1 files changed, 27 insertions, 5 deletions
diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c
index 0f6a0884e4..e77cdddfd3 100644
--- a/src/lib/libssl/ssl_asn1.c
+++ b/src/lib/libssl/ssl_asn1.c
@@ -60,6 +60,7 @@
 #include <stdlib.h>
 #include <openssl/asn1_mac.h>
 #include <openssl/objects.h>
+#include <openssl/x509.h>
 #include "ssl_locl.h"
 typedef struct ssl_session_asn1_st
@@ -73,14 +74,15 @@ typedef struct ssl_session_asn1_st
        ASN1_OCTET_STRING key_arg;
        ASN1_INTEGER time;
        ASN1_INTEGER timeout;
+        ASN1_INTEGER verify_result;
        } SSL_SESSION_ASN1;
 int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
        {
 #define LSIZE2 (sizeof(long)*2)
-        int v1=0,v2=0,v3=0,v4=0;
+        int v1=0,v2=0,v3=0,v4=0,v5=0;
        unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2];
-        unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2];
+        unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2],ibuf5[LSIZE2];
        long l;
        SSL_SESSION_ASN1 a;
        M_ASN1_I2D_vars(in);
@@ -89,7 +91,7 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
                return(0);
        /* Note that I cheat in the following 2 assignments.  I know
-         * that if the ASN1_INTERGER passed to ASN1_INTEGER_set
+         * that if the ASN1_INTEGER passed to ASN1_INTEGER_set
         * is > sizeof(long)+1, the buffer will not be re-Malloc()ed.
         * This is a bit evil but makes things simple, no dynamic allocation
         * to clean up :-) */
@@ -156,6 +158,14 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
                ASN1_INTEGER_set(&(a.timeout),in->timeout);
                }
+        if (in->verify_result != X509_V_OK)
+                {
+                a.verify_result.length=LSIZE2;
+                a.verify_result.type=V_ASN1_INTEGER;
+                a.verify_result.data=ibuf5;
+                ASN1_INTEGER_set(&a.verify_result,in->verify_result);
+                }
        M_ASN1_I2D_len(&(a.version),            i2d_ASN1_INTEGER);
        M_ASN1_I2D_len(&(a.ssl_version),        i2d_ASN1_INTEGER);
        M_ASN1_I2D_len(&(a.cipher),             i2d_ASN1_OCTET_STRING);
@@ -170,6 +180,8 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
        if (in->peer != NULL)
                M_ASN1_I2D_len_EXP_opt(in->peer,i2d_X509,3,v3);
        M_ASN1_I2D_len_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,v4);
+        if (in->verify_result != X509_V_OK)
+                M_ASN1_I2D_len_EXP_opt(&(a.verify_result),i2d_ASN1_INTEGER,5,v5);
        M_ASN1_I2D_seq_total();
@@ -188,7 +200,8 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
                M_ASN1_I2D_put_EXP_opt(in->peer,i2d_X509,3,v3);
        M_ASN1_I2D_put_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,
                               v4);
+        if (in->verify_result != X509_V_OK)
+                M_ASN1_I2D_put_EXP_opt(&a.verify_result,i2d_ASN1_INTEGER,5,v5);
        M_ASN1_I2D_finish();
        }
@@ -322,6 +335,15 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp,
        else
            ret->sid_ctx_length=0;
+        ai.length=0;
+        M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,5);
+        if (ai.data != NULL)
+                {
+                ret->verify_result=ASN1_INTEGER_get(aip);
+                Free(ai.data); ai.data=NULL; ai.length=0;
+                }
+        else
+                ret->verify_result=X509_V_OK;
        M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION);
        }

diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c index 0f6a0884e4..e77cdddfd3 100644 --- a/src/lib/libssl/ssl_asn1.c +++ b/src/lib/libssl/ssl_asn1.c
@@ -60,6 +60,7 @@
60	#include <stdlib.h>	60	#include <stdlib.h>
61	#include <openssl/asn1_mac.h>	61	#include <openssl/asn1_mac.h>
62	#include <openssl/objects.h>	62	#include <openssl/objects.h>
		63	#include <openssl/x509.h>
63	#include "ssl_locl.h"	64	#include "ssl_locl.h"
64		65
65	typedef struct ssl_session_asn1_st	66	typedef struct ssl_session_asn1_st
@@ -73,14 +74,15 @@ typedef struct ssl_session_asn1_st
73	ASN1_OCTET_STRING key_arg;	74	ASN1_OCTET_STRING key_arg;
74	ASN1_INTEGER time;	75	ASN1_INTEGER time;
75	ASN1_INTEGER timeout;	76	ASN1_INTEGER timeout;
		77	ASN1_INTEGER verify_result;
76	} SSL_SESSION_ASN1;	78	} SSL_SESSION_ASN1;
77		79
78	int i2d_SSL_SESSION(SSL_SESSION in, unsigned char *pp)	80	int i2d_SSL_SESSION(SSL_SESSION in, unsigned char *pp)
79	{	81	{
80	#define LSIZE2 (sizeof(long)*2)	82	#define LSIZE2 (sizeof(long)*2)
81	int v1=0,v2=0,v3=0,v4=0;	83	int v1=0,v2=0,v3=0,v4=0,v5=0;
82	unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2];	84	unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2];
83	unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2];	85	unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2],ibuf5[LSIZE2];
84	long l;	86	long l;
85	SSL_SESSION_ASN1 a;	87	SSL_SESSION_ASN1 a;
86	M_ASN1_I2D_vars(in);	88	M_ASN1_I2D_vars(in);
@@ -89,7 +91,7 @@ int i2d_SSL_SESSION(SSL_SESSION in, unsigned char *pp)
89	return(0);	91	return(0);
90		92
91	/* Note that I cheat in the following 2 assignments. I know	93	/* Note that I cheat in the following 2 assignments. I know
92	* that if the ASN1_INTERGER passed to ASN1_INTEGER_set	94	* that if the ASN1_INTEGER passed to ASN1_INTEGER_set
93	* is > sizeof(long)+1, the buffer will not be re-Malloc()ed.	95	* is > sizeof(long)+1, the buffer will not be re-Malloc()ed.
94	* This is a bit evil but makes things simple, no dynamic allocation	96	* This is a bit evil but makes things simple, no dynamic allocation
95	* to clean up :-) */	97	* to clean up :-) */
@@ -156,6 +158,14 @@ int i2d_SSL_SESSION(SSL_SESSION in, unsigned char *pp)
156	ASN1_INTEGER_set(&(a.timeout),in->timeout);	158	ASN1_INTEGER_set(&(a.timeout),in->timeout);
157	}	159	}
158		160
		161	if (in->verify_result != X509_V_OK)
		162	{
		163	a.verify_result.length=LSIZE2;
		164	a.verify_result.type=V_ASN1_INTEGER;
		165	a.verify_result.data=ibuf5;
		166	ASN1_INTEGER_set(&a.verify_result,in->verify_result);
		167	}
		168
159	M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER);	169	M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER);
160	M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER);	170	M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER);
161	M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING);	171	M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING);
@@ -170,6 +180,8 @@ int i2d_SSL_SESSION(SSL_SESSION in, unsigned char *pp)
170	if (in->peer != NULL)	180	if (in->peer != NULL)
171	M_ASN1_I2D_len_EXP_opt(in->peer,i2d_X509,3,v3);	181	M_ASN1_I2D_len_EXP_opt(in->peer,i2d_X509,3,v3);
172	M_ASN1_I2D_len_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,v4);	182	M_ASN1_I2D_len_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,v4);
		183	if (in->verify_result != X509_V_OK)
		184	M_ASN1_I2D_len_EXP_opt(&(a.verify_result),i2d_ASN1_INTEGER,5,v5);
173		185
174	M_ASN1_I2D_seq_total();	186	M_ASN1_I2D_seq_total();
175		187
@@ -188,7 +200,8 @@ int i2d_SSL_SESSION(SSL_SESSION in, unsigned char *pp)
188	M_ASN1_I2D_put_EXP_opt(in->peer,i2d_X509,3,v3);	200	M_ASN1_I2D_put_EXP_opt(in->peer,i2d_X509,3,v3);
189	M_ASN1_I2D_put_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,	201	M_ASN1_I2D_put_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,
190	v4);	202	v4);
191		203	if (in->verify_result != X509_V_OK)
		204	M_ASN1_I2D_put_EXP_opt(&a.verify_result,i2d_ASN1_INTEGER,5,v5);
192	M_ASN1_I2D_finish();	205	M_ASN1_I2D_finish();
193	}	206	}
194		207
@@ -322,6 +335,15 @@ SSL_SESSION d2i_SSL_SESSION(SSL_SESSION a, unsigned char *pp,
322	else	335	else
323	ret->sid_ctx_length=0;	336	ret->sid_ctx_length=0;
324		337
		338	ai.length=0;
		339	M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,5);
		340	if (ai.data != NULL)
		341	{
		342	ret->verify_result=ASN1_INTEGER_get(aip);
		343	Free(ai.data); ai.data=NULL; ai.length=0;
		344	}
		345	else
		346	ret->verify_result=X509_V_OK;
		347
325	M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION);	348	M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION);
326	}	349	}
327