Red Hat issue 1019964: socat now uses the system certificate store

This commit is contained in:
Gerhard Rieger 2015-04-02 15:58:37 +02:00
parent 0f65dd68fb
commit 78497ff3c7
4 changed files with 12 additions and 1 deletions

View file

@ -29,6 +29,9 @@ security:
the openssl-commonname option when it is used. the openssl-commonname option when it is used.
Test: OPENSSL_CN_SERVER_SECURITY Test: OPENSSL_CN_SERVER_SECURITY
Red Hat issue 1019964: socat now uses the system certificate store with
OPENSSL when neither options cafile nor capath are used
corrections: corrections:
LISTEN based addresses applied some address options, e.g. so-keepalive, LISTEN based addresses applied some address options, e.g. so-keepalive,
to the listening file descriptor instead of the connected file to the listening file descriptor instead of the connected file

View file

@ -400,6 +400,9 @@
/* Define if you have the SSLv2_server_method function. not in new openssl */ /* Define if you have the SSLv2_server_method function. not in new openssl */
#undef HAVE_SSLv2_server_method #undef HAVE_SSLv2_server_method
/* Define if you have the HAVE_SSL_CTX_set_default_verify_paths function */
#undef HAVE_SSL_CTX_set_default_verify_paths
/* Define if you have the flock function */ /* Define if you have the flock function */
#undef HAVE_FLOCK #undef HAVE_FLOCK

View file

@ -1352,7 +1352,8 @@ AC_CHECK_FUNC(unsetenv, AC_DEFINE(HAVE_UNSETENV))
dnl Search for SSLv2_client_method, SSLv2_server_method dnl Search for SSLv2_client_method, SSLv2_server_method
AC_CHECK_FUNC(SSLv3_client_method, AC_DEFINE(HAVE_SSLv3_client_method), AC_CHECK_LIB(crypt, SSLv3_client_method, [LIBS=-lcrypt $LIBS])) AC_CHECK_FUNC(SSLv3_client_method, AC_DEFINE(HAVE_SSLv3_client_method), AC_CHECK_LIB(crypt, SSLv3_client_method, [LIBS=-lcrypt $LIBS]))
AC_CHECK_FUNC(SSLv2_server_method, AC_DEFINE(HAVE_SSLv2_server_method), AC_CHECK_LIB(crypt, SSLv2_server_method, [LIBS=-lcrypt $LIBS])) AC_CHECK_FUNC(SSLv2_server_method, AC_DEFINE(HAVE_SSLv2_server_method), AC_CHECK_LIB(crypt, SSLv2_server_method, [LIBS=-lcrypt $LIBS]))
dnl
AC_CHECK_FUNC(SSL_CTX_set_default_verify_paths, AC_DEFINE(HAVE_SSL_CTX_set_default_verify_paths))
dnl Run time checks dnl Run time checks

View file

@ -1055,6 +1055,10 @@ int
return STAT_RETRYLATER; return STAT_RETRYLATER;
} }
} }
#ifdef HAVE_SSL_CTX_set_default_verify_paths
} else {
SSL_CTX_set_default_verify_paths(*ctx);
#endif
} }
if (opt_cert) { if (opt_cert) {