Google Git
Sign in
boringssl/boringssl.git/240b73adcdc175804712f26802c6d354ee9df9a0^!/./include
commit
240b73adcdc175804712f26802c6d354ee9df9a0
[log] [tgz]
author
David Benjamin <davidben@google.com>
Sun Nov 12 12:13:03 2023 -0500
committer
Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>
Thu Nov 16 17:51:21 2023 +0000
tree
8358cb073121812b23b6f732332f1e2a7ebe795e
parent
c5a99415cc722455451175869580b5080acf0924 [diff]
Const-correct and document trust/reject object APIs

This'll probably need another pass once we figure out what to do with
X509_TRUST, but put it with the other aux functions.

Bug: 426
Change-Id: I6ae2e45b94bace40307dd4dcc1c8702fc8baa8eb
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/63925
Reviewed-by: Bob Beck <bbe@google.com>
Auto-Submit: David Benjamin <davidben@google.com>
Commit-Queue: Bob Beck <bbe@google.com>

diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 8a1e293..9e9adbd 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h

@@ -452,6 +452,24 @@
 // to zero before calling this function.
 OPENSSL_EXPORT unsigned char *X509_keyid_get0(X509 *x509, int *out_len);
 
+// X509_add1_trust_object configures |x509| as a valid trust anchor for |obj|.
+// It returns one on success and zero on error. |obj| should be a certificate
+// usage OID associated with an |X509_TRUST| object.
+OPENSSL_EXPORT int X509_add1_trust_object(X509 *x509, const ASN1_OBJECT *obj);
+
+// X509_add1_reject_object configures |x509| as distrusted for |obj|. It returns
+// one on success and zero on error. |obj| should be a certificate usage OID
+// associated with an |X509_TRUST| object.
+OPENSSL_EXPORT int X509_add1_reject_object(X509 *x509, const ASN1_OBJECT *obj);
+
+// X509_reject_clear clears the list of OIDs for which |x509| is trusted. See
+// also |X509_add1_trust_object|.
+OPENSSL_EXPORT void X509_trust_clear(X509 *x509);
+
+// X509_reject_clear clears the list of OIDs for which |x509| is distrusted. See
+// also |X509_add1_reject_object|.
+OPENSSL_EXPORT void X509_reject_clear(X509 *x509);
+
 
 // Certificate revocation lists.
 //
@@ -2285,11 +2303,6 @@
 
 DECLARE_ASN1_FUNCTIONS_const(X509_SIG)
 
-OPENSSL_EXPORT int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj);
-OPENSSL_EXPORT int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj);
-OPENSSL_EXPORT void X509_trust_clear(X509 *x);
-OPENSSL_EXPORT void X509_reject_clear(X509 *x);
-
 
 OPENSSL_EXPORT int X509_TRUST_set(int *t, int trust);