diff options
| author | David Benjamin <davidben@chromium.org> | 2014-07-08 22:34:10 +0400 |
|---|---|---|
| committer | Adam Langley <agl@google.com> | 2014-07-09 23:51:08 +0400 |
| commit | 676d1e780e96b201113958e8a6f2e787438f200b (patch) | |
| tree | 768af533e0fbcc2a5ef4ce8b6db88e8f5dda052d /ssl/ssl_cert.c | |
| parent | 8f2c20eb7068429b5883d6e334d9cb0f0102f44d (diff) | |
Separate client and server certificate_types.
This is the first of reorganizing state between connection state and handshake
state. The existing set are retained in cert_st for the server; they are server
configuration. The client gets a copy in s->s3->tmp alongside other handshake
state.
With other handshake state moved there, hopefully we can reset that state in
one go and possibly not even maintain it when there is no handshake in
progress. Rather than currently where we sometimes confused connection state
and handshake state and have to reset as appropriate on renegotiate.
While I'm here, document the fields and name them something more useful than
'ctypes'.
Change-Id: Ib927579f0004fc5c6854fce2127625df669b2b6d
Reviewed-on: https://boringssl-review.googlesource.com/1113
Reviewed-by: Adam Langley <agl@google.com>
Diffstat (limited to 'ssl/ssl_cert.c')
| -rw-r--r-- | ssl/ssl_cert.c | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index eab55962..e4523c35 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -116,6 +116,7 @@ #include <openssl/bio.h> #include <openssl/bn.h> +#include <openssl/buf.h> #include <openssl/dh.h> #include <openssl/err.h> #include <openssl/mem.h> @@ -356,13 +357,14 @@ CERT *ssl_cert_dup(CERT *cert) /* Shared sigalgs also NULL */ ret->shared_sigalgs = NULL; /* Copy any custom client certificate types */ - if (cert->ctypes) + if (cert->client_certificate_types) { - ret->ctypes = OPENSSL_malloc(cert->ctype_num); - if (!ret->ctypes) + ret->client_certificate_types = BUF_memdup( + cert->client_certificate_types, + cert->num_client_certificate_types); + if (!ret->client_certificate_types) goto err; - memcpy(ret->ctypes, cert->ctypes, cert->ctype_num); - ret->ctype_num = cert->ctype_num; + ret->num_client_certificate_types = cert->num_client_certificate_types; } ret->cert_flags = cert->cert_flags; @@ -457,8 +459,8 @@ void ssl_cert_free(CERT *c) OPENSSL_free(c->client_sigalgs); if (c->shared_sigalgs) OPENSSL_free(c->shared_sigalgs); - if (c->ctypes) - OPENSSL_free(c->ctypes); + if (c->client_certificate_types) + OPENSSL_free(c->client_certificate_types); if (c->verify_store) X509_STORE_free(c->verify_store); if (c->chain_store) |