summaryrefslogtreecommitdiffstats
path: root/lib/libssl/src/ssl/s3_both.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/libssl/src/ssl/s3_both.c')
-rw-r--r--lib/libssl/src/ssl/s3_both.c25
1 files changed, 18 insertions, 7 deletions
diff --git a/lib/libssl/src/ssl/s3_both.c b/lib/libssl/src/ssl/s3_both.c
index 8864366f592..64d317b7ac3 100644
--- a/lib/libssl/src/ssl/s3_both.c
+++ b/lib/libssl/src/ssl/s3_both.c
@@ -268,16 +268,23 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
X509_STORE_CTX xs_ctx;
X509_OBJECT obj;
+ int no_chain;
+
+ if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs)
+ no_chain = 1;
+ else
+ no_chain = 0;
+
/* TLSv1 sends a chain with nothing in it, instead of an alert */
buf=s->init_buf;
- if (!BUF_MEM_grow(buf,(int)(10)))
+ if (!BUF_MEM_grow_clean(buf,10))
{
SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
return(0);
}
if (x != NULL)
{
- if(!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL))
+ if(!no_chain && !X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL))
{
SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
return(0);
@@ -286,7 +293,7 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
for (;;)
{
n=i2d_X509(x,NULL);
- if (!BUF_MEM_grow(buf,(int)(n+l+3)))
+ if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
{
SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
return(0);
@@ -295,6 +302,10 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
l2n3(n,p);
i2d_X509(x,&p);
l+=n+3;
+
+ if (no_chain)
+ break;
+
if (X509_NAME_cmp(X509_get_subject_name(x),
X509_get_issuer_name(x)) == 0) break;
@@ -306,8 +317,8 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
* ref count */
X509_free(x);
}
-
- X509_STORE_CTX_cleanup(&xs_ctx);
+ if (!no_chain)
+ X509_STORE_CTX_cleanup(&xs_ctx);
}
/* Thawte special :-) */
@@ -316,7 +327,7 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
{
x=sk_X509_value(s->ctx->extra_certs,i);
n=i2d_X509(x,NULL);
- if (!BUF_MEM_grow(buf,(int)(n+l+3)))
+ if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
{
SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
return(0);
@@ -439,7 +450,7 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
goto f_err;
}
- if (l && !BUF_MEM_grow(s->init_buf,(int)l+4))
+ if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l+4))
{
SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB);
goto err;
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.