Rework ssl3_output_cert_chain() to take a CERT_PKEY and consider chains.

We will now include the certificates in the chain in the certificate list, or use the existing extra_certs if present. Failing that we fall back to the automatic chain building if not disabled. This also simplifies the code significantly. ok beck@ tb@
author: jsing <> 2019-03-25 16:35:48 +0000
committer: jsing <> 2019-03-25 16:35:48 +0000
commit: 4e5f1e0420a23688bec26a60ba7f49ffdd33ba62 (patch)
tree: b392fa487622bd75c8ac0ad1ff6dd527d2c42783 /src/lib/libssl/ssl_clnt.c
parent: 491a1b9b73d1852fd706b6845c3635f5bd3d3834 (diff)
download: openbsd-4e5f1e0420a23688bec26a60ba7f49ffdd33ba62.tar.gz
openbsd-4e5f1e0420a23688bec26a60ba7f49ffdd33ba62.tar.bz2
openbsd-4e5f1e0420a23688bec26a60ba7f49ffdd33ba62.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index f3c439e6c0..262e09fe5e 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.58 2019/03/19 16:53:03 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.59 2019/03/25 16:35:48 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -2693,7 +2693,7 @@ ssl3_send_client_certificate(SSL *s)
                    SSL3_MT_CERTIFICATE))
                        goto err;
                if (!ssl3_output_cert_chain(s, &client_cert,
-                    (S3I(s)->tmp.cert_req == 2) ? NULL : s->cert->key->x509))
+                    (S3I(s)->tmp.cert_req == 2) ? NULL : s->cert->key))
                        goto err;
                if (!ssl3_handshake_msg_finish(s, &cbb))
                        goto err;
author	jsing <>	2019-03-25 16:35:48 +0000
committer	jsing <>	2019-03-25 16:35:48 +0000
commit	4e5f1e0420a23688bec26a60ba7f49ffdd33ba62 (patch)
tree	b392fa487622bd75c8ac0ad1ff6dd527d2c42783 /src/lib/libssl/ssl_clnt.c
parent	491a1b9b73d1852fd706b6845c3635f5bd3d3834 (diff)
download	openbsd-4e5f1e0420a23688bec26a60ba7f49ffdd33ba62.tar.gz openbsd-4e5f1e0420a23688bec26a60ba7f49ffdd33ba62.tar.bz2 openbsd-4e5f1e0420a23688bec26a60ba7f49ffdd33ba62.zip

diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index f3c439e6c0..262e09fe5e 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_clnt.c,v 1.58 2019/03/19 16:53:03 jsing Exp $ */	1	/* $OpenBSD: ssl_clnt.c,v 1.59 2019/03/25 16:35:48 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -2693,7 +2693,7 @@ ssl3_send_client_certificate(SSL *s)
2693	SSL3_MT_CERTIFICATE))	2693	SSL3_MT_CERTIFICATE))
2694	goto err;	2694	goto err;
2695	if (!ssl3_output_cert_chain(s, &client_cert,	2695	if (!ssl3_output_cert_chain(s, &client_cert,
2696	(S3I(s)->tmp.cert_req == 2) ? NULL : s->cert->key->x509))	2696	(S3I(s)->tmp.cert_req == 2) ? NULL : s->cert->key))
2697	goto err;	2697	goto err;
2698	if (!ssl3_handshake_msg_finish(s, &cbb))	2698	if (!ssl3_handshake_msg_finish(s, &cbb))
2699	goto err;	2699	goto err;