Displaying 4 results from an estimated 4 matches for "x509_store".
2012 Mar 20
1
IMAP and POP3 per SSL
...s list.
This patch is for dovecot 2.0.9 which is included in Redhat Enterprise Linux 6.2:
*** src/login-common/ssl-proxy-openssl.c 2010-12-30 10:42:54.000000000 +0100
--- src/login-common/ssl-proxy-openssl.c_1 2012-03-20 09:48:28.359508087 +0100
***************
*** 924,930 ****
X509_STORE *store;
STACK_OF(X509_NAME) *xnames = NULL;
! SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2);
if (*set->ssl_ca != '\0') {
/* set trusted CA certs */
store = SSL_CTX_get_cert_store(ssl_ctx);
--- 924,930 ----
X509_S...
2015 Feb 11
2
[PATCH] Fix for client certificate validation does not work
...=====
--- dovecot-2.2.9.orig/src/login-common/ssl-proxy-openssl.c 2015-02-11 00:31:24.986198000 -0500
+++ dovecot-2.2.9/src/login-common/ssl-proxy-openssl.c 2015-02-11 00:32:19.262198000 -0500
@@ -951,54 +951,25 @@
return strstr(cert, "PRIVATE KEY---") != NULL;
}
-static void load_ca(X509_STORE *store, const char *ca,
- STACK_OF(X509_NAME) **xnames_r)
+static void load_ca(SSL_CTX *ssl_ctx, const char *ca)
{
- /* mostly just copy&pasted from X509_load_cert_crl_file() */
- STACK_OF(X509_INFO) *inf;
- X509_INFO *itmp;
- X509_NAME *xname;
- BIO *bio;
- int i;
-
- bio = BIO_new_mem_b...
2006 Jun 01
1
ssl-proxy: client certificates and crl check
...6,10 +684,20 @@
if (getenv("SSL_VERIFY_CLIENT_CERT") != NULL) {
SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER |
- SSL_VERIFY_CLIENT_ONCE,
+ SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
ssl_verify_client_cert);
}
+ /* HJHJ */
+#if OPENSSL_VERSION_NUMBER >= 0x00907000L
+ X509_STORE *store;
+ if( (store=SSL_CTX_get_cert_store(ssl_ctx)) != NULL )
+ { X509_STORE_set_flags( store, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL); }
+ else
+ { i_warning("X509 get cert store failed..."); }
+#endif
+ /* HJHJ */
+
/* PRNG initialization might want to use /dev/urandom...
2008 Dec 16
3
Patch for OpenSSH for Windows to allow authentication through certificates
Hi all,
Does anyone know if it exists a patch for OpenSSH for Windows to allow
authentication through certificates?
Is it possible to make one if it doesn't exists?
Using OpenSSH for Windows 3.8p1-1 20040709 Build.
I know there is Roumen Petrov patch, but is for unix machines if i'm
not mistaken.
I need a similar one for Windows that work with the Roumen Petrov
patch so i can have