generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Call OCSP Stapling callback after ciphersuite has been chosen, so the

Browse Source 
right response is stapled. Also change SSL_get_certificate() so it
returns the certificate actually sent.  See
http://rt.openssl.org/Ticket/Display.html?id=2836.
This commit is contained in:
Ben Laurie
2012-09-11 12:57:46 +00:00
parent 147d4c96b0
commit 2daceb0342
5 changed files with 87 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
ssl/ssl_lib.c
View File

@@ -2336,7 +2336,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
#endif
static int ssl_get_server_cert_index(SSL *s)
static int ssl_get_server_cert_index(const SSL *s)
{
int idx;
idx = ssl_cipher_get_cert_index(s->s3->tmp.new_cipher);
@@ -2347,7 +2347,7 @@ static int ssl_get_server_cert_index(SSL *s)
return idx;
}
CERT_PKEY *ssl_get_server_send_pkey(SSL *s)
CERT_PKEY *ssl_get_server_send_pkey(const SSL *s)
{
CERT *c;
int i;
@@ -2833,6 +2833,14 @@ void ssl_clear_cipher_ctx(SSL *s)
/* Fix this function so that it takes an optional type parameter */
X509 *SSL_get_certificate(const SSL *s)
{
if (s->server)
{
CERT_PKEY *certpkey;
certpkey = ssl_get_server_send_pkey(s);
if (certpkey && certpkey->x509)
return certpkey->x509;
}
if (s->cert != NULL)
return(s->cert->key->x509);
else