Add a bunch of SSL_xxx() functions for configuring the temporary RSA and DH
[openssl.git] / ssl / ssl_cert.c
index 0c040d9..e5e1b99 100644 (file)
@@ -1,5 +1,5 @@
 /* ssl/ssl_cert.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
 #include "pem.h"
 #include "ssl_locl.h"
 
+int SSL_get_ex_data_X509_STORE_CTX_idx()
+       {
+       static int ssl_x509_store_ctx_idx= -1;
+
+       if (ssl_x509_store_ctx_idx < 0)
+               {
+               ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index(
+                       0,"SSL for verify callback",NULL,NULL,NULL);
+               }
+       return(ssl_x509_store_ctx_idx);
+       }
+
 CERT *ssl_cert_new()
        {
        CERT *ret;
@@ -93,7 +105,13 @@ CERT *c;
        {
        int i;
 
+       if(c == NULL)
+           return;
+
        i=CRYPTO_add(&c->references,-1,CRYPTO_LOCK_SSL_CERT);
+#ifdef REF_PRINT
+       REF_PRINT("CERT",c);
+#endif
        if (i > 0) return;
 #ifdef REF_CHECK
        if (i < 0)
@@ -126,6 +144,27 @@ CERT *c;
        Free(c);
        }
 
+int ssl_cert_instantiate(CERT **o, CERT *d)
+       {
+       CERT *n;
+       if (o == NULL) 
+               {
+               SSLerr(SSL_F_SSL_CERT_INSTANTIATE, ERR_R_PASSED_NULL_PARAMETER);
+               return(0);
+               }
+       if (*o != NULL && d != NULL && *o != d)
+           return(1);
+       if ((n = ssl_cert_new()) == NULL) 
+               {
+               SSLerr(SSL_F_SSL_CERT_INSTANTIATE, ERR_R_MALLOC_FAILURE);
+               return(0);
+               }
+       if (*o != NULL) 
+               ssl_cert_free(*o);
+       *o = n;
+       return(1);
+       }
+
 int ssl_set_cert_type(c, type)
 CERT *c;
 int type;
@@ -147,15 +186,24 @@ STACK *sk;
 
        x=(X509 *)sk_value(sk,0);
        X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk);
-       X509_STORE_CTX_set_app_data(&ctx,(char *)s);
+       X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),
+               (char *)s);
 
        if (s->ctx->app_verify_callback != NULL)
                i=s->ctx->app_verify_callback(&ctx);
        else
+               {
+#ifndef NO_X509_VERIFY
                i=X509_verify_cert(&ctx);
+#else
+               i=0;
+               ctx.error=X509_V_ERR_APPLICATION_VERIFICATION;
+               SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,SSL_R_NO_VERIFY_CALLBACK);
+#endif
+               }
 
-       X509_STORE_CTX_cleanup(&ctx);
        s->verify_result=ctx.error;
+       X509_STORE_CTX_cleanup(&ctx);
 
        return(i);
        }
@@ -215,7 +263,8 @@ SSL *s;
        {
        if (s->type == SSL_ST_CONNECT)
                { /* we are in the client */
-               if ((s->version == 3) && (s->s3 != NULL))
+               if (((s->version>>8) == SSL3_VERSION_MAJOR) &&
+                       (s->s3 != NULL))
                        return(s->s3->tmp.ca_names);
                else
                        return(NULL);
@@ -270,6 +319,7 @@ X509_NAME **a,**b;
        return(X509_NAME_cmp(*a,*b));
        }
 
+#ifndef NO_STDIO
 STACK *SSL_load_client_CA_file(file)
 char *file;
        {
@@ -280,11 +330,9 @@ char *file;
 
        ret=sk_new(NULL);
        sk=sk_new(name_cmp);
-#ifdef WIN16
-       in=BIO_new(BIO_s_file_internal_w16());
-#else
-       in=BIO_new(BIO_s_file());
-#endif
+
+       in=BIO_new(BIO_s_file_internal());
+
        if ((ret == NULL) || (sk == NULL) || (in == NULL))
                {
                SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE);
@@ -322,5 +370,5 @@ err:
        if (x != NULL) X509_free(x);
        return(ret);
        }
-
+#endif