Add internal method x509_set0_libctx().

This should only be called during (or right after) using d2iXXX on a object that contains embedded certificate(s) that require a non default library context. X509_new_with_libctx() should be used if possible. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11884)
2025-01-18 13:44:20 +08:00 · 2020-07-25 18:44:25 +10:00 · 2020-07-25 18:44:25 +10:00 · dcc679cd99
commit dcc679cd99
parent c1669f41ea
2 changed files with 15 additions and 0 deletions
--- a/crypto/x509/x_x509.c
+++ b/crypto/x509/x_x509.c
@ -133,6 +133,20 @@ int i2d_X509(const X509 *a, unsigned char **out)
    return ASN1_item_i2d((const ASN1_VALUE *)a, out, (X509_it()));
 }

+/*
+ * This should only be used if the X509 object was embedded inside another
+ * asn1 object and it needs a libctx to operate.
+ * Use X509_new_with_libctx() instead if possible.
+ */
+int x509_set0_libctx(X509 *x, OPENSSL_CTX *libctx, const char *propq)
+{
+    if (x != NULL) {
+        x->libctx = libctx;
+        x->propq = propq;
+    }
+    return 1;
+}
+
 X509 *X509_new_with_libctx(OPENSSL_CTX *libctx, const char *propq)
 {
    X509 *cert = NULL;
--- a/include/crypto/x509.h
+++ b/include/crypto/x509.h
@ -299,6 +299,7 @@ int a2i_ipadd(unsigned char *ipout, const char *ipasc);
 int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm);
 int x509_print_ex_brief(BIO *bio, X509 *cert, unsigned long neg_cflags);
 int x509v3_cache_extensions(X509 *x);
+int x509_set0_libctx(X509 *x, OPENSSL_CTX *libctx, const char *propq);

 void x509_init_sig_info(X509 *x);