diff options
author | jsing <> | 2022-08-17 07:39:19 +0000 |
---|---|---|
committer | jsing <> | 2022-08-17 07:39:19 +0000 |
commit | b0c5f651476e9397892adf645bba468df03d0ea9 (patch) | |
tree | d4b208572f46a7c773aecb3e2d410aeaae5e817a /src/lib/libssl/ssl_sess.c | |
parent | 7e9e21e27683a4be2c58fedde7fc9303f63a83f9 (diff) | |
download | openbsd-b0c5f651476e9397892adf645bba468df03d0ea9.tar.gz openbsd-b0c5f651476e9397892adf645bba468df03d0ea9.tar.bz2 openbsd-b0c5f651476e9397892adf645bba468df03d0ea9.zip |
Deduplicate peer certificate chain processing code.
Rather than reimplement this in each TLS client and server, deduplicate it
into a single function. Furthermore, rather than dealing with the API
hazard that is SSL_get_peer_cert_chain() in this code, simply produce two
chains - one that has the leaf and one that does not.
SSL_get_peer_cert_chain() can then return the appropriate one.
This also moves the peer cert chain from the SSL_SESSION to the
SSL_HANDSHAKE, which makes more sense since it is not available on
resumption.
ok tb@
Diffstat (limited to 'src/lib/libssl/ssl_sess.c')
-rw-r--r-- | src/lib/libssl/ssl_sess.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c index fcb259f6a2..7cf36f8984 100644 --- a/src/lib/libssl/ssl_sess.c +++ b/src/lib/libssl/ssl_sess.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssl_sess.c,v 1.116 2022/06/07 17:49:22 tb Exp $ */ | 1 | /* $OpenBSD: ssl_sess.c,v 1.117 2022/08/17 07:39:19 jsing Exp $ */ |
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 | * All rights reserved. | 3 | * All rights reserved. |
4 | * | 4 | * |
@@ -230,6 +230,8 @@ SSL_SESSION_new(void) | |||
230 | ss->next = NULL; | 230 | ss->next = NULL; |
231 | ss->tlsext_hostname = NULL; | 231 | ss->tlsext_hostname = NULL; |
232 | 232 | ||
233 | ss->peer_cert_type = -1; | ||
234 | |||
233 | ss->tlsext_ecpointformatlist_length = 0; | 235 | ss->tlsext_ecpointformatlist_length = 0; |
234 | ss->tlsext_ecpointformatlist = NULL; | 236 | ss->tlsext_ecpointformatlist = NULL; |
235 | ss->tlsext_supportedgroups_length = 0; | 237 | ss->tlsext_supportedgroups_length = 0; |
@@ -761,8 +763,6 @@ SSL_SESSION_free(SSL_SESSION *ss) | |||
761 | explicit_bzero(ss->master_key, sizeof ss->master_key); | 763 | explicit_bzero(ss->master_key, sizeof ss->master_key); |
762 | explicit_bzero(ss->session_id, sizeof ss->session_id); | 764 | explicit_bzero(ss->session_id, sizeof ss->session_id); |
763 | 765 | ||
764 | sk_X509_pop_free(ss->cert_chain, X509_free); | ||
765 | |||
766 | X509_free(ss->peer_cert); | 766 | X509_free(ss->peer_cert); |
767 | 767 | ||
768 | sk_SSL_CIPHER_free(ss->ciphers); | 768 | sk_SSL_CIPHER_free(ss->ciphers); |