forked from wolfSSL/wolfssl
Rework implementation to use existing weOwnCert logic
This commit is contained in:
Colton Willey
@ -6816,6 +6816,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ssl->buffers.weOwnCert = TRUE;
|
||||||
ret = WOLFSSL_SUCCESS;
|
ret = WOLFSSL_SUCCESS;
|
||||||
}
|
}
|
||||||
if (ctx->certChain != NULL) {
|
if (ctx->certChain != NULL) {
|
||||||
@ -6829,6 +6830,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ssl->buffers.weOwnCertChain = TRUE;
|
||||||
ret = WOLFSSL_SUCCESS;
|
ret = WOLFSSL_SUCCESS;
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
|
|||||||
12
src/ssl.c
12
src/ssl.c
@ -10806,11 +10806,6 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
|
|||||||
return BAD_FUNC_ARG;
|
return BAD_FUNC_ARG;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef WOLFSSL_COPY_CERT
|
|
||||||
/* If WOLFSSL_COPY_CERT defined, always free cert buffers in SSL obj */
|
|
||||||
FreeDer(&ssl->buffers.certificate);
|
|
||||||
FreeDer(&ssl->buffers.certChain);
|
|
||||||
#endif
|
|
||||||
if (ssl->buffers.weOwnCert && !ssl->keepCert) {
|
if (ssl->buffers.weOwnCert && !ssl->keepCert) {
|
||||||
WOLFSSL_MSG("Unloading cert");
|
WOLFSSL_MSG("Unloading cert");
|
||||||
FreeDer(&ssl->buffers.certificate);
|
FreeDer(&ssl->buffers.certificate);
|
||||||
@ -19554,11 +19549,6 @@ void wolfSSL_certs_clear(WOLFSSL* ssl)
|
|||||||
/* ctx still owns certificate, certChain, key, dh, and cm */
|
/* ctx still owns certificate, certChain, key, dh, and cm */
|
||||||
if (ssl->buffers.weOwnCert)
|
if (ssl->buffers.weOwnCert)
|
||||||
FreeDer(&ssl->buffers.certificate);
|
FreeDer(&ssl->buffers.certificate);
|
||||||
#ifdef WOLFSSL_COPY_CERT
|
|
||||||
/* If WOLFSSL_COPY_CERT defined, always free cert buffers in SSL obj */
|
|
||||||
FreeDer(&ssl->buffers.certificate);
|
|
||||||
FreeDer(&ssl->buffers.certChain);
|
|
||||||
#endif
|
|
||||||
ssl->buffers.certificate = NULL;
|
ssl->buffers.certificate = NULL;
|
||||||
if (ssl->buffers.weOwnCertChain)
|
if (ssl->buffers.weOwnCertChain)
|
||||||
FreeDer(&ssl->buffers.certChain);
|
FreeDer(&ssl->buffers.certChain);
|
||||||
@ -20174,6 +20164,7 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ssl->buffers.weOwnCert = TRUE;
|
||||||
ret = WOLFSSL_SUCCESS;
|
ret = WOLFSSL_SUCCESS;
|
||||||
}
|
}
|
||||||
if (ctx->certChain != NULL) {
|
if (ctx->certChain != NULL) {
|
||||||
@ -20187,6 +20178,7 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ssl->buffers.weOwnCertChain = TRUE;
|
||||||
ret = WOLFSSL_SUCCESS;
|
ret = WOLFSSL_SUCCESS;
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
|
|||||||
@ -236,9 +236,6 @@ static int ProcessUserChainRetain(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
|
|||||||
/* Store in SSL object if available. */
|
/* Store in SSL object if available. */
|
||||||
if (ssl != NULL) {
|
if (ssl != NULL) {
|
||||||
/* Dispose of old chain if not reference to context's. */
|
/* Dispose of old chain if not reference to context's. */
|
||||||
#ifdef WOLFSSL_COPY_CERT
|
|
||||||
FreeDer(&ssl->buffers.certChain);
|
|
||||||
#endif
|
|
||||||
if (ssl->buffers.weOwnCertChain) {
|
if (ssl->buffers.weOwnCertChain) {
|
||||||
FreeDer(&ssl->buffers.certChain);
|
FreeDer(&ssl->buffers.certChain);
|
||||||
}
|
}
|
||||||
@ -2082,10 +2079,6 @@ static int ProcessBufferCertHandleDer(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
|
|||||||
/* Leaf certificate - our certificate. */
|
/* Leaf certificate - our certificate. */
|
||||||
else if (type == CERT_TYPE) {
|
else if (type == CERT_TYPE) {
|
||||||
if (ssl != NULL) {
|
if (ssl != NULL) {
|
||||||
#ifdef WOLFSSL_COPY_CERT
|
|
||||||
/* Always Free previously set if WOLFSSL_COPY_CERT defined */
|
|
||||||
FreeDer(&ssl->buffers.certificate);
|
|
||||||
#endif
|
|
||||||
/* Free previous certificate if we own it. */
|
/* Free previous certificate if we own it. */
|
||||||
if (ssl->buffers.weOwnCert) {
|
if (ssl->buffers.weOwnCert) {
|
||||||
FreeDer(&ssl->buffers.certificate);
|
FreeDer(&ssl->buffers.certificate);
|
||||||
@ -4567,10 +4560,6 @@ static int wolfssl_add_to_chain(DerBuffer** chain, int weOwn, const byte* cert,
|
|||||||
c32to24(certSz, newChain->buffer + len);
|
c32to24(certSz, newChain->buffer + len);
|
||||||
XMEMCPY(newChain->buffer + len + CERT_HEADER_SZ, cert, certSz);
|
XMEMCPY(newChain->buffer + len + CERT_HEADER_SZ, cert, certSz);
|
||||||
|
|
||||||
#ifdef WOLFSSL_COPY_CERT
|
|
||||||
FreeDer(chain);
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/* Dispose of old chain if we own it. */
|
/* Dispose of old chain if we own it. */
|
||||||
if (weOwn) {
|
if (weOwn) {
|
||||||
FreeDer(chain);
|
FreeDer(chain);
|
||||||
|
|||||||
Reference in New Issue
Block a user