generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Remove certificates from sess_cert

Browse Source 
As numerous comments indicate the certificate and key array is not an
appopriate structure to store the peers certificate: so remove it and
just the s->session->peer instead.

Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Dr. Stephen Henson
2015-06-21 19:08:57 +01:00
parent 8d92c1f8a3
commit a273c6eeee
3 changed files with 20 additions and 92 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
ssl/ssl_cert.c
View File

@@ -530,7 +530,6 @@ SESS_CERT *ssl_sess_cert_new(void)
}
memset(ret, 0, sizeof(*ret));
ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]);
ret->references = 1;
return ret;
@@ -558,27 +557,9 @@ void ssl_sess_cert_free(SESS_CERT *sc)
/* i == 0 */
sk_X509_pop_free(sc->cert_chain, X509_free);
for (i = 0; i < SSL_PKEY_NUM; i++) {
X509_free(sc->peer_pkeys[i].x509);
#if 0
/*
* We don't have the peer's private key. This line is just
* here as a reminder that we're still using a not-quite-appropriate
* data structure.
*/
EVP_PKEY_free(sc->peer_pkeys[i].privatekey);
#endif
}
OPENSSL_free(sc);
}
int ssl_set_peer_cert_type(SESS_CERT *sc, int type)
{
sc->peer_cert_type = type;
return (1);
}
int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk)
{
X509 *x;