summaryrefslogtreecommitdiff
path: root/ext
diff options
context:
space:
mode:
Diffstat (limited to 'ext')
-rw-r--r--ext/openssl/extconf.rb1
-rw-r--r--ext/openssl/ossl_ssl.c7
2 files changed, 8 insertions, 0 deletions
diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
index e64fe32f21..e6066d6945 100644
--- a/ext/openssl/extconf.rb
+++ b/ext/openssl/extconf.rb
@@ -174,6 +174,7 @@ have_func("EVP_PKEY_check")
have_func("SSL_set0_tmp_dh_pkey")
have_func("ERR_get_error_all")
have_func("TS_VERIFY_CTX_set_certs(NULL, NULL)", "openssl/ts.h")
+have_func("SSL_CTX_load_verify_file")
Logging::message "=== Checking done. ===\n"
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index 1de0f98922..5d6c400c2a 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -828,10 +828,17 @@ ossl_sslctx_setup(VALUE self)
ca_file = NIL_P(val) ? NULL : StringValueCStr(val);
val = rb_attr_get(self, id_i_ca_path);
ca_path = NIL_P(val) ? NULL : StringValueCStr(val);
+#ifdef HAVE_SSL_CTX_LOAD_VERIFY_FILE
+ if (ca_file && !SSL_CTX_load_verify_file(ctx, ca_file))
+ ossl_raise(eSSLError, "SSL_CTX_load_verify_file");
+ if (ca_path && !SSL_CTX_load_verify_dir(ctx, ca_path))
+ ossl_raise(eSSLError, "SSL_CTX_load_verify_dir");
+#else
if(ca_file || ca_path){
if (!SSL_CTX_load_verify_locations(ctx, ca_file, ca_path))
rb_warning("can't set verify locations");
}
+#endif
val = rb_attr_get(self, id_i_verify_mode);
verify_mode = NIL_P(val) ? SSL_VERIFY_NONE : NUM2INT(val);
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-18 08:24:15 +0000