X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fssl_cert.c;h=47c8b8659f4c666d5cbc0b922f0a9bf4d62ddec6;hp=81b5811fd7fd2b485519e699af6e0a5f0875f729;hb=daddd9a950e491c31f9500d5e570bc7eb96b2823;hpb=5382adbf2c8ad6ab68ac13ea00298853bf5a0e68 diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 81b5811fd7..47c8b8659f 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -330,23 +330,6 @@ CERT *ssl_cert_dup(CERT *cert) } rpk->valid_flags = 0; #ifndef OPENSSL_NO_TLSEXT - if (cert->pkeys[i].authz != NULL) - { - /* Just copy everything. */ - ret->pkeys[i].authz_length = - cert->pkeys[i].authz_length; - ret->pkeys[i].authz = - OPENSSL_malloc(ret->pkeys[i].authz_length); - if (ret->pkeys[i].authz == NULL) - { - SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE); - return NULL; - } - memcpy(ret->pkeys[i].authz, - cert->pkeys[i].authz, - cert->pkeys[i].authz_length); - } - if (cert->pkeys[i].serverinfo != NULL) { /* Just copy everything. */ @@ -479,11 +462,6 @@ void ssl_cert_clear_certs(CERT *c) cpk->chain = NULL; } #ifndef OPENSSL_NO_TLSEXT - if (cpk->authz) - { - OPENSSL_free(cpk->authz); - cpk->authz = NULL; - } if (cpk->serverinfo) { OPENSSL_free(cpk->serverinfo); @@ -621,6 +599,57 @@ int ssl_cert_add1_chain_cert(CERT *c, X509 *x) return 1; } +int ssl_cert_select_current(CERT *c, X509 *x) + { + int i; + if (x == NULL) + return 0; + for (i = 0; i < SSL_PKEY_NUM; i++) + { + if (c->pkeys[i].x509 == x) + { + c->key = &c->pkeys[i]; + return 1; + } + } + + for (i = 0; i < SSL_PKEY_NUM; i++) + { + if (c->pkeys[i].x509 && !X509_cmp(c->pkeys[i].x509, x)) + { + c->key = &c->pkeys[i]; + return 1; + } + } + return 0; + } + +int ssl_cert_set_current(CERT *c, long op) + { + int i, idx; + if (!c) + return 0; + if (op == SSL_CERT_SET_FIRST) + idx = 0; + else if (op == SSL_CERT_SET_NEXT) + { + idx = (int)(c->key - c->pkeys + 1); + if (idx >= SSL_PKEY_NUM) + return 0; + } + else + return 0; + for (i = idx; i < SSL_PKEY_NUM; i++) + { + if (c->pkeys[i].x509) + { + c->key = &c->pkeys[i]; + return 1; + } + } + return 0; + } + void ssl_cert_set_cert_cb(CERT *c, int (*cb)(SSL *ssl, void *arg), void *arg) { c->cert_cb = cb;