Tidy existing code.
*) applies to 0.9.6a (/0.9.6b) and 0.9.7
+) applies to 0.9.7 only
+ +) New functions X509_PURPOSE_set() and X509_TRUST_set() to handle
+ setting of purpose and trust fields. New X509_STORE trust and
+ purpose functions and tidy up setting in other SSL functions.
+ [Steve Henson]
+
+) Add copies of X509_STORE_CTX fields and callbacks to X509_STORE
structure. These are inherited by X509_STORE_CTX when it is
initialised. This allows various defaults to be set in the
int X509_keyid_set1(X509 *x, unsigned char *id, int len);
unsigned char * X509_alias_get0(X509 *x, int *len);
int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int);
+int X509_TRUST_set(int *t, int trust);
int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj);
int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj);
void X509_trust_clear(X509 *x);
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
+void ERR_load_X509_strings(void);
/* Error codes for the X509 functions. */
#define X509_F_X509_STORE_CTX_PURPOSE_INHERIT 134
#define X509_F_X509_TO_X509_REQ 126
#define X509_F_X509_TRUST_ADD 133
+#define X509_F_X509_TRUST_SET 141
#define X509_F_X509_VERIFY_CERT 127
/* Reason codes. */
#define X509_R_ERR_ASN1_LIB 102
#define X509_R_INVALID_DIRECTORY 113
#define X509_R_INVALID_FIELD_NAME 119
+#define X509_R_INVALID_TRUST 123
#define X509_R_KEY_TYPE_MISMATCH 115
#define X509_R_KEY_VALUES_MISMATCH 116
#define X509_R_LOADING_CERT_DIR 103
}
#endif
#endif
-
{ERR_PACK(0,X509_F_X509_STORE_CTX_PURPOSE_INHERIT,0), "X509_STORE_CTX_purpose_inherit"},
{ERR_PACK(0,X509_F_X509_TO_X509_REQ,0), "X509_to_X509_REQ"},
{ERR_PACK(0,X509_F_X509_TRUST_ADD,0), "X509_TRUST_add"},
+{ERR_PACK(0,X509_F_X509_TRUST_SET,0), "X509_TRUST_set"},
{ERR_PACK(0,X509_F_X509_VERIFY_CERT,0), "X509_verify_cert"},
{0,NULL}
};
{X509_R_ERR_ASN1_LIB ,"err asn1 lib"},
{X509_R_INVALID_DIRECTORY ,"invalid directory"},
{X509_R_INVALID_FIELD_NAME ,"invalid field name"},
+{X509_R_INVALID_TRUST ,"invalid trust"},
{X509_R_KEY_TYPE_MISMATCH ,"key type mismatch"},
{X509_R_KEY_VALUES_MISMATCH ,"key values mismatch"},
{X509_R_LOADING_CERT_DIR ,"loading cert dir"},
#include "cryptlib.h"
#include <openssl/lhash.h>
#include <openssl/x509.h>
+#include <openssl/x509v3.h>
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_store_meth=NULL;
ctx->flags |= flags;
}
+int X509_STORE_set_purpose(X509_STORE *ctx, int purpose)
+ {
+ return X509_PURPOSE_set(&ctx->purpose, purpose);
+ }
+
+int X509_STORE_set_trust(X509_STORE *ctx, int trust)
+ {
+ return X509_TRUST_set(&ctx->trust, trust);
+ }
+
IMPLEMENT_STACK_OF(X509_LOOKUP)
IMPLEMENT_STACK_OF(X509_OBJECT)
return idx + X509_TRUST_COUNT;
}
+int X509_TRUST_set(int *t, int trust)
+{
+ if(X509_TRUST_get_by_id(trust) == -1) {
+ X509err(X509_F_X509_TRUST_SET, X509_R_INVALID_TRUST);
+ return 0;
+ }
+ *t = trust;
+ return 1;
+}
+
int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
char *name, int arg1, void *arg2)
{
void X509_STORE_free(X509_STORE *v);
void X509_STORE_set_flags(X509_STORE *ctx, long flags);
+int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
+int X509_STORE_set_trust(X509_STORE *ctx, int trust);
X509_STORE_CTX *X509_STORE_CTX_new(void);
return pt->check_purpose(pt, x, ca);
}
+int X509_PURPOSE_set(int *p, int purpose)
+{
+ if(X509_PURPOSE_get_by_id(purpose) == -1) {
+ X509V3err(X509V3_F_X509_PURPOSE_SET, X509V3_R_INVALID_PURPOSE);
+ return 0;
+ }
+ *p = purpose;
+ return 1;
+}
+
int X509_PURPOSE_get_count(void)
{
if(!xptable) return X509_PURPOSE_COUNT;
{ERR_PACK(0,X509V3_F_X509V3_GET_VALUE_BOOL,0), "X509V3_get_value_bool"},
{ERR_PACK(0,X509V3_F_X509V3_PARSE_LIST,0), "X509V3_parse_list"},
{ERR_PACK(0,X509V3_F_X509_PURPOSE_ADD,0), "X509_PURPOSE_add"},
+{ERR_PACK(0,X509V3_F_X509_PURPOSE_SET,0), "X509_PURPOSE_set"},
{0,NULL}
};
{X509V3_R_INVALID_OBJECT_IDENTIFIER ,"invalid object identifier"},
{X509V3_R_INVALID_OPTION ,"invalid option"},
{X509V3_R_INVALID_POLICY_IDENTIFIER ,"invalid policy identifier"},
+{X509V3_R_INVALID_PURPOSE ,"invalid purpose"},
{X509V3_R_INVALID_SECTION ,"invalid section"},
{X509V3_R_INVALID_SYNTAX ,"invalid syntax"},
{X509V3_R_ISSUER_DECODE_ERROR ,"issuer decode error"},
int X509V3_extensions_print(BIO *out, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent);
int X509_check_purpose(X509 *x, int id, int ca);
+int X509_PURPOSE_set(int *p, int purpose);
int X509_check_issued(X509 *issuer, X509 *subject);
int X509_PURPOSE_get_count(void);
X509_PURPOSE * X509_PURPOSE_get0(int idx);
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
+void ERR_load_X509V3_strings(void);
/* Error codes for the X509V3 functions. */
#define X509V3_F_X509V3_GET_VALUE_BOOL 110
#define X509V3_F_X509V3_PARSE_LIST 109
#define X509V3_F_X509_PURPOSE_ADD 137
+#define X509V3_F_X509_PURPOSE_SET 141
/* Reason codes. */
#define X509V3_R_BAD_IP_ADDRESS 118
#define X509V3_R_INVALID_OBJECT_IDENTIFIER 110
#define X509V3_R_INVALID_OPTION 138
#define X509V3_R_INVALID_POLICY_IDENTIFIER 134
+#define X509V3_R_INVALID_PURPOSE 146
#define X509V3_R_INVALID_SECTION 135
#define X509V3_R_INVALID_SYNTAX 143
#define X509V3_R_ISSUER_DECODE_ERROR 126
}
#endif
#endif
-
int SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
{
- if(X509_PURPOSE_get_by_id(purpose) == -1) {
- SSLerr(SSL_F_SSL_CTX_SET_PURPOSE, SSL_R_INVALID_PURPOSE);
- return 0;
- }
- s->purpose = purpose;
- return 1;
+ return X509_PURPOSE_set(&s->purpose, purpose);
}
int SSL_set_purpose(SSL *s, int purpose)
{
- if(X509_PURPOSE_get_by_id(purpose) == -1) {
- SSLerr(SSL_F_SSL_SET_PURPOSE, SSL_R_INVALID_PURPOSE);
- return 0;
- }
- s->purpose = purpose;
- return 1;
+ return X509_PURPOSE_set(&s->purpose, purpose);
}
-
+
int SSL_CTX_set_trust(SSL_CTX *s, int trust)
{
- if(X509_TRUST_get_by_id(trust) == -1) {
- SSLerr(SSL_F_SSL_CTX_SET_TRUST, SSL_R_INVALID_TRUST);
- return 0;
- }
- s->trust = trust;
- return 1;
+ return X509_TRUST_set(&s->trust, trust);
}
int SSL_set_trust(SSL *s, int trust)
{
- if(X509_TRUST_get_by_id(trust) == -1) {
- SSLerr(SSL_F_SSL_SET_TRUST, SSL_R_INVALID_TRUST);
- return 0;
- }
- s->trust = trust;
- return 1;
+ return X509_TRUST_set(&s->trust, trust);
}
void SSL_free(SSL *s)