Commit 5b748dea authored by Matt Caswell's avatar Matt Caswell
Browse files

Add getter for X509_VERIFY_PARAM_get_hostflags 



Fixes #5061

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6139)
parent 3a070e25

crypto/x509/x509_vpm.c

+5 −0
Original line number Diff line number Diff line
@@ -393,6 +393,11 @@ void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, 
    param->hostflags = flags;

}



unsigned int X509_VERIFY_PARAM_get_hostflags(X509_VERIFY_PARAM *param)

{

    return param->hostflags;

}



char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param)

{

    return param->peername;

doc/man3/X509_VERIFY_PARAM_set_flags.pod

+11 −1
Original line number Diff line number Diff line
@@ -11,7 +11,9 @@ X509_VERIFY_PARAM_get_auth_level, X509_VERIFY_PARAM_set_time, 
X509_VERIFY_PARAM_get_time,

X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies,

X509_VERIFY_PARAM_set1_host, X509_VERIFY_PARAM_add1_host,

X509_VERIFY_PARAM_set_hostflags, X509_VERIFY_PARAM_get0_peername,

X509_VERIFY_PARAM_set_hostflags,

X509_VERIFY_PARAM_get_hostflags,

X509_VERIFY_PARAM_get0_peername,

X509_VERIFY_PARAM_set1_email, X509_VERIFY_PARAM_set1_ip,

X509_VERIFY_PARAM_set1_ip_asc

- X509 verification parameters
@@ -54,6 +56,7 @@ X509_VERIFY_PARAM_set1_ip_asc 
                                 const char *name, size_t namelen);

 void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,

                                      unsigned int flags);

 unsigned int X509_VERIFY_PARAM_get_hostflags(X509_VERIFY_PARAM *param);

 char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param);

 int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,

                                  const char *email, size_t emaillen);
@@ -139,6 +142,9 @@ calling L<X509_check_host(3)>, hostname checks are out of scope 
with the DANE-EE(3) certificate usage, and the internal check will

be suppressed as appropriate when DANE support is added to OpenSSL.



X509_VERIFY_PARAM_get_hostflags() returns any host flags previously set via a

call to X509_VERIFY_PARAM_set_hostflags().



X509_VERIFY_PARAM_add1_host() adds B<name> as an additional reference

identifier that can match the peer's certificate.  Any previous names

set via X509_VERIFY_PARAM_set1_host() or X509_VERIFY_PARAM_add1_host()
@@ -186,6 +192,8 @@ failure. 


X509_VERIFY_PARAM_get_flags() returns the current verification flags.



X509_VERIFY_PARAM_get_hostflags() returns any current host flags.



X509_VERIFY_PARAM_get_inh_flags() returns the current inheritance flags.



X509_VERIFY_PARAM_set_time() and X509_VERIFY_PARAM_set_depth() do not return
@@ -349,6 +357,8 @@ The B<X509_V_FLAG_NO_ALT_CHAINS> flag was added in OpenSSL 1.1.0 
The flag B<X509_V_FLAG_CB_ISSUER_CHECK> was deprecated in

OpenSSL 1.1.0, and has no effect.



X509_VERIFY_PARAM_get_hostflags() was added in OpenSSL 1.1.0i.



=head1 COPYRIGHT



Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved.

include/openssl/x509_vfy.h

+1 −0
Original line number Diff line number Diff line
@@ -479,6 +479,7 @@ int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, 
                                const char *name, size_t namelen);

void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,

                                     unsigned int flags);

unsigned int X509_VERIFY_PARAM_get_hostflags(X509_VERIFY_PARAM *param);

char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *);

void X509_VERIFY_PARAM_move_peername(X509_VERIFY_PARAM *, X509_VERIFY_PARAM *);

int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,

util/libcrypto.num

+1 −0
Original line number Diff line number Diff line
@@ -4527,3 +4527,4 @@ SM2_plaintext_size 4468 1_1_1 EXIST::FUNCTION:SM2 
conf_ssl_name_find                      4469	1_1_0i	EXIST::FUNCTION:

conf_ssl_get_cmd                        4470	1_1_0i	EXIST::FUNCTION:

conf_ssl_get                            4471	1_1_0i	EXIST::FUNCTION:

X509_VERIFY_PARAM_get_hostflags         4472	1_1_0i	EXIST::FUNCTION: