Commit c526ed41 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Revise ssl code to use a CERT_PKEY structure when outputting a 

certificate chain instead of an X509 structure.

This makes it easier to enhance code in future and the chain
output functions have access to the CERT_PKEY structure being
used.
parent 4379d0e4

ssl/d1_both.c

+2 −2
Original line number Original line Diff line number Diff line
@@ -992,13 +992,13 @@ int dtls1_send_change_cipher_spec(SSL *s, int a, int b) 
	return(dtls1_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC));

	return(dtls1_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC));

	}

	}





unsigned long dtls1_output_cert_chain(SSL *s, X509 *x)

unsigned long dtls1_output_cert_chain(SSL *s, CERT_PKEY *cpk)

	{

	{

	unsigned char *p;

	unsigned char *p;

	unsigned long l= 3 + DTLS1_HM_HEADER_LENGTH;

	unsigned long l= 3 + DTLS1_HM_HEADER_LENGTH;

	BUF_MEM *buf=s->init_buf;

	BUF_MEM *buf=s->init_buf;





	if (!ssl_add_cert_chain(s, x, &l))

	if (!ssl_add_cert_chain(s, cpk, &l))

		return 0;

		return 0;





	l-= (3 + DTLS1_HM_HEADER_LENGTH);

	l-= (3 + DTLS1_HM_HEADER_LENGTH);

ssl/d1_clnt.c

+1 −1
Original line number Original line Diff line number Diff line
@@ -1695,7 +1695,7 @@ int dtls1_send_client_certificate(SSL *s) 
		{

		{

		s->state=SSL3_ST_CW_CERT_D;

		s->state=SSL3_ST_CW_CERT_D;

		l=dtls1_output_cert_chain(s,

		l=dtls1_output_cert_chain(s,

			(s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509);

			(s->s3->tmp.cert_req == 2)?NULL:s->cert->key);

		s->init_num=(int)l;

		s->init_num=(int)l;

		s->init_off=0;

		s->init_off=0;

ssl/d1_srvr.c

+4 −4
Original line number Original line Diff line number Diff line
@@ -1570,12 +1570,12 @@ err: 
int dtls1_send_server_certificate(SSL *s)

int dtls1_send_server_certificate(SSL *s)

	{

	{

	unsigned long l;

	unsigned long l;

	X509 *x;

	CERT_PKEY *cpk;





	if (s->state == SSL3_ST_SW_CERT_A)

	if (s->state == SSL3_ST_SW_CERT_A)

		{

		{

		x=ssl_get_server_send_cert(s);

		cpk=ssl_get_server_send_pkey(s);

		if (x == NULL)

		if (cpk == NULL)

			{

			{

			/* VRS: allow null cert if auth == KRB5 */

			/* VRS: allow null cert if auth == KRB5 */

			if ((s->s3->tmp.new_cipher->algorithm_mkey != SSL_kKRB5) ||

			if ((s->s3->tmp.new_cipher->algorithm_mkey != SSL_kKRB5) ||
@@ -1586,7 +1586,7 @@ int dtls1_send_server_certificate(SSL *s) 
				}

				}

			}

			}





		l=dtls1_output_cert_chain(s,x);

		l=dtls1_output_cert_chain(s,cpk);

		s->state=SSL3_ST_SW_CERT_B;

		s->state=SSL3_ST_SW_CERT_B;

		s->init_num=(int)l;

		s->init_num=(int)l;

		s->init_off=0;

		s->init_off=0;

ssl/s3_both.c

+2 −2
Original line number Original line Diff line number Diff line
@@ -321,13 +321,13 @@ int ssl3_send_change_cipher_spec(SSL *s, int a, int b) 
	return(ssl3_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC));

	return(ssl3_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC));

	}

	}





unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)

unsigned long ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk)

	{

	{

	unsigned char *p;

	unsigned char *p;

	unsigned long l=7;

	unsigned long l=7;

	BUF_MEM *buf = s->init_buf;

	BUF_MEM *buf = s->init_buf;





	if (!ssl_add_cert_chain(s, x, &l))

	if (!ssl_add_cert_chain(s, cpk, &l))

		return 0;

		return 0;





	l-=7;

	l-=7;

ssl/s3_clnt.c

+1 −1
Original line number Original line Diff line number Diff line
@@ -3177,7 +3177,7 @@ int ssl3_send_client_certificate(SSL *s) 
		{

		{

		s->state=SSL3_ST_CW_CERT_D;

		s->state=SSL3_ST_CW_CERT_D;

		l=ssl3_output_cert_chain(s,

		l=ssl3_output_cert_chain(s,

			(s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509);

			(s->s3->tmp.cert_req == 2)?NULL:s->cert->key);

		s->init_num=(int)l;

		s->init_num=(int)l;

		s->init_off=0;

		s->init_off=0;

		}

		}