Add X509_VERIFY_PARAM inheritance flag set/get
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2079)
This commit is contained in:
parent
3dfda1a636
commit
a47bc28317
5 changed files with 70 additions and 6 deletions
|
@ -18,7 +18,7 @@
|
|||
struct X509_VERIFY_PARAM_st {
|
||||
char *name;
|
||||
time_t check_time; /* Time to use */
|
||||
unsigned long inh_flags; /* Inheritance flags */
|
||||
uint32_t inh_flags; /* Inheritance flags */
|
||||
unsigned long flags; /* Various verify flags */
|
||||
int purpose; /* purpose to check untrusted certificates */
|
||||
int trust; /* trust setting to check */
|
||||
|
|
|
@ -289,6 +289,17 @@ unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param)
|
|||
return param->flags;
|
||||
}
|
||||
|
||||
uint32_t X509_VERIFY_PARAM_get_inh_flags(const X509_VERIFY_PARAM *param)
|
||||
{
|
||||
return param->inh_flags;
|
||||
}
|
||||
|
||||
int X509_VERIFY_PARAM_set_inh_flags(X509_VERIFY_PARAM *param, uint32_t flags)
|
||||
{
|
||||
param->inh_flags = flags;
|
||||
return 1;
|
||||
}
|
||||
|
||||
int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose)
|
||||
{
|
||||
return X509_PURPOSE_set(¶m->purpose, purpose);
|
||||
|
|
|
@ -2,18 +2,34 @@
|
|||
|
||||
=head1 NAME
|
||||
|
||||
X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_get_flags, X509_VERIFY_PARAM_set_purpose, X509_VERIFY_PARAM_set_trust, X509_VERIFY_PARAM_set_depth, X509_VERIFY_PARAM_get_depth, X509_VERIFY_PARAM_set_auth_level, X509_VERIFY_PARAM_get_auth_level, X509_VERIFY_PARAM_set_time, X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies, X509_VERIFY_PARAM_set1_host, X509_VERIFY_PARAM_add1_host, X509_VERIFY_PARAM_set_hostflags, X509_VERIFY_PARAM_get0_peername, X509_VERIFY_PARAM_set1_email, X509_VERIFY_PARAM_set1_ip, X509_VERIFY_PARAM_set1_ip_asc - X509 verification parameters
|
||||
X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags,
|
||||
X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags,
|
||||
X509_VERIFY_PARAM_get_flags, X509_VERIFY_PARAM_set_purpose,
|
||||
X509_VERIFY_PARAM_get_inh_flags, X509_VERIFY_PARAM_set_inh_flags,
|
||||
X509_VERIFY_PARAM_set_trust, X509_VERIFY_PARAM_set_depth,
|
||||
X509_VERIFY_PARAM_get_depth, X509_VERIFY_PARAM_set_auth_level,
|
||||
X509_VERIFY_PARAM_get_auth_level, X509_VERIFY_PARAM_set_time,
|
||||
X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies,
|
||||
X509_VERIFY_PARAM_set1_host, X509_VERIFY_PARAM_add1_host,
|
||||
X509_VERIFY_PARAM_set_hostflags, X509_VERIFY_PARAM_get0_peername,
|
||||
X509_VERIFY_PARAM_set1_email, X509_VERIFY_PARAM_set1_ip,
|
||||
X509_VERIFY_PARAM_set1_ip_asc
|
||||
- X509 verification parameters
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
#include <openssl/x509_vfy.h>
|
||||
|
||||
int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param,
|
||||
unsigned long flags);
|
||||
unsigned long flags);
|
||||
int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,
|
||||
unsigned long flags);
|
||||
unsigned long flags);
|
||||
unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param);
|
||||
|
||||
int X509_VERIFY_PARAM_set_inh_flags(X509_VERIFY_PARAM *param,
|
||||
uint32_t flags);
|
||||
uint32_t X509_VERIFY_PARAM_get_inh_flags(const X509_VERIFY_PARAM *param);
|
||||
|
||||
int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose);
|
||||
int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust);
|
||||
|
||||
|
@ -55,6 +71,11 @@ description of values the B<flags> parameter can take.
|
|||
|
||||
X509_VERIFY_PARAM_get_flags() returns the flags in B<param>.
|
||||
|
||||
X509_VERIFY_PARAM_get_inh_flags() returns the inheritance flags in B<param>
|
||||
which specifies how verification flags are copied from one structure to
|
||||
another. X509_VERIFY_PARAM_set_inh_flags() sets the inheritance flags.
|
||||
See the B<INHERITANCE FLAGS> section for a description of these bits.
|
||||
|
||||
X509_VERIFY_PARAM_clear_flags() clears the flags B<flags> in B<param>.
|
||||
|
||||
X509_VERIFY_PARAM_set_purpose() sets the verification purpose in B<param>
|
||||
|
@ -154,6 +175,7 @@ IPv6. The condensed "::" notation is supported for IPv6 addresses.
|
|||
=head1 RETURN VALUES
|
||||
|
||||
X509_VERIFY_PARAM_set_flags(), X509_VERIFY_PARAM_clear_flags(),
|
||||
X509_VERIFY_PARAM_set_inh_flags(),
|
||||
X509_VERIFY_PARAM_set_purpose(), X509_VERIFY_PARAM_set_trust(),
|
||||
X509_VERIFY_PARAM_add0_policy() X509_VERIFY_PARAM_set1_policies(),
|
||||
X509_VERIFY_PARAM_set1_host(), X509_VERIFY_PARAM_add1_host(),
|
||||
|
@ -163,6 +185,8 @@ failure.
|
|||
|
||||
X509_VERIFY_PARAM_get_flags() returns the current verification flags.
|
||||
|
||||
X509_VERIFY_PARAM_get_inh_flags() returns the current inheritance flags.
|
||||
|
||||
X509_VERIFY_PARAM_set_time() and X509_VERIFY_PARAM_set_depth() do not return
|
||||
values.
|
||||
|
||||
|
@ -242,6 +266,28 @@ The B<X509_V_FLAG_NO_CHECK_TIME> flag suppresses checking the validity period
|
|||
of certificates and CRLs against the current time. If X509_VERIFY_PARAM_set_time()
|
||||
is used to specify a verification time, the check is not suppressed.
|
||||
|
||||
=head1 INHERITANCE FLAGS
|
||||
|
||||
These flags spevify how parameters are "inherited" from one structure to
|
||||
another.
|
||||
|
||||
If B<X509_VP_FLAG_ONCE> is set then the current setting is zeroed
|
||||
after the next call.
|
||||
|
||||
If B<X509_VP_FLAG_LOCKED> is set then no values are copied. This overrides
|
||||
all of the following flags.
|
||||
|
||||
If B<X509_VP_FLAG_DEFAULT> is set then anything set in the source is copied
|
||||
to the destination. Effectively the values in "to" become default values
|
||||
which will be used only if nothing new is set in "from". This is the
|
||||
default.
|
||||
|
||||
If B<X509_VP_FLAG_OVERWRITE> is set then all value are copied across whether
|
||||
they are set or not. Flags is still Ored though.
|
||||
|
||||
If B<X509_VP_FLAG_RESET_FLAGS> is set then the flags value is copied instead
|
||||
of ORed.
|
||||
|
||||
=head1 NOTES
|
||||
|
||||
The above functions should be used to manipulate verification parameters
|
||||
|
|
|
@ -272,6 +272,7 @@ int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
|
|||
int X509_STORE_set_trust(X509_STORE *ctx, int trust);
|
||||
int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm);
|
||||
X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx);
|
||||
int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
|
||||
|
||||
void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
|
||||
#define X509_STORE_set_verify_func(ctx, func) \
|
||||
|
@ -464,6 +465,10 @@ int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
|
|||
int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
|
||||
STACK_OF(ASN1_OBJECT) *policies);
|
||||
|
||||
int X509_VERIFY_PARAM_set_inh_flags(X509_VERIFY_PARAM *param,
|
||||
uint32_t flags);
|
||||
uint32_t X509_VERIFY_PARAM_get_inh_flags(const X509_VERIFY_PARAM *param);
|
||||
|
||||
int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
|
||||
const char *name, size_t namelen);
|
||||
int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
|
||||
|
|
|
@ -4218,5 +4218,7 @@ BIO_meth_get_write_ex 4168 1_1_1 EXIST::FUNCTION:
|
|||
BIO_meth_set_write_ex 4169 1_1_1 EXIST::FUNCTION:
|
||||
DSO_pathbyaddr 4170 1_1_0c EXIST::FUNCTION:
|
||||
DSO_dsobyaddr 4171 1_1_0c EXIST::FUNCTION:
|
||||
CT_POLICY_EVAL_CTX_get_time 4172 1_1_1 EXIST::FUNCTION:CT
|
||||
CT_POLICY_EVAL_CTX_set_time 4173 1_1_1 EXIST::FUNCTION:CT
|
||||
CT_POLICY_EVAL_CTX_get_time 4172 1_1_0d EXIST::FUNCTION:CT
|
||||
CT_POLICY_EVAL_CTX_set_time 4173 1_1_0d EXIST::FUNCTION:CT
|
||||
X509_VERIFY_PARAM_set_inh_flags 4174 1_1_0d EXIST::FUNCTION:
|
||||
X509_VERIFY_PARAM_get_inh_flags 4175 1_1_0d EXIST::FUNCTION:
|
||||
|
|
Loading…
Reference in a new issue