SSL_SRP_CTX_free(s);
#endif
#ifndef OPENSSL_NO_TLSEXT
- if (s->s3->tlsext_authz_client_types != NULL)
- OPENSSL_free(s->s3->tlsext_authz_client_types);
if (s->s3->tlsext_custom_types != NULL)
OPENSSL_free(s->s3->tlsext_custom_types);
#endif
}
#endif
#ifndef OPENSSL_NO_TLSEXT
- if (s->s3->tlsext_authz_client_types != NULL)
- {
- OPENSSL_free(s->s3->tlsext_authz_client_types);
- s->s3->tlsext_authz_client_types = NULL;
- }
if (s->s3->tlsext_custom_types != NULL)
{
OPENSSL_free(s->s3->tlsext_custom_types);
s->s3->tlsext_custom_types = NULL;
}
s->s3->tlsext_custom_types_count = 0;
-#endif
+#ifndef OPENSSL_NO_EC
+ s->s3->is_probably_safari = 0;
+#endif /* !OPENSSL_NO_EC */
+#endif /* !OPENSSL_NO_TLSEXT */
rp = s->s3->rbuf.buf;
wp = s->s3->wbuf.buf;
else
return ssl_cert_add0_chain_cert(s->cert, (X509 *)parg);
+#ifndef OPENSSL_NO_EC
case SSL_CTRL_GET_CURVES:
{
unsigned char *clist;
case SSL_CTRL_SET_ECDH_AUTO:
s->cert->ecdh_tmp_auto = larg;
return 1;
-
+#endif
case SSL_CTRL_SET_SIGALGS:
return tls1_set_sigalgs(s->cert, parg, larg, 0);
EVP_PKEY *ptmp;
int rv = 0;
sc = s->session->sess_cert;
+#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC)
if (!sc->peer_rsa_tmp && !sc->peer_dh_tmp
&& !sc->peer_ecdh_tmp)
return 0;
+#endif
ptmp = EVP_PKEY_new();
if (!ptmp)
return 0;
EVP_PKEY_free(ptmp);
return 0;
}
-
+#ifndef OPENSSL_NO_EC
case SSL_CTRL_GET_EC_POINT_FORMATS:
{
SSL_SESSION *sess = s->session;
*pformat = sess->tlsext_ecpointformatlist;
return (int)sess->tlsext_ecpointformatlist_length;
}
-
+#endif
default:
break;
}
break;
#endif
+#ifndef OPENSSL_NO_EC
case SSL_CTRL_SET_CURVES:
return tls1_set_curves(&ctx->tlsext_ellipticcurvelist,
&ctx->tlsext_ellipticcurvelist_length,
case SSL_CTRL_SET_ECDH_AUTO:
ctx->cert->ecdh_tmp_auto = larg;
return 1;
-
+#endif
case SSL_CTRL_SET_SIGALGS:
return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
case SSL_CTRL_SET_CHAIN_CERT_STORE:
return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
- case SSL_CTRL_SET_TLSEXT_AUTHZ_SERVER_AUDIT_PROOF_CB_ARG:
- ctx->tlsext_authz_server_audit_proof_cb_arg = parg;
- break;
-
#endif /* !OPENSSL_NO_TLSEXT */
/* A Thawte special :-) */
ctx->srp_ctx.SRP_give_srp_client_pwd_callback=(char *(*)(SSL *,void *))fp;
break;
#endif
-
- case SSL_CTRL_SET_TLSEXT_AUTHZ_SERVER_AUDIT_PROOF_CB:
- ctx->tlsext_authz_server_audit_proof_cb =
- (int (*)(SSL *, void *))fp;
- break;
-
#endif
case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
{
ii=sk_SSL_CIPHER_find(allow,c);
if (ii >= 0)
{
+#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT)
+ if ((alg_k & SSL_kEECDH) && (alg_a & SSL_aECDSA) && s->s3->is_probably_safari)
+ {
+ if (!ret) ret=sk_SSL_CIPHER_value(allow,ii);
+ continue;
+ }
+#endif
ret=sk_SSL_CIPHER_value(allow,ii);
break;
}
int ret=0;
const unsigned char *sig;
size_t i, siglen;
- int have_rsa_sign = 0, have_dsa_sign = 0, have_ecdsa_sign = 0;
+ int have_rsa_sign = 0, have_dsa_sign = 0;
+#ifndef OPENSSL_NO_ECDSA
+ int have_ecdsa_sign = 0;
+#endif
int nostrict = 1;
unsigned long alg_k;
case TLSEXT_signature_dsa:
have_dsa_sign = 1;
break;
-
+#ifndef OPENSSL_NO_ECDSA
case TLSEXT_signature_ecdsa:
have_ecdsa_sign = 1;
break;
+#endif
}
}