}
# ifndef OPENSSL_NO_HEARTBEATS
-int tls1_process_heartbeat(SSL *s)
+int tls1_process_heartbeat(SSL *s, unsigned char *p, unsigned int length)
{
- unsigned char *p = &s->s3->rrec.data[0], *pl;
+ unsigned char *pl;
unsigned short hbtype;
unsigned int payload;
unsigned int padding = 16; /* Use minimum padding */
if (s->msg_callback)
s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
- &s->s3->rrec.data[0], s->s3->rrec.length,
+ p, length,
s, s->msg_callback_arg);
/* Read type and payload length first */
- if (1 + 2 + 16 > s->s3->rrec.length)
+ if (1 + 2 + 16 > length)
return 0; /* silently discard */
hbtype = *p++;
n2s(p, payload);
- if (1 + 2 + payload + 16 > s->s3->rrec.length)
+ if (1 + 2 + payload + 16 > length)
return 0; /* silently discard per RFC 6520 sec. 4 */
pl = p;
/* Set validity of certificates in an SSL structure */
void tls1_set_cert_validity(SSL *s)
{
- /* Deliberately ignore all return values */
- if(tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA_ENC)
- || tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA_SIGN)
- || tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_DSA_SIGN)
- || tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_DH_RSA)
- || tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_DH_DSA)
- || tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_ECC));
+ tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA_ENC);
+ tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA_SIGN);
+ tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_DSA_SIGN);
+ tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_DH_RSA);
+ tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_DH_DSA);
+ tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_ECC);
}
/* User level utiity function to check a chain is suitable */