Commit bb7cd4e3 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Remainder of SSL purpose and trust code: trust and purpose setting in 

SSL_CTX and SSL, functions to set them and defaults if no values set.
parent 13938ace

CHANGES

+6 −3
Original line number Diff line number Diff line
@@ -17,9 +17,8 @@ 
     when the X509_STORE_CTX structure is set up) and checks the pathlength.



     There is a NO_CHAIN_VERIFY compilation option to keep the old behaviour:

     this is because when it is finally working it will reject chains with

     invalid extensions whereas every previous version of OpenSSL and SSLeay

     made no checks at all.

     this is because it will reject chains with invalid extensions whereas

     every previous version of OpenSSL and SSLeay made no checks at all.



     Trust code: checks the root CA for the relevant trust settings. Trust

     settings have an initial value consistent with the verify purpose: e.g.
@@ -32,6 +31,10 @@ 
     which should be used for version portability: especially since the

     verify structure is likely to change more often now.



     SSL integration. Add purpose and trust to SSL_CTX and SSL and functions

     to set them. If not set then assume SSL clients will verify SSL servers

     and vice versa.



     Two new options to the verify program: -untrusted allows a set of

     untrusted certificates to be passed in and -purpose which sets the

     intended purpose of the certificate. If a purpose is set then the

apps/s_client.c

+1 −0
Original line number Diff line number Diff line
@@ -740,6 +740,7 @@ end: 
	if (ctx != NULL) SSL_CTX_free(ctx);

	if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); Free(cbuf); }

	if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); Free(sbuf); }

	X509_cleanup();

	if (bio_c_out != NULL)

		{

		BIO_free(bio_c_out);

apps/s_server.c

+1 −0
Original line number Diff line number Diff line
@@ -718,6 +718,7 @@ bad: 
	ret=0;

end:

	if (ctx != NULL) SSL_CTX_free(ctx);

	X509_cleanup();

	if (bio_s_out != NULL)

		{

		BIO_free(bio_s_out);

crypto/x509/x509_vfy.c

+2 −2
Original line number Diff line number Diff line
@@ -732,9 +732,9 @@ int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose) 
	return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0);

	}



void X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust)

int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust)

	{

	ctx->trust = trust;

	return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust);

	}



/* This function is used to set the X509_STORE_CTX purpose and trust

crypto/x509/x509_vfy.h

+1 −1
Original line number Diff line number Diff line
@@ -350,7 +350,7 @@ STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx); 
void	X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x);

void	X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK_OF(X509) *sk);

int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);

void X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust);

int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust);

int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,

				int purpose, int trust);