diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2012-04-06 11:58:17 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2012-04-06 11:58:17 +0000 |
commit | 736d69750dd248e246abf3d0377ba240aa0e8226 (patch) | |
tree | 81c4beef90f145ccb8d548c2609f8bc81cc56d8d /ssl/d1_both.c | |
parent | 0cb9dbed4e131c83fcd3ac683294def87f566695 (diff) |
Backport: tidy/enhance certificate chain output code (from HEAD)
Diffstat (limited to 'ssl/d1_both.c')
-rw-r--r-- | ssl/d1_both.c | 62 |
1 files changed, 3 insertions, 59 deletions
diff --git a/ssl/d1_both.c b/ssl/d1_both.c index de8bab873f..fdadebcd71 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -992,70 +992,14 @@ int dtls1_send_change_cipher_spec(SSL *s, int a, int b) return(dtls1_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC)); } -static int dtls1_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x) - { - int n; - unsigned char *p; - - n=i2d_X509(x,NULL); - if (!BUF_MEM_grow_clean(buf,(int)(n+(*l)+3))) - { - SSLerr(SSL_F_DTLS1_ADD_CERT_TO_BUF,ERR_R_BUF_LIB); - return 0; - } - p=(unsigned char *)&(buf->data[*l]); - l2n3(n,p); - i2d_X509(x,&p); - *l+=n+3; - - return 1; - } unsigned long dtls1_output_cert_chain(SSL *s, X509 *x) { unsigned char *p; - int i; unsigned long l= 3 + DTLS1_HM_HEADER_LENGTH; - BUF_MEM *buf; + BUF_MEM *buf=s->init_buf; - /* TLSv1 sends a chain with nothing in it, instead of an alert */ - buf=s->init_buf; - if (!BUF_MEM_grow_clean(buf,10)) - { - SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); - return(0); - } - if (x != NULL) - { - X509_STORE_CTX xs_ctx; - - if (!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,x,NULL)) - { - SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB); - return(0); - } - - X509_verify_cert(&xs_ctx); - /* Don't leave errors in the queue */ - ERR_clear_error(); - for (i=0; i < sk_X509_num(xs_ctx.chain); i++) - { - x = sk_X509_value(xs_ctx.chain, i); - - if (!dtls1_add_cert_to_buf(buf, &l, x)) - { - X509_STORE_CTX_cleanup(&xs_ctx); - return 0; - } - } - X509_STORE_CTX_cleanup(&xs_ctx); - } - /* Thawte special :-) */ - for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++) - { - x=sk_X509_value(s->ctx->extra_certs,i); - if (!dtls1_add_cert_to_buf(buf, &l, x)) - return 0; - } + if (!ssl_add_cert_chain(s, x, &l)) + return 0; l-= (3 + DTLS1_HM_HEADER_LENGTH); |