diff --git a/cyassl/ssl.h b/cyassl/ssl.h index 1812dfaf1..cfb8d2f91 100644 --- a/cyassl/ssl.h +++ b/cyassl/ssl.h @@ -167,6 +167,7 @@ CYASSL_API int CyaSSL_CTX_use_certificate_file(CYASSL_CTX*, const char*, int); CYASSL_API int CyaSSL_CTX_use_PrivateKey_file(CYASSL_CTX*, const char*, int); CYASSL_API int CyaSSL_CTX_load_verify_locations(CYASSL_CTX*, const char*, const char*); +CYASSL_API int CyaSSL_CTX_UnloadCAs(CYASSL_CTX*); CYASSL_API int CyaSSL_CTX_use_certificate_chain_file(CYASSL_CTX *, const char *file); CYASSL_API int CyaSSL_CTX_use_RSAPrivateKey_file(CYASSL_CTX*, const char*, int); @@ -869,6 +870,7 @@ typedef void (*CbMissingCRL)(const char* url); CYASSL_API int CyaSSL_CertManagerLoadCA(CYASSL_CERT_MANAGER*, const char* f, const char* d); + CYASSL_API int CyaSSL_CertManagerUnloadCAs(CYASSL_CERT_MANAGER* cm); CYASSL_API int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER*, const char* f, int format); CYASSL_API int CyaSSL_CertManagerVerifyBuffer(CYASSL_CERT_MANAGER* cm, diff --git a/src/ssl.c b/src/ssl.c index 0010d67cb..3ed0f3200 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -692,6 +692,31 @@ void CyaSSL_CertManagerFree(CYASSL_CERT_MANAGER* cm) } + +/* Unload the CA signer list */ +int CyaSSL_CertManagerUnloadCAs(CYASSL_CERT_MANAGER* cm) +{ + Signer* signers; + + CYASSL_ENTER("CyaSSL_CertManagerUnloadCAs"); + + if (cm == NULL) + return BAD_FUNC_ARG; + + if (LockMutex(&cm->caLock) != 0) + return BAD_MUTEX_ERROR; + + signers = cm->caList; + cm->caList = NULL; + + UnLockMutex(&cm->caLock); + + FreeSigners(signers, NULL); + + return SSL_SUCCESS; +} + + #endif /* !NO_CERTS */ @@ -3882,6 +3907,16 @@ int CyaSSL_set_compression(CYASSL* ssl) ssl, NULL, 1); } + int CyaSSL_CTX_UnloadCAs(CYASSL_CTX* ctx) + { + CYASSL_ENTER("CyaSSL_CTX_UnloadCAs"); + + if (ctx == NULL) + return BAD_FUNC_ARG; + + return CyaSSL_CertManagerUnloadCAs(ctx->cm); + } + /* old NO_FILESYSTEM end */ #endif /* !NO_CERTS */