Add missing functions to allow access to newer X509_STORE_CTX status
authorDr. Stephen Henson <steve@openssl.org>
Sat, 31 Oct 2009 19:21:47 +0000 (19:21 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Sat, 31 Oct 2009 19:21:47 +0000 (19:21 +0000)
information. Add more informative message to verify callback to indicate
when CRL path validation is taking place.

apps/verify.c
crypto/x509/x509_vfy.c
crypto/x509/x509_vfy.h

index c0be253db23329c713307f419bc187e505b19bb3..9163997e93c5e62118ba841f1e40352eedfa172a 100644 (file)
@@ -310,7 +310,9 @@ static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx)
                                0, XN_FLAG_ONELINE);
                        printf("\n");
                        }
-               printf("error %d at %d depth lookup:%s\n",cert_error,
+               printf("%serror %d at %d depth lookup:%s\n",
+                       X509_STORE_CTX_get0_parent_ctx(ctx) ? "[CRL path]" : "",
+                       cert_error,
                        X509_STORE_CTX_get_error_depth(ctx),
                        X509_verify_cert_error_string(cert_error));
                switch(cert_error)
index f5f632a45dd45dd62dd2136f5add5cb76de05b03..514573325e2c64a5d351ce545e1fffafa369b340 100644 (file)
@@ -1879,6 +1879,21 @@ STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx)
        return chain;
        }
 
+X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx)
+       {
+       return ctx->current_issuer;
+       }
+
+X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx)
+       {
+       return ctx->current_crl;
+       }
+
+X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx)
+       {
+       return ctx->parent;
+       }
+
 void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x)
        {
        ctx->cert=x;
index acb713a6e510045402a57e1eb4c5e8a8a0f3dfb5..fe09b30aaa62dff07d2735de0ae4596a7974a530 100644 (file)
@@ -480,6 +480,9 @@ int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
 void   X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s);
 int    X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
 X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
+X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx);
+X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx);
+X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);
 void   X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x);