rpk->privatekey = cpk->privatekey;
CRYPTO_add(&cpk->privatekey->references, 1,
CRYPTO_LOCK_EVP_PKEY);
-
- switch(i)
- {
- /* If there was anything special to do for
- * certain types of keys, we'd do it here.
- * (Nothing at the moment, I think.) */
-
- case SSL_PKEY_RSA_ENC:
- case SSL_PKEY_RSA_SIGN:
- /* We have an RSA key. */
- break;
-
- case SSL_PKEY_DSA_SIGN:
- /* We have a DSA key. */
- break;
-
- case SSL_PKEY_DH_RSA:
- case SSL_PKEY_DH_DSA:
- /* We have a DH key. */
- break;
-
- case SSL_PKEY_ECC:
- /* We have an ECC key */
- break;
-
- default:
- /* Can't happen. */
- SSLerr(SSL_F_SSL_CERT_DUP, SSL_R_LIBRARY_BUG);
- }
}
if (cpk->chain)
ret->sec_ex = cert->sec_ex;
#ifndef OPENSSL_NO_TLSEXT
- if (cert->custom_cli_ext_records_count)
- {
- ret->custom_cli_ext_records = BUF_memdup(cert->custom_cli_ext_records, sizeof(custom_cli_ext_record) * cert->custom_cli_ext_records_count);
- if (ret->custom_cli_ext_records == NULL)
- goto err;
- ret->custom_cli_ext_records_count =
- cert->custom_cli_ext_records_count;
- }
-
- if (cert->custom_srv_ext_records_count)
- {
- ret->custom_srv_ext_records = BUF_memdup(cert->custom_srv_ext_records, sizeof(custom_srv_ext_record) * cert->custom_srv_ext_records_count);
- if (ret->custom_srv_ext_records == NULL)
- goto err;
- ret->custom_srv_ext_records_count =
- cert->custom_srv_ext_records_count;
- }
-
+ if (!custom_exts_copy(&ret->cli_ext, &cert->cli_ext))
+ goto err;
+ if (!custom_exts_copy(&ret->srv_ext, &cert->srv_ext))
+ goto err;
#endif
return(ret);
#endif
#ifndef OPENSSL_NO_TLSEXT
- if (ret->custom_cli_ext_records)
- OPENSSL_free(ret->custom_cli_ext_records);
- if (ret->custom_srv_ext_records)
- OPENSSL_free(ret->custom_srv_ext_records);
+ custom_exts_free(&ret->cli_ext);
+ custom_exts_free(&ret->srv_ext);
#endif
ssl_cert_clear_certs(ret);
if (c->ciphers_raw)
OPENSSL_free(c->ciphers_raw);
#ifndef OPENSSL_NO_TLSEXT
- if (c->custom_cli_ext_records)
- OPENSSL_free(c->custom_cli_ext_records);
- if (c->custom_srv_ext_records)
- OPENSSL_free(c->custom_srv_ext_records);
+ custom_exts_free(&c->cli_ext);
+ custom_exts_free(&c->srv_ext);
#endif
OPENSSL_free(c);
}
/* No ciphers below security level */
if (bits < minbits)
return 0;
- /* No SSLv2 ciphers */
- if ((SSL_CIPHER_get_id(c) >> 24) == 0x2)
- return 0;
/* No unauthenticated ciphersuites */
if (c->algorithm_auth & SSL_aNULL)
return 0;
break;
}
case SSL_SECOP_VERSION:
- /* SSLv2 allowed only on level zero */
- if (nid == SSL2_VERSION)
- return 0;
/* SSLv3 not allowed on level 2 */
if (nid <= SSL3_VERSION && level >= 2)
return 0;
if (level >= 3)
return 0;
break;
- case SSL_SECOP_SSL2_COMPAT:
- /* SSLv2 compatible client hello only for level zero */
- return 0;
default:
if (bits < minbits)
return 0;