Purpose and trust setting functions for X509_STORE.
authorDr. Stephen Henson <steve@openssl.org>
Thu, 10 May 2001 00:13:59 +0000 (00:13 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Thu, 10 May 2001 00:13:59 +0000 (00:13 +0000)
Tidy existing code.

CHANGES
crypto/x509/x509.h
crypto/x509/x509_err.c
crypto/x509/x509_lu.c
crypto/x509/x509_trs.c
crypto/x509/x509_vfy.h
crypto/x509v3/v3_purp.c
crypto/x509v3/v3err.c
crypto/x509v3/x509v3.h
ssl/ssl_lib.c

diff --git a/CHANGES b/CHANGES
index e0b2838c29e81cc5cd94f4c3bf429b31d7dbda78..dfbc0e764f7a87035da6b6285e814d3fd997a41d 100644 (file)
--- a/CHANGES
+++ b/CHANGES
          *) applies to 0.9.6a (/0.9.6b) and 0.9.7
          +) applies to 0.9.7 only
 
+  +) New functions X509_PURPOSE_set() and X509_TRUST_set() to handle
+     setting of purpose and trust fields. New X509_STORE trust and
+     purpose functions and tidy up setting in other SSL functions.
+     [Steve Henson]
+
   +) Add copies of X509_STORE_CTX fields and callbacks to X509_STORE
      structure. These are inherited by X509_STORE_CTX when it is 
      initialised. This allows various defaults to be set in the
index 2b9d1050b7eab9dc346debace1824e3808d6f084..16a5653b1dada3146052adfba16966ceef5cc2ae 100644 (file)
@@ -886,6 +886,7 @@ int X509_alias_set1(X509 *x, unsigned char *name, int len);
 int X509_keyid_set1(X509 *x, unsigned char *id, int len);
 unsigned char * X509_alias_get0(X509 *x, int *len);
 int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int);
+int X509_TRUST_set(int *t, int trust);
 int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj);
 int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj);
 void X509_trust_clear(X509 *x);
@@ -1173,6 +1174,7 @@ int X509_TRUST_get_trust(X509_TRUST *xp);
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
  */
+void ERR_load_X509_strings(void);
 
 /* Error codes for the X509 functions. */
 
@@ -1214,6 +1216,7 @@ int X509_TRUST_get_trust(X509_TRUST *xp);
 #define X509_F_X509_STORE_CTX_PURPOSE_INHERIT           134
 #define X509_F_X509_TO_X509_REQ                                 126
 #define X509_F_X509_TRUST_ADD                           133
+#define X509_F_X509_TRUST_SET                           141
 #define X509_F_X509_VERIFY_CERT                                 127
 
 /* Reason codes. */
@@ -1224,6 +1227,7 @@ int X509_TRUST_get_trust(X509_TRUST *xp);
 #define X509_R_ERR_ASN1_LIB                             102
 #define X509_R_INVALID_DIRECTORY                        113
 #define X509_R_INVALID_FIELD_NAME                       119
+#define X509_R_INVALID_TRUST                            123
 #define X509_R_KEY_TYPE_MISMATCH                        115
 #define X509_R_KEY_VALUES_MISMATCH                      116
 #define X509_R_LOADING_CERT_DIR                                 103
@@ -1244,4 +1248,3 @@ int X509_TRUST_get_trust(X509_TRUST *xp);
 }
 #endif
 #endif
-
index 6dd3a9731f986cd24543e8f684a8e205e88fe819..fa72c162e9e300dd46e59548da92fd2fb3e18f94 100644 (file)
@@ -103,6 +103,7 @@ static ERR_STRING_DATA X509_str_functs[]=
 {ERR_PACK(0,X509_F_X509_STORE_CTX_PURPOSE_INHERIT,0),  "X509_STORE_CTX_purpose_inherit"},
 {ERR_PACK(0,X509_F_X509_TO_X509_REQ,0),        "X509_to_X509_REQ"},
 {ERR_PACK(0,X509_F_X509_TRUST_ADD,0),  "X509_TRUST_add"},
+{ERR_PACK(0,X509_F_X509_TRUST_SET,0),  "X509_TRUST_set"},
 {ERR_PACK(0,X509_F_X509_VERIFY_CERT,0),        "X509_verify_cert"},
 {0,NULL}
        };
@@ -116,6 +117,7 @@ static ERR_STRING_DATA X509_str_reasons[]=
 {X509_R_ERR_ASN1_LIB                     ,"err asn1 lib"},
 {X509_R_INVALID_DIRECTORY                ,"invalid directory"},
 {X509_R_INVALID_FIELD_NAME               ,"invalid field name"},
+{X509_R_INVALID_TRUST                    ,"invalid trust"},
 {X509_R_KEY_TYPE_MISMATCH                ,"key type mismatch"},
 {X509_R_KEY_VALUES_MISMATCH              ,"key values mismatch"},
 {X509_R_LOADING_CERT_DIR                 ,"loading cert dir"},
index fe9fbca315e60f8c9adf81e8967139ca7e4c8a93..a298343a4f12ae9adcc8f7973e0a6134e589861e 100644 (file)
@@ -60,6 +60,7 @@
 #include "cryptlib.h"
 #include <openssl/lhash.h>
 #include <openssl/x509.h>
+#include <openssl/x509v3.h>
 
 static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_store_meth=NULL;
 
@@ -544,5 +545,15 @@ void X509_STORE_set_flags(X509_STORE *ctx, long flags)
        ctx->flags |= flags;
        }
 
+int X509_STORE_set_purpose(X509_STORE *ctx, int purpose)
+       {
+       return X509_PURPOSE_set(&ctx->purpose, purpose);
+       }
+
+int X509_STORE_set_trust(X509_STORE *ctx, int trust)
+       {
+       return X509_TRUST_set(&ctx->trust, trust);
+       }
+
 IMPLEMENT_STACK_OF(X509_LOOKUP)
 IMPLEMENT_STACK_OF(X509_OBJECT)
index 4f48b55160ff7076f6cd6d7d4cc3a96a84860926..c164badbe4b6c782ecf6b53d937e6b06a0c1f767 100644 (file)
@@ -144,6 +144,16 @@ int X509_TRUST_get_by_id(int id)
        return idx + X509_TRUST_COUNT;
 }
 
+int X509_TRUST_set(int *t, int trust)
+{
+       if(X509_TRUST_get_by_id(trust) == -1) {
+               X509err(X509_F_X509_TRUST_SET, X509_R_INVALID_TRUST);
+               return 0;
+       }
+       *t = trust;
+       return 1;
+}
+
 int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
                                        char *name, int arg1, void *arg2)
 {
index c308d26ab8d692a9cb5323e6226bc403aab7e650..e08075e85a5ca4ec622b66ac28db589874e8f77f 100644 (file)
@@ -326,6 +326,8 @@ X509_STORE *X509_STORE_new(void );
 void X509_STORE_free(X509_STORE *v);
 
 void X509_STORE_set_flags(X509_STORE *ctx, long flags);
+int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
+int X509_STORE_set_trust(X509_STORE *ctx, int trust);
 
 X509_STORE_CTX *X509_STORE_CTX_new(void);
 
index 39c20d48e89d3861dc1120bc792583973714fb3f..ad550162365dcc12ef676a3f142442339aea6501 100644 (file)
@@ -121,6 +121,16 @@ int X509_check_purpose(X509 *x, int id, int ca)
        return pt->check_purpose(pt, x, ca);
 }
 
+int X509_PURPOSE_set(int *p, int purpose)
+{
+       if(X509_PURPOSE_get_by_id(purpose) == -1) {
+               X509V3err(X509V3_F_X509_PURPOSE_SET, X509V3_R_INVALID_PURPOSE);
+               return 0;
+       }
+       *p = purpose;
+       return 1;
+}
+
 int X509_PURPOSE_get_count(void)
 {
        if(!xptable) return X509_PURPOSE_COUNT;
index db2ef8d9bf433e73c2248c112b82d51a7be99e98..6458e95bb91836bea119c025a9c2abe57c8bdab1 100644 (file)
@@ -107,6 +107,7 @@ static ERR_STRING_DATA X509V3_str_functs[]=
 {ERR_PACK(0,X509V3_F_X509V3_GET_VALUE_BOOL,0), "X509V3_get_value_bool"},
 {ERR_PACK(0,X509V3_F_X509V3_PARSE_LIST,0),     "X509V3_parse_list"},
 {ERR_PACK(0,X509V3_F_X509_PURPOSE_ADD,0),      "X509_PURPOSE_add"},
+{ERR_PACK(0,X509V3_F_X509_PURPOSE_SET,0),      "X509_PURPOSE_set"},
 {0,NULL}
        };
 
@@ -138,6 +139,7 @@ static ERR_STRING_DATA X509V3_str_reasons[]=
 {X509V3_R_INVALID_OBJECT_IDENTIFIER      ,"invalid object identifier"},
 {X509V3_R_INVALID_OPTION                 ,"invalid option"},
 {X509V3_R_INVALID_POLICY_IDENTIFIER      ,"invalid policy identifier"},
+{X509V3_R_INVALID_PURPOSE                ,"invalid purpose"},
 {X509V3_R_INVALID_SECTION                ,"invalid section"},
 {X509V3_R_INVALID_SYNTAX                 ,"invalid syntax"},
 {X509V3_R_ISSUER_DECODE_ERROR            ,"issuer decode error"},
index 6b186de724420dfb28109ca825cb9d9e517d02b7..65ef776d7e7a7aabe5497608cfaeef22d5901337 100644 (file)
@@ -518,6 +518,7 @@ int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
 int X509V3_extensions_print(BIO *out, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent);
 
 int X509_check_purpose(X509 *x, int id, int ca);
+int X509_PURPOSE_set(int *p, int purpose);
 int X509_check_issued(X509 *issuer, X509 *subject);
 int X509_PURPOSE_get_count(void);
 X509_PURPOSE * X509_PURPOSE_get0(int idx);
@@ -541,6 +542,7 @@ void X509_email_free(STACK *sk);
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
  */
+void ERR_load_X509V3_strings(void);
 
 /* Error codes for the X509V3 functions. */
 
@@ -586,6 +588,7 @@ void X509_email_free(STACK *sk);
 #define X509V3_F_X509V3_GET_VALUE_BOOL                  110
 #define X509V3_F_X509V3_PARSE_LIST                      109
 #define X509V3_F_X509_PURPOSE_ADD                       137
+#define X509V3_F_X509_PURPOSE_SET                       141
 
 /* Reason codes. */
 #define X509V3_R_BAD_IP_ADDRESS                                 118
@@ -614,6 +617,7 @@ void X509_email_free(STACK *sk);
 #define X509V3_R_INVALID_OBJECT_IDENTIFIER              110
 #define X509V3_R_INVALID_OPTION                                 138
 #define X509V3_R_INVALID_POLICY_IDENTIFIER              134
+#define X509V3_R_INVALID_PURPOSE                        146
 #define X509V3_R_INVALID_SECTION                        135
 #define X509V3_R_INVALID_SYNTAX                                 143
 #define X509V3_R_ISSUER_DECODE_ERROR                    126
@@ -639,4 +643,3 @@ void X509_email_free(STACK *sk);
 }
 #endif
 #endif
-
index c1a545a5ff808362a9f591ec6a98c61b076151f3..ab9deafd7df51b8cdc38c6e27cebf7f87b3a2a6d 100644 (file)
@@ -333,42 +333,22 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
 
 int SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
 {
-       if(X509_PURPOSE_get_by_id(purpose) == -1) {
-               SSLerr(SSL_F_SSL_CTX_SET_PURPOSE, SSL_R_INVALID_PURPOSE);
-               return 0;
-       }
-       s->purpose = purpose;
-       return 1;
+       return X509_PURPOSE_set(&s->purpose, purpose);
 }
 
 int SSL_set_purpose(SSL *s, int purpose)
 {
-       if(X509_PURPOSE_get_by_id(purpose) == -1) {
-               SSLerr(SSL_F_SSL_SET_PURPOSE, SSL_R_INVALID_PURPOSE);
-               return 0;
-       }
-       s->purpose = purpose;
-       return 1;
+       return X509_PURPOSE_set(&s->purpose, purpose);
 }
-       
+
 int SSL_CTX_set_trust(SSL_CTX *s, int trust)
 {
-       if(X509_TRUST_get_by_id(trust) == -1) {
-               SSLerr(SSL_F_SSL_CTX_SET_TRUST, SSL_R_INVALID_TRUST);
-               return 0;
-       }
-       s->trust = trust;
-       return 1;
+       return X509_TRUST_set(&s->trust, trust);
 }
 
 int SSL_set_trust(SSL *s, int trust)
 {
-       if(X509_TRUST_get_by_id(trust) == -1) {
-               SSLerr(SSL_F_SSL_SET_TRUST, SSL_R_INVALID_TRUST);
-               return 0;
-       }
-       s->trust = trust;
-       return 1;
+       return X509_TRUST_set(&s->trust, trust);
 }
 
 void SSL_free(SSL *s)