[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Fri Apr 29 22:15:20 UTC 2016
The branch master has been updated
via 7cafbb4bd373f024c4900dcaa71aaf626c2ddbae (commit)
from 77076dc944f76e821e4eae3a6563b853ce00c0ed (commit)
- Log -----------------------------------------------------------------
commit 7cafbb4bd373f024c4900dcaa71aaf626c2ddbae
Author: Matt Caswell <matt at openssl.org>
Date: Fri Apr 29 17:44:46 2016 +0100
Fix some X509_STORE macros
Some X509_STORE macros do not work since the type was made opaque.
Reviewed-by: Viktor Dukhovni <viktor at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/x509/x509_lu.c | 5 +++++
doc/crypto/X509_STORE_CTX_new.pod | 24 ++++++++++++++++++++++++
include/openssl/x509_vfy.h | 13 +++++++++----
util/libcrypto.num | 1 +
4 files changed, 39 insertions(+), 4 deletions(-)
diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index b77a796..c4ca619 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -750,6 +750,11 @@ void X509_STORE_set_verify_cb(X509_STORE *ctx,
ctx->verify_cb = verify_cb;
}
+void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify verify)
+{
+ ctx->verify = verify;
+}
+
void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx,
STACK_OF(X509_CRL) *(*cb) (X509_STORE_CTX
*ctx,
diff --git a/doc/crypto/X509_STORE_CTX_new.pod b/doc/crypto/X509_STORE_CTX_new.pod
index 17517b3..1ec99f1 100644
--- a/doc/crypto/X509_STORE_CTX_new.pod
+++ b/doc/crypto/X509_STORE_CTX_new.pod
@@ -47,6 +47,7 @@ X509_STORE_CTX_get_verify - X509_STORE_CTX initialisation
X509_STORE_CTX_verify X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx);
void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, X509_STORE_CTX_verify verify);
+ void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify verify);
=head1 DESCRIPTION
@@ -115,6 +116,23 @@ find an appropriate set of parameters from B<name>.
X509_STORE_CTX_get_num_untrusted() returns the number of untrusted certificates
that were used in building the chain following a call to X509_verify_cert().
+X509_STORE_CTX_set_verify() provides the capability for overriding the default
+verify function. This function is responsible for verifying chain signatures and
+expiration times. X509_STORE_CTX_get_verify() obtains the current verify
+function being used.
+
+X509_STORE_set_verify() works in the same way as for X509_STORE_CTX_set_verify()
+but sets the default verify function to be used by all X509_STORE_CTX objects
+created for this X509_STORE.
+
+A verify function is defined as an X509_STORE_CTX_verify type which has the
+following signature:
+
+ int (*verify)(X509_STORE_CTX *);
+
+This function should receive the current X509_STORE_CTX as a parameter and
+return 1 on success or 0 on failure.
+
=head1 NOTES
The certificates and CRLs in a store are used internally and should B<not>
@@ -147,6 +165,9 @@ X509_STORE_CTX_set_default() returns 1 for success or 0 if an error occurred.
X509_STORE_CTX_get_num_untrusted() returns the number of untrusted certificates
used.
+X509_STORE_CTX_get_verify() returns the current verify function in use for this
+X509_STORE_CTX.
+
=head1 SEE ALSO
L<X509_verify_cert(3)>
@@ -156,5 +177,8 @@ L<X509_VERIFY_PARAM_set_flags(3)>
X509_STORE_CTX_set0_crls() was first added to OpenSSL 1.0.0
X509_STORE_CTX_get_num_untrusted() was first added to OpenSSL 1.1.0
+X509_STORE_set_verify() wsa first added to OpenSSL 1.1.0. It was previously
+available as a macro X509_STORE_set_verify_func(). This macro still exists but
+simply calls this function.
=cut
diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h
index fc6e389..1c86d31 100644
--- a/include/openssl/x509_vfy.h
+++ b/include/openssl/x509_vfy.h
@@ -104,8 +104,15 @@ DEFINE_STACK_OF(X509_VERIFY_PARAM)
int X509_STORE_set_depth(X509_STORE *store, int depth);
-# define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func))
-# define X509_STORE_set_verify_func(ctx,func) ((ctx)->verify=(func))
+# define X509_STORE_set_verify_cb_func(ctx,func) \
+ X509_STORE_set_verify_cb((ctx),(func))
+
+typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *);
+typedef int (*X509_STORE_CTX_verify)(X509_STORE_CTX *);
+
+void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify verify);
+#define X509_STORE_set_verify_func(ctx, func) \
+ X509_STORE_set_verify((ctx),(func))
void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
@@ -314,8 +321,6 @@ X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx);
X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx);
STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx);
void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
-typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *);
-typedef int (*X509_STORE_CTX_verify)(X509_STORE_CTX *);
void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
X509_STORE_CTX_verify_cb verify);
X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx);
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 16fb748..2cae182 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4212,3 +4212,4 @@ X509_STORE_get_ex_data 4085 1_1_0 EXIST::FUNCTION:
X509_STORE_get0_objects 4086 1_1_0 EXIST::FUNCTION:
X509_STORE_get0_param 4087 1_1_0 EXIST::FUNCTION:
X509_OBJECT_get_type 4088 1_1_0 EXIST::FUNCTION:
+X509_STORE_set_verify 4089 1_1_0 EXIST::FUNCTION:
More information about the openssl-commits
mailing list