From 6f07409d7c639bfa9a6eecbf97a74d4c8d762861 Mon Sep 17 00:00:00 2001 From: dongheng Date: Thu, 22 Sep 2016 15:30:25 +0800 Subject: [PATCH] components/openssl: add function to set and get verify depth 1. add function to set and get SSL verify depth 2. add function to set and get SSL context verify depth 3. add X509_VERIFY_PARAM structure --- .../openssl/include/internal/ssl_types.h | 13 +++++ components/openssl/library/ssl_lib.c | 58 +++++++++++++++++++ 2 files changed, 71 insertions(+) diff --git a/components/openssl/include/internal/ssl_types.h b/components/openssl/include/internal/ssl_types.h index 761250eef7..d001befdb9 100644 --- a/components/openssl/include/internal/ssl_types.h +++ b/components/openssl/include/internal/ssl_types.h @@ -76,6 +76,9 @@ typedef struct cert_st CERT; struct x509_st; typedef struct x509_st X509; +struct X509_VERIFY_PARAM_st; +typedef struct X509_VERIFY_PARAM_st X509_VERIFY_PARAM; + struct evp_pkey_st; typedef struct evp_pkey_st EVP_PKEY; @@ -139,6 +142,12 @@ struct ssl_session_st { long time; }; +struct X509_VERIFY_PARAM_st { + + int depth; + +}; + struct ssl_ctx_st { int version; @@ -164,6 +173,8 @@ struct ssl_ctx_st int read_ahead; int read_buffer_len; + + X509_VERIFY_PARAM param; }; struct ssl_st @@ -195,6 +206,8 @@ struct ssl_st long verify_result; + X509_VERIFY_PARAM param; + int err; void (*info_callback) (const SSL *ssl, int type, int val); diff --git a/components/openssl/library/ssl_lib.c b/components/openssl/library/ssl_lib.c index ac41be6276..442920f119 100644 --- a/components/openssl/library/ssl_lib.c +++ b/components/openssl/library/ssl_lib.c @@ -1745,3 +1745,61 @@ long SSL_get_verify_result(const SSL *ssl) return SSL_METHOD_CALL(get_verify_result, ssl); } + +/* + * SSL_CTX_get_verify_depth - get the SSL verifying depth of the SSL context + * + * @param ctx - SSL context point + * + * @return verifying depth + */ +int SSL_CTX_get_verify_depth(const SSL_CTX *ctx) +{ + SSL_ASSERT(ctx); + + return ctx->param.depth; +} + +/* + * SSL_CTX_set_verify_depth - set the SSL verify depth of the SSL context + * + * @param ctx - SSL context point + * @param depth - verifying depth + * + * @return one + */ +void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth) +{ + SSL_ASSERT(ctx); + + ctx->param.depth = depth; +} + +/* + * SSL_get_verify_depth - get the SSL verifying depth of the SSL + * + * @param ctx - SSL point + * + * @return verifying depth + */ +int SSL_get_verify_depth(const SSL *ssl) +{ + SSL_ASSERT(ssl); + + return ssl->param.depth; +} + +/* + * SSL_set_verify_depth - set the SSL verify depth of the SSL + * + * @param ctx - SSL point + * @param depth - verifying depth + * + * @return one + */ +void SSL_set_verify_depth(SSL *ssl, int depth) +{ + SSL_ASSERT(ssl); + + ssl->param.depth = depth; +}