components/openssl: add function "ssl_pm_get_verify_result"

1. add function ssl_pm_get_verify_result
	2. add its platform low-level interface

components/openssl/include/internal/ssl_code.h

@@ -17,6 +17,7 @@
 
 #include "ssl3.h"
 #include "tls1.h"
+#include "x509_vfy.h"
 
 /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
 # define SSL_SENT_SHUTDOWN       1

components/openssl/include/internal/ssl_methods.h

@@ -21,6 +21,7 @@
                     read, send, pending, \
                     set_fd, get_fd, \
                     set_bufflen, \
+                    get_verify_result, \
                     get_state) \
         static const SSL_METHOD_FUNC func_name LOCAL_ATRR = { \
                 new, \
@@ -34,6 +35,7 @@
                 set_fd, \
                 get_fd, \
                 set_bufflen, \
+                get_verify_result, \
                 get_state \
         };
 

components/openssl/include/internal/ssl_types.h

@@ -193,6 +193,8 @@ struct ssl_st
 
     X509 *client_CA;
 
+    long verify_result;
+
     int err;
 
     void (*info_callback) (const SSL *ssl, int type, int val);
@@ -235,6 +237,8 @@ struct ssl_method_func_st {
 
     void (*ssl_set_bufflen)(SSL *ssl, int len);
 
+    long (*ssl_get_verify_result)(const SSL *ssl);
+
     OSSL_HANDSHAKE_STATE (*ssl_get_state)(const SSL *ssl);
 };
 

components/openssl/include/platform/ssl_pm.h

@@ -49,4 +49,6 @@ void pkey_pm_free(EVP_PKEY *pkey);
 int pkey_pm_load(EVP_PKEY *pkey, const unsigned char *buffer, int len);
 void pkey_pm_unload(EVP_PKEY *pkey);
 
+long ssl_pm_get_verify_result(const SSL *ssl);
+
 #endif

components/openssl/library/ssl_lib.c

@@ -1731,3 +1731,17 @@ void SSL_set_verify(SSL *ssl, int mode, int (*verify_callback)(int, X509_STORE_C
     SSL_ASSERT(ssl);
     SSL_ASSERT(verify_callback);
 }
+
+/*
+ * SSL_get_verify_result - get the verifying result of the SSL certification
+ *
+ * @param ssl - the SSL point
+ *
+ * @return the result of verifying
+ */
+long SSL_get_verify_result(const SSL *ssl)
+{
+    SSL_ASSERT(ssl);
+
+    return SSL_METHOD_CALL(get_verify_result, ssl);
+}

components/openssl/library/ssl_methods.c

@@ -25,6 +25,7 @@ IMPLEMENT_TLS_METHOD_FUNC(TLS_method_func,
         ssl_pm_read, ssl_pm_send, ssl_pm_pending,
         ssl_pm_set_fd, ssl_pm_get_fd,
         ssl_pm_set_bufflen,
+        ssl_pm_get_verify_result,
         ssl_pm_get_state);
 
 /*

components/openssl/library/ssl_x509.c

@@ -114,8 +114,6 @@ failed1:
  */
 int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
 {
-    int ret;
-
     SSL_ASSERT(ctx);
     SSL_ASSERT(x);
 
@@ -139,8 +137,6 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
  */
 int SSL_add_client_CA(SSL *ssl, X509 *x)
 {
-    int ret;
-
     SSL_ASSERT(ssl);
     SSL_ASSERT(x);
 

components/openssl/platform/ssl_pm.c

@@ -444,3 +444,19 @@ void ssl_pm_set_bufflen(SSL *ssl, int len)
 {
     max_content_len = len;
 }
+
+long ssl_pm_get_verify_result(const SSL *ssl)
+{
+    long ret;
+    long verify_result;
+    struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
+
+    ret = mbedtls_ssl_get_verify_result(&ssl_pm->ssl);
+
+    if (!ret)
+        verify_result = X509_V_OK;
+    else
+        verify_result = X509_V_ERR_UNSPECIFIED;
+
+    return verify_result;
+}