return ssl_x509_store_ctx_idx;
}
-static void ssl_cert_set_default_md(CERT *cert)
+void ssl_cert_set_default_md(CERT *cert)
{
/* Set digest values to defaults */
#ifndef OPENSSL_NO_DSA
- cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_dss1();
+ cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1();
#endif
#ifndef OPENSSL_NO_RSA
cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
#endif
#ifndef OPENSSL_NO_ECDSA
- cert->pkeys[SSL_PKEY_ECC].digest = EVP_ecdsa();
+ cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
#endif
}
CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
}
}
+ rpk->valid_flags = 0;
if (cert->pkeys[i].authz != NULL)
{
/* Just copy everything. */
/* Peer sigalgs set to NULL as we get these from handshake too */
ret->peer_sigalgs = NULL;
ret->peer_sigalgslen = 0;
- /* Configure sigalgs however we copy across */
+ /* Configured sigalgs however we copy across */
+
if (cert->conf_sigalgs)
{
- ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen
- * sizeof(TLS_SIGALGS));
+ ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen);
if (!ret->conf_sigalgs)
goto err;
memcpy(ret->conf_sigalgs, cert->conf_sigalgs,
- cert->conf_sigalgslen * sizeof(TLS_SIGALGS));
+ cert->conf_sigalgslen);
ret->conf_sigalgslen = cert->conf_sigalgslen;
}
else
ret->conf_sigalgs = NULL;
+ if (cert->client_sigalgs)
+ {
+ ret->client_sigalgs = OPENSSL_malloc(cert->client_sigalgslen);
+ if (!ret->client_sigalgs)
+ goto err;
+ memcpy(ret->client_sigalgs, cert->client_sigalgs,
+ cert->client_sigalgslen);
+ ret->client_sigalgslen = cert->client_sigalgslen;
+ }
+ else
+ ret->client_sigalgs = NULL;
+ /* Shared sigalgs also NULL */
+ ret->shared_sigalgs = NULL;
+
+ ret->cert_flags = cert->cert_flags;
+
+ ret->cert_cb = cert->cert_cb;
+ ret->cert_cb_arg = cert->cert_cb_arg;
+
return(ret);
#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH)
if (cpk->authz != NULL)
OPENSSL_free(cpk->authz);
#endif
+ cpk->valid_flags = 0;
}
}
OPENSSL_free(c->peer_sigalgs);
if (c->conf_sigalgs)
OPENSSL_free(c->conf_sigalgs);
+ if (c->client_sigalgs)
+ OPENSSL_free(c->client_sigalgs);
+ if (c->shared_sigalgs)
+ OPENSSL_free(c->shared_sigalgs);
OPENSSL_free(c);
}
return 1;
}
+void ssl_cert_set_cert_cb(CERT *c, int (*cb)(SSL *ssl, void *arg), void *arg)
+ {
+ c->cert_cb = cb;
+ c->cert_cb_arg = arg;
+ }
+
SESS_CERT *ssl_sess_cert_new(void)
{
SESS_CERT *ret;