From: Shane Lontis Date: Sat, 25 Jul 2020 08:44:25 +0000 (+1000) Subject: Add internal method x509_set0_libctx(). X-Git-Tag: openssl-3.0.0-alpha7~627 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=dcc679cd99835560d75a84719ab73a70a952f035;p=thirdparty%2Fopenssl.git Add internal method x509_set0_libctx(). This should only be called during (or right after) using d2iXXX on a object that contains embedded certificate(s) that require a non default library context. X509_new_with_libctx() should be used if possible. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11884) --- diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c index 9358c46a7f4..64bf5faa83d 100644 --- a/crypto/x509/x_x509.c +++ b/crypto/x509/x_x509.c @@ -133,6 +133,20 @@ int i2d_X509(const X509 *a, unsigned char **out) return ASN1_item_i2d((const ASN1_VALUE *)a, out, (X509_it())); } +/* + * This should only be used if the X509 object was embedded inside another + * asn1 object and it needs a libctx to operate. + * Use X509_new_with_libctx() instead if possible. + */ +int x509_set0_libctx(X509 *x, OPENSSL_CTX *libctx, const char *propq) +{ + if (x != NULL) { + x->libctx = libctx; + x->propq = propq; + } + return 1; +} + X509 *X509_new_with_libctx(OPENSSL_CTX *libctx, const char *propq) { X509 *cert = NULL; diff --git a/include/crypto/x509.h b/include/crypto/x509.h index 71a67df650e..712aa1cc869 100644 --- a/include/crypto/x509.h +++ b/include/crypto/x509.h @@ -299,6 +299,7 @@ int a2i_ipadd(unsigned char *ipout, const char *ipasc); int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm); int x509_print_ex_brief(BIO *bio, X509 *cert, unsigned long neg_cflags); int x509v3_cache_extensions(X509 *x); +int x509_set0_libctx(X509 *x, OPENSSL_CTX *libctx, const char *propq); void x509_init_sig_info(X509 *x);