Changes between 0.9.4 and 0.9.5 [xx XXX 1999]
+ *) New function X509_cmp(). Oddly enough there wasn't a function
+ to compare two certificates. We do this by working out the SHA1
+ hash and comparing that. X509_cmp() will be needed by the trust
+ code.
+ [Steve Henson]
+
*) Correctly increment the reference count in the SSL_SESSION pointer
returned from SSL_get_session().
[Geoff Thorpe <geoff@eu.c2.net>]
unsigned long ex_kusage;
unsigned long ex_xkusage;
unsigned long ex_nscert;
+ unsigned char sha1_hash[SHA_DIGEST_LENGTH];
X509_CERT_AUX *aux;
} X509;
int X509_subject_name_cmp(X509 *a,X509 *b);
unsigned long X509_subject_name_hash(X509 *x);
+int X509_cmp (X509 *a, X509 *b);
int X509_NAME_cmp (X509_NAME *a, X509_NAME *b);
unsigned long X509_NAME_hash(X509_NAME *x);
#include <openssl/asn1.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
+#include <openssl/x509v3.h>
int X509_issuer_and_serial_cmp(X509 *a, X509 *b)
{
{
return(X509_NAME_hash(x->cert_info->subject));
}
+/* Compare two certificates: they must be identical for
+ * this to work.
+ */
+int X509_cmp(X509 *a, X509 *b)
+{
+ /* ensure hash is valid */
+ X509_check_purpose(a, -1, 0);
+ X509_check_purpose(b, -1, 0);
+ return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
+}
int X509_NAME_cmp(X509_NAME *a, X509_NAME *b)
{
x509v3_cache_extensions(x);
CRYPTO_w_unlock(CRYPTO_LOCK_X509);
}
+ if(id == -1) return 1;
idx = x509_purpose_get_idx(id);
if(idx == -1) return -1;
pt = sk_X509_PURPOSE_value(xptable, idx);
return pt->check_purpose(pt, x,ca);
}
-
+
STACK_OF(ASN1_OBJECT) *extusage;
int i;
if(x->ex_flags & EXFLAG_SET) return;
+ X509_digest(x, EVP_sha1(), x->sha1_hash, NULL);
/* Does subject name match issuer ? */
if(X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x)))
x->ex_flags |= EXFLAG_SS;
projects / oweals / openssl.git / commitdiff