- Added verification callback in certificate verification chain in order to allow external blacklisting

commit: b63b0afc05c700280438c23f9bf68596ae6e865c [log] [tgz]
author: Paul Bakker <p.j.bakker@polarssl.org> Thu Jan 13 17:54:59 2011 +0000
committer: Paul Bakker <p.j.bakker@polarssl.org> Thu Jan 13 17:54:59 2011 +0000
tree: 8bbe4cdc5e4bf367822ddada514c35e8136164bb
parent: 1b57b067518793957b552a7c8ffab534f860fe89 [diff] [blame]
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 11d50ac..a0be84f 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -1404,7 +1404,8 @@
         }
 
         ret = x509parse_verify( ssl->peer_cert, ssl->ca_chain, ssl->ca_crl,
-                                ssl->peer_cn,  &ssl->verify_result );
+                                ssl->peer_cn,  &ssl->verify_result,
+                                ssl->f_vrfy, ssl->p_vrfy );
 
         if( ret != 0 )
             SSL_DEBUG_RET( 1, "x509_verify_cert", ret );
@@ -1725,6 +1726,14 @@
     ssl->authmode   = authmode;
 }
 
+void ssl_set_verify( ssl_context *ssl,
+                     int (*f_vrfy)(void *, x509_cert *, int, int),
+                     void *p_vrfy )
+{
+    ssl->f_vrfy      = f_vrfy;
+    ssl->p_vrfy      = p_vrfy;
+}
+
 void ssl_set_rng( ssl_context *ssl,
                   int (*f_rng)(void *),
                   void *p_rng )
commit	b63b0afc05c700280438c23f9bf68596ae6e865c	[log] [tgz]
author	Paul Bakker <p.j.bakker@polarssl.org>	Thu Jan 13 17:54:59 2011 +0000
committer	Paul Bakker <p.j.bakker@polarssl.org>	Thu Jan 13 17:54:59 2011 +0000
tree	8bbe4cdc5e4bf367822ddada514c35e8136164bb
parent	1b57b067518793957b552a7c8ffab534f860fe89 [diff] [blame]