artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e0d5ea1) | patch
Support CA verification in chroot'ed processes without direct file
authorreyk <reyk@openbsd.org>
Thu, 22 Jan 2015 09:12:57 +0000 (09:12 +0000)
committerreyk <reyk@openbsd.org>
Thu, 22 Jan 2015 09:12:57 +0000 (09:12 +0000)
commit3c243a36a609d4fb1d6272a2521af115922fd786
treeeb42f0f94d2205a02fd5c7e03ecd850dc52b7dd4tree | snapshot
parente0d5ea162a855489a21c60884ae351f9d9390babcommit | diff
Support CA verification in chroot'ed processes without direct file
access to the certificates.  SSL_CTX_load_verify_mem() is a frontend
to the new X509_STORE_load_mem() function that allows to load the CA
chain from a memory buffer that is holding the PEM-encoded files.
This function allows to handle the verification in privsep'ed code.

Adopted for LibreSSL based on older code from relayd (by pyr@ and myself)
With feedback and OK bluhm@
lib/libssl/shlib_version diff | blob | history
lib/libssl/src/ssl/ssl.h diff | blob | history
lib/libssl/src/ssl/ssl_lib.c diff | blob | history
lib/libssl/ssl.h diff | blob | history
lib/libssl/ssl/shlib_version diff | blob | history
lib/libssl/ssl_lib.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim