kris
/
boringssl
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Return per-certificate chain if extra chain is NULL. 

If an application calls the macro SSL_CTX_get_extra_chain_certs
return either the old "shared" extra certificates or those associated
with the current certificate.

This means applications which call SSL_CTX_use_certificate_chain_file
and retrieve the additional chain using SSL_CTX_get_extra_chain_certs
will still work. An application which only wants to check the shared
extra certificates can call the new macro
SSL_CTX_get_extra_chain_certs_only

(Imported from upstream's e0d4272a58 and
3bff195dca)
kris/onging/CECPQ3_patch15
Adam Langley 10 years ago
parent
6d43d0c4d6
commit
b6333d600e
2 changed files with 6 additions and 1 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +4
    -1
      ssl/s3_lib.c
  2. +2
    -0
      ssl/ssl.h

+ 4
- 1
ssl/s3_lib.c View File

@@ -3586,7 +3586,10 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
break;

case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
*(STACK_OF(X509) **)parg = ctx->extra_certs;
if (ctx->extra_certs == NULL && larg == 0)
*(STACK_OF(X509) **)parg = ctx->cert->key->chain;
else
*(STACK_OF(X509) **)parg = ctx->extra_certs;
break;

case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:


+ 2
- 0
ssl/ssl.h View File

@@ -2020,6 +2020,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
#define SSL_CTX_get_extra_chain_certs(ctx,px509) \
SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509)
#define SSL_CTX_get_extra_chain_certs_only(ctx,px509) \
SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,1,px509)
#define SSL_CTX_clear_extra_chain_certs(ctx) \
SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL)



Write Preview
Loading…
Cancel
Save