New certificate_authorities functions

__owur const char *SSL_alert_desc_string_long(int value);

__owur const char *SSL_alert_desc_string(int value);

void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);

void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);

__owur const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s);

__owur const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx);

__owur int SSL_add1_CA_list(SSL *ssl, const X509 *x);

__owur int SSL_CTX_add1_CA_list(SSL_CTX *ctx, const X509 *x);

__owur const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s);

void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);

void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);

__owur STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);

#endif

    OPENSSL_free(s->s3->tmp.ctype);

    sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);

    sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);

    OPENSSL_free(s->s3->tmp.ciphers_raw);

    OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);

    OPENSSL_free(s->s3->tmp.peer_sigalgs);

{

    ssl3_cleanup_key_block(s);

    OPENSSL_free(s->s3->tmp.ctype);

    sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);

    sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);

    OPENSSL_free(s->s3->tmp.ciphers_raw);

    OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);

    OPENSSL_free(s->s3->tmp.peer_sigalgs);

    return i;

}

static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,

static void set0_CA_list(STACK_OF(X509_NAME) **ca_list,

                        STACK_OF(X509_NAME) *name_list)

{

    sk_X509_NAME_pop_free(*ca_list, X509_NAME_free);

    return (ret);

}

void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list)

void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list)

{

    set_client_CA_list(&(s->client_CA), name_list);

    set0_CA_list(&s->ca_names, name_list);

}

void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list)

{

    set0_CA_list(&ctx->ca_names, name_list);

}

const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx)

{

    return ctx->ca_names;

}

const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s)

{

    return s->ca_names != NULL ? s->ca_names : s->ctx->ca_names;

}

void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list)

{

    set_client_CA_list(&(ctx->client_CA), name_list);

    SSL_CTX_set0_CA_list(ctx, name_list);

}

STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx)

{

    return (ctx->client_CA);

    return ctx->ca_names;

}

STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s)

void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list)

{

    if (!s->server) {           /* we are in the client */

        if (s->s3 != NULL)

            return s->s3->tmp.ca_names;

        else

            return NULL;

    } else {

        if (s->client_CA != NULL)

            return s->client_CA;

        else

            return s->ctx->client_CA;

    SSL_set0_CA_list(s, name_list);

}

const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s)

{

    return s->s3 != NULL ? s->s3->tmp.peer_ca_names : NULL;

}

STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s)

{

    if (!s->server)

        return s->s3 != NULL ?  s->s3->tmp.peer_ca_names : NULL;

    return s->ca_names != NULL ?  s->ca_names : s->ctx->ca_names;

}

static int add_client_CA(STACK_OF(X509_NAME) **sk, X509 *x)

static int add_ca_name(STACK_OF(X509_NAME) **sk, const X509 *x)

{

    X509_NAME *name;

    if (x == NULL)

        return (0);

    if ((*sk == NULL) && ((*sk = sk_X509_NAME_new_null()) == NULL))

        return (0);

        return 0;

    if (*sk == NULL && ((*sk = sk_X509_NAME_new_null()) == NULL))

        return 0;

    if ((name = X509_NAME_dup(X509_get_subject_name(x))) == NULL)

        return (0);

        return 0;

    if (!sk_X509_NAME_push(*sk, name)) {

        X509_NAME_free(name);

        return (0);

        return 0;

    }

    return 1;

}

int SSL_add1_CA_list(SSL *ssl, const X509 *x)

{

    return add_ca_name(&ssl->ca_names, x);

}

    return (1);

int SSL_CTX_add1_CA_list(SSL_CTX *ctx, const X509 *x)

{

    return add_ca_name(&ctx->ca_names, x);

}

int SSL_add_client_CA(SSL *ssl, X509 *x)

{

    return (add_client_CA(&(ssl->client_CA), x));

    return add_ca_name(&ssl->ca_names, x);

}

int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)

{

    return (add_client_CA(&(ctx->client_CA), x));

    return add_ca_name(&ctx->ca_names, x);

}

static int xname_sk_cmp(const X509_NAME *const *a, const X509_NAME *const *b)

    OPENSSL_free(s->ext.tls13_cookie);

    OPENSSL_free(s->clienthello);

    sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free);

    sk_X509_NAME_pop_free(s->ca_names, X509_NAME_free);

    sk_X509_pop_free(s->verified_chain, X509_free);

        goto err2;

    }

    if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL)

    if ((ret->ca_names = sk_X509_NAME_new_null()) == NULL)

        goto err;

    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data))

    sk_SSL_CIPHER_free(a->cipher_list);

    sk_SSL_CIPHER_free(a->cipher_list_by_id);

    ssl_cert_free(a->cert);

    sk_X509_NAME_pop_free(a->client_CA, X509_NAME_free);

    sk_X509_NAME_pop_free(a->ca_names, X509_NAME_free);

    sk_X509_pop_free(a->extra_certs, X509_free);

    a->comp_methods = NULL;

#ifndef OPENSSL_NO_SRTP

            goto err;

    /* Dup the client_CA list */

    if (s->client_CA != NULL) {

        if ((sk = sk_X509_NAME_dup(s->client_CA)) == NULL)

    if (s->ca_names != NULL) {

        if ((sk = sk_X509_NAME_dup(s->ca_names)) == NULL)

            goto err;

        ret->client_CA = sk;

        ret->ca_names = sk;

        for (i = 0; i < sk_X509_NAME_num(sk); i++) {

            xn = sk_X509_NAME_value(sk, i);

            if (sk_X509_NAME_set(sk, i, X509_NAME_dup(xn)) == NULL) {

    /* This is the cert and type for the other end. */

    X509 *peer;

    int peer_type;

    /* Certificate chain peer sent */

    /* Certificate chain peer sent. */

    STACK_OF(X509) *peer_chain;

    /*

     * when app_verify_callback accepts a session where the peer's

    /* used if SSL's info_callback is NULL */

    void (*info_callback) (const SSL *ssl, int type, int val);

    /* what we put in client cert requests */

    STACK_OF(X509_NAME) *client_CA;

    /*

     * What we put in certificate_authorities extension for TLS 1.3

     * (ClientHello and CertificateRequest) or just client cert requests for

     * earlier versions.

     */

    STACK_OF(X509_NAME) *ca_names;

    /*

     * Default values to use in SSL structures follow (these are copied by

    /* extra application data */

    CRYPTO_EX_DATA ex_data;

    /* for server side, keep the list of CA_dn we can use */

    STACK_OF(X509_NAME) *client_CA;

    STACK_OF(X509_NAME) *ca_names;

    CRYPTO_REF_COUNT references;

    /* protocol behaviour */

    uint32_t options;

        /* Certificate types in certificate request message. */

        uint8_t *ctype;

        size_t ctype_len;

        STACK_OF(X509_NAME) *ca_names;

        /* Certificate authorities list peer sent */

        STACK_OF(X509_NAME) *peer_ca_names;

        size_t key_block_length;

        unsigned char *key_block;

        const EVP_CIPHER *new_sym_enc;