Add part of chain verify SSL support code: not complete or doing anything
yet.
Add a function X509_STORE_CTX_purpose_inherit() which implements the logic
of "inheriting" purpose and trust from a parent structure and using a default:
this will be used in the SSL code and possibly future S/MIME.
Partial documentation of the 'verify' utility. Still need to document how all
the extension checking works and the various error messages.
diff --git a/ssl/ssl.h b/ssl/ssl.h
index f888530..1b39f0d 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -429,6 +429,9 @@
/**/ unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
/**/ int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx);
+ int purpose; /* Purpose setting */
+ int trust; /* Trust setting */
+
/* Default password callback. */
/**/ pem_password_cb *default_passwd_callback;
@@ -575,6 +578,9 @@
int read_ahead; /* Read as many input bytes as possible */
int hit; /* reusing a previous session */
+ int purpose; /* Purpose setting */
+ int trust; /* Trust setting */
+
/* crypto */
STACK_OF(SSL_CIPHER) *cipher_list;
STACK_OF(SSL_CIPHER) *cipher_list_by_id;
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index e192fc4..9dd6860 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -201,6 +201,8 @@
s->verify_mode=ctx->verify_mode;
s->verify_depth=ctx->verify_depth;
s->verify_callback=ctx->default_verify_callback;
+ s->purpose = ctx->purpose;
+ s->trust = ctx->trust;
CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
s->ctx=ctx;
