From 4e5f1e0420a23688bec26a60ba7f49ffdd33ba62 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Mon, 25 Mar 2019 16:35:48 +0000
Subject: Rework ssl3_output_cert_chain() to take a CERT_PKEY and consider
 chains.

We will now include the certificates in the chain in the certificate list,
or use the existing extra_certs if present. Failing that we fall back to
the automatic chain building if not disabled.

This also simplifies the code significantly.

ok beck@ tb@
---
 src/lib/libssl/ssl_locl.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/lib/libssl/ssl_locl.h')

diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 509183a7fa..5d39d1a391 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.239 2019/03/25 16:24:57 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.240 2019/03/25 16:35:48 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1154,7 +1154,7 @@ int ssl3_renegotiate_check(SSL *ssl);
 int ssl3_dispatch_alert(SSL *s);
 int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
 int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
-int ssl3_output_cert_chain(SSL *s, CBB *cbb, X509 *x);
+int ssl3_output_cert_chain(SSL *s, CBB *cbb, CERT_PKEY *cpk);
 SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, STACK_OF(SSL_CIPHER) *clnt,
     STACK_OF(SSL_CIPHER) *srvr);
 int	ssl3_setup_buffers(SSL *s);
-- 
cgit v1.2.3-55-g6feb