s->alpn_client_proto_list_len = s->ctx->alpn_client_proto_list_len;
}
+ s->verified_chain = NULL;
s->verify_result = X509_V_OK;
s->default_passwd_callback = ctx->default_passwd_callback;
{
struct dane_st *dane = &s->dane;
- if (!DANETLS_ENABLED(dane))
+ if (!DANETLS_ENABLED(dane) || s->verify_result != X509_V_OK)
return -1;
if (dane->mtlsa) {
if (mcert)
{
struct dane_st *dane = &s->dane;
- if (!DANETLS_ENABLED(dane))
+ if (!DANETLS_ENABLED(dane) || s->verify_result != X509_V_OK)
return -1;
if (dane->mtlsa) {
if (usage)
sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free);
+ sk_X509_pop_free(s->verified_chain, X509_free);
+
if (s->method != NULL)
s->method->ssl_free(s);
return -1;
}
- if((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
- struct ssl_async_args args;
+ if (!SSL_in_init(s)) {
+ if((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
+ struct ssl_async_args args;
- args.s = s;
- args.type = OTHERFUNC;
- args.f.func_other = s->method->ssl_shutdown;
+ args.s = s;
+ args.type = OTHERFUNC;
+ args.f.func_other = s->method->ssl_shutdown;
- return ssl_start_async_job(s, &args, ssl_io_intern);
+ return ssl_start_async_job(s, &args, ssl_io_intern);
+ } else {
+ return s->method->ssl_shutdown(s);
+ }
} else {
- return s->method->ssl_shutdown(s);
+ SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_SHUTDOWN_WHILE_IN_INIT);
+ return -1;
}
-
- return s->method->ssl_shutdown(s);
}
int SSL_renegotiate(SSL *s)
return (NULL);
}
+ OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
+
if (FIPS_mode() && (meth->version < TLS1_VERSION)) {
SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE);
return NULL;
return ret;
}
-int SSL_cache_hit(SSL *s)
+int SSL_session_reused(SSL *s)
{
return s->hit;
}
return s->options &= ~op;
}
+STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s)
+{
+ return s->verified_chain;
+}
+
IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);