1 files changed, 26 insertions, 7 deletions
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
index 6d2511f76c..48f247ceac 100644
--- a/src/lib/libssl/ssl_cert.c
+++ b/src/lib/libssl/ssl_cert.c
@@ -105,17 +105,26 @@
 */
 #include <stdio.h>
-#include <sys/types.h>
-#if !defined(WIN32) && !defined(VSM) && !defined(NeXT)
+#include "openssl/e_os.h"
+#ifndef NO_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#if !defined(WIN32) && !defined(VSM) && !defined(NeXT) && !defined(MAC_OS_pre_X)
 #include <dirent.h>
 #endif
 #ifdef NeXT
 #include <sys/dir.h>
 #define dirent direct
 #endif
 #include <openssl/objects.h>
 #include <openssl/bio.h>
 #include <openssl/pem.h>
+#include <openssl/x509v3.h>
 #include "ssl_locl.h"
 int SSL_get_ex_data_X509_STORE_CTX_idx(void)
@@ -422,8 +431,16 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
        X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk);
        if (SSL_get_verify_depth(s) >= 0)
                X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s));
-        X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),
+        X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),s);
-                (char *)s);
+        /* We need to set the verify purpose. The purpose can be determined by
+         * the context: if its a server it will verify SSL client certificates
+         * or vice versa.
+         */
+        if(s->server) i = X509_PURPOSE_SSL_CLIENT;
+        else i = X509_PURPOSE_SSL_SERVER;
+        X509_STORE_CTX_purpose_inherit(&ctx, i, s->purpose, s->trust);
        if (s->ctx->app_verify_callback != NULL)
                i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */
@@ -534,7 +551,7 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x)
        return(add_client_CA(&(ctx->client_CA),x));
        }
-static int name_cmp(X509_NAME **a,X509_NAME **b)
+static int xname_cmp(X509_NAME **a,X509_NAME **b)
        {
        return(X509_NAME_cmp(*a,*b));
        }
@@ -556,7 +573,7 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
        STACK_OF(X509_NAME) *ret,*sk;
        ret=sk_X509_NAME_new(NULL);
-        sk=sk_X509_NAME_new(name_cmp);
+        sk=sk_X509_NAME_new(xname_cmp);
        in=BIO_new(BIO_s_file_internal());
@@ -617,7 +634,7 @@ int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
    int ret=1;
    int (*oldcmp)(X509_NAME **a, X509_NAME **b);
-    oldcmp=sk_X509_NAME_set_cmp_func(stack,name_cmp);
+    oldcmp=sk_X509_NAME_set_cmp_func(stack,xname_cmp);
    in=BIO_new(BIO_s_file_internal());
@@ -671,6 +688,7 @@ err:
 #ifndef WIN32
 #ifndef VMS                     /* XXXX This may be fixed in the future */
+#ifndef MAC_OS_pre_X
 int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
                                       const char *dir)
@@ -714,3 +732,4 @@ err:
 #endif
 #endif
+#endif

diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c index 6d2511f76c..48f247ceac 100644 --- a/src/lib/libssl/ssl_cert.c +++ b/src/lib/libssl/ssl_cert.c
@@ -105,17 +105,26 @@
105	*/	105	*/
106		106
107	#include <stdio.h>	107	#include <stdio.h>
108	#include <sys/types.h>	108
109	#if !defined(WIN32) && !defined(VSM) && !defined(NeXT)	109	#include "openssl/e_os.h"
		110
		111	#ifndef NO_SYS_TYPES_H
		112	# include <sys/types.h>
		113	#endif
		114
		115	#if !defined(WIN32) && !defined(VSM) && !defined(NeXT) && !defined(MAC_OS_pre_X)
110	#include <dirent.h>	116	#include <dirent.h>
111	#endif	117	#endif
		118
112	#ifdef NeXT	119	#ifdef NeXT
113	#include <sys/dir.h>	120	#include <sys/dir.h>
114	#define dirent direct	121	#define dirent direct
115	#endif	122	#endif
		123
116	#include <openssl/objects.h>	124	#include <openssl/objects.h>
117	#include <openssl/bio.h>	125	#include <openssl/bio.h>
118	#include <openssl/pem.h>	126	#include <openssl/pem.h>
		127	#include <openssl/x509v3.h>
119	#include "ssl_locl.h"	128	#include "ssl_locl.h"
120		129
121	int SSL_get_ex_data_X509_STORE_CTX_idx(void)	130	int SSL_get_ex_data_X509_STORE_CTX_idx(void)
@@ -422,8 +431,16 @@ int ssl_verify_cert_chain(SSL s,STACK_OF(X509) sk)
422	X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk);	431	X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk);
423	if (SSL_get_verify_depth(s) >= 0)	432	if (SSL_get_verify_depth(s) >= 0)
424	X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s));	433	X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s));
425	X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),	434	X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),s);
426	(char *)s);	435	/* We need to set the verify purpose. The purpose can be determined by
		436	* the context: if its a server it will verify SSL client certificates
		437	* or vice versa.
		438	*/
		439
		440	if(s->server) i = X509_PURPOSE_SSL_CLIENT;
		441	else i = X509_PURPOSE_SSL_SERVER;
		442
		443	X509_STORE_CTX_purpose_inherit(&ctx, i, s->purpose, s->trust);
427		444
428	if (s->ctx->app_verify_callback != NULL)	445	if (s->ctx->app_verify_callback != NULL)
429	i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */	446	i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */
@@ -534,7 +551,7 @@ int SSL_CTX_add_client_CA(SSL_CTX ctx,X509 x)
534	return(add_client_CA(&(ctx->client_CA),x));	551	return(add_client_CA(&(ctx->client_CA),x));
535	}	552	}
536		553
537	static int name_cmp(X509_NAME a,X509_NAME b)	554	static int xname_cmp(X509_NAME a,X509_NAME b)
538	{	555	{
539	return(X509_NAME_cmp(a,b));	556	return(X509_NAME_cmp(a,b));
540	}	557	}
@@ -556,7 +573,7 @@ STACK_OF(X509_NAME) SSL_load_client_CA_file(const char file)
556	STACK_OF(X509_NAME) ret,sk;	573	STACK_OF(X509_NAME) ret,sk;
557		574
558	ret=sk_X509_NAME_new(NULL);	575	ret=sk_X509_NAME_new(NULL);
559	sk=sk_X509_NAME_new(name_cmp);	576	sk=sk_X509_NAME_new(xname_cmp);
560		577
561	in=BIO_new(BIO_s_file_internal());	578	in=BIO_new(BIO_s_file_internal());
562		579
@@ -617,7 +634,7 @@ int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
617	int ret=1;	634	int ret=1;
618	int (oldcmp)(X509_NAME a, X509_NAME *b);	635	int (oldcmp)(X509_NAME a, X509_NAME *b);
619		636
620	oldcmp=sk_X509_NAME_set_cmp_func(stack,name_cmp);	637	oldcmp=sk_X509_NAME_set_cmp_func(stack,xname_cmp);
621		638
622	in=BIO_new(BIO_s_file_internal());	639	in=BIO_new(BIO_s_file_internal());
623		640
@@ -671,6 +688,7 @@ err:
671		688
672	#ifndef WIN32	689	#ifndef WIN32
673	#ifndef VMS /* XXXX This may be fixed in the future */	690	#ifndef VMS /* XXXX This may be fixed in the future */
		691	#ifndef MAC_OS_pre_X
674		692
675	int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,	693	int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
676	const char *dir)	694	const char *dir)
@@ -714,3 +732,4 @@ err:
714		732
715	#endif	733	#endif
716	#endif	734	#endif
		735	#endif