memset(ret, 0, sizeof(*ret));
ret->key = &ret->pkeys[cert->key - cert->pkeys];
- ret->valid = cert->valid;
- ret->mask_k = cert->mask_k;
- ret->mask_a = cert->mask_a;
- ret->export_mask_k = cert->export_mask_k;
- ret->export_mask_a = cert->export_mask_a;
#ifndef OPENSSL_NO_RSA
if (cert->rsa_tmp != NULL) {
goto err;
}
}
-#ifndef OPENSSL_NO_TLSEXT
if (cert->pkeys[i].serverinfo != NULL) {
/* Just copy everything. */
ret->pkeys[i].serverinfo =
cert->pkeys[i].serverinfo,
cert->pkeys[i].serverinfo_length);
}
-#endif
}
ret->references = 1;
ret->sec_level = cert->sec_level;
ret->sec_ex = cert->sec_ex;
-#ifndef OPENSSL_NO_TLSEXT
if (!custom_exts_copy(&ret->cli_ext, &cert->cli_ext))
goto err;
if (!custom_exts_copy(&ret->srv_ext, &cert->srv_ext))
goto err;
-#endif
return (ret);
cpk->privatekey = NULL;
sk_X509_pop_free(cpk->chain, X509_free);
cpk->chain = NULL;
-#ifndef OPENSSL_NO_TLSEXT
OPENSSL_free(cpk->serverinfo);
cpk->serverinfo = NULL;
cpk->serverinfo_length = 0;
-#endif
}
}
OPENSSL_free(c->ctypes);
X509_STORE_free(c->verify_store);
X509_STORE_free(c->chain_store);
-#ifndef OPENSSL_NO_TLSEXT
custom_exts_free(&c->cli_ext);
custom_exts_free(&c->srv_ext);
-#endif
OPENSSL_free(c);
}
c->cert_cb_arg = arg;
}
-SESS_CERT *ssl_sess_cert_new(void)
-{
- SESS_CERT *ret;
-
- ret = OPENSSL_malloc(sizeof(*ret));
- if (ret == NULL) {
- SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
-
- memset(ret, 0, sizeof(*ret));
- ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]);
- ret->references = 1;
-
- return ret;
-}
-
-void ssl_sess_cert_free(SESS_CERT *sc)
-{
- int i;
-
- if (sc == NULL)
- return;
-
- i = CRYPTO_add(&sc->references, -1, CRYPTO_LOCK_SSL_SESS_CERT);
-#ifdef REF_PRINT
- REF_PRINT("SESS_CERT", sc);
-#endif
- if (i > 0)
- return;
-#ifdef REF_CHECK
- if (i < 0) {
- fprintf(stderr, "ssl_sess_cert_free, bad reference count\n");
- abort(); /* ok */
- }
-#endif
-
- /* i == 0 */
- sk_X509_pop_free(sc->cert_chain, X509_free);
- for (i = 0; i < SSL_PKEY_NUM; i++) {
- X509_free(sc->peer_pkeys[i].x509);
-#if 0
- /*
- * We don't have the peer's private key. This line is just
- * here as a reminder that we're still using a not-quite-appropriate
- * data structure.
- */
- EVP_PKEY_free(sc->peer_pkeys[i].privatekey);
-#endif
- }
-
-#ifndef OPENSSL_NO_RSA
- RSA_free(sc->peer_rsa_tmp);
-#endif
-#ifndef OPENSSL_NO_DH
- DH_free(sc->peer_dh_tmp);
-#endif
-#ifndef OPENSSL_NO_EC
- EC_KEY_free(sc->peer_ecdh_tmp);
-#endif
-
- OPENSSL_free(sc);
-}
-
-int ssl_set_peer_cert_type(SESS_CERT *sc, int type)
-{
- sc->peer_cert_type = type;
- return (1);
-}
-
int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk)
{
X509 *x;