Tidy/enhance certificate chain output code.
[openssl.git] / ssl / d1_both.c
index 0a84f95..ad2d1fc 100644 (file)
@@ -992,70 +992,14 @@ int dtls1_send_change_cipher_spec(SSL *s, int a, int b)
        return(dtls1_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC));
        }
 
-static int dtls1_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
-       {
-       int n;
-       unsigned char *p;
-
-       n=i2d_X509(x,NULL);
-       if (!BUF_MEM_grow_clean(buf,(int)(n+(*l)+3)))
-               {
-               SSLerr(SSL_F_DTLS1_ADD_CERT_TO_BUF,ERR_R_BUF_LIB);
-               return 0;
-               }
-       p=(unsigned char *)&(buf->data[*l]);
-       l2n3(n,p);
-       i2d_X509(x,&p);
-       *l+=n+3;
-
-       return 1;
-       }
 unsigned long dtls1_output_cert_chain(SSL *s, X509 *x)
        {
        unsigned char *p;
-       int i;
        unsigned long l= 3 + DTLS1_HM_HEADER_LENGTH;
-       BUF_MEM *buf;
+       BUF_MEM *buf=s->init_buf;
 
-       /* TLSv1 sends a chain with nothing in it, instead of an alert */
-       buf=s->init_buf;
-       if (!BUF_MEM_grow_clean(buf,10))
-               {
-               SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
-               return(0);
-               }
-       if (x != NULL)
-               {
-               X509_STORE_CTX xs_ctx;
-
-               if (!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,x,NULL))
-                       {
-                       SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
-                       return(0);
-                       }
-  
-               X509_verify_cert(&xs_ctx);
-               /* Don't leave errors in the queue */
-               ERR_clear_error();
-               for (i=0; i < sk_X509_num(xs_ctx.chain); i++)
-                       {
-                       x = sk_X509_value(xs_ctx.chain, i);
-
-                       if (!dtls1_add_cert_to_buf(buf, &l, x))
-                               {
-                               X509_STORE_CTX_cleanup(&xs_ctx);
-                               return 0;
-                               }
-                       }
-               X509_STORE_CTX_cleanup(&xs_ctx);
-               }
-       /* Thawte special :-) */
-       for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++)
-               {
-               x=sk_X509_value(s->ctx->extra_certs,i);
-               if (!dtls1_add_cert_to_buf(buf, &l, x))
-                       return 0;
-               }
+       if (!ssl_add_cert_chain(s, x, &l))
+               return 0;
 
        l-= (3 + DTLS1_HM_HEADER_LENGTH);