artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5814c2a) | patch
Deduplicate peer certificate chain processing code.
authorjsing <jsing@openbsd.org>
Wed, 17 Aug 2022 07:39:19 +0000 (07:39 +0000)
committerjsing <jsing@openbsd.org>
Wed, 17 Aug 2022 07:39:19 +0000 (07:39 +0000)
commitad61876728b30189ae0c1e5139bcb91061b10673
treedb51a4a6a7dd9591e052168c57f106dc08a1dd8ctree | snapshot
parent5814c2aab38c1aff618bb44cf0611e154d414884commit | diff
Deduplicate peer certificate chain processing code.

Rather than reimplement this in each TLS client and server, deduplicate it
into a single function. Furthermore, rather than dealing with the API
hazard that is SSL_get_peer_cert_chain() in this code, simply produce two
chains - one that has the leaf and one that does not.
SSL_get_peer_cert_chain() can then return the appropriate one.

This also moves the peer cert chain from the SSL_SESSION to the
SSL_HANDSHAKE, which makes more sense since it is not available on
resumption.

ok tb@
lib/libssl/Makefile diff | blob | history
lib/libssl/s3_lib.c diff | blob | history
lib/libssl/ssl_clnt.c diff | blob | history
lib/libssl/ssl_lib.c diff | blob | history
lib/libssl/ssl_locl.h diff | blob | history
lib/libssl/ssl_sess.c diff | blob | history
lib/libssl/ssl_srvr.c diff | blob | history
lib/libssl/tls13_client.c diff | blob | history
lib/libssl/tls13_server.c diff | blob | history
lib/libssl/tls_lib.c [new file with mode: 0644] blob
OpenBSD src
by Ahmet Artu Yildirim