feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

remove SSL caList pointer, only use SSL_CTX one as current

Browse Source
This commit is contained in:
Todd A Ouska
2011-04-13 12:28:01 -07:00
parent 58589b4f9b
commit 2da2e15484
3 changed files with 12 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
include/cyassl_int.h
View File

@ -619,7 +619,7 @@ void SSL_CtxResourceFree(SSL_CTX*);
int DeriveTlsKeys(SSL* ssl);
int ProcessOldClientHello(SSL* ssl, const byte* input, word32* inOutIdx,
word32 inSz, word16 sz);
int AddCA(SSL_CTX* ctx, buffer der, SSL*);
int AddCA(SSL_CTX* ctx, buffer der);
int IsCA(SSL_CTX* ctx, byte* hash);
/* All cipher suite related info */
@ -983,7 +983,6 @@ struct SSL {
#endif
Hashes verifyHashes;
Hashes certHashes; /* for cert verify */
Signer* caList; /* SSL_CTX owns */
Buffers buffers;
Options options;
Arrays arrays;

13
src/cyassl_int.c
View File

@ -705,7 +705,6 @@ int InitSSL(SSL* ssl, SSL_CTX* ctx)
ssl->buffers.key = ctx->privateKey;
ssl->buffers.weOwnCert = 0;
ssl->buffers.weOwnKey = 0;
ssl->caList = ctx->caList;
#ifdef OPENSSL_EXTRA
ssl->peerCert.issuer.sz = 0;
@ -1450,7 +1449,7 @@ static int DoCertificate(SSL* ssl, byte* input, word32* inOutIdx)
InitDecodedCert(&dCert, myCert.buffer, ssl->heap);
ret = ParseCertRelative(&dCert, myCert.length, CERT_TYPE,
!ssl->options.verifyNone, ssl->caList);
!ssl->options.verifyNone, ssl->ctx->caList);
if (ret == 0 && !IsCA(ssl->ctx, dCert.subjectHash)) {
buffer add;
add.length = myCert.length;
@ -1462,9 +1461,13 @@ static int DoCertificate(SSL* ssl, byte* input, word32* inOutIdx)
return MEMORY_E;
XMEMCPY(add.buffer, myCert.buffer, myCert.length);
ret = AddCA(ssl->ctx, add, ssl);
ret = AddCA(ssl->ctx, add);
if (ret == 1) ret = 0; /* SSL_SUCCESS for external */
}
else if (ret != 0)
CYASSL_MSG("Failed to verify CA from chain");
else
CYASSL_MSG("Verified CA from chain and already had it");
if (ret != 0 && anyError == 0)
anyError = ret; /* save error from last time */
@ -1482,7 +1485,9 @@ static int DoCertificate(SSL* ssl, byte* input, word32* inOutIdx)
InitDecodedCert(&dCert, myCert.buffer, ssl->heap);
ret = ParseCertRelative(&dCert, myCert.length, CERT_TYPE,
!ssl->options.verifyNone, ssl->caList);
!ssl->options.verifyNone, ssl->ctx->caList);
if (ret != 0)
CYASSL_MSG("Failed to verify Peer's cert");
ssl->options.havePeerCert = 1;
/* set X509 format */
#ifdef OPENSSL_EXTRA

6
src/ssl.c
View File

@ -335,7 +335,7 @@ Signer* GetCA(Signer* signers, byte* hash)
/* owns der, cyassl_int now uses too */
int AddCA(SSL_CTX* ctx, buffer der, SSL* ssl)
int AddCA(SSL_CTX* ctx, buffer der)
{
word32 ret;
DecodedCert cert;
@ -364,8 +364,6 @@ int AddCA(SSL_CTX* ctx, buffer der, SSL* ssl)
if (LockMutex(&ca_mutex) == 0) {
signer->next = ctx->caList;
ctx->caList = signer; /* takes ownership */
if (ssl)
ssl->caList = ctx->caList;
UnLockMutex(&ca_mutex);
}
else
@ -719,7 +717,7 @@ int AddCA(SSL_CTX* ctx, buffer der, SSL* ssl)
#endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */
if (type == CA_TYPE)
return AddCA(ctx, der, ssl); /* takes der over */
return AddCA(ctx, der); /* takes der over */
else if (type == CERT_TYPE) {
if (ssl) {
if (ssl->buffers.weOwnCert && ssl->buffers.certificate.buffer)