[prev in list] [next in list] [prev in thread] [next in thread]
List: openssl-dev
Subject: [openssl-dev] [openssl.org #3875] [PATCH] Add external X509_STORE to SSL_CTX
From: "Short, Todd via RT" <rt () openssl ! org>
Date: 2015-05-27 20:32:44
Message-ID: rt-4.0.4-1870-1432758764-57.3875-21-0 () openssl ! org
[Download RAW message or body]
Hello OpenSSL Org:
This is a change that Akamai has made to its implementation of OpenSSL.
Version: master branch
Description: Add external X509_STORE to SSL_CTX
Add SSL_CTX_set_cert_store_ref() API to add an external X509_STORE to
an SSL_CTX. (There is no get API).
Github link:
https://github.com/akamai/openssl/commit/517559c8637cda3750b39017685742590f1b692e
And attachment.
Thank you.
--
-Todd Short
// tshort@akamai.com
// "One if by land, two if by sea, three if by the Internet."
["0018-Add-external-X509_STORE-to-SSL_CTX.patch" (application/octet-stream)]
From 685c477cba3f3567395ab6b9f9f1d7b3e524415f Mon Sep 17 00:00:00 2001
From: Laszlo Kovacs <lkovacs@akamai.com>
Date: Tue, 31 Mar 2015 16:20:03 -0400
Subject: [PATCH 18/26] Add external X509_STORE to SSL_CTX
Add SSL_CTX_set_cert_store_ref() API to add an external X509_STORE to
an SSL_CTX
(cherry picked from commit da85fb4713bbd7ba92ab2c83602fc26a4613fb22)
Conflicts:
include/openssl/ssl.h
ssl/ssl_lib.c
---
include/openssl/ssl.h | 1 +
ssl/ssl_lib.c | 8 ++++++++
2 files changed, 9 insertions(+)
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 9523a43..935ff0a 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1441,6 +1441,7 @@ __owur long SSL_CTX_get_timeout(const SSL_CTX *ctx);
__owur X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *);
__owur int SSL_want(const SSL *s);
+void SSL_CTX_set_cert_store_ref(SSL_CTX *, X509_STORE *);
int SSL_signal_event_result(SSL *s, int event, int result, int errfunc, int \
errreason, const char *file, int line); # define SSL_signal_event(s, event, retcode) \
\ SSL_signal_event_result(s, event, retcode, 0, 0, NULL, 0)
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index cf1276b..efed001 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -3516,6 +3516,14 @@ void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx)
return ctx->cert->sec_ex;
}
+void SSL_CTX_set_cert_store_ref(SSL_CTX *ctx, X509_STORE *store)
+{
+ if (ctx->cert_store != NULL)
+ X509_STORE_free(ctx->cert_store);
+ CRYPTO_add(&store->references, 1, CRYPTO_LOCK_X509_STORE);
+ ctx->cert_store = store;
+}
+
void SSL_CTX_share_session_cache(SSL_CTX *a, SSL_CTX *b)
{
CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
--
2.3.2 (Apple Git-55)
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic