Support CA verification in chroot'ed processes without direct file - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	reyk <>	2015-01-22 09:12:57 +0000
committer	reyk <>	2015-01-22 09:12:57 +0000
commit	d0ef2b563d4291f81a8f9ed7cd02bdfbaa8cc5f4 (patch)
tree	42f292263609c4df75e6a4d780bcc3cc53130658 /src/lib/libtls/tls.h
parent	ca23f8d50feee83817e664343b752ce0b985dfb5 (diff)
download	openbsd-d0ef2b563d4291f81a8f9ed7cd02bdfbaa8cc5f4.tar.gz openbsd-d0ef2b563d4291f81a8f9ed7cd02bdfbaa8cc5f4.tar.bz2 openbsd-d0ef2b563d4291f81a8f9ed7cd02bdfbaa8cc5f4.zip

Support CA verification in chroot'ed processes without direct file

access to the certificates. SSL_CTX_load_verify_mem() is a frontend to the new X509_STORE_load_mem() function that allows to load the CA chain from a memory buffer that is holding the PEM-encoded files. This function allows to handle the verification in privsep'ed code. Adopted for LibreSSL based on older code from relayd (by pyr@ and myself) With feedback and OK bluhm@

Diffstat (limited to 'src/lib/libtls/tls.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: