From 465f34ed27d54b36b47f98b8ce4b5ec9e33c4f02 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Mon, 6 Apr 2020 12:14:30 +0100 Subject: Introduce an internal version of X509_check_issued() The internal version is library context aware. Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11507) --- crypto/x509/v3_purp.c | 12 +++++++++--- crypto/x509/x509_vfy.c | 2 +- 2 files changed, 10 insertions(+), 4 deletions(-) (limited to 'crypto') diff --git a/crypto/x509/v3_purp.c b/crypto/x509/v3_purp.c index bee8210bfc..687d065303 100644 --- a/crypto/x509/v3_purp.c +++ b/crypto/x509/v3_purp.c @@ -811,14 +811,15 @@ static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca) * codes for X509_verify_cert() */ -int X509_check_issued(X509 *issuer, X509 *subject) +int x509_check_issued_int(X509 *issuer, X509 *subject, OPENSSL_CTX *libctx, + const char *propq) { if (X509_NAME_cmp(X509_get_subject_name(issuer), X509_get_issuer_name(subject))) return X509_V_ERR_SUBJECT_ISSUER_MISMATCH; - if (!X509v3_cache_extensions(issuer, NULL, NULL) - || !X509v3_cache_extensions(subject, NULL, NULL)) + if (!X509v3_cache_extensions(issuer, libctx, propq) + || !X509v3_cache_extensions(subject, libctx, propq)) return X509_V_ERR_UNSPECIFIED; if (subject->akid) { @@ -853,6 +854,11 @@ int X509_check_issued(X509 *issuer, X509 *subject) return X509_V_OK; } +int X509_check_issued(X509 *issuer, X509 *subject) +{ + return x509_check_issued_int(issuer, subject, NULL, NULL); +} + int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid) { diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index c3eb261b94..99479444e6 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -334,7 +334,7 @@ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer) return ss; } - ret = X509_check_issued(issuer, x); + ret = x509_check_issued_int(issuer, x, ctx->libctx, ctx->propq); if (ret == X509_V_OK) { int i; X509 *ch; -- cgit v1.2.3