openssl wrapper: introduce SSL_get0_param

This adds the standard OpenSSL api to get a pointer to the SSL struct's
X509_VERIFY_PARAM.  We need this for the OpenSSL api to set the peer
hostname introduced in the next patch.

Part of https://github.com/espressif/esp-idf/pull/980

diff --git a/components/openssl/include/openssl/ssl.h b/components/openssl/include/openssl/ssl.h
index 4af037af6aadea5ecaccee4bf5bb825720ba293e..87a67fc06f31cbf43f775d542beb485e7fe6fee5 100755 (executable)
--- a/components/openssl/include/openssl/ssl.h
+++ b/components/openssl/include/openssl/ssl.h
@@ -1523,6 +1523,15 @@ long SSL_get_timeout(const SSL *ssl);
  */\r
 int SSL_get_verify_mode(const SSL *ssl);\r
 \r
+/**\r
+ * @brief get SSL verify parameters\r
+ *\r
+ * @param ssl - SSL point\r
+ *\r
+ * @return verify parameters\r
+ */\r
+X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl);\r
+\r
 /**\r
  * @brief get SSL write only IO handle\r
  *\r

diff --git a/components/openssl/library/ssl_x509.c b/components/openssl/library/ssl_x509.c
index ef0503c053d453c51e24e63be2fe403ea694bdaa..bd811e0a92d58eebfcb42818742b517adb42aaa8 100644 (file)
--- a/components/openssl/library/ssl_x509.c
+++ b/components/openssl/library/ssl_x509.c
@@ -117,6 +117,15 @@ failed1:
     return NULL;
 }
 
+/**
+ * @brief return SSL X509 verify parameters
+ */
+
+X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl)
+{
+    return &ssl->param;
+}
+
 /**
  * @brief set SSL context client CA certification
  */