X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fssl_lib.c;h=945dab1cff786c86c57bdfc326057fd673bc2e35;hp=831768351c1264482a11a4f073f9bc95c682e9ca;hb=7f89714e64d1dc64b50554a92e2a12596b9934ba;hpb=69bb35ed726102975259808dcf7c279f85afef4f;ds=sidebyside

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 831768351c..945dab1cff 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -189,6 +189,7 @@ SSL *SSL_new(SSL_CTX *ctx)
 	s->sid_ctx_length=ctx->sid_ctx_length;
 	memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx));
 	s->verify_mode=ctx->verify_mode;
+	s->verify_depth=ctx->verify_depth;
 	s->verify_callback=ctx->default_verify_callback;
 	CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
 	s->ctx=ctx;
@@ -422,6 +423,11 @@ int SSL_get_verify_mode(SSL *s)
 	return(s->verify_mode);
 	}
 
+int SSL_get_verify_depth(SSL *s)
+	{
+	return(s->verify_depth);
+	}
+
 int (*SSL_get_verify_callback(SSL *s))(int,X509_STORE_CTX *)
 	{
 	return(s->verify_callback);
@@ -432,6 +438,11 @@ int SSL_CTX_get_verify_mode(SSL_CTX *ctx)
 	return(ctx->verify_mode);
 	}
 
+int SSL_CTX_get_verify_depth(SSL_CTX *ctx)
+	{
+	return(ctx->verify_depth);
+	}
+
 int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(int,X509_STORE_CTX *)
 	{
 	return(ctx->default_verify_callback);
@@ -445,6 +456,11 @@ void SSL_set_verify(SSL *s,int mode,
 		s->verify_callback=callback;
 	}
 
+void SSL_set_verify_depth(SSL *s,int depth)
+	{
+	s->verify_depth=depth;
+	}
+
 void SSL_set_read_ahead(SSL *s,int yes)
 	{
 	s->read_ahead=yes;
@@ -961,6 +977,7 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
 
 	ret->read_ahead=0;
 	ret->verify_mode=SSL_VERIFY_NONE;
+	ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */
 	ret->default_verify_callback=NULL;
 	if ((ret->default_cert=ssl_cert_new()) == NULL)
 		goto err;
@@ -1079,6 +1096,11 @@ void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *))
 	X509_STORE_set_verify_cb_func(ctx->cert_store,cb);
 	}
 
+void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth)
+	{
+	ctx->verify_depth=depth;
+	}
+
 /* Need default_cert to check for callbacks, for now (see comment in CERT
    strucure)
 */
@@ -1463,6 +1485,7 @@ SSL *SSL_dup(SSL *s)
 	SSL_set_read_ahead(ret,SSL_get_read_ahead(s));
 	SSL_set_verify(ret,SSL_get_verify_mode(s),
 		SSL_get_verify_callback(s));
+	SSL_set_verify_depth(ret,SSL_get_verify_depth(s));
 
 	SSL_set_info_callback(ret,SSL_get_info_callback(s));