Add getter for X509_VERIFY_PARAM_get_hostflags

author Matt Caswell <matt@openssl.org>

Mon, 30 Apr 2018 14:59:51 +0000 (15:59 +0100)

committer Matt Caswell <matt@openssl.org>

Tue, 1 May 2018 14:08:34 +0000 (15:08 +0100)
author Matt Caswell <matt@openssl.org>
Mon, 30 Apr 2018 14:59:51 +0000 (15:59 +0100)
committer Matt Caswell <matt@openssl.org>
Tue, 1 May 2018 14:08:34 +0000 (15:08 +0100)
diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c

index b5067220adbe221dd91170a88482d7be642cd179..04a5164af2ce966ef9e2cc607fbef692ab483985 100644 (file)
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@@ -412,6 +412,11 @@ void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
      param->hostflags = flags;
  }
  
+unsigned int X509_VERIFY_PARAM_get_hostflags(X509_VERIFY_PARAM *param)
+{
+    return param->hostflags;
+}
+
  char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param)
  {
      return param->peername;
diff --git a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod

index 5263facfd48d396d13934aa12620e5815f32b334..df149f42f010ef6f52bfa116e151345cbff2ca3e 100644 (file)
--- a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
+++ b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
@@ -11,7 +11,9 @@ X509_VERIFY_PARAM_get_auth_level, X509_VERIFY_PARAM_set_time,
  X509_VERIFY_PARAM_get_time,
  X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies,
  X509_VERIFY_PARAM_set1_host, X509_VERIFY_PARAM_add1_host,
-X509_VERIFY_PARAM_set_hostflags, X509_VERIFY_PARAM_get0_peername,
+X509_VERIFY_PARAM_set_hostflags,
+X509_VERIFY_PARAM_get_hostflags,
+X509_VERIFY_PARAM_get0_peername,
  X509_VERIFY_PARAM_set1_email, X509_VERIFY_PARAM_set1_ip,
  X509_VERIFY_PARAM_set1_ip_asc
  - X509 verification parameters
@@ -54,6 +56,7 @@ X509_VERIFY_PARAM_set1_ip_asc
                                   const char *name, size_t namelen);
   void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
                                        unsigned int flags);
+ unsigned int X509_VERIFY_PARAM_get_hostflags(X509_VERIFY_PARAM *param);
   char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param);
   int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
                                   const char *email, size_t emaillen);
@@ -139,6 +142,9 @@ calling L<X509_check_host(3)>, hostname checks are out of scope
  with the DANE-EE(3) certificate usage, and the internal check will
  be suppressed as appropriate when DANE support is added to OpenSSL.
  
+X509_VERIFY_PARAM_get_hostflags() returns any host flags previously set via a
+call to X509_VERIFY_PARAM_set_hostflags().
+
  X509_VERIFY_PARAM_add1_host() adds B<name> as an additional reference
  identifier that can match the peer's certificate.  Any previous names
  set via X509_VERIFY_PARAM_set1_host() or X509_VERIFY_PARAM_add1_host()
@@ -186,6 +192,8 @@ failure.
  
  X509_VERIFY_PARAM_get_flags() returns the current verification flags.
  
+X509_VERIFY_PARAM_get_hostflags() returns any current host flags.
+
  X509_VERIFY_PARAM_get_inh_flags() returns the current inheritance flags.
  
  X509_VERIFY_PARAM_set_time() and X509_VERIFY_PARAM_set_depth() do not return
@@ -347,6 +355,8 @@ The B<X509_V_FLAG_NO_ALT_CHAINS> flag was added in OpenSSL 1.1.0
  The legacy B<X509_V_FLAG_CB_ISSUER_CHECK> flag is deprecated as of
  OpenSSL 1.1.0, and has no effect.
  
+X509_VERIFY_PARAM_get_hostflags() was added in OpenSSL 1.1.0i.
+
  =head1 COPYRIGHT
  
  Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h

index 1aa0a33b8a3226d1cc46f2161927b9525ac02d38..aaaf7b5e66ccfa93576267e714ccb2b80c92f964 100644 (file)
--- a/include/openssl/x509_vfy.h
+++ b/include/openssl/x509_vfy.h
@@ -475,6 +475,7 @@ int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
                                  const char *name, size_t namelen);
  void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
                                       unsigned int flags);
+unsigned int X509_VERIFY_PARAM_get_hostflags(X509_VERIFY_PARAM *param);
  char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *);
  void X509_VERIFY_PARAM_move_peername(X509_VERIFY_PARAM *, X509_VERIFY_PARAM *);
  int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
diff --git a/util/libcrypto.num b/util/libcrypto.num

index 461bd8a0982b79355105b0b5ddeefe183ca48421..49ba8d75a7d5481719189666637712f22c2134b7 100644 (file)
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4237,3 +4237,4 @@ X509_get0_authority_key_id              4448      1_1_0h  EXIST::FUNCTION:
  conf_ssl_name_find                      4469   1_1_0i  EXIST::FUNCTION:
  conf_ssl_get_cmd                        4470   1_1_0i  EXIST::FUNCTION:
  conf_ssl_get                            4471   1_1_0i  EXIST::FUNCTION:
+X509_VERIFY_PARAM_get_hostflags         4472   1_1_0i  EXIST::FUNCTION:
author	Matt Caswell <matt@openssl.org>
	Mon, 30 Apr 2018 14:59:51 +0000 (15:59 +0100)
committer	Matt Caswell <matt@openssl.org>
	Tue, 1 May 2018 14:08:34 +0000 (15:08 +0100)
crypto/x509/x509_vpm.c		patch \| blob \| history
doc/crypto/X509_VERIFY_PARAM_set_flags.pod		patch \| blob \| history
include/openssl/x509_vfy.h		patch \| blob \| history
util/libcrypto.num		patch \| blob \| history