Fix inconsistent behaviour with respect to verify_callback handling.

CHANGES

@@ -12,6 +12,14 @@
          *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7
          +) applies to 0.9.7 only
 
+  *) Modified SSL library such that the verify_callback that has been set
+     specificly for an SSL object with SSL_set_verify() is actually being
+     used. Before the change, a verify_callback set with this function was
+     ignored and the verify_callback() set in the SSL_CTX at the time of
+     the call was used. New function X509_STORE_CTX_set_verify_cb() introduced
+     to allow the necessary settings.
+     [Lutz Jaenicke]
+
   +) Initial reduction of linker bloat: the use of some functions, such as
      PEM causes large amounts of unused functions to be linked in due to
      poor organisation. For example pem_all.c contains every PEM function

crypto/x509/x509_vfy.h

@@ -397,6 +397,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
 				int purpose, int trust);
 void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags);
 void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t);
+void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
+				  int (*verify_cb)(int, X509_STORE_CTX *));
 
 #ifdef  __cplusplus
 }

ssl/ssl_cert.c

@@ -471,6 +471,8 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
 
 	X509_STORE_CTX_purpose_inherit(&ctx, i, s->purpose, s->trust);
 
+	X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback);
+
 	if (s->ctx->app_verify_callback != NULL)
 		i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */
 	else

ssl/ssl_lib.c

@@ -1361,8 +1361,6 @@ void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *))
 	{
 	ctx->verify_mode=mode;
 	ctx->default_verify_callback=cb;
-	/* This needs cleaning up EAY EAY EAY */
-	X509_STORE_set_verify_cb_func(ctx->cert_store,cb);
 	}
 
 void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth)