diff options
author | 2015-01-22 09:12:57 +0000 | |
---|---|---|
committer | 2015-01-22 09:12:57 +0000 | |
commit | 3c243a36a609d4fb1d6272a2521af115922fd786 (patch) | |
tree | eb42f0f94d2205a02fd5c7e03ecd850dc52b7dd4 /lib/libssl/ssl_lib.c | |
parent | Add X509_STORE_load_mem() to load certificates from a memory buffer (diff) | |
download | wireguard-openbsd-3c243a36a609d4fb1d6272a2521af115922fd786.tar.xz wireguard-openbsd-3c243a36a609d4fb1d6272a2521af115922fd786.zip |
Support CA verification in chroot'ed processes without direct file
access to the certificates. SSL_CTX_load_verify_mem() is a frontend
to the new X509_STORE_load_mem() function that allows to load the CA
chain from a memory buffer that is holding the PEM-encoded files.
This function allows to handle the verification in privsep'ed code.
Adopted for LibreSSL based on older code from relayd (by pyr@ and myself)
With feedback and OK bluhm@
Diffstat (limited to 'lib/libssl/ssl_lib.c')
-rw-r--r-- | lib/libssl/ssl_lib.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index 8dbd4a3f392..5bf43623fc8 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.94 2014/12/15 00:46:53 doug Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.95 2015/01/22 09:12:57 reyk Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2862,6 +2862,12 @@ SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, return (X509_STORE_load_locations(ctx->cert_store, CAfile, CApath)); } +int +SSL_CTX_load_verify_mem(SSL_CTX *ctx, void *buf, int len) +{ + return (X509_STORE_load_mem(ctx->cert_store, buf, len)); +} + void SSL_set_info_callback(SSL *ssl, void (*cb)(const SSL *ssl, int type, int val)) { |