diff options
Diffstat (limited to 'src/lib/libssl/ssl_srvr.c')
| -rw-r--r-- | src/lib/libssl/ssl_srvr.c | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index dd622c2831..786362ea02 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_srvr.c,v 1.138 2022/01/11 18:28:41 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_srvr.c,v 1.139 2022/01/11 18:39:28 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -453,7 +453,7 @@ ssl3_accept(SSL *s) | |||
| 453 | * s3_clnt.c accepts this for SSL 3). | 453 | * s3_clnt.c accepts this for SSL 3). |
| 454 | */ | 454 | */ |
| 455 | if (!(s->verify_mode & SSL_VERIFY_PEER) || | 455 | if (!(s->verify_mode & SSL_VERIFY_PEER) || |
| 456 | ((s->session->peer != NULL) && | 456 | ((s->session->peer_cert != NULL) && |
| 457 | (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) || | 457 | (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) || |
| 458 | ((S3I(s)->hs.cipher->algorithm_auth & | 458 | ((S3I(s)->hs.cipher->algorithm_auth & |
| 459 | SSL_aNULL) && !(s->verify_mode & | 459 | SSL_aNULL) && !(s->verify_mode & |
| @@ -550,7 +550,7 @@ ssl3_accept(SSL *s) | |||
| 550 | } else if (SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) { | 550 | } else if (SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) { |
| 551 | S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A; | 551 | S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A; |
| 552 | s->internal->init_num = 0; | 552 | s->internal->init_num = 0; |
| 553 | if (!s->session->peer) | 553 | if (!s->session->peer_cert) |
| 554 | break; | 554 | break; |
| 555 | /* | 555 | /* |
| 556 | * Freeze the transcript for use during client | 556 | * Freeze the transcript for use during client |
| @@ -1807,7 +1807,7 @@ ssl3_get_client_kex_gost(SSL *s, CBS *cbs) | |||
| 1807 | * it is completely valid to use a client certificate for | 1807 | * it is completely valid to use a client certificate for |
| 1808 | * authorization only. | 1808 | * authorization only. |
| 1809 | */ | 1809 | */ |
| 1810 | if ((client_pubkey = X509_get0_pubkey(s->session->peer)) != NULL) { | 1810 | if ((client_pubkey = X509_get0_pubkey(s->session->peer_cert)) != NULL) { |
| 1811 | if (EVP_PKEY_derive_set_peer(pkey_ctx, client_pubkey) <= 0) | 1811 | if (EVP_PKEY_derive_set_peer(pkey_ctx, client_pubkey) <= 0) |
| 1812 | ERR_clear_error(); | 1812 | ERR_clear_error(); |
| 1813 | } | 1813 | } |
| @@ -1906,7 +1906,7 @@ ssl3_get_cert_verify(SSL *s) | |||
| 1906 | const struct ssl_sigalg *sigalg = NULL; | 1906 | const struct ssl_sigalg *sigalg = NULL; |
| 1907 | uint16_t sigalg_value = SIGALG_NONE; | 1907 | uint16_t sigalg_value = SIGALG_NONE; |
| 1908 | EVP_PKEY *pkey = NULL; | 1908 | EVP_PKEY *pkey = NULL; |
| 1909 | X509 *peer = NULL; | 1909 | X509 *peer_cert = NULL; |
| 1910 | EVP_MD_CTX *mctx = NULL; | 1910 | EVP_MD_CTX *mctx = NULL; |
| 1911 | int al, verify; | 1911 | int al, verify; |
| 1912 | const unsigned char *hdata; | 1912 | const unsigned char *hdata; |
| @@ -1928,15 +1928,15 @@ ssl3_get_cert_verify(SSL *s) | |||
| 1928 | 1928 | ||
| 1929 | CBS_init(&cbs, s->internal->init_msg, s->internal->init_num); | 1929 | CBS_init(&cbs, s->internal->init_msg, s->internal->init_num); |
| 1930 | 1930 | ||
| 1931 | if (s->session->peer != NULL) { | 1931 | if (s->session->peer_cert != NULL) { |
| 1932 | peer = s->session->peer; | 1932 | peer_cert = s->session->peer_cert; |
| 1933 | pkey = X509_get_pubkey(peer); | 1933 | pkey = X509_get_pubkey(peer_cert); |
| 1934 | type = X509_certificate_type(peer, pkey); | 1934 | type = X509_certificate_type(peer_cert, pkey); |
| 1935 | } | 1935 | } |
| 1936 | 1936 | ||
| 1937 | if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE_VERIFY) { | 1937 | if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE_VERIFY) { |
| 1938 | S3I(s)->hs.tls12.reuse_message = 1; | 1938 | S3I(s)->hs.tls12.reuse_message = 1; |
| 1939 | if (peer != NULL) { | 1939 | if (peer_cert != NULL) { |
| 1940 | al = SSL_AD_UNEXPECTED_MESSAGE; | 1940 | al = SSL_AD_UNEXPECTED_MESSAGE; |
| 1941 | SSLerror(s, SSL_R_MISSING_VERIFY_MESSAGE); | 1941 | SSLerror(s, SSL_R_MISSING_VERIFY_MESSAGE); |
| 1942 | goto fatal_err; | 1942 | goto fatal_err; |
| @@ -1945,7 +1945,7 @@ ssl3_get_cert_verify(SSL *s) | |||
| 1945 | goto end; | 1945 | goto end; |
| 1946 | } | 1946 | } |
| 1947 | 1947 | ||
| 1948 | if (peer == NULL) { | 1948 | if (peer_cert == NULL) { |
| 1949 | SSLerror(s, SSL_R_NO_CLIENT_CERT_RECEIVED); | 1949 | SSLerror(s, SSL_R_NO_CLIENT_CERT_RECEIVED); |
| 1950 | al = SSL_AD_UNEXPECTED_MESSAGE; | 1950 | al = SSL_AD_UNEXPECTED_MESSAGE; |
| 1951 | goto fatal_err; | 1951 | goto fatal_err; |
| @@ -2240,8 +2240,8 @@ ssl3_get_client_certificate(SSL *s) | |||
| 2240 | } | 2240 | } |
| 2241 | } | 2241 | } |
| 2242 | 2242 | ||
| 2243 | X509_free(s->session->peer); | 2243 | X509_free(s->session->peer_cert); |
| 2244 | s->session->peer = sk_X509_shift(sk); | 2244 | s->session->peer_cert = sk_X509_shift(sk); |
| 2245 | 2245 | ||
| 2246 | /* | 2246 | /* |
| 2247 | * Inconsistency alert: cert_chain does *not* include the | 2247 | * Inconsistency alert: cert_chain does *not* include the |