search for: ssl_ctx_get_cert_store

...508087 +0100 *************** *** 924,930 **** X509_STORE *store; STACK_OF(X509_NAME) *xnames = NULL; ! SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2); if (*set->ssl_ca != '\0') { /* set trusted CA certs */ store = SSL_CTX_get_cert_store(ssl_ctx); --- 924,930 ---- X509_STORE *store; STACK_OF(X509_NAME) *xnames = NULL; ! SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_CIPHER_SERVER_PREFERENCE ); if (*set->ssl_ca != '\0') { /* set trusted CA certs */...

...quot;SSL_VERIFY_CLIENT_CERT") != NULL) { SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER | - SSL_VERIFY_CLIENT_ONCE, + SSL_VERIFY_FAIL_IF_NO_PEER_CERT, ssl_verify_client_cert); } + /* HJHJ */ +#if OPENSSL_VERSION_NUMBER >= 0x00907000L + X509_STORE *store; + if( (store=SSL_CTX_get_cert_store(ssl_ctx)) != NULL ) + { X509_STORE_set_flags( store, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL); } + else + { i_warning("X509 get cert store failed..."); } +#endif + /* HJHJ */ + /* PRNG initialization might want to use /dev/urandom, make sure it does it before chrooting...

...l.so SSL_CTX_use_PrivateKey ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so ERR_error_string_n ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so CRYPTO_set_mem_functions ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so BIO_new_mem_buf ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so SSL_CTX_get_cert_store ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so CRYPTO_cleanup_all_ex_data ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so GENERAL_NAME_free ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so sk_num ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so X509_NAME_get_entry ../lib-ssl-iost...

...-925,6 +925,9 @@ STACK_OF(X509_NAME) *xnames = NULL; SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2); +#ifdef SSL_MODE_RELEASE_BUFFERS + SSL_CTX_set_mode(ssl_ctx, SSL_MODE_RELEASE_BUFFERS); +#endif if (*set->ssl_ca != '\0') { /* set trusted CA certs */ store = SSL_CTX_get_cert_store(ssl_ctx);

..._OF(X509_NAME) *xnames = NULL; - /* enable all SSL workarounds, except empty fragments as it makes SSL more vulnerable against attacks */ SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL & @@ -1010,12 +981,10 @@ if (*set->ssl_ca != '\0') { /* set trusted CA certs */ - store = SSL_CTX_get_cert_store(ssl_ctx); - load_ca(store, set->ssl_ca, load_xnames ? &xnames : NULL); + load_ca(ssl_ctx, set->ssl_ca); } ssl_proxy_ctx_set_crypto_params(ssl_ctx, set); SSL_CTX_set_info_callback(ssl_ctx, ssl_info_callback); - return xnames; } static void @@ -1068,7 +1037,7 @@ } static voi...

...const struct master_service_ssl_settings *set); +static int ssl_proxy_ctx_get_pkey_ec_curve_name(const struct master_service_ssl_settings *set); + static unsigned int ssl_server_context_hash(const struct ssl_server_context *ctx) { unsigned int i, g, h = 0; @@ -993,11 +997,58 @@ store = SSL_CTX_get_cert_store(ssl_ctx); load_ca(store, set->ssl_ca, load_xnames ? &xnames : NULL); } + ssl_proxy_ctx_set_crypto_params(ssl_ctx, set); SSL_CTX_set_info_callback(ssl_ctx, ssl_info_callback); + return xnames; +} + +static void +ssl_proxy_ctx_set_crypto_params(SSL_CTX *ssl_ctx, +...

...39; /usr/local/lib/dovecot/libdovecot-storage.so: undefined reference to `SSL_use_certificate at OPENSSL_1.0.0' /usr/local/lib/dovecot/libdovecot-storage.so: undefined reference to `ASN1_STRING_length at OPENSSL_1.0.0' /usr/local/lib/dovecot/libdovecot-storage.so: undefined reference to `SSL_CTX_get_cert_store at OPENSSL_1.0.0' /usr/local/lib/dovecot/libdovecot-storage.so: undefined reference to `SSL_CTX_set_tmp_dh_callback at OPENSSL_1.0.0' /usr/local/lib/dovecot/libdovecot-storage.so: undefined reference to `ENGINE_set_default_ciphers at OPENSSL_1.0.0' /usr/local/lib/dovecot/libdovecot-st...