From d4c44ff649e24982b2353fbf8a5621fa50f162ae Mon Sep 17 00:00:00 2001 From: Gerhard Rieger Date: Thu, 3 Apr 2014 12:57:43 +0200 Subject: [PATCH] Red Hat issue 1019964: socat now uses the system certificate store --- CHANGES | 3 +++ config.h.in | 3 +++ configure.in | 3 ++- xio-openssl.c | 4 ++++ 4 files changed, 12 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 0c6fd66..c113edd 100644 --- a/CHANGES +++ b/CHANGES @@ -29,6 +29,9 @@ security: the openssl-commonname option when it is used. Test: OPENSSL_CN_SERVER_SECURITY + Red Hat issue 1019964: socat now uses the system certificate store with + OPENSSL when neither options cafile nor capath are used + new features: OpenSSL addresses set couple of environment variables from values in peer certificate, e.g.: diff --git a/config.h.in b/config.h.in index 008ef99..a9dd941 100644 --- a/config.h.in +++ b/config.h.in @@ -400,6 +400,9 @@ /* Define if you have the SSLv2_server_method function. not in new openssl */ #undef HAVE_SSLv2_server_method +/* Define if you have the HAVE_SSL_CTX_set_default_verify_paths function */ +#undef HAVE_SSL_CTX_set_default_verify_paths + /* Define if you have the flock function */ #undef HAVE_FLOCK diff --git a/configure.in b/configure.in index 57140b6..910ce35 100644 --- a/configure.in +++ b/configure.in @@ -1336,7 +1336,8 @@ AC_CHECK_FUNC(unsetenv, AC_DEFINE(HAVE_UNSETENV)) dnl Search for SSLv2_client_method, SSLv2_server_method AC_CHECK_FUNC(SSLv3_client_method, AC_DEFINE(HAVE_SSLv3_client_method), AC_CHECK_LIB(crypt, SSLv3_client_method, [LIBS=-lcrypt $LIBS])) AC_CHECK_FUNC(SSLv2_server_method, AC_DEFINE(HAVE_SSLv2_server_method), AC_CHECK_LIB(crypt, SSLv2_server_method, [LIBS=-lcrypt $LIBS])) - +dnl +AC_CHECK_FUNC(SSL_CTX_set_default_verify_paths, AC_DEFINE(HAVE_SSL_CTX_set_default_verify_paths)) dnl Run time checks diff --git a/xio-openssl.c b/xio-openssl.c index 61d586c..225148e 100644 --- a/xio-openssl.c +++ b/xio-openssl.c @@ -921,6 +921,10 @@ int return STAT_RETRYLATER; } } +#ifdef HAVE_SSL_CTX_set_default_verify_paths + } else { + SSL_CTX_set_default_verify_paths(*ctx); +#endif } if (opt_cert) {