From 2008e714f309bb5f814d6616a37a31a4a9e9dd56 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 31 Oct 2009 19:22:18 +0000 Subject: [PATCH 1/1] Add missing functions to allow access to newer X509_STORE_CTX status information. Add more informative message to verify callback to indicate when CRL path validation is taking place. --- apps/verify.c | 4 +++- crypto/x509/x509_vfy.c | 15 +++++++++++++++ crypto/x509/x509_vfy.h | 3 +++ 3 files changed, 21 insertions(+), 1 deletion(-) diff --git a/apps/verify.c b/apps/verify.c index c0be253db2..9163997e93 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -310,7 +310,9 @@ static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx) 0, XN_FLAG_ONELINE); printf("\n"); } - printf("error %d at %d depth lookup:%s\n",cert_error, + printf("%serror %d at %d depth lookup:%s\n", + X509_STORE_CTX_get0_parent_ctx(ctx) ? "[CRL path]" : "", + cert_error, X509_STORE_CTX_get_error_depth(ctx), X509_verify_cert_error_string(cert_error)); switch(cert_error) diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index f5f632a45d..514573325e 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -1879,6 +1879,21 @@ STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx) return chain; } +X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx) + { + return ctx->current_issuer; + } + +X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx) + { + return ctx->current_crl; + } + +X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx) + { + return ctx->parent; + } + void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x) { ctx->cert=x; diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h index acb713a6e5..fe09b30aaa 100644 --- a/crypto/x509/x509_vfy.h +++ b/crypto/x509/x509_vfy.h @@ -480,6 +480,9 @@ int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s); int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); +X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx); +X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx); +X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx); STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx); STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx); void X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x); -- 2.34.1