From: Dr. Stephen Henson Date: Sat, 31 Oct 2009 19:22:18 +0000 (+0000) Subject: Add missing functions to allow access to newer X509_STORE_CTX status X-Git-Tag: OpenSSL-fips-2_0-rc1~1460 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=2008e714f309bb5f814d6616a37a31a4a9e9dd56;p=openssl Add missing functions to allow access to newer X509_STORE_CTX status information. Add more informative message to verify callback to indicate when CRL path validation is taking place. --- diff --git a/apps/verify.c b/apps/verify.c index c0be253db2..9163997e93 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -310,7 +310,9 @@ static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx) 0, XN_FLAG_ONELINE); printf("\n"); } - printf("error %d at %d depth lookup:%s\n",cert_error, + printf("%serror %d at %d depth lookup:%s\n", + X509_STORE_CTX_get0_parent_ctx(ctx) ? "[CRL path]" : "", + cert_error, X509_STORE_CTX_get_error_depth(ctx), X509_verify_cert_error_string(cert_error)); switch(cert_error) diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index f5f632a45d..514573325e 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -1879,6 +1879,21 @@ STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx) return chain; } +X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx) + { + return ctx->current_issuer; + } + +X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx) + { + return ctx->current_crl; + } + +X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx) + { + return ctx->parent; + } + void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x) { ctx->cert=x; diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h index acb713a6e5..fe09b30aaa 100644 --- a/crypto/x509/x509_vfy.h +++ b/crypto/x509/x509_vfy.h @@ -480,6 +480,9 @@ int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s); int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); +X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx); +X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx); +X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx); STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx); STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx); void X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x);