From 0f99faba209e74656b4fe1e71a63fb1fced3186e Mon Sep 17 00:00:00 2001 From: jsing Date: Mon, 25 Mar 2019 16:35:48 +0000 Subject: Rework ssl3_output_cert_chain() to take a CERT_PKEY and consider chains. We will now include the certificates in the chain in the certificate list, or use the existing extra_certs if present. Failing that we fall back to the automatic chain building if not disabled. This also simplifies the code significantly. ok beck@ tb@ --- lib/libssl/ssl_clnt.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/libssl/ssl_clnt.c') diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c index f3c439e6c0c..262e09fe5eb 100644 --- a/lib/libssl/ssl_clnt.c +++ b/lib/libssl/ssl_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_clnt.c,v 1.58 2019/03/19 16:53:03 jsing Exp $ */ +/* $OpenBSD: ssl_clnt.c,v 1.59 2019/03/25 16:35:48 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2693,7 +2693,7 @@ ssl3_send_client_certificate(SSL *s) SSL3_MT_CERTIFICATE)) goto err; if (!ssl3_output_cert_chain(s, &client_cert, - (S3I(s)->tmp.cert_req == 2) ? NULL : s->cert->key->x509)) + (S3I(s)->tmp.cert_req == 2) ? NULL : s->cert->key)) goto err; if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; -- cgit v1.2.3-59-g8ed1b