Add X509_STORE_CTX_verify(), which takes the first untrusted cert as default target

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14021)

1 files changed, 2 insertions, 4 deletions

diff --git a/test/danetest.c b/test/danetest.c
index b0d6ffe563..25fd16a411 100644
--- a/test/danetest.c
+++ b/test/danetest.c
@@ -57,15 +57,13 @@ static int verify_chain(SSL *ssl, STACK_OF(X509) *chain)
     X509_STORE_CTX *store_ctx = NULL;
     SSL_CTX *ssl_ctx = NULL;
     X509_STORE *store = NULL;
-    X509 *cert = NULL;
     int ret = 0;
     int store_ctx_idx = SSL_get_ex_data_X509_STORE_CTX_idx();
 
     if (!TEST_ptr(store_ctx = X509_STORE_CTX_new())
             || !TEST_ptr(ssl_ctx = SSL_get_SSL_CTX(ssl))
             || !TEST_ptr(store = SSL_CTX_get_cert_store(ssl_ctx))
-            || !TEST_ptr(cert = sk_X509_value(chain, 0))
-            || !TEST_true(X509_STORE_CTX_init(store_ctx, store, cert, chain))
+            || !TEST_true(X509_STORE_CTX_init(store_ctx, store, NULL, chain))
             || !TEST_true(X509_STORE_CTX_set_ex_data(store_ctx, store_ctx_idx,
                                                      ssl)))
         goto end;
@@ -80,7 +78,7 @@ static int verify_chain(SSL *ssl, STACK_OF(X509) *chain)
         X509_STORE_CTX_set_verify_cb(store_ctx, SSL_get_verify_callback(ssl));
 
     /* Mask "internal failures" (-1) from our return value. */
-    if (!TEST_int_ge(ret = X509_verify_cert(store_ctx), 0))
+    if (!TEST_int_ge(ret = X509_STORE_CTX_verify(store_ctx), 0))
         ret = 0;
 
     SSL_set_verify_result(ssl, X509_STORE_CTX_get_error(store_ctx));