static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp,
long argl, char **ret)
{
int ok = 0;
char *file;
switch (cmd) {
case X509_L_FILE_LOAD:
if (argl == X509_FILETYPE_DEFAULT) {
file = (char *)getenv(X509_get_default_cert_file_env());
if (file)
ok = (X509_load_cert_crl_file(ctx, file,
X509_FILETYPE_PEM) != 0);
else
ok = (X509_load_cert_crl_file
(ctx, X509_get_default_cert_file(),
X509_FILETYPE_PEM) != 0);
if (!ok) {
X509err(X509_F_BY_FILE_CTRL, X509_R_LOADING_DEFAULTS);
}
} else {
if (argl == X509_FILETYPE_PEM)
ok = (X509_load_cert_crl_file(ctx, argp,
X509_FILETYPE_PEM) != 0);
else
ok = (X509_load_cert_file(ctx, argp, (int)argl) != 0);
}
break;
}
return (ok);
}
extern "C" const char* CryptoNative_GetX509RootStoreFile()
{
const char* file = getenv(X509_get_default_cert_file_env());
if (!file)
{
file = X509_get_default_cert_file();
}
return file;
}
int _setupSystemCA(SSL_CTX* context, char* err, size_t err_len) {
#if !defined(_WIN32) && !defined(__APPLE__)
// On non-Windows/non-Apple platforms, the OpenSSL libraries should have been
// configured with default locations for CA certificates.
if (SSL_CTX_set_default_verify_paths(context) != 1) {
snprintf(err,
err_len,
"error loading system CA certificates "
"(default certificate file: %s default certificate path: %s )",
X509_get_default_cert_file(),
X509_get_default_cert_dir());
return 0;
}
return 1;
#else
X509_STORE* verifyStore = SSL_CTX_get_cert_store(context);
if (!verifyStore) {
snprintf(err,
err_len,
"no X509 store found for SSL context while loading "
"system certificates");
return 0;
}
#if defined(_WIN32)
int status = importCertStoreToX509_STORE(
L"root", CERT_SYSTEM_STORE_CURRENT_USER, verifyStore, err, err_len);
if (!status)
return status;
return importCertStoreToX509_STORE(
L"CA", CERT_SYSTEM_STORE_CURRENT_USER, verifyStore, err, err_len);
#elif defined(__APPLE__)
return importKeychainToX509_STORE(verifyStore, err, err_len);
#endif
#endif
}
