diff options
author | Bodo Möller <bodo@openssl.org> | 1999-05-01 03:20:40 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 1999-05-01 03:20:40 +0000 |
commit | 7f89714e64d1dc64b50554a92e2a12596b9934ba (patch) | |
tree | 940620d173d8a4c7cbea392ba4c9760b7a6efa23 /crypto/x509 | |
parent | 69bb35ed726102975259808dcf7c279f85afef4f (diff) | |
download | openssl-new-7f89714e64d1dc64b50554a92e2a12596b9934ba.tar.gz |
Support verify_depth from the SSL API without need for user-defined
callbacks.
Submitted by:
Reviewed by:
PR:
Diffstat (limited to 'crypto/x509')
-rw-r--r-- | crypto/x509/x509_lu.c | 2 | ||||
-rw-r--r-- | crypto/x509/x509_vfy.c | 4 | ||||
-rw-r--r-- | crypto/x509/x509_vfy.h | 6 |
3 files changed, 7 insertions, 5 deletions
diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index 2bdf613d4f..d86e43776f 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -391,7 +391,7 @@ void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, ctx->last_untrusted=0; ctx->valid=0; ctx->chain=NULL; - ctx->depth=10; + ctx->depth=9; ctx->error=0; ctx->current_cert=NULL; memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA)); diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 282d9f3dda..16fef853dd 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -143,7 +143,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) for (;;) { /* If we have enough, we break */ - if (depth <= num) break; + if (depth < num) break; /* If we are self signed, we break */ xn=X509_get_issuer_name(x); @@ -206,7 +206,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) for (;;) { /* If we have enough, we break */ - if (depth <= num) break; + if (depth < num) break; /* If we are self signed, we break */ xn=X509_get_issuer_name(x); diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h index e78f5abb56..1f89bf0225 100644 --- a/crypto/x509/x509_vfy.h +++ b/crypto/x509/x509_vfy.h @@ -169,7 +169,7 @@ typedef struct x509_store_st CRYPTO_EX_DATA ex_data; int references; - int depth; /* how deep to look (still unused) */ + int depth; /* how deep to look (still unused -- X509_STORE_CTX's depth is used) */ } X509_STORE; #define X509_STORE_set_depth(ctx,d) ((ctx)->depth=(d)) @@ -191,7 +191,7 @@ struct x509_lookup_st /* This is a temporary used when processing cert chains. Since the * gathering of the cert chain can take some time (and have to be * 'retried', this needs to be kept and passed around. */ -struct x509_store_state_st +struct x509_store_state_st /* X509_STORE_CTX */ { X509_STORE *ctx; int current_method; /* used when looking up certs */ @@ -214,6 +214,8 @@ struct x509_store_state_st CRYPTO_EX_DATA ex_data; }; +#define X509_STORE_CTX_set_depth(ctx,d) ((ctx)->depth=(d)) + #define X509_STORE_CTX_set_app_data(ctx,data) \ X509_STORE_CTX_set_ex_data(ctx,0,data) #define X509_STORE_CTX_get_app_data(ctx) \ |