diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/x509/x509_trs.c | 63 |
1 files changed, 30 insertions, 33 deletions
diff --git a/src/lib/libcrypto/x509/x509_trs.c b/src/lib/libcrypto/x509/x509_trs.c index c1191b40ed..4391907ca6 100644 --- a/src/lib/libcrypto/x509/x509_trs.c +++ b/src/lib/libcrypto/x509/x509_trs.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_trs.c,v 1.37 2024/01/10 21:14:14 tb Exp $ */ | 1 | /* $OpenBSD: x509_trs.c,v 1.38 2024/01/10 21:19:56 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 1999. | 3 | * project 1999. |
| 4 | */ | 4 | */ |
| @@ -64,19 +64,6 @@ | |||
| 64 | 64 | ||
| 65 | #include "x509_local.h" | 65 | #include "x509_local.h" |
| 66 | 66 | ||
| 67 | static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags); | ||
| 68 | static int trust_1oid(X509_TRUST *trust, X509 *x, int flags); | ||
| 69 | |||
| 70 | static int | ||
| 71 | trust_compat(X509_TRUST *trust, X509 *x, int flags) | ||
| 72 | { | ||
| 73 | X509_check_purpose(x, -1, 0); | ||
| 74 | if (x->ex_flags & EXFLAG_SS) | ||
| 75 | return X509_TRUST_TRUSTED; | ||
| 76 | else | ||
| 77 | return X509_TRUST_UNTRUSTED; | ||
| 78 | } | ||
| 79 | |||
| 80 | static int | 67 | static int |
| 81 | obj_trust(int id, X509 *x, int flags) | 68 | obj_trust(int id, X509 *x, int flags) |
| 82 | { | 69 | { |
| @@ -106,6 +93,35 @@ obj_trust(int id, X509 *x, int flags) | |||
| 106 | return X509_TRUST_UNTRUSTED; | 93 | return X509_TRUST_UNTRUSTED; |
| 107 | } | 94 | } |
| 108 | 95 | ||
| 96 | static int | ||
| 97 | trust_compat(X509_TRUST *trust, X509 *x, int flags) | ||
| 98 | { | ||
| 99 | X509_check_purpose(x, -1, 0); | ||
| 100 | if (x->ex_flags & EXFLAG_SS) | ||
| 101 | return X509_TRUST_TRUSTED; | ||
| 102 | else | ||
| 103 | return X509_TRUST_UNTRUSTED; | ||
| 104 | } | ||
| 105 | |||
| 106 | static int | ||
| 107 | trust_1oidany(X509_TRUST *trust, X509 *x, int flags) | ||
| 108 | { | ||
| 109 | if (x->aux && (x->aux->trust || x->aux->reject)) | ||
| 110 | return obj_trust(trust->arg1, x, flags); | ||
| 111 | /* we don't have any trust settings: for compatibility | ||
| 112 | * we return trusted if it is self signed | ||
| 113 | */ | ||
| 114 | return trust_compat(trust, x, flags); | ||
| 115 | } | ||
| 116 | |||
| 117 | static int | ||
| 118 | trust_1oid(X509_TRUST *trust, X509 *x, int flags) | ||
| 119 | { | ||
| 120 | if (x->aux) | ||
| 121 | return obj_trust(trust->arg1, x, flags); | ||
| 122 | return X509_TRUST_UNTRUSTED; | ||
| 123 | } | ||
| 124 | |||
| 109 | /* WARNING: the following table should be kept in order of trust | 125 | /* WARNING: the following table should be kept in order of trust |
| 110 | * and without any gaps so we can just subtract the minimum trust | 126 | * and without any gaps so we can just subtract the minimum trust |
| 111 | * value to get an index into the table | 127 | * value to get an index into the table |
| @@ -286,22 +302,3 @@ X509_TRUST_get_trust(const X509_TRUST *xp) | |||
| 286 | return xp->trust; | 302 | return xp->trust; |
| 287 | } | 303 | } |
| 288 | LCRYPTO_ALIAS(X509_TRUST_get_trust); | 304 | LCRYPTO_ALIAS(X509_TRUST_get_trust); |
| 289 | |||
| 290 | static int | ||
| 291 | trust_1oidany(X509_TRUST *trust, X509 *x, int flags) | ||
| 292 | { | ||
| 293 | if (x->aux && (x->aux->trust || x->aux->reject)) | ||
| 294 | return obj_trust(trust->arg1, x, flags); | ||
| 295 | /* we don't have any trust settings: for compatibility | ||
| 296 | * we return trusted if it is self signed | ||
| 297 | */ | ||
| 298 | return trust_compat(trust, x, flags); | ||
| 299 | } | ||
| 300 | |||
| 301 | static int | ||
| 302 | trust_1oid(X509_TRUST *trust, X509 *x, int flags) | ||
| 303 | { | ||
| 304 | if (x->aux) | ||
| 305 | return obj_trust(trust->arg1, x, flags); | ||
| 306 | return X509_TRUST_UNTRUSTED; | ||
| 307 | } | ||