diff options
author | Dr. Stephen Henson <steve@openssl.org> | 1999-11-29 01:09:25 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 1999-11-29 01:09:25 +0000 |
commit | 13938acecae8f1b455812d0388e2891abd1c096d (patch) | |
tree | a0c899c89f6126f075ca6b88f15f3134bfe21ebe /ssl | |
parent | 51630a37069a0792f2d6ad6ce33e9c5cca27b69c (diff) | |
download | openssl-new-13938acecae8f1b455812d0388e2891abd1c096d.tar.gz |
Add part of chain verify SSL support code: not complete or doing anything
yet.
Add a function X509_STORE_CTX_purpose_inherit() which implements the logic
of "inheriting" purpose and trust from a parent structure and using a default:
this will be used in the SSL code and possibly future S/MIME.
Partial documentation of the 'verify' utility. Still need to document how all
the extension checking works and the various error messages.
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/ssl.h | 6 | ||||
-rw-r--r-- | ssl/ssl_lib.c | 2 |
2 files changed, 8 insertions, 0 deletions
@@ -429,6 +429,9 @@ struct ssl_ctx_st /**/ unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; /**/ int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); + int purpose; /* Purpose setting */ + int trust; /* Trust setting */ + /* Default password callback. */ /**/ pem_password_cb *default_passwd_callback; @@ -575,6 +578,9 @@ struct ssl_st int read_ahead; /* Read as many input bytes as possible */ int hit; /* reusing a previous session */ + int purpose; /* Purpose setting */ + int trust; /* Trust setting */ + /* crypto */ STACK_OF(SSL_CIPHER) *cipher_list; STACK_OF(SSL_CIPHER) *cipher_list_by_id; diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index e192fc4cac..9dd6860d96 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -201,6 +201,8 @@ SSL *SSL_new(SSL_CTX *ctx) s->verify_mode=ctx->verify_mode; s->verify_depth=ctx->verify_depth; s->verify_callback=ctx->default_verify_callback; + s->purpose = ctx->purpose; + s->trust = ctx->trust; CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); s->ctx=ctx; |