New peername element in X509_VERIFY_PARAM_ID.

Declaration, memory management, accessor and documentation.

(Imported from upstream's 1eb57ae2b78c119bfba7ab647951130e968d1664.)

Change-Id: Ifa9672e46445e44a78001b0f9430a93c138d73d7

2 files changed, 12 insertions, 1 deletions

diff --git a/crypto/x509/vpm_int.h b/crypto/x509/vpm_int.h
index 6b670af5..4ec629f7 100644
--- a/crypto/x509/vpm_int.h
+++ b/crypto/x509/vpm_int.h
@@ -62,6 +62,7 @@ struct X509_VERIFY_PARAM_ID_st
 	{
 	STACK_OF(OPENSSL_STRING) *hosts;	/* Set of acceptable names */
 	unsigned int hostflags;	/* Flags to control matching features */
+	char *peername;		/* Matching hostname in peer certificate */
 	unsigned char *email;	/* If not NULL email address to match */
 	size_t emaillen;
 	unsigned char *ip;	/* If not NULL IP address to match */
diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c
index d3266379..37fd5b0a 100644
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@@ -143,6 +143,11 @@ static void x509_verify_param_zero(X509_VERIFY_PARAM *param)
 		string_stack_free(paramid->hosts);
 		paramid->hosts = NULL;
 		}
+	if (paramid->peername)
+		{
+		OPENSSL_free(paramid->peername);
+		paramid->peername = NULL;
+		}
 	if (paramid->email)
 		{
 		OPENSSL_free(paramid->email);
@@ -476,6 +481,11 @@ void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
 	param->id->hostflags = flags;
 	}
 
+char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param)
+	{
+	return param->id->peername;
+	}
+
 int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
 				const unsigned char *email, size_t emaillen)
 	{
@@ -511,7 +521,7 @@ const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param)
 	return param->name;
 	}
 
-static const X509_VERIFY_PARAM_ID _empty_id = {NULL, 0U, NULL, 0, NULL, 0};
+static const X509_VERIFY_PARAM_ID _empty_id = {NULL, 0U, NULL, NULL, 0, NULL, 0};
 
 #define vpm_empty_id (X509_VERIFY_PARAM_ID *)&_empty_id