diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2014-02-05 16:56:58 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2014-02-05 17:06:56 +0000 |
commit | e0d4272a583c760ce008b661b79baf8b3ff24561 (patch) | |
tree | 984ba53faaa1146614514897dfe54e49c9544907 /ssl/s3_lib.c | |
parent | 41c373fa3eced8746882770861e8ba3d1d3089a6 (diff) |
Return per-certificate chain if extra chain is NULL.
If an application calls the macro SSL_CTX_get_extra_chain_certs
return either the old "shared" extra certificates or those associated
with the current certificate.
This means applications which call SSL_CTX_use_certificate_chain_file
and retrieve the additional chain using SSL_CTX_get_extra_chain_certs
will still work. An application which only wants to check the shared
extra certificates can call the new macro
SSL_CTX_get_extra_chain_certs_only
(cherry picked from commit a51f767645c117667d337f77fe1dd9c0a66d8410)
Diffstat (limited to 'ssl/s3_lib.c')
-rw-r--r-- | ssl/s3_lib.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index bb1d50810d..e35f18c5d8 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3915,6 +3915,8 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) case SSL_CTRL_GET_EXTRA_CHAIN_CERTS: *(STACK_OF(X509) **)parg = ctx->extra_certs; + if (parg == NULL && larg == 0) + *(STACK_OF(X509) **)parg = ctx->cert->key->chain; break; case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS: |