diff options
author | David Benjamin <davidben@chromium.org> | 2015-06-07 17:53:32 +0300 |
---|---|---|
committer | Adam Langley <agl@google.com> | 2015-06-09 01:13:45 +0300 |
commit | b31040d0d8bbfa563a39e2321131074816d9d21b (patch) | |
tree | daa27ec3ef9985512b241008b96cb00553b7251a /ssl/ssl_cert.c | |
parent | c7a3a148721c2b02ed31297bcc2a823949225e67 (diff) |
Get rid of CERT_PKEY slots in SESS_CERT.
This doesn't even change behavior. Unlike local configuration, the peer
can never have multiple certificates anyway. (Even with a renego, the
SESS_CERT is created anew.)
This does lose the implicit certificate type check, but the certificate
type is already checked in ssl3_get_server_certificate and later checked
post-facto in ssl3_check_cert_and_algorithm (except that one seems to
have some bugs like it accepts ECDSA certificates for RSA cipher suites,
to be cleaned up in a follow-up). Either way, we have the certificate
mismatch tests for this.
BUG=486295
Change-Id: I437bb723bb310ad54ee4150eda67c1cfe43377b3
Reviewed-on: https://boringssl-review.googlesource.com/5044
Reviewed-by: Adam Langley <agl@google.com>
Diffstat (limited to 'ssl/ssl_cert.c')
-rw-r--r-- | ssl/ssl_cert.c | 14 |
1 files changed, 1 insertions, 13 deletions
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index f1fd6751..f27685d1 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -409,35 +409,23 @@ SESS_CERT *ssl_sess_cert_new(void) { } memset(ret, 0, sizeof *ret); - ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]); return ret; } void ssl_sess_cert_free(SESS_CERT *sc) { - int i; - if (sc == NULL) { return; } sk_X509_pop_free(sc->cert_chain, X509_free); - - for (i = 0; i < SSL_PKEY_NUM; i++) { - X509_free(sc->peer_pkeys[i].x509); - } - + X509_free(sc->peer_cert); DH_free(sc->peer_dh_tmp); EC_KEY_free(sc->peer_ecdh_tmp); OPENSSL_free(sc); } -int ssl_set_peer_cert_type(SESS_CERT *sc, int type) { - sc->peer_cert_type = type; - return 1; -} - int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk) { X509 *x; int i; |