diff options
author | Todd Short <tshort@akamai.com> | 2019-04-11 10:47:13 -0400 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2020-07-16 09:08:21 +0200 |
commit | 8c2bfd25129aea1b1f1b66ec753b21955f8ed523 (patch) | |
tree | 530798b60ed46a10265c5a061dedfd2694918ce3 /ssl/statem | |
parent | 55affcadbe4aac7d4832448b8c071b582da4e344 (diff) |
Add SSL_get[01]_peer_certificate()
Deprecate SSL_get_peer_certificte() and replace with
SSL_get1_peer_certificate().
Add SSL_get0_peer_certificate.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/8730)
Diffstat (limited to 'ssl/statem')
-rw-r--r-- | ssl/statem/statem_clnt.c | 2 | ||||
-rw-r--r-- | ssl/statem/statem_lib.c | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 7189940a62..9bee9cb3af 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -2551,7 +2551,7 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt) * after the CertificateVerify message has been received. This is because * in TLSv1.3 the CertificateRequest arrives before the Certificate message * but in TLSv1.2 it is the other way around. We want to make sure that - * SSL_get_peer_certificate() returns something sensible in + * SSL_get1_peer_certificate() returns something sensible in * client_cert_cb. */ if (SSL_IS_TLS13(s) && s->post_handshake_auth != SSL_PHA_REQUESTED) diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 36cdc1be58..de8212747f 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -537,7 +537,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) * certificate after the CertVerify instead of when we get the * CertificateRequest. This is because in TLSv1.3 the CertificateRequest * comes *before* the Certificate message. In TLSv1.2 it comes after. We - * want to make sure that SSL_get_peer_certificate() will return the actual + * want to make sure that SSL_get1_peer_certificate() will return the actual * server certificate from the client_cert_cb callback. */ if (!s->server && SSL_IS_TLS13(s) && s->s3.tmp.cert_req == 1) |