Loading CHANGES +8 −0 Original line number Original line Diff line number Diff line Loading @@ -12,6 +12,14 @@ *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7 *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7 +) applies to 0.9.7 only +) applies to 0.9.7 only *) Modified SSL library such that the verify_callback that has been set specificly for an SSL object with SSL_set_verify() is actually being used. Before the change, a verify_callback set with this function was ignored and the verify_callback() set in the SSL_CTX at the time of the call was used. New function X509_STORE_CTX_set_verify_cb() introduced to allow the necessary settings. [Lutz Jaenicke] +) Initial reduction of linker bloat: the use of some functions, such as +) Initial reduction of linker bloat: the use of some functions, such as PEM causes large amounts of unused functions to be linked in due to PEM causes large amounts of unused functions to be linked in due to poor organisation. For example pem_all.c contains every PEM function poor organisation. For example pem_all.c contains every PEM function Loading crypto/x509/x509_vfy.h +2 −0 Original line number Original line Diff line number Diff line Loading @@ -397,6 +397,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, int purpose, int trust); int purpose, int trust); void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags); void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags); void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t); void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t); void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, int (*verify_cb)(int, X509_STORE_CTX *)); #ifdef __cplusplus #ifdef __cplusplus } } Loading ssl/ssl_cert.c +2 −0 Original line number Original line Diff line number Diff line Loading @@ -471,6 +471,8 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk) X509_STORE_CTX_purpose_inherit(&ctx, i, s->purpose, s->trust); X509_STORE_CTX_purpose_inherit(&ctx, i, s->purpose, s->trust); X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback); if (s->ctx->app_verify_callback != NULL) if (s->ctx->app_verify_callback != NULL) i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */ i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */ else else Loading ssl/ssl_lib.c +0 −2 Original line number Original line Diff line number Diff line Loading @@ -1361,8 +1361,6 @@ void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *)) { { ctx->verify_mode=mode; ctx->verify_mode=mode; ctx->default_verify_callback=cb; ctx->default_verify_callback=cb; /* This needs cleaning up EAY EAY EAY */ X509_STORE_set_verify_cb_func(ctx->cert_store,cb); } } void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth) void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth) Loading Loading
CHANGES +8 −0 Original line number Original line Diff line number Diff line Loading @@ -12,6 +12,14 @@ *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7 *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7 +) applies to 0.9.7 only +) applies to 0.9.7 only *) Modified SSL library such that the verify_callback that has been set specificly for an SSL object with SSL_set_verify() is actually being used. Before the change, a verify_callback set with this function was ignored and the verify_callback() set in the SSL_CTX at the time of the call was used. New function X509_STORE_CTX_set_verify_cb() introduced to allow the necessary settings. [Lutz Jaenicke] +) Initial reduction of linker bloat: the use of some functions, such as +) Initial reduction of linker bloat: the use of some functions, such as PEM causes large amounts of unused functions to be linked in due to PEM causes large amounts of unused functions to be linked in due to poor organisation. For example pem_all.c contains every PEM function poor organisation. For example pem_all.c contains every PEM function Loading
crypto/x509/x509_vfy.h +2 −0 Original line number Original line Diff line number Diff line Loading @@ -397,6 +397,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, int purpose, int trust); int purpose, int trust); void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags); void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags); void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t); void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t); void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, int (*verify_cb)(int, X509_STORE_CTX *)); #ifdef __cplusplus #ifdef __cplusplus } } Loading
ssl/ssl_cert.c +2 −0 Original line number Original line Diff line number Diff line Loading @@ -471,6 +471,8 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk) X509_STORE_CTX_purpose_inherit(&ctx, i, s->purpose, s->trust); X509_STORE_CTX_purpose_inherit(&ctx, i, s->purpose, s->trust); X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback); if (s->ctx->app_verify_callback != NULL) if (s->ctx->app_verify_callback != NULL) i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */ i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */ else else Loading
ssl/ssl_lib.c +0 −2 Original line number Original line Diff line number Diff line Loading @@ -1361,8 +1361,6 @@ void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *)) { { ctx->verify_mode=mode; ctx->verify_mode=mode; ctx->default_verify_callback=cb; ctx->default_verify_callback=cb; /* This needs cleaning up EAY EAY EAY */ X509_STORE_set_verify_cb_func(ctx->cert_store,cb); } } void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth) void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth) Loading
