diff options
| author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-05-13 16:03:26 +0200 |
|---|---|---|
| committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-08-21 09:04:12 +0200 |
| commit | 28e9f62b2dd5f59218bd7d5c3ef877dd06e5eb97 (patch) | |
| tree | 0dcb04286e0915154867c5c3b56ed80916d5ca5f /crypto/cmp/cmp_util.c | |
| parent | 1930b58642a67eecf23708aa71df9e193e849a3c (diff) | |
cmp_util.c: Add OPENSSL_CTX parameter to ossl_cmp_build_cert_chain(), improve its doc
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
Diffstat (limited to 'crypto/cmp/cmp_util.c')
| -rw-r--r-- | crypto/cmp/cmp_util.c | 18 |
1 files changed, 10 insertions, 8 deletions
diff --git a/crypto/cmp/cmp_util.c b/crypto/cmp/cmp_util.c index 0ec69d0bb5..318314771e 100644 --- a/crypto/cmp/cmp_util.c +++ b/crypto/cmp/cmp_util.c @@ -206,19 +206,19 @@ int ossl_cmp_X509_STORE_add1_certs(X509_STORE *store, STACK_OF(X509) *certs, } /*- - * Builds up the certificate chain of certs as high up as possible using - * the given list of certs containing all possible intermediate certificates and - * optionally the (possible) trust anchor(s). See also ssl_add_cert_chain(). + * Builds up the chain of intermediate CA certificates + * starting from of the given certificate <cert> as high up as possible using + * the given list of candidate certificates, similarly to ssl_add_cert_chain(). * * Intended use of this function is to find all the certificates above the trust * anchor needed to verify an EE's own certificate. Those are supposed to be - * included in the ExtraCerts field of every first sent message of a transaction + * included in the ExtraCerts field of every first CMP message of a transaction * when MSG_SIG_ALG is utilized. * * NOTE: This allocates a stack and increments the reference count of each cert, * so when not needed any more the stack and all its elements should be freed. - * NOTE: in case there is more than one possibility for the chain, - * OpenSSL seems to take the first one, check X509_verify_cert() for details. + * NOTE: In case there is more than one possibility for the chain, + * OpenSSL seems to take the first one; check X509_verify_cert() for details. * * returns a pointer to a stack of (up_ref'ed) X509 certificates containing: * - the EE certificate given in the function arguments (cert) @@ -226,7 +226,9 @@ int ossl_cmp_X509_STORE_add1_certs(X509_STORE *store, STACK_OF(X509) *certs, * whereas the (self-signed) trust anchor is not included * returns NULL on error */ -STACK_OF(X509) *ossl_cmp_build_cert_chain(STACK_OF(X509) *certs, X509 *cert) +STACK_OF(X509) + *ossl_cmp_build_cert_chain(OPENSSL_CTX *libctx, const char *propq, + STACK_OF(X509) *certs, X509 *cert) { STACK_OF(X509) *chain = NULL, *result = NULL; X509_STORE *store = X509_STORE_new(); @@ -237,7 +239,7 @@ STACK_OF(X509) *ossl_cmp_build_cert_chain(STACK_OF(X509) *certs, X509 *cert) goto err; } - csc = X509_STORE_CTX_new(); + csc = X509_STORE_CTX_new_with_libctx(libctx, propq); if (csc == NULL) goto err; |