17925a9d3c
bundle) to be set through the environment variable ‘OPENSSL_X509_CERT_FILE’. This is necessary because the default location ($out/ssl/cert.pem) doesn't exist, and hardcoding something like /etc/ssl/cert.pem is impure and cannot be overriden per-process. For security, the environment variable is ignored for setuid binaries. svn path=/nixpkgs/trunk/; revision=29224
36 lines
968 B
Diff
36 lines
968 B
Diff
diff -ru -x '*~' openssl-1.0.0e-orig/crypto/x509/x509_def.c openssl-1.0.0e/crypto/x509/x509_def.c
|
|
--- openssl-1.0.0e-orig/crypto/x509/x509_def.c 1999-09-11 19:54:11.000000000 +0200
|
|
+++ openssl-1.0.0e/crypto/x509/x509_def.c 2011-09-12 18:30:59.386501609 +0200
|
|
@@ -57,6 +57,10 @@
|
|
*/
|
|
|
|
#include <stdio.h>
|
|
+#include <stdlib.h>
|
|
+#include <limits.h>
|
|
+#include <unistd.h>
|
|
+#include <sys/types.h>
|
|
#include "cryptlib.h"
|
|
#include <openssl/crypto.h>
|
|
#include <openssl/x509.h>
|
|
@@ -71,7 +75,19 @@
|
|
{ return(X509_CERT_DIR); }
|
|
|
|
const char *X509_get_default_cert_file(void)
|
|
- { return(X509_CERT_FILE); }
|
|
+ {
|
|
+ static char buf[PATH_MAX] = X509_CERT_FILE;
|
|
+ static int init = 0;
|
|
+ if (!init) {
|
|
+ init = 1;
|
|
+ char * s = getenv("OPENSSL_X509_CERT_FILE");
|
|
+ if (s && getuid() == geteuid()) {
|
|
+ strncpy(buf, s, sizeof(buf));
|
|
+ buf[sizeof(buf) - 1] = 0;
|
|
+ }
|
|
+ }
|
|
+ return buf;
|
|
+ }
|
|
|
|
const char *X509_get_default_cert_dir_env(void)
|
|
{ return(X509_CERT_DIR_EVP); }
|