return OPENSSL_strdup(tpass);
}
+char *app_conf_try_string(const CONF *conf, const char *group, const char *name)
+{
+ char *res;
+
+ ERR_set_mark();
+ res = NCONF_get_string(conf, group, name);
+ if (res == NULL)
+ ERR_pop_to_mark();
+ else
+ ERR_clear_last_mark();
+ return res;
+}
+
+
CONF *app_load_config_bio(BIO *in, const char *filename)
{
long errorline = -1;
CONF_VALUE *cnf;
int i;
- if ((p = NCONF_get_string(conf, NULL, "oid_section")) == NULL) {
- ERR_clear_error();
+ if ((p = app_conf_try_string(conf, NULL, "oid_section")) == NULL)
return 1;
- }
if ((sktmp = NCONF_get_section(conf, p)) == NULL) {
BIO_printf(bio_err, "problem loading oid section %s\n", p);
return 0;
else
retdb->attributes.unique_subject = 1;
- if (dbattr_conf) {
- char *p = NCONF_get_string(dbattr_conf, NULL, "unique_subject");
+ if (dbattr_conf != NULL) {
+ char *p = app_conf_try_string(dbattr_conf, NULL, "unique_subject");
- if (p) {
+ if (p != NULL)
retdb->attributes.unique_subject = parse_yesno(p, 1);
- }
}
retdb->dbfname = OPENSSL_strdup(dbfile);
if (connect) {
SSL *ssl;
BIO *sbio = NULL;
+ X509_STORE *ts = SSL_CTX_get_cert_store(ssl_ctx);
+ X509_VERIFY_PARAM *vpm = X509_STORE_get0_param(ts);
+ const char *host = vpm == NULL ? NULL :
+ X509_VERIFY_PARAM_get0_host(vpm, 0 /* first hostname */);
/* adapt after fixing callback design flaw, see #17088 */
if ((info->use_proxy
return NULL;
}
- /* adapt after fixing callback design flaw, see #17088 */
- SSL_set_tlsext_host_name(ssl, info->server); /* not critical to do */
+ if (vpm != NULL)
+ SSL_set_tlsext_host_name(ssl, host /* may be NULL */);
SSL_set_connect_state(ssl);
BIO_set_ssl(sbio, ssl, BIO_CLOSE);