Move peer chain to SSL_SESSION structure.
Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Dr. Stephen Henson
parent
8df53b7a7c
commit
c34b0f9930
6 changed files with 8 additions and 8 deletions
|
|
@ -1329,7 +1329,7 @@ int ssl3_get_server_certificate(SSL *s)
|
|||
ssl_sess_cert_free(s->session->sess_cert);
|
||||
s->session->sess_cert = sc;
|
||||
|
||||
sc->cert_chain = sk;
|
||||
s->session->peer_chain = sk;
|
||||
/*
|
||||
* Inconsistency alert: cert_chain does include the peer's certificate,
|
||||
* which we don't include in s3_srvr.c
|
||||
|
|
|
|||
|
|
@ -3206,8 +3206,8 @@ int ssl3_get_client_certificate(SSL *s)
|
|||
goto done;
|
||||
}
|
||||
}
|
||||
sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free);
|
||||
s->session->sess_cert->cert_chain = sk;
|
||||
sk_X509_pop_free(s->session->peer_chain, X509_free);
|
||||
s->session->peer_chain = sk;
|
||||
/*
|
||||
* Inconsistency alert: cert_chain does *not* include the peer's own
|
||||
* certificate, while we do include it in s3_clnt.c
|
||||
|
|
|
|||
|
|
@ -556,7 +556,6 @@ void ssl_sess_cert_free(SESS_CERT *sc)
|
|||
#endif
|
||||
|
||||
/* i == 0 */
|
||||
sk_X509_pop_free(sc->cert_chain, X509_free);
|
||||
OPENSSL_free(sc);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -834,11 +834,10 @@ STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s)
|
|||
{
|
||||
STACK_OF(X509) *r;
|
||||
|
||||
if ((s == NULL) || (s->session == NULL)
|
||||
|| (s->session->sess_cert == NULL))
|
||||
if ((s == NULL) || (s->session == NULL))
|
||||
r = NULL;
|
||||
else
|
||||
r = s->session->sess_cert->cert_chain;
|
||||
r = s->session->peer_chain;
|
||||
|
||||
/*
|
||||
* If we are a client, cert_chain includes the peer's own certificate; if
|
||||
|
|
|
|||
|
|
@ -629,6 +629,8 @@ struct ssl_session_st {
|
|||
/* This is the cert and type for the other end. */
|
||||
X509 *peer;
|
||||
int peer_type;
|
||||
/* Certificate chain of peer */
|
||||
STACK_OF(X509) *peer_chain;
|
||||
/*
|
||||
* when app_verify_callback accepts a session where the peer's
|
||||
* certificate is not ok, we must remember the error for session reuse:
|
||||
|
|
@ -1587,7 +1589,6 @@ typedef struct cert_st {
|
|||
} CERT;
|
||||
|
||||
typedef struct sess_cert_st {
|
||||
STACK_OF(X509) *cert_chain; /* as received from peer */
|
||||
int references; /* actually always 1 at the moment */
|
||||
} SESS_CERT;
|
||||
/* Structure containing decoded values of signature algorithms extension */
|
||||
|
|
|
|||
|
|
@ -845,6 +845,7 @@ void SSL_SESSION_free(SSL_SESSION *ss)
|
|||
OPENSSL_cleanse(ss->session_id, sizeof ss->session_id);
|
||||
ssl_sess_cert_free(ss->sess_cert);
|
||||
X509_free(ss->peer);
|
||||
sk_X509_pop_free(ss->peer_chain, X509_free);
|
||||
sk_SSL_CIPHER_free(ss->ciphers);
|
||||
OPENSSL_free(ss->tlsext_hostname);
|
||||
OPENSSL_free(ss->tlsext_tick);
|
||||
|
|
|
|||
Loading…
Reference in a new issue