summaryrefslogtreecommitdiffstats
path: root/lib/libssl/ssl_lib.c
diff options
context:
space:
mode:
authorreyk <reyk@openbsd.org>2015-01-22 09:12:57 +0000
committerreyk <reyk@openbsd.org>2015-01-22 09:12:57 +0000
commit3c243a36a609d4fb1d6272a2521af115922fd786 (patch)
treeeb42f0f94d2205a02fd5c7e03ecd850dc52b7dd4 /lib/libssl/ssl_lib.c
parentAdd X509_STORE_load_mem() to load certificates from a memory buffer (diff)
downloadwireguard-openbsd-3c243a36a609d4fb1d6272a2521af115922fd786.tar.xz
wireguard-openbsd-3c243a36a609d4fb1d6272a2521af115922fd786.zip
Support CA verification in chroot'ed processes without direct file
access to the certificates. SSL_CTX_load_verify_mem() is a frontend to the new X509_STORE_load_mem() function that allows to load the CA chain from a memory buffer that is holding the PEM-encoded files. This function allows to handle the verification in privsep'ed code. Adopted for LibreSSL based on older code from relayd (by pyr@ and myself) With feedback and OK bluhm@
Diffstat (limited to 'lib/libssl/ssl_lib.c')
-rw-r--r--lib/libssl/ssl_lib.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c
index 8dbd4a3f392..5bf43623fc8 100644
--- a/lib/libssl/ssl_lib.c
+++ b/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.94 2014/12/15 00:46:53 doug Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.95 2015/01/22 09:12:57 reyk Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -2862,6 +2862,12 @@ SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
return (X509_STORE_load_locations(ctx->cert_store, CAfile, CApath));
}
+int
+SSL_CTX_load_verify_mem(SSL_CTX *ctx, void *buf, int len)
+{
+ return (X509_STORE_load_mem(ctx->cert_store, buf, len));
+}
+
void
SSL_set_info_callback(SSL *ssl, void (*cb)(const SSL *ssl, int type, int val))
{