Adding a new --with-ca-bundle configure option. It's argument is
used as default CA file when no --ca option is specified at
runtime.
This option is primarily designed for systems where users are
allowed to manage trusted authorities for whole system (in one
consolidated file; usually implemented in 'ca-certificates'
package).
Signed-off-by: Pavel Raiskup <prais...@redhat.com>
---
configure.ac | 5 +++++
src/openvpn/options.c | 9 +++++++++
2 files changed, 14 insertions(+)
diff --git a/configure.ac b/configure.ac
index 43487b0..f5e1e63 100644
--- a/configure.ac
+++ b/configure.ac
@@ -308,6 +308,11 @@ AC_ARG_WITH(
[with_plugindir="\$(libdir)/openvpn/plugins"]
)
+AC_ARG_WITH(
+ [ca-bundle],
+ [AS_HELP_STRING([--with-ca-bundle], [use consolidated CA bundle])],
+ [AC_DEFINE_UNQUOTED([DEFAULT_CA_FILE], ["$withval"], [Default --ca
argument])]
+)
AC_DEFINE_UNQUOTED([TARGET_ALIAS], ["${host}"], [A string representing our
host])
case "$host" in
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index d9c384e..92d81ae 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -3000,6 +3000,15 @@ options_postprocess_mutate(struct options *o)
}
#endif
+#ifdef DEFAULT_CA_FILE
+ if (!o->ca_file && !platform_access(DEFAULT_CA_FILE, R_OK))
+ {
+ msg(M_WARN, "option '--ca' unspecified; using system bundle '%s'",
+ DEFAULT_CA_FILE);
+ o->ca_file = DEFAULT_CA_FILE;
+ }
+#endif
+
#if ENABLE_MANAGEMENT
if (o->http_proxy_override)
{
--
2.9.3
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
