diff options
| author | Viktor Dukhovni <openssl-users@dukhovni.org> | 2015-12-29 13:28:28 -0500 |
|---|---|---|
| committer | Viktor Dukhovni <openssl-users@dukhovni.org> | 2016-01-05 19:31:49 -0500 |
| commit | 919ba009429b3617e975933f37a23be996a33b8d (patch) | |
| tree | ffe91f4f27fd4d8b3d3401f1e860212f15c8b993 /crypto/x509 | |
| parent | e29c73c93b88a4b7f492c7c8c7343223e7548612 (diff) | |
DANE support structures, constructructors and accessors
Also tweak some of the code in demos/bio, to enable interactive
testing of BIO_s_accept's use of SSL_dup. Changed the sconnect
client to authenticate the server, which now exercises the new
SSL_set1_host() function.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'crypto/x509')
| -rw-r--r-- | crypto/x509/x509_vfy.c | 7 | ||||
| -rw-r--r-- | crypto/x509/x509_vpm.c | 18 |
2 files changed, 25 insertions, 0 deletions
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 57fcf91b30..1c509a9961 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -70,6 +70,7 @@ #include <openssl/x509.h> #include <openssl/x509v3.h> #include <openssl/objects.h> +#include <internal/dane.h> #include <internal/x509_int.h> #include "x509_lcl.h" @@ -2072,6 +2073,7 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, ctx->current_reasons = 0; ctx->tree = NULL; ctx->parent = NULL; + ctx->dane = NULL; /* Zero ex_data to make sure we're cleanup-safe */ memset(&ctx->ex_data, 0, sizeof(ctx->ex_data)); @@ -2263,6 +2265,11 @@ void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param) ctx->param = param; } +void X509_STORE_CTX_set0_dane(X509_STORE_CTX *ctx, struct dane_st *dane) +{ + ctx->dane = dane; +} + static int build_chain(X509_STORE_CTX *ctx) { int (*cb) (int, X509_STORE_CTX *) = ctx->verify_cb; diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c index 2a15f82ea1..827360d622 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c @@ -444,6 +444,24 @@ char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param) return param->peername; } +/* + * Move peername from one param structure to another, freeing any name present + * at the target. If the source is a NULL parameter structure, free and zero + * the target peername. + */ +void X509_VERIFY_PARAM_move_peername(X509_VERIFY_PARAM *to, + X509_VERIFY_PARAM *from) +{ + char *peername = (from != NULL) ? from->peername : NULL; + + if (to->peername != peername) { + OPENSSL_free(to->peername); + to->peername = peername; + } + if (from) + from->peername = NULL; +} + int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, const char *email, size_t emaillen) { |