Commit 98e04f9e authored by Bodo Möller's avatar Bodo Möller
Browse files

Comments for SSL_get_peer_cert_chain inconsistency.

parent 6e9aee57

ssl/s3_clnt.c

+2 −0
Original line number Diff line number Diff line
@@ -772,6 +772,8 @@ static int ssl3_get_server_certificate(SSL *s) 
	s->session->sess_cert=sc;



	sc->cert_chain=sk;

	/* Inconsistency alert: cert_chain does include the peer's

	 * certificate, which we don't include in s3_srvr.c */

	x=sk_X509_value(sk,0);

	sk=NULL;

ssl/s3_srvr.c

+2 −0
Original line number Diff line number Diff line
@@ -1698,6 +1698,8 @@ static int ssl3_get_client_certificate(SSL *s) 
	if (s->session->sess_cert->cert_chain != NULL)

		sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free);

	s->session->sess_cert->cert_chain=sk;

	/* Inconsistency alert: cert_chain does *not* include the

	 * peer's own certificate, while we do include it in s3_clnt.c */



	sk=NULL;

ssl/ssl_lib.c

+3 −0
Original line number Diff line number Diff line
@@ -599,6 +599,9 @@ STACK_OF(X509) *SSL_get_peer_cert_chain(SSL *s) 
	else

		r=s->session->sess_cert->cert_chain;



	/* If we are a client, cert_chain includes the peer's own

	 * certificate; if we are a server, it does not. */

	

	return(r);

	}