diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2000-09-05 17:53:58 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2000-09-05 17:53:58 +0000 |
| commit | 2f043896d14f5b1ced08bcc8bec3e38e7a18d96f (patch) | |
| tree | 30c91e35a2b02dadc58fc56355894b4345142e51 /crypto/asn1/x_x509.c | |
| parent | 29eb7d9ce0488690cca532d0ecb4075b5ca59209 (diff) | |
| download | openssl-2f043896d14f5b1ced08bcc8bec3e38e7a18d96f.tar.gz | |
*BIG* verify code reorganisation.
The old code was painfully primitive and couldn't handle
distinct certificates using the same subject name.
The new code performs several tests on a candidate issuer
certificate based on certificate extensions.
It also adds several callbacks to X509_VERIFY_CTX so its
behaviour can be customised.
Unfortunately some hackery was needed to persuade X509_STORE
to tolerate this. This should go away when X509_STORE is
replaced, sometime...
This must have broken something though :-(
Diffstat (limited to 'crypto/asn1/x_x509.c')
| -rw-r--r-- | crypto/asn1/x_x509.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c index 36f0e4743e..61ba856b17 100644 --- a/crypto/asn1/x_x509.c +++ b/crypto/asn1/x_x509.c @@ -61,6 +61,7 @@ #include <openssl/evp.h> #include <openssl/asn1_mac.h> #include <openssl/x509.h> +#include <openssl/x509v3.h> static int x509_meth_num = 0; static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_meth = NULL; @@ -114,12 +115,14 @@ X509 *X509_new(void) ASN1_CTX c; M_ASN1_New_Malloc(ret,X509); - ret->references=1; ret->valid=0; + ret->references=1; + ret->name = NULL; ret->ex_flags = 0; ret->ex_pathlen = -1; - ret->name=NULL; - ret->aux=NULL; + ret->skid = NULL; + ret->akid = NULL; + ret->aux = NULL; M_ASN1_New(ret->cert_info,X509_CINF_new); M_ASN1_New(ret->sig_alg,X509_ALGOR_new); M_ASN1_New(ret->signature,M_ASN1_BIT_STRING_new); @@ -152,6 +155,8 @@ void X509_free(X509 *a) X509_ALGOR_free(a->sig_alg); M_ASN1_BIT_STRING_free(a->signature); X509_CERT_AUX_free(a->aux); + ASN1_OCTET_STRING_free(a->skid); + AUTHORITY_KEYID_free(a->akid); if (a->name != NULL) OPENSSL_free(a->name); OPENSSL_free(a); |