diff options
| author | Richard Levitte <levitte@openssl.org> | 2019-11-10 15:36:24 +0100 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2019-11-12 13:38:36 +0100 |
| commit | ee669781d5de4c017595149c6036ca24b35aa2c7 (patch) | |
| tree | be9572dde7001244e81cd7a469de9e356fbacb76 /ssl | |
| parent | 5aaba376189c0d606b832877b037d51caf338e7f (diff) | |
SSL: Document SSL_add_{file,dir,store}_cert_subjects_to_stack()
This also removes the incorrect documentation comments by those
functions, and fixes a bug in SSL_add_store_cert_subjects_to_stack(),
where the condition for recursive addition was 'depth == 0' when it
should be 'depth > 0'.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10402)
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/ssl_cert.c | 42 |
1 files changed, 3 insertions, 39 deletions
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 28fbdf8e65..56e3642fbd 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -602,14 +602,6 @@ static unsigned long xname_hash(const X509_NAME *a) return X509_NAME_hash((X509_NAME *)a); } -/** - * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed; - * it doesn't really have anything to do with clients (except that a common use - * for a stack of CAs is to send it to the client). Actually, it doesn't have - * much to do with CAs, either, since it will load any old cert. - * \param file the file containing one or more certs. - * \return a ::STACK containing the certs. - */ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file) { BIO *in = BIO_new(BIO_s_file()); @@ -667,15 +659,6 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file) return ret; } -/** - * Add a file of certs to a stack. - * \param stack the stack to add to. - * \param file the file to add from. All certs in this file that are not - * already in the stack will be added. - * \return 1 for success, 0 for failure. Note that in the case of failure some - * certs may have been added to \c stack. - */ - int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, const char *file) { @@ -726,17 +709,6 @@ int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, return ret; } -/** - * Add a directory of certs to a stack. - * \param stack the stack to append to. - * \param dir the directory to append from. All files in this directory will be - * examined as potential certs. Any that are acceptable to - * SSL_add_dir_cert_subjects_to_stack() that are not already in the stack will be - * included. - * \return 1 for success, 0 for failure. Note that in the case of failure some - * certs may have been added to \c stack. - */ - int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, const char *dir) { @@ -783,15 +755,6 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, return ret; } -/** - * Add a container of certs to a stack. - * \param stack the stack to add to. - * \param file the file to add from. All certs in this file that are not - * already in the stack will be added. - * \return 1 for success, 0 for failure. Note that in the case of failure some - * certs may have been added to \c stack. - */ - static int add_uris_recursive(STACK_OF(X509_NAME) *stack, const char *uri, int depth) { @@ -815,8 +778,9 @@ static int add_uris_recursive(STACK_OF(X509_NAME) *stack, * This is an entry in the "directory" represented by the current * uri. if |depth| allows, dive into it. */ - if (depth == 0) - ok = add_uris_recursive(stack, uri, depth - 1); + if (depth > 0) + ok = add_uris_recursive(stack, OSSL_STORE_INFO_get0_NAME(info), + depth - 1); } else if (infotype == OSSL_STORE_INFO_CERT) { if ((x = OSSL_STORE_INFO_get0_CERT(info)) == NULL || (xn = X509_get_subject_name(x)) == NULL |