sk_danetls_record_pop_free(dane->trecs, tlsa_free);
dane->trecs = NULL;
- sk_X509_pop_free(dane->certs, X509_free);
+ OSSL_STACK_OF_X509_free(dane->certs);
dane->certs = NULL;
X509_free(dane->mcert);
sk_X509_NAME_pop_free(s->ca_names, X509_NAME_free);
sk_X509_NAME_pop_free(s->client_ca_names, X509_NAME_free);
- sk_X509_pop_free(s->verified_chain, X509_free);
+ OSSL_STACK_OF_X509_free(s->verified_chain);
if (s->method != NULL)
s->method->ssl_free(s);
(s->waitctx, ssl_async_wait_ctx_cb, s))
return -1;
}
+
+ s->rwstate = SSL_NOTHING;
switch (ASYNC_start_job(&s->job, s->waitctx, &ret, func, args,
sizeof(struct ssl_async_args))) {
case ASYNC_ERR:
int SSL_key_update(SSL *s, int updatetype)
{
- /*
- * TODO(TLS1.3): How will applications know whether TLSv1.3 has been
- * negotiated, and that it is appropriate to call SSL_key_update() instead
- * of SSL_renegotiate().
- */
if (!SSL_IS_TLS13(s)) {
ERR_raise(ERR_LIB_SSL, SSL_R_WRONG_SSL_VERSION);
return 0;
return 0;
}
+ if (RECORD_LAYER_write_pending(&s->rlayer)) {
+ ERR_raise(ERR_LIB_SSL, SSL_R_BAD_WRITE_RETRY);
+ return 0;
+ }
+
ossl_statem_set_in_init(s, 1);
s->key_update = updatetype;
return 1;
|| !SSL_IS_TLS13(s))
return 0;
s->ext.extra_tickets_expected++;
- if (s->rlayer.wbuf[0].left == 0 && !SSL_in_init(s))
+ if (!RECORD_LAYER_write_pending(&s->rlayer) && !SSL_in_init(s))
ossl_statem_set_in_init(s, 1);
return 1;
}
ssl_cert_free(a->cert);
sk_X509_NAME_pop_free(a->ca_names, X509_NAME_free);
sk_X509_NAME_pop_free(a->client_ca_names, X509_NAME_free);
- sk_X509_pop_free(a->extra_certs, X509_free);
+ OSSL_STACK_OF_X509_free(a->extra_certs);
a->comp_methods = NULL;
#ifndef OPENSSL_NO_SRTP
sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
const char *ssl_protocol_to_string(int version)
{
- switch(version)
+ switch (version)
{
case TLS1_3_VERSION:
return "TLSv1.3";
if (!ssl_security(s, SSL_SECOP_TMP_DH,
EVP_PKEY_get_security_bits(dhpkey), 0, dhpkey)) {
ERR_raise(ERR_LIB_SSL, SSL_R_DH_KEY_TOO_SMALL);
- EVP_PKEY_free(dhpkey);
return 0;
}
EVP_PKEY_free(s->cert->dh_tmp);
if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
EVP_PKEY_get_security_bits(dhpkey), 0, dhpkey)) {
ERR_raise(ERR_LIB_SSL, SSL_R_DH_KEY_TOO_SMALL);
- EVP_PKEY_free(dhpkey);
return 0;
}
EVP_PKEY_free(ctx->cert->dh_tmp);