Fix inconsistent behaviour with respect to verify_callback handling.

CHANGES

@@ -4,6 +4,14 @@
 
  Changes between 0.9.6b and 0.9.6c  [XX xxx XXXX]
 
+  *) Modified SSL library such that the verify_callback that has been set
+     specificly for an SSL object with SSL_set_verify() is actually being
+     used. Before the change, a verify_callback set with this function was
+     ignored and the verify_callback() set in the SSL_CTX at the time of
+     the call was used. New function X509_STORE_CTX_set_verify_cb() introduced
+     to allow the necessary settings.
+     [Lutz Jaenicke]
+
   *) Initialize static variable in crypto/dsa/dsa_lib.c and crypto/dh/dh_lib.c
      explicitely to NULL, as at least on Solaris 8 this seems not always to be
      done automatically (in contradiction to the requirements of the C

crypto/x509/x509_vfy.h

@@ -382,6 +382,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
 				int purpose, int trust);
 void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags);
 void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t);
+void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
+				  int (*verify_cb)(int, X509_STORE_CTX *));
 
 #ifdef  __cplusplus
 }

ssl/ssl_cert.c

@@ -461,6 +461,8 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
 
 	X509_STORE_CTX_purpose_inherit(&ctx, i, s->purpose, s->trust);
 
+	X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback);
+
 	if (s->ctx->app_verify_callback != NULL)
 		i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */
 	else

ssl/ssl_lib.c

@@ -1293,8 +1293,6 @@ void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *))
 	{
 	ctx->verify_mode=mode;
 	ctx->default_verify_callback=cb;
-	/* This needs cleaning up EAY EAY EAY */
-	X509_STORE_set_verify_cb_func(ctx->cert_store,cb);
 	}
 
 void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth)