generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

New peername element in X509_VERIFY_PARAM_ID

Browse Source 
Declaration, memory management, accessor and documentation.

(cherry picked from commit 6e661d458f5aa8f52bf3d9098bd10025de5f08ea)
This commit is contained in:
Viktor Dukhovni 2014-07-06 01:44:30 +10:00
parent 41e3ebd5ab
commit 1eb57ae2b7
4 changed files with 22 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
crypto/x509/vpm_int.h
View File

@ -62,6 +62,7 @@ struct X509_VERIFY_PARAM_ID_st
{ {
STACK_OF(OPENSSL_STRING) *hosts; /* Set of acceptable names */ STACK_OF(OPENSSL_STRING) *hosts; /* Set of acceptable names */
unsigned int hostflags; /* Flags to control matching features */ unsigned int hostflags; /* Flags to control matching features */
char *peername; /* Matching hostname in peer certificate */
unsigned char *email; /* If not NULL email address to match */ unsigned char *email; /* If not NULL email address to match */
size_t emaillen; size_t emaillen;
unsigned char *ip; /* If not NULL IP address to match */ unsigned char *ip; /* If not NULL IP address to match */

1
crypto/x509/x509_vfy.h
View File

@ -564,6 +564,7 @@ int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
const unsigned char *name, size_t namelen); const unsigned char *name, size_t namelen);
void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
unsigned int flags); unsigned int flags);
char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *);
int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
const unsigned char *email, size_t emaillen); const unsigned char *email, size_t emaillen);
int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,

9
crypto/x509/x509_vpm.c
View File

@ -149,6 +149,8 @@ static void x509_verify_param_zero(X509_VERIFY_PARAM *param)
string_stack_free(paramid->hosts); string_stack_free(paramid->hosts);
paramid->hosts = NULL; paramid->hosts = NULL;
} }
if (paramid->peername)
OPENSSL_free(paramid->peername);
if (paramid->email) if (paramid->email)
{ {
OPENSSL_free(paramid->email); OPENSSL_free(paramid->email);
@ -482,6 +484,11 @@ void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
param->id->hostflags = flags; param->id->hostflags = flags;
} }
char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param)
{
return param->id->peername;
}
int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
const unsigned char *email, size_t emaillen) const unsigned char *email, size_t emaillen)
{ {
@ -517,7 +524,7 @@ const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param)
return param->name; return param->name;
} }
static X509_VERIFY_PARAM_ID _empty_id = {NULL, 0U, NULL, 0, NULL, 0}; static X509_VERIFY_PARAM_ID _empty_id = {NULL, 0U, NULL, NULL, 0, NULL, 0};
#define vpm_empty_id (X509_VERIFY_PARAM_ID *)&_empty_id #define vpm_empty_id (X509_VERIFY_PARAM_ID *)&_empty_id

13
doc/crypto/X509_VERIFY_PARAM_set_flags.pod
View File

@ -2,7 +2,7 @@
=head1 NAME =head1 NAME
X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_get_flags, X509_VERIFY_PARAM_set_purpose, X509_VERIFY_PARAM_set_trust, X509_VERIFY_PARAM_set_depth, X509_VERIFY_PARAM_get_depth, X509_VERIFY_PARAM_set_time, X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies, X509_VERIFY_PARAM_set1_host, X509_VERIFY_PARAM_add1_host, X509_VERIFY_PARAM_set_hostflags, X509_VERIFY_PARAM_set1_email, X509_VERIFY_PARAM_set1_ip, X509_VERIFY_PARAM_set1_ip_asc - X509 verification parameters X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_get_flags, X509_VERIFY_PARAM_set_purpose, X509_VERIFY_PARAM_set_trust, X509_VERIFY_PARAM_set_depth, X509_VERIFY_PARAM_get_depth, X509_VERIFY_PARAM_set_time, X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies, X509_VERIFY_PARAM_set1_host, X509_VERIFY_PARAM_add1_host, X509_VERIFY_PARAM_set_hostflags, X509_VERIFY_PARAM_get0_peername, X509_VERIFY_PARAM_set1_email, X509_VERIFY_PARAM_set1_ip, X509_VERIFY_PARAM_set1_ip_asc - X509 verification parameters
=head1 SYNOPSIS =head1 SYNOPSIS
@ -32,6 +32,7 @@ X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_ge
const unsigned char *name, size_t namelen); const unsigned char *name, size_t namelen);
void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
unsigned int flags); unsigned int flags);
char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param);
int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
const unsigned char *email, size_t emaillen); const unsigned char *email, size_t emaillen);
int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
@ -95,6 +96,16 @@ are retained, no change is made if B<name> is NULL or empty. When
multiple names are configured, the peer is considered verified when multiple names are configured, the peer is considered verified when
any name matches. any name matches.
X509_VERIFY_PARAM_get0_peername() returns the DNS hostname or subject
CommonName from the peer certificate that matched one of the reference
identifiers. When wildcard matching is not disabled, or when a
reference identifier specifies a parent domain (starts with ".")
rather than a hostname, the peer name may be a wildcard name or a
sub-domain of the reference identifier respectively. The return
string is allocated by the library and is no longer valid once the
associated B<param> argument is freed. Applications must not free
the return value.
X509_VERIFY_PARAM_set1_email() sets the expected RFC822 email address to X509_VERIFY_PARAM_set1_email() sets the expected RFC822 email address to
B<email>. If B<email> is NUL-terminated, B<emaillen> may be zero, otherwise B<email>. If B<email> is NUL-terminated, B<emaillen> may be zero, otherwise
B<emaillen> must be set to the length of B<email>. When an email address B<emaillen> must be set to the length of B<email>. When an email address