Move the keypair pubkey hash handling code to during config. - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	jsing <>	2018-02-10 04:57:35 +0000
committer	jsing <>	2018-02-10 04:57:35 +0000
commit	55d7f5b4e436517c599ae10fb98d503022d8cca3 (patch)
tree	220397ac4d651f9ebaa0a028f81a800a6991a0eb /src/lib/libssl/ssl_both.c
parent	1ad3c784cb5a6f09eb35a87556f57f9a129ac572 (diff)
download	openbsd-55d7f5b4e436517c599ae10fb98d503022d8cca3.tar.gz openbsd-55d7f5b4e436517c599ae10fb98d503022d8cca3.tar.bz2 openbsd-55d7f5b4e436517c599ae10fb98d503022d8cca3.zip

Move the keypair pubkey hash handling code to during config.

The keypair pubkey hash was being generated and set in the keypair when the TLS context was being configured. This code should not be messing around with the keypair contents, since it is part of the config (and not the context). Instead, generate the pubkey hash and store it in the keypair when the certificate is configured. This means that we are guaranteed to have the pubkey hash and as a side benefit, we identify bad certificate content when it is provided, instead of during the context configuration. ok beck@

Diffstat (limited to 'src/lib/libssl/ssl_both.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: