diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2016-01-14 23:56:50 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2016-01-15 22:37:18 +0000 |
commit | c864e7611f7bf0011fd0cb64b3fdfc42eb15e807 (patch) | |
tree | 0d06fa9dba35d83ae045bcf56765c8d94012a2e2 /crypto/x509 | |
parent | 9f9a39267f6c752af0905d77062b00671b1b60c6 (diff) |
Add lookup_certs for a trusted stack.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Diffstat (limited to 'crypto/x509')
-rw-r--r-- | crypto/x509/x509_vfy.c | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 972760c4d0..48d936791f 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -344,6 +344,26 @@ static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) return 0; } +static STACK_OF(X509) *lookup_certs_sk(X509_STORE_CTX *ctx, X509_NAME *nm) +{ + STACK_OF(X509) *sk = NULL; + X509 *x; + int i; + for (i = 0; i < sk_X509_num(ctx->other_ctx); i++) { + x = sk_X509_value(ctx->other_ctx, i); + if (X509_NAME_cmp(nm, X509_get_subject_name(x)) == 0) { + if (sk == NULL) + sk = sk_X509_new_null(); + if (sk == NULL || sk_X509_push(sk, x) == 0) { + sk_X509_pop_free(sk, X509_free); + return NULL; + } + X509_up_ref(x); + } + } + return sk; +} + /* * Check a certificate chains extensions for consistency with the supplied * purpose @@ -2226,6 +2246,7 @@ void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) { ctx->other_ctx = sk; ctx->get_issuer = get_issuer_sk; + ctx->lookup_certs = lookup_certs_sk; } void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx) |