diff options
author | Shane Lontis <shane.lontis@oracle.com> | 2020-07-24 22:53:27 +1000 |
---|---|---|
committer | Shane Lontis <shane.lontis@oracle.com> | 2020-07-24 22:53:27 +1000 |
commit | 6725682d77510bf6d499957897d7be124d603f40 (patch) | |
tree | 447e5bce5607b4873f7f018df1b2e4c21a394e92 /crypto/ess | |
parent | ae89578be2930c726d6ef56451233757a89f224f (diff) |
Add X509 related libctx changes.
- In order to not add many X509_XXXX_with_libctx() functions the libctx and propq may be stored in the X509 object via a call to X509_new_with_libctx().
- Loading via PEM_read_bio_X509() or d2i_X509() should pass in a created cert using X509_new_with_libctx().
- Renamed some XXXX_ex() to XXX_with_libctx() for X509 API's.
- Removed the extra parameters in check_purpose..
- X509_digest() has been modified so that it expects a const EVP_MD object() and then internally it does the fetch when it needs to (via ASN1_item_digest_with_libctx()).
- Added API's that set the libctx when they load such as X509_STORE_new_with_libctx() so that the cert chains can be verified.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12153)
Diffstat (limited to 'crypto/ess')
-rw-r--r-- | crypto/ess/ess_lib.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/crypto/ess/ess_lib.c b/crypto/ess/ess_lib.c index 4a7a2632ba..ad0d6f332c 100644 --- a/crypto/ess/ess_lib.c +++ b/crypto/ess/ess_lib.c @@ -12,6 +12,7 @@ #include <openssl/err.h> #include <openssl/ess.h> #include "crypto/ess.h" +#include "crypto/x509.h" DEFINE_STACK_OF(ESS_CERT_ID) DEFINE_STACK_OF(ESS_CERT_ID_V2) @@ -61,7 +62,7 @@ static ESS_CERT_ID *ESS_CERT_ID_new_init(X509 *cert, int issuer_needed) unsigned char cert_sha1[SHA_DIGEST_LENGTH]; /* Call for side-effect of computing hash and caching extensions */ - if (!X509v3_cache_extensions(cert, NULL, NULL)) + if (!x509v3_cache_extensions(cert)) return NULL; if ((cid = ESS_CERT_ID_new()) == NULL) @@ -304,7 +305,7 @@ int ess_find_cert(const STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert) return -1; /* Recompute SHA1 hash of certificate if necessary (side effect). */ - if (!X509v3_cache_extensions(cert, NULL, NULL)) + if (!x509v3_cache_extensions(cert)) return -1; /* TODO(3.0): fetch sha1 algorithm from providers */ |