Download raw body.
[PATCH] Add SSL_CTX_set1_cert_store
Thank you so much for your review and advice!
I updated the patch.
---
src/lib/libssl/Symbols.list | 1 +
src/lib/libssl/hidden/openssl/ssl.h | 1 +
src/lib/libssl/man/SSL_CTX_set_cert_store.3 | 12 ++++++++++++
src/lib/libssl/ssl.h | 3 +++
src/lib/libssl/ssl_lib.c | 9 +++++++++
5 files changed, 26 insertions(+)
diff --git a/src/lib/libssl/Symbols.list b/src/lib/libssl/Symbols.list
index f572284..30a8e80 100644
--- a/src/lib/libssl/Symbols.list
+++ b/src/lib/libssl/Symbols.list
@@ -81,6 +81,7 @@ SSL_CTX_sess_set_new_cb
SSL_CTX_sess_set_remove_cb
SSL_CTX_sessions
SSL_CTX_set0_chain
+SSL_CTX_set1_cert_store
SSL_CTX_set1_chain
SSL_CTX_set1_groups
SSL_CTX_set1_groups_list
diff --git a/src/lib/libssl/hidden/openssl/ssl.h b/src/lib/libssl/hidden/openssl/ssl.h
index cff250e..8d91c29 100644
--- a/src/lib/libssl/hidden/openssl/ssl.h
+++ b/src/lib/libssl/hidden/openssl/ssl.h
@@ -105,6 +105,7 @@ LSSL_USED(SSL_CTX_set_timeout);
LSSL_USED(SSL_CTX_get_timeout);
LSSL_USED(SSL_CTX_get_cert_store);
LSSL_USED(SSL_CTX_set_cert_store);
+LSSL_USED(SSL_CTX_set1_cert_store);
LSSL_USED(SSL_CTX_get0_certificate);
LSSL_USED(SSL_CTX_get0_privatekey);
LSSL_USED(SSL_want);
diff --git a/src/lib/libssl/man/SSL_CTX_set_cert_store.3 b/src/lib/libssl/man/SSL_CTX_set_cert_store.3
index b23e3c4..ed4f65c 100644
--- a/src/lib/libssl/man/SSL_CTX_set_cert_store.3
+++ b/src/lib/libssl/man/SSL_CTX_set_cert_store.3
@@ -53,12 +53,15 @@
.Os
.Sh NAME
.Nm SSL_CTX_set_cert_store ,
+.Nm SSL_CTX_set1_cert_store ,
.Nm SSL_CTX_get_cert_store
.Nd manipulate X509 certificate verification storage
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft void
.Fn SSL_CTX_set_cert_store "SSL_CTX *ctx" "X509_STORE *store"
+.Ft void
+.Fn SSL_CTX_set1_cert_store "SSL_CTX *ctx" "X509_STORE *store"
.Ft X509_STORE *
.Fn SSL_CTX_get_cert_store "const SSL_CTX *ctx"
.Sh DESCRIPTION
@@ -73,6 +76,15 @@ object is currently set in
.Fa ctx ,
it will be freed.
.Pp
+.Fn SSL_CTX_set1_cert_store
+sets the verification storage of
+.Fa ctx
+to or replaces it with
+.Fa store .
+The
+.Fa store Ns 's
+reference count is incremented.
+.Pp
.Fn SSL_CTX_get_cert_store
returns a pointer to the current certificate verification storage.
.Pp
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index d8846a4..9c5e9df 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1107,6 +1107,9 @@ long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
long SSL_CTX_get_timeout(const SSL_CTX *ctx);
X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *);
+#if defined(LIBRESSL_INTERNAL) || defined(LIBRESSL_NEXT_API)
+void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store);
+#endif
X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx);
EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx);
int SSL_want(const SSL *s);
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 4cf5c46..5af560e 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -3403,6 +3403,15 @@ SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store)
}
LSSL_ALIAS(SSL_CTX_set_cert_store);
+void
+SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store)
+{
+ if (store != NULL)
+ X509_STORE_up_ref(store);
+ SSL_CTX_set_cert_store(ctx, store);
+}
+LSSL_ALIAS(SSL_CTX_set1_cert_store);
+
X509 *
SSL_CTX_get0_certificate(const SSL_CTX *ctx)
{
--
2.39.3 (Apple Git-146)
[PATCH] Add SSL_CTX_set1_cert_store