Simplify certificate list handling code in legacy server. - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	jsing <>	2022-07-03 14:58:00 +0000
committer	jsing <>	2022-07-03 14:58:00 +0000
commit	8900039a4918d53dbf5ef4112401bc088fa30932 (patch)
tree	6210ecab1ffd76ddf1fb9ee395feb4d7bad0129d /src/lib/libssl/ssl_seclevel.c
parent	236024350665aecd5e28f2b630a767959ec49e83 (diff)
download	openbsd-8900039a4918d53dbf5ef4112401bc088fa30932.tar.gz openbsd-8900039a4918d53dbf5ef4112401bc088fa30932.tar.bz2 openbsd-8900039a4918d53dbf5ef4112401bc088fa30932.zip

Simplify certificate list handling code in legacy server.

A client is required to send an empty list if it does not have a suitable certificate - handle this case up front, rather than going through the normal code path and ending up with an empty certificate list. This matches what we do in the TLSv1.3 stack and will allow for ruther clean up (in addition to making the code more readable). Also tidy up the CBS code and remove some unnecessary length checks. Use 'cert' and 'certs' for certificates, rather than 'x' and 'sk'. ok tb@

Diffstat (limited to 'src/lib/libssl/ssl_seclevel.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: