[openssl-commits] [openssl] master update

Matt Caswell matt at openssl.org
Fri Apr 29 22:15:20 UTC 2016


The branch master has been updated
       via  7cafbb4bd373f024c4900dcaa71aaf626c2ddbae (commit)
      from  77076dc944f76e821e4eae3a6563b853ce00c0ed (commit)


- Log -----------------------------------------------------------------
commit 7cafbb4bd373f024c4900dcaa71aaf626c2ddbae
Author: Matt Caswell <matt at openssl.org>
Date:   Fri Apr 29 17:44:46 2016 +0100

    Fix some X509_STORE macros
    
    Some X509_STORE macros do not work since the type was made opaque.
    
    Reviewed-by: Viktor Dukhovni <viktor at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 crypto/x509/x509_lu.c             |  5 +++++
 doc/crypto/X509_STORE_CTX_new.pod | 24 ++++++++++++++++++++++++
 include/openssl/x509_vfy.h        | 13 +++++++++----
 util/libcrypto.num                |  1 +
 4 files changed, 39 insertions(+), 4 deletions(-)

diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index b77a796..c4ca619 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -750,6 +750,11 @@ void X509_STORE_set_verify_cb(X509_STORE *ctx,
     ctx->verify_cb = verify_cb;
 }
 
+void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify verify)
+{
+    ctx->verify = verify;
+}
+
 void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx,
                                    STACK_OF(X509_CRL) *(*cb) (X509_STORE_CTX
                                                               *ctx,
diff --git a/doc/crypto/X509_STORE_CTX_new.pod b/doc/crypto/X509_STORE_CTX_new.pod
index 17517b3..1ec99f1 100644
--- a/doc/crypto/X509_STORE_CTX_new.pod
+++ b/doc/crypto/X509_STORE_CTX_new.pod
@@ -47,6 +47,7 @@ X509_STORE_CTX_get_verify - X509_STORE_CTX initialisation
  X509_STORE_CTX_verify X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx);
  void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, X509_STORE_CTX_verify verify);
 
+ void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify verify);
 
 =head1 DESCRIPTION
 
@@ -115,6 +116,23 @@ find an appropriate set of parameters from B<name>.
 X509_STORE_CTX_get_num_untrusted() returns the number of untrusted certificates
 that were used in building the chain following a call to X509_verify_cert().
 
+X509_STORE_CTX_set_verify() provides the capability for overriding the default
+verify function. This function is responsible for verifying chain signatures and
+expiration times. X509_STORE_CTX_get_verify() obtains the current verify
+function being used.
+
+X509_STORE_set_verify() works in the same way as for X509_STORE_CTX_set_verify()
+but sets the default verify function to be used by all X509_STORE_CTX objects
+created for this X509_STORE.
+
+A verify function is defined as an X509_STORE_CTX_verify type which has the
+following signature:
+
+ int (*verify)(X509_STORE_CTX *); 
+
+This function should receive the current X509_STORE_CTX as a parameter and
+return 1 on success or 0 on failure.
+
 =head1 NOTES
 
 The certificates and CRLs in a store are used internally and should B<not>
@@ -147,6 +165,9 @@ X509_STORE_CTX_set_default() returns 1 for success or 0 if an error occurred.
 X509_STORE_CTX_get_num_untrusted() returns the number of untrusted certificates
 used.
 
+X509_STORE_CTX_get_verify() returns the current verify function in use for this
+X509_STORE_CTX.
+
 =head1 SEE ALSO
 
 L<X509_verify_cert(3)>
@@ -156,5 +177,8 @@ L<X509_VERIFY_PARAM_set_flags(3)>
 
 X509_STORE_CTX_set0_crls() was first added to OpenSSL 1.0.0
 X509_STORE_CTX_get_num_untrusted() was first added to OpenSSL 1.1.0
+X509_STORE_set_verify() wsa first added to OpenSSL 1.1.0. It was previously
+available as a macro X509_STORE_set_verify_func(). This macro still exists but
+simply calls this function.
 
 =cut
diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h
index fc6e389..1c86d31 100644
--- a/include/openssl/x509_vfy.h
+++ b/include/openssl/x509_vfy.h
@@ -104,8 +104,15 @@ DEFINE_STACK_OF(X509_VERIFY_PARAM)
 
 int X509_STORE_set_depth(X509_STORE *store, int depth);
 
-# define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func))
-# define X509_STORE_set_verify_func(ctx,func)    ((ctx)->verify=(func))
+# define X509_STORE_set_verify_cb_func(ctx,func) \
+            X509_STORE_set_verify_cb((ctx),(func))
+
+typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *);
+typedef int (*X509_STORE_CTX_verify)(X509_STORE_CTX *);
+
+void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify verify);
+#define X509_STORE_set_verify_func(ctx, func) \
+            X509_STORE_set_verify((ctx),(func))
 
 void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
 
@@ -314,8 +321,6 @@ X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx);
 X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx);
 STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
-typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *);
-typedef int (*X509_STORE_CTX_verify)(X509_STORE_CTX *);
 void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
                                   X509_STORE_CTX_verify_cb verify);
 X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx);
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 16fb748..2cae182 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4212,3 +4212,4 @@ X509_STORE_get_ex_data                  4085	1_1_0	EXIST::FUNCTION:
 X509_STORE_get0_objects                 4086	1_1_0	EXIST::FUNCTION:
 X509_STORE_get0_param                   4087	1_1_0	EXIST::FUNCTION:
 X509_OBJECT_get_type                    4088	1_1_0	EXIST::FUNCTION:
+X509_STORE_set_verify                   4089	1_1_0	EXIST::FUNCTION:


More information about the openssl-commits mailing list