Deduplicate peer certificate chain processing code. - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	jsing <>	2022-08-17 07:39:19 +0000
committer	jsing <>	2022-08-17 07:39:19 +0000
commit	b0c5f651476e9397892adf645bba468df03d0ea9 (patch)
tree	d4b208572f46a7c773aecb3e2d410aeaae5e817a /src/lib/libcrypto/dsa/dsa_lib.c
parent	7e9e21e27683a4be2c58fedde7fc9303f63a83f9 (diff)
download	openbsd-b0c5f651476e9397892adf645bba468df03d0ea9.tar.gz openbsd-b0c5f651476e9397892adf645bba468df03d0ea9.tar.bz2 openbsd-b0c5f651476e9397892adf645bba468df03d0ea9.zip

Deduplicate peer certificate chain processing code.

Rather than reimplement this in each TLS client and server, deduplicate it into a single function. Furthermore, rather than dealing with the API hazard that is SSL_get_peer_cert_chain() in this code, simply produce two chains - one that has the leaf and one that does not. SSL_get_peer_cert_chain() can then return the appropriate one. This also moves the peer cert chain from the SSL_SESSION to the SSL_HANDSHAKE, which makes more sense since it is not available on resumption. ok tb@

Diffstat (limited to 'src/lib/libcrypto/dsa/dsa_lib.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: