diff options
| author | Shane Lontis <shane.lontis@oracle.com> | 2020-07-24 22:53:27 +1000 |
|---|---|---|
| committer | Shane Lontis <shane.lontis@oracle.com> | 2020-07-24 22:53:27 +1000 |
| commit | 6725682d77510bf6d499957897d7be124d603f40 (patch) | |
| tree | 447e5bce5607b4873f7f018df1b2e4c21a394e92 /ssl/ssl_conf.c | |
| parent | ae89578be2930c726d6ef56451233757a89f224f (diff) | |
Add X509 related libctx changes.
- In order to not add many X509_XXXX_with_libctx() functions the libctx and propq may be stored in the X509 object via a call to X509_new_with_libctx().
- Loading via PEM_read_bio_X509() or d2i_X509() should pass in a created cert using X509_new_with_libctx().
- Renamed some XXXX_ex() to XXX_with_libctx() for X509 API's.
- Removed the extra parameters in check_purpose..
- X509_digest() has been modified so that it expects a const EVP_MD object() and then internally it does the fetch when it needs to (via ASN1_item_digest_with_libctx()).
- Added API's that set the libctx when they load such as X509_STORE_new_with_libctx() so that the cert chains can be verified.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12153)
Diffstat (limited to 'ssl/ssl_conf.c')
| -rw-r--r-- | ssl/ssl_conf.c | 22 |
1 files changed, 17 insertions, 5 deletions
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index fe9b8ec3ea..56590da207 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -470,13 +470,23 @@ static int do_store(SSL_CONF_CTX *cctx, { CERT *cert; X509_STORE **st; + SSL_CTX *ctx; + OPENSSL_CTX *libctx = NULL; + const char *propq = NULL; - if (cctx->ctx) + if (cctx->ctx != NULL) { cert = cctx->ctx->cert; - else if (cctx->ssl) + ctx = cctx->ctx; + } else if (cctx->ssl != NULL) { cert = cctx->ssl->cert; - else + ctx = cctx->ssl->ctx; + } else { return 1; + } + if (ctx != NULL) { + libctx = ctx->libctx; + propq = ctx->propq; + } st = verify_store ? &cert->verify_store : &cert->chain_store; if (*st == NULL) { *st = X509_STORE_new(); @@ -484,11 +494,13 @@ static int do_store(SSL_CONF_CTX *cctx, return 0; } - if (CAfile != NULL && !X509_STORE_load_file(*st, CAfile)) + if (CAfile != NULL && !X509_STORE_load_file_with_libctx(*st, CAfile, + libctx, propq)) return 0; if (CApath != NULL && !X509_STORE_load_path(*st, CApath)) return 0; - if (CAstore != NULL && !X509_STORE_load_store(*st, CAstore)) + if (CAstore != NULL && !X509_STORE_load_store_with_libctx(*st, CAstore, + libctx, propq)) return 0; return 1; } |