void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx)
{
+ X509_free(ctx->cert);
+ X509_free(ctx->issuer);
OPENSSL_free(ctx);
}
-void CT_POLICY_EVAL_CTX_set0_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert)
+void CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert)
{
- ctx->cert = cert;
+ if (X509_up_ref(cert))
+ ctx->cert = cert;
}
-void CT_POLICY_EVAL_CTX_set0_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer)
+void CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer)
{
- ctx->issuer = issuer;
+ if (X509_up_ref(issuer))
+ ctx->issuer = issuer;
}
-void CT_POLICY_EVAL_CTX_set0_log_store(CT_POLICY_EVAL_CTX *ctx,
- CTLOG_STORE *log_store)
+void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx,
+ CTLOG_STORE *log_store)
{
ctx->log_store = log_store;
}
/* Creates a new, empty policy evaluation context */
CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void);
-/* Deletes a policy evaluation context */
+/* Deletes a policy evaluation context and anything it owns. */
void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx);
/* Gets the peer certificate that the SCTs are for */
X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx);
/* Sets the certificate associated with the received SCTs */
-void CT_POLICY_EVAL_CTX_set0_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert);
+void CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert);
/* Gets the issuer of the aforementioned certificate */
X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx);
/* Sets the issuer of the certificate associated with the received SCTs */
-void CT_POLICY_EVAL_CTX_set0_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer);
+void CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer);
/* Gets the CT logs that are trusted sources of SCTs */
const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx);
-/* Sets the log store that is in use */
-void CT_POLICY_EVAL_CTX_set0_log_store(CT_POLICY_EVAL_CTX *ctx,
- CTLOG_STORE *log_store);
+/* Sets the log store that is in use. It must outlive the CT_POLICY_EVAL_CTX. */
+void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx,
+ CTLOG_STORE *log_store);
/*****************
* SCT functions *
}
issuer = sk_X509_value(s->verified_chain, 1);
- CT_POLICY_EVAL_CTX_set0_cert(ctx, cert);
- CT_POLICY_EVAL_CTX_set0_issuer(ctx, issuer);
- CT_POLICY_EVAL_CTX_set0_log_store(ctx, s->ctx->ctlog_store);
+ CT_POLICY_EVAL_CTX_set1_cert(ctx, cert);
+ CT_POLICY_EVAL_CTX_set1_issuer(ctx, issuer);
+ CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(ctx, s->ctx->ctlog_store);
scts = SSL_get0_peer_scts(s);
expected_sct_text[sct_text_len] = '\0';
}
- CT_POLICY_EVAL_CTX_set0_log_store(ct_policy_ctx, fixture.ctlog_store);
+ CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(
+ ct_policy_ctx, fixture.ctlog_store);
if (fixture.certificate_file != NULL) {
int sct_extension_index;
goto end;
}
- CT_POLICY_EVAL_CTX_set0_cert(ct_policy_ctx, cert);
+ CT_POLICY_EVAL_CTX_set1_cert(ct_policy_ctx, cert);
if (fixture.issuer_file != NULL) {
issuer = load_pem_cert(fixture.certs_dir, fixture.issuer_file);
goto end;
}
- CT_POLICY_EVAL_CTX_set0_issuer(ct_policy_ctx, issuer);
+ CT_POLICY_EVAL_CTX_set1_issuer(ct_policy_ctx, issuer);
}
sct_extension_index =
ASN1_PCTX_set_oid_flags 292 1_1_0 EXIST::FUNCTION:
d2i_ASN1_INTEGER 293 1_1_0 EXIST::FUNCTION:
i2d_PKCS7_ENCRYPT 294 1_1_0 EXIST::FUNCTION:
-CT_POLICY_EVAL_CTX_set0_issuer 295 1_1_0 EXIST::FUNCTION:CT
+CT_POLICY_EVAL_CTX_set0_issuer 295 1_1_0 NOEXIST::FUNCTION:
X509_NAME_ENTRY_set 296 1_1_0 EXIST::FUNCTION:
PKCS8_set0_pbe 297 1_1_0 EXIST::FUNCTION:
PEM_write_bio_DSA_PUBKEY 298 1_1_0 EXIST::FUNCTION:DSA
BF_ecb_encrypt 458 1_1_0 EXIST::FUNCTION:BF
PEM_write_bio_DHparams 459 1_1_0 EXIST::FUNCTION:DH
EVP_DigestFinal 460 1_1_0 EXIST::FUNCTION:
-CT_POLICY_EVAL_CTX_set0_log_store 461 1_1_0 EXIST::FUNCTION:CT
+CT_POLICY_EVAL_CTX_set0_log_store 461 1_1_0 NOEXIST::FUNCTION:
X509v3_asid_add_id_or_range 462 1_1_0 EXIST::FUNCTION:RFC3779
X509_NAME_ENTRY_create_by_NID 463 1_1_0 EXIST::FUNCTION:
EC_KEY_METHOD_get_init 464 1_1_0 EXIST::FUNCTION:EC
ENGINE_unregister_DH 1376 1_1_0 EXIST::FUNCTION:ENGINE
PROXY_CERT_INFO_EXTENSION_it 1377 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
PROXY_CERT_INFO_EXTENSION_it 1377 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-CT_POLICY_EVAL_CTX_set0_cert 1378 1_1_0 EXIST::FUNCTION:CT
+CT_POLICY_EVAL_CTX_set0_cert 1378 1_1_0 NOEXIST::FUNCTION:
X509_NAME_hash 1379 1_1_0 EXIST::FUNCTION:
SCT_set_timestamp 1380 1_1_0 EXIST::FUNCTION:CT
UI_new 1381 1_1_0 EXIST::FUNCTION:UI
DSA_bits 4137 1_1_0 EXIST::FUNCTION:DSA
EVP_PKEY_set1_tls_encodedpoint 4138 1_1_0 EXIST::FUNCTION:
EVP_PKEY_get1_tls_encodedpoint 4139 1_1_0 EXIST::FUNCTION:
+CT_POLICY_EVAL_CTX_set1_cert 4140 1_1_0 EXIST::FUNCTION:CT
+CT_POLICY_EVAL_CTX_set1_issuer 4141 1_1_0 EXIST::FUNCTION:CT
+CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE 4142 1_1_0 EXIST::FUNCTION:CT
projects / openssl.git / commitdiff