1 files changed, 49 insertions, 10 deletions
diff --git a/src/lib/libcrypto/x509/x509_trs.c b/src/lib/libcrypto/x509/x509_trs.c
index e3265918a4..6b935f8bee 100644
--- a/src/lib/libcrypto/x509/x509_trs.c
+++ b/src/lib/libcrypto/x509/x509_trs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_trs.c,v 1.31 2023/02/16 08:38:17 tb Exp $ */
+/* $OpenBSD: x509_trs.c,v 1.32 2023/07/02 17:12:17 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -80,17 +80,56 @@ static int (*default_trust)(int id, X509 *x, int flags) = obj_trust;
 */
 static X509_TRUST trstandard[] = {
-        {X509_TRUST_COMPAT, 0, trust_compat, "compatible", 0, NULL},
+        {
-        {X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL},
+                .trust = X509_TRUST_COMPAT,
-        {X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, NULL},
+                .check_trust = trust_compat,
-        {X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL},
+                .name = "compatible",
-        {X509_TRUST_OBJECT_SIGN, 0, trust_1oidany, "Object Signer", NID_code_sign, NULL},
+        },
-        {X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign, NULL},
+        {
-        {X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL},
+                .trust = X509_TRUST_SSL_CLIENT,
-        {X509_TRUST_TSA, 0, trust_1oidany, "TSA server", NID_time_stamp, NULL}
+                .check_trust = trust_1oidany,
+                .name = "SSL Client",
+                .arg1 = NID_client_auth,
+        },
+        {
+                .trust = X509_TRUST_SSL_SERVER,
+                .check_trust = trust_1oidany,
+                .name = "SSL Server",
+                .arg1 = NID_server_auth,
+        },
+        {
+                .trust = X509_TRUST_EMAIL,
+                .check_trust = trust_1oidany,
+                .name = "S/MIME email",
+                .arg1 = NID_email_protect,
+        },
+        {
+                .trust = X509_TRUST_OBJECT_SIGN,
+                .check_trust = trust_1oidany,
+                .name = "Object Signer",
+                .arg1 = NID_code_sign,
+        },
+        {
+                .trust = X509_TRUST_OCSP_SIGN,
+                .check_trust = trust_1oid,
+                .name = "OCSP responder",
+                .arg1 = NID_OCSP_sign,
+        },
+        {
+                .trust = X509_TRUST_OCSP_REQUEST,
+                .check_trust = trust_1oid,
+                .name = "OCSP request",
+                .arg1 = NID_ad_OCSP,
+        },
+        {
+                .trust = X509_TRUST_TSA,
+                .check_trust = trust_1oidany,
+                .name = "TSA server",
+                .arg1 = NID_time_stamp,
+        },
 };
-#define X509_TRUST_COUNT        (sizeof(trstandard)/sizeof(X509_TRUST))
+#define X509_TRUST_COUNT        (sizeof(trstandard) / sizeof(trstandard[0]))
 static STACK_OF(X509_TRUST) *trtable = NULL;

diff --git a/src/lib/libcrypto/x509/x509_trs.c b/src/lib/libcrypto/x509/x509_trs.c index e3265918a4..6b935f8bee 100644 --- a/src/lib/libcrypto/x509/x509_trs.c +++ b/src/lib/libcrypto/x509/x509_trs.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_trs.c,v 1.31 2023/02/16 08:38:17 tb Exp $ */	1	/* $OpenBSD: x509_trs.c,v 1.32 2023/07/02 17:12:17 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 1999.	3	* project 1999.
4	*/	4	*/
@@ -80,17 +80,56 @@ static int (default_trust)(int id, X509 x, int flags) = obj_trust;
80	*/	80	*/
81		81
82	static X509_TRUST trstandard[] = {	82	static X509_TRUST trstandard[] = {
83	{X509_TRUST_COMPAT, 0, trust_compat, "compatible", 0, NULL},	83	{
84	{X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL},	84	.trust = X509_TRUST_COMPAT,
85	{X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, NULL},	85	.check_trust = trust_compat,
86	{X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL},	86	.name = "compatible",
87	{X509_TRUST_OBJECT_SIGN, 0, trust_1oidany, "Object Signer", NID_code_sign, NULL},	87	},
88	{X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign, NULL},	88	{
89	{X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL},	89	.trust = X509_TRUST_SSL_CLIENT,
90	{X509_TRUST_TSA, 0, trust_1oidany, "TSA server", NID_time_stamp, NULL}	90	.check_trust = trust_1oidany,
		91	.name = "SSL Client",
		92	.arg1 = NID_client_auth,
		93	},
		94	{
		95	.trust = X509_TRUST_SSL_SERVER,
		96	.check_trust = trust_1oidany,
		97	.name = "SSL Server",
		98	.arg1 = NID_server_auth,
		99	},
		100	{
		101	.trust = X509_TRUST_EMAIL,
		102	.check_trust = trust_1oidany,
		103	.name = "S/MIME email",
		104	.arg1 = NID_email_protect,
		105	},
		106	{
		107	.trust = X509_TRUST_OBJECT_SIGN,
		108	.check_trust = trust_1oidany,
		109	.name = "Object Signer",
		110	.arg1 = NID_code_sign,
		111	},
		112	{
		113	.trust = X509_TRUST_OCSP_SIGN,
		114	.check_trust = trust_1oid,
		115	.name = "OCSP responder",
		116	.arg1 = NID_OCSP_sign,
		117	},
		118	{
		119	.trust = X509_TRUST_OCSP_REQUEST,
		120	.check_trust = trust_1oid,
		121	.name = "OCSP request",
		122	.arg1 = NID_ad_OCSP,
		123	},
		124	{
		125	.trust = X509_TRUST_TSA,
		126	.check_trust = trust_1oidany,
		127	.name = "TSA server",
		128	.arg1 = NID_time_stamp,
		129	},
91	};	130	};
92		131
93	#define X509_TRUST_COUNT (sizeof(trstandard)/sizeof(X509_TRUST))	132	#define X509_TRUST_COUNT (sizeof(trstandard) / sizeof(trstandard[0]))
94		133
95	static STACK_OF(X509_TRUST) *trtable = NULL;	134	static STACK_OF(X509_TRUST) *trtable = NULL;
96		135