TclTLS
Diff
Login
HomeTimelineDownloadBrowse SourceBranchesTagsTicketsWiki
Annotate Patch Side-by-side Diff

Differences From Artifact [b62ec44bb1]:

To Artifact [bba2dae983]:

2059
2060
2061
2062
2063
2064
2065




2066

2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082

2083
2084



2085

2086
2087
2088
2089
2090

2091
2092



2093

2094
2095
2096
2097
2098

2099
2100



2101

2102
2103
2104
2105
2106
2107
2108

2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069

2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085

2086
2087
2088
2089
2090
2091

2092
2093
2094
2095
2096

2097
2098
2099
2100
2101
2102

2103
2104
2105
2106
2107

2108
2109
2110
2111
2112
2113

2114
2115
2116
2117
2118
2119
2120
2121








+
+
+
+
-
+















-
+


+
+
+
-
+




-
+


+
+
+
-
+




-
+


+
+
+
-
+








    {
#if OPENSSL_VERSION_NUMBER < 0x30000000L
	if (CApath != NULL || CAfile != NULL) {
	    Tcl_DString ds1;
	    Tcl_DStringInit(&ds1);

	    if (!SSL_CTX_load_verify_locations(ctx, F2N(CAfile, &ds), F2N(CApath, &ds1))) {
		Tcl_AppendResult(interp, GET_ERR_REASON(), (char *) NULL);
		SSL_CTX_free(ctx);
		Tcl_DStringFree(&ds);
		Tcl_DStringFree(&ds1);
		abort++;
		return NULL;
	    }
	    Tcl_DStringFree(&ds);
	    Tcl_DStringFree(&ds1);

	    /* Set list of CAs to send to client when requesting a client certificate */
	    /* https://sourceforge.net/p/tls/bugs/57/ */
	    /* XXX:TODO: Let the user supply values here instead of something that exists on the filesystem */
	    STACK_OF(X509_NAME) *certNames = SSL_load_client_CA_file(F2N(CAfile, &ds));
	    if (certNames != NULL) {
		SSL_CTX_set_client_CA_list(ctx, certNames);
	    }
	    Tcl_DStringFree(&ds);
	}

#else
	/* Directory containing CA certificates in PEM format. */
	/* Set directory containing CA certificates in PEM format. */
	if (CApath != NULL) {
	    if (!SSL_CTX_load_verify_dir(ctx, F2N(CApath, &ds))) {
		Tcl_AppendResult(interp, GET_ERR_REASON(), (char *) NULL);
		SSL_CTX_free(ctx);
		Tcl_DStringFree(&ds);
		abort++;
		return NULL;
	    }
	    Tcl_DStringFree(&ds);
	}
	
	/* URI for to a store, which may be a single container or a catalog of containers. */
	/* Set URI for to a store, which may be a single container or a catalog of containers. */
	if (CAstore != NULL) {
	    if (!SSL_CTX_load_verify_store(ctx, F2N(CAstore, &ds))) {
		Tcl_AppendResult(interp, GET_ERR_REASON(), (char *) NULL);
		SSL_CTX_free(ctx);
		Tcl_DStringFree(&ds);
		abort++;
		return NULL;
	    }
	    Tcl_DStringFree(&ds);
	}
	
	/* File of CA certificates in PEM format.  */
	/* Set file of CA certificates in PEM format.  */
	if (CAfile != NULL) {
	    if (!SSL_CTX_load_verify_file(ctx, F2N(CAfile, &ds))) {
		Tcl_AppendResult(interp, GET_ERR_REASON(), (char *) NULL);
		SSL_CTX_free(ctx);
		Tcl_DStringFree(&ds);
		abort++;
		return NULL;
	    }
	    Tcl_DStringFree(&ds);

	    /* Set list of CAs to send to client when requesting a client certificate */
	    STACK_OF(X509_NAME) *certNames = SSL_load_client_CA_file(F2N(CAfile, &ds));
	    if (certNames != NULL) {
		SSL_CTX_set_client_CA_list(ctx, certNames);
Powered by Fossil · RSS