New ctrl values to clear or retrieve extra chain certs from an SSL_CTX.
New function to retrieve compression method from SSL_SESSION structure. Delete SSL_SESSION_get_id_len and SSL_SESSION_get0_id functions as they duplicate functionality of SSL_SESSION_get_id. Note: these functions have never appeared in any release version of OpenSSL.
This commit is contained in:
Dr. Stephen Henson
parent
dd0ddc3e78
commit
f5575cd167
3 changed files with 25 additions and 12 deletions
12
ssl/s3_lib.c
12
ssl/s3_lib.c
|
|
@ -3604,6 +3604,18 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
|
|||
sk_X509_push(ctx->extra_certs,(X509 *)parg);
|
||||
break;
|
||||
|
||||
case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
|
||||
*(STACK_OF(X509) **)parg = ctx->extra_certs;
|
||||
break;
|
||||
|
||||
case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
|
||||
if (ctx->extra_certs)
|
||||
{
|
||||
sk_X509_pop_free(ctx->extra_certs, X509_free);
|
||||
ctx->extra_certs = NULL;
|
||||
}
|
||||
break;
|
||||
|
||||
default:
|
||||
return(0);
|
||||
}
|
||||
|
|
|
|||
10
ssl/ssl.h
10
ssl/ssl.h
|
|
@ -1586,6 +1586,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
|
|||
#define SSL_CTRL_CLEAR_OPTIONS 77
|
||||
#define SSL_CTRL_CLEAR_MODE 78
|
||||
|
||||
#define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82
|
||||
#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83
|
||||
|
||||
#define DTLSv1_get_timeout(ssl, arg) \
|
||||
SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
|
||||
#define DTLSv1_handle_timeout(ssl) \
|
||||
|
|
@ -1622,6 +1625,10 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
|
|||
|
||||
#define SSL_CTX_add_extra_chain_cert(ctx,x509) \
|
||||
SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
|
||||
#define SSL_CTX_get_extra_chain_cert(ctx,px509) \
|
||||
SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERT,0,px509)
|
||||
#define SSL_CTX_clear_extra_chain_cert(ctx) \
|
||||
SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERT,0,NULL)
|
||||
|
||||
#ifndef OPENSSL_NO_BIO
|
||||
BIO_METHOD *BIO_f_ssl(void);
|
||||
|
|
@ -1715,8 +1722,6 @@ long SSL_SESSION_set_time(SSL_SESSION *s, long t);
|
|||
long SSL_SESSION_get_timeout(const SSL_SESSION *s);
|
||||
long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
|
||||
void SSL_copy_session_id(SSL *to,const SSL *from);
|
||||
unsigned int SSL_SESSION_get_id_len(SSL_SESSION *s);
|
||||
const unsigned char *SSL_SESSION_get0_id(SSL_SESSION *s);
|
||||
X509 *SSL_SESSION_get0_peer(SSL_SESSION *s);
|
||||
int SSL_SESSION_set1_id_context(SSL_SESSION *s,const unsigned char *sid_ctx,
|
||||
unsigned int sid_ctx_len);
|
||||
|
|
@ -1724,6 +1729,7 @@ int SSL_SESSION_set1_id_context(SSL_SESSION *s,const unsigned char *sid_ctx,
|
|||
SSL_SESSION *SSL_SESSION_new(void);
|
||||
const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
|
||||
unsigned int *len);
|
||||
unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s);
|
||||
#ifndef OPENSSL_NO_FP_API
|
||||
int SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses);
|
||||
#endif
|
||||
|
|
|
|||
|
|
@ -231,6 +231,11 @@ const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
|
|||
return s->session_id;
|
||||
}
|
||||
|
||||
unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s)
|
||||
{
|
||||
return s->compress_meth;
|
||||
}
|
||||
|
||||
/* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1
|
||||
* has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly
|
||||
* until we have no conflict is going to complete in one iteration pretty much
|
||||
|
|
@ -864,16 +869,6 @@ long SSL_SESSION_set_time(SSL_SESSION *s, long t)
|
|||
return(t);
|
||||
}
|
||||
|
||||
unsigned int SSL_SESSION_get_id_len(SSL_SESSION *s)
|
||||
{
|
||||
return s->session_id_length;
|
||||
}
|
||||
|
||||
const unsigned char *SSL_SESSION_get0_id(SSL_SESSION *s)
|
||||
{
|
||||
return s->session_id;
|
||||
}
|
||||
|
||||
X509 *SSL_SESSION_get0_peer(SSL_SESSION *s)
|
||||
{
|
||||
return s->peer;
|
||||
|
|
|
|||
Loading…
Reference in a new issue