2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
|
{
#if OPENSSL_VERSION_NUMBER < 0x30000000L
if (CApath != NULL || CAfile != NULL) {
Tcl_DString ds1;
Tcl_DStringInit(&ds1);
if (!SSL_CTX_load_verify_locations(ctx, F2N(CAfile, &ds), F2N(CApath, &ds1))) {
Tcl_AppendResult(interp, GET_ERR_REASON(), (char *) NULL);
SSL_CTX_free(ctx);
Tcl_DStringFree(&ds);
Tcl_DStringFree(&ds1);
return NULL;
}
Tcl_DStringFree(&ds);
Tcl_DStringFree(&ds1);
/* Set list of CAs to send to client when requesting a client certificate */
/* https://sourceforge.net/p/tls/bugs/57/ */
/* XXX:TODO: Let the user supply values here instead of something that exists on the filesystem */
STACK_OF(X509_NAME) *certNames = SSL_load_client_CA_file(F2N(CAfile, &ds));
if (certNames != NULL) {
SSL_CTX_set_client_CA_list(ctx, certNames);
}
Tcl_DStringFree(&ds);
}
#else
/* Set directory containing CA certificates in PEM format. */
if (CApath != NULL) {
if (!SSL_CTX_load_verify_dir(ctx, F2N(CApath, &ds))) {
Tcl_AppendResult(interp, GET_ERR_REASON(), (char *) NULL);
SSL_CTX_free(ctx);
Tcl_DStringFree(&ds);
return NULL;
}
Tcl_DStringFree(&ds);
}
/* Set URI for to a store, which may be a single container or a catalog of containers. */
if (CAstore != NULL) {
if (!SSL_CTX_load_verify_store(ctx, F2N(CAstore, &ds))) {
Tcl_AppendResult(interp, GET_ERR_REASON(), (char *) NULL);
SSL_CTX_free(ctx);
Tcl_DStringFree(&ds);
return NULL;
}
Tcl_DStringFree(&ds);
}
/* Set file of CA certificates in PEM format. */
if (CAfile != NULL) {
if (!SSL_CTX_load_verify_file(ctx, F2N(CAfile, &ds))) {
Tcl_AppendResult(interp, GET_ERR_REASON(), (char *) NULL);
SSL_CTX_free(ctx);
Tcl_DStringFree(&ds);
return NULL;
}
Tcl_DStringFree(&ds);
/* Set list of CAs to send to client when requesting a client certificate */
STACK_OF(X509_NAME) *certNames = SSL_load_client_CA_file(F2N(CAfile, &ds));
if (certNames != NULL) {
SSL_CTX_set_client_CA_list(ctx, certNames);
|
|
<
<
<
<
<
<
|
<
<
<
|
<
<
<
|
|
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
|
{
#if OPENSSL_VERSION_NUMBER < 0x30000000L
if (CApath != NULL || CAfile != NULL) {
Tcl_DString ds1;
Tcl_DStringInit(&ds1);
if (!SSL_CTX_load_verify_locations(ctx, F2N(CAfile, &ds), F2N(CApath, &ds1))) {
abort++;
return NULL;
}
Tcl_DStringFree(&ds);
Tcl_DStringFree(&ds1);
/* Set list of CAs to send to client when requesting a client certificate */
/* https://sourceforge.net/p/tls/bugs/57/ */
/* XXX:TODO: Let the user supply values here instead of something that exists on the filesystem */
STACK_OF(X509_NAME) *certNames = SSL_load_client_CA_file(F2N(CAfile, &ds));
if (certNames != NULL) {
SSL_CTX_set_client_CA_list(ctx, certNames);
}
Tcl_DStringFree(&ds);
}
#else
/* Set directory containing CA certificates in PEM format. */
if (CApath != NULL) {
if (!SSL_CTX_load_verify_dir(ctx, F2N(CApath, &ds))) {
abort++;
}
Tcl_DStringFree(&ds);
}
/* Set URI for to a store, which may be a single container or a catalog of containers. */
if (CAstore != NULL) {
if (!SSL_CTX_load_verify_store(ctx, F2N(CAstore, &ds))) {
abort++;
}
Tcl_DStringFree(&ds);
}
/* Set file of CA certificates in PEM format. */
if (CAfile != NULL) {
if (!SSL_CTX_load_verify_file(ctx, F2N(CAfile, &ds))) {
abort++;
}
Tcl_DStringFree(&ds);
/* Set list of CAs to send to client when requesting a client certificate */
STACK_OF(X509_NAME) *certNames = SSL_load_client_CA_file(F2N(CAfile, &ds));
if (certNames != NULL) {
SSL_CTX_set_client_CA_list(ctx, certNames);
|