static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_store_ctx_method=NULL;
static int x509_store_ctx_num=0;
-#if 0
-static int x509_store_num=1;
-static STACK *x509_store_method=NULL;
-#endif
+
static int null_callback(int ok, X509_STORE_CTX *e)
{
ret = X509_check_issued(issuer, x);
if (ret == X509_V_OK)
return 1;
- else
- {
- ctx->error = ret;
- ctx->current_cert = x;
- ctx->current_issuer = issuer;
- if ((ctx->flags & X509_V_FLAG_CB_ISSUER_CHECK) && ctx->verify_cb)
- return ctx->verify_cb(0, ctx);
- else
- return 0;
- }
+ /* If we haven't asked for issuer errors don't set ctx */
+ if (!(ctx->flags & X509_V_FLAG_CB_ISSUER_CHECK))
+ return 0;
+
+ ctx->error = ret;
+ ctx->current_cert = x;
+ ctx->current_issuer = issuer;
+ if (ctx->verify_cb)
+ return ctx->verify_cb(0, ctx);
return 0;
}
ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *in_tm)
{
time_t t;
+ int type = -1;
if (in_tm) t = *in_tm;
else time(&t);
t+=adj;
- if (!s) return ASN1_TIME_set(s, t);
- if (s->type == V_ASN1_UTCTIME) return ASN1_UTCTIME_set(s,t);
- return ASN1_GENERALIZEDTIME_set(s, t);
+ if (s) type = s->type;
+ if (type == V_ASN1_UTCTIME) return ASN1_UTCTIME_set(s,t);
+ if (type == V_ASN1_GENERALIZEDTIME) return ASN1_GENERALIZEDTIME_set(s, t);
+ return ASN1_TIME_set(s, t);
}
int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
- {
- x509_store_ctx_num++;
- return CRYPTO_get_ex_new_index(x509_store_ctx_num-1,
+ {
+ /* This function is (usually) called only once, by
+ * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c).
+ * That function uses locking, so we don't (usually)
+ * have to worry about locking here. For the whole cruel
+ * truth, see crypto/ex_data.c */
+ x509_store_ctx_num++;
+ return CRYPTO_get_ex_new_index(x509_store_ctx_num-1,
&x509_store_ctx_method,
- argl,argp,new_func,dup_func,free_func);
- }
+ argl,argp,new_func,dup_func,free_func);
+ }
int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data)
{