![(please configure the [header_logo] section in trac.ini)](/repos/chrome/site/pj.jpg)
Changeset 6052
- Timestamp:
- Aug 23, 2019 4:53:05 AM (5 years ago)
- File:
-
- 1 edited
-
pjproject/trunk/pjlib/src/pj/ssl_sock_ossl.c (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
pjproject/trunk/pjlib/src/pj/ssl_sock_ossl.c
r6034 r6052 1061 1061 } 1062 1062 1063 /* Add certificate authorities for clients from CA. 1064 * Needed for certificate request during handshake. 1065 */ 1066 if (cert && ssock->is_server) { 1067 STACK_OF(X509_NAME) *ca_dn = NULL; 1068 1069 if (cert->CA_file.slen > 0) { 1070 ca_dn = SSL_load_client_CA_file(cert->CA_file.ptr); 1071 } else if (cert->CA_buf.slen > 0) { 1072 X509 *x = NULL; 1073 X509_NAME *xn = NULL; 1074 STACK_OF(X509_NAME) *sk = NULL; 1075 BIO *bio = BIO_new_mem_buf((void*)cert->CA_buf.ptr, 1076 cert->CA_buf.slen); 1077 1078 sk = sk_X509_NAME_new((sk_X509_NAME_compfunc)X509_NAME_cmp); 1079 1080 if (sk != NULL && bio != NULL) { 1081 for (;;) { 1082 if (PEM_read_bio_X509(bio, &x, NULL, NULL) == NULL) 1083 break; 1084 1085 if (ca_dn == NULL) { 1086 ca_dn = sk_X509_NAME_new_null(); 1087 1088 if (ca_dn == NULL) 1089 break; 1090 } 1091 1092 if ((xn = X509_get_subject_name(x)) == NULL) 1093 break; 1094 1095 if ((xn = X509_NAME_dup(xn)) == NULL ) 1096 break; 1097 1098 if (sk_X509_NAME_find(sk, xn) >= 0) { 1099 X509_NAME_free(xn); 1100 } else { 1101 sk_X509_NAME_push(sk, xn); 1102 sk_X509_NAME_push(ca_dn, xn); 1103 } 1104 } 1105 } 1106 if (sk != NULL) 1107 sk_X509_NAME_free(sk); 1108 if (bio != NULL) 1109 BIO_free(bio); 1110 } 1111 1112 if (ca_dn != NULL) 1113 SSL_CTX_set_client_CA_list(ctx, ca_dn); 1114 } 1115 1063 1116 /* Early sensitive data cleanup after OpenSSL context setup. However, 1064 1117 * this cannot be done for listener sockets, as the data will still
Note: See TracChangeset
for help on using the changeset viewer.
