Remainder of SSL purpose and trust code: trust and purpose setting in
SSL_CTX and SSL, functions to set them and defaults if no values set.
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 9dd6860..3bd8d15 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -61,6 +61,7 @@
#include <stdio.h>
#include <openssl/objects.h>
#include <openssl/lhash.h>
+#include <openssl/x509v3.h>
#include "ssl_locl.h"
char *SSL_version_str=OPENSSL_VERSION_TEXT;
@@ -264,6 +265,46 @@
return 1;
}
+int SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
+{
+ if(X509_PURPOSE_get_by_id(purpose) == -1) {
+ SSLerr(SSL_F_SSL_CTX_SET_PURPOSE, SSL_R_INVALID_PURPOSE);
+ return 0;
+ }
+ s->purpose = purpose;
+ return 1;
+}
+
+int SSL_set_purpose(SSL *s, int purpose)
+{
+ if(X509_PURPOSE_get_by_id(purpose) == -1) {
+ SSLerr(SSL_F_SSL_SET_PURPOSE, SSL_R_INVALID_PURPOSE);
+ return 0;
+ }
+ s->purpose = purpose;
+ return 1;
+}
+
+int SSL_CTX_set_trust(SSL_CTX *s, int trust)
+{
+ if(X509_TRUST_get_by_id(trust) == -1) {
+ SSLerr(SSL_F_SSL_CTX_SET_TRUST, SSL_R_INVALID_TRUST);
+ return 0;
+ }
+ s->trust = trust;
+ return 1;
+}
+
+int SSL_set_trust(SSL *s, int trust)
+{
+ if(X509_TRUST_get_by_id(trust) == -1) {
+ SSLerr(SSL_F_SSL_SET_TRUST, SSL_R_INVALID_TRUST);
+ return 0;
+ }
+ s->trust = trust;
+ return 1;
+}
+
void SSL_free(SSL *s)
{
int i;
@@ -1079,6 +1120,12 @@
ret->extra_certs=NULL;
ret->comp_methods=SSL_COMP_get_compression_methods();
+ /* Initialise X509 tables: otherwise some certificate operations
+ * wont work. This is a non op if called more than once.
+ */
+
+ X509_init();
+
return(ret);
err:
SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE);
