From d0ef2b563d4291f81a8f9ed7cd02bdfbaa8cc5f4 Mon Sep 17 00:00:00 2001
From: reyk <>
Date: Thu, 22 Jan 2015 09:12:57 +0000
Subject: Support CA verification in chroot'ed processes without direct file
 access to the certificates.  SSL_CTX_load_verify_mem() is a frontend to the
 new X509_STORE_load_mem() function that allows to load the CA chain from a
 memory buffer that is holding the PEM-encoded files. This function allows to
 handle the verification in privsep'ed code.

Adopted for LibreSSL based on older code from relayd (by pyr@ and myself)
With feedback and OK bluhm@
---
 src/lib/libssl/ssl.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src/lib/libssl/ssl.h')

diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 8302bba39c..56344085ad 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.76 2014/12/14 15:30:50 jsing Exp $ */
+/* $OpenBSD: ssl.h,v 1.77 2015/01/22 09:12:57 reyk Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1755,6 +1755,7 @@ int SSL_version(const SSL *ssl);
 int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
 int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
     const char *CApath);
+int SSL_CTX_load_verify_mem(SSL_CTX *ctx, void *buf, int len);
 #define SSL_get0_session SSL_get_session /* just peek at pointer */
 SSL_SESSION *SSL_get_session(const SSL *ssl);
 SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */
-- 
cgit v1.2.3-55-g6feb