New peername element in X509_VERIFY_PARAM_ID
Declaration, memory management, accessor and documentation. (cherry picked from commit 6e661d458f5aa8f52bf3d9098bd10025de5f08ea)
This commit is contained in:
parent
41e3ebd5ab
commit
1eb57ae2b7
@ -62,6 +62,7 @@ struct X509_VERIFY_PARAM_ID_st
|
||||
{
|
||||
STACK_OF(OPENSSL_STRING) *hosts; /* Set of acceptable names */
|
||||
unsigned int hostflags; /* Flags to control matching features */
|
||||
char *peername; /* Matching hostname in peer certificate */
|
||||
unsigned char *email; /* If not NULL email address to match */
|
||||
size_t emaillen;
|
||||
unsigned char *ip; /* If not NULL IP address to match */
|
||||
|
@ -564,6 +564,7 @@ int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
|
||||
const unsigned char *name, size_t namelen);
|
||||
void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
|
||||
unsigned int flags);
|
||||
char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *);
|
||||
int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
|
||||
const unsigned char *email, size_t emaillen);
|
||||
int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
|
||||
|
@ -149,6 +149,8 @@ static void x509_verify_param_zero(X509_VERIFY_PARAM *param)
|
||||
string_stack_free(paramid->hosts);
|
||||
paramid->hosts = NULL;
|
||||
}
|
||||
if (paramid->peername)
|
||||
OPENSSL_free(paramid->peername);
|
||||
if (paramid->email)
|
||||
{
|
||||
OPENSSL_free(paramid->email);
|
||||
@ -482,6 +484,11 @@ void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
|
||||
param->id->hostflags = flags;
|
||||
}
|
||||
|
||||
char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param)
|
||||
{
|
||||
return param->id->peername;
|
||||
}
|
||||
|
||||
int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
|
||||
const unsigned char *email, size_t emaillen)
|
||||
{
|
||||
@ -517,7 +524,7 @@ const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param)
|
||||
return param->name;
|
||||
}
|
||||
|
||||
static X509_VERIFY_PARAM_ID _empty_id = {NULL, 0U, NULL, 0, NULL, 0};
|
||||
static X509_VERIFY_PARAM_ID _empty_id = {NULL, 0U, NULL, NULL, 0, NULL, 0};
|
||||
|
||||
#define vpm_empty_id (X509_VERIFY_PARAM_ID *)&_empty_id
|
||||
|
||||
|
@ -2,7 +2,7 @@
|
||||
|
||||
=head1 NAME
|
||||
|
||||
X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_get_flags, X509_VERIFY_PARAM_set_purpose, X509_VERIFY_PARAM_set_trust, X509_VERIFY_PARAM_set_depth, X509_VERIFY_PARAM_get_depth, X509_VERIFY_PARAM_set_time, X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies, X509_VERIFY_PARAM_set1_host, X509_VERIFY_PARAM_add1_host, X509_VERIFY_PARAM_set_hostflags, X509_VERIFY_PARAM_set1_email, X509_VERIFY_PARAM_set1_ip, X509_VERIFY_PARAM_set1_ip_asc - X509 verification parameters
|
||||
X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_get_flags, X509_VERIFY_PARAM_set_purpose, X509_VERIFY_PARAM_set_trust, X509_VERIFY_PARAM_set_depth, X509_VERIFY_PARAM_get_depth, X509_VERIFY_PARAM_set_time, X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies, X509_VERIFY_PARAM_set1_host, X509_VERIFY_PARAM_add1_host, X509_VERIFY_PARAM_set_hostflags, X509_VERIFY_PARAM_get0_peername, X509_VERIFY_PARAM_set1_email, X509_VERIFY_PARAM_set1_ip, X509_VERIFY_PARAM_set1_ip_asc - X509 verification parameters
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
@ -32,6 +32,7 @@ X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_ge
|
||||
const unsigned char *name, size_t namelen);
|
||||
void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
|
||||
unsigned int flags);
|
||||
char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param);
|
||||
int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
|
||||
const unsigned char *email, size_t emaillen);
|
||||
int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
|
||||
@ -95,6 +96,16 @@ are retained, no change is made if B<name> is NULL or empty. When
|
||||
multiple names are configured, the peer is considered verified when
|
||||
any name matches.
|
||||
|
||||
X509_VERIFY_PARAM_get0_peername() returns the DNS hostname or subject
|
||||
CommonName from the peer certificate that matched one of the reference
|
||||
identifiers. When wildcard matching is not disabled, or when a
|
||||
reference identifier specifies a parent domain (starts with ".")
|
||||
rather than a hostname, the peer name may be a wildcard name or a
|
||||
sub-domain of the reference identifier respectively. The return
|
||||
string is allocated by the library and is no longer valid once the
|
||||
associated B<param> argument is freed. Applications must not free
|
||||
the return value.
|
||||
|
||||
X509_VERIFY_PARAM_set1_email() sets the expected RFC822 email address to
|
||||
B<email>. If B<email> is NUL-terminated, B<emaillen> may be zero, otherwise
|
||||
B<emaillen> must be set to the length of B<email>. When an email address
|
||||
|
Loading…
x
Reference in New Issue
Block a user