diff options
-rw-r--r-- | configure.ac | 51 | ||||
-rw-r--r-- | src/s_client.c | 3 |
2 files changed, 36 insertions, 18 deletions
diff --git a/configure.ac b/configure.ac index f118f3d..a0ebafc 100644 --- a/configure.ac +++ b/configure.ac @@ -99,54 +99,71 @@ for flag in -Os -fno-unwind-tables -fno-asynchronous-unwind-tables \ AX_CHECK_COMPILE_FLAG([${flag}], [AX_APPEND_FLAG([${flag}])]) done -AC_ARG_WITH([ca-certificates], - [AS_HELP_STRING([--with-ca-certificates=PATH], - [path to CA root certificates])], +HAVE_CA_CERTS='' +CA_CERTS_DIR='NULL' +CA_CERTS_FILE='NULL' +AC_ARG_WITH([ca-certificates-dir], + [AS_HELP_STRING([--with-ca-certificates-dir=PATH], + [path to CA root certificates directory])], [ case "${withval}" in 'yes'|'') HAVE_CA_CERTS='1' - CA_CERTS='' ;; 'no') HAVE_CA_CERTS='0' - CA_CERTS='' ;; *) HAVE_CA_CERTS='1' - CA_CERTS="${withval}" + CA_CERTS_DIR="\"${withval}\"" ;; esac - ], - [ - HAVE_CA_CERTS='?' - CA_CERTS='' ] ) -if test x"${HAVE_CA_CERTS}" != x'0' && test x"${CA_CERTS}" = x''; then - AC_MSG_CHECKING([for CA root certificates]) +if test x"${HAVE_CA_CERTS}" != x'0' && test x"${CA_CERTS_DIR}" = x'NULL'; then + AC_MSG_CHECKING([for CA root certificates directory]) for d in /etc/ssl/certs /usr/lib/ssl/certs /usr/share/ssl \ /usr/local/ssl /etc/ssl /usr/share/ca-certificates; do if test -d "${d}"; then AC_MSG_RESULT([${d}]) HAVE_CA_CERTS='1' - CA_CERTS="${d}" + CA_CERTS_DIR="\"${d}\"" break fi done - if test x"${CA_CERTS}" = x''; then + if test x"${CA_CERTS_DIR}" = x'NULL'; then AC_MSG_RESULT([no]) if test x"${HAVE_CA_CERTS}" = x'1'; then - AC_MSG_ERROR([CA root certificates not found]) + AC_MSG_ERROR([CA root certificates directory not found]) fi HAVE_CA_CERTS='0' fi fi +AC_ARG_WITH([ca-certificates-file], + [AS_HELP_STRING([--with-ca-certificates-file=PATH], + [path to CA root certificates file])], + [ + case "${withval}" in + 'yes'|'') + AC_MSG_ERROR([--with-ca-certificates-file $(: \ + )requires an argument]) + ;; + 'no') + ;; + *) + HAVE_CA_CERTS='1' + CA_CERTS_FILE="\"${withval}\"" + ;; + esac + ] +) AC_DEFINE_UNQUOTED([HAVE_CA_CERTS], [${HAVE_CA_CERTS}], [Define to 1 to verify certificates against installed CA root certificates.]) -AC_DEFINE_UNQUOTED([CA_CERTS], ["${CA_CERTS}"], - [Define to the path to CA root certificates.]) +AC_DEFINE_UNQUOTED([CA_CERTS_DIR], [${CA_CERTS_DIR}], + [Define to the path to CA root certificates directory.]) +AC_DEFINE_UNQUOTED([CA_CERTS_FILE], [${CA_CERTS_FILE}], + [Define to the path to CA root certificates file.]) PKG_PROG_PKG_CONFIG() PKG_CHECK_MODULES([WOLFSSL], [wolfssl]) diff --git a/src/s_client.c b/src/s_client.c index 8da7401..cf7440d 100644 --- a/src/s_client.c +++ b/src/s_client.c @@ -254,7 +254,8 @@ s_client(int argc, char **argv) } #if defined(HAVE_CA_CERTS) && HAVE_CA_CERTS - if (wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, CA_CERTS, + if (wolfSSL_CTX_load_verify_locations_ex(ctx, + CA_CERTS_FILE, CA_CERTS_DIR, WOLFSSL_LOAD_FLAG_IGNORE_ERR) != WOLFSSL_SUCCESS) { fputs("Failed to load CA certificates\n", stderr); |