Add a bunch of SSL_xxx() functions for configuring the temporary RSA and DH
[openssl.git] / ssl / ssl_cert.c
index c1cb86e..e5e1b99 100644 (file)
 #include "pem.h"
 #include "ssl_locl.h"
 
+int SSL_get_ex_data_X509_STORE_CTX_idx()
+       {
+       static int ssl_x509_store_ctx_idx= -1;
+
+       if (ssl_x509_store_ctx_idx < 0)
+               {
+               ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index(
+                       0,"SSL for verify callback",NULL,NULL,NULL);
+               }
+       return(ssl_x509_store_ctx_idx);
+       }
+
 CERT *ssl_cert_new()
        {
        CERT *ret;
@@ -93,6 +105,9 @@ CERT *c;
        {
        int i;
 
+       if(c == NULL)
+           return;
+
        i=CRYPTO_add(&c->references,-1,CRYPTO_LOCK_SSL_CERT);
 #ifdef REF_PRINT
        REF_PRINT("CERT",c);
@@ -129,6 +144,27 @@ CERT *c;
        Free(c);
        }
 
+int ssl_cert_instantiate(CERT **o, CERT *d)
+       {
+       CERT *n;
+       if (o == NULL) 
+               {
+               SSLerr(SSL_F_SSL_CERT_INSTANTIATE, ERR_R_PASSED_NULL_PARAMETER);
+               return(0);
+               }
+       if (*o != NULL && d != NULL && *o != d)
+           return(1);
+       if ((n = ssl_cert_new()) == NULL) 
+               {
+               SSLerr(SSL_F_SSL_CERT_INSTANTIATE, ERR_R_MALLOC_FAILURE);
+               return(0);
+               }
+       if (*o != NULL) 
+               ssl_cert_free(*o);
+       *o = n;
+       return(1);
+       }
+
 int ssl_set_cert_type(c, type)
 CERT *c;
 int type;
@@ -150,15 +186,24 @@ STACK *sk;
 
        x=(X509 *)sk_value(sk,0);
        X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk);
-       X509_STORE_CTX_set_app_data(&ctx,(char *)s);
+       X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),
+               (char *)s);
 
        if (s->ctx->app_verify_callback != NULL)
                i=s->ctx->app_verify_callback(&ctx);
        else
+               {
+#ifndef NO_X509_VERIFY
                i=X509_verify_cert(&ctx);
+#else
+               i=0;
+               ctx.error=X509_V_ERR_APPLICATION_VERIFICATION;
+               SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,SSL_R_NO_VERIFY_CALLBACK);
+#endif
+               }
 
-       X509_STORE_CTX_cleanup(&ctx);
        s->verify_result=ctx.error;
+       X509_STORE_CTX_cleanup(&ctx);
 
        return(i);
        }