summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/libssl/s3_lib.c17
-rw-r--r--src/lib/libssl/ssl.h14
2 files changed, 23 insertions, 8 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 2943842ce7..9adf257ff3 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_lib.c,v 1.187 2019/10/04 17:21:24 jsing Exp $ */ 1/* $OpenBSD: s3_lib.c,v 1.188 2020/01/02 06:37:13 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -2242,6 +2242,16 @@ static int
2242_SSL_CTX_get_extra_chain_certs(SSL_CTX *ctx, STACK_OF(X509) **certs) 2242_SSL_CTX_get_extra_chain_certs(SSL_CTX *ctx, STACK_OF(X509) **certs)
2243{ 2243{
2244 *certs = ctx->extra_certs; 2244 *certs = ctx->extra_certs;
2245 if (*certs == NULL)
2246 *certs = ctx->internal->cert->key->chain;
2247
2248 return 1;
2249}
2250
2251static int
2252_SSL_CTX_get_extra_chain_certs_only(SSL_CTX *ctx, STACK_OF(X509) **certs)
2253{
2254 *certs = ctx->extra_certs;
2245 return 1; 2255 return 1;
2246} 2256}
2247 2257
@@ -2325,7 +2335,10 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
2325 return _SSL_CTX_add_extra_chain_cert(ctx, parg); 2335 return _SSL_CTX_add_extra_chain_cert(ctx, parg);
2326 2336
2327 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS: 2337 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
2328 return _SSL_CTX_get_extra_chain_certs(ctx, parg); 2338 if (larg == 0)
2339 return _SSL_CTX_get_extra_chain_certs(ctx, parg);
2340 else
2341 return _SSL_CTX_get_extra_chain_certs_only(ctx, parg);
2329 2342
2330 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS: 2343 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
2331 return _SSL_CTX_clear_extra_chain_certs(ctx); 2344 return _SSL_CTX_clear_extra_chain_certs(ctx);
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index fc89b0ef6e..521fb537de 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl.h,v 1.166 2019/04/04 15:03:21 jsing Exp $ */ 1/* $OpenBSD: ssl.h,v 1.167 2020/01/02 06:37:13 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1219,12 +1219,14 @@ int SSL_set_max_proto_version(SSL *ssl, uint16_t version);
1219#define SSL_set1_curves_list SSL_set1_groups_list 1219#define SSL_set1_curves_list SSL_set1_groups_list
1220#endif 1220#endif
1221 1221
1222#define SSL_CTX_add_extra_chain_cert(ctx,x509) \ 1222#define SSL_CTX_add_extra_chain_cert(ctx, x509) \
1223 SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) 1223 SSL_CTX_ctrl(ctx, SSL_CTRL_EXTRA_CHAIN_CERT, 0, (char *)x509)
1224#define SSL_CTX_get_extra_chain_certs(ctx,px509) \ 1224#define SSL_CTX_get_extra_chain_certs(ctx, px509) \
1225 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509) 1225 SSL_CTX_ctrl(ctx, SSL_CTRL_GET_EXTRA_CHAIN_CERTS, 0, px509)
1226#define SSL_CTX_get_extra_chain_certs_only(ctx, px509) \
1227 SSL_CTX_ctrl(ctx, SSL_CTRL_GET_EXTRA_CHAIN_CERTS, 1, px509)
1226#define SSL_CTX_clear_extra_chain_certs(ctx) \ 1228#define SSL_CTX_clear_extra_chain_certs(ctx) \
1227 SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL) 1229 SSL_CTX_ctrl(ctx, SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS, 0, NULL)
1228 1230
1229#define SSL_get_server_tmp_key(s, pk) \ 1231#define SSL_get_server_tmp_key(s, pk) \
1230 SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk) 1232 SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk)
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 10:14:01 +0000