From 51227177b13b53ff5d6c77fd701f5172b6c1b358 Mon Sep 17 00:00:00 2001 From: Viktor Dukhovni Date: Mon, 25 Apr 2016 15:02:02 -0400 Subject: [PATCH] Added missing X509_STORE_CTX_set_error_depth() accessor Reviewed-by: Rich Salz --- crypto/x509/x509_vfy.c | 5 +++++ doc/crypto/X509_STORE_CTX_get_error.pod | 19 ++++++++++++------- include/openssl/x509_vfy.h | 1 + 3 files changed, 18 insertions(+), 7 deletions(-) diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index efa6bcaa67..b895ffe33e 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -1989,6 +1989,11 @@ int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx) return ctx->error_depth; } +void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth) +{ + ctx->error_depth = depth; +} + X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx) { return ctx->current_cert; diff --git a/doc/crypto/X509_STORE_CTX_get_error.pod b/doc/crypto/X509_STORE_CTX_get_error.pod index 1cc6bb5e8f..8c3975c6e2 100644 --- a/doc/crypto/X509_STORE_CTX_get_error.pod +++ b/doc/crypto/X509_STORE_CTX_get_error.pod @@ -3,8 +3,8 @@ =head1 NAME X509_STORE_CTX_get_error, X509_STORE_CTX_set_error, -X509_STORE_CTX_get_error_depth, X509_STORE_CTX_get_current_cert, -X509_STORE_CTX_get0_cert, +X509_STORE_CTX_get_error_depth, X509_STORE_CTX_set_error_depth, +X509_STORE_CTX_get_current_cert, X509_STORE_CTX_get0_cert, X509_STORE_CTX_get1_chain, X509_verify_cert_error_string - get or set certificate verification status information =head1 SYNOPSIS @@ -12,11 +12,12 @@ X509_STORE_CTX_get1_chain, X509_verify_cert_error_string - get or set certificat #include #include - int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); - void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s); - int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); - X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); - X509 * X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx); + int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); + void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s); + int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); + void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth); + X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); + X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx); STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx); @@ -39,6 +40,10 @@ non-negative integer representing where in the certificate chain the error occurred. If it is zero it occurred in the end entity certificate, one if it is the certificate which signed the end entity certificate and so on. +X509_STORE_CTX_set_error_depth() sets the error B. +This can be used in combination with X509_STORE_CTX_set_error() to set the +depth at which an error condition was detected. + X509_STORE_CTX_get0_cert() returns the leaf certificate being verified. X509_STORE_CTX_get_current_cert() returns the certificate in B which diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h index 99d5e21a62..f357d1a66a 100644 --- a/include/openssl/x509_vfy.h +++ b/include/openssl/x509_vfy.h @@ -366,6 +366,7 @@ void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx); int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s); int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth); X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx); X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx); -- 2.25.1