diff options
author | Hugo Landau <hlandau@openssl.org> | 2022-04-04 14:36:20 +0100 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2022-04-27 11:18:10 +0200 |
commit | abe21efdf74bb83a19e5732e4ce1fb2ff3ee9ca3 (patch) | |
tree | 898fde9e22bd80ce3512ce2221e560cae27a9c40 /ssl | |
parent | e836508522f64ba12443f4bb8a80d5fef76c55f0 (diff) |
Add SSL_(CTX_)?get0_(verify|chain)_cert_store functions
Currently we do not have any way to retrieve these values once set.
Fixes #18035.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18038)
(cherry picked from commit 948cf521798a801cfde47a137343e6f958d71f04)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/s3_lib.c | 12 | ||||
-rw-r--r-- | ssl/ssl_cert.c | 6 | ||||
-rw-r--r-- | ssl/ssl_local.h | 1 |
3 files changed, 19 insertions, 0 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 2c160d2d6a..e4eee647df 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3686,6 +3686,12 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_SET_CHAIN_CERT_STORE: return ssl_cert_set_cert_store(s->cert, parg, 1, larg); + case SSL_CTRL_GET_VERIFY_CERT_STORE: + return ssl_cert_get_cert_store(s->cert, parg, 0); + + case SSL_CTRL_GET_CHAIN_CERT_STORE: + return ssl_cert_get_cert_store(s->cert, parg, 1); + case SSL_CTRL_GET_PEER_SIGNATURE_NID: if (s->s3.tmp.peer_sigalg == NULL) return 0; @@ -3931,6 +3937,12 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) case SSL_CTRL_SET_CHAIN_CERT_STORE: return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg); + case SSL_CTRL_GET_VERIFY_CERT_STORE: + return ssl_cert_get_cert_store(ctx->cert, parg, 0); + + case SSL_CTRL_GET_CHAIN_CERT_STORE: + return ssl_cert_get_cert_store(ctx->cert, parg, 1); + /* A Thawte special :-) */ case SSL_CTRL_EXTRA_CHAIN_CERT: if (ctx->extra_certs == NULL) { diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 8d90fa54df..e4168e74c2 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -971,6 +971,12 @@ int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref) return 1; } +int ssl_cert_get_cert_store(CERT *c, X509_STORE **pstore, int chain) +{ + *pstore = (chain ? c->chain_store : c->verify_store); + return 1; +} + int ssl_get_security_level_bits(const SSL *s, const SSL_CTX *ctx, int *levelp) { int level; diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index cf2de42ee8..5471e900b8 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -2430,6 +2430,7 @@ __owur int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk); __owur int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags); __owur int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref); +__owur int ssl_cert_get_cert_store(CERT *c, X509_STORE **pstore, int chain); __owur int ssl_security(const SSL *s, int op, int bits, int nid, void *other); __owur int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid, |