Rework ssl3_output_cert_chain() to take a CERT_PKEY and consider chains.

We will now include the certificates in the chain in the certificate list, or use the existing extra_certs if present. Failing that we fall back to the automatic chain building if not disabled. This also simplifies the code significantly. ok beck@ tb@
author: jsing <> 2019-03-25 16:35:48 +0000
committer: jsing <> 2019-03-25 16:35:48 +0000
commit: 4e5f1e0420a23688bec26a60ba7f49ffdd33ba62 (patch)
tree: b392fa487622bd75c8ac0ad1ff6dd527d2c42783 /src/lib/libssl/ssl_locl.h
parent: 491a1b9b73d1852fd706b6845c3635f5bd3d3834 (diff)
download: openbsd-4e5f1e0420a23688bec26a60ba7f49ffdd33ba62.tar.gz
openbsd-4e5f1e0420a23688bec26a60ba7f49ffdd33ba62.tar.bz2
openbsd-4e5f1e0420a23688bec26a60ba7f49ffdd33ba62.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 509183a7fa..5d39d1a391 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.239 2019/03/25 16:24:57 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.240 2019/03/25 16:35:48 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1154,7 +1154,7 @@ int ssl3_renegotiate_check(SSL *ssl);
 int ssl3_dispatch_alert(SSL *s);
 int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
 int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
-int ssl3_output_cert_chain(SSL *s, CBB *cbb, X509 *x);
+int ssl3_output_cert_chain(SSL *s, CBB *cbb, CERT_PKEY *cpk);
 SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, STACK_OF(SSL_CIPHER) *clnt,
    STACK_OF(SSL_CIPHER) *srvr);
 int     ssl3_setup_buffers(SSL *s);
author	jsing <>	2019-03-25 16:35:48 +0000
committer	jsing <>	2019-03-25 16:35:48 +0000
commit	4e5f1e0420a23688bec26a60ba7f49ffdd33ba62 (patch)
tree	b392fa487622bd75c8ac0ad1ff6dd527d2c42783 /src/lib/libssl/ssl_locl.h
parent	491a1b9b73d1852fd706b6845c3635f5bd3d3834 (diff)
download	openbsd-4e5f1e0420a23688bec26a60ba7f49ffdd33ba62.tar.gz openbsd-4e5f1e0420a23688bec26a60ba7f49ffdd33ba62.tar.bz2 openbsd-4e5f1e0420a23688bec26a60ba7f49ffdd33ba62.zip

diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 509183a7fa..5d39d1a391 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.239 2019/03/25 16:24:57 jsing Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.240 2019/03/25 16:35:48 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1154,7 +1154,7 @@ int ssl3_renegotiate_check(SSL *ssl);
1154	int ssl3_dispatch_alert(SSL *s);	1154	int ssl3_dispatch_alert(SSL *s);
1155	int ssl3_read_bytes(SSL s, int type, unsigned char buf, int len, int peek);	1155	int ssl3_read_bytes(SSL s, int type, unsigned char buf, int len, int peek);
1156	int ssl3_write_bytes(SSL s, int type, const void buf, int len);	1156	int ssl3_write_bytes(SSL s, int type, const void buf, int len);
1157	int ssl3_output_cert_chain(SSL s, CBB cbb, X509 *x);	1157	int ssl3_output_cert_chain(SSL s, CBB cbb, CERT_PKEY *cpk);
1158	SSL_CIPHER ssl3_choose_cipher(SSL ssl, STACK_OF(SSL_CIPHER) *clnt,	1158	SSL_CIPHER ssl3_choose_cipher(SSL ssl, STACK_OF(SSL_CIPHER) *clnt,
1159	STACK_OF(SSL_CIPHER) *srvr);	1159	STACK_OF(SSL_CIPHER) *srvr);
1160	int ssl3_setup_buffers(SSL *s);	1160	int ssl3_setup_buffers(SSL *s);