diff options
author | Matthias Andree <matthias.andree@gmx.de> | 2021-01-30 10:52:19 +0100 |
---|---|---|
committer | Matthias Andree <matthias.andree@gmx.de> | 2021-01-30 10:52:19 +0100 |
commit | 0486b4d689e2c9a71e367297ffc340469253332b (patch) | |
tree | dc6429130f457a31f496ad90e2865bf5ecccba7d | |
parent | 7349f1241ab59a26b95117823981cf135c553add (diff) | |
download | fetchmail-0486b4d689e2c9a71e367297ffc340469253332b.tar.gz fetchmail-0486b4d689e2c9a71e367297ffc340469253332b.tar.bz2 fetchmail-0486b4d689e2c9a71e367297ffc340469253332b.zip |
tls-aux.c: add helper to obtain default cert paths
...and compile it as standalone test program. After "make check",
you can check t.tls-aux.log in the build area for the defaults.
Note that environment overrides can be made, see
SSL_CTX_set_default_verify_paths(3) or, for instance,
https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_default_verify_paths.html
OpenSSL 3.x may ship an openssl-env(7) manual page.
-rw-r--r-- | Makefile.am | 8 | ||||
-rw-r--r-- | fetchmail.h | 4 | ||||
-rw-r--r-- | t.tls-aux | 2 | ||||
-rw-r--r-- | tls-aux.c | 56 |
4 files changed, 68 insertions, 2 deletions
diff --git a/Makefile.am b/Makefile.am index 083c5340..d7d0320c 100644 --- a/Makefile.am +++ b/Makefile.am @@ -47,7 +47,7 @@ DEPENDENCIES= libfm.a $(LIBOBJS) check_PROGRAMS= -TESTS= t.smoke t.validate-xhtml10 t.validate-xhtml t.x509_name_match t.realpath +TESTS= t.smoke t.validate-xhtml10 t.validate-xhtml t.x509_name_match t.realpath t.tls-aux LOG_COMPILER= env LC_ALL=C TZ=UTC $(SHELL) if NEED_TRIO @@ -102,8 +102,10 @@ if NEED_GETADDRINFO fetchmail_SOURCES += libesmtp/getaddrinfo.h libesmtp/getaddrinfo.c endif +tls_aux_SOURCES = tls-aux.c + check_PROGRAMS += rfc822 unmime netrc rfc2047e mxget rfc822valid \ - x509_name_match fm_realpath + x509_name_match fm_realpath tls-aux fm_realpath_CFLAGS= -DTEST @@ -113,6 +115,8 @@ rfc822valid_CFLAGS= -DTEST rfc822_CFLAGS= -DMAIN +tls_aux_CFLAGS= -DTEST + x509_name_match_CFLAGS= -DTEST unmime_SOURCES= unmime.c diff --git a/fetchmail.h b/fetchmail.h index 902aae18..a5f15e8d 100644 --- a/fetchmail.h +++ b/fetchmail.h @@ -796,4 +796,8 @@ int ntlm_helper(int sock, struct query *ctl, const char *protocol); /* fm_realpath.c */ char *fm_realpath(const char *restrict file_name); +/* tls-aux.c */ +const char *get_default_cert_path(void); +const char *get_default_cert_file(void); + /* fetchmail.h ends here */ diff --git a/t.tls-aux b/t.tls-aux new file mode 100644 index 00000000..29f0ca12 --- /dev/null +++ b/t.tls-aux @@ -0,0 +1,2 @@ +#!/bin/sh +exec ./tls-aux diff --git a/tls-aux.c b/tls-aux.c new file mode 100644 index 00000000..a3fc7908 --- /dev/null +++ b/tls-aux.c @@ -0,0 +1,56 @@ +#include "config.h" +#include "fetchmail.h" + +#ifdef SSL_ENABLE +#include <stdlib.h> +#include <string.h> +#include <openssl/x509.h> + +/** return a constant copy of the default SSL certificate path + * the directory with hashed certificates, see + * SSL_CTX_load_verify_locations(3), + * not to be modified by caller. */ +const char *get_default_cert_path(void) { + const char *rb = (char *)0, *tmp; + + tmp = X509_get_default_cert_dir_env(); + if (tmp) rb = getenv(tmp); + if (!rb) rb = X509_get_default_cert_dir(); + + return rb; +} + +/** return a constant copy of the default SSL certificate file + * the directory with hashed certificates, see + * SSL_CTX_load_verify_locations(3), + * not to be modified by caller. */ +const char *get_default_cert_file(void) { + const char *rb = (char *)0, *tmp; + + tmp = X509_get_default_cert_file_env(); + if (tmp) rb = getenv(tmp); + if (!rb) rb = X509_get_default_cert_file(); + + return rb; +} + +#endif /* SSL_ENABLE */ + +#ifdef TEST +#include <stdio.h> + +int main(void) { +#ifdef SSL_ENABLE + const char *tmp; + + tmp = get_default_cert_file(); + printf("X509 default cert file: %s\n", tmp ? tmp : "(null)"); + + tmp = get_default_cert_path(); + printf("X509 default cert path: %s\n", tmp ? tmp : "(null)"); +#else + puts("SSL support not compiled in."); +#endif /* SSL_ENABLE */ + exit(EXIT_SUCCESS); +} +#endif /* TEST */ |