Displaying 5 results from an estimated 5 matches for "x509_store_set_flags".
2006 Jun 01
1
ssl-proxy: client certificates and crl check
...SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER |
- SSL_VERIFY_CLIENT_ONCE,
+ SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
ssl_verify_client_cert);
}
+ /* HJHJ */
+#if OPENSSL_VERSION_NUMBER >= 0x00907000L
+ X509_STORE *store;
+ if( (store=SSL_CTX_get_cert_store(ssl_ctx)) != NULL )
+ { X509_STORE_set_flags( store, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL); }
+ else
+ { i_warning("X509 get cert store failed..."); }
+#endif
+ /* HJHJ */
+
/* PRNG initialization might want to use /dev/urandom, make sure it
does it before chrooting. We might not have enough entropy at
the...
2013 Apr 07
1
ssl_require_crl does not work as expected
...id certificate: unable to
get certificate CRL: /CN=Root-CA.../C=DE
I dont know what the proxy-stuff is about so instead of ignoring CRL-related
errors I tried to disable CRL-checking. I therefore commented out two lines
in
ssl_proxy_ctx_verify_client() in ssl-proxy-openssl.c line 1004, namely:
// X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK |
// X509_V_FLAG_CRL_CHECK_ALL);
This tells OpenSSL not to check CRLs. Of course in production code this
should be done only if "ssl_require_crl = no".
Similar code is contained in iostream-openssl-context.c,
namely in routine ssl_iostre...
2015 Feb 11
2
[PATCH] Fix for client certificate validation does not work
...rn 0;
+
}
static void
-ssl_iostream_ctx_verify_remote_cert(struct ssl_iostream_context *ctx,
- STACK_OF(X509_NAME) *ca_names)
+ssl_iostream_ctx_verify_remote_cert(struct ssl_iostream_context *ctx)
{
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
X509_STORE *store;
@@ -274,8 +251,6 @@
X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK |
X509_V_FLAG_CRL_CHECK_ALL);
#endif
-
- SSL_CTX_set_client_CA_list(ctx->ssl_ctx, ca_names);
}
static struct ssl_iostream_settings *
@@ -320,18 +295,17 @@
const char **error_r)
{
X509_STORE *store;
- STACK_OF(X509_NAME) *xnames = NULL;
con...
2012 Oct 30
5
Pigeonhole 3.3 broken against Dovecot 2.1.10
....0'
/usr/local/lib/dovecot/libdovecot-storage.so: undefined reference to
`SSL_CIPHER_get_bits at OPENSSL_1.0.0'
/usr/local/lib/dovecot/libdovecot-storage.so: undefined reference to
`X509_INFO_free at OPENSSL_1.0.0'
/usr/local/lib/dovecot/libdovecot-storage.so: undefined reference to
`X509_STORE_set_flags at OPENSSL_1.0.0'
/usr/local/lib/dovecot/libdovecot-storage.so: undefined reference to
`SSL_new at OPENSSL_1.0.0'
/usr/local/lib/dovecot/libdovecot-storage.so: undefined reference to
`X509_NAME_dup at OPENSSL_1.0.0'
/usr/local/lib/dovecot/libdovecot-storage.so: undefined reference to...
2017 Aug 25
3
trouble compiling Dovecot 2.2.31 on Solaris 10 SPARC - libssl_iostream_openssl.so is not portable!
...l_iostream_openssl.so
SSL_accept ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so
ASN1_STRING_data ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so
ASN1_STRING_type ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so
SSLv23_server_method ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so
X509_STORE_set_flags ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so
sk_pop_free ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so
SSL_CTX_use_PrivateKey ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so
ERR_error_string_n ../lib-ssl-iostream/.libs/libssl_iostream_openssl.so
CRYPTO_set_mem_functions ../lib-s...