Add internal method x509_set0_libctx().

This should only be called during (or right after) using d2iXXX on a object that contains embedded certificate(s)
that require a non default library context. X509_new_with_libctx() should be used if possible.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11884)

diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c
index 9358c46a7f46b43f1ffd64141cd5769091360680..64bf5faa83da4f84f5ce780d5ce67fbeb018204e 100644 (file)
--- a/crypto/x509/x_x509.c
+++ b/crypto/x509/x_x509.c
@@ -133,6 +133,20 @@ int i2d_X509(const X509 *a, unsigned char **out)
     return ASN1_item_i2d((const ASN1_VALUE *)a, out, (X509_it()));
 }
 
+/*
+ * This should only be used if the X509 object was embedded inside another
+ * asn1 object and it needs a libctx to operate.
+ * Use X509_new_with_libctx() instead if possible.
+ */
+int x509_set0_libctx(X509 *x, OPENSSL_CTX *libctx, const char *propq)
+{
+    if (x != NULL) {
+        x->libctx = libctx;
+        x->propq = propq;
+    }
+    return 1;
+}
+
 X509 *X509_new_with_libctx(OPENSSL_CTX *libctx, const char *propq)
 {
     X509 *cert = NULL;

diff --git a/include/crypto/x509.h b/include/crypto/x509.h
index 71a67df650e330f19c9a6785a6c90cf5c7fc4173..712aa1cc869b23c88f289bfca0480e953badd6a3 100644 (file)
--- a/include/crypto/x509.h
+++ b/include/crypto/x509.h
@@ -299,6 +299,7 @@ int a2i_ipadd(unsigned char *ipout, const char *ipasc);
 int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm);
 int x509_print_ex_brief(BIO *bio, X509 *cert, unsigned long neg_cflags);
 int x509v3_cache_extensions(X509 *x);
+int x509_set0_libctx(X509 *x, OPENSSL_CTX *libctx, const char *propq);
 
 void x509_init_sig_info(X509 *x);