From: Richard Levitte Date: Wed, 20 Jul 2016 14:23:34 +0000 (+0200) Subject: Add setter and getter for X509_STORE's check_policy X-Git-Tag: OpenSSL_1_1_0-pre6~85 X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=0a5fe2eb94ad7085fee59c3908b546af7530c9d3 Add setter and getter for X509_STORE's check_policy Reviewed-by: Rich Salz --- diff --git a/crypto/include/internal/x509_int.h b/crypto/include/internal/x509_int.h index c5472e14d0..545f90990f 100644 --- a/crypto/include/internal/x509_int.h +++ b/crypto/include/internal/x509_int.h @@ -204,6 +204,7 @@ struct x509_store_ctx_st { /* X509_STORE_CTX */ int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl); /* Check certificate against CRL */ int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); + /* Check policy status of the chain */ int (*check_policy) (X509_STORE_CTX *ctx); STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm); STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm); diff --git a/crypto/x509/x509_lcl.h b/crypto/x509/x509_lcl.h index 340bb60b98..2120b7e6f2 100644 --- a/crypto/x509/x509_lcl.h +++ b/crypto/x509/x509_lcl.h @@ -123,6 +123,8 @@ struct x509_store_st { int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl); /* Check certificate against CRL */ int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); + /* Check policy status of the chain */ + int (*check_policy) (X509_STORE_CTX *ctx); STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm); STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm); int (*cleanup) (X509_STORE_CTX *ctx); diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index 26902d765b..337482dee3 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -801,6 +801,17 @@ X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE *ctx) return ctx->cert_crl; } +void X509_STORE_set_check_policy(X509_STORE *ctx, + X509_STORE_CTX_check_policy_fn check_policy) +{ + ctx->check_policy = check_policy; +} + +X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(X509_STORE *ctx) +{ + return ctx->check_policy; +} + void X509_STORE_set_lookup_certs(X509_STORE *ctx, X509_STORE_CTX_lookup_certs_fn lookup_certs) { diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 649390c647..a290a5e6b3 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -2285,6 +2285,11 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, else ctx->cert_crl = cert_crl; + if (store && store->check_policy) + ctx->check_policy = store->check_policy; + else + ctx->check_policy = check_policy; + if (store && store->lookup_certs) ctx->lookup_certs = store->lookup_certs; else @@ -2295,8 +2300,6 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, else ctx->lookup_crls = X509_STORE_CTX_get1_crls; - ctx->check_policy = check_policy; - ctx->param = X509_VERIFY_PARAM_new(); if (ctx->param == NULL) { X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE); diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h index 13ec740b42..dc72652475 100644 --- a/include/openssl/x509_vfy.h +++ b/include/openssl/x509_vfy.h @@ -293,6 +293,9 @@ X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE *ctx); void X509_STORE_set_cert_crl(X509_STORE *ctx, X509_STORE_CTX_cert_crl_fn cert_crl); X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE *ctx); +void X509_STORE_set_check_policy(X509_STORE *ctx, + X509_STORE_CTX_check_policy_fn check_policy); +X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(X509_STORE *ctx); void X509_STORE_set_lookup_certs(X509_STORE *ctx, X509_STORE_CTX_lookup_certs_fn lookup_certs); X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(X509_STORE *ctx);