diff options
author | Richard Levitte <levitte@openssl.org> | 2016-07-20 16:23:34 +0200 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2016-07-25 17:20:58 +0200 |
commit | 0a5fe2eb94ad7085fee59c3908b546af7530c9d3 (patch) | |
tree | 1dc47422873297fd1b57ccb8575f163a5064cc18 /crypto | |
parent | 1060a50b6d70cf801e08c6b97835397d1c222af9 (diff) | |
download | openssl-0a5fe2eb94ad7085fee59c3908b546af7530c9d3.zip openssl-0a5fe2eb94ad7085fee59c3908b546af7530c9d3.tar.gz openssl-0a5fe2eb94ad7085fee59c3908b546af7530c9d3.tar.bz2 |
Add setter and getter for X509_STORE's check_policy
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/include/internal/x509_int.h | 1 | ||||
-rw-r--r-- | crypto/x509/x509_lcl.h | 2 | ||||
-rw-r--r-- | crypto/x509/x509_lu.c | 11 | ||||
-rw-r--r-- | crypto/x509/x509_vfy.c | 7 |
4 files changed, 19 insertions, 2 deletions
diff --git a/crypto/include/internal/x509_int.h b/crypto/include/internal/x509_int.h index c5472e1..545f909 100644 --- a/crypto/include/internal/x509_int.h +++ b/crypto/include/internal/x509_int.h @@ -204,6 +204,7 @@ struct x509_store_ctx_st { /* X509_STORE_CTX */ int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl); /* Check certificate against CRL */ int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); + /* Check policy status of the chain */ int (*check_policy) (X509_STORE_CTX *ctx); STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm); STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm); diff --git a/crypto/x509/x509_lcl.h b/crypto/x509/x509_lcl.h index 340bb60..2120b7e 100644 --- a/crypto/x509/x509_lcl.h +++ b/crypto/x509/x509_lcl.h @@ -123,6 +123,8 @@ struct x509_store_st { int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl); /* Check certificate against CRL */ int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); + /* Check policy status of the chain */ + int (*check_policy) (X509_STORE_CTX *ctx); STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm); STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm); int (*cleanup) (X509_STORE_CTX *ctx); diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index 26902d7..337482d 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -801,6 +801,17 @@ X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE *ctx) return ctx->cert_crl; } +void X509_STORE_set_check_policy(X509_STORE *ctx, + X509_STORE_CTX_check_policy_fn check_policy) +{ + ctx->check_policy = check_policy; +} + +X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(X509_STORE *ctx) +{ + return ctx->check_policy; +} + void X509_STORE_set_lookup_certs(X509_STORE *ctx, X509_STORE_CTX_lookup_certs_fn lookup_certs) { diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 649390c..a290a5e 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -2285,6 +2285,11 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, else ctx->cert_crl = cert_crl; + if (store && store->check_policy) + ctx->check_policy = store->check_policy; + else + ctx->check_policy = check_policy; + if (store && store->lookup_certs) ctx->lookup_certs = store->lookup_certs; else @@ -2295,8 +2300,6 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, else ctx->lookup_crls = X509_STORE_CTX_get1_crls; - ctx->check_policy = check_policy; - ctx->param = X509_VERIFY_PARAM_new(); if (ctx->param == NULL) { X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE); |