diff options
| author |   jsing <jsing@openbsd.org> | 2019-03-25 16:35:48 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2019-03-25 16:35:48 +0000 |
| commit | 0f99faba209e74656b4fe1e71a63fb1fced3186e (patch) | |
| tree | 77d5a8554577edac5c37835d267b8f41a952c3ce /lib/libssl/ssl_srvr.c | |
| parent | Add a chain member to CERT_PKEY and provide functions for manipulating it. (diff) | |
| download | wireguard-openbsd-0f99faba209e74656b4fe1e71a63fb1fced3186e.tar.xz wireguard-openbsd-0f99faba209e74656b4fe1e71a63fb1fced3186e.zip | |
Rework ssl3_output_cert_chain() to take a CERT_PKEY and consider chains.
We will now include the certificates in the chain in the certificate list,
or use the existing extra_certs if present. Failing that we fall back to
the automatic chain building if not disabled.
This also simplifies the code significantly.
ok beck@ tb@
Diffstat (limited to 'lib/libssl/ssl_srvr.c')
| -rw-r--r-- | lib/libssl/ssl_srvr.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c index 6872fa3523a..f2aafc30326 100644 --- a/lib/libssl/ssl_srvr.c +++ b/lib/libssl/ssl_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_srvr.c,v 1.64 2019/02/09 15:26:15 jsing Exp $ */ +/* $OpenBSD: ssl_srvr.c,v 1.65 2019/03/25 16:35:48 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2467,7 +2467,7 @@ int ssl3_send_server_certificate(SSL *s) { CBB cbb, server_cert; - X509 *x; + CERT_PKEY *cpk; /* * Server Certificate - RFC 5246, section 7.4.2. @@ -2476,7 +2476,7 @@ ssl3_send_server_certificate(SSL *s) memset(&cbb, 0, sizeof(cbb)); if (S3I(s)->hs.state == SSL3_ST_SW_CERT_A) { - if ((x = ssl_get_server_send_cert(s)) == NULL) { + if ((cpk = ssl_get_server_send_pkey(s)) == NULL) { SSLerror(s, ERR_R_INTERNAL_ERROR); return (0); } @@ -2484,7 +2484,7 @@ ssl3_send_server_certificate(SSL *s) if (!ssl3_handshake_msg_start(s, &cbb, &server_cert, SSL3_MT_CERTIFICATE)) goto err; - if (!ssl3_output_cert_chain(s, &server_cert, x)) + if (!ssl3_output_cert_chain(s, &server_cert, cpk)) goto err; if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; |