Remainder of SSL purpose and trust code: trust and purpose setting in

[openssl.git] / ssl / ssl_lib.c

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index d99c7d943ccc0097c8cca1e647bf2931241f23d4..3bd8d158c90e2c3a7245735d1a6082914a840dbb 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -61,6 +61,7 @@
 #include <stdio.h>
 #include <openssl/objects.h>
 #include <openssl/lhash.h>
+#include <openssl/x509v3.h>
 #include "ssl_locl.h"
 
 char *SSL_version_str=OPENSSL_VERSION_TEXT;
@@ -201,6 +202,8 @@ SSL *SSL_new(SSL_CTX *ctx)
        s->verify_mode=ctx->verify_mode;
        s->verify_depth=ctx->verify_depth;
        s->verify_callback=ctx->default_verify_callback;
+       s->purpose = ctx->purpose;
+       s->trust = ctx->trust;
        CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
        s->ctx=ctx;
 
@@ -262,6 +265,46 @@ int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
     return 1;
     }
 
+int SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
+{
+       if(X509_PURPOSE_get_by_id(purpose) == -1) {
+               SSLerr(SSL_F_SSL_CTX_SET_PURPOSE, SSL_R_INVALID_PURPOSE);
+               return 0;
+       }
+       s->purpose = purpose;
+       return 1;
+}
+
+int SSL_set_purpose(SSL *s, int purpose)
+{
+       if(X509_PURPOSE_get_by_id(purpose) == -1) {
+               SSLerr(SSL_F_SSL_SET_PURPOSE, SSL_R_INVALID_PURPOSE);
+               return 0;
+       }
+       s->purpose = purpose;
+       return 1;
+}
+       
+int SSL_CTX_set_trust(SSL_CTX *s, int trust)
+{
+       if(X509_TRUST_get_by_id(trust) == -1) {
+               SSLerr(SSL_F_SSL_CTX_SET_TRUST, SSL_R_INVALID_TRUST);
+               return 0;
+       }
+       s->trust = trust;
+       return 1;
+}
+
+int SSL_set_trust(SSL *s, int trust)
+{
+       if(X509_TRUST_get_by_id(trust) == -1) {
+               SSLerr(SSL_F_SSL_SET_TRUST, SSL_R_INVALID_TRUST);
+               return 0;
+       }
+       s->trust = trust;
+       return 1;
+}
+
 void SSL_free(SSL *s)
        {
        int i;
@@ -1077,6 +1120,12 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
        ret->extra_certs=NULL;
        ret->comp_methods=SSL_COMP_get_compression_methods();
 
+       /* Initialise X509 tables: otherwise some certificate operations
+        * wont work. This is a non op if called more than once.
+        */
+
+       X509_init();
+
        return(ret);
 err:
        SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE);
@@ -1142,6 +1191,11 @@ void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx,void *u)
 
 void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,int (*cb)(),char *arg)
        {
+       /* now
+        *     int (*cb)(X509_STORE_CTX *),
+        * but should be
+        *     int (*cb)(X509_STORE_CTX *, void *arg)
+        */
        ctx->app_verify_callback=cb;
        ctx->app_verify_arg=arg; /* never used */
        }