*/
#include <stdio.h>
-#include <sys/types.h>
-#ifndef WIN32
-#ifndef VMS
+
+#include "openssl/e_os.h"
+
+#ifndef NO_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+
+#if !defined(WIN32) && !defined(VSM) && !defined(NeXT) && !defined(MAC_OS_pre_X)
#include <dirent.h>
#endif
+
+#ifdef NeXT
+#include <sys/dir.h>
+#define dirent direct
#endif
+
#include <openssl/objects.h>
#include <openssl/bio.h>
#include <openssl/pem.h>
+#include <openssl/x509v3.h>
#include "ssl_locl.h"
int SSL_get_ex_data_X509_STORE_CTX_idx(void)
X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk);
if (SSL_get_verify_depth(s) >= 0)
X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s));
- X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),
- (char *)s);
+ X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),s);
+ /* We need to set the verify purpose. The purpose can be determined by
+ * the context: if its a server it will verify SSL client certificates
+ * or vice versa.
+ */
+
+ if(s->server) i = X509_PURPOSE_SSL_CLIENT;
+ else i = X509_PURPOSE_SSL_SERVER;
+
+ X509_STORE_CTX_purpose_inherit(&ctx, i, s->purpose, s->trust);
if (s->ctx->app_verify_callback != NULL)
- i=s->ctx->app_verify_callback(&ctx);
+ i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */
else
{
#ifndef NO_X509_VERIFY
*ca_list=list;
}
-STACK *SSL_dup_CA_list(STACK *sk)
+STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
{
int i;
- STACK *ret;
+ STACK_OF(X509_NAME) *ret;
X509_NAME *name;
- ret=sk_new_null();
- for (i=0; i<sk_num(sk); i++)
+ ret=sk_X509_NAME_new_null();
+ for (i=0; i<sk_X509_NAME_num(sk); i++)
{
- name=X509_NAME_dup((X509_NAME *)sk_value(sk,i));
- if ((name == NULL) || !sk_push(ret,(char *)name))
+ name=X509_NAME_dup(sk_X509_NAME_value(sk,i));
+ if ((name == NULL) || !sk_X509_NAME_push(ret,name))
{
- sk_pop_free(ret,X509_NAME_free);
+ sk_X509_NAME_pop_free(ret,X509_NAME_free);
return(NULL);
}
}
return(add_client_CA(&(ctx->client_CA),x));
}
-static int name_cmp(X509_NAME **a,X509_NAME **b)
+static int xname_cmp(X509_NAME **a,X509_NAME **b)
{
return(X509_NAME_cmp(*a,*b));
}
STACK_OF(X509_NAME) *ret,*sk;
ret=sk_X509_NAME_new(NULL);
- sk=sk_X509_NAME_new(name_cmp);
+ sk=sk_X509_NAME_new(xname_cmp);
in=BIO_new(BIO_s_file_internal());
for (;;)
{
- if (PEM_read_bio_X509(in,&x,NULL) == NULL)
+ if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL)
break;
if ((xn=X509_get_subject_name(x)) == NULL) goto err;
/* check for duplicates */
int ret=1;
int (*oldcmp)(X509_NAME **a, X509_NAME **b);
- oldcmp=sk_X509_NAME_set_cmp_func(stack,name_cmp);
+ oldcmp=sk_X509_NAME_set_cmp_func(stack,xname_cmp);
in=BIO_new(BIO_s_file_internal());
for (;;)
{
- if (PEM_read_bio_X509(in,&x,NULL) == NULL)
+ if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL)
break;
if ((xn=X509_get_subject_name(x)) == NULL) goto err;
xn=X509_NAME_dup(xn);
#ifndef WIN32
#ifndef VMS /* XXXX This may be fixed in the future */
+#ifndef MAC_OS_pre_X
int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
const char *dir)
{
- DIR *d=opendir(dir);
+ DIR *d;
struct dirent *dstruct;
+ int ret = 0;
+
+ CRYPTO_w_lock(CRYPTO_LOCK_READDIR);
+ d = opendir(dir);
/* Note that a side effect is that the CAs will be sorted by name */
if(!d)
{
- SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,ERR_R_MALLOC_FAILURE);
- return 0;
+ SYSerr(SYS_F_OPENDIR, get_last_sys_error());
+ ERR_add_error_data(3, "opendir('", dir, "')");
+ SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB);
+ goto err;
}
while((dstruct=readdir(d)))
if(strlen(dir)+strlen(dstruct->d_name)+2 > sizeof buf)
{
SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG);
- return 0;
+ goto err;
}
sprintf(buf,"%s/%s",dir,dstruct->d_name);
if(!SSL_add_file_cert_subjects_to_stack(stack,buf))
- return 0;
+ goto err;
}
+ ret = 1;
- return 1;
+err:
+ CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
+ return ret;
}
#endif
#endif
+#endif