Tidy up x509_vfy callback handling

Reviewed-by: N Dr. Stephen Henson <steve@openssl.org>

Tidy up x509_vfy callback handling
Reviewed-by: N Dr. Stephen Henson <steve@openssl.org>
70dd3c65 · Viktor Dukhovni · 0f1ef63b · 70dd3c65 · 70dd3c65 · 70dd3c65
展开全部隐藏空白更改
内联并排

Showing with 221 addition and 289 deletion

crypto/x509/x509_lcl.h crypto/x509/x509_lcl.h +2 -1

crypto/x509/x509_lu.c crypto/x509/x509_lu.c +2 -2

crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c +217 -286

未找到文件。
--- a/crypto/x509/x509_lcl.h
+++ b/crypto/x509/x509_lcl.h
@@ -81,7 +81,8 @@ struct X509_VERIFY_PARAM_st {
    size_t iplen;               /* Length of IP address */
 };

-int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int quiet);
+/* No error callback if depth < 0 */
+int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth);

 /* a sequence of these are used */
 struct x509_attributes_st {

--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -630,7 +630,7 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
    }
    /* If certificate matches all OK */
    if (ctx->check_issued(ctx, x, obj.data.x509)) {
-        if (x509_check_cert_time(ctx, obj.data.x509, 1)) {
+        if (x509_check_cert_time(ctx, obj.data.x509, -1)) {
            *issuer = obj.data.x509;
            return 1;
        }
@@ -661,7 +661,7 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
                 * match if no certificate time is OK.
                 */

-                if (x509_check_cert_time(ctx, *issuer, 1))
+                if (x509_check_cert_time(ctx, *issuer, -1))
                    break;
            }
        }

--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c