diff options
author | Matt Caswell <matt@openssl.org> | 2020-11-20 17:23:57 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2020-11-23 09:31:23 +0000 |
commit | a68eee679a4b85f6846519412e1895c56475959c (patch) | |
tree | 820c23d80703597540634c1579a3549a27f0bba5 /ssl/t1_lib.c | |
parent | 97485aec7f16714f309aeb6637bc4faa2f61f98a (diff) |
Move some libssl global variables into SSL_CTX
disabled_enc_mask et al were global. Now that cipher loading is done
individually for each SSL_CTX, based on the libctx configured for that
SSL_CTX this means that some things will be disabled for one SSL_CTX but
not for another. The global variables set up the potential for different
SSL_CTXs to trample on each other. We move these variables into the SSL_CTX
structure.
Fixes #12040
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13465)
Diffstat (limited to 'ssl/t1_lib.c')
-rw-r--r-- | ssl/t1_lib.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 9089cb8086..a39fc44c97 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -2050,7 +2050,7 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu) return 0; /* See if public key algorithm allowed */ - if (ssl_cert_is_disabled(lu->sig_idx)) + if (ssl_cert_is_disabled(s->ctx, lu->sig_idx)) return 0; if (lu->sig == NID_id_GostR3410_2012_256 @@ -2307,7 +2307,7 @@ int tls1_process_sigalgs(SSL *s) if (SSL_IS_TLS13(s) && sigptr->sig == EVP_PKEY_RSA) continue; /* If not disabled indicate we can explicitly sign */ - if (pvalid[idx] == 0 && !ssl_cert_is_disabled(idx)) + if (pvalid[idx] == 0 && !ssl_cert_is_disabled(s->ctx, idx)) pvalid[idx] = CERT_PKEY_EXPLICIT_SIGN | CERT_PKEY_SIGN; } return 1; |