diff options
| author | Shane Lontis <shane.lontis@oracle.com> | 2020-07-24 22:53:27 +1000 |
|---|---|---|
| committer | Shane Lontis <shane.lontis@oracle.com> | 2020-07-24 22:53:27 +1000 |
| commit | 6725682d77510bf6d499957897d7be124d603f40 (patch) | |
| tree | 447e5bce5607b4873f7f018df1b2e4c21a394e92 /ssl/s3_lib.c | |
| parent | ae89578be2930c726d6ef56451233757a89f224f (diff) | |
Add X509 related libctx changes.
- In order to not add many X509_XXXX_with_libctx() functions the libctx and propq may be stored in the X509 object via a call to X509_new_with_libctx().
- Loading via PEM_read_bio_X509() or d2i_X509() should pass in a created cert using X509_new_with_libctx().
- Renamed some XXXX_ex() to XXX_with_libctx() for X509 API's.
- Removed the extra parameters in check_purpose..
- X509_digest() has been modified so that it expects a const EVP_MD object() and then internally it does the fetch when it needs to (via ASN1_item_digest_with_libctx()).
- Added API's that set the libctx when they load such as X509_STORE_new_with_libctx() so that the cert chains can be verified.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12153)
Diffstat (limited to 'ssl/s3_lib.c')
| -rw-r--r-- | ssl/s3_lib.c | 4 |
1 files changed, 0 insertions, 4 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index a7f1e4d83a..8f5aaaf942 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -4001,10 +4001,6 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) return 0; } } - if (!X509v3_cache_extensions((X509 *)parg, ctx->libctx, ctx->propq)) { - SSLerr(0, ERR_LIB_X509); - return 0; - } if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) { SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE); return 0; |