summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_lib.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/ssl_lib.c')
-rw-r--r--src/lib/libssl/ssl_lib.c41
1 files changed, 9 insertions, 32 deletions
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 3c4d116919..6b4c7e72a1 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_lib.c,v 1.190 2018/11/07 01:53:36 jsing Exp $ */ 1/* $OpenBSD: ssl_lib.c,v 1.191 2018/11/08 20:55:18 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -261,23 +261,8 @@ SSL_new(SSL_CTX *ctx)
261 s->internal->mode = ctx->internal->mode; 261 s->internal->mode = ctx->internal->mode;
262 s->internal->max_cert_list = ctx->internal->max_cert_list; 262 s->internal->max_cert_list = ctx->internal->max_cert_list;
263 263
264 if (ctx->internal->cert != NULL) { 264 if ((s->cert = ssl_cert_dup(ctx->internal->cert)) == NULL)
265 /* 265 goto err;
266 * Earlier library versions used to copy the pointer to
267 * the CERT, not its contents; only when setting new
268 * parameters for the per-SSL copy, ssl_cert_new would be
269 * called (and the direct reference to the per-SSL_CTX
270 * settings would be lost, but those still were indirectly
271 * accessed for various purposes, and for that reason they
272 * used to be known as s->ctx->default_cert).
273 * Now we don't look at the SSL_CTX's CERT after having
274 * duplicated it once.
275 */
276 s->cert = ssl_cert_dup(ctx->internal->cert);
277 if (s->cert == NULL)
278 goto err;
279 } else
280 s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */
281 266
282 s->internal->read_ahead = ctx->internal->read_ahead; 267 s->internal->read_ahead = ctx->internal->read_ahead;
283 s->internal->msg_callback = ctx->internal->msg_callback; 268 s->internal->msg_callback = ctx->internal->msg_callback;
@@ -1855,6 +1840,7 @@ SSL_CTX_new(const SSL_METHOD *meth)
1855 ret->verify_mode = SSL_VERIFY_NONE; 1840 ret->verify_mode = SSL_VERIFY_NONE;
1856 ret->sid_ctx_length = 0; 1841 ret->sid_ctx_length = 0;
1857 ret->internal->default_verify_callback = NULL; 1842 ret->internal->default_verify_callback = NULL;
1843
1858 if ((ret->internal->cert = ssl_cert_new()) == NULL) 1844 if ((ret->internal->cert = ssl_cert_new()) == NULL)
1859 goto err; 1845 goto err;
1860 1846
@@ -2519,12 +2505,9 @@ SSL_dup(SSL *s)
2519 ret->method = s->method; 2505 ret->method = s->method;
2520 ret->method->internal->ssl_new(ret); 2506 ret->method->internal->ssl_new(ret);
2521 2507
2522 if (s->cert != NULL) { 2508 ssl_cert_free(ret->cert);
2523 ssl_cert_free(ret->cert); 2509 if ((ret->cert = ssl_cert_dup(s->cert)) == NULL)
2524 ret->cert = ssl_cert_dup(s->cert); 2510 goto err;
2525 if (ret->cert == NULL)
2526 goto err;
2527 }
2528 2511
2529 if (!SSL_set_session_id_context(ret, s->sid_ctx, 2512 if (!SSL_set_session_id_context(ret, s->sid_ctx,
2530 s->sid_ctx_length)) 2513 s->sid_ctx_length))
@@ -2658,20 +2641,14 @@ ssl_clear_cipher_write_state(SSL *s)
2658X509 * 2641X509 *
2659SSL_get_certificate(const SSL *s) 2642SSL_get_certificate(const SSL *s)
2660{ 2643{
2661 if (s->cert != NULL) 2644 return (s->cert->key->x509);
2662 return (s->cert->key->x509);
2663 else
2664 return (NULL);
2665} 2645}
2666 2646
2667/* Fix this function so that it takes an optional type parameter */ 2647/* Fix this function so that it takes an optional type parameter */
2668EVP_PKEY * 2648EVP_PKEY *
2669SSL_get_privatekey(const SSL *s) 2649SSL_get_privatekey(const SSL *s)
2670{ 2650{
2671 if (s->cert != NULL) 2651 return (s->cert->key->privatekey);
2672 return (s->cert->key->privatekey);
2673 else
2674 return (NULL);
2675} 2652}
2676 2653
2677const SSL_CIPHER * 2654const SSL_CIPHER *
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-08 13:39:59 +0000