Add a bunch of SSL_xxx() functions for configuring the temporary RSA and DH

[openssl.git] / ssl / ssl_cert.c

diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 0c040d9cf392671c5704ead8bc21cb053b8bdda8..e5e1b9998e2098be2475d29c15cabbc4119ffeeb 100644 (file)
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -1,5 +1,5 @@
 /* ssl/ssl_cert.c */
 /* ssl/ssl_cert.c */

-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

  * All rights reserved.
  *
  * This package is an SSL implementation written
  * All rights reserved.
  *
  * This package is an SSL implementation written


@@ -62,6 +62,18 @@
 #include "pem.h"
 #include "ssl_locl.h"
 
 #include "pem.h"
 #include "ssl_locl.h"
 

+int SSL_get_ex_data_X509_STORE_CTX_idx()
+       {
+       static int ssl_x509_store_ctx_idx= -1;
+
+       if (ssl_x509_store_ctx_idx < 0)
+               {
+               ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index(
+                       0,"SSL for verify callback",NULL,NULL,NULL);
+               }
+       return(ssl_x509_store_ctx_idx);
+       }
+

 CERT *ssl_cert_new()
        {
        CERT *ret;
 CERT *ssl_cert_new()
        {
        CERT *ret;


@@ -93,7 +105,13 @@ CERT *c;
        {
        int i;
 
        {
        int i;
 

+       if(c == NULL)
+           return;
+

        i=CRYPTO_add(&c->references,-1,CRYPTO_LOCK_SSL_CERT);
        i=CRYPTO_add(&c->references,-1,CRYPTO_LOCK_SSL_CERT);

+#ifdef REF_PRINT
+       REF_PRINT("CERT",c);
+#endif

        if (i > 0) return;
 #ifdef REF_CHECK
        if (i < 0)
        if (i > 0) return;
 #ifdef REF_CHECK
        if (i < 0)


@@ -126,6 +144,27 @@ CERT *c;
        Free(c);
        }
 
        Free(c);
        }
 

+int ssl_cert_instantiate(CERT **o, CERT *d)
+       {
+       CERT *n;
+       if (o == NULL) 
+               {
+               SSLerr(SSL_F_SSL_CERT_INSTANTIATE, ERR_R_PASSED_NULL_PARAMETER);
+               return(0);
+               }
+       if (*o != NULL && d != NULL && *o != d)
+           return(1);
+       if ((n = ssl_cert_new()) == NULL) 
+               {
+               SSLerr(SSL_F_SSL_CERT_INSTANTIATE, ERR_R_MALLOC_FAILURE);
+               return(0);
+               }
+       if (*o != NULL) 
+               ssl_cert_free(*o);
+       *o = n;
+       return(1);
+       }
+

 int ssl_set_cert_type(c, type)
 CERT *c;
 int type;
 int ssl_set_cert_type(c, type)
 CERT *c;
 int type;


@@ -147,15 +186,24 @@ STACK *sk;
 
        x=(X509 *)sk_value(sk,0);
        X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk);
 
        x=(X509 *)sk_value(sk,0);
        X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk);

-       X509_STORE_CTX_set_app_data(&ctx,(char *)s);
+       X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),
+               (char *)s);

 
        if (s->ctx->app_verify_callback != NULL)
                i=s->ctx->app_verify_callback(&ctx);
        else
 
        if (s->ctx->app_verify_callback != NULL)
                i=s->ctx->app_verify_callback(&ctx);
        else

+               {
+#ifndef NO_X509_VERIFY

                i=X509_verify_cert(&ctx);
                i=X509_verify_cert(&ctx);

+#else
+               i=0;
+               ctx.error=X509_V_ERR_APPLICATION_VERIFICATION;
+               SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,SSL_R_NO_VERIFY_CALLBACK);
+#endif
+               }

 
 

-       X509_STORE_CTX_cleanup(&ctx);

        s->verify_result=ctx.error;
        s->verify_result=ctx.error;

+       X509_STORE_CTX_cleanup(&ctx);

 
        return(i);
        }
 
        return(i);
        }


@@ -215,7 +263,8 @@ SSL *s;
        {
        if (s->type == SSL_ST_CONNECT)
                { /* we are in the client */
        {
        if (s->type == SSL_ST_CONNECT)
                { /* we are in the client */

-               if ((s->version == 3) && (s->s3 != NULL))
+               if (((s->version>>8) == SSL3_VERSION_MAJOR) &&
+                       (s->s3 != NULL))

                        return(s->s3->tmp.ca_names);
                else
                        return(NULL);
                        return(s->s3->tmp.ca_names);
                else
                        return(NULL);


@@ -270,6 +319,7 @@ X509_NAME **a,**b;
        return(X509_NAME_cmp(*a,*b));
        }
 
        return(X509_NAME_cmp(*a,*b));
        }
 

+#ifndef NO_STDIO

 STACK *SSL_load_client_CA_file(file)
 char *file;
        {
 STACK *SSL_load_client_CA_file(file)
 char *file;
        {


@@ -280,11 +330,9 @@ char *file;
 
        ret=sk_new(NULL);
        sk=sk_new(name_cmp);
 
        ret=sk_new(NULL);
        sk=sk_new(name_cmp);

-#ifdef WIN16
-       in=BIO_new(BIO_s_file_internal_w16());
-#else
-       in=BIO_new(BIO_s_file());
-#endif
+
+       in=BIO_new(BIO_s_file_internal());
+

        if ((ret == NULL) || (sk == NULL) || (in == NULL))
                {
                SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE);
        if ((ret == NULL) || (sk == NULL) || (in == NULL))
                {
                SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE);


@@ -322,5 +370,5 @@ err:
        if (x != NULL) X509_free(x);
        return(ret);
        }
        if (x != NULL) X509_free(x);
        return(ret);
        }

-
+#endif