artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b3f16bd) | patch
Remove peer_pkeys from SSL_SESSION.
authorjsing <jsing@openbsd.org>
Tue, 11 Jan 2022 19:03:15 +0000 (19:03 +0000)
committerjsing <jsing@openbsd.org>
Tue, 11 Jan 2022 19:03:15 +0000 (19:03 +0000)
commit15b5e1ec813066535916536d82dad7d86acabd48
tree73296d21425060572831fa580dc9427be0393d1dtree | snapshot
parentb3f16bd23df6966b1e3c619b9fb83466e13ca363commit | diff
Remove peer_pkeys from SSL_SESSION.

peer_pkeys comes from some world where peers can send multiple certificates
- in fact, one of each known type. Since we do not live in such a world,
get rid of peer_pkeys and simply use peer_cert instead (in both TLSv1.2
and TLSv1.3, both clients and servers can only send a single leaf
(aka end-entity) certificate).

ok inoguchi@ tb@
lib/libssl/ssl_clnt.c diff | blob | history
lib/libssl/ssl_locl.h diff | blob | history
lib/libssl/ssl_sess.c diff | blob | history
lib/libssl/ssl_srvr.c diff | blob | history
lib/libssl/tls13_client.c diff | blob | history
lib/libssl/tls13_server.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim