Loading CHANGES +5 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,11 @@ Changes between 1.0.1 and 1.0.2 [xx XXX xxxx] *) New function SSL_certs_clear() to delete all references to certificates from an SSL structure. Before this once a certificate had been added it couldn't be removed. [Steve Henson] *) Integrate hostname, email address and IP address checking with certificate verification. New verify options supporting checking in opensl utility. [Steve Henson] Loading ssl/ssl.h +1 −0 Original line number Diff line number Diff line Loading @@ -1913,6 +1913,7 @@ char *SSL_get_srp_username(SSL *s); char *SSL_get_srp_userinfo(SSL *s); #endif void SSL_certs_clear(SSL *s); void SSL_free(SSL *ssl); int SSL_accept(SSL *ssl); int SSL_connect(SSL *ssl); Loading ssl/ssl_cert.c +33 −29 Original line number Diff line number Diff line Loading @@ -379,21 +379,42 @@ err: EC_KEY_free(ret->ecdh_tmp); #endif for (i = 0; i < SSL_PKEY_NUM; i++) { CERT_PKEY *rpk = ret->pkeys + i; if (rpk->x509 != NULL) X509_free(rpk->x509); if (rpk->privatekey != NULL) EVP_PKEY_free(rpk->privatekey); if (rpk->chain) sk_X509_pop_free(rpk->chain, X509_free); } ssl_cert_clear_certs(ret); return NULL; } /* Free up and clear all certificates and chains */ void ssl_cert_clear_certs(CERT *c) { int i; if (c == NULL) return; for (i = 0; i<SSL_PKEY_NUM; i++) { CERT_PKEY *cpk = c->pkeys + i; if (cpk->x509) { X509_free(cpk->x509); cpk->x509 = NULL; } if (cpk->privatekey) { EVP_PKEY_free(cpk->privatekey); cpk->privatekey = NULL; } if (cpk->chain) { sk_X509_pop_free(cpk->chain, X509_free); cpk->chain = NULL; } #ifndef OPENSSL_NO_TLSEXT if (cpk->authz != NULL) OPENSSL_free(cpk->authz); #endif } } void ssl_cert_free(CERT *c) { Loading Loading @@ -425,24 +446,7 @@ void ssl_cert_free(CERT *c) if (c->ecdh_tmp) EC_KEY_free(c->ecdh_tmp); #endif for (i=0; i<SSL_PKEY_NUM; i++) { CERT_PKEY *cpk = c->pkeys + i; if (cpk->x509 != NULL) X509_free(cpk->x509); if (cpk->privatekey != NULL) EVP_PKEY_free(cpk->privatekey); if (cpk->chain) sk_X509_pop_free(cpk->chain, X509_free); #if 0 if (c->pkeys[i].publickey != NULL) EVP_PKEY_free(c->pkeys[i].publickey); #endif #ifndef OPENSSL_NO_TLSEXT if (c->pkeys[i].authz != NULL) OPENSSL_free(c->pkeys[i].authz); #endif } ssl_cert_clear_certs(c); if (c->sigalgs) OPENSSL_free(c->sigalgs); OPENSSL_free(c); Loading ssl/ssl_lib.c +5 −0 Original line number Diff line number Diff line Loading @@ -524,6 +524,11 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) return X509_VERIFY_PARAM_set1(ssl->param, vpm); } void SSL_certs_clear(SSL *s) { ssl_cert_clear_certs(s->cert); } void SSL_free(SSL *s) { int i; Loading ssl/ssl_locl.h +1 −0 Original line number Diff line number Diff line Loading @@ -833,6 +833,7 @@ int ssl_clear_bad_session(SSL *s); CERT *ssl_cert_new(void); CERT *ssl_cert_dup(CERT *cert); int ssl_cert_inst(CERT **o); void ssl_cert_clear_certs(CERT *c); void ssl_cert_free(CERT *c); SESS_CERT *ssl_sess_cert_new(void); void ssl_sess_cert_free(SESS_CERT *sc); Loading Loading
CHANGES +5 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,11 @@ Changes between 1.0.1 and 1.0.2 [xx XXX xxxx] *) New function SSL_certs_clear() to delete all references to certificates from an SSL structure. Before this once a certificate had been added it couldn't be removed. [Steve Henson] *) Integrate hostname, email address and IP address checking with certificate verification. New verify options supporting checking in opensl utility. [Steve Henson] Loading
ssl/ssl.h +1 −0 Original line number Diff line number Diff line Loading @@ -1913,6 +1913,7 @@ char *SSL_get_srp_username(SSL *s); char *SSL_get_srp_userinfo(SSL *s); #endif void SSL_certs_clear(SSL *s); void SSL_free(SSL *ssl); int SSL_accept(SSL *ssl); int SSL_connect(SSL *ssl); Loading
ssl/ssl_cert.c +33 −29 Original line number Diff line number Diff line Loading @@ -379,21 +379,42 @@ err: EC_KEY_free(ret->ecdh_tmp); #endif for (i = 0; i < SSL_PKEY_NUM; i++) { CERT_PKEY *rpk = ret->pkeys + i; if (rpk->x509 != NULL) X509_free(rpk->x509); if (rpk->privatekey != NULL) EVP_PKEY_free(rpk->privatekey); if (rpk->chain) sk_X509_pop_free(rpk->chain, X509_free); } ssl_cert_clear_certs(ret); return NULL; } /* Free up and clear all certificates and chains */ void ssl_cert_clear_certs(CERT *c) { int i; if (c == NULL) return; for (i = 0; i<SSL_PKEY_NUM; i++) { CERT_PKEY *cpk = c->pkeys + i; if (cpk->x509) { X509_free(cpk->x509); cpk->x509 = NULL; } if (cpk->privatekey) { EVP_PKEY_free(cpk->privatekey); cpk->privatekey = NULL; } if (cpk->chain) { sk_X509_pop_free(cpk->chain, X509_free); cpk->chain = NULL; } #ifndef OPENSSL_NO_TLSEXT if (cpk->authz != NULL) OPENSSL_free(cpk->authz); #endif } } void ssl_cert_free(CERT *c) { Loading Loading @@ -425,24 +446,7 @@ void ssl_cert_free(CERT *c) if (c->ecdh_tmp) EC_KEY_free(c->ecdh_tmp); #endif for (i=0; i<SSL_PKEY_NUM; i++) { CERT_PKEY *cpk = c->pkeys + i; if (cpk->x509 != NULL) X509_free(cpk->x509); if (cpk->privatekey != NULL) EVP_PKEY_free(cpk->privatekey); if (cpk->chain) sk_X509_pop_free(cpk->chain, X509_free); #if 0 if (c->pkeys[i].publickey != NULL) EVP_PKEY_free(c->pkeys[i].publickey); #endif #ifndef OPENSSL_NO_TLSEXT if (c->pkeys[i].authz != NULL) OPENSSL_free(c->pkeys[i].authz); #endif } ssl_cert_clear_certs(c); if (c->sigalgs) OPENSSL_free(c->sigalgs); OPENSSL_free(c); Loading
ssl/ssl_lib.c +5 −0 Original line number Diff line number Diff line Loading @@ -524,6 +524,11 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) return X509_VERIFY_PARAM_set1(ssl->param, vpm); } void SSL_certs_clear(SSL *s) { ssl_cert_clear_certs(s->cert); } void SSL_free(SSL *s) { int i; Loading
ssl/ssl_locl.h +1 −0 Original line number Diff line number Diff line Loading @@ -833,6 +833,7 @@ int ssl_clear_bad_session(SSL *s); CERT *ssl_cert_new(void); CERT *ssl_cert_dup(CERT *cert); int ssl_cert_inst(CERT **o); void ssl_cert_clear_certs(CERT *c); void ssl_cert_free(CERT *c); SESS_CERT *ssl_sess_cert_new(void); void ssl_sess_cert_free(SESS_CERT *sc); Loading
