /* want to send client certificate? */ if (scc && (s = (*scc) ()) && (sl = strlen(s))) { if ((cert = PEM_read_bio_X509(bio = BIO_new_mem_buf(s, sl), NIL, NIL, NIL)) != NIL) { |