diff options
| author | Richard Levitte <levitte@openssl.org> | 2016-07-25 17:02:56 +0200 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2016-07-25 17:36:39 +0200 |
| commit | fe0169b09717b3c3d52c0fba96e1dcf5e8a60d94 (patch) | |
| tree | e18b998d2adf160cfdb25312dcb89b0ead1b0075 /crypto/x509v3/v3_purp.c | |
| parent | 3067095e8a2cca3d33fa0af77788bc45da68b76b (diff) | |
| download | openssl-fe0169b09717b3c3d52c0fba96e1dcf5e8a60d94.zip openssl-fe0169b09717b3c3d52c0fba96e1dcf5e8a60d94.tar.gz openssl-fe0169b09717b3c3d52c0fba96e1dcf5e8a60d94.tar.bz2 | |
Make it possible for external code to set the certiciate proxy path length
This adds the functions X509_set_proxy_pathlen(), which sets the
internal pc path length cache for a given X509 structure, along with
X509_get_proxy_pathlen(), which retrieves it.
Along with the previously added X509_set_proxy_flag(), this provides
the tools needed to manipulate all the information cached on proxy
certificates, allowing external code to do what's necessary to have
them verified correctly by the libcrypto code.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'crypto/x509v3/v3_purp.c')
| -rw-r--r-- | crypto/x509v3/v3_purp.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index 6174538..451e7f8 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -533,6 +533,11 @@ void X509_set_proxy_flag(X509 *x) x->ex_flags |= EXFLAG_PROXY; } +void X509_set_proxy_pathlen(X509 *x, long l) +{ + x->ex_pcpathlen = l; +} + int X509_check_ca(X509 *x) { if (!(x->ex_flags & EXFLAG_SET)) { @@ -849,3 +854,12 @@ long X509_get_pathlen(X509 *x) return -1; return x->ex_pathlen; } + +long X509_get_proxy_pathlen(X509 *x) +{ + /* Called for side effect of caching extensions */ + if (X509_check_purpose(x, -1, -1) != 1 + || (x->ex_flags & EXFLAG_PROXY) == 0) + return -1; + return x->ex_pcpathlen; +} |