226 	char *ca_cert;
321 static X509_STORE * tls_crl_cert_reload(const char *ca_cert, int check_crl)
334 	if (ca_cert && X509_STORE_load_locations(store, ca_cert, NULL) != 1) {
704 					"Failed to add ca_cert to OpenSSL "
1121 	os_free(data->ca_cert);
1545 			   "OpenSSL: Flushing X509 store with ca_cert file");
1546 		new_cert_store = tls_crl_cert_reload(data->ca_cert,
1550 				   "OpenSSL: Error replacing X509 store with ca_cert file");
2550 static int tls_load_ca_der(struct tls_data *data, const char *ca_cert)
2564 	if (!X509_LOOKUP_load_file(lookup, ca_cert, X509_FILETYPE_ASN1)) {
2584 				  const char *ca_cert, const u8 *ca_cert_blob,
2605 	if (ca_cert && os_strncmp(ca_cert, "probe://", 8) == 0) {
2613 	if (ca_cert && os_strncmp(ca_cert, "hash://", 7) == 0) {
2615 		const char *pos = ca_cert + 7;
2617 			wpa_printf(MSG_DEBUG, "OpenSSL: Unsupported ca_cert "
2618 				   "hash value '%s'", ca_cert);
2624 				   "hash length in ca_cert '%s'", ca_cert);
2629 				   "value in ca_cert '%s'", ca_cert);
2692 	if (ca_cert && os_strncmp("keystore://", ca_cert, 11) == 0) {
2694 					     &ca_cert[11]) < 0)
2701 	if (ca_cert && os_strncmp("keystores://", ca_cert, 12) == 0) {
2702 		char *aliases = os_strdup(&ca_cert[12]);
2715 					   "OpenSSL: %s - Failed to add ca_cert %s from keystore",
2731 	if (ca_cert && tls_cryptoapi_ca_cert(ssl_ctx, conn->ssl, ca_cert) ==
2739 	if (ca_cert || ca_path) {
2741 		if (SSL_CTX_load_verify_locations(ssl_ctx, ca_cert, ca_path) !=
2745 			if (ca_cert &&
2746 			    tls_load_ca_der(data, ca_cert) == 0) {
2763 		/* No ca_cert configured - do not try to verify server
2772 static int tls_global_ca_cert(struct tls_data *data, const char *ca_cert)
2776 	if (ca_cert) {
2777 		if (SSL_CTX_load_verify_locations(ssl_ctx, ca_cert, NULL) != 1)
2790 					   SSL_load_client_CA_file(ca_cert));
2793 		os_free(data->ca_cert);
2794 		data->ca_cert = os_strdup(ca_cert);
4935 	if (!ca_cert_id && params->ca_cert && can_pkcs11 &&
4936 	    os_strncmp(params->ca_cert, "pkcs11:", 7) == 0) {
4938 		ca_cert_id = params->ca_cert;
4993 	} else if (tls_connection_ca_cert(data, conn, params->ca_cert,
5245 	if (tls_global_ca_cert(data, params->ca_cert) ||

Indexes created Sun Aug 25 13:10:05 MDT 2024