From 6725682d77510bf6d499957897d7be124d603f40 Mon Sep 17 00:00:00 2001
From: Shane Lontis <shane.lontis@oracle.com>
Date: Fri, 24 Jul 2020 22:53:27 +1000
Subject: Add X509 related libctx changes.

- In order to not add many X509_XXXX_with_libctx() functions the libctx and propq may be stored in the X509 object via a call to X509_new_with_libctx().
- Loading via PEM_read_bio_X509() or d2i_X509() should pass in a created cert using X509_new_with_libctx().
- Renamed some XXXX_ex() to XXX_with_libctx() for X509 API's.
- Removed the extra parameters in check_purpose..
- X509_digest() has been modified so that it expects a const EVP_MD object() and then internally it does the fetch when it needs to (via ASN1_item_digest_with_libctx()).
- Added API's that set the libctx when they load such as X509_STORE_new_with_libctx() so that the cert chains can be verified.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12153)
---
 ssl/ssl_conf.c | 22 +++++++++++++++++-----
 1 file changed, 17 insertions(+), 5 deletions(-)

(limited to 'ssl/ssl_conf.c')

diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index fe9b8ec3ea..56590da207 100644
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -470,13 +470,23 @@ static int do_store(SSL_CONF_CTX *cctx,
 {
     CERT *cert;
     X509_STORE **st;
+    SSL_CTX *ctx;
+    OPENSSL_CTX *libctx = NULL;
+    const char *propq = NULL;
 
-    if (cctx->ctx)
+    if (cctx->ctx != NULL) {
         cert = cctx->ctx->cert;
-    else if (cctx->ssl)
+        ctx = cctx->ctx;
+    } else if (cctx->ssl != NULL) {
         cert = cctx->ssl->cert;
-    else
+        ctx = cctx->ssl->ctx;
+    } else {
         return 1;
+    }
+    if (ctx != NULL) {
+        libctx = ctx->libctx;
+        propq = ctx->propq;
+    }
     st = verify_store ? &cert->verify_store : &cert->chain_store;
     if (*st == NULL) {
         *st = X509_STORE_new();
@@ -484,11 +494,13 @@ static int do_store(SSL_CONF_CTX *cctx,
             return 0;
     }
 
-    if (CAfile != NULL && !X509_STORE_load_file(*st, CAfile))
+    if (CAfile != NULL && !X509_STORE_load_file_with_libctx(*st, CAfile,
+                                                            libctx, propq))
         return 0;
     if (CApath != NULL && !X509_STORE_load_path(*st, CApath))
         return 0;
-    if (CAstore != NULL && !X509_STORE_load_store(*st, CAstore))
+    if (CAstore != NULL && !X509_STORE_load_store_with_libctx(*st, CAstore,
+                                                              libctx, propq))
         return 0;
     return 1;
 }
-- 
cgit v1.2.3