int X509_verify_cert(X509_STORE_CTX *ctx)
{
- struct dane_st *dane = (struct dane_st *)ctx->dane;
+ SSL_DANE *dane = ctx->dane;
if (ctx->cert == NULL) {
X509err(X509_F_X509_VERIFY_CERT, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
int i;
X509 *x = NULL;
X509 *mx;
- struct dane_st *dane = (struct dane_st *)ctx->dane;
+ SSL_DANE *dane = ctx->dane;
int num = sk_X509_num(ctx->chain);
int trust;
ctx->param = param;
}
-void X509_STORE_CTX_set0_dane(X509_STORE_CTX *ctx, struct dane_st *dane)
+void X509_STORE_CTX_set0_dane(X509_STORE_CTX *ctx, SSL_DANE *dane)
{
ctx->dane = dane;
}
static int dane_match(X509_STORE_CTX *ctx, X509 *cert, int depth)
{
- struct dane_st *dane = (struct dane_st *)ctx->dane;
+ SSL_DANE *dane = ctx->dane;
unsigned usage = DANETLS_NONE;
unsigned selector = DANETLS_NONE;
unsigned ordinal = DANETLS_NONE;
static int check_dane_issuer(X509_STORE_CTX *ctx, int depth)
{
- struct dane_st *dane = (struct dane_st *)ctx->dane;
+ SSL_DANE *dane = ctx->dane;
int matched = 0;
X509 *cert;
static int check_dane_pkeys(X509_STORE_CTX *ctx)
{
- struct dane_st *dane = (struct dane_st *)ctx->dane;
+ SSL_DANE *dane = ctx->dane;
danetls_record *t;
int num = ctx->num_untrusted;
X509 *cert = sk_X509_value(ctx->chain, num - 1);
return X509_TRUST_UNTRUSTED;
}
-static void dane_reset(struct dane_st *dane)
+static void dane_reset(SSL_DANE *dane)
{
/*
* Reset state to verify another chain, or clear after failure.
static int dane_verify(X509_STORE_CTX *ctx)
{
X509 *cert = ctx->cert;
- struct dane_st *dane = (struct dane_st *)ctx->dane;
+ SSL_DANE *dane = ctx->dane;
int matched;
int done;
static int build_chain(X509_STORE_CTX *ctx)
{
- struct dane_st *dane = (struct dane_st *)ctx->dane;
+ SSL_DANE *dane = ctx->dane;
int num = sk_X509_num(ctx->chain);
X509 *cert = sk_X509_value(ctx->chain, num - 1);
int ss = cert_self_signed(cert);
/*
* Per connection DANE state
*/
-struct dane_st {
+struct ssl_dane_st {
struct dane_ctx_st *dctx;
STACK_OF(danetls_record) *trecs;
STACK_OF(X509) *certs; /* DANE-TA(2) Cert(0) Full(0) certs */
typedef struct rand_meth_st RAND_METHOD;
+typedef struct ssl_dane_st SSL_DANE;
typedef struct x509_st X509;
typedef struct X509_algor_st X509_ALGOR;
typedef struct X509_crl_st X509_CRL;
* Bridge opacity barrier between libcrypt and libssl, also needed to support
* offline testing in test/danetest.c
*/
-struct dane_st *SSL_get0_dane(SSL *ssl);
+SSL_DANE *SSL_get0_dane(SSL *ssl);
__owur int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm);
__owur int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm);
/* For CRL path validation: parent context */
X509_STORE_CTX *parent;
CRYPTO_EX_DATA ex_data;
- struct dane_st *dane;
+ SSL_DANE *dane;
/* signed via bare TA public key, rather than CA certificate */
int bare_ta_signed;
} /* X509_STORE_CTX */ ;
* Bridge opacity barrier between libcrypt and libssl, also needed to support
* offline testing in test/danetest.c
*/
-void X509_STORE_CTX_set0_dane(X509_STORE_CTX *ctx, struct dane_st *dane);
+void X509_STORE_CTX_set0_dane(X509_STORE_CTX *ctx, SSL_DANE *dane);
/* X509_VERIFY_PARAM functions */
OPENSSL_free(t);
}
-static void dane_final(struct dane_st *dane)
+static void dane_final(SSL_DANE *dane)
{
sk_danetls_record_pop_free(dane->trecs, tlsa_free);
dane->trecs = NULL;
return 1;
}
-static const EVP_MD *tlsa_md_get(struct dane_st *dane, uint8_t mtype)
+static const EVP_MD *tlsa_md_get(SSL_DANE *dane, uint8_t mtype)
{
if (mtype > dane->dctx->mdmax)
return NULL;
}
static int dane_tlsa_add(
- struct dane_st *dane,
+ SSL_DANE *dane,
uint8_t usage,
uint8_t selector,
uint8_t mtype,
int SSL_dane_enable(SSL *s, const char *basedomain)
{
- struct dane_st *dane = &s->dane;
+ SSL_DANE *dane = &s->dane;
if (s->ctx->dane.mdmax == 0) {
SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_CONTEXT_NOT_DANE_ENABLED);
int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki)
{
- struct dane_st *dane = &s->dane;
+ SSL_DANE *dane = &s->dane;
if (!DANETLS_ENABLED(dane) || s->verify_result != X509_V_OK)
return -1;
int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector,
uint8_t *mtype, unsigned const char **data, size_t *dlen)
{
- struct dane_st *dane = &s->dane;
+ SSL_DANE *dane = &s->dane;
if (!DANETLS_ENABLED(dane) || s->verify_result != X509_V_OK)
return -1;
return dane->mdpth;
}
-struct dane_st *SSL_get0_dane(SSL *s)
+SSL_DANE *SSL_get0_dane(SSL *s)
{
return &s->dane;
}
int ret = 0;
X509 *cert = s->session != NULL ? s->session->peer : NULL;
X509 *issuer;
- struct dane_st *dane = &s->dane;
+ SSL_DANE *dane = &s->dane;
CT_POLICY_EVAL_CTX *ctx = NULL;
const STACK_OF(SCT) *scts;
X509_VERIFY_PARAM *param;
/* Per connection DANE state */
- struct dane_st dane;
+ SSL_DANE dane;
/* crypto */
STACK_OF(SSL_CIPHER) *cipher_list;
projects / openssl / commitdiff