generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix PSK identity hint handling.

Browse Source 
For server use a PSK identity hint value in the CERT structure which
is inherited when SSL_new is called and which allows applications to
set hints on a per-SSL basis. The previous version of
SSL_use_psk_identity_hint tried (wrongly) to use the SSL_SESSION structure.

PR#4039

Reviewed-by: Matt Caswell <matt@openssl.org>
This commit is contained in:
Dr. Stephen Henson
2015-09-14 17:58:04 +01:00
parent aabd492320
commit df6da24bda
5 changed files with 30 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
ssl/ssl_cert.c
View File

@@ -334,6 +334,12 @@ CERT *ssl_cert_dup(CERT *cert)
if (!custom_exts_copy(&ret->srv_ext, &cert->srv_ext))
goto err;
if (cert->psk_identity_hint) {
ret->psk_identity_hint = BUF_strdup(cert->psk_identity_hint);
if (ret->psk_identity_hint == NULL)
goto err;
}
return (ret);
err:
@@ -402,6 +408,9 @@ void ssl_cert_free(CERT *c)
X509_STORE_free(c->chain_store);
custom_exts_free(&c->cli_ext);
custom_exts_free(&c->srv_ext);
#ifndef OPENSSL_NO_PSK
OPENSSL_free(c->psk_identity_hint);
#endif
OPENSSL_free(c);
}