-/* $OpenBSD: s3_lib.c,v 1.232 2022/06/29 21:17:22 tb Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.233 2022/06/29 21:18:04 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
int
SSL_add0_chain_cert(SSL *ssl, X509 *x509)
{
- return ssl_cert_add0_chain_cert(ssl->cert, x509);
+ return ssl_cert_add0_chain_cert(NULL, ssl, x509);
}
int
SSL_add1_chain_cert(SSL *ssl, X509 *x509)
{
- return ssl_cert_add1_chain_cert(ssl->cert, x509);
+ return ssl_cert_add1_chain_cert(NULL, ssl, x509);
}
int
int
SSL_CTX_add0_chain_cert(SSL_CTX *ctx, X509 *x509)
{
- return ssl_cert_add0_chain_cert(ctx->internal->cert, x509);
+ return ssl_cert_add0_chain_cert(ctx, NULL, x509);
}
int
SSL_CTX_add1_chain_cert(SSL_CTX *ctx, X509 *x509)
{
- return ssl_cert_add1_chain_cert(ctx->internal->cert, x509);
+ return ssl_cert_add1_chain_cert(ctx, NULL, x509);
}
int
-/* $OpenBSD: ssl_cert.c,v 1.100 2022/06/29 21:17:22 tb Exp $ */
+/* $OpenBSD: ssl_cert.c,v 1.101 2022/06/29 21:18:04 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
}
int
-ssl_cert_add0_chain_cert(SSL_CERT *c, X509 *cert)
+ssl_cert_add0_chain_cert(SSL_CTX *ctx, SSL *ssl, X509 *cert)
{
- if (c->key == NULL)
+ SSL_CERT *ssl_cert;
+ SSL_CERT_PKEY *cpk;
+ int ssl_err;
+
+ if ((ssl_cert = ssl_get0_cert(ctx, ssl)) == NULL)
return 0;
- if (c->key->chain == NULL) {
- if ((c->key->chain = sk_X509_new_null()) == NULL)
+ if ((cpk = ssl_cert->key) == NULL)
+ return 0;
+
+ if (!ssl_security_cert(ctx, ssl, cert, 0, &ssl_err)) {
+ SSLerrorx(ssl_err);
+ return 0;
+ }
+
+ if (cpk->chain == NULL) {
+ if ((cpk->chain = sk_X509_new_null()) == NULL)
return 0;
}
- if (!sk_X509_push(c->key->chain, cert))
+ if (!sk_X509_push(cpk->chain, cert))
return 0;
return 1;
}
int
-ssl_cert_add1_chain_cert(SSL_CERT *c, X509 *cert)
+ssl_cert_add1_chain_cert(SSL_CTX *ctx, SSL *ssl, X509 *cert)
{
- if (!ssl_cert_add0_chain_cert(c, cert))
+ if (!ssl_cert_add0_chain_cert(ctx, ssl, cert))
return 0;
X509_up_ref(cert);
-/* $OpenBSD: ssl_locl.h,v 1.406 2022/06/29 21:17:22 tb Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.407 2022/06/29 21:18:04 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
SSL_CERT *ssl_get0_cert(SSL_CTX *ctx, SSL *ssl);
int ssl_cert_set0_chain(SSL_CTX *ctx, SSL *ssl, STACK_OF(X509) *chain);
int ssl_cert_set1_chain(SSL_CTX *ctx, SSL *ssl, STACK_OF(X509) *chain);
-int ssl_cert_add0_chain_cert(SSL_CERT *c, X509 *cert);
-int ssl_cert_add1_chain_cert(SSL_CERT *c, X509 *cert);
+int ssl_cert_add0_chain_cert(SSL_CTX *ctx, SSL *ssl, X509 *cert);
+int ssl_cert_add1_chain_cert(SSL_CTX *ctx, SSL *ssl, X509 *cert);
int ssl_security_default_cb(const SSL *ssl, const SSL_CTX *ctx, int op,
int bits, int nid, void *other, void *ex_data);
-/* $OpenBSD: ssl_rsa.c,v 1.43 2022/06/29 21:17:22 tb Exp $ */
+/* $OpenBSD: ssl_rsa.c,v 1.44 2022/06/29 21:18:04 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
{
pem_password_cb *passwd_cb;
void *passwd_arg;
- SSL_CERT *cert;
X509 *ca, *x = NULL;
unsigned long err;
int ret = 0;
goto err;
}
- if ((cert = ssl_get0_cert(ctx, ssl)) == NULL)
- goto err;
-
if (!ssl_set_cert(ctx, ssl, x))
goto err;
/* Process any additional CA certificates. */
while ((ca = PEM_read_bio_X509(in, NULL, passwd_cb, passwd_arg)) !=
NULL) {
- if (!ssl_cert_add0_chain_cert(cert, ca)) {
+ if (!ssl_cert_add0_chain_cert(ctx, ssl, ca)) {
X509_free(ca);
goto err;
}
projects / openbsd / commitdiff