Return per-certificate chain if extra chain is NULL.
If an application calls the macro SSL_CTX_get_extra_chain_certs return either the old "shared" extra certificates or those associated with the current certificate. This means applications which call SSL_CTX_use_certificate_chain_file and retrieve the additional chain using SSL_CTX_get_extra_chain_certs will still work. An application which only wants to check the shared extra certificates can call the new macro SSL_CTX_get_extra_chain_certs_only (Imported from upstream's e0d4272a583c760ce008b661b79baf8b3ff24561 and 3bff195dca617c4ec1630945fef93b792b418cc8)
This commit is contained in:
parent
6d43d0c4d6
commit
b6333d600e
@ -3586,6 +3586,9 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
|
case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
|
||||||
|
if (ctx->extra_certs == NULL && larg == 0)
|
||||||
|
*(STACK_OF(X509) **)parg = ctx->cert->key->chain;
|
||||||
|
else
|
||||||
*(STACK_OF(X509) **)parg = ctx->extra_certs;
|
*(STACK_OF(X509) **)parg = ctx->extra_certs;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
@ -2020,6 +2020,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
|
|||||||
SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
|
SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
|
||||||
#define SSL_CTX_get_extra_chain_certs(ctx,px509) \
|
#define SSL_CTX_get_extra_chain_certs(ctx,px509) \
|
||||||
SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509)
|
SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509)
|
||||||
|
#define SSL_CTX_get_extra_chain_certs_only(ctx,px509) \
|
||||||
|
SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,1,px509)
|
||||||
#define SSL_CTX_clear_extra_chain_certs(ctx) \
|
#define SSL_CTX_clear_extra_chain_certs(ctx) \
|
||||||
SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL)
|
SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user