From b30ca58d70d934bae7bf7e8653a6c20abbb32a31 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sat, 8 Jan 2022 12:59:59 +0000
Subject: Merge SESS_CERT into SSL_SESSION.

There is no reason for SESS_CERT to exist - remove it and merge its members
into SSL_SESSION for the time being. More clean up to follow.

ok inoguchi@ tb@
---
 src/lib/libssl/ssl_srvr.c | 22 +++++-----------------
 1 file changed, 5 insertions(+), 17 deletions(-)

(limited to 'src/lib/libssl/ssl_srvr.c')

diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index 6e74943803..7f7a176950 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.133 2022/01/08 12:43:44 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.134 2022/01/08 12:59:59 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2235,29 +2235,17 @@ ssl3_get_client_certificate(SSL *s)
 
 	X509_free(s->session->peer);
 	s->session->peer = sk_X509_shift(sk);
-	s->session->verify_result = s->verify_result;
-
-	/*
-	 * With the current implementation, sess_cert will always be NULL
-	 * when we arrive here
-	 */
-	if (s->session->sess_cert == NULL) {
-		s->session->sess_cert = ssl_sess_cert_new();
-		if (s->session->sess_cert == NULL) {
-			SSLerror(s, ERR_R_MALLOC_FAILURE);
-			goto err;
-		}
-	}
-	sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free);
-	s->session->sess_cert->cert_chain = sk;
 
 	/*
 	 * Inconsistency alert: cert_chain does *not* include the
 	 * peer's own certificate, while we do include it in s3_clnt.c
 	 */
-
+	sk_X509_pop_free(s->session->cert_chain, X509_free);
+	s->session->cert_chain = sk;
 	sk = NULL;
 
+	s->session->verify_result = s->verify_result;
+
 	ret = 1;
 	if (0) {
  decode_err:
-- 
cgit v1.2.3-55-g6feb