Backport: tidy/enhance certificate chain output code (from HEAD)

1 files changed, 3 insertions, 59 deletions

diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index de8bab873f..fdadebcd71 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -992,70 +992,14 @@ int dtls1_send_change_cipher_spec(SSL *s, int a, int b)
 	return(dtls1_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC));
 	}
 
-static int dtls1_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
-	{
-	int n;
-	unsigned char *p;
-
-	n=i2d_X509(x,NULL);
-	if (!BUF_MEM_grow_clean(buf,(int)(n+(*l)+3)))
-		{
-		SSLerr(SSL_F_DTLS1_ADD_CERT_TO_BUF,ERR_R_BUF_LIB);
-		return 0;
-		}
-	p=(unsigned char *)&(buf->data[*l]);
-	l2n3(n,p);
-	i2d_X509(x,&p);
-	*l+=n+3;
-
-	return 1;
-	}
 unsigned long dtls1_output_cert_chain(SSL *s, X509 *x)
 	{
 	unsigned char *p;
-	int i;
 	unsigned long l= 3 + DTLS1_HM_HEADER_LENGTH;
-	BUF_MEM *buf;
+	BUF_MEM *buf=s->init_buf;
 
-	/* TLSv1 sends a chain with nothing in it, instead of an alert */
-	buf=s->init_buf;
-	if (!BUF_MEM_grow_clean(buf,10))
-		{
-		SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
-		return(0);
-		}
-	if (x != NULL)
-		{
-		X509_STORE_CTX xs_ctx;
-
-		if (!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,x,NULL))
-  			{
-  			SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
-  			return(0);
-  			}
-  
-		X509_verify_cert(&xs_ctx);
-		/* Don't leave errors in the queue */
-		ERR_clear_error();
-		for (i=0; i < sk_X509_num(xs_ctx.chain); i++)
-  			{
-			x = sk_X509_value(xs_ctx.chain, i);
-
-			if (!dtls1_add_cert_to_buf(buf, &l, x))
-  				{
-				X509_STORE_CTX_cleanup(&xs_ctx);
-				return 0;
-  				}
-  			}
-  		X509_STORE_CTX_cleanup(&xs_ctx);
-  		}
-  	/* Thawte special :-) */
-	for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++)
-		{
-		x=sk_X509_value(s->ctx->extra_certs,i);
-		if (!dtls1_add_cert_to_buf(buf, &l, x))
-			return 0;
-		}
+	if (!ssl_add_cert_chain(s, x, &l))
+		return 0;
 
 	l-= (3 + DTLS1_HM_HEADER_LENGTH);