Commit a613e4e8 authored by Simon Morlat's avatar Simon Morlat

Make sofia sip use openssl default locations for CA certificates.

parent 2d8fffb7
......@@ -11,7 +11,7 @@ dnl information on the package
dnl ---------------------------
dnl update both the version for AC_INIT and the LIBSOFIA_SIP_UA_MAJOR_MINOR
AC_INIT([sofia-sip], [1.13.26bc])
AC_INIT([sofia-sip], [1.13.27bc])
AC_CONFIG_SRCDIR([libsofia-sip-ua/sip/sofia-sip/sip.h])
AC_CONFIG_MACRO_DIR([m4])
AC_SUBST(VER_LIBSOFIA_SIP_UA_MAJOR_MINOR, [1.13])
......
......@@ -520,6 +520,10 @@ int tls_init_context(tls_t *tls, tls_issues_t const *ti)
#endif
}
/* BC change : we want to use the standard verify location all the time.
* In addition we want any intermediary certificates required for the private key
* and the server certificate to be added by SSL_CTX_add_extra_chain_cert()*/
#if 0
if (ti->CAfile == NULL && ti->CApath == NULL) {
/* No CAfile, default path */
if (!SSL_CTX_set_default_verify_paths(tls->ctx)) {
......@@ -538,6 +542,29 @@ int tls_init_context(tls_t *tls, tls_issues_t const *ti)
errno = EIO;
return -1;
}
#endif
if (!SSL_CTX_set_default_verify_paths(tls->ctx)) {
SU_DEBUG_1(("tls_init_context: default verify paths could not be loaded !\n"));
}
/*load extra certificates if any*/
if (ti->CAfile){
FILE *f = fopen(ti->CAfile, "r");
if (f){
int extra_certs_added = 0;
while(!feof(f)){
X509 *extra_cert = PEM_read_X509(f, NULL, NULL, NULL);
if (extra_cert){
SSL_CTX_add_extra_chain_cert(tls->ctx, extra_cert);
extra_certs_added++;
}else break;
}
fclose(f);
SU_DEBUG_3(("tls_init_context: %i extra chain certificate added.", extra_certs_added));
}else SU_DEBUG_1(("tls_init_context: could not load CAfile from %s !\n", ti->CAfile));
}
/* corresponds to (enum tport_tls_verify_policy) */
tls->verify_incoming = (ti->policy & 0x1) ? 1 : 0;
......
......@@ -260,7 +260,7 @@ static int tport_tls_init_master(tport_primary_t *pri,
ti.cert = ti.key;
ti.CAfile = su_sprintf(autohome, "%s/%s", path, "cafile.pem");
SU_DEBUG_9(("%s(%p): tls key = %s ; CApath = %s\n", __func__, (void *)pri, ti.key, ti.CApath));
SU_DEBUG_9(("%s(%p): tls key = %s \n", __func__, (void *)pri, ti.key));
if (ti.key && ti.CAfile && ti.randFile) {
if (access(ti.key, R_OK) != 0) ti.key = NULL;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment