generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Move peer chain to SSL_SESSION structure.

Browse Source 
Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Dr. Stephen Henson 2015-06-21 19:34:33 +01:00
parent 8df53b7a7c
commit c34b0f9930
6 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ssl/s3_clnt.c
View File

@ -1329,7 +1329,7 @@ int ssl3_get_server_certificate(SSL *s)
ssl_sess_cert_free(s->session->sess_cert); ssl_sess_cert_free(s->session->sess_cert);
s->session->sess_cert = sc; s->session->sess_cert = sc;
sc->cert_chain = sk; s->session->peer_chain = sk;
/* /*
* Inconsistency alert: cert_chain does include the peer's certificate, * Inconsistency alert: cert_chain does include the peer's certificate,
* which we don't include in s3_srvr.c * which we don't include in s3_srvr.c

4
ssl/s3_srvr.c
View File

@ -3206,8 +3206,8 @@ int ssl3_get_client_certificate(SSL *s)
goto done; goto done;
} }
} }
sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free); sk_X509_pop_free(s->session->peer_chain, X509_free);
s->session->sess_cert->cert_chain = sk; s->session->peer_chain = sk;
/* /*
* Inconsistency alert: cert_chain does *not* include the peer's own * Inconsistency alert: cert_chain does *not* include the peer's own
* certificate, while we do include it in s3_clnt.c * certificate, while we do include it in s3_clnt.c

1
ssl/ssl_cert.c
View File

@ -556,7 +556,6 @@ void ssl_sess_cert_free(SESS_CERT *sc)
#endif #endif
/* i == 0 */ /* i == 0 */
sk_X509_pop_free(sc->cert_chain, X509_free);
OPENSSL_free(sc); OPENSSL_free(sc);
} }

5
ssl/ssl_lib.c
View File

@ -834,11 +834,10 @@ STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s)
{ {
STACK_OF(X509) *r; STACK_OF(X509) *r;
if ((s == NULL) || (s->session == NULL) if ((s == NULL) || (s->session == NULL))
|| (s->session->sess_cert == NULL))
r = NULL; r = NULL;
else else
r = s->session->sess_cert->cert_chain; r = s->session->peer_chain;
/* /*
* If we are a client, cert_chain includes the peer's own certificate; if * If we are a client, cert_chain includes the peer's own certificate; if

3
ssl/ssl_locl.h
View File

@ -629,6 +629,8 @@ struct ssl_session_st {
/* This is the cert and type for the other end. */ /* This is the cert and type for the other end. */
X509 *peer; X509 *peer;
int peer_type; int peer_type;
/* Certificate chain of peer */
STACK_OF(X509) *peer_chain;
/* /*
* when app_verify_callback accepts a session where the peer's * when app_verify_callback accepts a session where the peer's
* certificate is not ok, we must remember the error for session reuse: * certificate is not ok, we must remember the error for session reuse:
@ -1587,7 +1589,6 @@ typedef struct cert_st {
} CERT; } CERT;
typedef struct sess_cert_st { typedef struct sess_cert_st {
STACK_OF(X509) *cert_chain; /* as received from peer */
int references; /* actually always 1 at the moment */ int references; /* actually always 1 at the moment */
} SESS_CERT; } SESS_CERT;
/* Structure containing decoded values of signature algorithms extension */ /* Structure containing decoded values of signature algorithms extension */

1
ssl/ssl_sess.c
View File

@ -845,6 +845,7 @@ void SSL_SESSION_free(SSL_SESSION *ss)
OPENSSL_cleanse(ss->session_id, sizeof ss->session_id); OPENSSL_cleanse(ss->session_id, sizeof ss->session_id);
ssl_sess_cert_free(ss->sess_cert); ssl_sess_cert_free(ss->sess_cert);
X509_free(ss->peer); X509_free(ss->peer);
sk_X509_pop_free(ss->peer_chain, X509_free);
sk_SSL_CIPHER_free(ss->ciphers); sk_SSL_CIPHER_free(ss->ciphers);
OPENSSL_free(ss->tlsext_hostname); OPENSSL_free(ss->tlsext_hostname);
OPENSSL_free(ss->tlsext_tick); OPENSSL_free(ss->tlsext_tick);