diff options
Diffstat (limited to 'src/lib/libcrypto/x509/x509_trs.c')
| -rw-r--r-- | src/lib/libcrypto/x509/x509_trs.c | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/src/lib/libcrypto/x509/x509_trs.c b/src/lib/libcrypto/x509/x509_trs.c index 9f7d67952d..c779aaf94d 100644 --- a/src/lib/libcrypto/x509/x509_trs.c +++ b/src/lib/libcrypto/x509/x509_trs.c | |||
| @@ -65,7 +65,7 @@ static int tr_cmp(X509_TRUST **a, X509_TRUST **b); | |||
| 65 | static void trtable_free(X509_TRUST *p); | 65 | static void trtable_free(X509_TRUST *p); |
| 66 | 66 | ||
| 67 | static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags); | 67 | static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags); |
| 68 | static int trust_any(X509_TRUST *trust, X509 *x, int flags); | 68 | static int trust_compat(X509_TRUST *trust, X509 *x, int flags); |
| 69 | 69 | ||
| 70 | static int obj_trust(int id, X509 *x, int flags); | 70 | static int obj_trust(int id, X509 *x, int flags); |
| 71 | static int (*default_trust)(int id, X509 *x, int flags) = obj_trust; | 71 | static int (*default_trust)(int id, X509 *x, int flags) = obj_trust; |
| @@ -76,7 +76,7 @@ static int (*default_trust)(int id, X509 *x, int flags) = obj_trust; | |||
| 76 | */ | 76 | */ |
| 77 | 77 | ||
| 78 | static X509_TRUST trstandard[] = { | 78 | static X509_TRUST trstandard[] = { |
| 79 | {X509_TRUST_ANY, 0, trust_any, "Any", 0, NULL}, | 79 | {X509_TRUST_COMPAT, 0, trust_compat, "compatible", 0, NULL}, |
| 80 | {X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL}, | 80 | {X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL}, |
| 81 | {X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Client", NID_server_auth, NULL}, | 81 | {X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Client", NID_server_auth, NULL}, |
| 82 | {X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL}, | 82 | {X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL}, |
| @@ -107,8 +107,8 @@ int X509_check_trust(X509 *x, int id, int flags) | |||
| 107 | X509_TRUST *pt; | 107 | X509_TRUST *pt; |
| 108 | int idx; | 108 | int idx; |
| 109 | if(id == -1) return 1; | 109 | if(id == -1) return 1; |
| 110 | if(!(idx = X509_TRUST_get_by_id(id))) | 110 | idx = X509_TRUST_get_by_id(id); |
| 111 | return default_trust(id, x, flags); | 111 | if(idx == -1) return default_trust(id, x, flags); |
| 112 | pt = X509_TRUST_get0(idx); | 112 | pt = X509_TRUST_get0(idx); |
| 113 | return pt->check_trust(pt, x, flags); | 113 | return pt->check_trust(pt, x, flags); |
| 114 | } | 114 | } |
| @@ -230,6 +230,11 @@ static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags) | |||
| 230 | /* we don't have any trust settings: for compatibility | 230 | /* we don't have any trust settings: for compatibility |
| 231 | * we return trusted if it is self signed | 231 | * we return trusted if it is self signed |
| 232 | */ | 232 | */ |
| 233 | return trust_compat(trust, x, flags); | ||
| 234 | } | ||
| 235 | |||
| 236 | static int trust_compat(X509_TRUST *trust, X509 *x, int flags) | ||
| 237 | { | ||
| 233 | X509_check_purpose(x, -1, 0); | 238 | X509_check_purpose(x, -1, 0); |
| 234 | if(x->ex_flags & EXFLAG_SS) return X509_TRUST_TRUSTED; | 239 | if(x->ex_flags & EXFLAG_SS) return X509_TRUST_TRUSTED; |
| 235 | else return X509_TRUST_UNTRUSTED; | 240 | else return X509_TRUST_UNTRUSTED; |
| @@ -257,7 +262,3 @@ static int obj_trust(int id, X509 *x, int flags) | |||
| 257 | return X509_TRUST_UNTRUSTED; | 262 | return X509_TRUST_UNTRUSTED; |
| 258 | } | 263 | } |
| 259 | 264 | ||
| 260 | static int trust_any(X509_TRUST *trust, X509 *x, int flags) | ||
| 261 | { | ||
| 262 | return X509_TRUST_TRUSTED; | ||
| 263 | } | ||