diff options
author | Todd Short <tshort@akamai.com> | 2022-08-29 17:00:07 -0400 |
---|---|---|
committer | Todd Short <todd.short@me.com> | 2022-10-18 09:30:22 -0400 |
commit | 72620ac79133ca7a4553b70573fd100257e8269d (patch) | |
tree | 073b53597be47023941448acedc268111b045b6c /ssl/ssl_cert_comp.c | |
parent | 7e3cacac943d298348d97c8f7f980ca0916378c5 (diff) |
Add `for_comp` flag when retrieving certs for compression
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18186)
Diffstat (limited to 'ssl/ssl_cert_comp.c')
-rw-r--r-- | ssl/ssl_cert_comp.c | 19 |
1 files changed, 3 insertions, 16 deletions
diff --git a/ssl/ssl_cert_comp.c b/ssl/ssl_cert_comp.c index a86282279c..654da2dc03 100644 --- a/ssl/ssl_cert_comp.c +++ b/ssl/ssl_cert_comp.c @@ -198,7 +198,6 @@ static size_t ssl_get_cert_to_compress(SSL *ssl, CERT_PKEY *cpk, unsigned char * WPACKET tmppkt; BUF_MEM buf = { 0 }; size_t ret = 0; - const SSL_METHOD *method = NULL; if (sc == NULL || cpk == NULL @@ -215,26 +214,14 @@ static size_t ssl_get_cert_to_compress(SSL *ssl, CERT_PKEY *cpk, unsigned char * goto out; /* - * ssl3_output_cert_chain() may generate an SSLfata() error, - * for this case, we want to ignore it + * ssl3_output_cert_chain() may generate an SSLfatal() error, + * for this case, we want to ignore it, argument for_comp = 1 */ - sc->statem.ignore_fatal = 1; - ERR_set_mark(); - /* Must get the certificate as TLSv1.3, restore before returning */ - method = SSL_get_ssl_method(ssl); - if (!SSL_set_ssl_method(ssl, tlsv1_3_server_method())) - goto out; - - if (!ssl3_output_cert_chain(sc, &tmppkt, cpk)) + if (!ssl3_output_cert_chain(sc, &tmppkt, cpk, 1)) goto out; WPACKET_get_total_written(&tmppkt, &ret); out: - /* Don't leave errors in the queue */ - ERR_pop_to_mark(); - sc->statem.ignore_fatal = 0; - if (method != NULL && !SSL_set_ssl_method(ssl, method)) - ret = 0; WPACKET_cleanup(&tmppkt); if (ret != 0 && data != NULL) *data = (unsigned char *)buf.data; |