diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2015-06-21 19:08:57 +0100 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2015-06-22 13:52:24 +0100 |
| commit | a273c6eeee6690d7061d3e647a5e648bbd3a997a (patch) | |
| tree | 9bdc1c8dae1a3b89500ff39efd34a37a8712b25e /ssl/ssl_locl.h | |
| parent | 8d92c1f8a381a3be7fe5b3a2c2aa9bfce22f5c72 (diff) | |
Remove certificates from sess_cert
As numerous comments indicate the certificate and key array is not an
appopriate structure to store the peers certificate: so remove it and
just the s->session->peer instead.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'ssl/ssl_locl.h')
| -rw-r--r-- | ssl/ssl_locl.h | 18 |
1 files changed, 2 insertions, 16 deletions
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index b3fabf7341..97c0732ca3 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -626,13 +626,9 @@ struct ssl_session_st { int not_resumable; /* The cert is the certificate used to establish this connection */ struct sess_cert_st /* SESS_CERT */ *sess_cert; - /* - * This is the cert for the other end. On clients, it will be the same as - * sess_cert->peer_key->x509 (the latter is not enough as sess_cert is - * not retained in the external representation of sessions, see - * ssl_asn1.c). - */ + /* This is the cert and type for the other end. */ X509 *peer; + int peer_type; /* * when app_verify_callback accepts a session where the peer's * certificate is not ok, we must remember the error for session reuse: @@ -1592,15 +1588,6 @@ typedef struct cert_st { typedef struct sess_cert_st { STACK_OF(X509) *cert_chain; /* as received from peer */ - /* The 'peer_...' members are used only by clients. */ - int peer_cert_type; - CERT_PKEY *peer_key; /* points to an element of peer_pkeys (never - * NULL!) */ - CERT_PKEY peer_pkeys[SSL_PKEY_NUM]; - /* - * Obviously we don't have the private keys of these, so maybe we - * shouldn't even use the CERT_PKEY type here. - */ int references; /* actually always 1 at the moment */ } SESS_CERT; /* Structure containing decoded values of signature algorithms extension */ @@ -1859,7 +1846,6 @@ void ssl_cert_clear_certs(CERT *c); void ssl_cert_free(CERT *c); __owur SESS_CERT *ssl_sess_cert_new(void); void ssl_sess_cert_free(SESS_CERT *sc); -__owur int ssl_set_peer_cert_type(SESS_CERT *c, int type); __owur int ssl_get_new_session(SSL *s, int session); __owur int ssl_get_prev_session(SSL *s, unsigned char *session, int len, const unsigned char *limit); |