| SSL_EXT_TLS1_2_SERVER_HELLO \
| SSL_EXT_IGNORE_ON_RESUMPTION)
+#define NAME_PREFIX1 "SERVERINFO FOR "
+#define NAME_PREFIX2 "SERVERINFOV2 FOR "
+
int SSL_use_certificate(SSL *ssl, X509 *x)
{
int rv;
ERR_raise(ERR_LIB_SSL, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
return 0;
}
-#ifndef OPENSSL_NO_EC
+
if (i == SSL_PKEY_ECC && !EVP_PKEY_can_sign(pkey)) {
ERR_raise(ERR_LIB_SSL, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
return 0;
}
-#endif
+
if (c->pkeys[i].privatekey != NULL) {
/*
* The return code from EVP_PKEY_copy_parameters is deliberately
void *passwd_callback_userdata;
SSL_CTX *real_ctx = (ssl == NULL) ? ctx : ssl->ctx;
+ if (ctx == NULL && ssl == NULL)
+ return 0;
+
ERR_clear_error(); /* clear error stack for
* SSL_CTX_use_certificate() */
long extension_length = 0;
char *name = NULL;
char *header = NULL;
- static const char namePrefix1[] = "SERVERINFO FOR ";
- static const char namePrefix2[] = "SERVERINFOV2 FOR ";
unsigned int name_len;
int ret = 0;
BIO *bin = NULL;
}
/* Check that PEM name starts with "BEGIN SERVERINFO FOR " */
name_len = strlen(name);
- if (name_len < sizeof(namePrefix1) - 1) {
+ if (name_len < sizeof(NAME_PREFIX1) - 1) {
ERR_raise(ERR_LIB_SSL, SSL_R_PEM_NAME_TOO_SHORT);
goto end;
}
- if (strncmp(name, namePrefix1, sizeof(namePrefix1) - 1) == 0) {
+ if (HAS_PREFIX(name, NAME_PREFIX1)) {
version = SSL_SERVERINFOV1;
} else {
- if (name_len < sizeof(namePrefix2) - 1) {
+ if (name_len < sizeof(NAME_PREFIX2) - 1) {
ERR_raise(ERR_LIB_SSL, SSL_R_PEM_NAME_TOO_SHORT);
goto end;
}
- if (strncmp(name, namePrefix2, sizeof(namePrefix2) - 1) != 0) {
+ if (!HAS_PREFIX(name, NAME_PREFIX2)) {
ERR_raise(ERR_LIB_SSL, SSL_R_PEM_NAME_BAD_PREFIX);
goto end;
}
}
}
- sk_X509_pop_free(c->pkeys[i].chain, X509_free);
+ OSSL_STACK_OF_X509_free(c->pkeys[i].chain);
c->pkeys[i].chain = dup_chain;
X509_free(c->pkeys[i].x509);