aboutsummaryrefslogtreecommitdiffstats
path: root/tls-aux.c
blob: 51b7891643ab594406d3644eae06cec361584c76 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
#include "config.h"
#include "fetchmail.h"

#ifdef SSL_ENABLE
#include <stdlib.h>
#include <string.h>
#include "tls-aux.h"
#include <openssl/x509.h>

/** return a constant copy of the default SSL certificate path, i. e.
 * the directory with hashed certificates, see SSL_CTX_load_verify_locations(3).
 * Return value not to be modified by caller. */
const char *get_default_cert_path(void) {
	const char *rb = (char *)0, *tmp;

	tmp = X509_get_default_cert_dir_env();
	if (tmp) rb = getenv(tmp);
	if (!rb) rb = X509_get_default_cert_dir();

	return rb;
}

/** return a constant copy of the default SSL certificate file
 * with a concatenation of all trusted certificates,
 * the so-called certificate bundle. See SSL_CTX_load_verify_locations(3),
 * Return value not to be modified by caller. */
const char *get_default_cert_file(void) {
	const char *rb = (char *)0, *tmp;

	tmp = X509_get_default_cert_file_env();
	if (tmp) rb = getenv(tmp);
	if (!rb) rb = X509_get_default_cert_file();

	return rb;
}

#endif /* SSL_ENABLE */

#ifdef TEST
#include <stdio.h>

int main(void) {
#ifdef SSL_ENABLE
	const char *tmp;

	tmp = get_default_cert_file();
	printf("X509 default cert file: %s\n", tmp ? tmp : "(null)");

	tmp = get_default_cert_path();
	printf("X509 default cert path: %s\n", tmp ? tmp : "(null)");
#else
	puts("SSL support not compiled in.");
#endif /* SSL_ENABLE */
	exit(EXIT_SUCCESS);
}
#endif /* TEST */