mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-29 09:02:46 +00:00
2fe351c7e3
Fixes various "Moderate" / "Low" CVEs: http://openssl.org/news/secadv_20150319.txt
40 lines
1 KiB
Diff
40 lines
1 KiB
Diff
diff -ru openssl-1.0.1m-orig/crypto/x509/x509_def.c openssl-1.0.1m/crypto/x509/x509_def.c
|
|
--- openssl-1.0.1m-orig/crypto/x509/x509_def.c 2015-03-19 14:19:00.000000000 +0100
|
|
+++ openssl-1.0.1m/crypto/x509/x509_def.c 2015-03-19 15:50:44.676683616 +0100
|
|
@@ -57,6 +57,10 @@
|
|
*/
|
|
|
|
#include <stdio.h>
|
|
+#include <stdlib.h>
|
|
+#include <limits.h>
|
|
+#include <unistd.h>
|
|
+#include <sys/types.h>
|
|
#include "cryptlib.h"
|
|
#include <openssl/crypto.h>
|
|
#include <openssl/x509.h>
|
|
@@ -78,7 +82,23 @@
|
|
|
|
const char *X509_get_default_cert_file(void)
|
|
{
|
|
- return (X509_CERT_FILE);
|
|
+ static char buf[PATH_MAX] = X509_CERT_FILE;
|
|
+ static int init = 0;
|
|
+ if (!init) {
|
|
+ init = 1;
|
|
+ char * s = getenv("OPENSSL_X509_CERT_FILE");
|
|
+ if (s) {
|
|
+#ifndef OPENSSL_SYS_WINDOWS
|
|
+ if (getuid() == geteuid()) {
|
|
+#endif
|
|
+ strncpy(buf, s, sizeof(buf));
|
|
+ buf[sizeof(buf) - 1] = 0;
|
|
+#ifndef OPENSSL_SYS_WINDOWS
|
|
+ }
|
|
+#endif
|
|
+ }
|
|
+ }
|
|
+ return buf;
|
|
}
|
|
|
|
const char *X509_get_default_cert_dir_env(void)
|