diff options
| author | tb <> | 2021-10-23 14:50:10 +0000 |
|---|---|---|
| committer | tb <> | 2021-10-23 14:50:10 +0000 |
| commit | 25d930a8393c2df1072e07fb2e2cf92e76e2d728 (patch) | |
| tree | 729ba46e473920ed23c19e5a6c69a04685a07d1f /src | |
| parent | 0636e301829f8bb433caf6702aa41f3c467a6423 (diff) | |
| download | openbsd-25d930a8393c2df1072e07fb2e2cf92e76e2d728.tar.gz openbsd-25d930a8393c2df1072e07fb2e2cf92e76e2d728.tar.bz2 openbsd-25d930a8393c2df1072e07fb2e2cf92e76e2d728.zip | |
Prepare s_server for opaque structs in libcrypto
ok beck jsing
Diffstat (limited to 'src')
| -rw-r--r-- | src/usr.bin/openssl/s_server.c | 21 |
1 files changed, 13 insertions, 8 deletions
diff --git a/src/usr.bin/openssl/s_server.c b/src/usr.bin/openssl/s_server.c index 206a83323c..a3dc509cb0 100644 --- a/src/usr.bin/openssl/s_server.c +++ b/src/usr.bin/openssl/s_server.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s_server.c,v 1.50 2021/09/23 13:28:50 tb Exp $ */ | 1 | /* $OpenBSD: s_server.c,v 1.51 2021/10/23 14:50:10 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -2336,7 +2336,7 @@ cert_status_cb(SSL *s, void *arg) | |||
| 2336 | int rspderlen; | 2336 | int rspderlen; |
| 2337 | STACK_OF(OPENSSL_STRING) *aia = NULL; | 2337 | STACK_OF(OPENSSL_STRING) *aia = NULL; |
| 2338 | X509 *x = NULL; | 2338 | X509 *x = NULL; |
| 2339 | X509_STORE_CTX inctx; | 2339 | X509_STORE_CTX *inctx = NULL; |
| 2340 | X509_OBJECT obj; | 2340 | X509_OBJECT obj; |
| 2341 | OCSP_REQUEST *req = NULL; | 2341 | OCSP_REQUEST *req = NULL; |
| 2342 | OCSP_RESPONSE *resp = NULL; | 2342 | OCSP_RESPONSE *resp = NULL; |
| @@ -2371,23 +2371,27 @@ cert_status_cb(SSL *s, void *arg) | |||
| 2371 | use_ssl = srctx->use_ssl; | 2371 | use_ssl = srctx->use_ssl; |
| 2372 | } | 2372 | } |
| 2373 | 2373 | ||
| 2374 | if (!X509_STORE_CTX_init(&inctx, | 2374 | if ((inctx = X509_STORE_CTX_new()) == NULL) |
| 2375 | goto err; | ||
| 2376 | |||
| 2377 | if (!X509_STORE_CTX_init(inctx, | ||
| 2375 | SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s)), | 2378 | SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s)), |
| 2376 | NULL, NULL)) | 2379 | NULL, NULL)) |
| 2377 | goto err; | 2380 | goto err; |
| 2378 | if (X509_STORE_get_by_subject(&inctx, X509_LU_X509, | 2381 | if (X509_STORE_get_by_subject(inctx, X509_LU_X509, |
| 2379 | X509_get_issuer_name(x), &obj) <= 0) { | 2382 | X509_get_issuer_name(x), &obj) <= 0) { |
| 2380 | BIO_puts(err, | 2383 | BIO_puts(err, |
| 2381 | "cert_status: Can't retrieve issuer certificate.\n"); | 2384 | "cert_status: Can't retrieve issuer certificate.\n"); |
| 2382 | X509_STORE_CTX_cleanup(&inctx); | 2385 | X509_STORE_CTX_cleanup(inctx); |
| 2383 | goto done; | 2386 | goto done; |
| 2384 | } | 2387 | } |
| 2385 | req = OCSP_REQUEST_new(); | 2388 | req = OCSP_REQUEST_new(); |
| 2386 | if (!req) | 2389 | if (!req) |
| 2387 | goto err; | 2390 | goto err; |
| 2388 | id = OCSP_cert_to_id(NULL, x, obj.data.x509); | 2391 | id = OCSP_cert_to_id(NULL, x, X509_OBJECT_get0_X509(&obj)); |
| 2389 | X509_free(obj.data.x509); | 2392 | X509_OBJECT_free_contents(&obj); |
| 2390 | X509_STORE_CTX_cleanup(&inctx); | 2393 | X509_STORE_CTX_free(inctx); |
| 2394 | inctx = NULL; | ||
| 2391 | if (!id) | 2395 | if (!id) |
| 2392 | goto err; | 2396 | goto err; |
| 2393 | if (!OCSP_request_add0_id(req, id)) | 2397 | if (!OCSP_request_add0_id(req, id)) |
| @@ -2416,6 +2420,7 @@ cert_status_cb(SSL *s, void *arg) | |||
| 2416 | } | 2420 | } |
| 2417 | ret = SSL_TLSEXT_ERR_OK; | 2421 | ret = SSL_TLSEXT_ERR_OK; |
| 2418 | done: | 2422 | done: |
| 2423 | X509_STORE_CTX_free(inctx); | ||
| 2419 | if (ret != SSL_TLSEXT_ERR_OK) | 2424 | if (ret != SSL_TLSEXT_ERR_OK) |
| 2420 | ERR_print_errors(err); | 2425 | ERR_print_errors(err); |
| 2421 | if (aia) { | 2426 | if (aia) { |