Support verify_depth from the SSL API without need for user-defined

 Changes between 0.9.2b and 0.9.3

  *) Support verify_depth from the SSL API.

     x509_vfy.c had what can be considered an off-by-one-error:

     Its depth (which was not part of the external interface)

     was actually counting the number of certificates in a chain;

     now it really counts the depth.

     [Bodo Moeller]

  *) New function SSL_CTX_set_session_id_context that allows to set a default

     value (so that you don't need SSL_set_session_id_context for each

     connection using the SSL_CTX).

	ctx->last_untrusted=0;

	ctx->valid=0;

	ctx->chain=NULL;

	ctx->depth=10;

	ctx->depth=9;

	ctx->error=0;

	ctx->current_cert=NULL;

	memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA));

	for (;;)

		{

		/* If we have enough, we break */

		if (depth <= num) break;

		if (depth < num) break;

		/* If we are self signed, we break */

		xn=X509_get_issuer_name(x);

	for (;;)

		{

		/* If we have enough, we break */

		if (depth <= num) break;

		if (depth < num) break;

		/* If we are self signed, we break */

		xn=X509_get_issuer_name(x);

	CRYPTO_EX_DATA ex_data;

	int references;

	int depth;		/* how deep to look (still unused) */

	int depth;		/* how deep to look (still unused -- X509_STORE_CTX's depth is used) */

	}  X509_STORE;

#define X509_STORE_set_depth(ctx,d)       ((ctx)->depth=(d))

/* This is a temporary used when processing cert chains.  Since the

 * gathering of the cert chain can take some time (and have to be

 * 'retried', this needs to be kept and passed around. */

struct x509_store_state_st

struct x509_store_state_st      /* X509_STORE_CTX */

	{

	X509_STORE *ctx;

	int current_method;	/* used when looking up certs */

	CRYPTO_EX_DATA ex_data;

	};

#define X509_STORE_CTX_set_depth(ctx,d)       ((ctx)->depth=(d))

#define X509_STORE_CTX_set_app_data(ctx,data) \

	X509_STORE_CTX_set_ex_data(ctx,0,data)

#define X509_STORE_CTX_get_app_data(ctx) \

/**/	struct cert_st /* CERT */ *default_cert;

/**/	int read_ahead;

/**/	int verify_mode;

/**/	int verify_depth;

/**/	unsigned int sid_ctx_length;

/**/	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];

/**/	int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx);

	/* Used in SSL2 and SSL3 */

	int verify_mode;	/* 0 don't care about verify failure.

				 * 1 fail if verify fails */

	int verify_depth;

	int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */

	void (*info_callback)(); /* optional informational callback */

int	SSL_set_cipher_list(SSL *s, char *str);

void	SSL_set_read_ahead(SSL *s, int yes);

int	SSL_get_verify_mode(SSL *s);

int	SSL_get_verify_depth(SSL *s);

int	(*SSL_get_verify_callback(SSL *s))(int,X509_STORE_CTX *);

void	SSL_set_verify(SSL *s, int mode,

		       int (*callback)(int ok,X509_STORE_CTX *ctx));

void	SSL_set_verify_depth(SSL *s, int depth);

#ifndef NO_RSA

int	SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);

#endif

STACK_OF(X509) *SSL_get_peer_cert_chain(SSL *s);

int SSL_CTX_get_verify_mode(SSL_CTX *ctx);

int SSL_CTX_get_verify_depth(SSL_CTX *ctx);

int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(int,X509_STORE_CTX *);

void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,

			int (*callback)(int, X509_STORE_CTX *));

void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth);

void SSL_CTX_set_cert_verify_cb(SSL_CTX *ctx, int (*cb)(),char *arg);

#ifndef NO_RSA

int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);