Attachment #245229 for bug #256902




/*
 * Configure peer verification based on environment.
 */
#define LOCAL_CERT_FILE	"/usr/local/etc/ssl/cert.pem"
#define BASE_CERT_FILE	"/etc/ssl/cert.pem"
static int
fetch_ssl_setup_peer_verification(SSL_CTX *ctx, int verbose)
{


	if (getenv("SSL_NO_VERIFY_PEER") == NULL) {
		ca_cert_file = getenv("SSL_CA_CERT_FILE");
		if (ca_cert_file == NULL &&
		    access(LOCAL_CERT_FILE, R_OK) == 0)
			ca_cert_file = LOCAL_CERT_FILE;
		if (ca_cert_file == NULL &&
		    access(BASE_CERT_FILE, R_OK) == 0)
			ca_cert_file = BASE_CERT_FILE;
		ca_cert_path = getenv("SSL_CA_CERT_PATH");
		if (verbose) {
			fetch_info("Peer verification enabled");
- 

Return to bug 256902

Lines 786-793 fetch_ssl_setup_transport_layer(SSL_CTX *ctx, int verbose) Link Here

(-)b/lib/libfetch/common.c (-9 lines)
786	/*	786	/*
787	* Configure peer verification based on environment.	787	* Configure peer verification based on environment.
788	*/	788	*/
789	#define LOCAL_CERT_FILE "/usr/local/etc/ssl/cert.pem"
790	#define BASE_CERT_FILE "/etc/ssl/cert.pem"
791	static int	789	static int
792	fetch_ssl_setup_peer_verification(SSL_CTX *ctx, int verbose)	790	fetch_ssl_setup_peer_verification(SSL_CTX *ctx, int verbose)
793	{	791	{
Lines 797-808 fetch_ssl_setup_peer_verification(SSL_CTX *ctx, int verbose) Link Here
797		795
798	if (getenv("SSL_NO_VERIFY_PEER") == NULL) {	796	if (getenv("SSL_NO_VERIFY_PEER") == NULL) {
799	ca_cert_file = getenv("SSL_CA_CERT_FILE");	797	ca_cert_file = getenv("SSL_CA_CERT_FILE");
800	if (ca_cert_file == NULL &&
801	access(LOCAL_CERT_FILE, R_OK) == 0)
802	ca_cert_file = LOCAL_CERT_FILE;
803	if (ca_cert_file == NULL &&
804	access(BASE_CERT_FILE, R_OK) == 0)
805	ca_cert_file = BASE_CERT_FILE;
806	ca_cert_path = getenv("SSL_CA_CERT_PATH");	798	ca_cert_path = getenv("SSL_CA_CERT_PATH");
807	if (verbose) {	799	if (verbose) {
808	fetch_info("Peer verification enabled");	800	fetch_info("Peer verification enabled");
809	-