components/openssl: add SSL and SSL context verify mode selection

components/openssl/include/internal/ssl_code.h

@@ -23,6 +23,11 @@
 # define SSL_SENT_SHUTDOWN       1
 # define SSL_RECEIVED_SHUTDOWN   2
 
+# define SSL_VERIFY_NONE                 0x00
+# define SSL_VERIFY_PEER                 0x01
+# define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
+# define SSL_VERIFY_CLIENT_ONCE          0x04
+
 /*
  * The following 3 states are kept in ssl->rlayer.rstate when reads fail, you
  * should not need these

components/openssl/include/internal/ssl_methods.h

@@ -22,7 +22,6 @@
                     set_fd, get_fd, \
                     set_bufflen, \
                     get_verify_result, \
-                    ssl_reload_crt, \
                     get_state) \
         static const SSL_METHOD_FUNC func_name LOCAL_ATRR = { \
                 new, \
@@ -37,7 +36,6 @@
                 get_fd, \
                 set_bufflen, \
                 get_verify_result, \
-                ssl_reload_crt, \
                 get_state \
         };
 

components/openssl/include/internal/ssl_types.h

@@ -171,6 +171,8 @@ struct ssl_ctx_st
 
     int verify_mode;
 
+    int (*default_verify_callback) (int ok, X509_STORE_CTX *ctx);
+
     long session_timeout;
 
     int read_ahead;
@@ -209,6 +211,10 @@ struct ssl_st
 
     SSL_SESSION session;
 
+    int verify_mode;
+
+    int (*verify_callback) (int ok, X509_STORE_CTX *ctx);
+
     int rwstate;
 
     long verify_result;
@@ -259,8 +265,6 @@ struct ssl_method_func_st {
 
     long (*ssl_get_verify_result)(const SSL *ssl);
 
-    int (*ssl_reload_crt)(SSL *ssl);
-
     OSSL_HANDSHAKE_STATE (*ssl_get_state)(const SSL *ssl);
 };