generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add SSL_get0_verified_chain() to return verified chain of peer

Browse Source 
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
This commit is contained in:
Dr. Stephen Henson
2016-02-06 03:17:23 +00:00
parent f3ac50038d
commit 696178edff
5 changed files with 43 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
ssl/ssl_cert.c
View File

@@ -541,6 +541,15 @@ int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk)
}
s->verify_result = ctx.error;
sk_X509_pop_free(s->verified_chain, X509_free);
s->verified_chain = NULL;
if (X509_STORE_CTX_get_chain(&ctx) != NULL) {
s->verified_chain = X509_STORE_CTX_get1_chain(&ctx);
if (s->verified_chain == NULL) {
SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, ERR_R_MALLOC_FAILURE);
i = 0;
}
}
/* Move peername from the store context params to the SSL handle's */
X509_VERIFY_PARAM_move_peername(s->param, param);