diff options
| author | Lutz Jänicke <jaenicke@openssl.org> | 2001-07-30 11:48:20 +0000 |
|---|---|---|
| committer | Lutz Jänicke <jaenicke@openssl.org> | 2001-07-30 11:48:20 +0000 |
| commit | 03a70bad4fcfd8c63593f51d3d0bb8059fb3ef74 (patch) | |
| tree | 0b4695f9ccd437a7d6c6e550da903109c3cada32 | |
| parent | 7146221bbea3f0c7431fa0b922f8eedf3002b83b (diff) | |
Fix inconsistent behaviour with respect to verify_callback handling.
| -rw-r--r-- | CHANGES | 8 | ||||
| -rw-r--r-- | crypto/x509/x509_vfy.h | 2 | ||||
| -rw-r--r-- | ssl/ssl_cert.c | 2 | ||||
| -rw-r--r-- | ssl/ssl_lib.c | 2 |
4 files changed, 12 insertions, 2 deletions
@@ -4,6 +4,14 @@ Changes between 0.9.6b and 0.9.6c [XX xxx XXXX] + *) Modified SSL library such that the verify_callback that has been set + specificly for an SSL object with SSL_set_verify() is actually being + used. Before the change, a verify_callback set with this function was + ignored and the verify_callback() set in the SSL_CTX at the time of + the call was used. New function X509_STORE_CTX_set_verify_cb() introduced + to allow the necessary settings. + [Lutz Jaenicke] + *) Initialize static variable in crypto/dsa/dsa_lib.c and crypto/dh/dh_lib.c explicitely to NULL, as at least on Solaris 8 this seems not always to be done automatically (in contradiction to the requirements of the C diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h index e289d5309a..42151028a3 100644 --- a/crypto/x509/x509_vfy.h +++ b/crypto/x509/x509_vfy.h @@ -382,6 +382,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, int purpose, int trust); void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags); void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t); +void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, + int (*verify_cb)(int, X509_STORE_CTX *)); #ifdef __cplusplus } diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 27e7fcc60a..38c76a9d13 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -461,6 +461,8 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk) X509_STORE_CTX_purpose_inherit(&ctx, i, s->purpose, s->trust); + X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback); + if (s->ctx->app_verify_callback != NULL) i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */ else diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 11d8e4eac3..362b68984c 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1293,8 +1293,6 @@ void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *)) { ctx->verify_mode=mode; ctx->default_verify_callback=cb; - /* This needs cleaning up EAY EAY EAY */ - X509_STORE_set_verify_cb_func(ctx->cert_store,cb); } void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth) |