*/
-#include <assert.h>
+#ifdef REF_CHECK
+# include <assert.h>
+#endif
#include <stdio.h>
#include <openssl/objects.h>
#include <openssl/lhash.h>
#include <openssl/x509v3.h>
#include "ssl_locl.h"
+#include "kssl_lcl.h"
const char *SSL_version_str=OPENSSL_VERSION_TEXT;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_meth=NULL;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_ctx_meth=NULL;
-static int ssl_meth_num=0;
-static int ssl_ctx_meth_num=0;
-
OPENSSL_GLOBAL SSL3_ENC_METHOD ssl3_undef_enc_method={
/* evil casts, but these functions are only called if there's a library bug */
(int (*)(SSL *,int))ssl_undefined_function,
#else
if (s->new_session)
{
- SSLerr(SSL_F_SSL_CLEAR,SSL_R_INTERNAL_ERROR);
+ SSLerr(SSL_F_SSL_CLEAR,ERR_R_INTERNAL_ERROR);
return 0;
}
#endif
s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1;
s->options=ctx->options;
s->mode=ctx->mode;
+ s->max_cert_list=ctx->max_cert_list;
s->read_ahead=ctx->read_ahead; /* used to happen in SSL_clear */
SSL_clear(s);
- CRYPTO_new_ex_data(ssl_meth,s,&s->ex_data);
+ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
return(s);
err:
int SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
{
- if(X509_PURPOSE_get_by_id(purpose) == -1) {
- SSLerr(SSL_F_SSL_CTX_SET_PURPOSE, SSL_R_INVALID_PURPOSE);
- return 0;
- }
- s->purpose = purpose;
- return 1;
+ return X509_PURPOSE_set(&s->purpose, purpose);
}
int SSL_set_purpose(SSL *s, int purpose)
{
- if(X509_PURPOSE_get_by_id(purpose) == -1) {
- SSLerr(SSL_F_SSL_SET_PURPOSE, SSL_R_INVALID_PURPOSE);
- return 0;
- }
- s->purpose = purpose;
- return 1;
+ return X509_PURPOSE_set(&s->purpose, purpose);
}
-
+
int SSL_CTX_set_trust(SSL_CTX *s, int trust)
{
- if(X509_TRUST_get_by_id(trust) == -1) {
- SSLerr(SSL_F_SSL_CTX_SET_TRUST, SSL_R_INVALID_TRUST);
- return 0;
- }
- s->trust = trust;
- return 1;
+ return X509_TRUST_set(&s->trust, trust);
}
int SSL_set_trust(SSL *s, int trust)
{
- if(X509_TRUST_get_by_id(trust) == -1) {
- SSLerr(SSL_F_SSL_SET_TRUST, SSL_R_INVALID_TRUST);
- return 0;
- }
- s->trust = trust;
- return 1;
+ return X509_TRUST_set(&s->trust, trust);
}
void SSL_free(SSL *s)
}
#endif
- CRYPTO_free_ex_data(ssl_meth,(char *)s,&s->ex_data);
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
if (s->bbio != NULL)
{
{ return(s->wbio); }
int SSL_get_fd(SSL *s)
+ {
+ return(SSL_get_rfd(s));
+ }
+
+int SSL_get_rfd(SSL *s)
{
int ret= -1;
BIO *b,*r;
return(ret);
}
+int SSL_get_wfd(SSL *s)
+ {
+ int ret= -1;
+ BIO *b,*r;
+
+ b=SSL_get_wbio(s);
+ r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR);
+ if (r != NULL)
+ BIO_get_fd(r,&ret);
+ return(ret);
+ }
+
#ifndef OPENSSL_NO_SOCK
int SSL_set_fd(SSL *s,int fd)
{
return(s->method->get_timeout());
}
-int SSL_read(SSL *s,char *buf,int num)
+int SSL_read(SSL *s,void *buf,int num)
{
if (s->handshake_func == 0)
{
return(s->method->ssl_read(s,buf,num));
}
-int SSL_peek(SSL *s,char *buf,int num)
+int SSL_peek(SSL *s,void *buf,int num)
{
+ if (s->handshake_func == 0)
+ {
+ SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED);
+ return -1;
+ }
+
if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
{
return(0);
return(s->method->ssl_peek(s,buf,num));
}
-int SSL_write(SSL *s,const char *buf,int num)
+int SSL_write(SSL *s,const void *buf,int num)
{
if (s->handshake_func == 0)
{
return(s->options|=larg);
case SSL_CTRL_MODE:
return(s->mode|=larg);
+ case SSL_CTRL_GET_MAX_CERT_LIST:
+ return(s->max_cert_list);
+ case SSL_CTRL_SET_MAX_CERT_LIST:
+ l=s->max_cert_list;
+ s->max_cert_list=larg;
+ return(l);
default:
return(s->method->ssl_ctrl(s,cmd,larg,parg));
}
l=ctx->read_ahead;
ctx->read_ahead=larg;
return(l);
+ case SSL_CTRL_GET_MAX_CERT_LIST:
+ return(ctx->max_cert_list);
+ case SSL_CTRL_SET_MAX_CERT_LIST:
+ l=ctx->max_cert_list;
+ ctx->max_cert_list=larg;
+ return(l);
case SSL_CTRL_SET_SESS_CACHE_SIZE:
l=ctx->session_cache_size;
int i,j=0;
SSL_CIPHER *c;
unsigned char *q;
+#ifndef OPENSSL_NO_KRB5
+ int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx);
+#endif /* OPENSSL_NO_KRB5 */
if (sk == NULL) return(0);
q=p;
for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
{
c=sk_SSL_CIPHER_value(sk,i);
+#ifndef OPENSSL_NO_KRB5
+ if ((c->algorithms & SSL_KRB5) && nokrb5)
+ continue;
+#endif /* OPENSSL_NO_KRB5 */
j=ssl_put_cipher_by_char(s,c,p);
p+=j;
}
ret->app_verify_callback=NULL;
ret->app_verify_arg=NULL;
+ ret->max_cert_list=SSL_MAX_CERT_LIST_DEFAULT;
ret->read_ahead=0;
ret->verify_mode=SSL_VERIFY_NONE;
ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */
if ((ret->client_CA=sk_X509_NAME_new_null()) == NULL)
goto err;
- CRYPTO_new_ex_data(ssl_ctx_meth,(char *)ret,&ret->ex_data);
+ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
ret->extra_certs=NULL;
ret->comp_methods=SSL_COMP_get_compression_methods();
abort(); /* ok */
}
#endif
- CRYPTO_free_ex_data(ssl_ctx_meth,(char *)a,&a->ex_data);
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
if (a->sessions != NULL)
{
{
ctx->verify_mode=mode;
ctx->default_verify_callback=cb;
- /* This needs cleaning up EAY EAY EAY */
- X509_STORE_set_verify_cb_func(ctx->cert_store,cb);
}
void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth)
}
else /* if (kalg & SSL_aNULL) */
{
- SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,SSL_R_INTERNAL_ERROR);
+ SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,ERR_R_INTERNAL_ERROR);
return(NULL);
}
if (c->pkeys[i].x509 == NULL) return(NULL);
}
else /* if (alg & SSL_aNULL) */
{
- SSLerr(SSL_F_SSL_GET_SIGN_PKEY,SSL_R_INTERNAL_ERROR);
+ SSLerr(SSL_F_SSL_GET_SIGN_PKEY,ERR_R_INTERNAL_ERROR);
return(NULL);
}
}
s->sid_ctx, s->sid_ctx_length);
}
+ SSL_set_max_cert_list(ret,SSL_get_max_cert_list(s));
SSL_set_read_ahead(ret,SSL_get_read_ahead(s));
SSL_set_verify(ret,SSL_get_verify_mode(s),
SSL_get_verify_callback(s));
ret->options=s->options;
/* copy app data, a little dangerous perhaps */
- if (!CRYPTO_dup_ex_data(ssl_meth,&ret->ex_data,&s->ex_data))
+ if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data))
goto err;
/* setup rbio, and wbio */
int SSL_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func,
CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func)
{
- ssl_meth_num++;
- return(CRYPTO_get_ex_new_index(ssl_meth_num-1,
- &ssl_meth,argl,argp,new_func,dup_func,free_func));
+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp,
+ new_func, dup_func, free_func);
}
int SSL_set_ex_data(SSL *s,int idx,void *arg)
int SSL_CTX_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func,
CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func)
{
- ssl_ctx_meth_num++;
- return(CRYPTO_get_ex_new_index(ssl_ctx_meth_num-1,
- &ssl_ctx_meth,argl,argp,new_func,dup_func,free_func));
+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp,
+ new_func, dup_func, free_func);
}
int SSL_CTX_set_ex_data(SSL_CTX *s,int idx,void *arg)