X509_check_issued
X509_check_private_key
X509_check_purpose
-X509_check_trust
X509_cmp
X509_cmp_current_time
X509_cmp_time
-/* $OpenBSD: x509.h,v 1.10 2024/08/28 08:41:18 tb Exp $ */
+/* $OpenBSD: x509.h,v 1.11 2024/08/31 10:12:23 tb Exp $ */
/*
* Copyright (c) 2022 Bob Beck <beck@openbsd.org>
*
LCRYPTO_USED(X509_verify_cert);
LCRYPTO_USED(X509_find_by_issuer_and_serial);
LCRYPTO_USED(X509_find_by_subject);
-LCRYPTO_USED(X509_check_trust);
LCRYPTO_USED(X509_up_ref);
LCRYPTO_USED(X509_chain_up_ref);
LCRYPTO_USED(ERR_load_X509_strings);
-/* $OpenBSD: x509.h,v 1.113 2024/08/28 07:15:04 tb Exp $ */
+/* $OpenBSD: x509.h,v 1.114 2024/08/31 10:12:23 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
DECLARE_STACK_OF(X509)
-/* standard trust ids */
-
-/* OpenSSL changed this to 0 */
-#define X509_TRUST_DEFAULT -1 /* Only valid in purpose settings */
-
#define X509_TRUST_COMPAT 1
#define X509_TRUST_SSL_CLIENT 2
#define X509_TRUST_SSL_SERVER 3
#define X509_TRUST_MIN 1
#define X509_TRUST_MAX 8
-
-/* trust_flags values */
-#define X509_TRUST_DYNAMIC 1
-#define X509_TRUST_DYNAMIC_NAME 2
-
-/* check_trust return codes */
-
-#define X509_TRUST_TRUSTED 1
-#define X509_TRUST_REJECTED 2
-#define X509_TRUST_UNTRUSTED 3
-
/* Flags for X509_print_ex() */
#define X509_FLAG_COMPAT 0
int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, const unsigned char **pk,
int *ppklen, X509_ALGOR **pa, X509_PUBKEY *pub);
-int X509_check_trust(X509 *x, int id, int flags);
-
int X509_up_ref(X509 *x);
STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
-/* $OpenBSD: x509_local.h,v 1.28 2024/08/31 10:04:50 tb Exp $ */
+/* $OpenBSD: x509_local.h,v 1.29 2024/08/31 10:12:23 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2013.
*/
#define X509_CRL_HASH_EVP EVP_sha512()
#define X509_CRL_HASH_LEN SHA512_DIGEST_LENGTH
-/*
- * Used internally instead of the confusing X509_TRUST_DEFAULT,
- * which is not the default for X509_check_trust.
- * XXX Make X509_check_trust internal, and move the other
- * X509_TRUST values here to clean up this mess.
- */
#define X509_TRUST_ACCEPT_ALL -1
+/* check_trust return codes */
+#define X509_TRUST_TRUSTED 1
+#define X509_TRUST_REJECTED 2
+#define X509_TRUST_UNTRUSTED 3
+
+int X509_check_trust(X509 *x, int id, int flags);
+
struct X509_pubkey_st {
X509_ALGOR *algor;
ASN1_BIT_STRING *public_key;
-/* $OpenBSD: x509_trs.c,v 1.57 2024/07/12 18:15:10 beck Exp $ */
+/* $OpenBSD: x509_trs.c,v 1.58 2024/08/31 10:12:23 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
if (!x509v3_cache_extensions(x))
return X509_TRUST_UNTRUSTED;
- /*
- * XXX make X509_TRUST_ACCEPT_ALL a real boy once it does not
- * need to have the same -1 value as X509_TRUST_DEFAULT
- */
if (trust_id == X509_TRUST_ACCEPT_ALL)
return 1;
return trust_if_self_signed(x);
}
}
-LCRYPTO_ALIAS(X509_check_trust);