xref: /third_party/curl/lib/vtls/openssl.c

312   bool x509_store_setup;            /* x509 store has been set up */
317   char *CAfile;         /* CAfile path used to generate X509 store */
318   X509_STORE *store;    /* cached X509 store or NULL if none */
319   struct curltime time; /* when the cached store was created */
774    * to have setup the x509 store or verification will fail. */
2953         failf(data, "failed to store ssl session");
2961 static CURLcode load_cacert_from_memory(X509_STORE *store,
2989       if(X509_STORE_add_cert(store, itmp->x509)) {
2999       if(X509_STORE_add_crl(store, itmp->crl)) {
3020                                           X509_STORE *store,
3038        the MS root store. If a certificate cannot be imported it is
3039        skipped. 'result' is used to store only hard-fail conditions (such
3141       if(X509_STORE_add_cert(store, x509) == 1) {
3164                                     X509_STORE *store)
3182   if(!store)
3187     /* Import certificates from the Windows root certificate store if
3200         result = import_windows_cert_store(data, storeNames[i], store,
3205           infof(data, "successfully imported Windows %s store", storeNames[i]);
3209           infof(data, "error importing Windows %s store, continuing anyway",
3215       result = load_cacert_from_memory(store, ca_info_blob);
3229       if(ssl_cafile && !X509_STORE_load_file(store, ssl_cafile)) {
3238       if(ssl_capath && !X509_STORE_load_path(store, ssl_capath)) {
3250       if(!X509_STORE_load_locations(store, ssl_cafile, ssl_capath)) {
3274       X509_STORE_set_default_paths(store);
3282     lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
3290     X509_STORE_set_flags(store,
3297     /* Try building a chain using issuers in the trusted store first to avoid
3304     X509_STORE_set_flags(store, X509_V_FLAG_TRUSTED_FIRST);
3308       /* Have intermediate certificates in the trust store be treated as
3316       X509_STORE_set_flags(store, X509_V_FLAG_PARTIAL_CHAIN);
3354   X509_STORE *store = NULL;
3359      multi->ssl_backend_data->store &&
3362     store = multi->ssl_backend_data->store;
3365   return store;
3370                                   X509_STORE *store)
3388   if(X509_STORE_up_ref(store)) {
3394         X509_STORE_free(store);
3399     if(mbackend->store) {
3400       X509_STORE_free(mbackend->store);
3405     mbackend->store = store;
3420   /* Consider the X509 store cacheable if it comes exclusively from a CAfile,
3435     X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx);
3437     result = populate_x509_store(cf, data, store);
3439       set_cached_x509_store(cf, data, store);
3450   X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx);
3452   return populate_x509_store(cf, data, store);
3867      * store to verify the coming certificate from the server */
4651                          char *buf,                /* store read data here */
4898   if(mbackend->store) {
4899     X509_STORE_free(mbackend->store);

Indexes created Thu Nov 07 10:32:03 CST 2024