Skip to content

T
Third Party Openssl

OpenHarmony / Third Party Openssl
大约 1 年 前同步成功

通知 9
Star 18
Fork 1
T
Third Party Openssl

体验新版 GitCode,发现更多精彩内容 >>

提交 be885d50 编写于 作者: D Dr. Stephen Henson
浏览文件
操作

SSL_CONF support for certificate_authorities 

Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3015)
上级 fa7c2637
隐藏空白更改
内联 并排
Showing with 18 addition and 4 deletion
ssl/ssl_conf.c
浏览文件 @ be885d50
...@@ -465,7 +465,7 @@ static int cmd_VerifyCAFile(SSL_CONF_CTX *cctx, const char *value) ...@@ -465,7 +465,7 @@ static int cmd_VerifyCAFile(SSL_CONF_CTX *cctx, const char *value)
return do_store(cctx, value, NULL, 1); return do_store(cctx, value, NULL, 1);
} }
static int cmd_ClientCAFile(SSL_CONF_CTX *cctx, const char *value) static int cmd_RequestCAFile(SSL_CONF_CTX *cctx, const char *value)
{ {
if (cctx->canames == NULL) if (cctx->canames == NULL)
cctx->canames = sk_X509_NAME_new_null(); cctx->canames = sk_X509_NAME_new_null();
...@@ -474,7 +474,12 @@ static int cmd_ClientCAFile(SSL_CONF_CTX *cctx, const char *value) ...@@ -474,7 +474,12 @@ static int cmd_ClientCAFile(SSL_CONF_CTX *cctx, const char *value)
return SSL_add_file_cert_subjects_to_stack(cctx->canames, value); return SSL_add_file_cert_subjects_to_stack(cctx->canames, value);
} }
static int cmd_ClientCAPath(SSL_CONF_CTX *cctx, const char *value) static int cmd_ClientCAFile(SSL_CONF_CTX *cctx, const char *value)
{
return cmd_RequestCAFile(cctx, value);
}
static int cmd_RequestCAPath(SSL_CONF_CTX *cctx, const char *value)
{ {
if (cctx->canames == NULL) if (cctx->canames == NULL)
cctx->canames = sk_X509_NAME_new_null(); cctx->canames = sk_X509_NAME_new_null();
...@@ -483,6 +488,11 @@ static int cmd_ClientCAPath(SSL_CONF_CTX *cctx, const char *value) ...@@ -483,6 +488,11 @@ static int cmd_ClientCAPath(SSL_CONF_CTX *cctx, const char *value)
return SSL_add_dir_cert_subjects_to_stack(cctx->canames, value); return SSL_add_dir_cert_subjects_to_stack(cctx->canames, value);
} }
static int cmd_ClientCAPath(SSL_CONF_CTX *cctx, const char *value)
{
return cmd_RequestCAPath(cctx, value);
}
#ifndef OPENSSL_NO_DH #ifndef OPENSSL_NO_DH
static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value) static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value)
{ {
...@@ -575,9 +585,13 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = { ...@@ -575,9 +585,13 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {
SSL_CONF_TYPE_DIR), SSL_CONF_TYPE_DIR),
SSL_CONF_CMD(VerifyCAFile, "verifyCAfile", SSL_CONF_FLAG_CERTIFICATE, SSL_CONF_CMD(VerifyCAFile, "verifyCAfile", SSL_CONF_FLAG_CERTIFICATE,
SSL_CONF_TYPE_FILE), SSL_CONF_TYPE_FILE),
SSL_CONF_CMD(RequestCAFile, "requestCAFile", SSL_CONF_FLAG_CERTIFICATE,
SSL_CONF_TYPE_FILE),
SSL_CONF_CMD(ClientCAFile, NULL, SSL_CONF_CMD(ClientCAFile, NULL,
SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE, SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE,
SSL_CONF_TYPE_FILE), SSL_CONF_TYPE_FILE),
SSL_CONF_CMD(RequestCAPath, NULL, SSL_CONF_FLAG_CERTIFICATE,
SSL_CONF_TYPE_DIR),
SSL_CONF_CMD(ClientCAPath, NULL, SSL_CONF_CMD(ClientCAPath, NULL,
SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE, SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE,
SSL_CONF_TYPE_DIR), SSL_CONF_TYPE_DIR),
...@@ -802,9 +816,9 @@ int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx) ...@@ -802,9 +816,9 @@ int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx)
} }
if (cctx->canames) { if (cctx->canames) {
if (cctx->ssl) if (cctx->ssl)
SSL_set_client_CA_list(cctx->ssl, cctx->canames); SSL_set0_CA_list(cctx->ssl, cctx->canames);
else if (cctx->ctx) else if (cctx->ctx)
SSL_CTX_set_client_CA_list(cctx->ctx, cctx->canames); SSL_CTX_set0_CA_list(cctx->ctx, cctx->canames);
else else
sk_X509_NAME_pop_free(cctx->canames, X509_NAME_free); sk_X509_NAME_pop_free(cctx->canames, X509_NAME_free);
cctx->canames = NULL; cctx->canames = NULL;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册