summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--tls.c44
1 files changed, 43 insertions, 1 deletions
diff --git a/tls.c b/tls.c
index 9e5a58d..90458c4 100644
--- a/tls.c
+++ b/tls.c
@@ -543,6 +543,48 @@ tls_ssl_cert_verify_cb(X509_STORE_CTX *x509_ctx, void *arg)
 	return (0);
 }
 
+static int
+load_verify_mem(SSL_CTX *ctx, void *buf, int len)
+{
+	X509_STORE *store;
+	BIO *in = NULL;
+	STACK_OF(X509_INFO) *inf = NULL;
+	X509_INFO *itmp;
+	int i, count = 0, ok = 0;
+
+	store = SSL_CTX_get_cert_store(ctx);
+
+	if ((in = BIO_new_mem_buf(buf, len)) == NULL)
+		goto done;
+
+	if ((inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL)) == NULL)
+		goto done;
+
+	for (i = 0; i < sk_X509_INFO_num(inf); i++) {
+		itmp = sk_X509_INFO_value(inf, i);
+		if (itmp->x509) {
+			if ((ok = X509_STORE_add_cert(store, itmp->x509)) == 0)
+				goto done;
+			count++;
+		}
+		if (itmp->crl) {
+			if ((ok = X509_STORE_add_crl(store, itmp->crl)) == 0)
+				goto done;
+			count++;
+		}
+	}
+
+	ok = count != 0;
+ done:
+	if (count == 0)
+		X509err(0xfff, ERR_R_PEM_LIB);
+	if (inf != NULL)
+		sk_X509_INFO_pop_free(inf, X509_INFO_free);
+	if (in != NULL)
+		BIO_free(in);
+	return (ok);
+}
+
 int
 tls_configure_ssl_verify(struct tls *ctx, SSL_CTX *ssl_ctx, int verify)
 {
@@ -580,7 +622,7 @@ tls_configure_ssl_verify(struct tls *ctx, SSL_CTX *ssl_ctx, int verify)
 			tls_set_errorx(ctx, "ca too long");
 			goto err;
 		}
-		if (SSL_CTX_load_verify_mem(ssl_ctx, ca_mem, ca_len) != 1) {
+		if (load_verify_mem(ssl_ctx, ca_mem, ca_len) != 1) {
 			tls_set_errorx(ctx, "ssl verify memory setup failure");
 			goto err;
 		}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-11-04 22:47:54 +0000
ne McEnroe Works properly for weird paths, etc. 2020-10-27Allow cd host:path over sshJune McEnroe Requires AcceptEnv SSH_CD in the remote sshd_config. 2020-10-07Use mandoc -T utf8 for text.June McEnroe Don't depend on LANG being set. 2020-09-20Add The Awakened KingdomJune McEnroe A cute extra novella. Finally finished this series. 2020-09-12Move /opt/local back, cheat port select to use system manJune McEnroe This is not really how you're supposed to use the select system, I don't think, since the mandoc package actually creates those files, but it does work. This lets me actually use the git installed by MacPorts. 2020-09-12Move /opt/local behind /usr againJune McEnroe The reason I did this with pkgsrc was because I actually don't want the man(1) from mandoc, since it won't follow MANSECT. Same applies to MacPorts. I wish I could disable its man(1) with a variant or whatever. 2020-09-12Enable toc in cgit renderings of man pagesJune McEnroe But keep it disabled for READMEs since they always use non-standard sections and the TOC is just distracting there, I think. Also add the style so its h1 is the same size as the ones inside sections... 2020-09-11Install mandoc on macOSJune McEnroe 2020-09-11Rewrite install script yet againJune McEnroe 2020-09-11Remove NetBSD from install scriptJune McEnroe I never use it. 2020-09-11Use MacPorts rather than pkgsrcJune McEnroe My system is probably such a mess now... 2020-09-11Add debian VM name to sshJune McEnroe 2020-09-11Add influencer tweetJune McEnroe 2020-09-10Add The Kingdom of GodsJune McEnroe Reading has really slowed down :( 2020-09-07Add SunglassesJune McEnroe An IRC find. 2020-09-06Add Between the BreathsJune McEnroe One of those good songs from a soundtrack of a film that probably isn't? The summary sounds a lot more interesting than the title implies, at least. 2020-09-04Open /dev/tty in nudgeJune McEnroe This makes it work even when it's run connected to a pipe, i.e. as the notify command of catgirl... 2020-09-04Add nudgeJune McEnroe 2020-09-03Build fbclock with -lzJune McEnroe I guess this got lost somewhere, long ago... 2020-08-29Add tweets from retweetsJune McEnroe