Attachment #245228 for bug #256902




/*
 * Configure peer verification based on environment.
 */
#define LOCAL_CERT_FILE	_PATH_LOCALBASE "/etc/ssl/cert.pem"
#define BASE_CERT_FILE	"/etc/ssl/cert.pem"
static int
fetch_ssl_setup_peer_verification(SSL_CTX *ctx, int verbose)
{


	if (getenv("SSL_NO_VERIFY_PEER") == NULL) {
		ca_cert_file = getenv("SSL_CA_CERT_FILE");
		if (ca_cert_file == NULL &&
		    access(LOCAL_CERT_FILE, R_OK) == 0)
			ca_cert_file = LOCAL_CERT_FILE;
		if (ca_cert_file == NULL &&
		    access(BASE_CERT_FILE, R_OK) == 0)
			ca_cert_file = BASE_CERT_FILE;
		ca_cert_path = getenv("SSL_CA_CERT_PATH");
		if (verbose) {
			fetch_info("Peer verification enabled");
- 

Return to bug 256902

Lines 1071-1078 fetch_ssl_setup_transport_layer(SSL_CTX *ctx, int verbose) Link Here

(-)b/lib/libfetch/common.c (-9 lines)
1071	/*	1071	/*
1072	* Configure peer verification based on environment.	1072	* Configure peer verification based on environment.
1073	*/	1073	*/
1074	#define LOCAL_CERT_FILE _PATH_LOCALBASE "/etc/ssl/cert.pem"
1075	#define BASE_CERT_FILE "/etc/ssl/cert.pem"
1076	static int	1074	static int
1077	fetch_ssl_setup_peer_verification(SSL_CTX *ctx, int verbose)	1075	fetch_ssl_setup_peer_verification(SSL_CTX *ctx, int verbose)
1078	{	1076	{
Lines 1082-1093 fetch_ssl_setup_peer_verification(SSL_CTX *ctx, int verbose) Link Here
1082		1080
1083	if (getenv("SSL_NO_VERIFY_PEER") == NULL) {	1081	if (getenv("SSL_NO_VERIFY_PEER") == NULL) {
1084	ca_cert_file = getenv("SSL_CA_CERT_FILE");	1082	ca_cert_file = getenv("SSL_CA_CERT_FILE");
1085	if (ca_cert_file == NULL &&
1086	access(LOCAL_CERT_FILE, R_OK) == 0)
1087	ca_cert_file = LOCAL_CERT_FILE;
1088	if (ca_cert_file == NULL &&
1089	access(BASE_CERT_FILE, R_OK) == 0)
1090	ca_cert_file = BASE_CERT_FILE;
1091	ca_cert_path = getenv("SSL_CA_CERT_PATH");	1083	ca_cert_path = getenv("SSL_CA_CERT_PATH");
1092	if (verbose) {	1084	if (verbose) {
1093	fetch_info("Peer verification enabled");	1085	fetch_info("Peer verification enabled");
1094	-