OpenSSL 0.9.5 merge

*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
author: beck <> 2000-03-19 11:13:58 +0000
committer: beck <> 2000-03-19 11:13:58 +0000
commit: 796d609550df3a33fc11468741c5d2f6d3df4c11 (patch)
tree: 6c6d539061caa20372dad0ac4ddb1dfae2fbe7fe /src/lib/libssl/ssl_cert.c
parent: 5be3114c1fd7e0dfea1e38d3abb4cbba75244419 (diff)
download: openbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.tar.gz
openbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.tar.bz2
openbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.zip
1 files changed, 26 insertions, 7 deletions
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
index 6d2511f76c..48f247ceac 100644
--- a/src/lib/libssl/ssl_cert.c
+++ b/src/lib/libssl/ssl_cert.c
@@ -105,17 +105,26 @@
 */
 #include <stdio.h>
-#include <sys/types.h>
-#if !defined(WIN32) && !defined(VSM) && !defined(NeXT)
+#include "openssl/e_os.h"
+#ifndef NO_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#if !defined(WIN32) && !defined(VSM) && !defined(NeXT) && !defined(MAC_OS_pre_X)
 #include <dirent.h>
 #endif
 #ifdef NeXT
 #include <sys/dir.h>
 #define dirent direct
 #endif
 #include <openssl/objects.h>
 #include <openssl/bio.h>
 #include <openssl/pem.h>
+#include <openssl/x509v3.h>
 #include "ssl_locl.h"
 int SSL_get_ex_data_X509_STORE_CTX_idx(void)
@@ -422,8 +431,16 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
        X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk);
        if (SSL_get_verify_depth(s) >= 0)
                X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s));
-        X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),
+        X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),s);
-                (char *)s);
+        /* We need to set the verify purpose. The purpose can be determined by
+         * the context: if its a server it will verify SSL client certificates
+         * or vice versa.
+         */
+        if(s->server) i = X509_PURPOSE_SSL_CLIENT;
+        else i = X509_PURPOSE_SSL_SERVER;
+        X509_STORE_CTX_purpose_inherit(&ctx, i, s->purpose, s->trust);
        if (s->ctx->app_verify_callback != NULL)
                i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */
@@ -534,7 +551,7 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x)
        return(add_client_CA(&(ctx->client_CA),x));
        }
-static int name_cmp(X509_NAME **a,X509_NAME **b)
+static int xname_cmp(X509_NAME **a,X509_NAME **b)
        {
        return(X509_NAME_cmp(*a,*b));
        }
@@ -556,7 +573,7 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
        STACK_OF(X509_NAME) *ret,*sk;
        ret=sk_X509_NAME_new(NULL);
-        sk=sk_X509_NAME_new(name_cmp);
+        sk=sk_X509_NAME_new(xname_cmp);
        in=BIO_new(BIO_s_file_internal());
@@ -617,7 +634,7 @@ int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
    int ret=1;
    int (*oldcmp)(X509_NAME **a, X509_NAME **b);
-    oldcmp=sk_X509_NAME_set_cmp_func(stack,name_cmp);
+    oldcmp=sk_X509_NAME_set_cmp_func(stack,xname_cmp);
    in=BIO_new(BIO_s_file_internal());
@@ -671,6 +688,7 @@ err:
 #ifndef WIN32
 #ifndef VMS                     /* XXXX This may be fixed in the future */
+#ifndef MAC_OS_pre_X
 int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
                                       const char *dir)
@@ -714,3 +732,4 @@ err:
 #endif
 #endif
+#endif
author	beck <>	2000-03-19 11:13:58 +0000
committer	beck <>	2000-03-19 11:13:58 +0000
commit	796d609550df3a33fc11468741c5d2f6d3df4c11 (patch)
tree	6c6d539061caa20372dad0ac4ddb1dfae2fbe7fe /src/lib/libssl/ssl_cert.c
parent	5be3114c1fd7e0dfea1e38d3abb4cbba75244419 (diff)
download	openbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.tar.gz openbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.tar.bz2 openbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.zip

diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c index 6d2511f76c..48f247ceac 100644 --- a/src/lib/libssl/ssl_cert.c +++ b/src/lib/libssl/ssl_cert.c
@@ -105,17 +105,26 @@
105	*/	105	*/
106		106
107	#include <stdio.h>	107	#include <stdio.h>
108	#include <sys/types.h>	108
109	#if !defined(WIN32) && !defined(VSM) && !defined(NeXT)	109	#include "openssl/e_os.h"
		110
		111	#ifndef NO_SYS_TYPES_H
		112	# include <sys/types.h>
		113	#endif
		114
		115	#if !defined(WIN32) && !defined(VSM) && !defined(NeXT) && !defined(MAC_OS_pre_X)
110	#include <dirent.h>	116	#include <dirent.h>
111	#endif	117	#endif
		118
112	#ifdef NeXT	119	#ifdef NeXT
113	#include <sys/dir.h>	120	#include <sys/dir.h>
114	#define dirent direct	121	#define dirent direct
115	#endif	122	#endif
		123
116	#include <openssl/objects.h>	124	#include <openssl/objects.h>
117	#include <openssl/bio.h>	125	#include <openssl/bio.h>
118	#include <openssl/pem.h>	126	#include <openssl/pem.h>
		127	#include <openssl/x509v3.h>
119	#include "ssl_locl.h"	128	#include "ssl_locl.h"
120		129
121	int SSL_get_ex_data_X509_STORE_CTX_idx(void)	130	int SSL_get_ex_data_X509_STORE_CTX_idx(void)
@@ -422,8 +431,16 @@ int ssl_verify_cert_chain(SSL s,STACK_OF(X509) sk)
422	X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk);	431	X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk);
423	if (SSL_get_verify_depth(s) >= 0)	432	if (SSL_get_verify_depth(s) >= 0)
424	X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s));	433	X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s));
425	X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),	434	X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),s);
426	(char *)s);	435	/* We need to set the verify purpose. The purpose can be determined by
		436	* the context: if its a server it will verify SSL client certificates
		437	* or vice versa.
		438	*/
		439
		440	if(s->server) i = X509_PURPOSE_SSL_CLIENT;
		441	else i = X509_PURPOSE_SSL_SERVER;
		442
		443	X509_STORE_CTX_purpose_inherit(&ctx, i, s->purpose, s->trust);
427		444
428	if (s->ctx->app_verify_callback != NULL)	445	if (s->ctx->app_verify_callback != NULL)
429	i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */	446	i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */
@@ -534,7 +551,7 @@ int SSL_CTX_add_client_CA(SSL_CTX ctx,X509 x)
534	return(add_client_CA(&(ctx->client_CA),x));	551	return(add_client_CA(&(ctx->client_CA),x));
535	}	552	}
536		553
537	static int name_cmp(X509_NAME a,X509_NAME b)	554	static int xname_cmp(X509_NAME a,X509_NAME b)
538	{	555	{
539	return(X509_NAME_cmp(a,b));	556	return(X509_NAME_cmp(a,b));
540	}	557	}
@@ -556,7 +573,7 @@ STACK_OF(X509_NAME) SSL_load_client_CA_file(const char file)
556	STACK_OF(X509_NAME) ret,sk;	573	STACK_OF(X509_NAME) ret,sk;
557		574
558	ret=sk_X509_NAME_new(NULL);	575	ret=sk_X509_NAME_new(NULL);
559	sk=sk_X509_NAME_new(name_cmp);	576	sk=sk_X509_NAME_new(xname_cmp);
560		577
561	in=BIO_new(BIO_s_file_internal());	578	in=BIO_new(BIO_s_file_internal());
562		579
@@ -617,7 +634,7 @@ int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
617	int ret=1;	634	int ret=1;
618	int (oldcmp)(X509_NAME a, X509_NAME *b);	635	int (oldcmp)(X509_NAME a, X509_NAME *b);
619		636
620	oldcmp=sk_X509_NAME_set_cmp_func(stack,name_cmp);	637	oldcmp=sk_X509_NAME_set_cmp_func(stack,xname_cmp);
621		638
622	in=BIO_new(BIO_s_file_internal());	639	in=BIO_new(BIO_s_file_internal());
623		640
@@ -671,6 +688,7 @@ err:
671		688
672	#ifndef WIN32	689	#ifndef WIN32
673	#ifndef VMS /* XXXX This may be fixed in the future */	690	#ifndef VMS /* XXXX This may be fixed in the future */
		691	#ifndef MAC_OS_pre_X
674		692
675	int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,	693	int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
676	const char *dir)	694	const char *dir)
@@ -714,3 +732,4 @@ err:
714		732
715	#endif	733	#endif
716	#endif	734	#endif
		735	#endif