diff options
| author |   beck <beck@openbsd.org> | 2000-03-19 11:07:35 +0000 |
|---|---|---|
| committer | beck <beck@openbsd.org> | 2000-03-19 11:07:35 +0000 |
| commit | ba5406e9b35230c537ab6fcb7b2fb173a1cea3c3 (patch) | |
| tree | a7183e186150526f5c72717dac37cdabf1b43e51 /lib/libssl/ssl_cert.c | |
| parent | Allow environment variables on command/config lines; markk@knigma.org (diff) | |
| download | wireguard-openbsd-ba5406e9b35230c537ab6fcb7b2fb173a1cea3c3.tar.xz wireguard-openbsd-ba5406e9b35230c537ab6fcb7b2fb173a1cea3c3.zip | |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
Diffstat (limited to 'lib/libssl/ssl_cert.c')
| -rw-r--r-- | lib/libssl/ssl_cert.c | 33 |
1 files changed, 26 insertions, 7 deletions
diff --git a/lib/libssl/ssl_cert.c b/lib/libssl/ssl_cert.c index 6d2511f76c2..48f247ceaca 100644 --- a/lib/libssl/ssl_cert.c +++ b/lib/libssl/ssl_cert.c @@ -105,17 +105,26 @@ */ #include <stdio.h> -#include <sys/types.h> -#if !defined(WIN32) && !defined(VSM) && !defined(NeXT) + +#include "openssl/e_os.h" + +#ifndef NO_SYS_TYPES_H +# include <sys/types.h> +#endif + +#if !defined(WIN32) && !defined(VSM) && !defined(NeXT) && !defined(MAC_OS_pre_X) #include <dirent.h> #endif + #ifdef NeXT #include <sys/dir.h> #define dirent direct #endif + #include <openssl/objects.h> #include <openssl/bio.h> #include <openssl/pem.h> +#include <openssl/x509v3.h> #include "ssl_locl.h" int SSL_get_ex_data_X509_STORE_CTX_idx(void) @@ -422,8 +431,16 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk) X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk); if (SSL_get_verify_depth(s) >= 0) X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s)); - X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(), - (char *)s); + X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),s); + /* We need to set the verify purpose. The purpose can be determined by + * the context: if its a server it will verify SSL client certificates + * or vice versa. + */ + + if(s->server) i = X509_PURPOSE_SSL_CLIENT; + else i = X509_PURPOSE_SSL_SERVER; + + X509_STORE_CTX_purpose_inherit(&ctx, i, s->purpose, s->trust); if (s->ctx->app_verify_callback != NULL) i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */ @@ -534,7 +551,7 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x) return(add_client_CA(&(ctx->client_CA),x)); } -static int name_cmp(X509_NAME **a,X509_NAME **b) +static int xname_cmp(X509_NAME **a,X509_NAME **b) { return(X509_NAME_cmp(*a,*b)); } @@ -556,7 +573,7 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file) STACK_OF(X509_NAME) *ret,*sk; ret=sk_X509_NAME_new(NULL); - sk=sk_X509_NAME_new(name_cmp); + sk=sk_X509_NAME_new(xname_cmp); in=BIO_new(BIO_s_file_internal()); @@ -617,7 +634,7 @@ int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, int ret=1; int (*oldcmp)(X509_NAME **a, X509_NAME **b); - oldcmp=sk_X509_NAME_set_cmp_func(stack,name_cmp); + oldcmp=sk_X509_NAME_set_cmp_func(stack,xname_cmp); in=BIO_new(BIO_s_file_internal()); @@ -671,6 +688,7 @@ err: #ifndef WIN32 #ifndef VMS /* XXXX This may be fixed in the future */ +#ifndef MAC_OS_pre_X int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, const char *dir) @@ -714,3 +732,4 @@ err: #endif #endif +#endif |