diff options
author | Todd Short <tshort@akamai.com> | 2019-04-11 10:47:13 -0400 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2020-07-16 09:08:21 +0200 |
commit | 8c2bfd25129aea1b1f1b66ec753b21955f8ed523 (patch) | |
tree | 530798b60ed46a10265c5a061dedfd2694918ce3 /ssl | |
parent | 55affcadbe4aac7d4832448b8c071b582da4e344 (diff) |
Add SSL_get[01]_peer_certificate()
Deprecate SSL_get_peer_certificte() and replace with
SSL_get1_peer_certificate().
Add SSL_get0_peer_certificate.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/8730)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/ssl_lib.c | 23 | ||||
-rw-r--r-- | ssl/statem/statem_clnt.c | 2 | ||||
-rw-r--r-- | ssl/statem/statem_lib.c | 2 |
3 files changed, 14 insertions, 13 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index c3174a7c91..243c0ed7c9 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1524,23 +1524,24 @@ int SSL_has_pending(const SSL *s) return RECORD_LAYER_read_pending(&s->rlayer); } -X509 *SSL_get_peer_certificate(const SSL *s) +X509 *SSL_get1_peer_certificate(const SSL *s) { - X509 *r; + X509 *r = SSL_get0_peer_certificate(s); - if ((s == NULL) || (s->session == NULL)) - r = NULL; - else - r = s->session->peer; - - if (r == NULL) - return r; - - X509_up_ref(r); + if (r != NULL) + X509_up_ref(r); return r; } +X509 *SSL_get0_peer_certificate(const SSL *s) +{ + if ((s == NULL) || (s->session == NULL)) + return NULL; + else + return s->session->peer; +} + STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s) { STACK_OF(X509) *r; diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 7189940a62..9bee9cb3af 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -2551,7 +2551,7 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt) * after the CertificateVerify message has been received. This is because * in TLSv1.3 the CertificateRequest arrives before the Certificate message * but in TLSv1.2 it is the other way around. We want to make sure that - * SSL_get_peer_certificate() returns something sensible in + * SSL_get1_peer_certificate() returns something sensible in * client_cert_cb. */ if (SSL_IS_TLS13(s) && s->post_handshake_auth != SSL_PHA_REQUESTED) diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 36cdc1be58..de8212747f 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -537,7 +537,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) * certificate after the CertVerify instead of when we get the * CertificateRequest. This is because in TLSv1.3 the CertificateRequest * comes *before* the Certificate message. In TLSv1.2 it comes after. We - * want to make sure that SSL_get_peer_certificate() will return the actual + * want to make sure that SSL_get1_peer_certificate() will return the actual * server certificate from the client_cert_cb callback. */ if (!s->server && SSL_IS_TLS13(s) && s->s3.tmp.cert_req == 1) |