From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Wed, 15 Apr 2020 12:57:29 +0000 (+0300)
Subject: lib-ssl-iostream: Split off load_ca_locations()
X-Git-Tag: 2.3.11.2~193
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a2875bef48594d79fb6fd0b3333df9db1080f91c;p=thirdparty%2Fdovecot%2Fcore.git

lib-ssl-iostream: Split off load_ca_locations()
---

diff --git a/src/lib-ssl-iostream/iostream-openssl-context.c b/src/lib-ssl-iostream/iostream-openssl-context.c
index fd8d112d85..2328b42c53 100644
--- a/src/lib-ssl-iostream/iostream-openssl-context.c
+++ b/src/lib-ssl-iostream/iostream-openssl-context.c
@@ -277,6 +277,19 @@ static int load_ca(X509_STORE *store, const char *ca,
 	return 0;
 }
 
+static int
+load_ca_locations(struct ssl_iostream_context *ctx, const char *ca_file,
+		  const char *ca_dir, const char **error_r)
+{
+	if (SSL_CTX_load_verify_locations(ctx->ssl_ctx, ca_file, ca_dir) == 0) {
+		*error_r = t_strdup_printf(
+			"Can't load CA certs from directory %s: %s",
+			ca_dir, openssl_iostream_error());
+		return -1;
+	}
+	return 0;
+}
+
 static void
 ssl_iostream_ctx_verify_remote_cert(struct ssl_iostream_context *ctx,
 				    STACK_OF(X509_NAME) *ca_names)
@@ -346,12 +359,8 @@ ssl_iostream_context_load_ca(struct ssl_iostream_context *ctx,
 	ca_dir = set->ca_dir == NULL || *set->ca_dir == '\0' ?
 		NULL : set->ca_dir;
 	if (ca_file != NULL || ca_dir != NULL) {
-		if (SSL_CTX_load_verify_locations(ctx->ssl_ctx, ca_file, ca_dir) == 0) {
-			*error_r = t_strdup_printf(
-				"Can't load CA certs from directory %s: %s",
-				set->ca_dir, openssl_iostream_error());
+		if (load_ca_locations(ctx, ca_file, ca_dir, error_r) < 0)
 			return -1;
-		}
 		have_ca = TRUE;
 	}
 	if (!have_ca && ctx->client_ctx) {