-/* $OpenBSD: ssl.h,v 1.213 2021/10/23 16:29:15 beck Exp $ */
+/* $OpenBSD: ssl.h,v 1.214 2021/10/23 20:42:50 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
size_t SSL_get_num_tickets(const SSL *s);
int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx);
+STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s);
#endif
#ifndef LIBRESSL_INTERNAL
-/* $OpenBSD: ssl_cert.c,v 1.85 2021/10/23 16:11:30 tb Exp $ */
+/* $OpenBSD: ssl_cert.c,v 1.86 2021/10/23 20:42:50 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
ret = X509_verify_cert(ctx);
s->verify_result = X509_STORE_CTX_get_error(ctx);
+ sk_X509_pop_free(s->internal->verified_chain, X509_free);
+ s->internal->verified_chain = NULL;
+ if (X509_STORE_CTX_get0_chain(ctx) != NULL) {
+ s->internal->verified_chain = X509_STORE_CTX_get1_chain(ctx);
+ if (s->internal->verified_chain == NULL) {
+ SSLerrorx(ERR_R_MALLOC_FAILURE);
+ ret = 0;
+ }
+ }
err:
X509_STORE_CTX_free(ctx);
-/* $OpenBSD: ssl_lib.c,v 1.274 2021/10/23 16:29:15 beck Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.275 2021/10/23 20:42:50 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
return (r);
}
+STACK_OF(X509) *
+SSL_get0_verified_chain(const SSL *s)
+{
+ return s->internal->verified_chain;
+}
+
/*
* Now in theory, since the calling process own 't' it should be safe to
* modify. We need to be able to read f without being hassled
-/* $OpenBSD: ssl_locl.h,v 1.365 2021/10/23 16:29:15 beck Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.366 2021/10/23 20:42:50 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
int empty_record_count;
size_t num_tickets; /* Unused, for OpenSSL compatibility */
+ STACK_OF(X509) *verified_chain;
} SSL_INTERNAL;
struct ssl_st {
projects / openbsd / commitdiff