Loading ssl/ssl_cert.c +37 −44 Original line number Diff line number Diff line Loading @@ -1113,50 +1113,40 @@ static int ssl_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x) int ssl_add_cert_chain(SSL *s, CERT_PKEY *cpk, unsigned long *l) { BUF_MEM *buf = s->init_buf; int no_chain; int i; X509 *x; STACK_OF(X509) *extra_certs; X509_STORE *chain_store; if (cpk) x = cpk->x509; else x = NULL; /* TLSv1 sends a chain with nothing in it, instead of an alert */ if (!BUF_MEM_grow_clean(buf,10)) { SSLerr(SSL_F_SSL_ADD_CERT_CHAIN,ERR_R_BUF_LIB); return 0; } if (s->cert->chain_store) chain_store = s->cert->chain_store; else chain_store = s->ctx->cert_store; if (!cpk || !cpk->x509) return 1; x = cpk->x509; /* If we have a certificate specific chain use it, else use * parent ctx. */ if (cpk && cpk->chain) if (cpk->chain) extra_certs = cpk->chain; else extra_certs = s->ctx->extra_certs; if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || extra_certs) no_chain = 1; chain_store = NULL; else if (s->cert->chain_store) chain_store = s->cert->chain_store; else no_chain = 0; chain_store = s->ctx->cert_store; /* TLSv1 sends a chain with nothing in it, instead of an alert */ if (!BUF_MEM_grow_clean(buf,10)) { SSLerr(SSL_F_SSL_ADD_CERT_CHAIN,ERR_R_BUF_LIB); return 0; } if (x != NULL) { if (no_chain) { if (!ssl_add_cert_to_buf(buf, l, x)) return 0; } else if (chain_store) { X509_STORE_CTX xs_ctx; Loading @@ -1180,14 +1170,17 @@ int ssl_add_cert_chain(SSL *s, CERT_PKEY *cpk, unsigned long *l) } X509_STORE_CTX_cleanup(&xs_ctx); } } else { if (!ssl_add_cert_to_buf(buf, l, x)) return 0; for (i=0; i<sk_X509_num(extra_certs); i++) { x=sk_X509_value(extra_certs,i); if (!ssl_add_cert_to_buf(buf, l, x)) return 0; } } return 1; } Loading Loading
ssl/ssl_cert.c +37 −44 Original line number Diff line number Diff line Loading @@ -1113,50 +1113,40 @@ static int ssl_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x) int ssl_add_cert_chain(SSL *s, CERT_PKEY *cpk, unsigned long *l) { BUF_MEM *buf = s->init_buf; int no_chain; int i; X509 *x; STACK_OF(X509) *extra_certs; X509_STORE *chain_store; if (cpk) x = cpk->x509; else x = NULL; /* TLSv1 sends a chain with nothing in it, instead of an alert */ if (!BUF_MEM_grow_clean(buf,10)) { SSLerr(SSL_F_SSL_ADD_CERT_CHAIN,ERR_R_BUF_LIB); return 0; } if (s->cert->chain_store) chain_store = s->cert->chain_store; else chain_store = s->ctx->cert_store; if (!cpk || !cpk->x509) return 1; x = cpk->x509; /* If we have a certificate specific chain use it, else use * parent ctx. */ if (cpk && cpk->chain) if (cpk->chain) extra_certs = cpk->chain; else extra_certs = s->ctx->extra_certs; if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || extra_certs) no_chain = 1; chain_store = NULL; else if (s->cert->chain_store) chain_store = s->cert->chain_store; else no_chain = 0; chain_store = s->ctx->cert_store; /* TLSv1 sends a chain with nothing in it, instead of an alert */ if (!BUF_MEM_grow_clean(buf,10)) { SSLerr(SSL_F_SSL_ADD_CERT_CHAIN,ERR_R_BUF_LIB); return 0; } if (x != NULL) { if (no_chain) { if (!ssl_add_cert_to_buf(buf, l, x)) return 0; } else if (chain_store) { X509_STORE_CTX xs_ctx; Loading @@ -1180,14 +1170,17 @@ int ssl_add_cert_chain(SSL *s, CERT_PKEY *cpk, unsigned long *l) } X509_STORE_CTX_cleanup(&xs_ctx); } } else { if (!ssl_add_cert_to_buf(buf, l, x)) return 0; for (i=0; i<sk_X509_num(extra_certs); i++) { x=sk_X509_value(extra_certs,i); if (!ssl_add_cert_to_buf(buf, l, x)) return 0; } } return 1; } Loading
