Merge X509_VERIFY_PARAM_ID into X509_VERIFY_PARAM

Back in the day when essentially every struct was open to all applications, X509_VERIFY_PARAM_ID provided a modicum of opacity. This indirection is now no longer needed with X509_VERIFY_PARAM being opaque itself, so stop using X509_VERIFY_PARAM_ID and merge it into X509_VERIFY_PARAM. This is a first small step towards cleaning up the X509_VERIFY_PARAM mess. ok jsing
author: tb <> 2023-05-28 05:25:24 +0000
committer: tb <> 2023-05-28 05:25:24 +0000
commit: a95e36808ea4031670010ec297a8701fa0500aaa (patch)
tree: ec517a3d5252ee6f882377da37f2eed9b56f843c /src/lib/libcrypto/x509/x509_vfy.c
parent: d4cbaebb201580abb6146f23b603e976b071aa6c (diff)
download: openbsd-a95e36808ea4031670010ec297a8701fa0500aaa.tar.gz
openbsd-a95e36808ea4031670010ec297a8701fa0500aaa.tar.bz2
openbsd-a95e36808ea4031670010ec297a8701fa0500aaa.zip
1 files changed, 12 insertions, 13 deletions
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
index 6bc06187e1..0c2144752d 100644
--- a/src/lib/libcrypto/x509/x509_vfy.c
+++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.c,v 1.123 2023/05/14 20:20:40 tb Exp $ */
+/* $OpenBSD: x509_vfy.c,v 1.124 2023/05/28 05:25:24 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -177,19 +177,19 @@ check_id_error(X509_STORE_CTX *ctx, int errcode)
 }
 static int
-check_hosts(X509 *x, X509_VERIFY_PARAM_ID *id)
+check_hosts(X509 *x, X509_VERIFY_PARAM *vpm)
 {
        int i, n;
        char *name;
-        n = sk_OPENSSL_STRING_num(id->hosts);
+        n = sk_OPENSSL_STRING_num(vpm->hosts);
-        free(id->peername);
+        free(vpm->peername);
-        id->peername = NULL;
+        vpm->peername = NULL;
        for (i = 0; i < n; ++i) {
-                name = sk_OPENSSL_STRING_value(id->hosts, i);
+                name = sk_OPENSSL_STRING_value(vpm->hosts, i);
-                if (X509_check_host(x, name, strlen(name), id->hostflags,
+                if (X509_check_host(x, name, strlen(name), vpm->hostflags,
-                    &id->peername) > 0)
+                    &vpm->peername) > 0)
                        return 1;
        }
        return n == 0;
@@ -199,19 +199,18 @@ static int
 check_id(X509_STORE_CTX *ctx)
 {
        X509_VERIFY_PARAM *vpm = ctx->param;
-        X509_VERIFY_PARAM_ID *id = vpm->id;
        X509 *x = ctx->cert;
-        if (id->hosts && check_hosts(x, id) <= 0) {
+        if (vpm->hosts && check_hosts(x, vpm) <= 0) {
                if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH))
                        return 0;
        }
-        if (id->email != NULL && X509_check_email(x, id->email, id->emaillen, 0)
+        if (vpm->email != NULL && X509_check_email(x, vpm->email, vpm->emaillen, 0)
            <= 0) {
                if (!check_id_error(ctx, X509_V_ERR_EMAIL_MISMATCH))
                        return 0;
        }
-        if (id->ip != NULL && X509_check_ip(x, id->ip, id->iplen, 0) <= 0) {
+        if (vpm->ip != NULL && X509_check_ip(x, vpm->ip, vpm->iplen, 0) <= 0) {
                if (!check_id_error(ctx, X509_V_ERR_IP_ADDRESS_MISMATCH))
                        return 0;
        }
@@ -609,7 +608,7 @@ X509_verify_cert(X509_STORE_CTX *ctx)
                ctx->error = X509_V_ERR_INVALID_CALL;
                return -1;
        }
-        if (ctx->param->id->poisoned) {
+        if (ctx->param->poisoned) {
                /*
                 * This X509_STORE_CTX had failures setting
                 * up verify parameters. We can not use it.
author	tb <>	2023-05-28 05:25:24 +0000
committer	tb <>	2023-05-28 05:25:24 +0000
commit	a95e36808ea4031670010ec297a8701fa0500aaa (patch)
tree	ec517a3d5252ee6f882377da37f2eed9b56f843c /src/lib/libcrypto/x509/x509_vfy.c
parent	d4cbaebb201580abb6146f23b603e976b071aa6c (diff)
download	openbsd-a95e36808ea4031670010ec297a8701fa0500aaa.tar.gz openbsd-a95e36808ea4031670010ec297a8701fa0500aaa.tar.bz2 openbsd-a95e36808ea4031670010ec297a8701fa0500aaa.zip