Implement X.509 CRT verification using CA callback

commit: f53893b00ca418f51639ef5f9d99ccade3a5fcd3 [log] [tgz]
author: Hanno Becker <hanno.becker@arm.com> Thu Mar 28 13:45:55 2019 +0000
committer: Hanno Becker <hanno.becker@arm.com> Thu Mar 28 16:13:44 2019 +0000
tree: fa90674d9f2bc0db05d349bf863ccf53ee7dc551
parent: 3116fb362c72490b3e3427b0535c7bb25d4ea89a [diff] [blame]
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 64ee66e..c38ddc7 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h

@@ -166,6 +166,14 @@
 {
     mbedtls_x509_crt_verify_chain_item items[MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE];
     unsigned len;
+
+#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+    /* This stores the list of potential trusted signers obtained from
+     * the CA callback used for the CRT verification, if configured.
+     * We must track it somewhere because the callback passes its
+     * ownership to the caller. */
+    mbedtls_x509_crt *trust_ca_cb_result;
+#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
 } mbedtls_x509_crt_verify_chain;
 
 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
commit	f53893b00ca418f51639ef5f9d99ccade3a5fcd3	[log] [tgz]
author	Hanno Becker <hanno.becker@arm.com>	Thu Mar 28 13:45:55 2019 +0000
committer	Hanno Becker <hanno.becker@arm.com>	Thu Mar 28 16:13:44 2019 +0000
tree	fa90674d9f2bc0db05d349bf863ccf53ee7dc551
parent	3116fb362c72490b3e3427b0535c7bb25d4ea89a [diff] [blame]