int X509_verify_cert(X509_STORE_CTX *ctx)
{
- struct dane_st *dane = (struct dane_st *)ctx->dane;
+ SSL_DANE *dane = ctx->dane;
if (ctx->cert == NULL) {
X509err(X509_F_X509_VERIFY_CERT, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
int i;
X509 *x = NULL;
X509 *mx;
- struct dane_st *dane = (struct dane_st *)ctx->dane;
+ SSL_DANE *dane = ctx->dane;
int num = sk_X509_num(ctx->chain);
int trust;
ctx->param = param;
}
-void X509_STORE_CTX_set0_dane(X509_STORE_CTX *ctx, struct dane_st *dane)
+void X509_STORE_CTX_set0_dane(X509_STORE_CTX *ctx, SSL_DANE *dane)
{
ctx->dane = dane;
}
static int dane_match(X509_STORE_CTX *ctx, X509 *cert, int depth)
{
- struct dane_st *dane = (struct dane_st *)ctx->dane;
+ SSL_DANE *dane = ctx->dane;
unsigned usage = DANETLS_NONE;
unsigned selector = DANETLS_NONE;
unsigned ordinal = DANETLS_NONE;
static int check_dane_issuer(X509_STORE_CTX *ctx, int depth)
{
- struct dane_st *dane = (struct dane_st *)ctx->dane;
+ SSL_DANE *dane = ctx->dane;
int matched = 0;
X509 *cert;
static int check_dane_pkeys(X509_STORE_CTX *ctx)
{
- struct dane_st *dane = (struct dane_st *)ctx->dane;
+ SSL_DANE *dane = ctx->dane;
danetls_record *t;
int num = ctx->num_untrusted;
X509 *cert = sk_X509_value(ctx->chain, num - 1);
return X509_TRUST_UNTRUSTED;
}
-static void dane_reset(struct dane_st *dane)
+static void dane_reset(SSL_DANE *dane)
{
/*
* Reset state to verify another chain, or clear after failure.
static int dane_verify(X509_STORE_CTX *ctx)
{
X509 *cert = ctx->cert;
- struct dane_st *dane = (struct dane_st *)ctx->dane;
+ SSL_DANE *dane = ctx->dane;
int matched;
int done;
static int build_chain(X509_STORE_CTX *ctx)
{
- struct dane_st *dane = (struct dane_st *)ctx->dane;
+ SSL_DANE *dane = ctx->dane;
int num = sk_X509_num(ctx->chain);
X509 *cert = sk_X509_value(ctx->chain, num - 1);
int ss = cert_self_signed(cert);