summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_sess.c
diff options
context:
space:
mode:
authorjsing <>2022-08-17 07:39:19 +0000
committerjsing <>2022-08-17 07:39:19 +0000
commitb0c5f651476e9397892adf645bba468df03d0ea9 (patch)
treed4b208572f46a7c773aecb3e2d410aeaae5e817a /src/lib/libssl/ssl_sess.c
parent7e9e21e27683a4be2c58fedde7fc9303f63a83f9 (diff)
downloadopenbsd-b0c5f651476e9397892adf645bba468df03d0ea9.tar.gz
openbsd-b0c5f651476e9397892adf645bba468df03d0ea9.tar.bz2
openbsd-b0c5f651476e9397892adf645bba468df03d0ea9.zip
Deduplicate peer certificate chain processing code.
Rather than reimplement this in each TLS client and server, deduplicate it into a single function. Furthermore, rather than dealing with the API hazard that is SSL_get_peer_cert_chain() in this code, simply produce two chains - one that has the leaf and one that does not. SSL_get_peer_cert_chain() can then return the appropriate one. This also moves the peer cert chain from the SSL_SESSION to the SSL_HANDSHAKE, which makes more sense since it is not available on resumption. ok tb@
Diffstat (limited to 'src/lib/libssl/ssl_sess.c')
-rw-r--r--src/lib/libssl/ssl_sess.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
index fcb259f6a2..7cf36f8984 100644
--- a/src/lib/libssl/ssl_sess.c
+++ b/src/lib/libssl/ssl_sess.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_sess.c,v 1.116 2022/06/07 17:49:22 tb Exp $ */ 1/* $OpenBSD: ssl_sess.c,v 1.117 2022/08/17 07:39:19 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -230,6 +230,8 @@ SSL_SESSION_new(void)
230 ss->next = NULL; 230 ss->next = NULL;
231 ss->tlsext_hostname = NULL; 231 ss->tlsext_hostname = NULL;
232 232
233 ss->peer_cert_type = -1;
234
233 ss->tlsext_ecpointformatlist_length = 0; 235 ss->tlsext_ecpointformatlist_length = 0;
234 ss->tlsext_ecpointformatlist = NULL; 236 ss->tlsext_ecpointformatlist = NULL;
235 ss->tlsext_supportedgroups_length = 0; 237 ss->tlsext_supportedgroups_length = 0;
@@ -761,8 +763,6 @@ SSL_SESSION_free(SSL_SESSION *ss)
761 explicit_bzero(ss->master_key, sizeof ss->master_key); 763 explicit_bzero(ss->master_key, sizeof ss->master_key);
762 explicit_bzero(ss->session_id, sizeof ss->session_id); 764 explicit_bzero(ss->session_id, sizeof ss->session_id);
763 765
764 sk_X509_pop_free(ss->cert_chain, X509_free);
765
766 X509_free(ss->peer_cert); 766 X509_free(ss->peer_cert);
767 767
768 sk_SSL_CIPHER_free(ss->ciphers); 768 sk_SSL_CIPHER_free(ss->ciphers);