Support CA verification in chroot'ed processes without direct file - wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

diff options

author	reyk <reyk@openbsd.org>	2015-01-22 09:12:57 +0000
committer	reyk <reyk@openbsd.org>	2015-01-22 09:12:57 +0000
commit	3c243a36a609d4fb1d6272a2521af115922fd786 (patch)
tree	eb42f0f94d2205a02fd5c7e03ecd850dc52b7dd4 /sys/dev
parent	Add X509_STORE_load_mem() to load certificates from a memory buffer (diff)
download	wireguard-openbsd-3c243a36a609d4fb1d6272a2521af115922fd786.tar.xz wireguard-openbsd-3c243a36a609d4fb1d6272a2521af115922fd786.zip

Support CA verification in chroot'ed processes without direct file

access to the certificates. SSL_CTX_load_verify_mem() is a frontend to the new X509_STORE_load_mem() function that allows to load the CA chain from a memory buffer that is holding the PEM-encoded files. This function allows to handle the verification in privsep'ed code. Adopted for LibreSSL based on older code from relayd (by pyr@ and myself) With feedback and OK bluhm@

Diffstat (limited to 'sys/dev')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: