return X509_VERIFY_PARAM_set1(ssl->param, vpm);
}
+X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx)
+ {
+ return ctx->param;
+ }
+
+X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl)
+ {
+ return ssl->param;
+ }
+
void SSL_certs_clear(SSL *s)
{
ssl_cert_clear_certs(s->cert);
if (s->srtp_profiles)
sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
-#ifndef OPENSSL_NO_DANE
- if (s->tlsa_record && s->tlsa_record!=(void *)-1)
- OPENSSL_free(s->tlsa_record);
-#endif
-
OPENSSL_free(s);
}
}
else
return ssl_put_cipher_by_char(s,NULL,NULL);
-#ifndef OPENSSL_NO_DANE
- case SSL_CTRL_PULL_TLSA_RECORD:
- parg = SSL_get_tlsa_record_byname (parg,larg,s->version<0xF000?1:0);
- /* yes, fall through */
- case SSL_CTRL_SET_TLSA_RECORD:
- s->tlsa_record = parg;
- return 1;
-#endif
default:
return(s->method->ssl_ctrl(s,cmd,larg,parg));
}
p=buf;
sk=s->session->ciphers;
+
+ if (sk_SSL_CIPHER_num(sk) == 0)
+ return NULL;
+
for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
{
int n;
return -1;
}
-# ifndef OPENSSL_NO_NEXTPROTONEG
/* SSL_select_next_proto implements the standard protocol selection. It is
* expected that this function is called from the callback set by
* SSL_CTX_set_next_proto_select_cb.
return status;
}
+# ifndef OPENSSL_NO_NEXTPROTONEG
/* SSL_get0_next_proto_negotiated sets *data and *len to point to the client's
* requested protocol for this connection and returns 0. If the client didn't
* request any protocol, then *data is set to NULL.
else
*len = ssl->s3->alpn_selected_len;
}
+
#endif /* !OPENSSL_NO_TLSEXT */
int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
int i;
c = s->cert;
+ if (!s->s3 || !s->s3->tmp.new_cipher)
+ return NULL;
ssl_set_cert_masks(c, s->s3->tmp.new_cipher);
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
}
#ifndef OPENSSL_NO_TLSEXT
-unsigned char *ssl_get_authz_data(SSL *s, size_t *authz_length)
- {
- CERT *c;
- int i;
-
- c = s->cert;
- i = ssl_get_server_cert_index(s);
-
- if (i == -1)
- return NULL;
-
- *authz_length = 0;
- if (c->pkeys[i].authz == NULL)
- return(NULL);
- *authz_length = c->pkeys[i].authz_length;
-
- return c->pkeys[i].authz;
- }
-
int ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverinfo,
size_t *serverinfo_length)
{
}
}
+const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx)
+ {
+ return ctx->method;
+ }
+
const SSL_METHOD *SSL_get_ssl_method(SSL *s)
{
return(s->method);
OPENSSL_free(s->enc_write_ctx);
s->enc_write_ctx=NULL;
}
- if (s->aead_read_ctx != NULL)
- {
- EVP_AEAD_CTX_cleanup(&s->aead_read_ctx->ctx);
- OPENSSL_free(s->aead_read_ctx);
- s->aead_read_ctx = NULL;
- }
- if (s->aead_write_ctx != NULL)
- {
- EVP_AEAD_CTX_cleanup(&s->aead_write_ctx->ctx);
- OPENSSL_free(s->aead_write_ctx);
- s->aead_write_ctx = NULL;
- }
#ifndef OPENSSL_NO_COMP
if (s->expand != NULL)
{
#endif
}
-/* Fix this function so that it takes an optional type parameter */
X509 *SSL_get_certificate(const SSL *s)
{
if (s->cert != NULL)
return(NULL);
}
-/* Fix this function so that it takes an optional type parameter */
-EVP_PKEY *SSL_get_privatekey(SSL *s)
+EVP_PKEY *SSL_get_privatekey(const SSL *s)
{
if (s->cert != NULL)
return(s->cert->key->privatekey);
return(NULL);
}
+X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx)
+ {
+ if (ctx->cert != NULL)
+ return ctx->cert->key->x509;
+ else
+ return NULL;
+ }
+
+EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx)
+ {
+ if (ctx->cert != NULL)
+ return ctx->cert->key->privatekey;
+ else
+ return NULL ;
+ }
+
const SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
{
if ((s->session != NULL) && (s->session->cipher != NULL))