'[openssl-dev] [openssl.org #3875] [PATCH] Add external X509_STORE to SSL_CTX'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssl-dev
Subject:    [openssl-dev] [openssl.org #3875] [PATCH] Add external X509_STORE to SSL_CTX
From:       "Short, Todd via RT" <rt () openssl ! org>
Date:       2015-05-27 20:32:44
Message-ID: rt-4.0.4-1870-1432758764-57.3875-21-0 () openssl ! org
[Download RAW message or body]

Hello OpenSSL Org:

This is a change that Akamai has made to its implementation of OpenSSL.

Version: master branch
Description: Add external X509_STORE to SSL_CTX

Add SSL_CTX_set_cert_store_ref() API to add an external X509_STORE to
an SSL_CTX. (There is no get API).
Github link:
https://github.com/akamai/openssl/commit/517559c8637cda3750b39017685742590f1b692e

And attachment.

Thank you.
--
-Todd Short
// tshort@akamai.com
// "One if by land, two if by sea, three if by the Internet."


["0018-Add-external-X509_STORE-to-SSL_CTX.patch" (application/octet-stream)]

From 685c477cba3f3567395ab6b9f9f1d7b3e524415f Mon Sep 17 00:00:00 2001
From: Laszlo Kovacs <lkovacs@akamai.com>
Date: Tue, 31 Mar 2015 16:20:03 -0400
Subject: [PATCH 18/26] Add external X509_STORE to SSL_CTX

Add SSL_CTX_set_cert_store_ref() API to add an external X509_STORE to
an SSL_CTX

(cherry picked from commit da85fb4713bbd7ba92ab2c83602fc26a4613fb22)

Conflicts:
	include/openssl/ssl.h
	ssl/ssl_lib.c
---
 include/openssl/ssl.h | 1 +
 ssl/ssl_lib.c         | 8 ++++++++
 2 files changed, 9 insertions(+)

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 9523a43..935ff0a 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1441,6 +1441,7 @@ __owur long SSL_CTX_get_timeout(const SSL_CTX *ctx);
 __owur X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
 void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *);
 __owur int SSL_want(const SSL *s);
+void SSL_CTX_set_cert_store_ref(SSL_CTX *, X509_STORE *);
 int SSL_signal_event_result(SSL *s, int event, int result, int errfunc, int \
errreason, const char *file, int line);  # define SSL_signal_event(s, event, retcode) \
\  SSL_signal_event_result(s, event, retcode, 0, 0, NULL, 0)
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index cf1276b..efed001 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -3516,6 +3516,14 @@ void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx)
     return ctx->cert->sec_ex;
 }
 
+void SSL_CTX_set_cert_store_ref(SSL_CTX *ctx, X509_STORE *store)
+{
+    if (ctx->cert_store != NULL)
+        X509_STORE_free(ctx->cert_store);
+    CRYPTO_add(&store->references, 1, CRYPTO_LOCK_X509_STORE);
+    ctx->cert_store = store;
+}
+
 void SSL_CTX_share_session_cache(SSL_CTX *a, SSL_CTX *b)
 {
     CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
-- 
2.3.2 (Apple Git-55)



_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev


[prev in list] [next in list] [prev in thread] [next in thread] 
