diff options
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libtls/tls_client.c | 17 | 
1 files changed, 15 insertions, 2 deletions
| diff --git a/src/lib/libtls/tls_client.c b/src/lib/libtls/tls_client.c index c6117c3292..4a9a4c976d 100644 --- a/src/lib/libtls/tls_client.c +++ b/src/lib/libtls/tls_client.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls_client.c,v 1.8 2015/01/13 17:35:35 bluhm Exp $ */ | 1 | /* $OpenBSD: tls_client.c,v 1.9 2015/01/22 09:16:24 reyk Exp $ */ | 
| 2 | /* | 2 | /* | 
| 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 
| 4 | * | 4 | * | 
| @@ -21,6 +21,7 @@ | |||
| 21 | #include <arpa/inet.h> | 21 | #include <arpa/inet.h> | 
| 22 | #include <netinet/in.h> | 22 | #include <netinet/in.h> | 
| 23 | 23 | ||
| 24 | #include <limits.h> | ||
| 24 | #include <netdb.h> | 25 | #include <netdb.h> | 
| 25 | #include <stdlib.h> | 26 | #include <stdlib.h> | 
| 26 | #include <unistd.h> | 27 | #include <unistd.h> | 
| @@ -168,7 +169,19 @@ tls_connect_fds(struct tls *ctx, int fd_read, int fd_write, | |||
| 168 | if (ctx->config->verify_cert) { | 169 | if (ctx->config->verify_cert) { | 
| 169 | SSL_CTX_set_verify(ctx->ssl_ctx, SSL_VERIFY_PEER, NULL); | 170 | SSL_CTX_set_verify(ctx->ssl_ctx, SSL_VERIFY_PEER, NULL); | 
| 170 | 171 | ||
| 171 | if (SSL_CTX_load_verify_locations(ctx->ssl_ctx, | 172 | if (ctx->config->ca_mem != NULL) { | 
| 173 | if (ctx->config->ca_len > INT_MAX) { | ||
| 174 | tls_set_error(ctx, "ca too long"); | ||
| 175 | goto err; | ||
| 176 | } | ||
| 177 | |||
| 178 | if (SSL_CTX_load_verify_mem(ctx->ssl_ctx, | ||
| 179 | ctx->config->ca_mem, ctx->config->ca_len) != 1) { | ||
| 180 | tls_set_error(ctx, | ||
| 181 | "ssl verify memory setup failure"); | ||
| 182 | goto err; | ||
| 183 | } | ||
| 184 | } else if (SSL_CTX_load_verify_locations(ctx->ssl_ctx, | ||
| 172 | ctx->config->ca_file, ctx->config->ca_path) != 1) { | 185 | ctx->config->ca_file, ctx->config->ca_path) != 1) { | 
| 173 | tls_set_error(ctx, "ssl verify setup failure"); | 186 | tls_set_error(ctx, "ssl verify setup failure"); | 
| 174 | goto err; | 187 | goto err; | 
