Deduplicate peer certificate chain processing code. - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	jsing <>	2022-08-17 07:39:19 +0000
committer	jsing <>	2022-08-17 07:39:19 +0000
commit	5f133a78eec6f3a2549c066b9a561d6350d6e07a (patch)
tree	d4b208572f46a7c773aecb3e2d410aeaae5e817a /src/lib/libssl/ssl_seclevel.c
parent	726478d55d7f47f50feb22b91bfcb268950310ac (diff)
download	openbsd-5f133a78eec6f3a2549c066b9a561d6350d6e07a.tar.gz openbsd-5f133a78eec6f3a2549c066b9a561d6350d6e07a.tar.bz2 openbsd-5f133a78eec6f3a2549c066b9a561d6350d6e07a.zip

Deduplicate peer certificate chain processing code.

Rather than reimplement this in each TLS client and server, deduplicate it into a single function. Furthermore, rather than dealing with the API hazard that is SSL_get_peer_cert_chain() in this code, simply produce two chains - one that has the leaf and one that does not. SSL_get_peer_cert_chain() can then return the appropriate one. This also moves the peer cert chain from the SSL_SESSION to the SSL_HANDSHAKE, which makes more sense since it is not available on resumption. ok tb@

Diffstat (limited to 'src/lib/libssl/ssl_seclevel.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: