diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index efa6bcaa67a4a1ec5acd2be87ebdd920fa67dbac..b895ffe33ea887a0bb8c563c69e9cdc9918051aa 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -1989,6 +1989,11 @@ int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx) return ctx->error_depth; } +void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth) +{ + ctx->error_depth = depth; +} + X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx) { return ctx->current_cert; diff --git a/doc/crypto/X509_STORE_CTX_get_error.pod b/doc/crypto/X509_STORE_CTX_get_error.pod index 1cc6bb5e8fe84153eed9f04fe6f5af89027b8d09..8c3975c6e2145ef18b91fb3ca49f1b85392361ab 100644 --- a/doc/crypto/X509_STORE_CTX_get_error.pod +++ b/doc/crypto/X509_STORE_CTX_get_error.pod @@ -3,8 +3,8 @@ =head1 NAME X509_STORE_CTX_get_error, X509_STORE_CTX_set_error, -X509_STORE_CTX_get_error_depth, X509_STORE_CTX_get_current_cert, -X509_STORE_CTX_get0_cert, +X509_STORE_CTX_get_error_depth, X509_STORE_CTX_set_error_depth, +X509_STORE_CTX_get_current_cert, X509_STORE_CTX_get0_cert, X509_STORE_CTX_get1_chain, X509_verify_cert_error_string - get or set certificate verification status information =head1 SYNOPSIS @@ -12,11 +12,12 @@ X509_STORE_CTX_get1_chain, X509_verify_cert_error_string - get or set certificat #include #include - int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); - void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s); - int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); - X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); - X509 * X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx); + int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); + void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s); + int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); + void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth); + X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); + X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx); STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx); @@ -39,6 +40,10 @@ non-negative integer representing where in the certificate chain the error occurred. If it is zero it occurred in the end entity certificate, one if it is the certificate which signed the end entity certificate and so on. +X509_STORE_CTX_set_error_depth() sets the error B. +This can be used in combination with X509_STORE_CTX_set_error() to set the +depth at which an error condition was detected. + X509_STORE_CTX_get0_cert() returns the leaf certificate being verified. X509_STORE_CTX_get_current_cert() returns the certificate in B which diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h index 99d5e21a623b98274f4453afba6150679ef7f2b4..f357d1a66a157dabdd96af2e200da52f07311067 100644 --- a/include/openssl/x509_vfy.h +++ b/include/openssl/x509_vfy.h @@ -366,6 +366,7 @@ void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx); int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s); int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth); X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx); X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx);