Add lookup_certs for a trusted stack.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
author: Dr. Stephen Henson <steve@openssl.org> 2016-01-14 23:56:50 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2016-01-15 22:37:18 +0000
commit: c864e7611f7bf0011fd0cb64b3fdfc42eb15e807 (patch)
tree: 0d06fa9dba35d83ae045bcf56765c8d94012a2e2 /crypto/x509
parent: 9f9a39267f6c752af0905d77062b00671b1b60c6 (diff)
1 files changed, 21 insertions, 0 deletions
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 972760c4d0..48d936791f 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -344,6 +344,26 @@ static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
         return 0;
 }
 
+static STACK_OF(X509) *lookup_certs_sk(X509_STORE_CTX *ctx, X509_NAME *nm)
+{
+    STACK_OF(X509) *sk = NULL;
+    X509 *x;
+    int i;
+    for (i = 0; i < sk_X509_num(ctx->other_ctx); i++) {
+        x = sk_X509_value(ctx->other_ctx, i);
+        if (X509_NAME_cmp(nm, X509_get_subject_name(x)) == 0) {
+            if (sk == NULL)
+                sk = sk_X509_new_null();
+            if (sk == NULL || sk_X509_push(sk, x) == 0) {
+                sk_X509_pop_free(sk, X509_free);
+                return NULL;
+            }
+            X509_up_ref(x);
+        }
+    }
+    return sk;
+}
+
 /*
  * Check a certificate chains extensions for consistency with the supplied
  * purpose
@@ -2226,6 +2246,7 @@ void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
 {
     ctx->other_ctx = sk;
     ctx->get_issuer = get_issuer_sk;
+    ctx->lookup_certs = lookup_certs_sk;
 }
 
 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
author	Dr. Stephen Henson <steve@openssl.org>	2016-01-14 23:56:50 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2016-01-15 22:37:18 +0000
commit	c864e7611f7bf0011fd0cb64b3fdfc42eb15e807 (patch)
tree	0d06fa9dba35d83ae045bcf56765c8d94012a2e2 /crypto/x509
parent	9f9a39267f6c752af0905d77062b00671b1b60c6 (diff)