Use X509_STORE_CTX_get0_chain() instead of grabbing the chain directly

out of the X509_STORE_CTX. ok jsing
author: tb <> 2021-10-23 13:12:55 +0000
committer: tb <> 2021-10-23 13:12:55 +0000
commit: 73bf90775184788b1c3a4f8ab69c9e069ffbffa8 (patch)
tree: 775162b38c733101ed4adf76376a2b186da89a4e /src
parent: 95e856754f2f3f9efb0f717095a5fbf17ffb2c72 (diff)
download: openbsd-73bf90775184788b1c3a4f8ab69c9e069ffbffa8.tar.gz
openbsd-73bf90775184788b1c3a4f8ab69c9e069ffbffa8.tar.bz2
openbsd-73bf90775184788b1c3a4f8ab69c9e069ffbffa8.zip
2 files changed, 4 insertions, 4 deletions
diff --git a/src/lib/libssl/ssl_both.c b/src/lib/libssl/ssl_both.c
index 637f34582f..fe7173e8a4 100644
--- a/src/lib/libssl/ssl_both.c
+++ b/src/lib/libssl/ssl_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_both.c,v 1.36 2021/10/23 08:34:36 jsing Exp $ */
+/* $OpenBSD: ssl_both.c,v 1.37 2021/10/23 13:12:55 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -368,7 +368,7 @@ ssl3_output_cert_chain(SSL *s, CBB *cbb, CERT_PKEY *cpk)
                    X509_V_FLAG_LEGACY_VERIFY);
                X509_verify_cert(xs_ctx);
                ERR_clear_error();
-                chain = xs_ctx->chain;
+                chain = X509_STORE_CTX_get0_chain(xs_ctx);
        }
        for (i = 0; i < sk_X509_num(chain); i++) {
diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c
index d2c7abbf7c..9c0369fc91 100644
--- a/src/lib/libssl/tls13_server.c
+++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_server.c,v 1.84 2021/07/01 17:53:39 jsing Exp $ */
+/* $OpenBSD: tls13_server.c,v 1.85 2021/10/23 13:12:55 tb Exp $ */
 /*
 * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -649,7 +649,7 @@ tls13_server_certificate_send(struct tls13_ctx *ctx, CBB *cbb)
                    X509_V_FLAG_LEGACY_VERIFY);
                X509_verify_cert(xsc);
                ERR_clear_error();
-                chain = xsc->chain;
+                chain = X509_STORE_CTX_get0_chain(xsc);
        }
        if (!CBB_add_u8_length_prefixed(cbb, &cert_request_context))
author	tb <>	2021-10-23 13:12:55 +0000
committer	tb <>	2021-10-23 13:12:55 +0000
commit	73bf90775184788b1c3a4f8ab69c9e069ffbffa8 (patch)
tree	775162b38c733101ed4adf76376a2b186da89a4e /src
parent	95e856754f2f3f9efb0f717095a5fbf17ffb2c72 (diff)
download	openbsd-73bf90775184788b1c3a4f8ab69c9e069ffbffa8.tar.gz openbsd-73bf90775184788b1c3a4f8ab69c9e069ffbffa8.tar.bz2 openbsd-73bf90775184788b1c3a4f8ab69c9e069ffbffa8.zip

diff --git a/src/lib/libssl/ssl_both.c b/src/lib/libssl/ssl_both.c index 637f34582f..fe7173e8a4 100644 --- a/src/lib/libssl/ssl_both.c +++ b/src/lib/libssl/ssl_both.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_both.c,v 1.36 2021/10/23 08:34:36 jsing Exp $ */	1	/* $OpenBSD: ssl_both.c,v 1.37 2021/10/23 13:12:55 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -368,7 +368,7 @@ ssl3_output_cert_chain(SSL s, CBB cbb, CERT_PKEY *cpk)
368	X509_V_FLAG_LEGACY_VERIFY);	368	X509_V_FLAG_LEGACY_VERIFY);
369	X509_verify_cert(xs_ctx);	369	X509_verify_cert(xs_ctx);
370	ERR_clear_error();	370	ERR_clear_error();
371	chain = xs_ctx->chain;	371	chain = X509_STORE_CTX_get0_chain(xs_ctx);
372	}	372	}
373		373
374	for (i = 0; i < sk_X509_num(chain); i++) {	374	for (i = 0; i < sk_X509_num(chain); i++) {


diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c index d2c7abbf7c..9c0369fc91 100644 --- a/src/lib/libssl/tls13_server.c +++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_server.c,v 1.84 2021/07/01 17:53:39 jsing Exp $ */	1	/* $OpenBSD: tls13_server.c,v 1.85 2021/10/23 13:12:55 tb Exp $ */
2	/*	2	/*
3	* Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2020 Bob Beck <beck@openbsd.org>	4	* Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -649,7 +649,7 @@ tls13_server_certificate_send(struct tls13_ctx ctx, CBB cbb)
649	X509_V_FLAG_LEGACY_VERIFY);	649	X509_V_FLAG_LEGACY_VERIFY);
650	X509_verify_cert(xsc);	650	X509_verify_cert(xsc);
651	ERR_clear_error();	651	ERR_clear_error();
652	chain = xsc->chain;	652	chain = X509_STORE_CTX_get0_chain(xsc);
653	}	653	}
654		654
655	if (!CBB_add_u8_length_prefixed(cbb, &cert_request_context))	655	if (!CBB_add_u8_length_prefixed(cbb, &cert_request_context))