Enhancement #350 » 0002-allow-for-certificate-store-to-be-unspecified-in-CA-.patch
| bip.conf.5 | ||
|---|---|---|
| 254 | 254 |
In ssl_check_mode \fBbasic\fP it must be a file, to which certificates you |
| 255 | 255 |
choose to trust will be appended. In ssl_check_mode \fBca\fP it may be a |
| 256 | 256 |
single file containing one or more trusted certificates concatenated together |
| 257 |
between BEGIN CERTIFICATE and END CERTIFICATE lines, or a directory containing |
|
| 258 |
individual certificates in PEM format which has been processed by \fBc_rehash\fP. |
|
| 257 |
between BEGIN CERTIFICATE and END CERTIFICATE lines, a directory containing |
|
| 258 |
individual certificates in PEM format which has been processed by \fBc_rehash\fP, |
|
| 259 |
or unset, in which case bip will attempt to use the default certificate store of |
|
| 260 |
the OpenSSL it is built against. |
|
| 259 | 261 | |
| 260 | 262 |
.TP |
| 261 | 263 |
\fBssl_client_certfile\fP (default: \fBnot set\fP) |
| samples/bip.conf | ||
|---|---|---|
| 126 | 126 |
# (certificates, CRLs...) with .pem extension and run `c_rehash .' in it |
| 127 | 127 |
# - a certificate bundle file containing one or more certificates in PEM |
| 128 | 128 |
# format, enclosed in BEGIN CERTIFICATE / END CERTIFICATE lines |
| 129 |
# - unspecified: in this case, bip will attempt to use the default |
|
| 130 |
# certificate store of the OpenSSL it is built against |
|
| 129 | 131 |
ssl_check_store = "/home/bip4ever/.bip/trustedcerts.txt"; |
| 130 | 132 | |
| 131 | 133 |
# Some networks (OFTC at least) allow you to authenticate to nickserv |
| src/bip.c | ||
|---|---|---|
| 1540 | 1540 |
bip_notify(ic, "%s", buf); |
| 1541 | 1541 | |
| 1542 | 1542 |
#ifdef HAVE_LIBSSL |
| 1543 |
bip_notify(ic, "SSL check mode '%s', stored into '%s'", |
|
| 1544 |
checkmode2text(u->ssl_check_mode), |
|
| 1545 |
STRORNULL(u->ssl_check_store)); |
|
| 1543 |
if (u->ssl_check_store) {
|
|
| 1544 |
bip_notify(ic, "SSL check mode '%s', stored into '%s'", |
|
| 1545 |
checkmode2text(u->ssl_check_mode), |
|
| 1546 |
u->ssl_check_store); |
|
| 1547 |
} |
|
| 1548 |
else {
|
|
| 1549 |
bip_notify(ic, "SSL check mode '%s', default or no certificate store", |
|
| 1550 |
checkmode2text(u->ssl_check_mode)); |
|
| 1551 |
} |
|
| 1546 | 1552 |
if (u->ssl_client_certfile) |
| 1547 | 1553 |
bip_notify(ic, "SSL client certificate stored into '%s'", |
| 1548 | 1554 |
u->ssl_client_certfile); |
| src/connection.c | ||
|---|---|---|
| 1470 | 1470 |
} |
| 1471 | 1471 |
break; |
| 1472 | 1472 |
case SSL_CHECK_CA: |
| 1473 |
if (!check_store) {
|
|
| 1474 |
if (SSL_CTX_set_default_verify_paths(conn->ssl_ctx_h)) {
|
|
| 1475 |
mylog(LOG_INFO, "No SSL certificate check store configured. " |
|
| 1476 |
"Default store will be used."); |
|
| 1477 |
break; |
|
| 1478 |
} else {
|
|
| 1479 |
mylog(LOG_ERROR, "No SSL certificate check store configured " |
|
| 1480 |
"and cannot use default store!"); |
|
| 1481 |
return conn; |
|
| 1482 |
} |
|
| 1483 |
} |
|
| 1473 | 1484 |
// Check if check_store is a file or directory |
| 1474 | 1485 |
if (stat(check_store, &st_buf) == 0) {
|
| 1475 | 1486 |
if (st_buf.st_mode & S_IFDIR) {
|
| ... | ... | |
| 1490 | 1501 |
} |
| 1491 | 1502 |
break; |
| 1492 | 1503 |
} |
| 1493 |
mylog(LOG_ERROR, "Check store is neither a file nor a directory."); |
|
| 1504 |
mylog(LOG_ERROR, "Specified SSL certificate check store is neither " |
|
| 1505 |
"a file nor a directory."); |
|
| 1494 | 1506 |
return conn; |
| 1495 | 1507 |
} |
| 1496 |
mylog(LOG_ERROR, "Can't open check store! Make sure path is correct."); |
|
| 1508 |
mylog(LOG_ERROR, "Can't open SSL certificate check store! Check path " |
|
| 1509 |
"and permissions."); |
|
| 1497 | 1510 |
return conn; |
| 1498 | 1511 |
} |
| 1499 | 1512 | |
| 1500 |
- |
|
- « Previous
- 1
- 2
- Next »