wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 20:24:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

add connect to get peer cert only

Browse Source
This commit is contained in:
Todd A Ouska
2011-08-17 12:33:36 -07:00
parent 9b02ec95ef
commit 501bddae75
4 changed files with 29 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
include/cyassl_int.h
View File

@@ -927,6 +927,7 @@ typedef struct Options {
byte processReply; /* nonblocking resume */ byte processReply; /* nonblocking resume */
byte partialWrite; /* only one msg per write call */ byte partialWrite; /* only one msg per write call */
byte quietShutdown; /* don't send close notify */ byte quietShutdown; /* don't send close notify */
byte certOnly; /* stop once we get cert */
#ifndef NO_PSK #ifndef NO_PSK
byte havePSK; /* psk key set by user */ byte havePSK; /* psk key set by user */
psk_client_callback client_psk_cb; psk_client_callback client_psk_cb;

3
include/openssl/ssl.h
View File

@@ -646,6 +646,9 @@ CYASSL_API int CyaSSL_get_chain_cert_pem(X509_CHAIN*, int idx,
CYASSL_API const unsigned char* CyaSSL_get_sessionID(const SSL_SESSION* sess); CYASSL_API const unsigned char* CyaSSL_get_sessionID(const SSL_SESSION* sess);
CYASSL_API int CyaSSL_X509_get_serial_number(X509*, unsigned char*, int*); CYASSL_API int CyaSSL_X509_get_serial_number(X509*, unsigned char*, int*);
/* connect enough to get peer cert */
CYASSL_API int CyaSSL_connect_cert(SSL* ssl);
/* server CTX Diffie-Hellman parameters */ /* server CTX Diffie-Hellman parameters */
CYASSL_API int CyaSSL_SetTmpDH(SSL*, unsigned char* p, int pSz, CYASSL_API int CyaSSL_SetTmpDH(SSL*, unsigned char* p, int pSz,
unsigned char* g, int gSz); unsigned char* g, int gSz);

1
src/cyassl_int.c
View File

@@ -721,6 +721,7 @@ int InitSSL(SSL* ssl, SSL_CTX* ctx)
ssl->options.dtls = 0; ssl->options.dtls = 0;
ssl->options.partialWrite = ctx->partialWrite; ssl->options.partialWrite = ctx->partialWrite;
ssl->options.quietShutdown = ctx->quietShutdown; ssl->options.quietShutdown = ctx->quietShutdown;
ssl->options.certOnly = 0;
/* SSL_CTX still owns certificate, certChain, key, and caList buffers */ /* SSL_CTX still owns certificate, certChain, key, and caList buffers */
ssl->buffers.certificate = ctx->certificate; ssl->buffers.certificate = ctx->certificate;

24
src/ssl.c
View File

@@ -1333,6 +1333,9 @@ int SSL_CTX_set_cipher_list(SSL_CTX* ctx, const char* list)
CYASSL_MSG("connect state: HELLO_AGAIN"); CYASSL_MSG("connect state: HELLO_AGAIN");
case HELLO_AGAIN : case HELLO_AGAIN :
if (ssl->options.certOnly)
return SSL_SUCCESS;
#ifdef CYASSL_DTLS #ifdef CYASSL_DTLS
if (ssl->options.dtls && !ssl->options.resuming) { if (ssl->options.dtls && !ssl->options.resuming) {
/* re-init hashes, exclude first hello and verify request */ /* re-init hashes, exclude first hello and verify request */
@@ -4198,5 +4201,26 @@ const byte* CyaSSL_get_sessionID(const SSL_SESSION* session)
} }
/* connect enough to get peer cert chain, no validation */
int CyaSSL_connect_cert(SSL* ssl)
{
int ret;
byte oldVerify;
if (ssl == NULL)
return SSL_FAILURE;
oldVerify = ssl->options.verifyNone;
ssl->options.verifyNone = 1;
ssl->options.certOnly = 1;
ret = SSL_connect(ssl);
ssl->options.verifyNone = oldVerify;
ssl->options.certOnly = 0;
return ret;
}
#endif /* SESSION_CERTS */ #endif /* SESSION_CERTS */