diff options
| author |   jsing <jsing@openbsd.org> | 2015-09-11 09:24:54 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2015-09-11 09:24:54 +0000 |
| commit | e98425b4e1c198f66d27bf7688f1a5343c23fd76 (patch) | |
| tree | 5ccb8d664dc5439960de973ee73277643518548c | |
| parent | Eliminate use-once variable in readgptlabel() and just use the (diff) | |
| download | wireguard-openbsd-e98425b4e1c198f66d27bf7688f1a5343c23fd76.tar.xz wireguard-openbsd-e98425b4e1c198f66d27bf7688f1a5343c23fd76.zip | |
Store a reference to the peer certificate (if any) upon completion of the
handshake. Free the reference when we reset the TLS context.
ok beck@
| -rw-r--r-- | lib/libtls/tls.c | 7 | ||||
| -rw-r--r-- | lib/libtls/tls_internal.h | 3 |
2 files changed, 8 insertions, 2 deletions
diff --git a/lib/libtls/tls.c b/lib/libtls/tls.c index 282f68edf68..aa49641ab29 100644 --- a/lib/libtls/tls.c +++ b/lib/libtls/tls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls.c,v 1.24 2015/09/10 18:43:03 jsing Exp $ */ +/* $OpenBSD: tls.c,v 1.25 2015/09/11 09:24:54 jsing Exp $ */ /* * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> * @@ -308,9 +308,11 @@ tls_reset(struct tls *ctx) { SSL_CTX_free(ctx->ssl_ctx); SSL_free(ctx->ssl_conn); + X509_free(ctx->ssl_peer_cert); ctx->ssl_conn = NULL; ctx->ssl_ctx = NULL; + ctx->ssl_peer_cert = NULL; ctx->socket = -1; ctx->state = 0; @@ -379,6 +381,9 @@ tls_handshake(struct tls *ctx) else if ((ctx->flags & TLS_SERVER_CONN) != 0) rv = tls_handshake_server(ctx); + if (rv == 0) + ctx->ssl_peer_cert = SSL_get_peer_certificate(ctx->ssl_conn); + /* Prevent callers from performing incorrect error handling */ errno = 0; return (rv); diff --git a/lib/libtls/tls_internal.h b/lib/libtls/tls_internal.h index a5399d5594b..b514847cfe7 100644 --- a/lib/libtls/tls_internal.h +++ b/lib/libtls/tls_internal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_internal.h,v 1.18 2015/09/10 10:14:20 jsing Exp $ */ +/* $OpenBSD: tls_internal.h,v 1.19 2015/09/11 09:24:54 jsing Exp $ */ /* * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org> * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> @@ -67,6 +67,7 @@ struct tls { SSL *ssl_conn; SSL_CTX *ssl_ctx; + X509 *ssl_peer_cert; }; struct tls *tls_new(void); |