diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-07-01 17:06:36 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-07-01 17:06:36 +0000 |
| commit | e5260a81260d593ababfa53fcd8b82c42f30fa8b (patch) | |
| tree | 4397979cf8d951f4f6dc5f3360c67677ac65a9fc /modules/tls/tls_core.c | |
| parent | Releasing progress-linux version 2.4.59-2~progress7.99u1. (diff) | |
| download | apache2-e5260a81260d593ababfa53fcd8b82c42f30fa8b.tar.xz apache2-e5260a81260d593ababfa53fcd8b82c42f30fa8b.zip | |
Merging upstream version 2.4.60.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'modules/tls/tls_core.c')
| -rw-r--r-- | modules/tls/tls_core.c | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/modules/tls/tls_core.c b/modules/tls/tls_core.c index 2547939..1cef254 100644 --- a/modules/tls/tls_core.c +++ b/modules/tls/tls_core.c @@ -764,8 +764,10 @@ static apr_status_t init_outgoing_connection(conn_rec *c) tls_conf_proxy_t *pc; const apr_array_header_t *ciphersuites = NULL; apr_array_header_t *tls_versions = NULL; + rustls_web_pki_server_cert_verifier_builder *verifier_builder = NULL; + struct rustls_server_cert_verifier *verifier = NULL; rustls_client_config_builder *builder = NULL; - rustls_root_cert_store *ca_store = NULL; + const rustls_root_cert_store *ca_store = NULL; const char *hostname = NULL, *alpn_note = NULL; rustls_result rr = RUSTLS_RESULT_OK; apr_status_t rv = APR_SUCCESS; @@ -809,7 +811,10 @@ static apr_status_t init_outgoing_connection(conn_rec *c) if (pc->proxy_ca && strcasecmp(pc->proxy_ca, "default")) { rv = tls_cert_root_stores_get(pc->global->stores, pc->proxy_ca, &ca_store); if (APR_SUCCESS != rv) goto cleanup; - rustls_client_config_builder_use_roots(builder, ca_store); + verifier_builder = rustls_web_pki_server_cert_verifier_builder_new(ca_store); + rr = rustls_web_pki_server_cert_verifier_builder_build(verifier_builder, &verifier); + if (RUSTLS_RESULT_OK != rr) goto cleanup; + rustls_client_config_builder_set_server_verifier(builder, verifier); } #if TLS_MACHINE_CERTS @@ -881,6 +886,7 @@ static apr_status_t init_outgoing_connection(conn_rec *c) rustls_connection_set_userdata(cc->rustls_connection, c); cleanup: + if (verifier_builder != NULL) rustls_web_pki_server_cert_verifier_builder_free(verifier_builder); if (builder != NULL) rustls_client_config_builder_free(builder); if (RUSTLS_RESULT_OK != rr) { const char *err_descr = NULL; @@ -1125,10 +1131,10 @@ static apr_status_t build_server_connection(rustls_connection **pconnection, rustls_server_config_builder_set_client_verifier(builder, verifier); } else { - const rustls_client_cert_verifier_optional *verifier; + const rustls_client_cert_verifier *verifier; rv = tls_cert_client_verifiers_get_optional(sc->global->verifiers, sc->client_ca, &verifier); if (APR_SUCCESS != rv) goto cleanup; - rustls_server_config_builder_set_client_verifier_optional(builder, verifier); + rustls_server_config_builder_set_client_verifier(builder, verifier); } } |