RFC 5878 support.

2012-05-29 17:27:48 +00:00
parent 0de5a0feee
commit 8a02a46a5c
18 changed files with 859 additions and 57 deletions
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -334,6 +334,22 @@ CERT *ssl_cert_dup(CERT *cert)
 				CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
 				}
 			}
+                if (cert->pkeys[i].authz != NULL)
+			{
+			/* Just copy everything. */
+			ret->pkeys[i].authz_length =
+				cert->pkeys[i].authz_length;
+			ret->pkeys[i].authz =
+				OPENSSL_malloc(ret->pkeys[i].authz_length);
+			if (ret->pkeys[i].authz == NULL)
+				{
+				SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
+				return(NULL);
+				}
+			memcpy(ret->pkeys[i].authz,
+			       cert->pkeys[i].authz,
+			       cert->pkeys[i].authz_length);
+			}
 		}
 	
 	ret->references=1;
@@ -421,6 +437,10 @@ void ssl_cert_free(CERT *c)
 #if 0
 		if (c->pkeys[i].publickey != NULL)
 			EVP_PKEY_free(c->pkeys[i].publickey);
+#endif
+#ifndef OPENSSL_NO_TLSEXT
+                if (c->pkeys[i].authz != NULL)
+			OPENSSL_free(c->pkeys[i].authz);
 #endif
 		}
 	if (c->sigalgs)