Add part of chain verify SSL support code: not complete or doing anything

yet.

Add a function X509_STORE_CTX_purpose_inherit() which implements the logic
of "inheriting" purpose and trust from a parent structure and using a default:
this will be used in the SSL code and possibly future S/MIME.

Partial documentation of the 'verify' utility. Still need to document how all
the extension checking works and the various error messages.

2 files changed, 8 insertions, 0 deletions

diff --git a/ssl/ssl.h b/ssl/ssl.h
index f888530625..1b39f0d2ea 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -429,6 +429,9 @@ struct ssl_ctx_st
 /**/	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
 /**/	int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx);
 
+	int purpose;		/* Purpose setting */
+	int trust;		/* Trust setting */
+
 	/* Default password callback. */
 /**/	pem_password_cb *default_passwd_callback;
 
@@ -575,6 +578,9 @@ struct ssl_st
 	int read_ahead;		/* Read as many input bytes as possible */
 	int hit;		/* reusing a previous session */
 
+	int purpose;		/* Purpose setting */
+	int trust;		/* Trust setting */
+
 	/* crypto */
 	STACK_OF(SSL_CIPHER) *cipher_list;
 	STACK_OF(SSL_CIPHER) *cipher_list_by_id;
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index e192fc4cac..9dd6860d96 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -201,6 +201,8 @@ SSL *SSL_new(SSL_CTX *ctx)
 	s->verify_mode=ctx->verify_mode;
 	s->verify_depth=ctx->verify_depth;
 	s->verify_callback=ctx->default_verify_callback;
+	s->purpose = ctx->purpose;
+	s->trust = ctx->trust;
 	CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
 	s->ctx=ctx;