Add SSL_CTX_set1_cert_store()
For convenience, combine getting a new ref for the new SSL_CTX with assigning the store and freeing the old one. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1755)
This commit is contained in:
parent
ba7407002d
commit
b50052dbe8
5 changed files with 28 additions and 1 deletions
|
@ -2,13 +2,14 @@
|
||||||
|
|
||||||
=head1 NAME
|
=head1 NAME
|
||||||
|
|
||||||
SSL_CTX_set_cert_store, SSL_CTX_get_cert_store - manipulate X509 certificate verification storage
|
SSL_CTX_set_cert_store, SSL_CTX_set1_cert_store, SSL_CTX_get_cert_store - manipulate X509 certificate verification storage
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
=head1 SYNOPSIS
|
||||||
|
|
||||||
#include <openssl/ssl.h>
|
#include <openssl/ssl.h>
|
||||||
|
|
||||||
void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store);
|
void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store);
|
||||||
|
void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store);
|
||||||
X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx);
|
X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx);
|
||||||
|
|
||||||
=head1 DESCRIPTION
|
=head1 DESCRIPTION
|
||||||
|
@ -17,6 +18,10 @@ SSL_CTX_set_cert_store() sets/replaces the certificate verification storage
|
||||||
of B<ctx> to/with B<store>. If another X509_STORE object is currently
|
of B<ctx> to/with B<store>. If another X509_STORE object is currently
|
||||||
set in B<ctx>, it will be X509_STORE_free()ed.
|
set in B<ctx>, it will be X509_STORE_free()ed.
|
||||||
|
|
||||||
|
SSL_CTX_set1_cert_store() sets/replaces the certificate verification storage
|
||||||
|
of B<ctx> to/with B<store>. The B<store>'s reference count is incremented.
|
||||||
|
If another X509_STORE object is currently set in B<ctx>, it will be X509_STORE_free()ed.
|
||||||
|
|
||||||
SSL_CTX_get_cert_store() returns a pointer to the current certificate
|
SSL_CTX_get_cert_store() returns a pointer to the current certificate
|
||||||
verification storage.
|
verification storage.
|
||||||
|
|
||||||
|
@ -42,6 +47,15 @@ L<SSL_CTX_set_verify(3)> family of functions.
|
||||||
This document must therefore be updated when documentation about the
|
This document must therefore be updated when documentation about the
|
||||||
X509_STORE object and its handling becomes available.
|
X509_STORE object and its handling becomes available.
|
||||||
|
|
||||||
|
SSL_CTX_set_cert_store() does not increment the B<store>'s reference
|
||||||
|
count, so it should not be used to assign an X509_STORE that is owned
|
||||||
|
by another SSL_CTX.
|
||||||
|
|
||||||
|
To share X509_STOREs between two SSL_CTXs, use SSL_CTX_get_cert_store()
|
||||||
|
to get the X509_STORE from the first SSL_CTX, and then use
|
||||||
|
SSL_CTX_set1_cert_store() to assign to the second SSL_CTX and
|
||||||
|
increment the reference count of the X509_STORE.
|
||||||
|
|
||||||
=head1 RESTRICTIONS
|
=head1 RESTRICTIONS
|
||||||
|
|
||||||
The X509_STORE structure used by an SSL_CTX is used for verifying peer
|
The X509_STORE structure used by an SSL_CTX is used for verifying peer
|
||||||
|
@ -53,6 +67,8 @@ functions such as SSL_CTX_set1_verify_cert_store() instead.
|
||||||
|
|
||||||
SSL_CTX_set_cert_store() does not return diagnostic output.
|
SSL_CTX_set_cert_store() does not return diagnostic output.
|
||||||
|
|
||||||
|
SSL_CTX_set1_cert_store() does not return diagnostic output.
|
||||||
|
|
||||||
SSL_CTX_get_cert_store() returns the current setting.
|
SSL_CTX_get_cert_store() returns the current setting.
|
||||||
|
|
||||||
=head1 SEE ALSO
|
=head1 SEE ALSO
|
||||||
|
|
|
@ -320,6 +320,8 @@ protocol context defined in the B<SSL_CTX> structure.
|
||||||
|
|
||||||
=item void B<SSL_CTX_set_cert_store>(SSL_CTX *ctx, X509_STORE *cs);
|
=item void B<SSL_CTX_set_cert_store>(SSL_CTX *ctx, X509_STORE *cs);
|
||||||
|
|
||||||
|
=item void B<SSL_CTX_set1_cert_store>(SSL_CTX *ctx, X509_STORE *cs);
|
||||||
|
|
||||||
=item void B<SSL_CTX_set_cert_verify_cb>(SSL_CTX *ctx, int (*cb)(), char *arg)
|
=item void B<SSL_CTX_set_cert_verify_cb>(SSL_CTX *ctx, int (*cb)(), char *arg)
|
||||||
|
|
||||||
=item int B<SSL_CTX_set_cipher_list>(SSL_CTX *ctx, char *str);
|
=item int B<SSL_CTX_set_cipher_list>(SSL_CTX *ctx, char *str);
|
||||||
|
|
|
@ -1308,6 +1308,7 @@ __owur long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
|
||||||
__owur long SSL_CTX_get_timeout(const SSL_CTX *ctx);
|
__owur long SSL_CTX_get_timeout(const SSL_CTX *ctx);
|
||||||
__owur X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
|
__owur X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
|
||||||
void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *);
|
void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *);
|
||||||
|
void SSL_CTX_set1_cert_store(SSL_CTX *, X509_STORE *);
|
||||||
__owur int SSL_want(const SSL *s);
|
__owur int SSL_want(const SSL *s);
|
||||||
__owur int SSL_clear(SSL *s);
|
__owur int SSL_clear(SSL *s);
|
||||||
|
|
||||||
|
|
|
@ -3553,6 +3553,13 @@ void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store)
|
||||||
ctx->cert_store = store;
|
ctx->cert_store = store;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store)
|
||||||
|
{
|
||||||
|
if (store != NULL)
|
||||||
|
X509_STORE_up_ref(store);
|
||||||
|
SSL_CTX_set_cert_store(ctx, store);
|
||||||
|
}
|
||||||
|
|
||||||
int SSL_want(const SSL *s)
|
int SSL_want(const SSL *s)
|
||||||
{
|
{
|
||||||
return (s->rwstate);
|
return (s->rwstate);
|
||||||
|
|
|
@ -403,3 +403,4 @@ SSL_dane_clear_flags 403 1_1_0 EXIST::FUNCTION:
|
||||||
SSL_SESSION_get0_cipher 404 1_1_0 EXIST::FUNCTION:
|
SSL_SESSION_get0_cipher 404 1_1_0 EXIST::FUNCTION:
|
||||||
SSL_SESSION_get0_id_context 405 1_1_0 EXIST::FUNCTION:
|
SSL_SESSION_get0_id_context 405 1_1_0 EXIST::FUNCTION:
|
||||||
SSL_SESSION_set1_id 406 1_1_0 EXIST::FUNCTION:
|
SSL_SESSION_set1_id 406 1_1_0 EXIST::FUNCTION:
|
||||||
|
SSL_CTX_set1_cert_store 407 1_1_1 EXIST::FUNCTION:
|
||||||
|
|
Loading…
Reference in a new issue