summaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorTomas Mraz <tomas@openssl.org>2022-03-07 15:46:58 +0100
committerTomas Mraz <tomas@openssl.org>2022-03-14 09:39:03 +0100
commitdfb39f73132edf56daaad189e6791d1bdb57c4db (patch)
tree0b6e37d9fa5a263906d4ca4b6ceef0a14632ff18 /include
parent7e1f3ffcc5bc15fb9a12b9e3bb202f544c6ed5aa (diff)
Replace handling of negative verification result with SSL_set_retry_verify()
Provide a different mechanism to indicate that the application wants to retry the verification. The negative result of the callback function now indicates an error again. Instead the SSL_set_retry_verify() can be called from the callback to indicate that the handshake should be suspended. Fixes #17568 Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17825)
Diffstat (limited to 'include')
-rw-r--r--include/openssl/ssl.h.in3
1 files changed, 3 insertions, 0 deletions
diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in
index 47f277969c..b496dbccf3 100644
--- a/include/openssl/ssl.h.in
+++ b/include/openssl/ssl.h.in
@@ -1309,6 +1309,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
# define SSL_CTRL_GET_TMP_KEY 133
# define SSL_CTRL_GET_NEGOTIATED_GROUP 134
# define SSL_CTRL_GET_IANA_GROUPS 135
+# define SSL_CTRL_SET_RETRY_VERIFY 136
# define SSL_CERT_SET_FIRST 1
# define SSL_CERT_SET_NEXT 2
# define SSL_CERT_SET_SERVER 3
@@ -2135,6 +2136,8 @@ __owur int SSL_get_ex_data_X509_STORE_CTX_idx(void);
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_PIPELINES,m,NULL)
# define SSL_set_max_pipelines(ssl,m) \
SSL_ctrl(ssl,SSL_CTRL_SET_MAX_PIPELINES,m,NULL)
+# define SSL_set_retry_verify(ssl) \
+ (SSL_ctrl(ssl,SSL_CTRL_SET_RETRY_VERIFY,0,NULL) > 0)
void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len);
void SSL_set_default_read_buffer_len(SSL *s, size_t len);