New ctrl values to clear or retrieve extra chain certs from an SSL_CTX.
New function to retrieve compression method from SSL_SESSION structure. Delete SSL_SESSION_get_id_len and SSL_SESSION_get0_id functions as they duplicate functionality of SSL_SESSION_get_id. Note: these functions have never appeared in any release version of OpenSSL.
This commit is contained in:
Dr. Stephen Henson
parent
ad89bf7894
commit
f9b0b45238
@ -3002,10 +3002,10 @@ static int add_session(SSL *ssl, SSL_SESSION *session)
|
||||
|
||||
sess = OPENSSL_malloc(sizeof(simple_ssl_session));
|
||||
|
||||
sess->idlen = SSL_SESSION_get_id_len(session);
|
||||
SSL_SESSION_get_id(session, &sess->idlen);
|
||||
sess->derlen = i2d_SSL_SESSION(session, NULL);
|
||||
|
||||
sess->id = BUF_memdup(SSL_SESSION_get0_id(session), sess->idlen);
|
||||
sess->id = BUF_memdup(SSL_SESSION_get_id(session, NULL), sess->idlen);
|
||||
|
||||
sess->der = OPENSSL_malloc(sess->derlen);
|
||||
p = sess->der;
|
||||
@ -3038,8 +3038,9 @@ static SSL_SESSION *get_session(SSL *ssl, unsigned char *id, int idlen,
|
||||
static void del_session(SSL_CTX *sctx, SSL_SESSION *session)
|
||||
{
|
||||
simple_ssl_session *sess, *prev = NULL;
|
||||
const unsigned char *id = SSL_SESSION_get0_id(session);
|
||||
unsigned int idlen = SSL_SESSION_get_id_len(session);
|
||||
const unsigned char *id;
|
||||
unsigned int idlen;
|
||||
id = SSL_SESSION_get_id(session, &idlen);
|
||||
for (sess = first; sess; sess = sess->next)
|
||||
{
|
||||
if (idlen == sess->idlen && !memcmp(sess->id, id, idlen))
|
||||
|
||||
12
ssl/s3_lib.c
12
ssl/s3_lib.c
@ -3609,6 +3609,18 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
|
||||
sk_X509_push(ctx->extra_certs,(X509 *)parg);
|
||||
break;
|
||||
|
||||
case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
|
||||
*(STACK_OF(X509) **)parg = ctx->extra_certs;
|
||||
break;
|
||||
|
||||
case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
|
||||
if (ctx->extra_certs)
|
||||
{
|
||||
sk_X509_pop_free(ctx->extra_certs, X509_free);
|
||||
ctx->extra_certs = NULL;
|
||||
}
|
||||
break;
|
||||
|
||||
default:
|
||||
return(0);
|
||||
}
|
||||
|
||||
10
ssl/ssl.h
10
ssl/ssl.h
@ -1595,6 +1595,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
|
||||
#define SSL_CTRL_CLEAR_MODE 78
|
||||
#define SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB 79
|
||||
|
||||
#define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82
|
||||
#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83
|
||||
|
||||
#define DTLSv1_get_timeout(ssl, arg) \
|
||||
SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
|
||||
#define DTLSv1_handle_timeout(ssl) \
|
||||
@ -1631,6 +1634,10 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
|
||||
|
||||
#define SSL_CTX_add_extra_chain_cert(ctx,x509) \
|
||||
SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
|
||||
#define SSL_CTX_get_extra_chain_cert(ctx,px509) \
|
||||
SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERT,0,px509)
|
||||
#define SSL_CTX_clear_extra_chain_cert(ctx) \
|
||||
SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERT,0,NULL)
|
||||
|
||||
#ifndef OPENSSL_NO_BIO
|
||||
BIO_METHOD *BIO_f_ssl(void);
|
||||
@ -1724,8 +1731,6 @@ long SSL_SESSION_set_time(SSL_SESSION *s, long t);
|
||||
long SSL_SESSION_get_timeout(const SSL_SESSION *s);
|
||||
long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
|
||||
void SSL_copy_session_id(SSL *to,const SSL *from);
|
||||
unsigned int SSL_SESSION_get_id_len(SSL_SESSION *s);
|
||||
const unsigned char *SSL_SESSION_get0_id(SSL_SESSION *s);
|
||||
X509 *SSL_SESSION_get0_peer(SSL_SESSION *s);
|
||||
int SSL_SESSION_set1_id_context(SSL_SESSION *s,const unsigned char *sid_ctx,
|
||||
unsigned int sid_ctx_len);
|
||||
@ -1733,6 +1738,7 @@ int SSL_SESSION_set1_id_context(SSL_SESSION *s,const unsigned char *sid_ctx,
|
||||
SSL_SESSION *SSL_SESSION_new(void);
|
||||
const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
|
||||
unsigned int *len);
|
||||
unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s);
|
||||
#ifndef OPENSSL_NO_FP_API
|
||||
int SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses);
|
||||
#endif
|
||||
|
||||
@ -231,6 +231,11 @@ const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
|
||||
return s->session_id;
|
||||
}
|
||||
|
||||
unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s)
|
||||
{
|
||||
return s->compress_meth;
|
||||
}
|
||||
|
||||
/* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1
|
||||
* has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly
|
||||
* until we have no conflict is going to complete in one iteration pretty much
|
||||
@ -862,16 +867,6 @@ long SSL_SESSION_set_time(SSL_SESSION *s, long t)
|
||||
return(t);
|
||||
}
|
||||
|
||||
unsigned int SSL_SESSION_get_id_len(SSL_SESSION *s)
|
||||
{
|
||||
return s->session_id_length;
|
||||
}
|
||||
|
||||
const unsigned char *SSL_SESSION_get0_id(SSL_SESSION *s)
|
||||
{
|
||||
return s->session_id;
|
||||
}
|
||||
|
||||
X509 *SSL_SESSION_get0_peer(SSL_SESSION *s)
|
||||
{
|
||||
return s->peer;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user