[rt-commit] r166 - in /redwax-tool/trunk: ChangeLog redwax-tool.c redwax-tool.h redwax_openssl.c
rt-commit at redwax.eu
rt-commit at redwax.eu
Thu Jan 18 18:19:00 CET 2024
Author: minfrin at redwax.eu
Date: Thu Jan 18 18:18:58 2024
New Revision: 166
Log:
Add --trust-pem-in to import PEM certificates and
have them considered trusted.
Modified:
redwax-tool/trunk/ChangeLog
redwax-tool/trunk/redwax-tool.c
redwax-tool/trunk/redwax-tool.h
redwax-tool/trunk/redwax_openssl.c
Modified: redwax-tool/trunk/ChangeLog
==============================================================================
--- redwax-tool/trunk/ChangeLog (original)
+++ redwax-tool/trunk/ChangeLog Thu Jan 18 18:18:58 2024
@@ -1,5 +1,8 @@
Changes with v0.9.4
+
+ *) Add --trust-pem-in to import PEM certificates and
+ have them considered trusted. [Graham Leggett]
*) Complete error handling for seteuid() and setegid().
[Graham Leggett]
Modified: redwax-tool/trunk/redwax-tool.c
==============================================================================
--- redwax-tool/trunk/redwax-tool.c (original)
+++ redwax-tool/trunk/redwax-tool.c Thu Jan 18 18:18:58 2024
@@ -75,6 +75,7 @@
APR_HOOK_LINK(set_verify_date);
APR_HOOK_LINK(set_verify_expiry);
APR_HOOK_LINK(process_pem_in);
+ APR_HOOK_LINK(process_trust_pem_in);
APR_HOOK_LINK(complete_pkcs11_in);
APR_HOOK_LINK(process_pkcs11_in);
APR_HOOK_LINK(complete_pkcs11_module_in);
@@ -125,6 +126,8 @@
APR_IMPLEMENT_EXTERNAL_HOOK_RUN_ALL(rt, REDWAX, int, set_verify_expiry,
(redwax_tool_t * r, const char *arg), (r, arg), OK, DECLINED);
APR_IMPLEMENT_EXTERNAL_HOOK_RUN_FIRST(rt, REDWAX, int, process_pem_in,
+ (redwax_tool_t * r, const char *arg, const char *secret), (r, arg, secret), DECLINED);
+APR_IMPLEMENT_EXTERNAL_HOOK_RUN_FIRST(rt, REDWAX, int, process_trust_pem_in,
(redwax_tool_t * r, const char *arg, const char *secret), (r, arg, secret), DECLINED);
APR_IMPLEMENT_EXTERNAL_HOOK_RUN_FIRST(rt, REDWAX, int, process_pkcs11_in,
(redwax_tool_t * r, const char *arg, apr_hash_t *secrets), (r, arg, secrets), DECLINED);
@@ -203,67 +206,68 @@
#define REDWAX_TOOL_COMP_WORDBREAKS_DEFAULT "\"'><=;|&(:"
#define REDWAX_TOOL_PEM_IN 256
-#define REDWAX_TOOL_PKCS11_IN 257
-#define REDWAX_TOOL_PKCS11_MODULE_IN 258
-#define REDWAX_TOOL_PKCS12_IN 259
-#define REDWAX_TOOL_KEYCHAIN_IN 260
-#define REDWAX_TOOL_FILTER 261
-#define REDWAX_TOOL_FILTER_EMAIL 262
-#define REDWAX_TOOL_FILTER_HOSTNAME 263
-#define REDWAX_TOOL_FILTER_IP 264
-#define REDWAX_TOOL_FILTER_CURRENT 265
-#define REDWAX_TOOL_FILTER_DATE 266
-#define REDWAX_TOOL_FILTER_EXPIRY 267
-#define REDWAX_TOOL_CERT_OUT 268
-#define REDWAX_TOOL_NO_CERT_OUT 269
-#define REDWAX_TOOL_CHAIN_OUT 270
-#define REDWAX_TOOL_NO_CHAIN_OUT 271
-#define REDWAX_TOOL_ROOT_OUT 272
-#define REDWAX_TOOL_NO_ROOT_OUT 273
-#define REDWAX_TOOL_TRUST_OUT 274
-#define REDWAX_TOOL_NO_TRUST_OUT 275
-#define REDWAX_TOOL_CRL_OUT 276
-#define REDWAX_TOOL_NO_CRL_OUT 277
-#define REDWAX_TOOL_PARAM_OUT 278
-#define REDWAX_TOOL_NO_PARAM_OUT 279
-#define REDWAX_TOOL_KEY_IN 280
-#define REDWAX_TOOL_NO_KEY_IN 281
-#define REDWAX_TOOL_KEY_OUT 282
-#define REDWAX_TOOL_NO_KEY_OUT 283
-#define REDWAX_TOOL_AUTO_OUT 284
-#define REDWAX_TOOL_NO_AUTO_OUT 285
-#define REDWAX_TOOL_FILTER_VERIFY_PARAM 286
-#define REDWAX_TOOL_SECRET_SUFFIX_IN 287
-#define REDWAX_TOOL_SECRET_SUFFIX_OUT 288
-#define REDWAX_TOOL_SECRET_TOKEN_IN 289
-#define REDWAX_TOOL_SECRET_TOKEN_OUT 290
-#define REDWAX_TOOL_LABEL_OUT 291
-#define REDWAX_TOOL_NSS_OUT 292
-#define REDWAX_TOOL_NSS_SLOT_OUT 293
-#define REDWAX_TOOL_DER_OUT 294
-#define REDWAX_TOOL_PEM_OUT 295
-#define REDWAX_TOOL_PKCS12_OUT 296
-#define REDWAX_TOOL_PKCS11_OUT 297
-#define REDWAX_TOOL_PKCS11_MODULE_OUT 298
-#define REDWAX_TOOL_METADATA_OUT 299
-#define REDWAX_TOOL_METADATA_THRESHOLD 300
-#define REDWAX_TOOL_FORMAT_OUT 301
-#define REDWAX_TOOL_CALENDAR_OUT 302
-#define REDWAX_TOOL_CALENDAR_ALARM 303
-#define REDWAX_TOOL_REMINDER_OUT 304
-#define REDWAX_TOOL_JWKS_OUT 305
-#define REDWAX_TOOL_TEXT_OUT 306
-#define REDWAX_TOOL_NO_TEXT_OUT 307
-#define REDWAX_TOOL_SSH_PRIVATE_OUT 308
-#define REDWAX_TOOL_SSH_PUBLIC_OUT 309
-#define REDWAX_TOOL_SMIMEA_OUT 310
-#define REDWAX_TOOL_SSHFP_OUT 311
-#define REDWAX_TOOL_TLSA_OUT 312
-#define REDWAX_TOOL_USER_IN 313
-#define REDWAX_TOOL_USER_OUT 314
-#define REDWAX_TOOL_GROUP_IN 315
-#define REDWAX_TOOL_GROUP_OUT 316
-#define REDWAX_TOOL_ORDER_OUT 317
+#define REDWAX_TOOL_TRUST_PEM_IN 257
+#define REDWAX_TOOL_PKCS11_IN 258
+#define REDWAX_TOOL_PKCS11_MODULE_IN 259
+#define REDWAX_TOOL_PKCS12_IN 260
+#define REDWAX_TOOL_KEYCHAIN_IN 261
+#define REDWAX_TOOL_FILTER 262
+#define REDWAX_TOOL_FILTER_EMAIL 263
+#define REDWAX_TOOL_FILTER_HOSTNAME 264
+#define REDWAX_TOOL_FILTER_IP 265
+#define REDWAX_TOOL_FILTER_CURRENT 266
+#define REDWAX_TOOL_FILTER_DATE 267
+#define REDWAX_TOOL_FILTER_EXPIRY 268
+#define REDWAX_TOOL_CERT_OUT 269
+#define REDWAX_TOOL_NO_CERT_OUT 270
+#define REDWAX_TOOL_CHAIN_OUT 271
+#define REDWAX_TOOL_NO_CHAIN_OUT 272
+#define REDWAX_TOOL_ROOT_OUT 273
+#define REDWAX_TOOL_NO_ROOT_OUT 274
+#define REDWAX_TOOL_TRUST_OUT 275
+#define REDWAX_TOOL_NO_TRUST_OUT 276
+#define REDWAX_TOOL_CRL_OUT 277
+#define REDWAX_TOOL_NO_CRL_OUT 278
+#define REDWAX_TOOL_PARAM_OUT 279
+#define REDWAX_TOOL_NO_PARAM_OUT 280
+#define REDWAX_TOOL_KEY_IN 281
+#define REDWAX_TOOL_NO_KEY_IN 282
+#define REDWAX_TOOL_KEY_OUT 283
+#define REDWAX_TOOL_NO_KEY_OUT 284
+#define REDWAX_TOOL_AUTO_OUT 285
+#define REDWAX_TOOL_NO_AUTO_OUT 286
+#define REDWAX_TOOL_FILTER_VERIFY_PARAM 287
+#define REDWAX_TOOL_SECRET_SUFFIX_IN 288
+#define REDWAX_TOOL_SECRET_SUFFIX_OUT 289
+#define REDWAX_TOOL_SECRET_TOKEN_IN 290
+#define REDWAX_TOOL_SECRET_TOKEN_OUT 291
+#define REDWAX_TOOL_LABEL_OUT 292
+#define REDWAX_TOOL_NSS_OUT 293
+#define REDWAX_TOOL_NSS_SLOT_OUT 294
+#define REDWAX_TOOL_DER_OUT 295
+#define REDWAX_TOOL_PEM_OUT 296
+#define REDWAX_TOOL_PKCS12_OUT 297
+#define REDWAX_TOOL_PKCS11_OUT 298
+#define REDWAX_TOOL_PKCS11_MODULE_OUT 299
+#define REDWAX_TOOL_METADATA_OUT 300
+#define REDWAX_TOOL_METADATA_THRESHOLD 301
+#define REDWAX_TOOL_FORMAT_OUT 302
+#define REDWAX_TOOL_CALENDAR_OUT 303
+#define REDWAX_TOOL_CALENDAR_ALARM 304
+#define REDWAX_TOOL_REMINDER_OUT 305
+#define REDWAX_TOOL_JWKS_OUT 306
+#define REDWAX_TOOL_TEXT_OUT 307
+#define REDWAX_TOOL_NO_TEXT_OUT 308
+#define REDWAX_TOOL_SSH_PRIVATE_OUT 309
+#define REDWAX_TOOL_SSH_PUBLIC_OUT 310
+#define REDWAX_TOOL_SMIMEA_OUT 311
+#define REDWAX_TOOL_SSHFP_OUT 312
+#define REDWAX_TOOL_TLSA_OUT 313
+#define REDWAX_TOOL_USER_IN 314
+#define REDWAX_TOOL_USER_OUT 315
+#define REDWAX_TOOL_GROUP_IN 316
+#define REDWAX_TOOL_GROUP_OUT 317
+#define REDWAX_TOOL_ORDER_OUT 318
#define REDWAX_EXIT_OK 0
#define REDWAX_EXIT_INIT 1
@@ -295,10 +299,11 @@
{ "secret-token-out", REDWAX_TOOL_SECRET_TOKEN_OUT, 1, " --secret-token-out=file\tIf specified, secrets needed to write\n\t\t\t\tcertificates and keys to tokens (PKCS11 and\n\t\t\t\tNSS) will be read from a file one secret per\n\t\t\t\tline. Each secret is preceded by the name of\n\t\t\t\tthe token and a colon, as per the NSS\n\t\t\t\tpwdfile.txt file." },
{ "label-out", REDWAX_TOOL_LABEL_OUT, 1, " --label-out=label\t\tSet the name of the label to be applied to\n\t\t\t\tthe leaf certificates. If unspecified, the\n\t\t\t\tlabel is set to the subject of the certificate." },
{ "pem-in", REDWAX_TOOL_PEM_IN, 1, " --pem-in=wildcard\t\tRead pem files from here. Use '-' for stdin." },
+ { "trust-pem-in", REDWAX_TOOL_TRUST_PEM_IN, 1, " --trust-pem-in=wildcard\tRead pem files containing trusted certificates from here. Use '-' for stdin." },
{ "pkcs12-in", REDWAX_TOOL_PKCS12_IN, 1, " --pkcs12-in=file\t\tRead certificates, intermediate certificates,\n\t\t\t\troot certificates, crls, and keys from a PKCS12\n\t\t\t\tfile. Use '-' for stdin. Provide the secret\n\t\t\t\tusing --secret-suffix-in." },
{ "pkcs11-in", REDWAX_TOOL_PKCS11_IN, 1, " --pkcs11-in=url\t\tRead certificates, intermediate certificates,\n\t\t\t\troot certificates, crls, and keys from a PKCS11\n\t\t\t\ttoken identified by the given url." },
{ "pkcs11-module-in", REDWAX_TOOL_PKCS11_MODULE_IN, 1, " --pkcs11-module-in=mod\tSpecify the name of the PKCS11 module to be used,\n\t\t\t\toverriding system defaults. If relative, use the\n\t\t\t\tdefault PKCS11 module path, otherwise specify the\n\t\t\t\tabsolute path. Include the extension of the module." },
- { "keychain-in", REDWAX_TOOL_KEYCHAIN_IN, 1, " --keychain-in=keychain\t\tRead certificates, intermediate certificates,\n\t\t\t\troot certificates, crls, and keys from a MacOS\n\t\t\t\tkeychain identified by the given name." },
+ { "keychain-in", REDWAX_TOOL_KEYCHAIN_IN, 1, " --keychain-in=keychain\tRead certificates, intermediate certificates,\n\t\t\t\troot certificates, crls, and keys from a MacOS\n\t\t\t\tkeychain identified by the given name." },
{ "filter", REDWAX_TOOL_FILTER, 1, " --filter=type\t\t\tApply the given filter to pass inputs to the\n\t\t\t\toutputs. \"search\" will pass through all\n\t\t\t\tcertificates matching the given hostname,\n\t\t\t\temail or ip address. \"verify\" will pass all\n\t\t\t\tleaf certificates that can be successfully\n\t\t\t\tverified through the certificate chain to a\n\t\t\t\ttrusted root certificate. With the default\n\t\t\t\t\"passthrough\", all certificates, csrs, and\n\t\t\t\tkeys are passed through." },
{ "filter-email", REDWAX_TOOL_FILTER_EMAIL, 1, " --filter-email=address\tSearch/verify by the given email address. Leaf\n\t\t\t\tcertificates matching the email address will\n\t\t\t\tbe included. Can be specified more than once." },
{ "filter-hostname", REDWAX_TOOL_FILTER_HOSTNAME, 1, " --filter-hostname=domain\tSearch/verify by the given hostname. Leaf\n\t\t\t\tcertificates matching the hostname will be\n\t\t\t\tkept, taking into account wildcards where\n\t\t\t\tpresent." },
@@ -2569,6 +2574,10 @@
redwax_dir_walk(r, optarg, &rt_run_process_pem_in);
break;
}
+ case REDWAX_TOOL_TRUST_PEM_IN: {
+ redwax_dir_walk(r, optarg, &rt_run_process_trust_pem_in);
+ break;
+ }
case REDWAX_TOOL_PKCS11_IN: {
redwax_pkcs11_in(r, optarg);
break;
@@ -2938,6 +2947,10 @@
redwax_complete_file(r, optarg, state.isquoted);
break;
}
+ case REDWAX_TOOL_TRUST_PEM_IN: {
+ redwax_complete_file(r, optarg, state.isquoted);
+ break;
+ }
case REDWAX_TOOL_PKCS11_IN: {
redwax_complete_pkcs11_in(r, optarg, state.isquoted);
break;
@@ -3072,6 +3085,10 @@
redwax_dir_walk(r, optarg, &rt_run_process_pem_in);
break;
}
+ case REDWAX_TOOL_TRUST_PEM_IN: {
+ redwax_dir_walk(r, optarg, &rt_run_process_trust_pem_in);
+ break;
+ }
case REDWAX_TOOL_PKCS11_MODULE_IN: {
redwax_pkcs11_module_in(r, optarg);
break;
@@ -3135,6 +3152,10 @@
break;
}
case REDWAX_TOOL_PEM_IN: {
+ redwax_complete_file(r, "", state.isquoted);
+ break;
+ }
+ case REDWAX_TOOL_TRUST_PEM_IN: {
redwax_complete_file(r, "", state.isquoted);
break;
}
@@ -3380,6 +3401,7 @@
r.ips_index = apr_hash_make(r.pool);
r.keys_index = apr_hash_make(r.pool);
r.duplicates_index = apr_hash_make(r.pool);
+ r.trust_duplicates_index = apr_hash_make(r.pool);
r.emails = apr_hash_make(r.pool);
r.hostnames = apr_hash_make(r.pool);
Modified: redwax-tool/trunk/redwax-tool.h
==============================================================================
--- redwax-tool/trunk/redwax-tool.h (original)
+++ redwax-tool/trunk/redwax-tool.h Thu Jan 18 18:18:58 2024
@@ -126,6 +126,7 @@
apr_hash_t *ips_index;
apr_hash_t *keys_index;
apr_hash_t *duplicates_index;
+ apr_hash_t *trust_duplicates_index;
apr_hash_t *cert_relationships;
const char *verify_param;
const char *verify_date;
@@ -447,6 +448,14 @@
(redwax_tool_t *r, const char *arg, const char *secret));
/**
+ * Hook to process incoming trusted certificates.
+ *
+ * @param r The redwax-tool context.
+ */
+APR_DECLARE_EXTERNAL_HOOK(rt, REDWAX, apr_status_t, process_trust_pem_in,
+ (redwax_tool_t *r, const char *arg, const char *secret));
+
+/**
* Hook to complete PKCS11 URL in.
*
* @param r The redwax-tool context.
Modified: redwax-tool/trunk/redwax_openssl.c
==============================================================================
--- redwax-tool/trunk/redwax_openssl.c (original)
+++ redwax-tool/trunk/redwax_openssl.c Thu Jan 18 18:18:58 2024
@@ -1133,6 +1133,8 @@
PKCS8_PRIV_KEY_INFO *p8inf = NULL;
EVP_PKEY *pkey = NULL;
+ apr_hash_t *index;
+
/* header is deprecated, for details see PEM_get_EVP_CIPHER_INFO
* and PEM_do_header in OpenSSL. We do not (yet) support it here.
*/
@@ -1155,11 +1157,18 @@
der = data;
/* is this a duplicate? if so, skip */
- if (apr_hash_get(r->duplicates_index, der, len)) {
+ if ((strcmp(name, PEM_STRING_X509_TRUSTED) == 0)) {
+ index = r->trust_duplicates_index;
+ }
+ else {
+ index = r->duplicates_index;
+ }
+
+ if (apr_hash_get(index, der, len)) {
continue;
}
else {
- apr_hash_set(r->duplicates_index, der, len, der);
+ apr_hash_set(index, der, len, der);
}
if ((strcmp(name, PEM_STRING_X509) == 0) ||
@@ -1391,6 +1400,190 @@
key->origin = file;
rt_run_normalise_key(r, key, 1);
+
+ }
+
+ }
+
+ return APR_SUCCESS;
+}
+
+static apr_status_t redwax_openssl_process_trust_pem_in(redwax_tool_t *r,
+ const char *file, const char *secret)
+{
+
+ BIO *bio;
+ char *name = NULL, *header = NULL;
+ unsigned char *data = NULL;
+
+ long len, error = 0;
+
+ int label_len, id_len;
+
+ if (!strcmp(file, "-")) {
+ if (r->complete) {
+ return APR_ENOENT;
+ }
+ if ((bio = BIO_new_fp(stdin, BIO_NOCLOSE)) == NULL) {
+ redwax_openssl_print_errors(r);
+ return APR_ENOMEM;
+ }
+ }
+ else if ((bio = BIO_new(BIO_s_file())) == NULL) {
+ redwax_openssl_print_errors(r);
+ return APR_ENOMEM;
+ }
+ else if (BIO_read_filename(bio, file) <= 0) {
+ redwax_openssl_print_errors(r);
+ BIO_free(bio);
+ return APR_ENOENT;
+ }
+
+ apr_pool_cleanup_register(r->pool, bio, cleanup_bio,
+ apr_pool_cleanup_null);
+
+
+ for (;;) {
+
+ const unsigned char *der;
+
+ if (!PEM_read_bio(bio, &name, &header, &data, &len)) {
+ error = ERR_GET_REASON(ERR_peek_last_error());
+ if (error == PEM_R_NO_START_LINE) {
+ ERR_clear_error();
+ }
+ break;
+ }
+
+ apr_pool_cleanup_register(r->pool, name, cleanup_alloc,
+ apr_pool_cleanup_null);
+ apr_pool_cleanup_register(r->pool, header, cleanup_alloc,
+ apr_pool_cleanup_null);
+ apr_pool_cleanup_register(r->pool, data, cleanup_alloc,
+ apr_pool_cleanup_null);
+
+ der = data;
+
+ /* is this a duplicate? if so, skip */
+ if (apr_hash_get(r->trust_duplicates_index, der, len)) {
+ continue;
+ }
+ else {
+ apr_hash_set(r->trust_duplicates_index, der, len, der);
+ }
+
+ if ((strcmp(name, PEM_STRING_X509) == 0) ||
+ (strcmp(name, PEM_STRING_X509_OLD) == 0)) {
+
+ redwax_certificate_t *cert;
+
+ X509 *x = d2i_X509(NULL, &der, len);
+
+ if (!x) {
+ redwax_print_error(r, "Could not read certificate from '%s', skipping.\n",
+ file);
+ redwax_openssl_print_errors(r);
+ continue;
+ }
+
+ cert = apr_array_push(r->trusted_in);
+
+ apr_pool_create(&cert->pool, r->pool);
+
+ cert->common.type = REDWAX_CERTIFICATE_X509;
+ cert->common.category = REDWAX_CERTIFICATE_TRUSTED;
+
+ redwax_print_error(r, "trust-pem-in: certificate: %s\n",
+ redwax_openssl_name(cert->pool,
+ X509_get_subject_name(x)));
+
+ cert->header = header;
+ cert->label = (const char *)X509_alias_get0(x, &label_len);
+ cert->label_len = label_len;
+
+ cert->der = data;
+ cert->len = len;
+
+ cert->origin = file;
+
+ rt_run_normalise_certificate(r, cert, 1);
+
+ }
+
+ else if ((strcmp(name, PEM_STRING_X509_TRUSTED) == 0)) {
+
+ redwax_certificate_t *cert;
+
+ X509 *x = d2i_X509_AUX(NULL, &der, len);
+
+ if (!x) {
+ redwax_print_error(r, "Could not read certificate from '%s', skipping.\n",
+ file);
+ redwax_openssl_print_errors(r);
+ continue;
+ }
+
+ else {
+
+ unsigned char *der = NULL;
+
+ cert = apr_array_push(r->trusted_in);
+
+ apr_pool_create(&cert->pool, r->pool);
+
+ cert->common.type = REDWAX_CERTIFICATE_X509;
+ cert->common.category = REDWAX_CERTIFICATE_TRUSTED;
+
+ cert->header = header;
+ cert->id_der = (unsigned char *)X509_keyid_get0(x, &id_len);
+ cert->id_len = id_len;
+ cert->label = (const char *)X509_alias_get0(x, &label_len);
+ cert->label_len = label_len;
+
+ cert->len = i2d_X509(x, &der);
+ cert->der = der;
+
+ cert->origin = file;
+
+ rt_run_normalise_certificate(r, cert, 1);
+
+ redwax_print_error(r, "trust-pem-in: trusted: %s\n",
+ redwax_openssl_name(cert->pool,
+ X509_get_subject_name(x)));
+
+ }
+ }
+
+ else if (strcmp(name, PEM_STRING_X509_CRL) == 0) {
+
+ redwax_crl_t *crl;
+
+ X509_CRL *c = d2i_X509_CRL(NULL, &der, len);
+
+ if (c) {
+
+ redwax_print_error(r, "trust-pem-in: crl: %s\n",
+ redwax_openssl_name(r->pool, X509_CRL_get_issuer(c)));
+
+ sk_X509_CRL_push(crl_index, c);
+
+ crl = apr_array_push(r->crls_in);
+
+ apr_pool_create(&crl->pool, r->pool);
+
+ crl->header = header;
+ crl->der = data;
+ crl->len = len;
+
+ crl->origin = file;
+
+ /* no cleanup because of sk_X509_CRL_push() */
+#if 0
+ apr_pool_cleanup_register(r->pool, c, cleanup_x509_crl,
+ apr_pool_cleanup_null);
+#endif
+
+ }
}
@@ -5775,6 +5968,7 @@
rt_hook_set_verify_date(redwax_openssl_set_verify_date, NULL, NULL, APR_HOOK_MIDDLE);
rt_hook_set_verify_expiry(redwax_openssl_set_verify_expiry, NULL, NULL, APR_HOOK_MIDDLE);
rt_hook_process_pem_in(redwax_openssl_process_pem_in, NULL, NULL, APR_HOOK_MIDDLE);
+ rt_hook_process_trust_pem_in(redwax_openssl_process_trust_pem_in, NULL, NULL, APR_HOOK_MIDDLE);
rt_hook_process_pkcs12_in(redwax_openssl_process_pkcs12_in, NULL, NULL, APR_HOOK_MIDDLE);
rt_hook_complete_filter(redwax_openssl_complete_filter_verify, NULL, NULL, APR_HOOK_MIDDLE);
rt_hook_process_filter(redwax_openssl_process_filter_verify, NULL, NULL, APR_HOOK_MIDDLE);
More information about the rt-commit
mailing list