Support CA verification in chroot'ed processes without direct file - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	reyk <>	2015-01-22 09:12:57 +0000
committer	reyk <>	2015-01-22 09:12:57 +0000
commit	ab992313cf0983a16f4f53aa153303043aec169f (patch)
tree	42f292263609c4df75e6a4d780bcc3cc53130658 /src/lib/libssl/ssl_ciph.c
parent	862d0b8723d1dd780e301615518a21818f474a9c (diff)
download	openbsd-ab992313cf0983a16f4f53aa153303043aec169f.tar.gz openbsd-ab992313cf0983a16f4f53aa153303043aec169f.tar.bz2 openbsd-ab992313cf0983a16f4f53aa153303043aec169f.zip

Support CA verification in chroot'ed processes without direct file

access to the certificates. SSL_CTX_load_verify_mem() is a frontend to the new X509_STORE_load_mem() function that allows to load the CA chain from a memory buffer that is holding the PEM-encoded files. This function allows to handle the verification in privsep'ed code. Adopted for LibreSSL based on older code from relayd (by pyr@ and myself) With feedback and OK bluhm@

Diffstat (limited to 'src/lib/libssl/ssl_ciph.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: