generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Return per-certificate chain if extra chain is NULL.

Browse Source 
If an application calls the macro SSL_CTX_get_extra_chain_certs
return either the old "shared" extra certificates or those associated
with the current certificate.

This means applications which call SSL_CTX_use_certificate_chain_file
and retrieve the additional chain using SSL_CTX_get_extra_chain_certs
will still work. An application which only wants to check the shared
extra certificates can call the new macro
SSL_CTX_get_extra_chain_certs_only
This commit is contained in:
Dr. Stephen Henson
2014-02-05 16:56:58 +00:00
parent 5a42c8f07f
commit a51f767645
2 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ssl/s3_lib.c
View File

@@ -3909,6 +3909,8 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
*(STACK_OF(X509) **)parg = ctx->extra_certs;
if (parg == NULL && larg == 0)
*(STACK_OF(X509) **)parg = ctx->cert->key->chain;
break;
case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS: