summaryrefslogtreecommitdiff
path: root/imap/src/osdep/unix
diff options
context:
space:
mode:
Diffstat (limited to 'imap/src/osdep/unix')
-rw-r--r--imap/src/osdep/unix/env_unix.c16
-rw-r--r--imap/src/osdep/unix/ssl_unix.c5
2 files changed, 21 insertions, 0 deletions
diff --git a/imap/src/osdep/unix/env_unix.c b/imap/src/osdep/unix/env_unix.c
index fe1b91d4..afec59b1 100644
--- a/imap/src/osdep/unix/env_unix.c
+++ b/imap/src/osdep/unix/env_unix.c
@@ -74,6 +74,8 @@ static char *blackBoxDir = NIL; /* black box directory name */
static char *blackBoxDefaultHome = NIL;
static char *sslCApath = NIL; /* non-standard CA path */
static char *sslCAfile = NIL; /* non-standard CA container */
+static char *sslAppCApath = NIL; /* App SSL CA path */
+static char *sslAppCAfile = NIL; /* App SSL CA container */
static short anonymous = NIL; /* is anonymous */
static short blackBox = NIL; /* is a black box */
static short closedBox = NIL; /* is a closed box (uses chroot() jail) */
@@ -354,6 +356,20 @@ void *env_parameters (long function,void *value)
case GET_SSLCAFILE:
ret = (void *) sslCAfile;
break;
+ case SET_SSLAPPCAPATH: /* this can be set null */
+ if (sslAppCApath) fs_give ((void **) &sslAppCApath);
+ sslAppCApath = value ? cpystr ((char *) value) : value;
+ break;
+ case GET_SSLAPPCAPATH:
+ ret = (void *) sslAppCApath;
+ break;
+ case SET_SSLAPPCAFILE: /* this can be set null */
+ if (sslAppCAfile) fs_give ((void **) &sslAppCAfile);
+ sslAppCAfile = value ? cpystr ((char *) value) : value;
+ break;
+ case GET_SSLAPPCAFILE:
+ ret = (void *) sslAppCAfile;
+ break;
case SET_LISTMAXLEVEL:
list_max_level = (long) value;
case GET_LISTMAXLEVEL:
diff --git a/imap/src/osdep/unix/ssl_unix.c b/imap/src/osdep/unix/ssl_unix.c
index 4ebe1ae7..1f64b57e 100644
--- a/imap/src/osdep/unix/ssl_unix.c
+++ b/imap/src/osdep/unix/ssl_unix.c
@@ -421,6 +421,11 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags)
SSL_CTX_load_verify_locations (stream->context, CAfile, CApath);
else /* set default paths to CAs... */
SSL_CTX_set_default_verify_paths (stream->context);
+ /* Load app certificates */
+ CAfile = (char *) mail_parameters (NIL,GET_SSLAPPCAFILE,NIL);
+ CApath = (char *) mail_parameters (NIL,GET_SSLAPPCAPATH,NIL);
+ if (CAfile != NIL || CApath != NIL)
+ SSL_CTX_load_verify_locations (stream->context, CAfile, CApath);
/* want to send client certificate? */
if (scc && (s = (*scc) ()) && (sl = strlen (s))) {
if ((cert = PEM_read_bio_X509 (bio = BIO_new_mem_buf (s,sl),NIL,NIL,NIL)) != NULL) {