diff options
| author | jsing <> | 2022-08-17 07:39:19 +0000 |
|---|---|---|
| committer | jsing <> | 2022-08-17 07:39:19 +0000 |
| commit | b0c5f651476e9397892adf645bba468df03d0ea9 (patch) | |
| tree | d4b208572f46a7c773aecb3e2d410aeaae5e817a /src/lib/libssl/ssl_sess.c | |
| parent | 7e9e21e27683a4be2c58fedde7fc9303f63a83f9 (diff) | |
| download | openbsd-b0c5f651476e9397892adf645bba468df03d0ea9.tar.gz openbsd-b0c5f651476e9397892adf645bba468df03d0ea9.tar.bz2 openbsd-b0c5f651476e9397892adf645bba468df03d0ea9.zip | |
Deduplicate peer certificate chain processing code.
Rather than reimplement this in each TLS client and server, deduplicate it
into a single function. Furthermore, rather than dealing with the API
hazard that is SSL_get_peer_cert_chain() in this code, simply produce two
chains - one that has the leaf and one that does not.
SSL_get_peer_cert_chain() can then return the appropriate one.
This also moves the peer cert chain from the SSL_SESSION to the
SSL_HANDSHAKE, which makes more sense since it is not available on
resumption.
ok tb@
Diffstat (limited to 'src/lib/libssl/ssl_sess.c')
| -rw-r--r-- | src/lib/libssl/ssl_sess.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c index fcb259f6a2..7cf36f8984 100644 --- a/src/lib/libssl/ssl_sess.c +++ b/src/lib/libssl/ssl_sess.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_sess.c,v 1.116 2022/06/07 17:49:22 tb Exp $ */ | 1 | /* $OpenBSD: ssl_sess.c,v 1.117 2022/08/17 07:39:19 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -230,6 +230,8 @@ SSL_SESSION_new(void) | |||
| 230 | ss->next = NULL; | 230 | ss->next = NULL; |
| 231 | ss->tlsext_hostname = NULL; | 231 | ss->tlsext_hostname = NULL; |
| 232 | 232 | ||
| 233 | ss->peer_cert_type = -1; | ||
| 234 | |||
| 233 | ss->tlsext_ecpointformatlist_length = 0; | 235 | ss->tlsext_ecpointformatlist_length = 0; |
| 234 | ss->tlsext_ecpointformatlist = NULL; | 236 | ss->tlsext_ecpointformatlist = NULL; |
| 235 | ss->tlsext_supportedgroups_length = 0; | 237 | ss->tlsext_supportedgroups_length = 0; |
| @@ -761,8 +763,6 @@ SSL_SESSION_free(SSL_SESSION *ss) | |||
| 761 | explicit_bzero(ss->master_key, sizeof ss->master_key); | 763 | explicit_bzero(ss->master_key, sizeof ss->master_key); |
| 762 | explicit_bzero(ss->session_id, sizeof ss->session_id); | 764 | explicit_bzero(ss->session_id, sizeof ss->session_id); |
| 763 | 765 | ||
| 764 | sk_X509_pop_free(ss->cert_chain, X509_free); | ||
| 765 | |||
| 766 | X509_free(ss->peer_cert); | 766 | X509_free(ss->peer_cert); |
| 767 | 767 | ||
| 768 | sk_SSL_CIPHER_free(ss->ciphers); | 768 | sk_SSL_CIPHER_free(ss->ciphers); |