diff options
author | Scott Deboy <sdeboy@secondstryke.com> | 2013-06-18 14:34:38 -0700 |
---|---|---|
committer | Scott Deboy <sdeboy@secondstryke.com> | 2014-02-08 16:12:15 -0800 |
commit | 038bec784e528ce273169f178c35991fbc3bea92 (patch) | |
tree | be8a71c2c534db29ea7ee31f1207be9b976b0698 /ssl/ssl_cert.c | |
parent | f407eec799f1f5d271b809875f016f680935567b (diff) |
Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions)
Removed prior audit proof logic - audit proof support was implemented using the generic TLS extension API
Tests exercising the new supplemental data registration and callback api can be found in ssltest.c.
Implemented changes to s_server and s_client to exercise supplemental data callbacks via the -auth argument, as well as additional flags to exercise supplemental data being sent only during renegotiation.
(cherry picked from commit 36086186a9b90cdad0d2cd0a598a10f03f8f4bcc)
Conflicts:
Configure
apps/s_client.c
apps/s_server.c
ssl/ssl.h
ssl/ssl3.h
ssl/ssltest.c
Diffstat (limited to 'ssl/ssl_cert.c')
-rw-r--r-- | ssl/ssl_cert.c | 22 |
1 files changed, 0 insertions, 22 deletions
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index b771105785..1e2ab9da97 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -330,23 +330,6 @@ CERT *ssl_cert_dup(CERT *cert) } rpk->valid_flags = 0; #ifndef OPENSSL_NO_TLSEXT - if (cert->pkeys[i].authz != NULL) - { - /* Just copy everything. */ - ret->pkeys[i].authz_length = - cert->pkeys[i].authz_length; - ret->pkeys[i].authz = - OPENSSL_malloc(ret->pkeys[i].authz_length); - if (ret->pkeys[i].authz == NULL) - { - SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE); - return NULL; - } - memcpy(ret->pkeys[i].authz, - cert->pkeys[i].authz, - cert->pkeys[i].authz_length); - } - if (cert->pkeys[i].serverinfo != NULL) { /* Just copy everything. */ @@ -479,11 +462,6 @@ void ssl_cert_clear_certs(CERT *c) cpk->chain = NULL; } #ifndef OPENSSL_NO_TLSEXT - if (cpk->authz) - { - OPENSSL_free(cpk->authz); - cpk->authz = NULL; - } if (cpk->serverinfo) { OPENSSL_free(cpk->serverinfo); |