X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fssl_cert.c;h=47c8b8659f4c666d5cbc0b922f0a9bf4d62ddec6;hp=f86511d81c39347b45aa8b9a84882eb9b8370cd9;hb=0f78819c8ccb7c526edbe90d5b619281366ce75c;hpb=a398f821fa98b9923a426cf45b268cf4d56c89bd

diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index f86511d81c..47c8b8659f 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -330,35 +330,18 @@ CERT *ssl_cert_dup(CERT *cert)
 			}
 		rpk->valid_flags = 0;
 #ifndef OPENSSL_NO_TLSEXT
-     if (cert->pkeys[i].authz != NULL)
-			{
-			/* Just copy everything. */
-			ret->pkeys[i].authz_length =
-				cert->pkeys[i].authz_length;
-			ret->pkeys[i].authz =
-				OPENSSL_malloc(ret->pkeys[i].authz_length);
-			if (ret->pkeys[i].authz == NULL)
-				{
-				SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
-				return NULL;
-				}
-			memcpy(ret->pkeys[i].authz,
-			       cert->pkeys[i].authz,
-			       cert->pkeys[i].authz_length);
-			}
-
 		if (cert->pkeys[i].serverinfo != NULL)
 			{
 			/* Just copy everything. */
-			ret->pkeys[i].serverinfo_length =
-				cert->pkeys[i].serverinfo_length;
 			ret->pkeys[i].serverinfo =
-				OPENSSL_malloc(ret->pkeys[i].serverinfo_length);
+				OPENSSL_malloc(cert->pkeys[i].serverinfo_length);
 			if (ret->pkeys[i].serverinfo == NULL)
 				{
 				SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
 				return NULL;
 				}
+			ret->pkeys[i].serverinfo_length =
+				cert->pkeys[i].serverinfo_length;
 			memcpy(ret->pkeys[i].serverinfo,
 			       cert->pkeys[i].serverinfo,
 			       cert->pkeys[i].serverinfo_length);
@@ -479,15 +462,11 @@ void ssl_cert_clear_certs(CERT *c)
 			cpk->chain = NULL;
 			}
 #ifndef OPENSSL_NO_TLSEXT
-		if (cpk->authz)
-			{
-			OPENSSL_free(cpk->authz);
-			cpk->authz = NULL;
-			}
 		if (cpk->serverinfo)
 			{
 			OPENSSL_free(cpk->serverinfo);
 			cpk->serverinfo = NULL;
+			cpk->serverinfo_length = 0;
 			}
 #endif
 		/* Clear all flags apart from explicit sign */
@@ -620,6 +599,57 @@ int ssl_cert_add1_chain_cert(CERT *c, X509 *x)
 	return 1;
 	}
 
+int ssl_cert_select_current(CERT *c, X509 *x)
+	{
+	int i;
+	if (x == NULL)
+		return 0;
+	for (i = 0; i < SSL_PKEY_NUM; i++)
+		{
+		if (c->pkeys[i].x509 == x)
+			{
+			c->key = &c->pkeys[i];
+			return 1;
+			}
+		}
+
+	for (i = 0; i < SSL_PKEY_NUM; i++)
+		{
+		if (c->pkeys[i].x509 && !X509_cmp(c->pkeys[i].x509, x))
+			{
+			c->key = &c->pkeys[i];
+			return 1;
+			}
+		}
+	return 0;
+	}
+
+int ssl_cert_set_current(CERT *c, long op)
+	{
+	int i, idx;
+	if (!c)
+		return 0;
+	if (op == SSL_CERT_SET_FIRST)
+		idx = 0;
+	else if (op == SSL_CERT_SET_NEXT)
+		{
+		idx = (int)(c->key - c->pkeys + 1);
+		if (idx >= SSL_PKEY_NUM)
+			return 0;
+		}
+	else
+		return 0;
+	for (i = idx; i < SSL_PKEY_NUM; i++)
+		{
+		if (c->pkeys[i].x509)
+			{
+			c->key = &c->pkeys[i];
+			return 1;
+			}
+		}
+	return 0;
+	}
+
 void ssl_cert_set_cert_cb(CERT *c, int (*cb)(SSL *ssl, void *arg), void *arg)
 	{
 	c->cert_cb = cb;