generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Call OCSP Stapling callback after ciphersuite has been chosen, so the

Browse Source 
right response is stapled. Also change SSL_get_certificate() so it
returns the certificate actually sent.  See
http://rt.openssl.org/Ticket/Display.html?id=2836.
This commit is contained in:
Ben Laurie
2012-09-11 12:00:25 +00:00
parent d46a1a6178
commit da8512aaff
5 changed files with 87 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
ssl/ssl_lib.c
View File

@@ -2320,7 +2320,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
#endif
/* THIS NEEDS CLEANING UP */
static int ssl_get_server_cert_index(SSL *s)
static int ssl_get_server_cert_index(const SSL *s)
{
unsigned long alg_k, alg_a;
@@ -2371,7 +2371,7 @@ static int ssl_get_server_cert_index(SSL *s)
}
}
CERT_PKEY *ssl_get_server_send_pkey(SSL *s)
CERT_PKEY *ssl_get_server_send_pkey(const SSL *s)
{
CERT *c;
int i;
@@ -2840,6 +2840,14 @@ void ssl_clear_cipher_ctx(SSL *s)
/* Fix this function so that it takes an optional type parameter */
X509 *SSL_get_certificate(const SSL *s)
{
if (s->server)
{
CERT_PKEY *certpkey;
certpkey = ssl_get_server_send_pkey(s);
if (certpkey && certpkey->x509)
return certpkey->x509;
}
if (s->cert != NULL)
return(s->cert->key->x509);
else