mirror of
https://github.com/NLnetLabs/unbound.git
synced 2024-09-21 14:47:09 +00:00
Merge pull request #677 from InfrastructureServices/use-system-cas
Allow using system certificates not only on Windows
This commit is contained in:
commit
2132e67b36
@ -546,6 +546,7 @@ int config_set_option(struct config_file* cfg, const char* opt,
|
||||
else S_STR("ssl-cert-bundle:", tls_cert_bundle)
|
||||
else S_STR("tls-cert-bundle:", tls_cert_bundle)
|
||||
else S_YNO("tls-win-cert:", tls_win_cert)
|
||||
else S_YNO("tls-system-cert:", tls_win_cert)
|
||||
else S_STRLIST("additional-ssl-port:", tls_additional_port)
|
||||
else S_STRLIST("additional-tls-port:", tls_additional_port)
|
||||
else S_STRLIST("tls-additional-ports:", tls_additional_port)
|
||||
|
@ -1271,7 +1271,13 @@ void* connect_sslctx_create(char* key, char* pem, char* verifypem, int wincert)
|
||||
}
|
||||
}
|
||||
#else
|
||||
(void)wincert;
|
||||
if(wincert) {
|
||||
if(!SSL_CTX_set_default_verify_paths(ctx)) {
|
||||
log_crypto_err("error in default_verify_paths");
|
||||
SSL_CTX_free(ctx);
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user