summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--configure.ac51
-rw-r--r--src/s_client.c3
2 files changed, 36 insertions, 18 deletions
diff --git a/configure.ac b/configure.ac
index f118f3d..a0ebafc 100644
--- a/configure.ac
+++ b/configure.ac
@@ -99,54 +99,71 @@ for flag in -Os -fno-unwind-tables -fno-asynchronous-unwind-tables \
AX_CHECK_COMPILE_FLAG([${flag}], [AX_APPEND_FLAG([${flag}])])
done
-AC_ARG_WITH([ca-certificates],
- [AS_HELP_STRING([--with-ca-certificates=PATH],
- [path to CA root certificates])],
+HAVE_CA_CERTS=''
+CA_CERTS_DIR='NULL'
+CA_CERTS_FILE='NULL'
+AC_ARG_WITH([ca-certificates-dir],
+ [AS_HELP_STRING([--with-ca-certificates-dir=PATH],
+ [path to CA root certificates directory])],
[
case "${withval}" in
'yes'|'')
HAVE_CA_CERTS='1'
- CA_CERTS=''
;;
'no')
HAVE_CA_CERTS='0'
- CA_CERTS=''
;;
*)
HAVE_CA_CERTS='1'
- CA_CERTS="${withval}"
+ CA_CERTS_DIR="\"${withval}\""
;;
esac
- ],
- [
- HAVE_CA_CERTS='?'
- CA_CERTS=''
]
)
-if test x"${HAVE_CA_CERTS}" != x'0' && test x"${CA_CERTS}" = x''; then
- AC_MSG_CHECKING([for CA root certificates])
+if test x"${HAVE_CA_CERTS}" != x'0' && test x"${CA_CERTS_DIR}" = x'NULL'; then
+ AC_MSG_CHECKING([for CA root certificates directory])
for d in /etc/ssl/certs /usr/lib/ssl/certs /usr/share/ssl \
/usr/local/ssl /etc/ssl /usr/share/ca-certificates; do
if test -d "${d}"; then
AC_MSG_RESULT([${d}])
HAVE_CA_CERTS='1'
- CA_CERTS="${d}"
+ CA_CERTS_DIR="\"${d}\""
break
fi
done
- if test x"${CA_CERTS}" = x''; then
+ if test x"${CA_CERTS_DIR}" = x'NULL'; then
AC_MSG_RESULT([no])
if test x"${HAVE_CA_CERTS}" = x'1'; then
- AC_MSG_ERROR([CA root certificates not found])
+ AC_MSG_ERROR([CA root certificates directory not found])
fi
HAVE_CA_CERTS='0'
fi
fi
+AC_ARG_WITH([ca-certificates-file],
+ [AS_HELP_STRING([--with-ca-certificates-file=PATH],
+ [path to CA root certificates file])],
+ [
+ case "${withval}" in
+ 'yes'|'')
+ AC_MSG_ERROR([--with-ca-certificates-file $(: \
+ )requires an argument])
+ ;;
+ 'no')
+ ;;
+ *)
+ HAVE_CA_CERTS='1'
+ CA_CERTS_FILE="\"${withval}\""
+ ;;
+ esac
+ ]
+)
AC_DEFINE_UNQUOTED([HAVE_CA_CERTS], [${HAVE_CA_CERTS}],
[Define to 1 to verify certificates against installed CA root
certificates.])
-AC_DEFINE_UNQUOTED([CA_CERTS], ["${CA_CERTS}"],
- [Define to the path to CA root certificates.])
+AC_DEFINE_UNQUOTED([CA_CERTS_DIR], [${CA_CERTS_DIR}],
+ [Define to the path to CA root certificates directory.])
+AC_DEFINE_UNQUOTED([CA_CERTS_FILE], [${CA_CERTS_FILE}],
+ [Define to the path to CA root certificates file.])
PKG_PROG_PKG_CONFIG()
PKG_CHECK_MODULES([WOLFSSL], [wolfssl])
diff --git a/src/s_client.c b/src/s_client.c
index 8da7401..cf7440d 100644
--- a/src/s_client.c
+++ b/src/s_client.c
@@ -254,7 +254,8 @@ s_client(int argc, char **argv)
}
#if defined(HAVE_CA_CERTS) && HAVE_CA_CERTS
- if (wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, CA_CERTS,
+ if (wolfSSL_CTX_load_verify_locations_ex(ctx,
+ CA_CERTS_FILE, CA_CERTS_DIR,
WOLFSSL_LOAD_FLAG_IGNORE_ERR) !=
WOLFSSL_SUCCESS) {
fputs("Failed to load CA certificates\n", stderr);