From 7dc5c64f767f10e5b466e9d44c6e2439f40ef15c Mon Sep 17 00:00:00 2001 From: "C. McEnroe" Date: Tue, 28 Jul 2020 15:12:49 -0400 Subject: tls: Implement load_verify_mem Based on crypto/x509/by_mem.c --- tls.c | 44 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 43 insertions(+), 1 deletion(-) diff --git a/tls.c b/tls.c index 9e5a58d..90458c4 100644 --- a/tls.c +++ b/tls.c @@ -543,6 +543,48 @@ tls_ssl_cert_verify_cb(X509_STORE_CTX *x509_ctx, void *arg) return (0); } +static int +load_verify_mem(SSL_CTX *ctx, void *buf, int len) +{ + X509_STORE *store; + BIO *in = NULL; + STACK_OF(X509_INFO) *inf = NULL; + X509_INFO *itmp; + int i, count = 0, ok = 0; + + store = SSL_CTX_get_cert_store(ctx); + + if ((in = BIO_new_mem_buf(buf, len)) == NULL) + goto done; + + if ((inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL)) == NULL) + goto done; + + for (i = 0; i < sk_X509_INFO_num(inf); i++) { + itmp = sk_X509_INFO_value(inf, i); + if (itmp->x509) { + if ((ok = X509_STORE_add_cert(store, itmp->x509)) == 0) + goto done; + count++; + } + if (itmp->crl) { + if ((ok = X509_STORE_add_crl(store, itmp->crl)) == 0) + goto done; + count++; + } + } + + ok = count != 0; + done: + if (count == 0) + X509err(0xfff, ERR_R_PEM_LIB); + if (inf != NULL) + sk_X509_INFO_pop_free(inf, X509_INFO_free); + if (in != NULL) + BIO_free(in); + return (ok); +} + int tls_configure_ssl_verify(struct tls *ctx, SSL_CTX *ssl_ctx, int verify) { @@ -580,7 +622,7 @@ tls_configure_ssl_verify(struct tls *ctx, SSL_CTX *ssl_ctx, int verify) tls_set_errorx(ctx, "ca too long"); goto err; } - if (SSL_CTX_load_verify_mem(ssl_ctx, ca_mem, ca_len) != 1) { + if (load_verify_mem(ssl_ctx, ca_mem, ca_len) != 1) { tls_set_errorx(ctx, "ssl verify memory setup failure"); goto err; } -- cgit 1.4.1 e='hidden' name='h' value='1.4.1'/>
path: root/ui-blob.c (unfollow)
Commit message (Collapse)Author
2009-07-25ui-plain: Return 'application/octet-stream' for binary files.Remko Tronçon
Signed-off-by: Remko Tronçon <git@el-tramo.be> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2009-06-11use cgit_httpscheme() for atom feedDiego Ongaro
2009-06-11add cgit_httpscheme() -> http:// or https://Diego Ongaro
2009-06-07Return http statuscode 404 on unknown branchLars Hjemli
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2009-06-07Add head-include configuration option.Mark Lodato
This patch adds an option to the configuration file, "head-include", which works just like "header" or "footer", except the content is put into the HTML's <head> tag.
2009-03-15CGIT 0.8.2.1Lars Hjemli
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2009-03-15Fix doc-related glitches in Makefile and .gitignoreLars Hjemli
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2009-03-15ui-snapshot: avoid segfault when no filename is specifiedLars Hjemli
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2009-03-15fix segfault when displaying empty blobsEric Wong
When size is zero, subtracting one from it turns it into ULONG_MAX which causes an out-of-bounds access on buf. Signed-off-by: Eric Wong <normalperson@yhbt.net> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2009-02-19Add support for HEAD requestsLars Hjemli
This is a quick 'n dirty hack which makes cgit honor HEAD requests. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2009-02-19Add support for ETag in 'plain' viewLars Hjemli
When downloading a blob identified by its path, the client might want to know if the blob has been modified since a previous download of the same path. To this end, an ETag containing the blob SHA1 seems to be ideal. Todo: add support for HEAD requests... Suggested-by: Owen Taylor <otaylor@redhat.com> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2009-02-12ui-tree: escape ascii-text properly in hexdump viewLars Hjemli
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2009-02-12Makefile: add doc-related targetsLars Hjemli