diff options
author | jkim <jkim@FreeBSD.org> | 2013-02-13 23:07:20 +0000 |
---|---|---|
committer | jkim <jkim@FreeBSD.org> | 2013-02-13 23:07:20 +0000 |
commit | 754bee57763650b50ece26c6f026c1795b4132d8 (patch) | |
tree | 265bba8e82f9a88ce59fc212bc8bf5e01c270b16 /crypto/openssl/ssl/ssl_lib.c | |
parent | a6d6a2787087806f8a0ae6290d1df47c9471a269 (diff) | |
parent | 9069337c8384d04bea914cdfac40b533e60cade6 (diff) | |
download | FreeBSD-src-754bee57763650b50ece26c6f026c1795b4132d8.zip FreeBSD-src-754bee57763650b50ece26c6f026c1795b4132d8.tar.gz |
Merge OpenSSL 1.0.1e.
Approved by: secteam (simon), benl (silence)
Diffstat (limited to 'crypto/openssl/ssl/ssl_lib.c')
-rw-r--r-- | crypto/openssl/ssl/ssl_lib.c | 26 |
1 files changed, 20 insertions, 6 deletions
diff --git a/crypto/openssl/ssl/ssl_lib.c b/crypto/openssl/ssl/ssl_lib.c index f82d071..14d143d 100644 --- a/crypto/openssl/ssl/ssl_lib.c +++ b/crypto/openssl/ssl/ssl_lib.c @@ -597,8 +597,10 @@ void SSL_free(SSL *s) OPENSSL_free(s->next_proto_negotiated); #endif +#ifndef OPENSSL_NO_SRTP if (s->srtp_profiles) sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles); +#endif OPENSSL_free(s); } @@ -1952,8 +1954,10 @@ void SSL_CTX_free(SSL_CTX *a) a->comp_methods = NULL; #endif +#ifndef OPENSSL_NO_SRTP if (a->srtp_profiles) sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles); +#endif #ifndef OPENSSL_NO_PSK if (a->psk_identity_hint) @@ -2287,7 +2291,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) #endif /* THIS NEEDS CLEANING UP */ -X509 *ssl_get_server_send_cert(SSL *s) +CERT_PKEY *ssl_get_server_send_pkey(const SSL *s) { unsigned long alg_k,alg_a; CERT *c; @@ -2342,12 +2346,20 @@ X509 *ssl_get_server_send_cert(SSL *s) i=SSL_PKEY_GOST01; else /* if (alg_a & SSL_aNULL) */ { - SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,ERR_R_INTERNAL_ERROR); + SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY,ERR_R_INTERNAL_ERROR); return(NULL); } - if (c->pkeys[i].x509 == NULL) return(NULL); - return(c->pkeys[i].x509); + return c->pkeys + i; + } + +X509 *ssl_get_server_send_cert(const SSL *s) + { + CERT_PKEY *cpk; + cpk = ssl_get_server_send_pkey(s); + if (!cpk) + return NULL; + return cpk->x509; } EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher, const EVP_MD **pmd) @@ -2608,7 +2620,7 @@ const char *SSL_get_version(const SSL *s) return("TLSv1.2"); else if (s->version == TLS1_1_VERSION) return("TLSv1.1"); - if (s->version == TLS1_VERSION) + else if (s->version == TLS1_VERSION) return("TLSv1"); else if (s->version == SSL3_VERSION) return("SSLv3"); @@ -2780,7 +2792,9 @@ void ssl_clear_cipher_ctx(SSL *s) /* Fix this function so that it takes an optional type parameter */ X509 *SSL_get_certificate(const SSL *s) { - if (s->cert != NULL) + if (s->server) + return(ssl_get_server_send_cert(s)); + else if (s->cert != NULL) return(s->cert->key->x509); else return(NULL); |