tls-aux.c: add helper to obtain default cert paths

...and compile it as standalone test program. After "make check",
you can check t.tls-aux.log in the build area for the defaults.

Note that environment overrides can be made, see
SSL_CTX_set_default_verify_paths(3) or, for instance,
https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_default_verify_paths.html

OpenSSL 3.x may ship an openssl-env(7) manual page.

1 files changed, 56 insertions, 0 deletions

diff --git a/tls-aux.c b/tls-aux.c
new file mode 100644
index 00000000..a3fc7908
--- /dev/null
+++ b/tls-aux.c
@@ -0,0 +1,56 @@
+#include "config.h"
+#include "fetchmail.h"
+
+#ifdef SSL_ENABLE
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/x509.h>
+
+/** return a constant copy of the default SSL certificate path
+ * the directory with hashed certificates, see
+ * SSL_CTX_load_verify_locations(3),
+ * not to be modified by caller. */
+const char *get_default_cert_path(void) {
+	const char *rb = (char *)0, *tmp;
+
+	tmp = X509_get_default_cert_dir_env();
+	if (tmp) rb = getenv(tmp);
+	if (!rb) rb = X509_get_default_cert_dir();
+
+	return rb;
+}
+
+/** return a constant copy of the default SSL certificate file
+ * the directory with hashed certificates, see
+ * SSL_CTX_load_verify_locations(3),
+ * not to be modified by caller. */
+const char *get_default_cert_file(void) {
+	const char *rb = (char *)0, *tmp;
+
+	tmp = X509_get_default_cert_file_env();
+	if (tmp) rb = getenv(tmp);
+	if (!rb) rb = X509_get_default_cert_file();
+
+	return rb;
+}
+
+#endif /* SSL_ENABLE */
+
+#ifdef TEST
+#include <stdio.h>
+
+int main(void) {
+#ifdef SSL_ENABLE
+	const char *tmp;
+
+	tmp = get_default_cert_file();
+	printf("X509 default cert file: %s\n", tmp ? tmp : "(null)");
+
+	tmp = get_default_cert_path();
+	printf("X509 default cert path: %s\n", tmp ? tmp : "(null)");
+#else
+	puts("SSL support not compiled in.");
+#endif /* SSL_ENABLE */
+	exit(EXIT_SUCCESS);
+}
+#endif /* TEST */