Add new ctrl to retrieve client certificate types, print out
details in s_client. Also add ctrl to set client certificate types. If not used sensible values will be included based on supported signature algorithms: for example if we don't include any DSA signing algorithms the DSA certificate type is omitted. Fix restriction in old code where certificate types would be truncated if it exceeded TLS_CT_NUMBER. (backport from HEAD)
This commit is contained in:
Dr. Stephen Henson
@@ -1937,11 +1937,22 @@ int ssl3_get_certificate_request(SSL *s)
|
||||
|
||||
/* get the certificate types */
|
||||
ctype_num= *(p++);
|
||||
if (s->cert->ctypes)
|
||||
{
|
||||
OPENSSL_free(s->cert->ctypes);
|
||||
s->cert->ctypes = NULL;
|
||||
}
|
||||
if (ctype_num > SSL3_CT_NUMBER)
|
||||
{
|
||||
/* If we exceed static buffer copy all to cert structure */
|
||||
s->cert->ctypes = OPENSSL_malloc(ctype_num);
|
||||
memcpy(s->cert->ctypes, p, ctype_num);
|
||||
s->cert->ctype_num = (size_t)ctype_num;
|
||||
ctype_num=SSL3_CT_NUMBER;
|
||||
}
|
||||
for (i=0; i<ctype_num; i++)
|
||||
s->s3->tmp.ctype[i]= p[i];
|
||||
p+=ctype_num;
|
||||
p+=p[-1];
|
||||
if (TLS1_get_version(s) >= TLS1_2_VERSION)
|
||||
{
|
||||
n2s(p, llen);
|
||||
|
||||
Reference in New Issue
Block a user