generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Simplify the trust structure: basically zap the bit strings and

Browse Source 
represent everything by OIDs.
This commit is contained in:
Dr. Stephen Henson 1999-12-29 00:40:28 +00:00
parent 76997b7dd0
commit 6447cce372
8 changed files with 154 additions and 192 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
CHANGES
View File

@ -4,6 +4,19 @@
Changes between 0.9.4 and 0.9.5 [xx XXX 1999]
*) Simplify the trust setting structure and code. Now we just have
two sequences of OIDs for trusted and rejected settings. These will
typically have values the same as the extended key usage extension
and any application specific purposes.
The trust checking code now has a default behaviour: it will just
check for an object with the same NID as the passed id. Functions can
be provided to override either the default behaviour or the behaviour
for a given id. SSL client, server and email already have functions
in place for compatability: they check the NID and also return "trusted"
if the certificate is self signed.
[Steve Henson]
*) Add d2i,i2d bio/fp functions for PrivateKey: these convert the
traditional format into an EVP_PKEY structure.
[Steve Henson]

49
apps/x509.c
View File

@ -146,15 +146,16 @@ int MAIN(int argc, char **argv)
int ret=1;
X509_REQ *req=NULL;
X509 *x=NULL,*xca=NULL;
ASN1_OBJECT *objtmp;
EVP_PKEY *Upkey=NULL,*CApkey=NULL;
int i,num,badops=0;
BIO *out=NULL;
BIO *STDout=NULL;
STACK *trust = NULL, *reject = NULL;
STACK_OF(ASN1_OBJECT) *trust = NULL, *reject = NULL;
int informat,outformat,keyformat,CAformat,CAkeyformat;
char *infile=NULL,*outfile=NULL,*keyfile=NULL,*CAfile=NULL;
char *CAkeyfile=NULL,*CAserial=NULL;
char *alias=NULL, *trstr=NULL;
char *alias=NULL;
int text=0,serial=0,hash=0,subject=0,issuer=0,startdate=0,enddate=0;
int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0;
int trustout=0,clrtrust=0,clrreject=0,aliasout=0;
@ -297,27 +298,25 @@ int MAIN(int argc, char **argv)
else if (strcmp(*argv,"-addtrust") == 0)
{
if (--argc < 1) goto bad;
trstr= *(++argv);
if(!X509_trust_set_bit_asc(NULL, trstr, 0)) {
if(!(objtmp = OBJ_txt2obj(*(++argv), 0))) {
BIO_printf(bio_err,
"Unknown trust value %s\n", trstr);
"Invalid trust object value %s\n", *argv);
goto bad;
}
if(!trust) trust = sk_new_null();
sk_push(trust, trstr);
if(!trust) trust = sk_ASN1_OBJECT_new_null();
sk_ASN1_OBJECT_push(trust, objtmp);
trustout = 1;
}
else if (strcmp(*argv,"-addreject") == 0)
{
if (--argc < 1) goto bad;
trstr= *(++argv);
if(!X509_reject_set_bit_asc(NULL, trstr, 0)) {
if(!(objtmp = OBJ_txt2obj(*(++argv), 0))) {
BIO_printf(bio_err,
"Unknown trust value %s\n", trstr);
"Invalid reject object value %s\n", *argv);
goto bad;
}
if(!reject) reject = sk_new_null();
sk_push(reject, trstr);
if(!reject) reject = sk_ASN1_OBJECT_new_null();
sk_ASN1_OBJECT_push(reject, objtmp);
trustout = 1;
}
else if (strcmp(*argv,"-setalias") == 0)
@ -521,15 +520,9 @@ bad:
X509_gmtime_adj(X509_get_notBefore(x),0);
X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days);
#if 0
X509_PUBKEY_free(ci->key);
ci->key=req->req_info->pubkey;
req->req_info->pubkey=NULL;
#else
pkey = X509_REQ_get_pubkey(req);
X509_set_pubkey(x,pkey);
EVP_PKEY_free(pkey);
#endif
}
else
x=load_cert(infile,informat);
@ -566,23 +559,21 @@ bad:
if(alias) X509_alias_set(x, (unsigned char *)alias, -1);
if(clrtrust) X509_trust_set_bit(x, -1, 0);
if(clrreject) X509_reject_set_bit(x, -1, 0);
if(clrtrust) X509_trust_clear(x);
if(clrreject) X509_reject_clear(x);
if(trust) {
for(i = 0; i < sk_num(trust); i++) {
trstr = sk_value(trust, i);
X509_trust_set_bit_asc(x, trstr, 1);
for(i = 0; i < sk_ASN1_OBJECT_num(trust); i++) {
objtmp = sk_ASN1_OBJECT_value(trust, i);
X509_radd_trust_object(x, objtmp);
}
sk_free(trust);
}
if(reject) {
for(i = 0; i < sk_num(reject); i++) {
trstr = sk_value(reject, i);
X509_reject_set_bit_asc(x, trstr, 1);
for(i = 0; i < sk_ASN1_OBJECT_num(reject); i++) {
objtmp = sk_ASN1_OBJECT_value(reject, i);
X509_radd_reject_object(x, objtmp);
}
sk_free(reject);
}
if (num)
@ -887,6 +878,8 @@ end:
EVP_PKEY_free(Upkey);
EVP_PKEY_free(CApkey);
X509_REQ_free(rq);
sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
EXIT(ret);
}

80
crypto/asn1/t_x509a.c
View File

@ -65,73 +65,37 @@
/* X509_CERT_AUX and string set routines
*/
static BIT_STRING_BITNAME tbits[] = {
{X509_TRUST_BIT_ALL, "All Purposes", "all"},
{X509_TRUST_BIT_SSL_CLIENT, "SSL client", "sslclient"},
{X509_TRUST_BIT_SSL_SERVER, "SSL server", "sslserver"},
{X509_TRUST_BIT_EMAIL, "S/MIME email", "email"},
{X509_TRUST_BIT_OBJECT_SIGN, "Object Signing", "objsign"},
{-1, NULL, NULL}
};
int X509_trust_set_bit_asc(X509 *x, char *str, int value)
{
int bitnum;
bitnum = ASN1_BIT_STRING_num_asc(str, tbits);
if(bitnum < 0) return 0;
if(x) return X509_trust_set_bit(x, bitnum, value);
return 1;
}
int X509_reject_set_bit_asc(X509 *x, char *str, int value)
{
int bitnum;
bitnum = ASN1_BIT_STRING_num_asc(str, tbits);
if(bitnum < 0) return 0;
if(x) return X509_reject_set_bit(x, bitnum, value);
return 1;
}
int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent)
{
char oidstr[80], first;
int i;
if(!aux) return 1;
if(aux->trust) {
BIO_printf(out, "%*sTrusted Uses:\n", indent, "");
ASN1_BIT_STRING_name_print(out, aux->trust, tbits, indent + 2);
first = 1;
BIO_printf(out, "%*sTrusted Uses:\n%*s",
indent, "", indent + 2, "");
for(i = 0; i < sk_ASN1_OBJECT_num(aux->trust); i++) {
if(!first) BIO_puts(out, ", ");
else first = 0;
OBJ_obj2txt(oidstr, 80,
sk_ASN1_OBJECT_value(aux->trust, i), 0);
BIO_puts(out, oidstr);
}
BIO_puts(out, "\n");
} else BIO_printf(out, "%*sNo Trusted Uses.\n", indent, "");
if(aux->reject) {
BIO_printf(out, "%*sRejected Uses:\n", indent, "");
ASN1_BIT_STRING_name_print(out, aux->reject, tbits, indent + 2);
first = 1;
BIO_printf(out, "%*sRejected Uses:\n%*s",
indent, "", indent + 2, "");
for(i = 0; i < sk_ASN1_OBJECT_num(aux->reject); i++) {
if(!first) BIO_puts(out, ", ");
else first = 0;
OBJ_obj2txt(oidstr, 80,
sk_ASN1_OBJECT_value(aux->reject, i), 0);
BIO_puts(out, oidstr);
}
BIO_puts(out, "\n");
} else BIO_printf(out, "%*sNo Rejected Uses.\n", indent, "");
if(aux->othertrust) {
first = 1;
BIO_printf(out, "%*sOther Trusted Uses:\n%*s",
indent, "", indent + 2, "");
for(i = 0; i < sk_ASN1_OBJECT_num(aux->othertrust); i++) {
if(!first) BIO_puts(out, ", ");
else first = 0;
OBJ_obj2txt(oidstr, 80,
sk_ASN1_OBJECT_value(aux->othertrust, i), 0);
BIO_puts(out, oidstr);
}
BIO_puts(out, "\n");
}
if(aux->otherreject) {
first = 1;
BIO_printf(out, "%*sOther Rejected Uses:\n%*s",
indent, "", indent + 2, "");
for(i = 0; i < sk_ASN1_OBJECT_num(aux->otherreject); i++) {
if(!first) BIO_puts(out, ", ");
else first = 0;
OBJ_obj2txt(oidstr, 80,
sk_ASN1_OBJECT_value(aux->otherreject, i), 0);
BIO_puts(out, oidstr);
}
BIO_puts(out, "\n");
}
if(aux->alias) BIO_printf(out, "%*sAlias: %s\n", indent, "",
aux->alias->data);
return 1;

98
crypto/asn1/x_x509a.c
View File

@ -78,16 +78,12 @@ X509_CERT_AUX *d2i_X509_CERT_AUX(X509_CERT_AUX **a, unsigned char **pp, long len
M_ASN1_D2I_Init();
M_ASN1_D2I_start_sequence();
M_ASN1_D2I_get_opt(ret->trust, d2i_ASN1_BIT_STRING,
V_ASN1_BIT_STRING);
M_ASN1_D2I_get_IMP_opt(ret->reject, d2i_ASN1_BIT_STRING,0,
V_ASN1_BIT_STRING);
M_ASN1_D2I_get_seq_opt_type(ASN1_OBJECT, ret->othertrust,
M_ASN1_D2I_get_seq_opt_type(ASN1_OBJECT, ret->trust,
d2i_ASN1_OBJECT, ASN1_OBJECT_free);
M_ASN1_D2I_get_IMP_set_opt_type(ASN1_OBJECT, ret->otherreject,
d2i_ASN1_OBJECT, ASN1_OBJECT_free, 1);
M_ASN1_D2I_get_IMP_set_opt_type(ASN1_OBJECT, ret->reject,
d2i_ASN1_OBJECT, ASN1_OBJECT_free, 0);
M_ASN1_D2I_get_opt(ret->alias, d2i_ASN1_UTF8STRING, V_ASN1_UTF8STRING);
M_ASN1_D2I_get_opt(ret->keyid, d2i_ASN1_OCTET_STRING, V_ASN1_OCTET_STRING);
M_ASN1_D2I_get_opt(ret->other, d2i_ASN1_TYPE, V_ASN1_SEQUENCE);
M_ASN1_D2I_Finish(a, X509_CERT_AUX_free, ASN1_F_D2I_X509_CERT_AUX);
@ -100,9 +96,8 @@ X509_CERT_AUX *X509_CERT_AUX_new()
M_ASN1_New_Malloc(ret, X509_CERT_AUX);
ret->trust = NULL;
ret->reject = NULL;
ret->othertrust = NULL;
ret->otherreject = NULL;
ret->alias = NULL;
ret->keyid = NULL;
ret->other = NULL;
return(ret);
M_ASN1_New_Error(ASN1_F_X509_CERT_AUX_NEW);
@ -111,11 +106,10 @@ X509_CERT_AUX *X509_CERT_AUX_new()
void X509_CERT_AUX_free(X509_CERT_AUX *a)
{
if(a == NULL) return;
ASN1_BIT_STRING_free(a->trust);
ASN1_BIT_STRING_free(a->reject);
sk_ASN1_OBJECT_pop_free(a->othertrust, ASN1_OBJECT_free);
sk_ASN1_OBJECT_pop_free(a->otherreject, ASN1_OBJECT_free);
sk_ASN1_OBJECT_pop_free(a->trust, ASN1_OBJECT_free);
sk_ASN1_OBJECT_pop_free(a->reject, ASN1_OBJECT_free);
ASN1_UTF8STRING_free(a->alias);
ASN1_OCTET_STRING_free(a->keyid);
ASN1_TYPE_free(a->other);
Free((char *)a);
}
@ -124,24 +118,20 @@ int i2d_X509_CERT_AUX(X509_CERT_AUX *a, unsigned char **pp)
{
M_ASN1_I2D_vars(a);
M_ASN1_I2D_len(a->trust, i2d_ASN1_BIT_STRING);
M_ASN1_I2D_len_IMP_opt(a->reject, i2d_ASN1_BIT_STRING);
M_ASN1_I2D_len_SEQUENCE_opt_type(ASN1_OBJECT, a->othertrust, i2d_ASN1_OBJECT);
M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(ASN1_OBJECT, a->otherreject, i2d_ASN1_OBJECT, 1);
M_ASN1_I2D_len_SEQUENCE_opt_type(ASN1_OBJECT, a->trust, i2d_ASN1_OBJECT);
M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(ASN1_OBJECT, a->reject, i2d_ASN1_OBJECT, 0);
M_ASN1_I2D_len(a->alias, i2d_ASN1_UTF8STRING);
M_ASN1_I2D_len(a->keyid, i2d_ASN1_OCTET_STRING);
M_ASN1_I2D_len(a->other, i2d_ASN1_TYPE);
M_ASN1_I2D_seq_total();
M_ASN1_I2D_put(a->trust, i2d_ASN1_BIT_STRING);
M_ASN1_I2D_put_IMP_opt(a->reject, i2d_ASN1_BIT_STRING, 0);
M_ASN1_I2D_put_SEQUENCE_opt_type(ASN1_OBJECT, a->othertrust, i2d_ASN1_OBJECT);
M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(ASN1_OBJECT, a->otherreject, i2d_ASN1_OBJECT, 1);
M_ASN1_I2D_put_SEQUENCE_opt_type(ASN1_OBJECT, a->trust, i2d_ASN1_OBJECT);
M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(ASN1_OBJECT, a->reject, i2d_ASN1_OBJECT, 0);
M_ASN1_I2D_put(a->alias, i2d_ASN1_UTF8STRING);
M_ASN1_I2D_put(a->keyid, i2d_ASN1_OCTET_STRING);
M_ASN1_I2D_put(a->other, i2d_ASN1_TYPE);
M_ASN1_I2D_finish();
@ -169,51 +159,41 @@ unsigned char *X509_alias_get(X509 *x, int *len)
return x->aux->alias->data;
}
int X509_trust_set_bit(X509 *x, int bit, int value)
int X509_radd_trust_object(X509 *x, ASN1_OBJECT *obj)
{
X509_CERT_AUX *aux;
if(bit == -1) {
ASN1_OBJECT *objtmp;
if(!(objtmp = OBJ_dup(obj))) return 0;
if(!(aux = aux_get(x))) return 0;
if(!aux->trust
&& !(aux->trust = sk_ASN1_OBJECT_new_null())) return 0;
return sk_ASN1_OBJECT_push(aux->trust, objtmp);
}
int X509_radd_reject_object(X509 *x, ASN1_OBJECT *obj)
{
X509_CERT_AUX *aux;
ASN1_OBJECT *objtmp;
if(!(objtmp = OBJ_dup(obj))) return 0;
if(!(aux = aux_get(x))) return 0;
if(!aux->reject
&& !(aux->reject = sk_ASN1_OBJECT_new_null())) return 0;
return sk_ASN1_OBJECT_push(aux->reject, objtmp);
}
void X509_trust_clear(X509 *x)
{
if(x->aux && x->aux->trust) {
ASN1_BIT_STRING_free(x->aux->trust);
sk_ASN1_OBJECT_pop_free(x->aux->trust, ASN1_OBJECT_free);
x->aux->trust = NULL;
}
return 1;
}
if(!(aux = aux_get(x))) return 0;
if(!aux->trust && !(aux->trust = ASN1_BIT_STRING_new())) return 0;
return ASN1_BIT_STRING_set_bit(aux->trust, bit, value);
}
int X509_reject_set_bit(X509 *x, int bit, int value)
void X509_reject_clear(X509 *x)
{
X509_CERT_AUX *aux;
if(bit == -1) {
if(x->aux && x->aux->reject) {
ASN1_BIT_STRING_free(x->aux->reject);
sk_ASN1_OBJECT_pop_free(x->aux->reject, ASN1_OBJECT_free);
x->aux->reject = NULL;
}
return 1;
}
if(!(aux = aux_get(x))) return 0;
if(!aux->reject && !(aux->reject = ASN1_BIT_STRING_new())) return 0;
return ASN1_BIT_STRING_set_bit(aux->reject, bit, value);
}
int X509_add_trust_object(X509 *x, ASN1_OBJECT *obj)
{
X509_CERT_AUX *aux;
if(!(aux = aux_get(x))) return 0;
if(!aux->othertrust
&& !(aux->othertrust = sk_ASN1_OBJECT_new_null())) return 0;
return sk_ASN1_OBJECT_push(aux->othertrust, obj);
}
int X509_add_reject_object(X509 *x, ASN1_OBJECT *obj)
{
X509_CERT_AUX *aux;
if(!(aux = aux_get(x))) return 0;
if(!aux->otherreject
&& !(aux->otherreject = sk_ASN1_OBJECT_new_null())) return 0;
return sk_ASN1_OBJECT_push(aux->otherreject, obj);
}

28
crypto/x509/x509.h
View File

@ -236,22 +236,12 @@ typedef struct x509_cinf_st
* the end of the certificate itself
*/
/* Bit values for trust/reject */
#define X509_TRUST_BIT_ALL 0
#define X509_TRUST_BIT_SSL_CLIENT 1
#define X509_TRUST_BIT_SSL_SERVER 2
#define X509_TRUST_BIT_EMAIL 3
#define X509_TRUST_BIT_OBJECT_SIGN 4
typedef struct x509_cert_aux_st
{
ASN1_BIT_STRING *trust; /* trusted uses */
ASN1_BIT_STRING *reject; /* rejected uses */
STACK_OF(ASN1_OBJECT) *othertrust; /* extra uses */
STACK_OF(ASN1_OBJECT) *otherreject; /* extra rejected uses */
STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */
STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */
ASN1_UTF8STRING *alias; /* "friendly name" */
ASN1_OCTET_STRING *keyid; /* key id of private key */
ASN1_TYPE *other; /* other unspecified info */
} X509_CERT_AUX;
@ -830,13 +820,11 @@ X509_CERT_AUX * d2i_X509_CERT_AUX(X509_CERT_AUX **a,unsigned char **pp,
long length);
int X509_alias_set(X509 *x, unsigned char *name, int len);
unsigned char * X509_alias_get(X509 *x, int *len);
int X509_trust_set_bit(X509 *x, int bit, int value);
int X509_reject_set_bit(X509 *x, int bit, int value);
int X509_add_trust_object(X509 *x, ASN1_OBJECT *obj);
int X509_add_reject_object(X509 *x, ASN1_OBJECT *obj);
int X509_trust_set_bit_asc(X509 *x, char *str, int value);
int X509_reject_set_bit_asc(X509 *x, char *str, int value);
int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int);
int X509_radd_trust_object(X509 *x, ASN1_OBJECT *obj);
int X509_radd_reject_object(X509 *x, ASN1_OBJECT *obj);
void X509_trust_clear(X509 *x);
void X509_reject_clear(X509 *x);
X509_REVOKED * X509_REVOKED_new(void);
void X509_REVOKED_free(X509_REVOKED *a);

61
crypto/x509/x509_trs.c
View File

@ -64,9 +64,12 @@
static int tr_cmp(X509_TRUST **a, X509_TRUST **b);
static void trtable_free(X509_TRUST *p);
static int trust_1bit(X509_TRUST *trust, X509 *x, int flags);
static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags);
static int trust_any(X509_TRUST *trust, X509 *x, int flags);
static int obj_trust(int id, X509 *x, int flags);
static int (*default_trust)(int id, X509 *x, int flags) = obj_trust;
/* WARNING: the following table should be kept in order of trust
* and without any gaps so we can just subtract the minimum trust
* value to get an index into the table
@ -74,10 +77,9 @@ static int trust_any(X509_TRUST *trust, X509 *x, int flags);
static X509_TRUST trstandard[] = {
{X509_TRUST_ANY, 0, trust_any, "Any", 0, NULL},
{X509_TRUST_SSL_CLIENT, 0, trust_1bit, "SSL Client", X509_TRUST_BIT_SSL_CLIENT, NULL},
{X509_TRUST_SSL_SERVER, 0, trust_1bit, "SSL Client", X509_TRUST_BIT_SSL_SERVER, NULL},
{X509_TRUST_EMAIL, 0, trust_1bit, "S/MIME email", X509_TRUST_BIT_EMAIL, NULL},
{X509_TRUST_OBJECT_SIGN, 0, trust_1bit, "Object Signing", X509_TRUST_BIT_OBJECT_SIGN, NULL},
{X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL},
{X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Client", NID_server_auth, NULL},
{X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL},
};
#define X509_TRUST_COUNT (sizeof(trstandard)/sizeof(X509_TRUST))
@ -91,12 +93,22 @@ static int tr_cmp(X509_TRUST **a, X509_TRUST **b)
return (*a)->trust - (*b)->trust;
}
int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int)
{
int (*oldtrust)(int , X509 *, int);
oldtrust = default_trust;
default_trust = trust;
return oldtrust;
}
int X509_check_trust(X509 *x, int id, int flags)
{
X509_TRUST *pt;
int idx;
if(id == -1) return 1;
if(!(idx = X509_TRUST_get_by_id(id))) return 0;
if(!(idx = X509_TRUST_get_by_id(id)))
return default_trust(id, x, flags);
pt = X509_TRUST_iget(idx);
return pt->check_trust(pt, x, flags);
}
@ -212,20 +224,9 @@ int X509_TRUST_get_trust(X509_TRUST *xp)
return xp->trust;
}
static int trust_1bit(X509_TRUST *trust, X509 *x, int flags)
static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags)
{
X509_CERT_AUX *ax;
ax = x->aux;
if(ax) {
if(ax->reject
&& ( ASN1_BIT_STRING_get_bit(ax->reject, X509_TRUST_BIT_ALL)
|| ASN1_BIT_STRING_get_bit(ax->reject, trust->arg1)))
return X509_TRUST_REJECTED;
if(ax->trust && (ASN1_BIT_STRING_get_bit(ax->trust, X509_TRUST_BIT_ALL)
|| ASN1_BIT_STRING_get_bit(ax->trust, trust->arg1)))
return X509_TRUST_TRUSTED;
return X509_TRUST_UNTRUSTED;
}
if(x->aux) return obj_trust(trust->arg1, x, flags);
/* we don't have any trust settings: for compatability
* we return trusted if it is self signed
*/
@ -234,6 +235,28 @@ static int trust_1bit(X509_TRUST *trust, X509 *x, int flags)
else return X509_TRUST_UNTRUSTED;
}
static int obj_trust(int id, X509 *x, int flags)
{
ASN1_OBJECT *obj;
int i;
X509_CERT_AUX *ax;
ax = x->aux;
if(!ax) return X509_TRUST_UNTRUSTED;
if(ax->reject) {
for(i = 0; i < sk_ASN1_OBJECT_num(ax->reject); i++) {
obj = sk_ASN1_OBJECT_value(ax->reject, i);
if(OBJ_obj2nid(obj) == id) return X509_TRUST_REJECTED;
}
}
if(ax->trust) {
for(i = 0; i < sk_ASN1_OBJECT_num(ax->trust); i++) {
obj = sk_ASN1_OBJECT_value(ax->trust, i);
if(OBJ_obj2nid(obj) == id) return X509_TRUST_TRUSTED;
}
}
return X509_TRUST_UNTRUSTED;
}
static int trust_any(X509_TRUST *trust, X509 *x, int flags)
{
return X509_TRUST_TRUSTED;

1
crypto/x509v3/x509v3.h
View File

@ -542,7 +542,6 @@ char *X509_PURPOSE_iget_name(X509_PURPOSE *xp);
char *X509_PURPOSE_iget_sname(X509_PURPOSE *xp);
int X509_PURPOSE_get_trust(X509_PURPOSE *xp);
void X509_PURPOSE_cleanup(void);
void X509_PURPOSE_add_standard(void);
int X509_PURPOSE_get_id(X509_PURPOSE *);
/* BEGIN ERROR CODES */

8
util/libeay.num
View File

@ -1900,7 +1900,7 @@ sk_ASN1_STRING_TABLE_value 1924
ACCESS_DESCRIPTION_new 1925
X509_CERT_AUX_free 1926
d2i_ACCESS_DESCRIPTION 1927
X509_PURPOSE_add_standard 1928
X509_trust_clear 1928
sk_X509_PURPOSE_value 1929
sk_X509_PURPOSE_zero 1930
X509_TRUST_add 1931
@ -2054,7 +2054,7 @@ X509_trust_set_bit 2078
sk_X509_PURPOSE_delete_ptr 2079
ASN1_BIT_STRING_free 2080
PEM_read_bio_RSA_PUBKEY 2081
X509_add_reject_object 2082
X509_radd_reject_object 2082
X509_check_trust 2083
sk_X509_TRUST_new_null 2084
sk_ACCESS_DESCRIPTION_new_null 2085
@ -2112,7 +2112,7 @@ ASN1_STRING_length_set 2136
DIRECTORYSTRING_new 2137
sk_ASN1_STRING_TABLE_new 2138
sk_X509_TRUST_delete 2139
X509_add_trust_object 2140
X509_radd_trust_object 2140
PKCS12_newpass 2141
SMIME_write_PKCS7 2142
SMIME_read_PKCS7 2143
@ -2156,3 +2156,5 @@ i2d_PrivateKey_fp 2180
d2i_PrivateKey_bio 2181
d2i_PrivateKey_fp 2182
i2d_PrivateKey_bio 2183
X509_reject_clear 2184
X509_TRUST_set_default 2185