=item int B<SSL_connect>(SSL *ssl);
-=item void B<SSL_copy_session_id>(SSL *t, const SSL *f);
+=item int B<SSL_copy_session_id>(SSL *t, const SSL *f);
+
+Sets the session details for B<t> to be the same as in B<f>. Returns 1 on
+success or 0 on failure.
=item long B<SSL_ctrl>(SSL *ssl, int cmd, long larg, char *parg);
B<SSLv2_client_method>, B<SSLv2_server_method> and B<SSLv2_method> where removed
in OpenSSL 1.1.0.
+The return type of B<SSL_copy_session_id> was changed from void to int in
+OpenSSL 1.1.0.
+
=cut
if ((((BIO_SSL *)t->ptr)->ssl == NULL) ||
(((BIO_SSL *)f->ptr)->ssl == NULL))
return (0);
- SSL_copy_session_id(((BIO_SSL *)t->ptr)->ssl, ((BIO_SSL *)f->ptr)->ssl);
+ if(!SSL_copy_session_id(((BIO_SSL *)t->ptr)->ssl, ((BIO_SSL *)f->ptr)->ssl))
+ return 0;
return (1);
}
if (dtls1_check_timeout_num(s) < 0)
return -1;
- /* Ignore retransmit failures - swallow return code */
- if(dtls1_retransmit_buffered_messages(s));
+ dtls1_retransmit_buffered_messages(s);
rr->length = 0;
goto start;
}
__owur unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s);
void SSL_SESSION_get0_ticket(const SSL_SESSION *s, unsigned char **tick,
size_t *len);
-void SSL_copy_session_id(SSL *to, const SSL *from);
+__owur int SSL_copy_session_id(SSL *to, const SSL *from);
__owur X509 *SSL_SESSION_get0_peer(SSL_SESSION *s);
__owur int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
unsigned int sid_ctx_len);
* Now in theory, since the calling process own 't' it should be safe to
* modify. We need to be able to read f without being hassled
*/
-void SSL_copy_session_id(SSL *t, const SSL *f)
+int SSL_copy_session_id(SSL *t, const SSL *f)
{
/* Do we need to to SSL locking? */
if(!SSL_set_session(t, SSL_get_session(f))) {
- /* How do we handle this!! void function */
- return;
+ return 0;
}
/*
ssl_cert_free(t->cert);
t->cert = f->cert;
if(!SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length)) {
- /* Really should do something about this..but void function - ignore */
- ;
+ return 0;
}
+
+ return 1;
}
/* Fix this so it checks all the valid key/cert options */
if (s->session != NULL) {
/* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */
- SSL_copy_session_id(ret, s);
+ if(!SSL_copy_session_id(ret, s))
+ goto err;
} else {
/*
* No session has been established yet, so we have to expect that
__owur int dtls1_retransmit_message(SSL *s, unsigned short seq,
unsigned long frag_off, int *found);
__owur int dtls1_get_queue_priority(unsigned short seq, int is_ccs);
-__owur int dtls1_retransmit_buffered_messages(SSL *s);
+int dtls1_retransmit_buffered_messages(SSL *s);
void dtls1_clear_record_buffer(SSL *s);
void dtls1_get_message_header(unsigned char *data,
struct hm_header_st *msg_hdr);
__owur int tls1_set_sigalgs_list(CERT *c, const char *str, int client);
__owur int tls1_set_sigalgs(CERT *c, const int *salg, size_t salglen, int client);
-__owur int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
+int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
int idx);
void tls1_set_cert_validity(SSL *s);
/* Set validity of certificates in an SSL structure */
void tls1_set_cert_validity(SSL *s)
{
- /* Deliberately ignore all return values */
- if(tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA_ENC)
- || tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA_SIGN)
- || tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_DSA_SIGN)
- || tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_DH_RSA)
- || tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_DH_DSA)
- || tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_ECC));
+ tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA_ENC);
+ tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA_SIGN);
+ tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_DSA_SIGN);
+ tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_DH_RSA);
+ tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_DH_DSA);
+ tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_ECC);
}
/* User level utiity function to check a chain is suitable */
projects / openssl.git / commitdiff