aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthias Andree <matthias.andree@gmx.de>2021-01-30 10:52:19 +0100
committerMatthias Andree <matthias.andree@gmx.de>2021-01-30 10:52:19 +0100
commit0486b4d689e2c9a71e367297ffc340469253332b (patch)
treedc6429130f457a31f496ad90e2865bf5ecccba7d
parent7349f1241ab59a26b95117823981cf135c553add (diff)
downloadfetchmail-0486b4d689e2c9a71e367297ffc340469253332b.tar.gz
fetchmail-0486b4d689e2c9a71e367297ffc340469253332b.tar.bz2
fetchmail-0486b4d689e2c9a71e367297ffc340469253332b.zip
tls-aux.c: add helper to obtain default cert paths
...and compile it as standalone test program. After "make check", you can check t.tls-aux.log in the build area for the defaults. Note that environment overrides can be made, see SSL_CTX_set_default_verify_paths(3) or, for instance, https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_default_verify_paths.html OpenSSL 3.x may ship an openssl-env(7) manual page.
-rw-r--r--Makefile.am8
-rw-r--r--fetchmail.h4
-rw-r--r--t.tls-aux2
-rw-r--r--tls-aux.c56
4 files changed, 68 insertions, 2 deletions
diff --git a/Makefile.am b/Makefile.am
index 083c5340..d7d0320c 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -47,7 +47,7 @@ DEPENDENCIES= libfm.a $(LIBOBJS)
check_PROGRAMS=
-TESTS= t.smoke t.validate-xhtml10 t.validate-xhtml t.x509_name_match t.realpath
+TESTS= t.smoke t.validate-xhtml10 t.validate-xhtml t.x509_name_match t.realpath t.tls-aux
LOG_COMPILER= env LC_ALL=C TZ=UTC $(SHELL)
if NEED_TRIO
@@ -102,8 +102,10 @@ if NEED_GETADDRINFO
fetchmail_SOURCES += libesmtp/getaddrinfo.h libesmtp/getaddrinfo.c
endif
+tls_aux_SOURCES = tls-aux.c
+
check_PROGRAMS += rfc822 unmime netrc rfc2047e mxget rfc822valid \
- x509_name_match fm_realpath
+ x509_name_match fm_realpath tls-aux
fm_realpath_CFLAGS= -DTEST
@@ -113,6 +115,8 @@ rfc822valid_CFLAGS= -DTEST
rfc822_CFLAGS= -DMAIN
+tls_aux_CFLAGS= -DTEST
+
x509_name_match_CFLAGS= -DTEST
unmime_SOURCES= unmime.c
diff --git a/fetchmail.h b/fetchmail.h
index 902aae18..a5f15e8d 100644
--- a/fetchmail.h
+++ b/fetchmail.h
@@ -796,4 +796,8 @@ int ntlm_helper(int sock, struct query *ctl, const char *protocol);
/* fm_realpath.c */
char *fm_realpath(const char *restrict file_name);
+/* tls-aux.c */
+const char *get_default_cert_path(void);
+const char *get_default_cert_file(void);
+
/* fetchmail.h ends here */
diff --git a/t.tls-aux b/t.tls-aux
new file mode 100644
index 00000000..29f0ca12
--- /dev/null
+++ b/t.tls-aux
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec ./tls-aux
diff --git a/tls-aux.c b/tls-aux.c
new file mode 100644
index 00000000..a3fc7908
--- /dev/null
+++ b/tls-aux.c
@@ -0,0 +1,56 @@
+#include "config.h"
+#include "fetchmail.h"
+
+#ifdef SSL_ENABLE
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/x509.h>
+
+/** return a constant copy of the default SSL certificate path
+ * the directory with hashed certificates, see
+ * SSL_CTX_load_verify_locations(3),
+ * not to be modified by caller. */
+const char *get_default_cert_path(void) {
+ const char *rb = (char *)0, *tmp;
+
+ tmp = X509_get_default_cert_dir_env();
+ if (tmp) rb = getenv(tmp);
+ if (!rb) rb = X509_get_default_cert_dir();
+
+ return rb;
+}
+
+/** return a constant copy of the default SSL certificate file
+ * the directory with hashed certificates, see
+ * SSL_CTX_load_verify_locations(3),
+ * not to be modified by caller. */
+const char *get_default_cert_file(void) {
+ const char *rb = (char *)0, *tmp;
+
+ tmp = X509_get_default_cert_file_env();
+ if (tmp) rb = getenv(tmp);
+ if (!rb) rb = X509_get_default_cert_file();
+
+ return rb;
+}
+
+#endif /* SSL_ENABLE */
+
+#ifdef TEST
+#include <stdio.h>
+
+int main(void) {
+#ifdef SSL_ENABLE
+ const char *tmp;
+
+ tmp = get_default_cert_file();
+ printf("X509 default cert file: %s\n", tmp ? tmp : "(null)");
+
+ tmp = get_default_cert_path();
+ printf("X509 default cert path: %s\n", tmp ? tmp : "(null)");
+#else
+ puts("SSL support not compiled in.");
+#endif /* SSL_ENABLE */
+ exit(EXIT_SUCCESS);
+}
+#endif /* TEST */