Skip to content

Commit

Permalink
src: modify SecureContext::SetCACert to not use root_certs
Browse files Browse the repository at this point in the history
  • Loading branch information
ShenHongFei committed Dec 18, 2024
1 parent 8253290 commit f61b98f
Showing 1 changed file with 5 additions and 3 deletions.
8 changes: 5 additions & 3 deletions src/crypto/crypto_context.cc
Original file line number Diff line number Diff line change
Expand Up @@ -785,9 +785,11 @@ void SecureContext::SetCACert(const BIOPointer& bio) {
if (!bio) return;
while (X509Pointer x509 = X509Pointer(PEM_read_bio_X509_AUX(
bio.get(), nullptr, NoPasswordCallback, nullptr))) {
CHECK_EQ(1,
X509_STORE_add_cert(GetCertStoreOwnedByThisSecureContext(),
x509.get()));
// Get the existing cert store from the SSL context
// instead of GetCertStoreOwnedByThisSecureContext()
// to avoid creating X509_STORE based on root_certs, which is very slow
CHECK_EQ(
1, X509_STORE_add_cert(SSL_CTX_get_cert_store(ctx_.get()), x509.get()));
CHECK_EQ(1, SSL_CTX_add_client_CA(ctx_.get(), x509.get()));
}
}
Expand Down

0 comments on commit f61b98f

Please sign in to comment.