diff options
| -rw-r--r-- | src/lib/libcrypto/x509/x509_local.h | 10 | ||||
| -rw-r--r-- | src/lib/libcrypto/x509/x509_vfy.c | 56 |
2 files changed, 11 insertions, 55 deletions
diff --git a/src/lib/libcrypto/x509/x509_local.h b/src/lib/libcrypto/x509/x509_local.h index 63082d1b19..080dbaf099 100644 --- a/src/lib/libcrypto/x509/x509_local.h +++ b/src/lib/libcrypto/x509/x509_local.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_local.h,v 1.11 2023/11/01 20:37:42 tb Exp $ */ | 1 | /* $OpenBSD: x509_local.h,v 1.12 2023/12/22 07:35:09 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2013. | 3 | * project 2013. |
| 4 | */ | 4 | */ |
| @@ -299,15 +299,7 @@ struct x509_store_st { | |||
| 299 | /* Callbacks for various operations */ | 299 | /* Callbacks for various operations */ |
| 300 | int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */ | 300 | int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */ |
| 301 | int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */ | 301 | int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */ |
| 302 | int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */ | ||
| 303 | int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */ | 302 | int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */ |
| 304 | int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */ | ||
| 305 | int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */ | ||
| 306 | int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */ | ||
| 307 | int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */ | ||
| 308 | STACK_OF(X509) * (*lookup_certs)(X509_STORE_CTX *ctx, X509_NAME *nm); | ||
| 309 | STACK_OF(X509_CRL) * (*lookup_crls)(X509_STORE_CTX *ctx, X509_NAME *nm); | ||
| 310 | int (*cleanup)(X509_STORE_CTX *ctx); | ||
| 311 | 303 | ||
| 312 | CRYPTO_EX_DATA ex_data; | 304 | CRYPTO_EX_DATA ex_data; |
| 313 | int references; | 305 | int references; |
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c index 2d4061cfdf..2f86722c82 100644 --- a/src/lib/libcrypto/x509/x509_vfy.c +++ b/src/lib/libcrypto/x509/x509_vfy.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_vfy.c,v 1.127 2023/11/27 00:51:12 tb Exp $ */ | 1 | /* $OpenBSD: x509_vfy.c,v 1.128 2023/12/22 07:35:09 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -2338,52 +2338,16 @@ X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *leaf, | |||
| 2338 | else | 2338 | else |
| 2339 | ctx->verify_cb = null_callback; | 2339 | ctx->verify_cb = null_callback; |
| 2340 | 2340 | ||
| 2341 | if (store && store->get_issuer) | 2341 | ctx->get_issuer = X509_STORE_CTX_get1_issuer; |
| 2342 | ctx->get_issuer = store->get_issuer; | 2342 | ctx->check_issued = check_issued; |
| 2343 | else | 2343 | ctx->check_revocation = check_revocation; |
| 2344 | ctx->get_issuer = X509_STORE_CTX_get1_issuer; | 2344 | ctx->get_crl = NULL; /* XXX - remove */ |
| 2345 | 2345 | ctx->check_crl = check_crl; | |
| 2346 | if (store && store->check_issued) | 2346 | ctx->cert_crl = cert_crl; |
| 2347 | ctx->check_issued = store->check_issued; | ||
| 2348 | else | ||
| 2349 | ctx->check_issued = check_issued; | ||
| 2350 | |||
| 2351 | if (store && store->check_revocation) | ||
| 2352 | ctx->check_revocation = store->check_revocation; | ||
| 2353 | else | ||
| 2354 | ctx->check_revocation = check_revocation; | ||
| 2355 | |||
| 2356 | if (store && store->get_crl) | ||
| 2357 | ctx->get_crl = store->get_crl; | ||
| 2358 | else | ||
| 2359 | ctx->get_crl = NULL; | ||
| 2360 | |||
| 2361 | if (store && store->check_crl) | ||
| 2362 | ctx->check_crl = store->check_crl; | ||
| 2363 | else | ||
| 2364 | ctx->check_crl = check_crl; | ||
| 2365 | |||
| 2366 | if (store && store->cert_crl) | ||
| 2367 | ctx->cert_crl = store->cert_crl; | ||
| 2368 | else | ||
| 2369 | ctx->cert_crl = cert_crl; | ||
| 2370 | |||
| 2371 | ctx->check_policy = check_policy; | 2347 | ctx->check_policy = check_policy; |
| 2372 | 2348 | ctx->lookup_certs = X509_STORE_CTX_get1_certs; | |
| 2373 | if (store && store->lookup_certs) | 2349 | ctx->lookup_crls = X509_STORE_CTX_get1_crls; |
| 2374 | ctx->lookup_certs = store->lookup_certs; | 2350 | ctx->cleanup = NULL; /* XXX - remove */ |
| 2375 | else | ||
| 2376 | ctx->lookup_certs = X509_STORE_CTX_get1_certs; | ||
| 2377 | |||
| 2378 | if (store && store->lookup_crls) | ||
| 2379 | ctx->lookup_crls = store->lookup_crls; | ||
| 2380 | else | ||
| 2381 | ctx->lookup_crls = X509_STORE_CTX_get1_crls; | ||
| 2382 | |||
| 2383 | if (store && store->cleanup) | ||
| 2384 | ctx->cleanup = store->cleanup; | ||
| 2385 | else | ||
| 2386 | ctx->cleanup = NULL; | ||
| 2387 | 2351 | ||
| 2388 | ctx->param = X509_VERIFY_PARAM_new(); | 2352 | ctx->param = X509_VERIFY_PARAM_new(); |
| 2389 | if (!ctx->param) { | 2353 | if (!ctx->param) { |