New peername element in X509_VERIFY_PARAM_ID

	{

	STACK_OF(OPENSSL_STRING) *hosts;	/* Set of acceptable names */

	unsigned int hostflags;	/* Flags to control matching features */

	char *peername;		/* Matching hostname in peer certificate */

	unsigned char *email;	/* If not NULL email address to match */

	size_t emaillen;

	unsigned char *ip;	/* If not NULL IP address to match */

				const unsigned char *name, size_t namelen);

void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,

					unsigned int flags);

char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *);

int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,

				const unsigned char *email, size_t emaillen);

int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,

		string_stack_free(paramid->hosts);

		paramid->hosts = NULL;

		}

	if (paramid->peername)

		OPENSSL_free(paramid->peername);

	if (paramid->email)

		{

		OPENSSL_free(paramid->email);

	param->id->hostflags = flags;

	}

char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param)

	{

	return param->id->peername;

	}

int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,

				const unsigned char *email, size_t emaillen)

	{

	return param->name;

	}

static X509_VERIFY_PARAM_ID _empty_id = {NULL, 0U, NULL, 0, NULL, 0};

static X509_VERIFY_PARAM_ID _empty_id = {NULL, 0U, NULL, NULL, 0, NULL, 0};

#define vpm_empty_id (X509_VERIFY_PARAM_ID *)&_empty_id

=head1 NAME

X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_get_flags, X509_VERIFY_PARAM_set_purpose, X509_VERIFY_PARAM_set_trust, X509_VERIFY_PARAM_set_depth, X509_VERIFY_PARAM_get_depth, X509_VERIFY_PARAM_set_time, X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies, X509_VERIFY_PARAM_set1_host, X509_VERIFY_PARAM_add1_host, X509_VERIFY_PARAM_set_hostflags, X509_VERIFY_PARAM_set1_email, X509_VERIFY_PARAM_set1_ip, X509_VERIFY_PARAM_set1_ip_asc - X509 verification parameters

X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_get_flags, X509_VERIFY_PARAM_set_purpose, X509_VERIFY_PARAM_set_trust, X509_VERIFY_PARAM_set_depth, X509_VERIFY_PARAM_get_depth, X509_VERIFY_PARAM_set_time, X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies, X509_VERIFY_PARAM_set1_host, X509_VERIFY_PARAM_add1_host, X509_VERIFY_PARAM_set_hostflags, X509_VERIFY_PARAM_get0_peername, X509_VERIFY_PARAM_set1_email, X509_VERIFY_PARAM_set1_ip, X509_VERIFY_PARAM_set1_ip_asc - X509 verification parameters

=head1 SYNOPSIS

                                 const unsigned char *name, size_t namelen);

 void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,

				      unsigned int flags);

 char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param);

 int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,

				 const unsigned char *email, size_t emaillen);

 int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,

multiple names are configured, the peer is considered verified when

any name matches.

X509_VERIFY_PARAM_get0_peername() returns the DNS hostname or subject

CommonName from the peer certificate that matched one of the reference

identifiers.  When wildcard matching is not disabled, or when a

reference identifier specifies a parent domain (starts with ".")

rather than a hostname, the peer name may be a wildcard name or a

sub-domain of the reference identifier respectively.  The return

string is allocated by the library and is no longer valid once the

associated B<param> argument is freed.  Applications must not free

the return value.

X509_VERIFY_PARAM_set1_email() sets the expected RFC822 email address to

B<email>.  If B<email> is NUL-terminated, B<emaillen> may be zero, otherwise

B<emaillen> must be set to the length of B<email>.  When an email address