The branch master has been updated
via 5a6694e30340d36fcf0b1dd349a7373010fb2524 (commit)
via 51227177b13b53ff5d6c77fd701f5172b6c1b358 (commit)
from 2036fd50466b0586326bbc260a4f77020467531a (commit)
- Log -----------------------------------------------------------------
commit 5a6694e30340d36fcf0b1dd349a7373010fb2524
Author: Viktor Dukhovni <[email protected]>
Date: Mon Apr 25 15:13:27 2016 -0400
make update
And recycle some disused slots.
Reviewed-by: Rich Salz <[email protected]>
commit 51227177b13b53ff5d6c77fd701f5172b6c1b358
Author: Viktor Dukhovni <[email protected]>
Date: Mon Apr 25 15:02:02 2016 -0400
Added missing X509_STORE_CTX_set_error_depth() accessor
Reviewed-by: Rich Salz <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
crypto/x509/x509_vfy.c | 5 +++++
doc/crypto/X509_STORE_CTX_get_error.pod | 19 ++++++++++++-------
include/openssl/x509_vfy.h | 1 +
util/libcrypto.num | 9 ++++-----
4 files changed, 22 insertions(+), 12 deletions(-)
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index efa6bca..b895ffe 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -1989,6 +1989,11 @@ int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx)
return ctx->error_depth;
}
+void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth)
+{
+ ctx->error_depth = depth;
+}
+
X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx)
{
return ctx->current_cert;
diff --git a/doc/crypto/X509_STORE_CTX_get_error.pod
b/doc/crypto/X509_STORE_CTX_get_error.pod
index 1cc6bb5..8c3975c 100644
--- a/doc/crypto/X509_STORE_CTX_get_error.pod
+++ b/doc/crypto/X509_STORE_CTX_get_error.pod
@@ -3,8 +3,8 @@
=head1 NAME
X509_STORE_CTX_get_error, X509_STORE_CTX_set_error,
-X509_STORE_CTX_get_error_depth, X509_STORE_CTX_get_current_cert,
-X509_STORE_CTX_get0_cert,
+X509_STORE_CTX_get_error_depth, X509_STORE_CTX_set_error_depth,
+X509_STORE_CTX_get_current_cert, X509_STORE_CTX_get0_cert,
X509_STORE_CTX_get1_chain, X509_verify_cert_error_string - get or set
certificate verification status information
=head1 SYNOPSIS
@@ -12,11 +12,12 @@ X509_STORE_CTX_get1_chain, X509_verify_cert_error_string -
get or set certificat
#include <openssl/x509.h>
#include <openssl/x509_vfy.h>
- int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
- void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s);
- int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
- X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
- X509 * X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx);
+ int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
+ void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s);
+ int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
+ void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth);
+ X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
+ X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx);
STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);
@@ -39,6 +40,10 @@ non-negative integer representing where in the certificate
chain the error
occurred. If it is zero it occurred in the end entity certificate, one if
it is the certificate which signed the end entity certificate and so on.
+X509_STORE_CTX_set_error_depth() sets the error B<depth>.
+This can be used in combination with X509_STORE_CTX_set_error() to set the
+depth at which an error condition was detected.
+
X509_STORE_CTX_get0_cert() returns the leaf certificate being verified.
X509_STORE_CTX_get_current_cert() returns the certificate in B<ctx> which
diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h
index 99d5e21..f357d1a 100644
--- a/include/openssl/x509_vfy.h
+++ b/include/openssl/x509_vfy.h
@@ -366,6 +366,7 @@ void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int
idx);
int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s);
int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth);
X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx);
X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx);
diff --git a/util/libcrypto.num b/util/libcrypto.num
index efa5063..b9a9a84 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4198,12 +4198,11 @@ X509_STORE_get_X509_by_subject 4071 1_1_0
EXIST::FUNCTION:
X509_OBJECT_free 4072 1_1_0 EXIST::FUNCTION:
X509_OBJECT_get0_X509 4073 1_1_0 EXIST::FUNCTION:
X509_STORE_CTX_get0_untrusted 4074 1_1_0 EXIST::FUNCTION:
-X509_STORE_CTX_set0_chain 4075 1_1_0 NOEXIST::FUNCTION:
+X509_STORE_CTX_set_error_depth 4075 1_1_0 EXIST::FUNCTION:
X509_STORE_CTX_get0_cert 4076 1_1_0 EXIST::FUNCTION:
X509_STORE_CTX_set_verify 4077 1_1_0 EXIST::FUNCTION:
X509_STORE_CTX_get_verify 4079 1_1_0 EXIST::FUNCTION:
X509_STORE_CTX_get_verify_cb 4080 1_1_0 EXIST::FUNCTION:
-X509_STORE_CTX_get_cert 4081 1_1_0 NOEXIST::FUNCTION:
-X509_STORE_CTX_set0_verified_chain 4082 1_1_0 EXIST::FUNCTION:
-X509_STORE_CTX_set0_untrusted 4083 1_1_0 EXIST::FUNCTION:
-OPENSSL_hexchar2int 4084 1_1_0 EXIST::FUNCTION:
+X509_STORE_CTX_set0_verified_chain 4081 1_1_0 EXIST::FUNCTION:
+X509_STORE_CTX_set0_untrusted 4082 1_1_0 EXIST::FUNCTION:
+OPENSSL_hexchar2int 4083 1_1_0 EXIST::FUNCTION:
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
