Add trust setting support to the verify code. It now checks the

trust settings of the root CA. After a few fixes it seems to work OK. Still need to add support to SSL and S/MIME code though.
1999-11-27 19:43:10 +00:00
parent 74ecf9e2bb
commit 51630a3706
10 changed files with 90 additions and 18 deletions
--- a/crypto/x509v3/v3_lib.c
+++ b/crypto/x509v3/v3_lib.c
@@ -128,10 +128,13 @@ int X509V3_EXT_add_alias(int nid_to, int nid_from)
 	return 1;
 }

+static int added_exts = 0;
+
 void X509V3_EXT_cleanup(void)
 {
 	sk_pop_free(ext_list, ext_list_free);
 	ext_list = NULL;
+	added_exts = 0;
 }

 static void ext_list_free(X509V3_EXT_METHOD *ext)
@@ -147,6 +150,7 @@ extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_cpols, v3_crld;

 int X509V3_add_standard_extensions(void)
 {
+	if(added_exts) return 1;
 	X509V3_EXT_add_list(v3_ns_ia5_list);
 	X509V3_EXT_add_list(v3_alt);
 	X509V3_EXT_add(&v3_bcons);
@@ -162,6 +166,7 @@ int X509V3_add_standard_extensions(void)
 	X509V3_EXT_add(&v3_crl_reason);
 	X509V3_EXT_add(&v3_cpols);
 	X509V3_EXT_add(&v3_crld);
+	added_exts = 1;
 	return 1;
 }

--- a/crypto/x509v3/v3_purp.c
+++ b/crypto/x509v3/v3_purp.c
@@ -222,7 +222,7 @@ static void x509v3_cache_extensions(X509 *x)
 	if(x->ex_flags & EXFLAG_SET) return;
 	X509_digest(x, EVP_sha1(), x->sha1_hash, NULL);
 	/* Does subject name match issuer ? */
-	if(X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x)))
+	if(!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x)))
 			 x->ex_flags |= EXFLAG_SS;
 	/* V1 should mean no extensions ... */
 	if(!X509_get_version(x)) x->ex_flags |= EXFLAG_V1;