Attachment #245227 for bug #256902




/*
 * Configure peer verification based on environment.
 */
#define LOCAL_CERT_FILE	_PATH_LOCALBASE "/etc/ssl/cert.pem"
#define BASE_CERT_FILE	"/etc/ssl/cert.pem"
static int
fetch_ssl_setup_peer_verification(SSL_CTX *ctx, int verbose)
{


	if (getenv("SSL_NO_VERIFY_PEER") == NULL) {
		ca_cert_file = getenv("SSL_CA_CERT_FILE");
		if (ca_cert_file == NULL &&
		    access(LOCAL_CERT_FILE, R_OK) == 0)
			ca_cert_file = LOCAL_CERT_FILE;
		if (ca_cert_file == NULL &&
		    access(BASE_CERT_FILE, R_OK) == 0)
			ca_cert_file = BASE_CERT_FILE;
		ca_cert_path = getenv("SSL_CA_CERT_PATH");
		if (verbose) {
			fetch_info("Peer verification enabled");
- 

Return to bug 256902

Lines 1055-1062 fetch_ssl_setup_transport_layer(SSL_CTX *ctx, int verbose) Link Here

(-)b/lib/libfetch/common.c (-9 lines)
1055	/*	1055	/*
1056	* Configure peer verification based on environment.	1056	* Configure peer verification based on environment.
1057	*/	1057	*/
1058	#define LOCAL_CERT_FILE _PATH_LOCALBASE "/etc/ssl/cert.pem"
1059	#define BASE_CERT_FILE "/etc/ssl/cert.pem"
1060	static int	1058	static int
1061	fetch_ssl_setup_peer_verification(SSL_CTX *ctx, int verbose)	1059	fetch_ssl_setup_peer_verification(SSL_CTX *ctx, int verbose)
1062	{	1060	{
Lines 1066-1077 fetch_ssl_setup_peer_verification(SSL_CTX *ctx, int verbose) Link Here
1066		1064
1067	if (getenv("SSL_NO_VERIFY_PEER") == NULL) {	1065	if (getenv("SSL_NO_VERIFY_PEER") == NULL) {
1068	ca_cert_file = getenv("SSL_CA_CERT_FILE");	1066	ca_cert_file = getenv("SSL_CA_CERT_FILE");
1069	if (ca_cert_file == NULL &&
1070	access(LOCAL_CERT_FILE, R_OK) == 0)
1071	ca_cert_file = LOCAL_CERT_FILE;
1072	if (ca_cert_file == NULL &&
1073	access(BASE_CERT_FILE, R_OK) == 0)
1074	ca_cert_file = BASE_CERT_FILE;
1075	ca_cert_path = getenv("SSL_CA_CERT_PATH");	1067	ca_cert_path = getenv("SSL_CA_CERT_PATH");
1076	if (verbose) {	1068	if (verbose) {
1077	fetch_info("Peer verification enabled");	1069	fetch_info("Peer verification enabled");
1078	-