Google Git
Sign in
boringssl / boringssl.git / d323f4b1e185b43f8d5e5a3b191d4bf0d5b65609^! / . / include / openssl
commitd323f4b1e185b43f8d5e5a3b191d4bf0d5b65609[log] [tgz]
authorAdam Langley <agl@google.com>Tue Mar 01 15:58:14 2016 -0800
committerAdam Langley <agl@google.com>Wed Mar 02 15:57:27 2016 +0000
treefe6a9d3719c07a9782ba662c57b0bd6f13652cce
parent2b07fa4b22198ac02e0cee8f37f3337c3dba91bc [diff]
Bring back |verify_store|.

This was dropped in d27441a9cb55b02149d7f1236de94f3a40dd1692 due to lack
of use, but node.js now needs it.

Change-Id: I1e207d4b46fc746cfae309a0ea7bbbc04ea785e8
Reviewed-on: https://boringssl-review.googlesource.com/7270
Reviewed-by: David Benjamin <davidben@google.com>

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 158c72d..a21b6ee2 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h

@@ -2065,6 +2065,28 @@
  * handshake. */
 OPENSSL_EXPORT void SSL_CTX_enable_ocsp_stapling(SSL_CTX *ctx);
 
+/* SSL_CTX_set0_verify_cert_store sets an |X509_STORE| that will be used
+ * exclusively for certificate verification and returns one. Ownership of
+ * |store| is transferred to the |SSL_CTX|. */
+OPENSSL_EXPORT int SSL_CTX_set0_verify_cert_store(SSL_CTX *ctx,
+                                                  X509_STORE *store);
+
+/* SSL_CTX_set1_verify_cert_store sets an |X509_STORE| that will be used
+ * exclusively for certificate verification and returns one. An additional
+ * reference to |store| will be taken. */
+OPENSSL_EXPORT int SSL_CTX_set1_verify_cert_store(SSL_CTX *ctx,
+                                                  X509_STORE *store);
+
+/* SSL_set0_verify_cert_store sets an |X509_STORE| that will be used
+ * exclusively for certificate verification and returns one. Ownership of
+ * |store| is transferred to the |SSL|. */
+OPENSSL_EXPORT int SSL_set0_verify_cert_store(SSL *ssl, X509_STORE *store);
+
+/* SSL_set1_verify_cert_store sets an |X509_STORE| that will be used
+ * exclusively for certificate verification and returns one. An additional
+ * reference to |store| will be taken. */
+OPENSSL_EXPORT int SSL_set1_verify_cert_store(SSL *ssl, X509_STORE *store);
+
 
 /* Client certificate CA list.
  *

diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h
index bd7ded7..a9d0519 100644
--- a/include/openssl/x509_vfy.h
+++ b/include/openssl/x509_vfy.h

@@ -436,6 +436,7 @@
 OPENSSL_EXPORT void X509_OBJECT_up_ref_count(X509_OBJECT *a);
 OPENSSL_EXPORT void X509_OBJECT_free_contents(X509_OBJECT *a);
 OPENSSL_EXPORT X509_STORE *X509_STORE_new(void );
+OPENSSL_EXPORT void X509_STORE_up_ref(X509_STORE *store);
 OPENSSL_EXPORT void X509_STORE_free(X509_STORE *v);
 
 OPENSSL_EXPORT STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *st, X509_NAME *nm);