diff options
author | Christian Heimes <cheimes@redhat.com> | 2016-04-19 21:11:30 +0200 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2016-04-28 20:02:27 +0200 |
commit | f0c58c3212d4796ea25d9baaea992bc5137fde34 (patch) | |
tree | 6e6231fdbf9f111311539be50306a99204ffce90 | |
parent | d5553b4cb5da81c157040fb9d1bedeeed0cf4703 (diff) |
Add getters for X509_STORE and X509_OBJECT members
OpenSSL 1.1.0-pre5 has made some additional structs opaque. Python's ssl
module requires access to some of the struct members. Three new getters
are added:
int X509_OBJECT_get_type(X509_OBJECT *a);
STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v);
X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx);
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
-rw-r--r-- | crypto/x509/x509_lu.c | 15 | ||||
-rw-r--r-- | doc/crypto/X509_STORE_get0_param.pod | 48 | ||||
-rw-r--r-- | doc/crypto/X509_STORE_new.pod | 5 | ||||
-rw-r--r-- | include/openssl/x509_vfy.h | 3 | ||||
-rw-r--r-- | util/libcrypto.num | 3 |
5 files changed, 74 insertions, 0 deletions
diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index 92c25996a7..b77a79682d 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -436,6 +436,11 @@ X509 *X509_OBJECT_get0_X509(X509_OBJECT *a) return a->data.x509; } +int X509_OBJECT_get_type(X509_OBJECT *a) +{ + return a->type; +} + void X509_OBJECT_free(X509_OBJECT *a) { if (a == NULL) @@ -515,6 +520,11 @@ X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, return sk_X509_OBJECT_value(h, idx); } +STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v) +{ + return v->objs; +} + STACK_OF(X509) *X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) { int i, idx, cnt; @@ -729,6 +739,11 @@ int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *param) return X509_VERIFY_PARAM_set1(ctx->param, param); } +X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx) +{ + return ctx->param; +} + void X509_STORE_set_verify_cb(X509_STORE *ctx, int (*verify_cb) (int, X509_STORE_CTX *)) { diff --git a/doc/crypto/X509_STORE_get0_param.pod b/doc/crypto/X509_STORE_get0_param.pod new file mode 100644 index 0000000000..82611e6ab4 --- /dev/null +++ b/doc/crypto/X509_STORE_get0_param.pod @@ -0,0 +1,48 @@ +=pod + +=head1 NAME + +X509_STORE_get0_param, X509_STORE_set1_param, +X509_STORE_get0_objects - X509_STORE setter and getter functions + +=head1 SYNOPSIS + + #include <openssl/x509_vfy.h> + + X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx); + int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm); + STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *ctx); + +=head1 DESCRIPTION + +X509_STORE_set1_param() sets the verification parameters +to B<pm> for B<ctx>. + +X509_STORE_get0_param() retrieves an internal pointer to the verification +parameters for B<ctx>. The returned pointer must not be freed by the +calling application + +X509_STORE_get0_objects() retrieve an internal pointer to the store's +X509 object cache. The cache contains B<X509> and B<X509_CRL> objects. The +returned pointer must not be freed by the calling application. + + +=head1 RETURN VALUES + +X509_STORE_get0_param() returns a pointer to an +B<X509_VERIFY_PARAM> structure. + +X509_STORE_set1_param() returns 1 for success and 0 for failure. + +X509_STORE_get0_objects() returns a pointer to a stack of B<X509_OBJECT>. + +=head1 SEE ALSO + +L<X509_STORE_new(3)> + +=head1 HISTORY + +B<X509_STORE_get0_param> and B<X509_STORE_get0_objects> were added in +OpenSSL version 1.1.0. + +=cut diff --git a/doc/crypto/X509_STORE_new.pod b/doc/crypto/X509_STORE_new.pod index 37cabb5c55..0512ad3383 100644 --- a/doc/crypto/X509_STORE_new.pod +++ b/doc/crypto/X509_STORE_new.pod @@ -32,5 +32,10 @@ X509_STORE_free() does not return values. =head1 SEE ALSO L<X509_STORE_set_verify_cb_func(3)> +L<X509_STORE_get0_param(3)> + +=head1 HISTORY + +The B<X509_STORE_up_ref> function was added in OpenSSL 1.1.0 =cut diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h index 65370b4aef..0bbebe1eba 100644 --- a/include/openssl/x509_vfy.h +++ b/include/openssl/x509_vfy.h @@ -272,11 +272,13 @@ X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x); void X509_OBJECT_up_ref_count(X509_OBJECT *a); void X509_OBJECT_free(X509_OBJECT *a); +int X509_OBJECT_get_type(X509_OBJECT *a); X509 *X509_OBJECT_get0_X509(X509_OBJECT *a); void X509_OBJECT_free_contents(X509_OBJECT *a); X509_STORE *X509_STORE_new(void); void X509_STORE_free(X509_STORE *v); int X509_STORE_up_ref(X509_STORE *v); +STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v); STACK_OF(X509) *X509_STORE_get1_certs(X509_STORE_CTX *st, X509_NAME *nm); STACK_OF(X509_CRL) *X509_STORE_get1_crls(X509_STORE_CTX *st, X509_NAME *nm); @@ -284,6 +286,7 @@ int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags); int X509_STORE_set_purpose(X509_STORE *ctx, int purpose); int X509_STORE_set_trust(X509_STORE *ctx, int trust); int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm); +X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx); void X509_STORE_set_verify_cb(X509_STORE *ctx, int (*verify_cb) (int, X509_STORE_CTX *)); diff --git a/util/libcrypto.num b/util/libcrypto.num index 1f254ba832..16fb748248 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4209,3 +4209,6 @@ X509_STORE_CTX_set0_untrusted 4082 1_1_0 EXIST::FUNCTION: OPENSSL_hexchar2int 4083 1_1_0 EXIST::FUNCTION: X509_STORE_set_ex_data 4084 1_1_0 EXIST::FUNCTION: X509_STORE_get_ex_data 4085 1_1_0 EXIST::FUNCTION: +X509_STORE_get0_objects 4086 1_1_0 EXIST::FUNCTION: +X509_STORE_get0_param 4087 1_1_0 EXIST::FUNCTION: +X509_OBJECT_get_type 4088 1_1_0 EXIST::FUNCTION: |