generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Minor enhancement to PR#2836 fix. Instead of modifying SSL_get_certificate

Browse Source 
change the current certificate (in s->cert->key) to the one used and then
SSL_get_certificate and SSL_get_privatekey will automatically work.

Note for 1.0.1 and earlier also includes backport of the function
ssl_get_server_send_pkey.
This commit is contained in:
Dr. Stephen Henson 2012-09-21 14:01:59 +00:00
parent d1451f18d9
commit 353e845120
3 changed files with 24 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
ssl/ssl_lib.c
View File

@ -2287,7 +2287,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
#endif #endif
/* THIS NEEDS CLEANING UP */ /* THIS NEEDS CLEANING UP */
X509 *ssl_get_server_send_cert(const SSL *s) CERT_PKEY *ssl_get_server_send_pkey(const SSL *s)
{ {
unsigned long alg_k,alg_a; unsigned long alg_k,alg_a;
CERT *c; CERT *c;
@ -2345,9 +2345,17 @@ X509 *ssl_get_server_send_cert(const SSL *s)
SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,ERR_R_INTERNAL_ERROR);
return(NULL); return(NULL);
} }
if (c->pkeys[i].x509 == NULL) return(NULL);
return(c->pkeys[i].x509); return c->pkeys + i;
}
X509 *ssl_get_server_send_cert(const SSL *s)
{
CERT_PKEY *cpk;
cpk = ssl_get_server_send_pkey(s);
if (!cpk)
return NULL;
return cpk->x509;
} }
EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher, const EVP_MD **pmd) EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher, const EVP_MD **pmd)

1
ssl/ssl_locl.h
View File

@ -830,6 +830,7 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk);
int ssl_undefined_function(SSL *s); int ssl_undefined_function(SSL *s);
int ssl_undefined_void_function(void); int ssl_undefined_void_function(void);
int ssl_undefined_const_function(const SSL *s); int ssl_undefined_const_function(const SSL *s);
CERT_PKEY *ssl_get_server_send_pkey(const SSL *s);
X509 *ssl_get_server_send_cert(const SSL *); X509 *ssl_get_server_send_cert(const SSL *);
EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *c, const EVP_MD **pmd); EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *c, const EVP_MD **pmd);
int ssl_cert_type(X509 *x,EVP_PKEY *pkey); int ssl_cert_type(X509 *x,EVP_PKEY *pkey);

12
ssl/t1_lib.c
View File

@ -1871,6 +1871,18 @@ int ssl_check_clienthello_tlsext_late(SSL *s)
if ((s->tlsext_status_type != -1) && s->ctx && s->ctx->tlsext_status_cb) if ((s->tlsext_status_type != -1) && s->ctx && s->ctx->tlsext_status_cb)
{ {
int r; int r;
CERT_PKEY *certpkey;
certpkey = ssl_get_server_send_pkey(s);
/* If no certificate can't return certificate status */
if (certpkey == NULL)
{
s->tlsext_status_expected = 0;
return 1;
}
/* Set current certificate to one we will use so
* SSL_get_certificate et al can pick it up.
*/
s->cert->key = certpkey;
r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
switch (r) switch (r)
{ {