X509 *ca;
int r;
unsigned long err;
-
- if (ctx->extra_certs != NULL)
- {
- sk_X509_pop_free(ctx->extra_certs, X509_free);
- ctx->extra_certs = NULL;
- }
+ SSL_CTX_clear_chain_certs(ctx);
+
while ((ca = PEM_read_bio_X509(in, NULL,
ctx->default_passwd_callback,
ctx->default_passwd_callback_userdata))
!= NULL)
{
- r = SSL_CTX_add_extra_chain_cert(ctx, ca);
+ r = SSL_CTX_add0_chain_cert(ctx, ca);
if (!r)
{
X509_free(ca);
/* There must be at least one extension in this file */
if (num_extensions == 0)
{
- SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PEM_LIB);
+ SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_NO_PEM_EXTENSIONS);
goto end;
}
else /* End of file, we're done */
/* Check that PEM name starts with "BEGIN SERVERINFO FOR " */
if (strlen(name) < strlen(namePrefix))
{
- SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PEM_LIB);
+ SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_PEM_NAME_TOO_SHORT);
goto end;
}
if (strncmp(name, namePrefix, strlen(namePrefix)) != 0)
{
- SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PEM_LIB);
+ SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_PEM_NAME_BAD_PREFIX);
goto end;
}
/* Check that the decoded PEM data is plausible (valid length field) */
if (extension_length < 4 || (extension[2] << 8) + extension[3] != extension_length - 4)
{
- SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PEM_LIB);
+ SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_BAD_DATA);
goto end;
}
/* Append the decoded extension to the serverinfo buffer */