提交 508c5352 编写于 作者: D Dr. Stephen Henson

Update from 1.0.0-stable

上级 9a5faeaa
...@@ -199,8 +199,12 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, ...@@ -199,8 +199,12 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,
const X509_VERIFY_PARAM *from) const X509_VERIFY_PARAM *from)
{ {
unsigned long save_flags = to->inh_flags;
int ret;
to->inh_flags |= X509_VP_FLAG_DEFAULT; to->inh_flags |= X509_VP_FLAG_DEFAULT;
return X509_VERIFY_PARAM_inherit(to, from); ret = X509_VERIFY_PARAM_inherit(to, from);
to->inh_flags = save_flags;
return ret;
} }
int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name) int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name)
......
...@@ -502,9 +502,6 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk) ...@@ -502,9 +502,6 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,ERR_R_X509_LIB); SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,ERR_R_X509_LIB);
return(0); return(0);
} }
if (s->param)
X509_VERIFY_PARAM_inherit(X509_STORE_CTX_get0_param(&ctx),
s->param);
#if 0 #if 0
if (SSL_get_verify_depth(s) >= 0) if (SSL_get_verify_depth(s) >= 0)
X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s)); X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s));
...@@ -518,6 +515,12 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk) ...@@ -518,6 +515,12 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
X509_STORE_CTX_set_default(&ctx, X509_STORE_CTX_set_default(&ctx,
s->server ? "ssl_client" : "ssl_server"); s->server ? "ssl_client" : "ssl_server");
/* Anything non-default in "param" should overwrite anything in the
* ctx.
*/
if (s->param)
X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(&ctx),
s->param);
if (s->verify_callback) if (s->verify_callback)
X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback); X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册