From b0c5f651476e9397892adf645bba468df03d0ea9 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Wed, 17 Aug 2022 07:39:19 +0000
Subject: Deduplicate peer certificate chain processing code.

Rather than reimplement this in each TLS client and server, deduplicate it
into a single function. Furthermore, rather than dealing with the API
hazard that is SSL_get_peer_cert_chain() in this code, simply produce two
chains - one that has the leaf and one that does not.
SSL_get_peer_cert_chain() can then return the appropriate one.

This also moves the peer cert chain from the SSL_SESSION to the
SSL_HANDSHAKE, which makes more sense since it is not available on
resumption.

ok tb@
---
 src/lib/libssl/Makefile | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'src/lib/libssl/Makefile')

diff --git a/src/lib/libssl/Makefile b/src/lib/libssl/Makefile
index d0d7bc4e02..1788cd75a3 100644
--- a/src/lib/libssl/Makefile
+++ b/src/lib/libssl/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.76 2022/07/24 14:28:16 jsing Exp $
+# $OpenBSD: Makefile,v 1.77 2022/08/17 07:39:19 jsing Exp $
 
 .include <bsd.own.mk>
 .ifndef NOMAN
@@ -85,7 +85,8 @@ SRCS= \
 	tls13_server.c \
 	tls_buffer.c \
 	tls_content.c \
-	tls_key_share.c
+	tls_key_share.c \
+	tls_lib.c
 
 HDRS=	dtls1.h srtp.h ssl.h ssl2.h ssl23.h ssl3.h tls1.h
 
-- 
cgit v1.2.3-55-g6feb