diff --git a/src/linux_tcp/openssl.cpp b/src/linux_tcp/openssl.cpp index f0c0c8d..9adfccf 100644 --- a/src/linux_tcp/openssl.cpp +++ b/src/linux_tcp/openssl.cpp @@ -327,6 +327,20 @@ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) return func(ctx, cmd, larg, parg); } +/** + * Specify that the default location from which CA certificates are loaded + * should be used. + * @param ctx + */ +int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) +{ + // the actual function + static Function func(handle, "SSL_CTX_set_default_verify_paths"); + + // call actual function + return func(ctx); +} + /** * Clear the SSL error queue * @return void diff --git a/src/linux_tcp/openssl.h b/src/linux_tcp/openssl.h index 4614b66..977f913 100644 --- a/src/linux_tcp/openssl.h +++ b/src/linux_tcp/openssl.h @@ -51,6 +51,7 @@ void SSL_CTX_free(SSL_CTX *ctx); void SSL_free(SSL *ssl); long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); +int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); void ERR_clear_error(void); /** diff --git a/src/linux_tcp/sslhandshake.h b/src/linux_tcp/sslhandshake.h index 02efdd5..44a5fcd 100644 --- a/src/linux_tcp/sslhandshake.h +++ b/src/linux_tcp/sslhandshake.h @@ -32,6 +32,12 @@ namespace AMQP { class SslHandshake : public TcpExtState { private: + /** + * Ssl context + * @var SslContext + */ + SslContext _ctx; + /** * SSL structure * @var SslWrapper @@ -113,9 +119,13 @@ public: */ SslHandshake(TcpExtState *state, const std::string &hostname, TcpOutBuffer &&buffer) : TcpExtState(state), - _ssl(SslContext(OpenSSL::TLS_client_method())), + _ctx(OpenSSL::TLS_client_method()), + _ssl(_ctx), _out(std::move(buffer)) { + // use the default directories for verifying certificates + OpenSSL::SSL_CTX_set_default_verify_paths(_ctx); + // we will be using the ssl context as a client OpenSSL::SSL_set_connect_state(_ssl);