sk_SSL_CIPHER_free(s->cipher_list);
sk_SSL_CIPHER_free(s->cipher_list_by_id);
sk_SSL_CIPHER_free(s->tls13_ciphersuites);
+ sk_SSL_CIPHER_free(s->peer_ciphers);
/* Make the next call work :-) */
if (s->session != NULL) {
STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s)
{
- if ((s == NULL) || (s->session == NULL) || !s->server)
+ if ((s == NULL) || !s->server)
return NULL;
- return s->session->ciphers;
+ return s->peer_ciphers;
}
STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s)
int i;
if (!s->server
- || s->session == NULL
- || s->session->ciphers == NULL
+ || s->peer_ciphers == NULL
|| size < 2)
return NULL;
p = buf;
- clntsk = s->session->ciphers;
+ clntsk = s->peer_ciphers;
srvrsk = SSL_get_ciphers(s);
if (clntsk == NULL || srvrsk == NULL)
return NULL;
const SSL_CIPHER *cipher;
unsigned long cipher_id; /* when ASN.1 loaded, this needs to be used to
* load the 'cipher' structure */
- STACK_OF(SSL_CIPHER) *ciphers; /* ciphers offered by the client */
CRYPTO_EX_DATA ex_data; /* application specific data */
/*
* These are used to make removal of session-ids more efficient and to
/* Per connection DANE state */
SSL_DANE dane;
/* crypto */
+ STACK_OF(SSL_CIPHER) *peer_ciphers;
STACK_OF(SSL_CIPHER) *cipher_list;
STACK_OF(SSL_CIPHER) *cipher_list_by_id;
/* TLSv1.3 specific ciphersuites */
dest->psk_identity_hint = NULL;
dest->psk_identity = NULL;
#endif
- dest->ciphers = NULL;
dest->ext.hostname = NULL;
#ifndef OPENSSL_NO_EC
dest->ext.ecpointformats = NULL;
}
#endif
- if (src->ciphers != NULL) {
- dest->ciphers = sk_SSL_CIPHER_dup(src->ciphers);
- if (dest->ciphers == NULL)
- goto err;
- }
-
if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION,
&dest->ex_data, &src->ex_data)) {
goto err;
OPENSSL_cleanse(ss->session_id, sizeof(ss->session_id));
X509_free(ss->peer);
sk_X509_pop_free(ss->peer_chain, X509_free);
- sk_SSL_CIPHER_free(ss->ciphers);
OPENSSL_free(ss->ext.hostname);
OPENSSL_free(ss->ext.tick);
#ifndef OPENSSL_NO_EC
&& master_key_length > 0) {
s->session->master_key_length = master_key_length;
s->hit = 1;
- s->session->ciphers = ciphers;
+ s->peer_ciphers = ciphers;
s->session->verify_result = X509_V_OK;
ciphers = NULL;
/* check if some cipher was preferred by call back */
if (pref_cipher == NULL)
- pref_cipher = ssl3_choose_cipher(s, s->session->ciphers,
+ pref_cipher = ssl3_choose_cipher(s, s->peer_ciphers,
SSL_get_ciphers(s));
if (pref_cipher == NULL) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
s->session->cipher = pref_cipher;
sk_SSL_CIPHER_free(s->cipher_list);
- s->cipher_list = sk_SSL_CIPHER_dup(s->session->ciphers);
+ s->cipher_list = sk_SSL_CIPHER_dup(s->peer_ciphers);
sk_SSL_CIPHER_free(s->cipher_list_by_id);
- s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers);
+ s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->peer_ciphers);
}
}
#endif
/*
- * Given s->session->ciphers and SSL_get_ciphers, we must pick a cipher
+ * Given s->peer_ciphers and SSL_get_ciphers, we must pick a cipher
*/
if (!s->hit || SSL_IS_TLS13(s)) {
- sk_SSL_CIPHER_free(s->session->ciphers);
- s->session->ciphers = ciphers;
+ sk_SSL_CIPHER_free(s->peer_ciphers);
+ s->peer_ciphers = ciphers;
if (ciphers == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
/* In TLSv1.3 we selected the ciphersuite before resumption */
if (!SSL_IS_TLS13(s)) {
cipher =
- ssl3_choose_cipher(s, s->session->ciphers, SSL_get_ciphers(s));
+ ssl3_choose_cipher(s, s->peer_ciphers, SSL_get_ciphers(s));
if (cipher == NULL) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
projects / openssl.git / commitdiff