New ctrl values to clear or retrieve extra chain certs from an SSL_CTX.
authorDr. Stephen Henson <steve@openssl.org>
Thu, 22 Dec 2011 15:14:32 +0000 (15:14 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Thu, 22 Dec 2011 15:14:32 +0000 (15:14 +0000)
New function to retrieve compression method from SSL_SESSION structure.

Delete SSL_SESSION_get_id_len and SSL_SESSION_get0_id functions
as they duplicate functionality of SSL_SESSION_get_id. Note: these functions
have never appeared in any release version of OpenSSL.

apps/s_server.c
ssl/s3_lib.c
ssl/ssl.h
ssl/ssl_sess.c

index 59e16ec..4e9d420 100644 (file)
@@ -3002,10 +3002,10 @@ static int add_session(SSL *ssl, SSL_SESSION *session)
 
        sess = OPENSSL_malloc(sizeof(simple_ssl_session));
 
-       sess->idlen = SSL_SESSION_get_id_len(session);
+       SSL_SESSION_get_id(session, &sess->idlen);
        sess->derlen = i2d_SSL_SESSION(session, NULL);
 
-       sess->id = BUF_memdup(SSL_SESSION_get0_id(session), sess->idlen);
+       sess->id = BUF_memdup(SSL_SESSION_get_id(session, NULL), sess->idlen);
 
        sess->der = OPENSSL_malloc(sess->derlen);
        p = sess->der;
@@ -3038,8 +3038,9 @@ static SSL_SESSION *get_session(SSL *ssl, unsigned char *id, int idlen,
 static void del_session(SSL_CTX *sctx, SSL_SESSION *session)
        {
        simple_ssl_session *sess, *prev = NULL;
-       const unsigned char *id = SSL_SESSION_get0_id(session);
-       unsigned int idlen = SSL_SESSION_get_id_len(session);
+       const unsigned char *id;
+       unsigned int idlen;
+       id = SSL_SESSION_get_id(session, &idlen);       
        for (sess = first; sess; sess = sess->next)
                {
                if (idlen == sess->idlen && !memcmp(sess->id, id, idlen))
index 972e792..1b0bdb8 100644 (file)
@@ -3609,6 +3609,18 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
                sk_X509_push(ctx->extra_certs,(X509 *)parg);
                break;
 
+       case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
+               *(STACK_OF(X509) **)parg =  ctx->extra_certs;
+               break;
+
+       case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
+               if (ctx->extra_certs)
+                       {
+                       sk_X509_pop_free(ctx->extra_certs, X509_free);
+                       ctx->extra_certs = NULL;
+                       }
+               break;
+
        default:
                return(0);
                }
index e7b6bc5..e781015 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1595,6 +1595,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 #define SSL_CTRL_CLEAR_MODE                    78
 #define SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB     79
 
+#define SSL_CTRL_GET_EXTRA_CHAIN_CERTS         82
+#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS       83
+
 #define DTLSv1_get_timeout(ssl, arg) \
        SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
 #define DTLSv1_handle_timeout(ssl) \
@@ -1631,6 +1634,10 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 
 #define SSL_CTX_add_extra_chain_cert(ctx,x509) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
+#define SSL_CTX_get_extra_chain_cert(ctx,px509) \
+       SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERT,0,px509)
+#define SSL_CTX_clear_extra_chain_cert(ctx) \
+       SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERT,0,NULL)
 
 #ifndef OPENSSL_NO_BIO
 BIO_METHOD *BIO_f_ssl(void);
@@ -1724,8 +1731,6 @@ long      SSL_SESSION_set_time(SSL_SESSION *s, long t);
 long   SSL_SESSION_get_timeout(const SSL_SESSION *s);
 long   SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
 void   SSL_copy_session_id(SSL *to,const SSL *from);
-unsigned int SSL_SESSION_get_id_len(SSL_SESSION *s);
-const unsigned char *SSL_SESSION_get0_id(SSL_SESSION *s);
 X509 *SSL_SESSION_get0_peer(SSL_SESSION *s);
 int SSL_SESSION_set1_id_context(SSL_SESSION *s,const unsigned char *sid_ctx,
                               unsigned int sid_ctx_len);
@@ -1733,6 +1738,7 @@ int SSL_SESSION_set1_id_context(SSL_SESSION *s,const unsigned char *sid_ctx,
 SSL_SESSION *SSL_SESSION_new(void);
 const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
                                        unsigned int *len);
+unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s);
 #ifndef OPENSSL_NO_FP_API
 int    SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses);
 #endif
index 74e8f7b..05e4fb9 100644 (file)
@@ -231,6 +231,11 @@ const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
        return s->session_id;
        }
 
+unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s)
+       {
+       return s->compress_meth;
+       }
+
 /* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1
  * has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly
  * until we have no conflict is going to complete in one iteration pretty much
@@ -862,16 +867,6 @@ long SSL_SESSION_set_time(SSL_SESSION *s, long t)
        return(t);
        }
 
-unsigned int SSL_SESSION_get_id_len(SSL_SESSION *s)
-       {
-       return s->session_id_length;
-       }
-
-const unsigned char *SSL_SESSION_get0_id(SSL_SESSION *s)
-       {
-       return s->session_id;
-       }
-
 X509 *SSL_SESSION_get0_peer(SSL_SESSION *s)
        {
        return s->peer;