Create a libctx aware X509_verify_ex()

This is the same as X509_verify() except that it takes a libctx and propq parameter and signature verification is done using those. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11507)
author: Matt Caswell <matt@openssl.org> 2020-04-03 18:01:04 +0100
committer: Matt Caswell <matt@openssl.org> 2020-04-16 14:19:51 +0100
commit: 0820217441b68724d91b7644f3560e15149a1848 (patch)
tree: 7a100589baf22f51c1c28d3041848875248a5cc7 /include
parent: b27ed819431fb7f50ded6fcddfd25de079d7e808 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 64156d495b..19ff55f46d 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -355,8 +355,11 @@ void *X509_CRL_get_meth_data(X509_CRL *crl);
 
 const char *X509_verify_cert_error_string(long n);
 
+int X509_verify_ex(X509 *a, EVP_PKEY *r, OPENSSL_CTX *libctx, const char *propq);
 int X509_verify(X509 *a, EVP_PKEY *r);
 
+int X509_REQ_verify_ex(X509_REQ *a, EVP_PKEY *r, OPENSSL_CTX *libctx,
+                       const char *propq);
 int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);
 int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r);
 int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r);
author	Matt Caswell <matt@openssl.org>	2020-04-03 18:01:04 +0100
committer	Matt Caswell <matt@openssl.org>	2020-04-16 14:19:51 +0100
commit	0820217441b68724d91b7644f3560e15149a1848 (patch)
tree	7a100589baf22f51c1c28d3041848875248a5cc7 /include
parent	b27ed819431fb7f50ded6fcddfd25de079d7e808 (diff)