From: Lutz Jänicke Date: Mon, 30 Jul 2001 11:48:20 +0000 (+0000) Subject: Fix inconsistent behaviour with respect to verify_callback handling. X-Git-Tag: OpenSSL_0_9_6c~164 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=03a70bad4fcfd8c63593f51d3d0bb8059fb3ef74;p=oweals%2Fopenssl.git Fix inconsistent behaviour with respect to verify_callback handling. --- diff --git a/CHANGES b/CHANGES index cd09953212..7da81adc20 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,14 @@ Changes between 0.9.6b and 0.9.6c [XX xxx XXXX] + *) Modified SSL library such that the verify_callback that has been set + specificly for an SSL object with SSL_set_verify() is actually being + used. Before the change, a verify_callback set with this function was + ignored and the verify_callback() set in the SSL_CTX at the time of + the call was used. New function X509_STORE_CTX_set_verify_cb() introduced + to allow the necessary settings. + [Lutz Jaenicke] + *) Initialize static variable in crypto/dsa/dsa_lib.c and crypto/dh/dh_lib.c explicitely to NULL, as at least on Solaris 8 this seems not always to be done automatically (in contradiction to the requirements of the C diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h index e289d5309a..42151028a3 100644 --- a/crypto/x509/x509_vfy.h +++ b/crypto/x509/x509_vfy.h @@ -382,6 +382,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, int purpose, int trust); void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags); void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t); +void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, + int (*verify_cb)(int, X509_STORE_CTX *)); #ifdef __cplusplus } diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 27e7fcc60a..38c76a9d13 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -461,6 +461,8 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk) X509_STORE_CTX_purpose_inherit(&ctx, i, s->purpose, s->trust); + X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback); + if (s->ctx->app_verify_callback != NULL) i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */ else diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 11d8e4eac3..362b68984c 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1293,8 +1293,6 @@ void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *)) { ctx->verify_mode=mode; ctx->default_verify_callback=cb; - /* This needs cleaning up EAY EAY EAY */ - X509_STORE_set_verify_cb_func(ctx->cert_store,cb); } void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth)