From d84a7b20e3ce61fc8eb4ea74b62579c803e0772f Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Tue, 22 Sep 2015 16:50:32 +0100
Subject: [PATCH] Add ability to set default CA path and file locations
 individually

Previously you could only set both the default path and file locations
together. This adds the ability to set one without the other.

Reviewed-by: Andy Polyakov <appro@openssl.org>
---
 include/openssl/ssl.h |  2 ++
 ssl/ssl_lib.c         | 31 +++++++++++++++++++++++++++++++
 util/ssleay.num       |  2 ++
 3 files changed, 35 insertions(+)

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 192640e1db..04ef4d4972 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1637,6 +1637,8 @@ void SSL_set_shutdown(SSL *ssl, int mode);
 __owur int SSL_get_shutdown(const SSL *ssl);
 __owur int SSL_version(const SSL *ssl);
 __owur int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
+__owur int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx);
+__owur int SSL_CTX_set_default_verify_file(SSL_CTX *ctx);
 __owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
                                   const char *CApath);
 # define SSL_get0_session SSL_get_session/* just peek at pointer */
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 6d1e4e8064..b68f16dadb 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2787,6 +2787,37 @@ int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
     return (X509_STORE_set_default_paths(ctx->cert_store));
 }
 
+int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx)
+{
+    X509_LOOKUP *lookup;
+
+    lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_hash_dir());
+    if (lookup == NULL)
+        return 0;
+    X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
+
+    /* Clear any errors if the default directory does not exist */
+    ERR_clear_error();
+
+    return 1;
+}
+
+int SSL_CTX_set_default_verify_file(SSL_CTX *ctx)
+{
+    X509_LOOKUP *lookup;
+
+    lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_file());
+    if (lookup == NULL)
+        return 0;
+
+    X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
+
+    /* Clear any errors if the default file does not exist */
+    ERR_clear_error();
+
+    return 1;
+}
+
 int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
                                   const char *CApath)
 {
diff --git a/util/ssleay.num b/util/ssleay.num
index ddaf306da6..4c7f8d3f8c 100755
--- a/util/ssleay.num
+++ b/util/ssleay.num
@@ -403,3 +403,5 @@ SSL_get_server_random                   437	EXIST::FUNCTION:
 SSL_get_client_ciphers                  438	EXIST::FUNCTION:
 SSL_get_client_random                   439	EXIST::FUNCTION:
 SSL_SESSION_get_master_key              440	EXIST::FUNCTION:
+SSL_CTX_set_default_verify_dir          441	EXIST::FUNCTION:
+SSL_CTX_set_default_verify_file         442	EXIST::FUNCTION:
-- 
GitLab