generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

CERT tidy

Browse Source 
Move per-connection state out of the CERT structure: which should just be
for shared configuration data (e.g. certificates to use).

In particular move temporary premaster secret, raw ciphers, peer signature
algorithms and shared signature algorithms.

Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
Dr. Stephen Henson
2015-05-12 17:17:37 +01:00
parent 6c5b6cb035
commit 76106e60a8
7 changed files with 54 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
ssl/ssl_lib.c
View File

@@ -1076,10 +1076,10 @@ long SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
case SSL_CTRL_GET_RAW_CIPHERLIST:
if (parg) {
if (s->cert->ciphers_raw == NULL)
if (s->s3->tmp.ciphers_raw == NULL)
return 0;
*(unsigned char **)parg = s->cert->ciphers_raw;
return (int)s->cert->ciphers_rawlen;
*(unsigned char **)parg = s->s3->tmp.ciphers_raw;
return (int)s->s3->tmp.ciphers_rawlen;
} else
return ssl_put_cipher_by_char(s, NULL, NULL);
case SSL_CTRL_GET_EXTMS_SUPPORT:
@@ -2826,15 +2826,6 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx)
if (new_cert == NULL) {
return NULL;
}
/* Preserve any already negotiated parameters */
if (ssl->server) {
new_cert->peer_sigalgs = ssl->cert->peer_sigalgs;
new_cert->peer_sigalgslen = ssl->cert->peer_sigalgslen;
ssl->cert->peer_sigalgs = NULL;
new_cert->ciphers_raw = ssl->cert->ciphers_raw;
new_cert->ciphers_rawlen = ssl->cert->ciphers_rawlen;
ssl->cert->ciphers_raw = NULL;
}
ssl_cert_free(ssl->cert);
ssl->cert = new_cert;