From a7d729491c2dacd4dae01eb49e1ca3ff797133ff Mon Sep 17 00:00:00 2001 From: Laszlo Kovacs Date: Tue, 31 Mar 2015 16:01:17 -0400 Subject: [PATCH 17/26] Add certificate verify data to SSL struct Add app_verify_callback and app_verify_arg to the SSL structure and add SSL_SESSION_set_verify_result() API. The values are copied from the SSL_CTX into the SSL. (cherry picked from commit 80b9e96d4f624b146daeeb135acb6ee299a8e3df) Conflicts: include/openssl/ssl.h ssl/ssl_cert.c --- include/openssl/ssl.h | 4 ++++ ssl/ssl_cert.c | 4 +++- ssl/ssl_lib.c | 17 +++++++++++++++++ ssl/ssl_locl.h | 3 +++ 4 files changed, 27 insertions(+), 1 deletion(-) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index d14460c..9523a43 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1553,6 +1553,7 @@ int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses); # endif int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses); int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x); +void SSL_SESSION_set_verify_result(SSL *ssl, long arg); void SSL_SESSION_free(SSL_SESSION *ses); __owur int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); __owur int SSL_set_session(SSL *to, SSL_SESSION *session); @@ -1582,6 +1583,9 @@ void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth); void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb) (X509_STORE_CTX *, void *), void *arg); +void SSL_set_cert_verify_callback(SSL *s, + int (*cb) (X509_STORE_CTX *, void *), + void *arg); void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), void *arg); # ifndef OPENSSL_NO_RSA diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 987b2b7..063c06a 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -636,7 +636,9 @@ int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk) if (s->verify_callback) X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback); - if (s->ctx->app_verify_callback != NULL) + if (s->app_verify_callback != NULL) + i = s->app_verify_callback(&ctx, s->app_verify_arg); + else if (s->ctx->app_verify_callback != NULL) i = s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg); else { i = X509_verify_cert(&ctx); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index b834c00..cf1276b 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -315,6 +315,9 @@ SSL *SSL_new(SSL_CTX *ctx) s->quiet_shutdown = ctx->quiet_shutdown; s->max_send_fragment = ctx->max_send_fragment; + s->app_verify_callback = ctx->app_verify_callback; + s->app_verify_arg = ctx->app_verify_arg; + CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); s->ctx = ctx; #ifndef OPENSSL_NO_TLSEXT @@ -1983,6 +1986,14 @@ void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, ctx->app_verify_arg = arg; } +void SSL_set_cert_verify_callback(SSL *s, + int (*cb) (X509_STORE_CTX *, void *), + void *arg) +{ + s->app_verify_callback = cb; + s->app_verify_arg = arg; +} + void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*cb) (int, X509_STORE_CTX *)) { @@ -2967,6 +2978,12 @@ void SSL_set_state(SSL *ssl, int state) ssl->state = state; } +void SSL_SESSION_set_verify_result(SSL *ssl, long arg) +{ + if (ssl->session) + ssl->session->verify_result = arg; +} + void SSL_set_verify_result(SSL *ssl, long arg) { ssl->verify_result = arg; diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 2e83fa5..88f9866 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1240,6 +1240,9 @@ struct ssl_st { } ctx; /* context/closure handed out to task */ } task; + int (*app_verify_callback) (X509_STORE_CTX *, void *); + void *app_verify_arg; + /* Keep track of bytes passed through SSL */ size_t bytes_written; size_t bytes_read; -- 2.3.2 (Apple Git-55)