diff options
| author | robot-contrib <robot-contrib@yandex-team.com> | 2023-03-25 11:05:32 +0300 |
|---|---|---|
| committer | robot-contrib <robot-contrib@yandex-team.com> | 2023-03-25 11:05:32 +0300 |
| commit | f60764b94c031a4de74405922773a8076ac173ef (patch) | |
| tree | c75fcb75a5c17e5472ab5816f0a9fc012710bf59 | |
| parent | f8cf10ff0fb48496a675933b846456d567cca1af (diff) | |
| download | ydb-f60764b94c031a4de74405922773a8076ac173ef.tar.gz | |
Update contrib/restricted/aws/aws-c-io to 0.13.19
3 files changed, 22 insertions, 9 deletions
diff --git a/contrib/restricted/aws/aws-c-io/include/aws/io/private/pki_utils.h b/contrib/restricted/aws/aws-c-io/include/aws/io/private/pki_utils.h index 7533f0317f..feb8d65ce9 100644 --- a/contrib/restricted/aws/aws-c-io/include/aws/io/private/pki_utils.h +++ b/contrib/restricted/aws/aws-c-io/include/aws/io/private/pki_utils.h @@ -39,6 +39,13 @@ AWS_IO_API int aws_decode_pem_to_buffer_list( struct aws_array_list *cert_chain_or_key); /** + * Returns the path to the directory and file, respectively, which holds the + * SSL certificate trust store on the system. + */ +AWS_IO_API const char *aws_determine_default_pki_dir(void); +AWS_IO_API const char *aws_determine_default_pki_ca_file(void); + +/** * Decodes a PEM file at 'filename' and adds the results to 'cert_chain_or_key' if successful. * Otherwise, 'cert_chain_or_key' will be empty. * The passed-in parameter 'cert_chain_or_key' should be empty and dynamically initialized array_list diff --git a/contrib/restricted/aws/aws-c-io/source/s2n/s2n_tls_channel_handler.c b/contrib/restricted/aws/aws-c-io/source/s2n/s2n_tls_channel_handler.c index 550c25f96b..4a7d8bf450 100644 --- a/contrib/restricted/aws/aws-c-io/source/s2n/s2n_tls_channel_handler.c +++ b/contrib/restricted/aws/aws-c-io/source/s2n/s2n_tls_channel_handler.c @@ -104,8 +104,8 @@ AWS_STATIC_STRING_FROM_LITERAL(s_android_path, "/system/etc/security/cacerts"); AWS_STATIC_STRING_FROM_LITERAL(s_free_bsd_path, "/usr/local/share/certs"); AWS_STATIC_STRING_FROM_LITERAL(s_net_bsd_path, "/etc/openssl/certs"); -static const char *s_determine_default_pki_dir(void) { - /* debian variants */ +AWS_IO_API const char *aws_determine_default_pki_dir(void) { + /* debian variants; OpenBSD (although the directory doesn't exist by default) */ if (aws_path_exists(s_debian_path)) { return aws_string_c_str(s_debian_path); } @@ -120,12 +120,12 @@ static const char *s_determine_default_pki_dir(void) { return aws_string_c_str(s_android_path); } - /* Free BSD */ + /* FreeBSD */ if (aws_path_exists(s_free_bsd_path)) { return aws_string_c_str(s_free_bsd_path); } - /* Net BSD */ + /* NetBSD */ if (aws_path_exists(s_net_bsd_path)) { return aws_string_c_str(s_net_bsd_path); } @@ -138,8 +138,9 @@ AWS_STATIC_STRING_FROM_LITERAL(s_old_rhel_ca_file_path, "/etc/pki/tls/certs/ca-b AWS_STATIC_STRING_FROM_LITERAL(s_open_suse_ca_file_path, "/etc/ssl/ca-bundle.pem"); AWS_STATIC_STRING_FROM_LITERAL(s_open_elec_ca_file_path, "/etc/pki/tls/cacert.pem"); AWS_STATIC_STRING_FROM_LITERAL(s_modern_rhel_ca_file_path, "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem"); +AWS_STATIC_STRING_FROM_LITERAL(s_openbsd_ca_file_path, "/etc/ssl/cert.pem"); -static const char *s_determine_default_pki_ca_file(void) { +AWS_IO_API const char *aws_determine_default_pki_ca_file(void) { /* debian variants */ if (aws_path_exists(s_debian_ca_file_path)) { return aws_string_c_str(s_debian_ca_file_path); @@ -165,6 +166,11 @@ static const char *s_determine_default_pki_ca_file(void) { return aws_string_c_str(s_modern_rhel_ca_file_path); } + /* OpenBSD */ + if (aws_path_exists(s_openbsd_ca_file_path)) { + return aws_string_c_str(s_openbsd_ca_file_path); + } + return NULL; } @@ -198,8 +204,8 @@ void aws_tls_init_static_state(struct aws_allocator *alloc) { } } - s_default_ca_dir = s_determine_default_pki_dir(); - s_default_ca_file = s_determine_default_pki_ca_file(); + s_default_ca_dir = aws_determine_default_pki_dir(); + s_default_ca_file = aws_determine_default_pki_ca_file(); if (s_default_ca_dir || s_default_ca_file) { AWS_LOGF_DEBUG( AWS_LS_IO_TLS, diff --git a/contrib/restricted/aws/aws-c-io/ya.make b/contrib/restricted/aws/aws-c-io/ya.make index 95022aa137..10e5050ddd 100644 --- a/contrib/restricted/aws/aws-c-io/ya.make +++ b/contrib/restricted/aws/aws-c-io/ya.make @@ -9,9 +9,9 @@ LICENSE( LICENSE_TEXTS(.yandex_meta/licenses.list.txt) -VERSION(0.13.18) +VERSION(0.13.19) -ORIGINAL_SOURCE(https://github.com/awslabs/aws-c-io/archive/v0.13.18.tar.gz) +ORIGINAL_SOURCE(https://github.com/awslabs/aws-c-io/archive/v0.13.19.tar.gz) PEERDIR( contrib/restricted/aws/aws-c-cal |