CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2015/01/22 02:12:57
Modified files:
lib/libssl/src/ssl: ssl.h ssl_lib.c
lib/libssl/ssl : shlib_version
Log message:
Support CA verification in chroot'ed processes without direct file
access to the certificates. SSL_CTX_load_verify_mem() is a frontend
to the new X509_STORE_load_mem() function that allows to load the CA
chain from a memory buffer that is holding the PEM-encoded files.
This function allows to handle the verification in privsep'ed code.
Adopted for LibreSSL based on older code from relayd (by pyr@ and myself)
With feedback and OK bluhm@
