return X509_VERIFY_PARAM_set1(ssl->param, vpm);
}
+X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx)
+ {
+ return ctx->param;
+ }
+
+X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl)
+ {
+ return ssl->param;
+ }
+
void SSL_certs_clear(SSL *s)
{
ssl_cert_clear_certs(s->cert);
return -1;
}
-# ifndef OPENSSL_NO_NEXTPROTONEG
/* SSL_select_next_proto implements the standard protocol selection. It is
* expected that this function is called from the callback set by
* SSL_CTX_set_next_proto_select_cb.
return status;
}
+# ifndef OPENSSL_NO_NEXTPROTONEG
/* SSL_get0_next_proto_negotiated sets *data and *len to point to the client's
* requested protocol for this connection and returns 0. If the client didn't
* request any protocol, then *data is set to NULL.
else
*len = ssl->s3->alpn_selected_len;
}
+
+int SSL_CTX_set_cli_supp_data(SSL_CTX *ctx,
+ unsigned short supp_data_type,
+ cli_supp_data_first_cb_fn fn1,
+ cli_supp_data_second_cb_fn fn2, void* arg)
+ {
+ size_t i;
+ cli_supp_data_record* record;
+
+ /* Check for duplicates */
+ for (i=0; i < ctx->cli_supp_data_records_count; i++)
+ if (supp_data_type == ctx->cli_supp_data_records[i].supp_data_type)
+ return 0;
+
+ ctx->cli_supp_data_records = OPENSSL_realloc(ctx->cli_supp_data_records,
+ (ctx->cli_supp_data_records_count+1) * sizeof(cli_supp_data_record));
+ if (!ctx->cli_supp_data_records)
+ {
+ ctx->cli_supp_data_records_count = 0;
+ return 0;
+ }
+ ctx->cli_supp_data_records_count++;
+ record = &ctx->cli_supp_data_records[ctx->cli_supp_data_records_count - 1];
+ record->supp_data_type = supp_data_type;
+ record->fn1 = fn1;
+ record->fn2 = fn2;
+ record->arg = arg;
+ return 1;
+ }
+
+int SSL_CTX_set_srv_supp_data(SSL_CTX *ctx,
+ unsigned short supp_data_type,
+ srv_supp_data_first_cb_fn fn1,
+ srv_supp_data_second_cb_fn fn2, void* arg)
+ {
+ size_t i;
+ srv_supp_data_record* record;
+
+ /* Check for duplicates */
+ for (i=0; i < ctx->srv_supp_data_records_count; i++)
+ if (supp_data_type == ctx->srv_supp_data_records[i].supp_data_type)
+ return 0;
+
+ ctx->srv_supp_data_records = OPENSSL_realloc(ctx->srv_supp_data_records,
+ (ctx->srv_supp_data_records_count+1) * sizeof(srv_supp_data_record));
+ if (!ctx->srv_supp_data_records)
+ {
+ ctx->srv_supp_data_records_count = 0;
+ return 0;
+ }
+ ctx->srv_supp_data_records_count++;
+ record = &ctx->srv_supp_data_records[ctx->srv_supp_data_records_count - 1];
+ record->supp_data_type = supp_data_type;
+ record->fn1 = fn1;
+ record->fn2 = fn2;
+ record->arg = arg;
+
+ return 1;
+ }
+
#endif /* !OPENSSL_NO_TLSEXT */
int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
ret->custom_cli_ext_records_count = 0;
ret->custom_srv_ext_records = NULL;
ret->custom_srv_ext_records_count = 0;
+ ret->cli_supp_data_records = NULL;
+ ret->cli_supp_data_records_count = 0;
+ ret->srv_supp_data_records = NULL;
+ ret->srv_supp_data_records_count = 0;
#ifndef OPENSSL_NO_BUF_FREELISTS
ret->freelist_max_len = SSL_MAX_BUF_FREELIST_LEN_DEFAULT;
ret->rbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
#ifndef OPENSSL_NO_TLSEXT
OPENSSL_free(a->custom_cli_ext_records);
OPENSSL_free(a->custom_srv_ext_records);
+ OPENSSL_free(a->cli_supp_data_records);
+ OPENSSL_free(a->srv_supp_data_records);
#endif
#ifndef OPENSSL_NO_ENGINE
if (a->client_cert_engine)
emask_k|=SSL_kRSA;
#if 0
- /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */
+ /* The match needs to be both kDHE and aRSA or aDSA, so don't worry */
if ( (dh_tmp || dh_rsa || dh_dsa) &&
(rsa_enc || rsa_sign || dsa_sign))
- mask_k|=SSL_kEDH;
+ mask_k|=SSL_kDHE;
if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) &&
(rsa_enc || rsa_sign || dsa_sign))
- emask_k|=SSL_kEDH;
+ emask_k|=SSL_kDHE;
#endif
if (dh_tmp_export)
- emask_k|=SSL_kEDH;
+ emask_k|=SSL_kDHE;
if (dh_tmp)
- mask_k|=SSL_kEDH;
+ mask_k|=SSL_kDHE;
if (dh_rsa) mask_k|=SSL_kDHr;
if (dh_rsa_export) emask_k|=SSL_kDHr;
#ifndef OPENSSL_NO_ECDH
if (have_ecdh_tmp)
{
- mask_k|=SSL_kEECDH;
- emask_k|=SSL_kEECDH;
+ mask_k|=SSL_kECDHE;
+ emask_k|=SSL_kECDHE;
}
#endif
int i;
c = s->cert;
+ if (!s->s3 || !s->s3->tmp.new_cipher)
+ return NULL;
ssl_set_cert_masks(c, s->s3->tmp.new_cipher);
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
}
#ifndef OPENSSL_NO_TLSEXT
-unsigned char *ssl_get_authz_data(SSL *s, size_t *authz_length)
- {
- CERT *c;
- int i;
-
- c = s->cert;
- i = ssl_get_server_cert_index(s);
-
- if (i == -1)
- return NULL;
-
- *authz_length = 0;
- if (c->pkeys[i].authz == NULL)
- return(NULL);
- *authz_length = c->pkeys[i].authz_length;
-
- return c->pkeys[i].authz;
- }
-
int ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverinfo,
size_t *serverinfo_length)
{
}
}
+const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx)
+ {
+ return ctx->method;
+ }
+
const SSL_METHOD *SSL_get_ssl_method(SSL *s)
{
return(s->method);
#endif
}
-/* Fix this function so that it takes an optional type parameter */
X509 *SSL_get_certificate(const SSL *s)
{
if (s->cert != NULL)
return(NULL);
}
-/* Fix this function so that it takes an optional type parameter */
-EVP_PKEY *SSL_get_privatekey(SSL *s)
+EVP_PKEY *SSL_get_privatekey(const SSL *s)
{
if (s->cert != NULL)
return(s->cert->key->privatekey);
return(NULL);
}
+X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx)
+ {
+ if (ctx->cert != NULL)
+ return ctx->cert->key->x509;
+ else
+ return NULL;
+ }
+
+EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx)
+ {
+ if (ctx->cert != NULL)
+ return ctx->cert->key->privatekey;
+ else
+ return NULL ;
+ }
+
const SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
{
if ((s->session != NULL) && (s->session->cipher != NULL))