git://git.onelab.eu / sliver-openvswitch.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
socket-util: Unlink Unix domain sockets that bind but fail to connect.
[sliver-openvswitch.git] / lib / stream-ssl.c
diff --git a/lib/stream-ssl.c b/lib/stream-ssl.c
index 4d7c7c4..22d4c99 100644 (file)
--- a/lib/stream-ssl.c
+++ b/lib/stream-ssl.c
@@ -413,6 +413,7 @@ do_ca_cert_bootstrap(struct stream *stream)
     if (!cert) {
         out_of_memory();
     }
+    SSL_CTX_set_cert_store(ctx, X509_STORE_new());
     if (SSL_CTX_load_verify_locations(ctx, ca_cert.file_name, NULL) != 1) {
         VLOG_ERR("SSL_CTX_load_verify_locations: %s",
                  ERR_error_string(ERR_get_error(), NULL));
@@ -751,7 +752,7 @@ ssl_wait(struct stream *stream, enum stream_wait_type wait)
     }
 }
 
-struct stream_class ssl_stream_class = {
+const struct stream_class ssl_stream_class = {
     "ssl",                      /* name */
     ssl_open,                   /* open */
     ssl_close,                  /* close */
@@ -771,7 +772,7 @@ struct pssl_pstream
     int fd;
 };
 
-struct pstream_class pssl_pstream_class;
+const struct pstream_class pssl_pstream_class;
 
 static struct pssl_pstream *
 pssl_pstream_cast(struct pstream *pstream)
@@ -856,7 +857,7 @@ pssl_wait(struct pstream *pstream)
     poll_fd_wait(pssl->fd, POLLIN);
 }
 
-struct pstream_class pssl_pstream_class = {
+const struct pstream_class pssl_pstream_class = {
     "pssl",
     pssl_open,
     pssl_close,
@@ -1215,6 +1216,7 @@ stream_ssl_set_ca_cert_file__(const char *file_name,
 
         /* Set up CAs for OpenSSL to trust in verifying the peer's
          * certificate. */
+        SSL_CTX_set_cert_store(ctx, X509_STORE_new());
         if (SSL_CTX_load_verify_locations(ctx, file_name, NULL) != 1) {
             VLOG_ERR("SSL_CTX_load_verify_locations: %s",
                      ERR_error_string(ERR_get_error(), NULL));
sliver-openvswitch