Loading CHANGES +8 −0 Original line number Diff line number Diff line Loading @@ -12,6 +12,14 @@ *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7 +) applies to 0.9.7 only *) Modified SSL library such that the verify_callback that has been set specificly for an SSL object with SSL_set_verify() is actually being used. Before the change, a verify_callback set with this function was ignored and the verify_callback() set in the SSL_CTX at the time of the call was used. New function X509_STORE_CTX_set_verify_cb() introduced to allow the necessary settings. [Lutz Jaenicke] +) Initial reduction of linker bloat: the use of some functions, such as PEM causes large amounts of unused functions to be linked in due to poor organisation. For example pem_all.c contains every PEM function Loading crypto/x509/x509_vfy.h +2 −0 Original line number Diff line number Diff line Loading @@ -397,6 +397,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, int purpose, int trust); void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags); void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t); void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, int (*verify_cb)(int, X509_STORE_CTX *)); #ifdef __cplusplus } Loading ssl/ssl_cert.c +2 −0 Original line number Diff line number Diff line Loading @@ -471,6 +471,8 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk) X509_STORE_CTX_purpose_inherit(&ctx, i, s->purpose, s->trust); X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback); if (s->ctx->app_verify_callback != NULL) i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */ else Loading ssl/ssl_lib.c +0 −2 Original line number Diff line number Diff line Loading @@ -1361,8 +1361,6 @@ void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *)) { ctx->verify_mode=mode; ctx->default_verify_callback=cb; /* This needs cleaning up EAY EAY EAY */ X509_STORE_set_verify_cb_func(ctx->cert_store,cb); } void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth) Loading Loading
CHANGES +8 −0 Original line number Diff line number Diff line Loading @@ -12,6 +12,14 @@ *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7 +) applies to 0.9.7 only *) Modified SSL library such that the verify_callback that has been set specificly for an SSL object with SSL_set_verify() is actually being used. Before the change, a verify_callback set with this function was ignored and the verify_callback() set in the SSL_CTX at the time of the call was used. New function X509_STORE_CTX_set_verify_cb() introduced to allow the necessary settings. [Lutz Jaenicke] +) Initial reduction of linker bloat: the use of some functions, such as PEM causes large amounts of unused functions to be linked in due to poor organisation. For example pem_all.c contains every PEM function Loading
crypto/x509/x509_vfy.h +2 −0 Original line number Diff line number Diff line Loading @@ -397,6 +397,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, int purpose, int trust); void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags); void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t); void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, int (*verify_cb)(int, X509_STORE_CTX *)); #ifdef __cplusplus } Loading
ssl/ssl_cert.c +2 −0 Original line number Diff line number Diff line Loading @@ -471,6 +471,8 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk) X509_STORE_CTX_purpose_inherit(&ctx, i, s->purpose, s->trust); X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback); if (s->ctx->app_verify_callback != NULL) i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */ else Loading
ssl/ssl_lib.c +0 −2 Original line number Diff line number Diff line Loading @@ -1361,8 +1361,6 @@ void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *)) { ctx->verify_mode=mode; ctx->default_verify_callback=cb; /* This needs cleaning up EAY EAY EAY */ X509_STORE_set_verify_cb_func(ctx->cert_store,cb); } void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth) Loading
