-/* $OpenBSD: ssl_asn1.c,v 1.60 2021/10/23 08:13:02 jsing Exp $ */
+/* $OpenBSD: ssl_asn1.c,v 1.61 2022/01/11 18:39:28 jsing Exp $ */
/*
* Copyright (c) 2016 Joel Sing <jsing@openbsd.org>
*
}
/* Peer certificate [3]. */
- if (s->peer != NULL) {
- if ((len = i2d_X509(s->peer, &peer_cert_bytes)) <= 0)
+ if (s->peer_cert != NULL) {
+ if ((len = i2d_X509(s->peer_cert, &peer_cert_bytes)) <= 0)
goto err;
if (!CBB_add_asn1(&session, &peer_cert, SSLASN1_PEER_CERT_TAG))
goto err;
s->timeout = (long)timeout;
/* Peer certificate [3]. */
- X509_free(s->peer);
- s->peer = NULL;
+ X509_free(s->peer_cert);
+ s->peer_cert = NULL;
if (!CBS_get_optional_asn1(&session, &peer_cert, &present,
SSLASN1_PEER_CERT_TAG))
goto err;
if (data_len > LONG_MAX)
goto err;
peer_cert_bytes = CBS_data(&peer_cert);
- if (d2i_X509(&s->peer, &peer_cert_bytes,
+ if (d2i_X509(&s->peer_cert, &peer_cert_bytes,
(long)data_len) == NULL)
goto err;
}
-/* $OpenBSD: ssl_clnt.c,v 1.135 2022/01/11 18:28:41 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.136 2022/01/11 18:39:28 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
s->session->peer_key = &s->session->peer_pkeys[i];
X509_up_ref(x);
- X509_free(s->session->peer);
- s->session->peer = x;
+ X509_free(s->session->peer_cert);
+ s->session->peer_cert = x;
s->session->verify_result = s->verify_result;
-/* $OpenBSD: ssl_lib.c,v 1.284 2022/01/09 15:53:52 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.285 2022/01/11 18:39:28 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
if ((s == NULL) || (s->session == NULL))
r = NULL;
else
- r = s->session->peer;
+ r = s->session->peer_cert;
if (r == NULL)
return (r);
-/* $OpenBSD: ssl_locl.h,v 1.381 2022/01/11 18:28:41 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.382 2022/01/11 18:39:28 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
/* This is the cert for the other end. */
- X509 *peer;
+ X509 *peer_cert;
/* when app_verify_callback accepts a session where the peer's certificate
* is not ok, we must remember the error for session reuse: */
-/* $OpenBSD: ssl_sess.c,v 1.107 2022/01/08 12:59:59 jsing Exp $ */
+/* $OpenBSD: ssl_sess.c,v 1.108 2022/01/11 18:39:28 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
for (i = 0; i < SSL_PKEY_NUM; i++)
X509_free(ss->peer_pkeys[i].x509);
- X509_free(ss->peer);
+ X509_free(ss->peer_cert);
sk_SSL_CIPHER_free(ss->ciphers);
X509 *
SSL_SESSION_get0_peer(SSL_SESSION *s)
{
- return s->peer;
+ return s->peer_cert;
}
int
-/* $OpenBSD: ssl_srvr.c,v 1.138 2022/01/11 18:28:41 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.139 2022/01/11 18:39:28 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* s3_clnt.c accepts this for SSL 3).
*/
if (!(s->verify_mode & SSL_VERIFY_PEER) ||
- ((s->session->peer != NULL) &&
+ ((s->session->peer_cert != NULL) &&
(s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
((S3I(s)->hs.cipher->algorithm_auth &
SSL_aNULL) && !(s->verify_mode &
} else if (SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) {
S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A;
s->internal->init_num = 0;
- if (!s->session->peer)
+ if (!s->session->peer_cert)
break;
/*
* Freeze the transcript for use during client
* it is completely valid to use a client certificate for
* authorization only.
*/
- if ((client_pubkey = X509_get0_pubkey(s->session->peer)) != NULL) {
+ if ((client_pubkey = X509_get0_pubkey(s->session->peer_cert)) != NULL) {
if (EVP_PKEY_derive_set_peer(pkey_ctx, client_pubkey) <= 0)
ERR_clear_error();
}
const struct ssl_sigalg *sigalg = NULL;
uint16_t sigalg_value = SIGALG_NONE;
EVP_PKEY *pkey = NULL;
- X509 *peer = NULL;
+ X509 *peer_cert = NULL;
EVP_MD_CTX *mctx = NULL;
int al, verify;
const unsigned char *hdata;
CBS_init(&cbs, s->internal->init_msg, s->internal->init_num);
- if (s->session->peer != NULL) {
- peer = s->session->peer;
- pkey = X509_get_pubkey(peer);
- type = X509_certificate_type(peer, pkey);
+ if (s->session->peer_cert != NULL) {
+ peer_cert = s->session->peer_cert;
+ pkey = X509_get_pubkey(peer_cert);
+ type = X509_certificate_type(peer_cert, pkey);
}
if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE_VERIFY) {
S3I(s)->hs.tls12.reuse_message = 1;
- if (peer != NULL) {
+ if (peer_cert != NULL) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_MISSING_VERIFY_MESSAGE);
goto fatal_err;
goto end;
}
- if (peer == NULL) {
+ if (peer_cert == NULL) {
SSLerror(s, SSL_R_NO_CLIENT_CERT_RECEIVED);
al = SSL_AD_UNEXPECTED_MESSAGE;
goto fatal_err;
}
}
- X509_free(s->session->peer);
- s->session->peer = sk_X509_shift(sk);
+ X509_free(s->session->peer_cert);
+ s->session->peer_cert = sk_X509_shift(sk);
/*
* Inconsistency alert: cert_chain does *not* include the
-/* $OpenBSD: tls13_client.c,v 1.91 2022/01/08 12:59:59 jsing Exp $ */
+/* $OpenBSD: tls13_client.c,v 1.92 2022/01/11 18:39:28 jsing Exp $ */
/*
* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
*
s->session->peer_key = &s->session->peer_pkeys[cert_idx];
X509_up_ref(cert);
- X509_free(s->session->peer);
- s->session->peer = cert;
+ X509_free(s->session->peer_cert);
+ s->session->peer_cert = cert;
s->session->verify_result = s->verify_result;
if (!CBB_finish(&cbb, &sig_content, &sig_content_len))
goto err;
- if ((cert = ctx->ssl->session->peer) == NULL)
+ if ((cert = ctx->ssl->session->peer_cert) == NULL)
goto err;
if ((pkey = X509_get0_pubkey(cert)) == NULL)
goto err;
-/* $OpenBSD: tls13_server.c,v 1.93 2022/01/08 12:59:59 jsing Exp $ */
+/* $OpenBSD: tls13_server.c,v 1.94 2022/01/11 18:39:28 jsing Exp $ */
/*
* Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
* Copyright (c) 2020 Bob Beck <beck@openbsd.org>
s->session->peer_key = &s->session->peer_pkeys[cert_idx];
X509_up_ref(cert);
- X509_free(s->session->peer);
- s->session->peer = cert;
+ X509_free(s->session->peer_cert);
+ s->session->peer_cert = cert;
s->session->verify_result = s->verify_result;
if (!CBB_finish(&cbb, &sig_content, &sig_content_len))
goto err;
- if ((cert = ctx->ssl->session->peer) == NULL)
+ if ((cert = ctx->ssl->session->peer_cert) == NULL)
goto err;
if ((pkey = X509_get0_pubkey(cert)) == NULL)
goto err;
projects / openbsd / commitdiff