generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Call OCSP Stapling callback after ciphersuite has been chosen, so the

Browse Source 
right response is stapled. Also change SSL_get_certificate() so it
returns the certificate actually sent.

See http://rt.openssl.org/Ticket/Display.html?id=2836.
This commit is contained in:
Ben Laurie
2012-09-17 14:39:38 +00:00
parent bc78883017
commit 70d91d60bc
5 changed files with 81 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
ssl/ssl_locl.h
View File

@@ -830,7 +830,7 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk);
int ssl_undefined_function(SSL *s);
int ssl_undefined_void_function(void);
int ssl_undefined_const_function(const SSL *s);
X509 *ssl_get_server_send_cert(SSL *);
X509 *ssl_get_server_send_cert(const SSL *);
EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *c, const EVP_MD **pmd);
int ssl_cert_type(X509 *x,EVP_PKEY *pkey);
void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher);
@@ -1088,7 +1088,8 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d,
int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);
int ssl_prepare_clienthello_tlsext(SSL *s);
int ssl_prepare_serverhello_tlsext(SSL *s);
int ssl_check_clienthello_tlsext(SSL *s);
int ssl_check_clienthello_tlsext_early(SSL *s);
int ssl_check_clienthello_tlsext_late(SSL *s);
int ssl_check_serverhello_tlsext(SSL *s);
#ifndef OPENSSL_NO_HEARTBEATS