oops, not yet ;-)
authorDr. Stephen Henson <steve@openssl.org>
Mon, 23 Apr 2012 21:58:29 +0000 (21:58 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Mon, 23 Apr 2012 21:58:29 +0000 (21:58 +0000)
apps/s_cb.c
ssl/s3_clnt.c
ssl/s3_srvr.c
ssl/ssl.h
ssl/ssl_cert.c
ssl/ssl_err.c
ssl/ssl_lib.c
ssl/ssl_locl.h

index 0c5c39e..b21a428 100644 (file)
@@ -285,19 +285,6 @@ int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
        return 1;
        }
 
-typedef struct 
-       {
-       X509 *cert;
-       EVP_PKEY *key;
-       STACK_OF(X509) *chain;
-       struct ssl_excert_st *next;
-       } SSL_EXCERT;
-
-static int set_cert_cb(SSL *ssl, void *arg)
-       {
-       return 1;
-       }
-
 int ssl_print_sigalgs(BIO *out, SSL *s)
        {
        int i, nsig;
index 3e6a9d4..ee8aeb0 100644 (file)
@@ -3161,13 +3161,6 @@ int ssl3_send_client_certificate(SSL *s)
 
        if (s->state == SSL3_ST_CW_CERT_A)
                {
-               /* Let cert callback update client certificates if required */
-               if (s->cert->cert_cb
-                       && s->cert->cert_cb(s, s->cert->cert_cb_arg) <= 0)
-                       {
-                       ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INTERNAL_ERROR);
-                       return 0;
-                       }
                if (ssl3_check_client_certificate(s))
                        s->state=SSL3_ST_CW_CERT_C;
                else
index 68920a7..87678c1 100644 (file)
@@ -1341,14 +1341,6 @@ int ssl3_get_client_hello(SSL *s)
                        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_PASSED);
                        goto f_err;
                        }
-               /* Let cert callback update server certificates if required */
-               if (s->cert->cert_cb
-                       && s->cert->cert_cb(s, s->cert->cert_cb_arg) <= 0)
-                       {
-                       al=SSL_AD_INTERNAL_ERROR;
-                       SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CERT_CB_ERROR);
-                       goto f_err;
-                       }
                ciphers=NULL;
                c=ssl3_choose_cipher(s,s->session->ciphers,
                                     SSL_get_ciphers(s));
index 23e79ea..708dc33 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1759,7 +1759,6 @@ int       (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *);
 void   SSL_set_verify(SSL *s, int mode,
                       int (*callback)(int ok,X509_STORE_CTX *ctx));
 void   SSL_set_verify_depth(SSL *s, int depth);
-void SSL_set_cert_cb(SSL *s, int (*cb)(SSL *ssl, void *arg), void *arg);
 #ifndef OPENSSL_NO_RSA
 int    SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
 #endif
@@ -1838,7 +1837,6 @@ void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,
                        int (*callback)(int, X509_STORE_CTX *));
 void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth);
 void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg);
-void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb)(SSL *ssl, void *arg), void *arg);
 #ifndef OPENSSL_NO_RSA
 int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
 #endif
@@ -1894,7 +1892,6 @@ char *SSL_get_srp_username(SSL *s);
 char *SSL_get_srp_userinfo(SSL *s);
 #endif
 
-void   SSL_certs_clear(SSL *s);
 void   SSL_free(SSL *ssl);
 int    SSL_accept(SSL *ssl);
 int    SSL_connect(SSL *ssl);
@@ -2390,7 +2387,6 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_CA_DN_TOO_LONG                            132
 #define SSL_R_CCS_RECEIVED_EARLY                        133
 #define SSL_R_CERTIFICATE_VERIFY_FAILED                         134
-#define SSL_R_CERT_CB_ERROR                             371
 #define SSL_R_CERT_LENGTH_MISMATCH                      135
 #define SSL_R_CHALLENGE_IS_DIFFERENT                    136
 #define SSL_R_CIPHER_CODE_WRONG_LENGTH                  137
index 784300e..222f703 100644 (file)
@@ -345,9 +345,6 @@ CERT *ssl_cert_dup(CERT *cert)
        ret->sigalgs = NULL;
        ret->sigalgslen = 0;
 
-       ret->cert_cb = cert->cert_cb;
-       ret->cert_cb_arg = cert->cert_cb_arg;
-
        return(ret);
        
 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH)
@@ -366,36 +363,21 @@ err:
                EC_KEY_free(ret->ecdh_tmp);
 #endif
 
-       ssl_cert_clear_certs(ret);
+       for (i = 0; i < SSL_PKEY_NUM; i++)
+               {
+               CERT_PKEY *rpk = ret->pkeys + i;
+               if (rpk->x509 != NULL)
+                       X509_free(rpk->x509);
+               if (rpk->privatekey != NULL)
+                       EVP_PKEY_free(rpk->privatekey);
+               if (rpk->chain)
+                       sk_X509_pop_free(rpk->chain, X509_free);
+               }
+
 
        return NULL;
        }
 
-/* Free up and clear all certificates and chains */
-
-void ssl_cert_clear_certs(CERT *c)
-       {
-       int i;
-       for (i = 0; i<SSL_PKEY_NUM; i++)
-               {
-               CERT_PKEY *cpk = c->pkeys + i;
-               if (cpk->x509)
-                       {
-                       X509_free(cpk->x509);
-                       cpk->x509 = NULL;
-                       }
-               if (cpk->privatekey)
-                       {
-                       EVP_PKEY_free(cpk->privatekey);
-                       cpk->privatekey = NULL;
-                       }
-               if (cpk->chain)
-                       {
-                       sk_X509_pop_free(cpk->chain, X509_free);
-                       cpk->chain = NULL;
-                       }
-               }
-       }
 
 void ssl_cert_free(CERT *c)
        {
@@ -427,8 +409,20 @@ void ssl_cert_free(CERT *c)
        if (c->ecdh_tmp) EC_KEY_free(c->ecdh_tmp);
 #endif
 
-       ssl_cert_clear_certs(c);
-
+       for (i=0; i<SSL_PKEY_NUM; i++)
+               {
+               CERT_PKEY *cpk = c->pkeys + i;
+               if (cpk->x509 != NULL)
+                       X509_free(cpk->x509);
+               if (cpk->privatekey != NULL)
+                       EVP_PKEY_free(cpk->privatekey);
+               if (cpk->chain)
+                       sk_X509_pop_free(cpk->chain, X509_free);
+#if 0
+               if (c->pkeys[i].publickey != NULL)
+                       EVP_PKEY_free(c->pkeys[i].publickey);
+#endif
+               }
        if (c->sigalgs)
                OPENSSL_free(c->sigalgs);
        OPENSSL_free(c);
@@ -516,12 +510,6 @@ int ssl_cert_add1_chain_cert(CERT *c, X509 *x)
        return 1;
        }
 
-void ssl_cert_set_cert_cb(CERT *c, int (*cb)(SSL *ssl, void *arg), void *arg)
-       {
-       c->cert_cb = cb;
-       c->cert_cb_arg = arg;
-       }
-
 SESS_CERT *ssl_sess_cert_new(void)
        {
        SESS_CERT *ret;
index 7bde072..eec42fa 100644 (file)
@@ -345,7 +345,6 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_CA_DN_TOO_LONG)        ,"ca dn too long"},
 {ERR_REASON(SSL_R_CCS_RECEIVED_EARLY)    ,"ccs received early"},
 {ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED),"certificate verify failed"},
-{ERR_REASON(SSL_R_CERT_CB_ERROR)         ,"cert cb error"},
 {ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH)  ,"cert length mismatch"},
 {ERR_REASON(SSL_R_CHALLENGE_IS_DIFFERENT),"challenge is different"},
 {ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH),"cipher code wrong length"},
index 12a0448..679894c 100644 (file)
@@ -526,12 +526,6 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
        return X509_VERIFY_PARAM_set1(ssl->param, vpm);
        }
 
-void SSL_certs_clear(SSL *s)
-       {
-       if (s->cert)
-               ssl_cert_clear_certs(s->cert);
-       }
-
 void SSL_free(SSL *s)
        {
        int i;
@@ -2043,16 +2037,6 @@ void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth)
        X509_VERIFY_PARAM_set_depth(ctx->param, depth);
        }
 
-void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb)(SSL *ssl, void *arg), void *arg)
-       {
-       ssl_cert_set_cert_cb(c->cert, cb, arg);
-       }
-
-void SSL_set_cert_cb(SSL *s, int (*cb)(SSL *ssl, void *arg), void *arg)
-       {
-       ssl_cert_set_cert_cb(s->cert, cb, arg);
-       }
-
 void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
        {
        CERT_PKEY *cpk;
index cc15a5d..c340ac3 100644 (file)
@@ -512,15 +512,6 @@ typedef struct cert_st
        TLS_SIGALGS *sigalgs;
        /* Size of above array */
        size_t sigalgslen;
-       /* Certificate setup callback: if set is called whenever a
-        * certificate may be required (client or server). the callback
-        * can then examine any appropriate parameters and setup any
-        * certificates required. This allows advanced applications
-        * to select certificates on the fly: for example based on
-        * supported signature algorithms or curves.
-        */
-       int (*cert_cb)(SSL *ssl, void *arg);
-       void *cert_cb_arg;
 
        int references; /* >1 only if SSL_copy_session_id is used */
        } CERT;
@@ -831,7 +822,6 @@ int ssl_clear_bad_session(SSL *s);
 CERT *ssl_cert_new(void);
 CERT *ssl_cert_dup(CERT *cert);
 int ssl_cert_inst(CERT **o);
-void ssl_cert_clear_certs(CERT *c);
 void ssl_cert_free(CERT *c);
 SESS_CERT *ssl_sess_cert_new(void);
 void ssl_sess_cert_free(SESS_CERT *sc);
@@ -859,7 +849,6 @@ int ssl_cert_set0_chain(CERT *c, STACK_OF(X509) *chain);
 int ssl_cert_set1_chain(CERT *c, STACK_OF(X509) *chain);
 int ssl_cert_add0_chain_cert(CERT *c, X509 *x);
 int ssl_cert_add1_chain_cert(CERT *c, X509 *x);
-void ssl_cert_set_cert_cb(CERT *c, int (*cb)(SSL *ssl, void *arg), void *arg);
 
 int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk);
 int ssl_add_cert_chain(SSL *s, CERT_PKEY *cpk, unsigned long *l);