-/* x509_vpm.c */
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
* 2004.
* Refuse names with embedded NUL bytes, except perhaps as final byte.
* XXX: Do we need to push an error onto the error stack?
*/
- if (namelen == 0)
+ if (namelen == 0 || name == NULL)
namelen = name ? strlen(name) : 0;
else if (name && memchr(name, '\0', namelen > 1 ? namelen - 1 : namelen))
return 0;
- if (name && name[namelen - 1] == '\0')
+ if (namelen > 0 && name[namelen - 1] == '\0')
--namelen;
if (mode == SET_HOST) {
if (name == NULL || namelen == 0)
return 1;
- copy = BUF_strndup(name, namelen);
+ copy = OPENSSL_strndup(name, namelen);
if (copy == NULL)
return 0;
return;
param->name = NULL;
param->purpose = 0;
- param->trust = 0;
+ param->trust = X509_TRUST_DEFAULT;
/*
* param->inh_flags = X509_VP_FLAG_DEFAULT;
*/
to_overwrite = 0;
x509_verify_param_copy(purpose, 0);
- x509_verify_param_copy(trust, 0);
+ x509_verify_param_copy(trust, X509_TRUST_DEFAULT);
x509_verify_param_copy(depth, -1);
/* If overwrite or check time not set, copy across */
void *tmp;
if (src) {
if (srclen == 0) {
- tmp = BUF_strdup(src);
+ tmp = OPENSSL_strdup(src);
srclen = strlen(src);
} else
- tmp = BUF_memdup(src, srclen);
+ tmp = OPENSSL_memdup(src, srclen);
if (!tmp)
return 0;
} else {
int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name)
{
OPENSSL_free(param->name);
- param->name = BUF_strdup(name);
+ param->name = OPENSSL_strdup(name);
if (param->name)
return 1;
return 0;
return param->peername;
}
+/*
+ * Move peername from one param structure to another, freeing any name present
+ * at the target. If the source is a NULL parameter structure, free and zero
+ * the target peername.
+ */
+void X509_VERIFY_PARAM_move_peername(X509_VERIFY_PARAM *to,
+ X509_VERIFY_PARAM *from)
+{
+ char *peername = (from != NULL) ? from->peername : NULL;
+
+ if (to->peername != peername) {
+ OPENSSL_free(to->peername);
+ to->peername = peername;
+ }
+ if (from)
+ from->peername = NULL;
+}
+
int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
const char *email, size_t emaillen)
{
"default", /* X509 default parameters */
0, /* Check time */
0, /* internal flags */
- 0, /* flags */
+ X509_V_FLAG_TRUSTED_FIRST, /* flags */
0, /* purpose */
0, /* trust */
100, /* depth */