Introduce an internal version of X509_check_issued()

author Matt Caswell <matt@openssl.org>

Mon, 6 Apr 2020 11:14:30 +0000 (12:14 +0100)

committer Matt Caswell <matt@openssl.org>

Thu, 16 Apr 2020 13:19:52 +0000 (14:19 +0100)
author Matt Caswell <matt@openssl.org>
Mon, 6 Apr 2020 11:14:30 +0000 (12:14 +0100)
committer Matt Caswell <matt@openssl.org>
Thu, 16 Apr 2020 13:19:52 +0000 (14:19 +0100)
diff --git a/crypto/x509/v3_purp.c b/crypto/x509/v3_purp.c

index bee8210bfc8c92f1317adb8ed7bed723f0f56dfd..687d065303c56fb8b7d6ee9ca2dd9e2e7d6d65d4 100644 (file)
--- a/crypto/x509/v3_purp.c
+++ b/crypto/x509/v3_purp.c
@@ -811,14 +811,15 @@ static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca)
   * codes for X509_verify_cert()
   */
  
-int X509_check_issued(X509 *issuer, X509 *subject)
+int x509_check_issued_int(X509 *issuer, X509 *subject, OPENSSL_CTX *libctx,
+                          const char *propq)
  {
      if (X509_NAME_cmp(X509_get_subject_name(issuer),
                        X509_get_issuer_name(subject)))
          return X509_V_ERR_SUBJECT_ISSUER_MISMATCH;
  
-    if (!X509v3_cache_extensions(issuer, NULL, NULL)
-            || !X509v3_cache_extensions(subject, NULL, NULL))
+    if (!X509v3_cache_extensions(issuer, libctx, propq)
+            || !X509v3_cache_extensions(subject, libctx, propq))
          return X509_V_ERR_UNSPECIFIED;
  
      if (subject->akid) {
@@ -853,6 +854,11 @@ int X509_check_issued(X509 *issuer, X509 *subject)
      return X509_V_OK;
  }
  
+int X509_check_issued(X509 *issuer, X509 *subject)
+{
+    return x509_check_issued_int(issuer, subject, NULL, NULL);
+}
+
  int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid)
  {
  
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c

index c3eb261b94a1e83de4aa9a66246a84f824a05ce4..99479444e6c156922015e95560ed65cc24ac613f 100644 (file)
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -334,7 +334,7 @@ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
          return ss;
      }
  
-    ret = X509_check_issued(issuer, x);
+    ret = x509_check_issued_int(issuer, x, ctx->libctx, ctx->propq);
      if (ret == X509_V_OK) {
          int i;
          X509 *ch;
diff --git a/include/crypto/x509.h b/include/crypto/x509.h

index 560f3abb76eefb1a7cfe1bc20d86882c50b10906..1d2ec3ee5284731baec012922da3cf2aab278f0e 100644 (file)
--- a/include/crypto/x509.h
+++ b/include/crypto/x509.h
@@ -297,3 +297,7 @@ int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm);
  int x509_print_ex_brief(BIO *bio, X509 *cert, unsigned long neg_cflags);
  
  void x509_init_sig_info(X509 *x);
+
+
+int x509_check_issued_int(X509 *issuer, X509 *subject, OPENSSL_CTX *libctx,
+                          const char *propq);
author	Matt Caswell <matt@openssl.org>
	Mon, 6 Apr 2020 11:14:30 +0000 (12:14 +0100)
committer	Matt Caswell <matt@openssl.org>
	Thu, 16 Apr 2020 13:19:52 +0000 (14:19 +0100)
crypto/x509/v3_purp.c		patch \| blob \| history
crypto/x509/x509_vfy.c		patch \| blob \| history
include/crypto/x509.h		patch \| blob \| history