1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-09 00:00:04 +01:00

wrapper: introduce X509_VERIFY_PARAM_set/clear_hostflags

This defines the OpenSSL X509_CHECK_FLAG_...s and the set/clear
accessors.  Since none of them are supported, the set / clear
accessor always does nothing and returns error.
This commit is contained in:
Andy Green 2017-09-09 08:45:00 +08:00
parent 14cc31fe7d
commit b8d3f51ebd
2 changed files with 53 additions and 0 deletions

View file

@ -28,6 +28,13 @@
*/
#define SSL_CB_ALERT 0x4000
#define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT (1 << 0)
#define X509_CHECK_FLAG_NO_WILDCARDS (1 << 1)
#define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS (1 << 2)
#define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS (1 << 3)
#define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS (1 << 4)
/**
* @brief create a SSL context
*
@ -1536,6 +1543,30 @@ X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl);
int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
const char *name, size_t namelen);
/**
* @brief set parameters for X509 host verify action
*
* @param param -verify parameters from SSL_get0_param()
*
* @param flags - bitfield of X509_CHECK_FLAG_... parameters to set
*
* @return 1 for success, 0 for failure
*/
int X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
unsigned long flags);
/**
* @brief clear parameters for X509 host verify action
*
* @param param -verify parameters from SSL_get0_param()
*
* @param flags - bitfield of X509_CHECK_FLAG_... parameters to clear
*
* @return 1 for success, 0 for failure
*/
int X509_VERIFY_PARAM_clear_hostflags(X509_VERIFY_PARAM *param,
unsigned long flags);
/**
* @brief get SSL write only IO handle
*

View file

@ -126,6 +126,28 @@ X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl)
return &ssl->param;
}
/**
* @brief set X509 host verification flags
*/
int X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
unsigned long flags)
{
/* flags not supported yet */
return 0;
}
/**
* @brief clear X509 host verification flags
*/
int X509_VERIFY_PARAM_clear_hostflags(X509_VERIFY_PARAM *param,
unsigned long flags)
{
/* flags not supported yet */
return 0;
}
/**
* @brief set SSL context client CA certification
*/