/* Cipher 11 */
{
1,
- SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
- SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
- SSL_kEDH,
+ SSL3_TXT_DHE_DSS_DES_40_CBC_SHA,
+ SSL3_CK_DHE_DSS_DES_40_CBC_SHA,
+ SSL_kDHE,
SSL_aDSS,
SSL_DES,
SSL_SHA1,
/* Cipher 12 */
{
1,
- SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
- SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
- SSL_kEDH,
+ SSL3_TXT_DHE_DSS_DES_64_CBC_SHA,
+ SSL3_CK_DHE_DSS_DES_64_CBC_SHA,
+ SSL_kDHE,
SSL_aDSS,
SSL_DES,
SSL_SHA1,
/* Cipher 13 */
{
1,
- SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
- SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
- SSL_kEDH,
+ SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
+ SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
+ SSL_kDHE,
SSL_aDSS,
SSL_3DES,
SSL_SHA1,
/* Cipher 14 */
{
1,
- SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
- SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
- SSL_kEDH,
+ SSL3_TXT_DHE_RSA_DES_40_CBC_SHA,
+ SSL3_CK_DHE_RSA_DES_40_CBC_SHA,
+ SSL_kDHE,
SSL_aRSA,
SSL_DES,
SSL_SHA1,
/* Cipher 15 */
{
1,
- SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
- SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
- SSL_kEDH,
+ SSL3_TXT_DHE_RSA_DES_64_CBC_SHA,
+ SSL3_CK_DHE_RSA_DES_64_CBC_SHA,
+ SSL_kDHE,
SSL_aRSA,
SSL_DES,
SSL_SHA1,
/* Cipher 16 */
{
1,
- SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
- SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
- SSL_kEDH,
+ SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
+ SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
+ SSL_kDHE,
SSL_aRSA,
SSL_3DES,
SSL_SHA1,
1,
SSL3_TXT_ADH_RC4_40_MD5,
SSL3_CK_ADH_RC4_40_MD5,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aNULL,
SSL_RC4,
SSL_MD5,
1,
SSL3_TXT_ADH_RC4_128_MD5,
SSL3_CK_ADH_RC4_128_MD5,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aNULL,
SSL_RC4,
SSL_MD5,
1,
SSL3_TXT_ADH_DES_40_CBC_SHA,
SSL3_CK_ADH_DES_40_CBC_SHA,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aNULL,
SSL_DES,
SSL_SHA1,
1,
SSL3_TXT_ADH_DES_64_CBC_SHA,
SSL3_CK_ADH_DES_64_CBC_SHA,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aNULL,
SSL_DES,
SSL_SHA1,
1,
SSL3_TXT_ADH_DES_192_CBC_SHA,
SSL3_CK_ADH_DES_192_CBC_SHA,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aNULL,
SSL_3DES,
SSL_SHA1,
1,
TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aDSS,
SSL_AES128,
SSL_SHA1,
1,
TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aRSA,
SSL_AES128,
SSL_SHA1,
1,
TLS1_TXT_ADH_WITH_AES_128_SHA,
TLS1_CK_ADH_WITH_AES_128_SHA,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aNULL,
SSL_AES128,
SSL_SHA1,
1,
TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aDSS,
SSL_AES256,
SSL_SHA1,
1,
TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aRSA,
SSL_AES256,
SSL_SHA1,
1,
TLS1_TXT_ADH_WITH_AES_256_SHA,
TLS1_CK_ADH_WITH_AES_256_SHA,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aNULL,
SSL_AES256,
SSL_SHA1,
1,
TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aDSS,
SSL_AES128,
SSL_SHA256,
1,
TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aDSS,
SSL_CAMELLIA128,
SSL_SHA1,
1,
TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aRSA,
SSL_CAMELLIA128,
SSL_SHA1,
1,
TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aNULL,
SSL_CAMELLIA128,
SSL_SHA1,
1,
TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aDSS,
SSL_DES,
SSL_SHA1,
1,
TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aDSS,
SSL_RC4,
SSL_SHA1,
1,
TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aDSS,
SSL_RC4,
SSL_SHA1,
1,
TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aRSA,
SSL_AES128,
SSL_SHA256,
1,
TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aDSS,
SSL_AES256,
SSL_SHA256,
1,
TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aRSA,
SSL_AES256,
SSL_SHA256,
1,
TLS1_TXT_ADH_WITH_AES_128_SHA256,
TLS1_CK_ADH_WITH_AES_128_SHA256,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aNULL,
SSL_AES128,
SSL_SHA256,
1,
TLS1_TXT_ADH_WITH_AES_256_SHA256,
TLS1_CK_ADH_WITH_AES_256_SHA256,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aNULL,
SSL_AES256,
SSL_SHA256,
1,
TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aDSS,
SSL_CAMELLIA256,
SSL_SHA1,
1,
TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aRSA,
SSL_CAMELLIA256,
SSL_SHA1,
1,
TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aNULL,
SSL_CAMELLIA256,
SSL_SHA1,
SSL_3DES,
SSL_SHA1,
SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
+ SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
168,
168,
SSL_AES128,
SSL_SHA1,
SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
+ SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
128,
SSL_AES256,
SSL_SHA1,
SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
+ SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
256,
256,
1,
TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
TLS1_CK_DHE_DSS_WITH_SEED_SHA,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aDSS,
SSL_SEED,
SSL_SHA1,
1,
TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
TLS1_CK_DHE_RSA_WITH_SEED_SHA,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aRSA,
SSL_SEED,
SSL_SHA1,
1,
TLS1_TXT_ADH_WITH_SEED_SHA,
TLS1_CK_ADH_WITH_SEED_SHA,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aNULL,
SSL_SEED,
SSL_SHA1,
1,
TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aRSA,
SSL_AES128GCM,
SSL_AEAD,
1,
TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aRSA,
SSL_AES256GCM,
SSL_AEAD,
1,
TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aDSS,
SSL_AES128GCM,
SSL_AEAD,
1,
TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aDSS,
SSL_AES256GCM,
SSL_AEAD,
1,
TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aNULL,
SSL_AES128GCM,
SSL_AEAD,
1,
TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aNULL,
SSL_AES256GCM,
SSL_AEAD,
1,
TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aECDSA,
SSL_eNULL,
SSL_SHA1,
1,
TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aECDSA,
SSL_RC4,
SSL_SHA1,
1,
TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aECDSA,
SSL_3DES,
SSL_SHA1,
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aECDSA,
SSL_AES128,
SSL_SHA1,
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aECDSA,
SSL_AES256,
SSL_SHA1,
1,
TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aRSA,
SSL_eNULL,
SSL_SHA1,
1,
TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aRSA,
SSL_RC4,
SSL_SHA1,
1,
TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aRSA,
SSL_3DES,
SSL_SHA1,
1,
TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aRSA,
SSL_AES128,
SSL_SHA1,
1,
TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aRSA,
SSL_AES256,
SSL_SHA1,
1,
TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
TLS1_CK_ECDH_anon_WITH_NULL_SHA,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aNULL,
SSL_eNULL,
SSL_SHA1,
1,
TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aNULL,
SSL_RC4,
SSL_SHA1,
1,
TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aNULL,
SSL_3DES,
SSL_SHA1,
1,
TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aNULL,
SSL_AES128,
SSL_SHA1,
1,
TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aNULL,
SSL_AES256,
SSL_SHA1,
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aECDSA,
SSL_AES128,
SSL_SHA256,
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aECDSA,
SSL_AES256,
SSL_SHA384,
1,
TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aRSA,
SSL_AES128,
SSL_SHA256,
1,
TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aRSA,
SSL_AES256,
SSL_SHA384,
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aECDSA,
SSL_AES128GCM,
SSL_AEAD,
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aECDSA,
SSL_AES256GCM,
SSL_AEAD,
1,
TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aRSA,
SSL_AES128GCM,
SSL_AEAD,
1,
TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aRSA,
SSL_AES256GCM,
SSL_AEAD,
SSL_SRP_CTX_free(s);
#endif
#ifndef OPENSSL_NO_TLSEXT
- if (s->s3->tlsext_authz_client_types != NULL)
- OPENSSL_free(s->s3->tlsext_authz_client_types);
- if (s->s3->tlsext_custom_types != NULL)
- OPENSSL_free(s->s3->tlsext_custom_types);
+ if (s->s3->serverinfo_client_tlsext_custom_types != NULL)
+ OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types);
#endif
OPENSSL_cleanse(s->s3,sizeof *s->s3);
OPENSSL_free(s->s3);
}
#endif
#ifndef OPENSSL_NO_TLSEXT
- if (s->s3->tlsext_authz_client_types != NULL)
- {
- OPENSSL_free(s->s3->tlsext_authz_client_types);
- s->s3->tlsext_authz_client_types = NULL;
- }
- if (s->s3->tlsext_custom_types != NULL)
+ if (s->s3->serverinfo_client_tlsext_custom_types != NULL)
{
- OPENSSL_free(s->s3->tlsext_custom_types);
- s->s3->tlsext_custom_types = NULL;
+ OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types);
+ s->s3->serverinfo_client_tlsext_custom_types = NULL;
}
- s->s3->tlsext_custom_types_count = 0;
-#endif
+ s->s3->serverinfo_client_tlsext_custom_types_count = 0;
+#ifndef OPENSSL_NO_EC
+ s->s3->is_probably_safari = 0;
+#endif /* !OPENSSL_NO_EC */
+#endif /* !OPENSSL_NO_TLSEXT */
rp = s->s3->rbuf.buf;
wp = s->s3->wbuf.buf;
else
return ssl_cert_add0_chain_cert(s->cert, (X509 *)parg);
+ case SSL_CTRL_GET_CHAIN_CERTS:
+ *(STACK_OF(X509) **)parg = s->cert->key->chain;
+ break;
+
+ case SSL_CTRL_SELECT_CURRENT_CERT:
+ return ssl_cert_select_current(s->cert, (X509 *)parg);
+
+ case SSL_CTRL_SET_CURRENT_CERT:
+ if (larg == SSL_CERT_SET_SERVER)
+ {
+ CERT_PKEY *cpk;
+ const SSL_CIPHER *cipher;
+ if (!s->server)
+ return 0;
+ cipher = s->s3->tmp.new_cipher;
+ if (!cipher)
+ return 0;
+ /* No certificate for unauthenticated ciphersuites */
+ if (cipher->algorithm_auth & SSL_aNULL)
+ return 2;
+ cpk = ssl_get_server_send_pkey(s);
+ if (!cpk)
+ return 0;
+ s->cert->key = cpk;
+ return 1;
+ }
+ return ssl_cert_set_current(s->cert, larg);
+
#ifndef OPENSSL_NO_EC
case SSL_CTRL_GET_CURVES:
{
case SSL_CTRL_SET_CHAIN_CERT_STORE:
return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
- case SSL_CTRL_SET_TLSEXT_AUTHZ_SERVER_AUDIT_PROOF_CB_ARG:
- ctx->tlsext_authz_server_audit_proof_cb_arg = parg;
- break;
-
#endif /* !OPENSSL_NO_TLSEXT */
/* A Thawte special :-) */
break;
case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
- *(STACK_OF(X509) **)parg = ctx->extra_certs;
+ if (ctx->extra_certs == NULL && larg == 0)
+ *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
+ else
+ *(STACK_OF(X509) **)parg = ctx->extra_certs;
break;
case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
else
return ssl_cert_add0_chain_cert(ctx->cert, (X509 *)parg);
+ case SSL_CTRL_GET_CHAIN_CERTS:
+ *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
+ break;
+
+ case SSL_CTRL_SELECT_CURRENT_CERT:
+ return ssl_cert_select_current(ctx->cert, (X509 *)parg);
+
+ case SSL_CTRL_SET_CURRENT_CERT:
+ return ssl_cert_set_current(ctx->cert, larg);
+
default:
return(0);
}
ctx->srp_ctx.SRP_give_srp_client_pwd_callback=(char *(*)(SSL *,void *))fp;
break;
#endif
-
- case SSL_CTRL_SET_TLSEXT_AUTHZ_SERVER_AUDIT_PROOF_CB:
- ctx->tlsext_authz_server_audit_proof_cb =
- (int (*)(SSL *, void *))fp;
- break;
-
#endif
case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
{
#ifndef OPENSSL_NO_EC
/* if we are considering an ECC cipher suite that uses
* an ephemeral EC key check it */
- if (alg_k & SSL_kEECDH)
+ if (alg_k & SSL_kECDHE)
ok = ok && tls1_check_ec_tmp_key(s, c->id);
#endif /* OPENSSL_NO_EC */
#endif /* OPENSSL_NO_TLSEXT */
ii=sk_SSL_CIPHER_find(allow,c);
if (ii >= 0)
{
+#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT)
+ if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA) && s->s3->is_probably_safari)
+ {
+ if (!ret) ret=sk_SSL_CIPHER_value(allow,ii);
+ continue;
+ }
+#endif
ret=sk_SSL_CIPHER_value(allow,ii);
break;
}
#endif
#ifndef OPENSSL_NO_DH
- if (alg_k & (SSL_kDHr|SSL_kEDH))
+ if (alg_k & (SSL_kDHr|SSL_kDHE))
{
# ifndef OPENSSL_NO_RSA
/* Since this refers to a certificate signed with an RSA
# endif
}
if ((s->version == SSL3_VERSION) &&
- (alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
+ (alg_k & (SSL_kDHE|SSL_kDHd|SSL_kDHr)))
{
# ifndef OPENSSL_NO_RSA
p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
#ifndef OPENSSL_NO_ECDSA
/* ECDSA certs can be used with RSA cipher suites as well
- * so we don't need to check for SSL_kECDH or SSL_kEECDH
+ * so we don't need to check for SSL_kECDH or SSL_kECDHE
*/
if (s->version >= TLS1_VERSION)
{
projects / openssl.git / blobdiff