diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c index 023a38a1c9fc80..e9cc2114124bff 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c @@ -301,6 +301,11 @@ int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose) return X509_PURPOSE_set(¶m->purpose, purpose); } +int X509_VERIFY_PARAM_get_purpose(const X509_VERIFY_PARAM *param) +{ + return param->purpose; +} + int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust) { return X509_TRUST_set(¶m->trust, trust); diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod index fcbbfc4c306734..20b2c56a2cbfea 100644 --- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod +++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod @@ -4,6 +4,7 @@ X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_get_flags, X509_VERIFY_PARAM_set_purpose, +X509_VERIFY_PARAM_get_purpose, X509_VERIFY_PARAM_get_inh_flags, X509_VERIFY_PARAM_set_inh_flags, X509_VERIFY_PARAM_set_trust, X509_VERIFY_PARAM_set_depth, X509_VERIFY_PARAM_get_depth, X509_VERIFY_PARAM_set_auth_level, @@ -35,6 +36,7 @@ X509_VERIFY_PARAM_set1_ip_asc uint32_t X509_VERIFY_PARAM_get_inh_flags(const X509_VERIFY_PARAM *param); int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose); + int X509_VERIFY_PARAM_get_purpose(X509_VERIFY_PARAM *param); int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust); void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t); @@ -92,6 +94,8 @@ to B. This determines the acceptable purpose of the certificate chain, for example B. The purpose requirement is cleared if B is 0. +X509_VERIFY_PARAM_get_purpose() returns the purpose in B. + X509_VERIFY_PARAM_set_trust() sets the trust setting in B to B. @@ -240,6 +244,8 @@ X509_VERIFY_PARAM_get_depth() returns the current verification depth. X509_VERIFY_PARAM_get_auth_level() returns the current authentication security level. +X509_VERIFY_PARAM_get_purpose() returns the current purpose. + =head1 VERIFICATION FLAGS The verification flags consists of zero or more of the following flags @@ -405,6 +411,8 @@ The function X509_VERIFY_PARAM_add0_policy() was historically documented as enabling policy checking however the implementation has never done this. The documentation was changed to align with the implementation. +The X509_VERIFY_PARAM_get_purpose() function was added in OpenSSL 3.5. + =head1 COPYRIGHT Copyright 2009-2023 The OpenSSL Project Authors. All Rights Reserved. diff --git a/include/openssl/x509_vfy.h.in b/include/openssl/x509_vfy.h.in index a396193b86d131..ff919f49e70f61 100644 --- a/include/openssl/x509_vfy.h.in +++ b/include/openssl/x509_vfy.h.in @@ -715,6 +715,7 @@ int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, unsigned long flags); unsigned long X509_VERIFY_PARAM_get_flags(const X509_VERIFY_PARAM *param); int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose); +int X509_VERIFY_PARAM_get_purpose(const X509_VERIFY_PARAM *param); int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust); void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth); void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param, int auth_level); diff --git a/util/libcrypto.num b/util/libcrypto.num index 04117e19512c3c..1d417c75166a0b 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5734,6 +5734,7 @@ EVP_CIPHER_CTX_get_algor 5861 3_4_0 EXIST::FUNCTION: EVP_PKEY_CTX_set_algor_params 5862 3_4_0 EXIST::FUNCTION: EVP_PKEY_CTX_get_algor_params 5863 3_4_0 EXIST::FUNCTION: EVP_PKEY_CTX_get_algor 5864 3_4_0 EXIST::FUNCTION: +X509_VERIFY_PARAM_get_purpose ? 3_5_0 EXIST::FUNCTION: d2i_OSSL_CRMF_ENCRYPTEDKEY ? 3_5_0 EXIST::FUNCTION:CRMF i2d_OSSL_CRMF_ENCRYPTEDKEY ? 3_5_0 EXIST::FUNCTION:CRMF OSSL_CRMF_ENCRYPTEDKEY_free ? 3_5_0 EXIST::FUNCTION:CRMF