/*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
cpk->x509 = NULL;
EVP_PKEY_free(cpk->privatekey);
cpk->privatekey = NULL;
- sk_X509_pop_free(cpk->chain, X509_free);
+ OSSL_STACK_OF_X509_free(cpk->chain);
cpk->chain = NULL;
OPENSSL_free(cpk->serverinfo);
cpk->serverinfo = NULL;
return 0;
}
}
- sk_X509_pop_free(cpk->chain, X509_free);
+ OSSL_STACK_OF_X509_free(cpk->chain);
cpk->chain = chain;
return 1;
}
if (!dchain)
return 0;
if (!ssl_cert_set0_chain(s, ctx, dchain)) {
- sk_X509_pop_free(dchain, X509_free);
+ OSSL_STACK_OF_X509_free(dchain);
return 0;
}
return 1;
}
s->verify_result = X509_STORE_CTX_get_error(ctx);
- sk_X509_pop_free(s->verified_chain, X509_free);
+ OSSL_STACK_OF_X509_free(s->verified_chain);
s->verified_chain = NULL;
if (X509_STORE_CTX_get0_chain(ctx) != NULL) {
s->verified_chain = X509_STORE_CTX_get1_chain(ctx);
rv = ssl_security_cert(s, ctx, x, 0, 0);
if (rv != 1) {
ERR_raise(ERR_LIB_SSL, rv);
- sk_X509_pop_free(chain, X509_free);
+ OSSL_STACK_OF_X509_free(chain);
rv = 0;
goto err;
}
}
- sk_X509_pop_free(cpk->chain, X509_free);
+ OSSL_STACK_OF_X509_free(cpk->chain);
cpk->chain = chain;
if (rv == 0)
rv = 1;
return 1;
}
+int ssl_cert_get_cert_store(CERT *c, X509_STORE **pstore, int chain)
+{
+ *pstore = (chain ? c->chain_store : c->verify_store);
+ return 1;
+}
+
int ssl_get_security_level_bits(const SSL *s, const SSL_CTX *ctx, int *levelp)
{
int level;
int op, int bits, int nid, void *other,
void *ex)
{
- int level, minbits;
+ int level, minbits, pfs_mask;
minbits = ssl_get_security_level_bits(s, ctx, &level);
if (minbits > 160 && c->algorithm_mac & SSL_SHA1)
return 0;
/* Level 3: forward secure ciphersuites only */
+ pfs_mask = SSL_kDHE | SSL_kECDHE | SSL_kDHEPSK | SSL_kECDHEPSK;
if (level >= 3 && c->min_tls != TLS1_3_VERSION &&
- !(c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH)))
+ !(c->algorithm_mkey & pfs_mask))
return 0;
break;
}