diff options
| author | Todd Short <tshort@akamai.com> | 2019-04-11 10:47:13 -0400 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2020-07-16 09:08:21 +0200 |
| commit | 8c2bfd25129aea1b1f1b66ec753b21955f8ed523 (patch) | |
| tree | 530798b60ed46a10265c5a061dedfd2694918ce3 /apps | |
| parent | 55affcadbe4aac7d4832448b8c071b582da4e344 (diff) | |
Add SSL_get[01]_peer_certificate()
Deprecate SSL_get_peer_certificte() and replace with
SSL_get1_peer_certificate().
Add SSL_get0_peer_certificate.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/8730)
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/lib/s_cb.c | 3 | ||||
| -rw-r--r-- | apps/s_client.c | 3 | ||||
| -rw-r--r-- | apps/s_server.c | 6 |
3 files changed, 4 insertions, 8 deletions
diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c index 5bddde5b03..de72bde9ed 100644 --- a/apps/lib/s_cb.c +++ b/apps/lib/s_cb.c @@ -1227,7 +1227,7 @@ void print_ssl_summary(SSL *s) c = SSL_get_current_cipher(s); BIO_printf(bio_err, "Ciphersuite: %s\n", SSL_CIPHER_get_name(c)); do_print_sigalgs(bio_err, s, 0); - peer = SSL_get_peer_certificate(s); + peer = SSL_get0_peer_certificate(s); if (peer != NULL) { int nid; @@ -1243,7 +1243,6 @@ void print_ssl_summary(SSL *s) } else { BIO_puts(bio_err, "No peer certificate\n"); } - X509_free(peer); #ifndef OPENSSL_NO_EC ssl_print_point_formats(bio_err, s); if (SSL_is_server(s)) diff --git a/apps/s_client.c b/apps/s_client.c index 5a5a40c927..91b21003fb 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -3241,7 +3241,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) } BIO_printf(bio, "---\n"); - peer = SSL_get_peer_certificate(s); + peer = SSL_get0_peer_certificate(s); if (peer != NULL) { BIO_printf(bio, "Server certificate\n"); @@ -3421,7 +3421,6 @@ static void print_stuff(BIO *bio, SSL *s, int full) OPENSSL_free(exportedkeymat); } BIO_printf(bio, "---\n"); - X509_free(peer); /* flush, or debugging output gets mixed with http response */ (void)BIO_flush(bio); } diff --git a/apps/s_server.c b/apps/s_server.c index 9995953526..15d479ce0e 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -2939,12 +2939,11 @@ static void print_connection_info(SSL *con) PEM_write_bio_SSL_SESSION(bio_s_out, SSL_get_session(con)); - peer = SSL_get_peer_certificate(con); + peer = SSL_get0_peer_certificate(con); if (peer != NULL) { BIO_printf(bio_s_out, "Client certificate\n"); PEM_write_bio_X509(bio_s_out, peer); dump_cert_text(bio_s_out, peer); - X509_free(peer); peer = NULL; } @@ -3265,12 +3264,11 @@ static int www_body(int s, int stype, int prot, unsigned char *context) BIO_printf(io, "---\n"); print_stats(io, SSL_get_SSL_CTX(con)); BIO_printf(io, "---\n"); - peer = SSL_get_peer_certificate(con); + peer = SSL_get0_peer_certificate(con); if (peer != NULL) { BIO_printf(io, "Client certificate\n"); X509_print(io, peer); PEM_write_bio_X509(io, peer); - X509_free(peer); peer = NULL; } else { BIO_puts(io, "no client certificate available\n"); |