commit 73d1fbf3047e24c57cf74a341d6ffdf9c7cbc548
author Zbigniew Lukwinski <zbigniew.lukwinski@linux.intel.com> Wed Jan 15 15:31:12 2020 +0100
committer Zbigniew Lukwinski <zbigniew.lukwinski@linux.intel.com> Wed Jan 15 15:35:47 2020 +0100
tree 481ff70cfa7c9d69197d5e21800fd2364cc7c912
parent 2f3563cc53a8f32c43b03d20b7219e52b1c1cf28

Installing certificates with the same subject name.

This patch enables the way for installing different CA certificates with
the same subject name which could be the use case. The problem is OpenSSL
requires certificates file name to be consisted of the certificate
subject name hash (as name base) and integer number (as name extension),
e.g. "9d66eef0.0":
https://www.boost.org/doc/libs/1_69_0/doc/html/boost_asio/reference/ssl__context/add_verify_path.html
https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_load_verify_locations.html
But finally OpenSSL allows to use many CA certificatates with the same subject
name but handling certificate file name extension (e.g. must be
consecutive integers numbers) is needed. Current implementation
hardcodes name extension to 0. So this patch is about handling
certificate file name extension properly.

Tested by installing, deleting and replacing a few CA certificates
with the same subject name and checking whether authentication based
on them works:
 - install a few CA certificates and check whether authentication based
on them works,
 - delete single CA certificate and check whether authentication based
on the rest works and based on the deleted one do not work,
 - replace single CA certificate and check whether authentication based
on the rest and the new one works and based on the replaced one do not
work.

Signed-off-by: Zbigniew Lukwinski <zbigniew.lukwinski@linux.intel.com>
Change-Id: I95b8e77559a9e64f0e6cb95dac60dbad32fbcb86