Skip to content

Commit

Permalink
src: modify SecureContext::SetCACert to not use root_certs
Browse files Browse the repository at this point in the history
  • Loading branch information
ShenHongFei committed Dec 18, 2024
1 parent 8253290 commit 13674e5
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion src/crypto/crypto_context.cc
Original file line number Diff line number Diff line change
Expand Up @@ -785,8 +785,11 @@ void SecureContext::SetCACert(const BIOPointer& bio) {
if (!bio) return;
while (X509Pointer x509 = X509Pointer(PEM_read_bio_X509_AUX(
bio.get(), nullptr, NoPasswordCallback, nullptr))) {
// Get the existing cert store from the SSL context
// instead of GetCertStoreOwnedByThisSecureContext()
// to avoid creating X509_STORE based on root_certs, which is very slow
CHECK_EQ(1,
X509_STORE_add_cert(GetCertStoreOwnedByThisSecureContext(),
X509_STORE_add_cert(SSL_CTX_get_cert_store(ctx_.get()),
x509.get()));
CHECK_EQ(1, SSL_CTX_add_client_CA(ctx_.get(), x509.get()));
}
Expand Down

0 comments on commit 13674e5

Please sign in to comment.