From 59c79d9de096a521127a1fe30ad5cf717a13f696 Mon Sep 17 00:00:00 2001 From: jsing Date: Wed, 14 Feb 2018 16:16:10 +0000 Subject: [PATCH] Provide SSL_CTX_get0_param() and SSL_get0_param(). Some applications that use X509_VERIFY_PARAM expect these to exist, since they're also part of the OpenSSL 1.0.2 API. --- lib/libssl/Symbols.list | 6 ++++-- lib/libssl/ssl.h | 5 +++-- lib/libssl/ssl_lib.c | 14 +++++++++++++- 3 files changed, 20 insertions(+), 5 deletions(-) diff --git a/lib/libssl/Symbols.list b/lib/libssl/Symbols.list index e147ff873de..c91dff9e58c 100644 --- a/lib/libssl/Symbols.list +++ b/lib/libssl/Symbols.list @@ -56,6 +56,7 @@ SSL_CTX_check_private_key SSL_CTX_ctrl SSL_CTX_flush_sessions SSL_CTX_free +SSL_CTX_get0_param SSL_CTX_get_cert_store SSL_CTX_get_client_CA_list SSL_CTX_get_client_cert_cb @@ -97,8 +98,8 @@ SSL_CTX_set_default_verify_paths SSL_CTX_set_ex_data SSL_CTX_set_generate_session_id SSL_CTX_set_info_callback -SSL_CTX_set_min_proto_version SSL_CTX_set_max_proto_version +SSL_CTX_set_min_proto_version SSL_CTX_set_msg_callback SSL_CTX_set_next_proto_select_cb SSL_CTX_set_next_protos_advertised_cb @@ -162,6 +163,7 @@ SSL_export_keying_material SSL_free SSL_get0_alpn_selected SSL_get0_next_proto_negotiated +SSL_get0_param SSL_get1_session SSL_get_SSL_CTX SSL_get_certificate @@ -231,8 +233,8 @@ SSL_set_ex_data SSL_set_fd SSL_set_generate_session_id SSL_set_info_callback -SSL_set_min_proto_version SSL_set_max_proto_version +SSL_set_min_proto_version SSL_set_msg_callback SSL_set_purpose SSL_set_quiet_shutdown diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h index d431b175ad1..7768f0a80f9 100644 --- a/lib/libssl/ssl.h +++ b/lib/libssl/ssl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl.h,v 1.134 2017/08/30 16:24:21 jsing Exp $ */ +/* $OpenBSD: ssl.h,v 1.135 2018/02/14 16:16:10 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1336,10 +1336,11 @@ int SSL_set_purpose(SSL *s, int purpose); int SSL_CTX_set_trust(SSL_CTX *s, int trust); int SSL_set_trust(SSL *s, int trust); +X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx); int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm); +X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl); int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm); - void SSL_free(SSL *ssl); int SSL_accept(SSL *ssl); int SSL_connect(SSL *ssl); diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index c7ae2a9631a..9e3ef907290 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.172 2017/10/11 17:35:00 jsing Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.173 2018/02/14 16:16:10 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -469,12 +469,24 @@ SSL_set_trust(SSL *s, int trust) return (X509_VERIFY_PARAM_set_trust(s->param, trust)); } +X509_VERIFY_PARAM * +SSL_CTX_get0_param(SSL_CTX *ctx) +{ + return (ctx->param); +} + int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm) { return (X509_VERIFY_PARAM_set1(ctx->param, vpm)); } +X509_VERIFY_PARAM * +SSL_get0_param(SSL *ssl) +{ + return (ssl->param); +} + int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) { -- 2.20.1