diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2015-06-21 19:34:33 +0100 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2015-06-22 13:52:24 +0100 |
| commit | c34b0f9930563f905412a00b6d8a7280c83eb811 (patch) | |
| tree | d858625cb284b0e08f257cd5540cdebd5eb3d810 /ssl | |
| parent | 8df53b7a7cf00908747e5730b19fe8fed8937b38 (diff) | |
Move peer chain to SSL_SESSION structure.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/s3_clnt.c | 2 | ||||
| -rw-r--r-- | ssl/s3_srvr.c | 4 | ||||
| -rw-r--r-- | ssl/ssl_cert.c | 1 | ||||
| -rw-r--r-- | ssl/ssl_lib.c | 5 | ||||
| -rw-r--r-- | ssl/ssl_locl.h | 3 | ||||
| -rw-r--r-- | ssl/ssl_sess.c | 1 |
6 files changed, 8 insertions, 8 deletions
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index c36627c955..13022757c4 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1329,7 +1329,7 @@ int ssl3_get_server_certificate(SSL *s) ssl_sess_cert_free(s->session->sess_cert); s->session->sess_cert = sc; - sc->cert_chain = sk; + s->session->peer_chain = sk; /* * Inconsistency alert: cert_chain does include the peer's certificate, * which we don't include in s3_srvr.c diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 90a67d1105..e6aa1d3892 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -3206,8 +3206,8 @@ int ssl3_get_client_certificate(SSL *s) goto done; } } - sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free); - s->session->sess_cert->cert_chain = sk; + sk_X509_pop_free(s->session->peer_chain, X509_free); + s->session->peer_chain = sk; /* * Inconsistency alert: cert_chain does *not* include the peer's own * certificate, while we do include it in s3_clnt.c diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 6cb967772a..3bb2576f8a 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -556,7 +556,6 @@ void ssl_sess_cert_free(SESS_CERT *sc) #endif /* i == 0 */ - sk_X509_pop_free(sc->cert_chain, X509_free); OPENSSL_free(sc); } diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 5c814fde73..ceba30f83c 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -834,11 +834,10 @@ STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s) { STACK_OF(X509) *r; - if ((s == NULL) || (s->session == NULL) - || (s->session->sess_cert == NULL)) + if ((s == NULL) || (s->session == NULL)) r = NULL; else - r = s->session->sess_cert->cert_chain; + r = s->session->peer_chain; /* * If we are a client, cert_chain includes the peer's own certificate; if diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 97c0732ca3..f6668afb33 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -629,6 +629,8 @@ struct ssl_session_st { /* This is the cert and type for the other end. */ X509 *peer; int peer_type; + /* Certificate chain of peer */ + STACK_OF(X509) *peer_chain; /* * when app_verify_callback accepts a session where the peer's * certificate is not ok, we must remember the error for session reuse: @@ -1587,7 +1589,6 @@ typedef struct cert_st { } CERT; typedef struct sess_cert_st { - STACK_OF(X509) *cert_chain; /* as received from peer */ int references; /* actually always 1 at the moment */ } SESS_CERT; /* Structure containing decoded values of signature algorithms extension */ diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index c639e53894..7ba86b6911 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -845,6 +845,7 @@ void SSL_SESSION_free(SSL_SESSION *ss) OPENSSL_cleanse(ss->session_id, sizeof ss->session_id); ssl_sess_cert_free(ss->sess_cert); X509_free(ss->peer); + sk_X509_pop_free(ss->peer_chain, X509_free); sk_SSL_CIPHER_free(ss->ciphers); OPENSSL_free(ss->tlsext_hostname); OPENSSL_free(ss->tlsext_tick); |