Make it possible for external code to set the certiciate proxy path length

This adds the functions X509_set_proxy_pathlen(), which sets the internal pc path length cache for a given X509 structure, along with X509_get_proxy_pathlen(), which retrieves it. Along with the previously added X509_set_proxy_flag(), this provides the tools needed to manipulate all the information cached on proxy certificates, allowing external code to do what's necessary to have them verified correctly by the libcrypto code. Reviewed-by: Rich Salz <rsalz@openssl.org>
author: Richard Levitte <levitte@openssl.org> 2016-07-25 17:02:56 +0200
committer: Richard Levitte <levitte@openssl.org> 2016-07-25 17:36:39 +0200
commit: fe0169b09717b3c3d52c0fba96e1dcf5e8a60d94 (patch)
tree: e18b998d2adf160cfdb25312dcb89b0ead1b0075 /crypto/x509v3
parent: 3067095e8a2cca3d33fa0af77788bc45da68b76b (diff)
1 files changed, 14 insertions, 0 deletions
diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c
index 61745380a3..451e7f87c1 100644
--- a/crypto/x509v3/v3_purp.c
+++ b/crypto/x509v3/v3_purp.c
@@ -533,6 +533,11 @@ void X509_set_proxy_flag(X509 *x)
     x->ex_flags |= EXFLAG_PROXY;
 }
 
+void X509_set_proxy_pathlen(X509 *x, long l)
+{
+    x->ex_pcpathlen = l;
+}
+
 int X509_check_ca(X509 *x)
 {
     if (!(x->ex_flags & EXFLAG_SET)) {
@@ -849,3 +854,12 @@ long X509_get_pathlen(X509 *x)
         return -1;
     return x->ex_pathlen;
 }
+
+long X509_get_proxy_pathlen(X509 *x)
+{
+    /* Called for side effect of caching extensions */
+    if (X509_check_purpose(x, -1, -1) != 1
+            || (x->ex_flags & EXFLAG_PROXY) == 0)
+        return -1;
+    return x->ex_pcpathlen;
+}
author	Richard Levitte <levitte@openssl.org>	2016-07-25 17:02:56 +0200
committer	Richard Levitte <levitte@openssl.org>	2016-07-25 17:36:39 +0200
commit	fe0169b09717b3c3d52c0fba96e1dcf5e8a60d94 (patch)
tree	e18b998d2adf160cfdb25312dcb89b0ead1b0075 /crypto/x509v3
parent	3067095e8a2cca3d33fa0af77788bc45da68b76b (diff)