diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2012-12-26 14:44:56 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2012-12-26 14:44:56 +0000 |
commit | 04c32cddaa5bfdc08a2f4253d90a53bedbcab8e6 (patch) | |
tree | 3a32d4133ade4f6ed4921ddce1e999f8c6632e37 /ssl/ssl_cert.c | |
parent | 623a5e24cbec899d21a0cc90f74071e511072c30 (diff) |
Separate client and server permitted signature algorithm support: by default
the permitted signature algorithms for server and client authentication
are the same but it is now possible to set different algorithms for client
authentication only.
(backport from HEAD)
Diffstat (limited to 'ssl/ssl_cert.c')
-rw-r--r-- | ssl/ssl_cert.c | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 9aa7b04966..1edbf18f3b 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -361,19 +361,31 @@ CERT *ssl_cert_dup(CERT *cert) /* Peer sigalgs set to NULL as we get these from handshake too */ ret->peer_sigalgs = NULL; ret->peer_sigalgslen = 0; - /* Configure sigalgs however we copy across */ + /* Configured sigalgs however we copy across */ + if (cert->conf_sigalgs) { - ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen - * sizeof(TLS_SIGALGS)); + ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen); if (!ret->conf_sigalgs) goto err; memcpy(ret->conf_sigalgs, cert->conf_sigalgs, - cert->conf_sigalgslen * sizeof(TLS_SIGALGS)); + cert->conf_sigalgslen); ret->conf_sigalgslen = cert->conf_sigalgslen; } else ret->conf_sigalgs = NULL; + + if (cert->client_sigalgs) + { + ret->client_sigalgs = OPENSSL_malloc(cert->client_sigalgslen); + if (!ret->client_sigalgs) + goto err; + memcpy(ret->client_sigalgs, cert->client_sigalgs, + cert->client_sigalgslen); + ret->client_sigalgslen = cert->client_sigalgslen; + } + else + ret->client_sigalgs = NULL; /* Shared sigalgs also NULL */ ret->shared_sigalgs = NULL; @@ -473,6 +485,8 @@ void ssl_cert_free(CERT *c) OPENSSL_free(c->peer_sigalgs); if (c->conf_sigalgs) OPENSSL_free(c->conf_sigalgs); + if (c->client_sigalgs) + OPENSSL_free(c->client_sigalgs); if (c->shared_sigalgs) OPENSSL_free(c->shared_sigalgs); OPENSSL_free(c); |