SSL_CONF support for certificate_authorities

Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3015)
author: Dr. Stephen Henson <steve@openssl.org> 2017-03-18 14:44:13 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2017-04-04 00:47:21 +0200
commit: be885d50758f887520e6fa0a5edeaec7c5e70b65 (patch)
tree: 070c2db78a4324548e9c7a2454e730233022a68f /ssl/ssl_conf.c
parent: New certificate_authorities functions (diff)
download: openssl-be885d50758f887520e6fa0a5edeaec7c5e70b65.tar.xz
openssl-be885d50758f887520e6fa0a5edeaec7c5e70b65.zip
1 files changed, 18 insertions, 4 deletions
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index 954e421129..4b4619279e 100644
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -465,7 +465,7 @@ static int cmd_VerifyCAFile(SSL_CONF_CTX *cctx, const char *value)
     return do_store(cctx, value, NULL, 1);
 }
 
-static int cmd_ClientCAFile(SSL_CONF_CTX *cctx, const char *value)
+static int cmd_RequestCAFile(SSL_CONF_CTX *cctx, const char *value)
 {
     if (cctx->canames == NULL)
         cctx->canames = sk_X509_NAME_new_null();
@@ -474,7 +474,12 @@ static int cmd_ClientCAFile(SSL_CONF_CTX *cctx, const char *value)
     return SSL_add_file_cert_subjects_to_stack(cctx->canames, value);
 }
 
-static int cmd_ClientCAPath(SSL_CONF_CTX *cctx, const char *value)
+static int cmd_ClientCAFile(SSL_CONF_CTX *cctx, const char *value)
+{
+    return cmd_RequestCAFile(cctx, value);
+}
+
+static int cmd_RequestCAPath(SSL_CONF_CTX *cctx, const char *value)
 {
     if (cctx->canames == NULL)
         cctx->canames = sk_X509_NAME_new_null();
@@ -483,6 +488,11 @@ static int cmd_ClientCAPath(SSL_CONF_CTX *cctx, const char *value)
     return SSL_add_dir_cert_subjects_to_stack(cctx->canames, value);
 }
 
+static int cmd_ClientCAPath(SSL_CONF_CTX *cctx, const char *value)
+{
+    return cmd_RequestCAPath(cctx, value);
+}
+
 #ifndef OPENSSL_NO_DH
 static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value)
 {
@@ -575,9 +585,13 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {
                  SSL_CONF_TYPE_DIR),
     SSL_CONF_CMD(VerifyCAFile, "verifyCAfile", SSL_CONF_FLAG_CERTIFICATE,
                  SSL_CONF_TYPE_FILE),
+    SSL_CONF_CMD(RequestCAFile, "requestCAFile", SSL_CONF_FLAG_CERTIFICATE,
+                 SSL_CONF_TYPE_FILE),
     SSL_CONF_CMD(ClientCAFile, NULL,
                  SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE,
                  SSL_CONF_TYPE_FILE),
+    SSL_CONF_CMD(RequestCAPath, NULL, SSL_CONF_FLAG_CERTIFICATE,
+                 SSL_CONF_TYPE_DIR),
     SSL_CONF_CMD(ClientCAPath, NULL,
                  SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE,
                  SSL_CONF_TYPE_DIR),
@@ -802,9 +816,9 @@ int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx)
     }
     if (cctx->canames) {
         if (cctx->ssl)
-            SSL_set_client_CA_list(cctx->ssl, cctx->canames);
+            SSL_set0_CA_list(cctx->ssl, cctx->canames);
         else if (cctx->ctx)
-            SSL_CTX_set_client_CA_list(cctx->ctx, cctx->canames);
+            SSL_CTX_set0_CA_list(cctx->ctx, cctx->canames);
         else
             sk_X509_NAME_pop_free(cctx->canames, X509_NAME_free);
         cctx->canames = NULL;
author	Dr. Stephen Henson <steve@openssl.org>	2017-03-18 14:44:13 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2017-04-04 00:47:21 +0200
commit	be885d50758f887520e6fa0a5edeaec7c5e70b65 (patch)
tree	070c2db78a4324548e9c7a2454e730233022a68f /ssl/ssl_conf.c
parent	New certificate_authorities functions (diff)
download	openssl-be885d50758f887520e6fa0a5edeaec7c5e70b65.tar.xz openssl-be885d50758f887520e6fa0a5edeaec7c5e70b65.zip