diff options
| author | jsing <> | 2022-08-17 07:39:19 +0000 |
|---|---|---|
| committer | jsing <> | 2022-08-17 07:39:19 +0000 |
| commit | b0c5f651476e9397892adf645bba468df03d0ea9 (patch) | |
| tree | d4b208572f46a7c773aecb3e2d410aeaae5e817a /src/lib/libssl/Makefile | |
| parent | 7e9e21e27683a4be2c58fedde7fc9303f63a83f9 (diff) | |
| download | openbsd-b0c5f651476e9397892adf645bba468df03d0ea9.tar.gz openbsd-b0c5f651476e9397892adf645bba468df03d0ea9.tar.bz2 openbsd-b0c5f651476e9397892adf645bba468df03d0ea9.zip | |
Deduplicate peer certificate chain processing code.
Rather than reimplement this in each TLS client and server, deduplicate it
into a single function. Furthermore, rather than dealing with the API
hazard that is SSL_get_peer_cert_chain() in this code, simply produce two
chains - one that has the leaf and one that does not.
SSL_get_peer_cert_chain() can then return the appropriate one.
This also moves the peer cert chain from the SSL_SESSION to the
SSL_HANDSHAKE, which makes more sense since it is not available on
resumption.
ok tb@
Diffstat (limited to 'src/lib/libssl/Makefile')
| -rw-r--r-- | src/lib/libssl/Makefile | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/lib/libssl/Makefile b/src/lib/libssl/Makefile index d0d7bc4e02..1788cd75a3 100644 --- a/src/lib/libssl/Makefile +++ b/src/lib/libssl/Makefile | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.76 2022/07/24 14:28:16 jsing Exp $ | 1 | # $OpenBSD: Makefile,v 1.77 2022/08/17 07:39:19 jsing Exp $ |
| 2 | 2 | ||
| 3 | .include <bsd.own.mk> | 3 | .include <bsd.own.mk> |
| 4 | .ifndef NOMAN | 4 | .ifndef NOMAN |
| @@ -85,7 +85,8 @@ SRCS= \ | |||
| 85 | tls13_server.c \ | 85 | tls13_server.c \ |
| 86 | tls_buffer.c \ | 86 | tls_buffer.c \ |
| 87 | tls_content.c \ | 87 | tls_content.c \ |
| 88 | tls_key_share.c | 88 | tls_key_share.c \ |
| 89 | tls_lib.c | ||
| 89 | 90 | ||
| 90 | HDRS= dtls1.h srtp.h ssl.h ssl2.h ssl23.h ssl3.h tls1.h | 91 | HDRS= dtls1.h srtp.h ssl.h ssl2.h ssl23.h ssl3.h tls1.h |
| 91 | 92 | ||