From f77c42a93e09c937696f65c6aefd2b3120a20cff Mon Sep 17 00:00:00 2001 From: tb <> Date: Fri, 24 Oct 2025 11:33:38 +0000 Subject: Expose X509_VERIFY_PARAM_get_hostflags() This is needed by Python 3.14, extending the urllib3 nonsense further. This is a trivial getter and it is exercised by the libssl unit test I added for urllib3 (which can now use dynamic linking for libcrypto). Fixes https://github.com/libressl/portable/issues/1202 Thanks to @orbea for the report. ok kenjiro PS: X509_VERIFY_PARAM_get_flags() and X509_VERIFY_PARAM_get_peername() aren't const correct. Fixing this will require some doing... --- src/lib/libcrypto/Symbols.list | 1 + src/lib/libcrypto/hidden/openssl/x509_vfy.h | 3 ++- src/lib/libcrypto/x509/x509_vfy.h | 3 ++- src/lib/libcrypto/x509/x509_vpm.c | 4 ++-- 4 files changed, 7 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/lib/libcrypto/Symbols.list b/src/lib/libcrypto/Symbols.list index 33668f24c5..d85922e12e 100644 --- a/src/lib/libcrypto/Symbols.list +++ b/src/lib/libcrypto/Symbols.list @@ -2654,6 +2654,7 @@ X509_VERIFY_PARAM_get0_peername X509_VERIFY_PARAM_get_count X509_VERIFY_PARAM_get_depth X509_VERIFY_PARAM_get_flags +X509_VERIFY_PARAM_get_hostflags X509_VERIFY_PARAM_get_time X509_VERIFY_PARAM_inherit X509_VERIFY_PARAM_lookup diff --git a/src/lib/libcrypto/hidden/openssl/x509_vfy.h b/src/lib/libcrypto/hidden/openssl/x509_vfy.h index cc0991518f..d0c46b655e 100644 --- a/src/lib/libcrypto/hidden/openssl/x509_vfy.h +++ b/src/lib/libcrypto/hidden/openssl/x509_vfy.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_vfy.h,v 1.10 2025/03/09 15:20:20 tb Exp $ */ +/* $OpenBSD: x509_vfy.h,v 1.11 2025/10/24 11:33:38 tb Exp $ */ /* * Copyright (c) 2022 Bob Beck * @@ -122,6 +122,7 @@ LCRYPTO_USED(X509_VERIFY_PARAM_set1_name); LCRYPTO_USED(X509_VERIFY_PARAM_set_flags); LCRYPTO_USED(X509_VERIFY_PARAM_clear_flags); LCRYPTO_USED(X509_VERIFY_PARAM_get_flags); +LCRYPTO_USED(X509_VERIFY_PARAM_get_hostflags); LCRYPTO_USED(X509_VERIFY_PARAM_set_purpose); LCRYPTO_USED(X509_VERIFY_PARAM_set_trust); LCRYPTO_USED(X509_VERIFY_PARAM_set_depth); diff --git a/src/lib/libcrypto/x509/x509_vfy.h b/src/lib/libcrypto/x509/x509_vfy.h index 7058bbc5b0..04e555149a 100644 --- a/src/lib/libcrypto/x509/x509_vfy.h +++ b/src/lib/libcrypto/x509/x509_vfy.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_vfy.h,v 1.70 2025/03/09 15:20:20 tb Exp $ */ +/* $OpenBSD: x509_vfy.h,v 1.71 2025/10/24 11:33:38 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -441,6 +441,7 @@ int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, const char *name, size_t namelen); int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, const char *name, size_t namelen); +unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param); void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, unsigned int flags); char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param); diff --git a/src/lib/libcrypto/x509/x509_vpm.c b/src/lib/libcrypto/x509/x509_vpm.c index 0789a51c13..7b4ce3b7a6 100644 --- a/src/lib/libcrypto/x509/x509_vpm.c +++ b/src/lib/libcrypto/x509/x509_vpm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_vpm.c,v 1.57 2025/10/10 23:07:40 tb Exp $ */ +/* $OpenBSD: x509_vpm.c,v 1.58 2025/10/24 11:33:38 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2004. */ @@ -543,12 +543,12 @@ X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, } LCRYPTO_ALIAS(X509_VERIFY_PARAM_add1_host); -/* Public API in OpenSSL - nothing seems to use this. */ unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param) { return param->hostflags; } +LCRYPTO_ALIAS(X509_VERIFY_PARAM_get_hostflags); void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, unsigned int flags) -- cgit v1.2.3-55-g6feb