diff options
| author | Lutz Jänicke <jaenicke@openssl.org> | 2001-07-30 11:45:34 +0000 |
|---|---|---|
| committer | Lutz Jänicke <jaenicke@openssl.org> | 2001-07-30 11:45:34 +0000 |
| commit | 1f0c9ad7e1a206edc95c477e981fb331c0f6460d (patch) | |
| tree | f2fb4e04f96a96114bd4acbfa8a39b36c8e9b385 | |
| parent | 06efc222f9620f6806dd9a59528cf3f9ee9171ee (diff) | |
Fix inconsistent behaviour with respect to verify_callback handling.
| -rw-r--r-- | CHANGES | 8 | ||||
| -rw-r--r-- | crypto/x509/x509_vfy.h | 2 | ||||
| -rw-r--r-- | ssl/ssl_cert.c | 2 | ||||
| -rw-r--r-- | ssl/ssl_lib.c | 2 |
4 files changed, 12 insertions, 2 deletions
@@ -12,6 +12,14 @@ *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7 +) applies to 0.9.7 only + *) Modified SSL library such that the verify_callback that has been set + specificly for an SSL object with SSL_set_verify() is actually being + used. Before the change, a verify_callback set with this function was + ignored and the verify_callback() set in the SSL_CTX at the time of + the call was used. New function X509_STORE_CTX_set_verify_cb() introduced + to allow the necessary settings. + [Lutz Jaenicke] + +) Initial reduction of linker bloat: the use of some functions, such as PEM causes large amounts of unused functions to be linked in due to poor organisation. For example pem_all.c contains every PEM function diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h index e08075e85a..b7e58b407e 100644 --- a/crypto/x509/x509_vfy.h +++ b/crypto/x509/x509_vfy.h @@ -397,6 +397,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, int purpose, int trust); void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags); void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t); +void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, + int (*verify_cb)(int, X509_STORE_CTX *)); #ifdef __cplusplus } diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 605e97e966..8a53b9fa4b 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -471,6 +471,8 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk) X509_STORE_CTX_purpose_inherit(&ctx, i, s->purpose, s->trust); + X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback); + if (s->ctx->app_verify_callback != NULL) i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */ else diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 34510963dc..f4dfdbf250 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1361,8 +1361,6 @@ void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *)) { ctx->verify_mode=mode; ctx->default_verify_callback=cb; - /* This needs cleaning up EAY EAY EAY */ - X509_STORE_set_verify_cb_func(ctx->cert_store,cb); } void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth) |