static STACK_OF(X509_CRL) *crls_http_cb(const X509_STORE_CTX *ctx,
const X509_NAME *nm)
{
- X509 *x;
+ const X509 *x;
STACK_OF(X509_CRL) *crls = NULL;
X509_CRL *crl;
STACK_OF(DIST_POINT) *crldp;
int verify_callback(int ok, X509_STORE_CTX *ctx)
{
- X509 *err_cert;
+ const X509 *err_cert;
int err, depth;
err_cert = X509_STORE_CTX_get_current_cert(ctx);
static int cb(int ok, X509_STORE_CTX *ctx)
{
int cert_error = X509_STORE_CTX_get_error(ctx);
- X509 *current_cert = X509_STORE_CTX_get_current_cert(ctx);
+ const X509 *current_cert = X509_STORE_CTX_get_current_cert(ctx);
if (!ok) {
if (current_cert != NULL) {
static int callb(int ok, X509_STORE_CTX *ctx)
{
int err;
- X509 *err_cert;
+ const X509 *err_cert;
/*
* It is ok to use a self-signed certificate. This case will catch both
* Helper functions for improving certificate verification error diagnostics
*/
-int ossl_x509_print_ex_brief(BIO *bio, X509 *cert, unsigned long neg_cflags)
+int ossl_x509_print_ex_brief(BIO *bio, const X509 *cert, unsigned long neg_cflags)
{
unsigned long flags = ASN1_STRFLGS_RFC2253 | ASN1_STRFLGS_ESC_QUOTE | XN_FLAG_SEP_CPLUS_SPC | XN_FLAG_FN_SN;
X509_VERIFY_PARAM *vpm = X509_VERIFY_PARAM_new();
if (BIO_printf(bio, " certificate\n") <= 0
|| !X509_print_ex(bio, cert, flags, ~X509_FLAG_NO_SUBJECT))
goto err;
- if (X509_check_issued((X509 *)cert, cert) == X509_V_OK) {
+ /* XXX casts away const - remove cast once #30067 lands */
+ if (X509_check_issued((X509 *)cert, (X509 *)cert) == X509_V_OK) {
if (BIO_printf(bio, " self-issued\n") <= 0)
goto err;
} else {
* https://www.openssl.org/source/license.html
*/
#include <openssl/safestack.h>
+#include <openssl/x509_vfy.h>
#include "internal/refcount.h"
#include "internal/hashtable.h"
/* error callback */
int (*verify_cb)(int ok, X509_STORE_CTX *ctx);
/* get issuers cert from ctx */
- int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
+ X509_STORE_CTX_get_issuer_fn get_issuer;
/* check issued */
- int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
+ X509_STORE_CTX_check_issued_fn check_issued;
/* Check revocation status of chain */
int (*check_revocation)(X509_STORE_CTX *ctx);
/* retrieve CRL */
static int dane_verify(X509_STORE_CTX *ctx);
static int dane_verify_rpk(X509_STORE_CTX *ctx);
static int null_callback(int ok, X509_STORE_CTX *e);
-static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
+static int check_issued(X509_STORE_CTX *ctx, const X509 *x, const X509 *issuer);
static int check_extensions(X509_STORE_CTX *ctx);
static int check_name_constraints(X509_STORE_CTX *ctx);
static int check_id(X509_STORE_CTX *ctx);
* Maybe not touch X509_STORE_CTX_get1_issuer(), for API backward compatibility.
*/
static X509 *get0_best_issuer_sk(X509_STORE_CTX *ctx, int check_signing_allowed,
- int no_dup, STACK_OF(X509) *sk, X509 *x)
+ int no_dup, STACK_OF(X509) *sk, const X509 *x)
{
int i;
X509 *candidate, *issuer = NULL;
* 0 certificate not found.
* -1 some other error.
*/
-int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
+int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, const X509 *x)
{
const X509_NAME *xn = X509_get_issuer_name(x);
X509_OBJECT *obj = X509_OBJECT_new();
}
/* Check that the given certificate |x| is issued by the certificate |issuer| */
-static int check_issued(ossl_unused X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
+static int check_issued(ossl_unused X509_STORE_CTX *ctx, const X509 *x, const X509 *issuer)
{
- int err = ossl_x509_likely_issued(issuer, x);
+ /* XXX casts away const, remove cast when #30067 lands */
+ int err = ossl_x509_likely_issued((X509 *)issuer, (X509 *)x);
if (err == X509_V_OK)
return 1;
* Alternative get_issuer method: look up from a STACK_OF(X509) in other_ctx.
* Returns -1 on internal error.
*/
-static int get1_best_issuer_other_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
+static int get1_best_issuer_other_sk(X509 **issuer, X509_STORE_CTX *ctx, const X509 *x)
{
*issuer = get0_best_issuer_sk(ctx, 0, 1 /* no_dup */, ctx->other_ctx, x);
if (*issuer == NULL)
ctx->error_depth = depth;
}
-X509 *X509_STORE_CTX_get_current_cert(const X509_STORE_CTX *ctx)
+const X509 *X509_STORE_CTX_get_current_cert(const X509_STORE_CTX *ctx)
{
return ctx->current_cert;
}
return X509_chain_up_ref(ctx->chain);
}
-X509 *X509_STORE_CTX_get0_current_issuer(const X509_STORE_CTX *ctx)
+const X509 *X509_STORE_CTX_get0_current_issuer(const X509_STORE_CTX *ctx)
{
return ctx->current_issuer;
}
return ctx->parent;
}
-void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x)
+void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, const X509 *x)
{
- ctx->cert = x;
+ /* XXX casts away const - fix by making ctx->cert const */
+ ctx->cert = (X509 *)x;
}
void X509_STORE_CTX_set0_rpk(X509_STORE_CTX *ctx, EVP_PKEY *rpk)
ctx->current_reasons = current_reasons;
}
-X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx)
+const X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx)
{
return ctx->cert;
}
void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s);
int X509_STORE_CTX_get_error_depth(const X509_STORE_CTX *ctx);
void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth);
- X509 *X509_STORE_CTX_get_current_cert(const X509_STORE_CTX *ctx);
+ const X509 *X509_STORE_CTX_get_current_cert(const X509_STORE_CTX *ctx);
void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x);
- X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx);
+ const X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx);
STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx);
X509_CRL *X509_STORE_CTX_get0_current_crl(const X509_STORE_CTX *ctx);
void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *trust_store,
- X509 *target, STACK_OF(X509) *untrusted);
+ const X509 *target, STACK_OF(X509) *untrusted);
int X509_STORE_CTX_init_rpk(X509_STORE_CTX *ctx, X509_STORE *trust_store,
EVP_PKEY *rpk);
void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
- void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *target);
+ void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, const X509 *target);
void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
void X509_STORE_CTX_set0_rpk(X509_STORE_CTX *ctx, EVP_PKEY *target);
void X509_STORE_set_verify(X509_STORE *xs, X509_STORE_CTX_verify_fn verify);
X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(const X509_STORE_CTX *ctx);
- int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
+ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, const X509 *x);
X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE_CTX *ctx);
void X509_STORE_set_get_issuer(X509_STORE *xs,
X509_STORE_CTX_get_issuer_fn get_issuer);
#include "internal/refcount.h"
#include <openssl/asn1.h>
#include <openssl/x509.h>
+#include <openssl/x509_vfy.h>
#include <openssl/conf.h>
#include "crypto/types.h"
/* error callback */
int (*verify_cb)(int ok, X509_STORE_CTX *ctx);
/* get issuers cert from ctx */
- int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
+ X509_STORE_CTX_get_issuer_fn get_issuer;
/* check issued */
- int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
+ X509_STORE_CTX_check_issued_fn check_issued;
/* Check revocation status of chain */
int (*check_revocation)(X509_STORE_CTX *ctx);
/* retrieve CRL */
int ossl_a2i_ipadd(unsigned char *ipout, const char *ipasc);
int ossl_x509_set1_time(int *modified, ASN1_TIME **ptm, const ASN1_TIME *tm);
-int ossl_x509_print_ex_brief(BIO *bio, X509 *cert, unsigned long neg_cflags);
+int ossl_x509_print_ex_brief(BIO *bio, const X509 *cert, unsigned long neg_cflags);
int ossl_x509v3_cache_extensions(const X509 *x);
int ossl_x509_init_sig_info(X509 *x);
int X509_STORE_CTX_print_verify_cb(int ok, X509_STORE_CTX *ctx);
typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *);
typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer,
- X509_STORE_CTX *ctx, X509 *x);
+ X509_STORE_CTX *ctx, const X509 *x);
typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx,
- X509 *x, X509 *issuer);
+ const X509 *x, const X509 *issuer);
typedef int (*X509_STORE_CTX_check_revocation_fn)(X509_STORE_CTX *ctx);
typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx,
X509_CRL **crl, X509 *x);
X509_STORE_CTX *X509_STORE_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq);
X509_STORE_CTX *X509_STORE_CTX_new(void);
-int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
+int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, const X509 *x);
void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *trust_store,
void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
X509_STORE *X509_STORE_CTX_get0_store(const X509_STORE_CTX *ctx);
-X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx);
+const X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx);
EVP_PKEY *X509_STORE_CTX_get0_rpk(const X509_STORE_CTX *ctx);
STACK_OF(X509) *X509_STORE_CTX_get0_untrusted(const X509_STORE_CTX *ctx);
void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s);
int X509_STORE_CTX_get_error_depth(const X509_STORE_CTX *ctx);
void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth);
-X509 *X509_STORE_CTX_get_current_cert(const X509_STORE_CTX *ctx);
+const X509 *X509_STORE_CTX_get_current_cert(const X509_STORE_CTX *ctx);
void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x);
-X509 *X509_STORE_CTX_get0_current_issuer(const X509_STORE_CTX *ctx);
+const X509 *X509_STORE_CTX_get0_current_issuer(const X509_STORE_CTX *ctx);
X509_CRL *X509_STORE_CTX_get0_current_crl(const X509_STORE_CTX *ctx);
X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(const X509_STORE_CTX *ctx);
STACK_OF(X509) *X509_STORE_CTX_get0_chain(const X509_STORE_CTX *ctx);
STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx);
-void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *target);
+void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, const X509 *target);
void X509_STORE_CTX_set0_rpk(X509_STORE_CTX *ctx, EVP_PKEY *target);
void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk);
void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
if (cb_arg->app_verify) {
char *s = NULL, buf[256];
- X509 *c = X509_STORE_CTX_get0_cert(ctx);
+ const X509 *c = X509_STORE_CTX_get0_cert(ctx);
printf("In app_verify_callback, allowing cert. ");
printf("Arg is: %s\n", cb_arg->string);
projects / thirdparty / openssl.git / commitdiff
