{"schema":"libjg2-1", "vpath":"/git/", "avatar":"/git/avatar/", "alang":"", "gen_ut":1747287738, "reponame":"openssl", "desc":"OpenSSL", "owner": { "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" },"url":"https://warmcat.com/repo/openssl", "f":3, "items": [ {"schema":"libjg2-1", "cid":"fc1c1cb63aeba6b1e78cc0165631ad34", "commit": {"type":"commit", "time": 1481657421, "time_ofs": 18446744073709551316, "oid_tree": { "oid": "4c815cda15356d51019bdc5e964273f7ebfd3269", "alias": []}, "oid":{ "oid": "a47bc28317081fff10250a4d931821f64cfe191d", "alias": []}, "msg": "Add X509_VERIFY_PARAM inheritance flag set/get", "sig_commit": { "git_time": { "time": 1481657421, "offset": -300 }, "name": "Rich Salz", "email": "rsalz@openssl.org", "md5": "3ed6b9cf7bbe83902a044f6590346d26" }, "sig_author": { "git_time": { "time": 1481647942, "offset": -300 }, "name": "Rich Salz", "email": "rsalz@openssl.org", "md5": "3ed6b9cf7bbe83902a044f6590346d26" }}, "body": "Add X509_VERIFY_PARAM inheritance flag set/get\n\nReviewed-by: Richard Levitte \u003clevitte@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/2079)\n" , "diff": "diff --git a/crypto/x509/x509_lcl.h b/crypto/x509/x509_lcl.h\nindex 0cc38c6..34e4135 100644\n--- a/crypto/x509/x509_lcl.h\n+++ b/crypto/x509/x509_lcl.h\n@@ -18,7 +18,7 @@\n struct X509_VERIFY_PARAM_st {\n char *name;\n time_t check_time; /* Time to use */\n- unsigned long inh_flags; /* Inheritance flags */\n+ uint32_t inh_flags; /* Inheritance flags */\n unsigned long flags; /* Various verify flags */\n int purpose; /* purpose to check untrusted certificates */\n int trust; /* trust setting to check */\ndiff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c\nindex 386382d..9e1b7c6 100644\n--- a/crypto/x509/x509_vpm.c\n+++ b/crypto/x509/x509_vpm.c\n@@ -289,6 +289,17 @@ unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param)\n return param-\u003eflags;\n }\n \n+uint32_t X509_VERIFY_PARAM_get_inh_flags(const X509_VERIFY_PARAM *param)\n+{\n+ return param-\u003einh_flags;\n+}\n+\n+int X509_VERIFY_PARAM_set_inh_flags(X509_VERIFY_PARAM *param, uint32_t flags)\n+{\n+ param-\u003einh_flags \u003d flags;\n+ return 1;\n+}\n+\n int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose)\n {\n return X509_PURPOSE_set(\u0026param-\u003epurpose, purpose);\ndiff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod\nindex 2800cd4..388fdc2 100644\n--- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod\n+++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod\n@@ -2,18 +2,34 @@\n \n \u003dhead1 NAME\n \n-X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_get_flags, X509_VERIFY_PARAM_set_purpose, X509_VERIFY_PARAM_set_trust, X509_VERIFY_PARAM_set_depth, X509_VERIFY_PARAM_get_depth, X509_VERIFY_PARAM_set_auth_level, X509_VERIFY_PARAM_get_auth_level, X509_VERIFY_PARAM_set_time, X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies, X509_VERIFY_PARAM_set1_host, X509_VERIFY_PARAM_add1_host, X509_VERIFY_PARAM_set_hostflags, X509_VERIFY_PARAM_get0_peername, X509_VERIFY_PARAM_set1_email, X509_VERIFY_PARAM_set1_ip, X509_VERIFY_PARAM_set1_ip_asc - X509 verification parameters\n+X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags,\n+X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags,\n+X509_VERIFY_PARAM_get_flags, X509_VERIFY_PARAM_set_purpose,\n+X509_VERIFY_PARAM_get_inh_flags, X509_VERIFY_PARAM_set_inh_flags,\n+X509_VERIFY_PARAM_set_trust, X509_VERIFY_PARAM_set_depth,\n+X509_VERIFY_PARAM_get_depth, X509_VERIFY_PARAM_set_auth_level,\n+X509_VERIFY_PARAM_get_auth_level, X509_VERIFY_PARAM_set_time,\n+X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies,\n+X509_VERIFY_PARAM_set1_host, X509_VERIFY_PARAM_add1_host,\n+X509_VERIFY_PARAM_set_hostflags, X509_VERIFY_PARAM_get0_peername,\n+X509_VERIFY_PARAM_set1_email, X509_VERIFY_PARAM_set1_ip,\n+X509_VERIFY_PARAM_set1_ip_asc\n+- X509 verification parameters\n \n \u003dhead1 SYNOPSIS\n \n #include \u003copenssl/x509_vfy.h\u003e\n \n int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param,\n- unsigned long flags);\n+ unsigned long flags);\n int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,\n- unsigned long flags);\n+ unsigned long flags);\n unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param);\n \n+ int X509_VERIFY_PARAM_set_inh_flags(X509_VERIFY_PARAM *param,\n+ uint32_t flags);\n+ uint32_t X509_VERIFY_PARAM_get_inh_flags(const X509_VERIFY_PARAM *param);\n+\n int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose);\n int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust);\n \n@@ -55,6 +71,11 @@ description of values the B\u003cflags\u003e parameter can take.\n \n X509_VERIFY_PARAM_get_flags() returns the flags in B\u003cparam\u003e.\n \n+X509_VERIFY_PARAM_get_inh_flags() returns the inheritance flags in B\u003cparam\u003e\n+which specifies how verification flags are copied from one structure to\n+another. X509_VERIFY_PARAM_set_inh_flags() sets the inheritance flags.\n+See the B\u003cINHERITANCE FLAGS\u003e section for a description of these bits.\n+\n X509_VERIFY_PARAM_clear_flags() clears the flags B\u003cflags\u003e in B\u003cparam\u003e.\n \n X509_VERIFY_PARAM_set_purpose() sets the verification purpose in B\u003cparam\u003e\n@@ -154,6 +175,7 @@ IPv6. The condensed \u0022::\u0022 notation is supported for IPv6 addresses.\n \u003dhead1 RETURN VALUES\n \n X509_VERIFY_PARAM_set_flags(), X509_VERIFY_PARAM_clear_flags(),\n+X509_VERIFY_PARAM_set_inh_flags(),\n X509_VERIFY_PARAM_set_purpose(), X509_VERIFY_PARAM_set_trust(),\n X509_VERIFY_PARAM_add0_policy() X509_VERIFY_PARAM_set1_policies(),\n X509_VERIFY_PARAM_set1_host(), X509_VERIFY_PARAM_add1_host(),\n@@ -163,6 +185,8 @@ failure.\n \n X509_VERIFY_PARAM_get_flags() returns the current verification flags.\n \n+X509_VERIFY_PARAM_get_inh_flags() returns the current inheritance flags.\n+\n X509_VERIFY_PARAM_set_time() and X509_VERIFY_PARAM_set_depth() do not return\n values.\n \n@@ -242,6 +266,28 @@ The B\u003cX509_V_FLAG_NO_CHECK_TIME\u003e flag suppresses checking the validity period\n of certificates and CRLs against the current time. If X509_VERIFY_PARAM_set_time()\n is used to specify a verification time, the check is not suppressed.\n \n+\u003dhead1 INHERITANCE FLAGS\n+\n+These flags spevify how parameters are \u0022inherited\u0022 from one structure to\n+another.\n+\n+If B\u003cX509_VP_FLAG_ONCE\u003e is set then the current setting is zeroed\n+after the next call.\n+\n+If B\u003cX509_VP_FLAG_LOCKED\u003e is set then no values are copied. This overrides\n+all of the following flags.\n+\n+If B\u003cX509_VP_FLAG_DEFAULT\u003e is set then anything set in the source is copied\n+to the destination. Effectively the values in \u0022to\u0022 become default values\n+which will be used only if nothing new is set in \u0022from\u0022. This is the\n+default.\n+\n+If B\u003cX509_VP_FLAG_OVERWRITE\u003e is set then all value are copied across whether\n+they are set or not. Flags is still Ored though.\n+\n+If B\u003cX509_VP_FLAG_RESET_FLAGS\u003e is set then the flags value is copied instead\n+of ORed.\n+\n \u003dhead1 NOTES\n \n The above functions should be used to manipulate verification parameters\ndiff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h\nindex cab8005..5dc9d06 100644\n--- a/include/openssl/x509_vfy.h\n+++ b/include/openssl/x509_vfy.h\n@@ -272,6 +272,7 @@ int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);\n int X509_STORE_set_trust(X509_STORE *ctx, int trust);\n int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm);\n X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx);\n+int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);\n \n void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);\n #define X509_STORE_set_verify_func(ctx, func) \u005c\n@@ -464,6 +465,10 @@ int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,\n int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,\n STACK_OF(ASN1_OBJECT) *policies);\n \n+int X509_VERIFY_PARAM_set_inh_flags(X509_VERIFY_PARAM *param,\n+ uint32_t flags);\n+uint32_t X509_VERIFY_PARAM_get_inh_flags(const X509_VERIFY_PARAM *param);\n+\n int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,\n const char *name, size_t namelen);\n int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,\ndiff --git a/util/libcrypto.num b/util/libcrypto.num\nindex a1fdc3e..27d530a 100644\n--- a/util/libcrypto.num\n+++ b/util/libcrypto.num\n@@ -4218,5 +4218,7 @@ BIO_meth_get_write_ex 4168\t1_1_1\tEXIST::FUNCTION:\n BIO_meth_set_write_ex 4169\t1_1_1\tEXIST::FUNCTION:\n DSO_pathbyaddr 4170\t1_1_0c\tEXIST::FUNCTION:\n DSO_dsobyaddr 4171\t1_1_0c\tEXIST::FUNCTION:\n-CT_POLICY_EVAL_CTX_get_time 4172\t1_1_1\tEXIST::FUNCTION:CT\n-CT_POLICY_EVAL_CTX_set_time 4173\t1_1_1\tEXIST::FUNCTION:CT\n+CT_POLICY_EVAL_CTX_get_time 4172\t1_1_0d\tEXIST::FUNCTION:CT\n+CT_POLICY_EVAL_CTX_set_time 4173\t1_1_0d\tEXIST::FUNCTION:CT\n+X509_VERIFY_PARAM_set_inh_flags 4174\t1_1_0d\tEXIST::FUNCTION:\n+X509_VERIFY_PARAM_get_inh_flags 4175\t1_1_0d\tEXIST::FUNCTION:\n","s":{"c":1747287738,"u": 49934}} ],"g": 51336,"chitpc": 0,"ehitpc": 0,"indexed":0 , "ab": 0, "si": 0, "db":0, "di":0, "sat":0, "lfc": "0000"}