X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=ssl%2Fssl_lib.c;h=f3a0edca5b1aebba0428aa593f08b54aeda558bb;hb=ef908777218bd4a362dbe9cebb8e18fa8ab384cf;hp=9862f63d2b75257179d195f255a24e8563d06e9e;hpb=c4f01c533ba875adbb021b668b3f53527cf32e6e;p=oweals%2Fopenssl.git

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 9862f63d2b..f3a0edca5b 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -650,11 +650,6 @@ void SSL_free(SSL *s)
         if (s->srtp_profiles)
             sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
 
-#ifndef OPENSSL_NO_DANE
-	if (s->tlsa_record && s->tlsa_record!=(void *)-1)
-		OPENSSL_free(s->tlsa_record);
-#endif
-
 	OPENSSL_free(s);
 	}
 
@@ -1169,14 +1164,6 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
 			}
 		else
 			return ssl_put_cipher_by_char(s,NULL,NULL);
-#ifndef OPENSSL_NO_DANE
-	case SSL_CTRL_PULL_TLSA_RECORD:
-		parg = SSL_get_tlsa_record_byname (parg,larg,s->version<0xF000?1:0);
-		/* yes, fall through */
-	case SSL_CTRL_SET_TLSA_RECORD:
-		s->tlsa_record = parg;
-		return 1;
-#endif
 	default:
 		return(s->method->ssl_ctrl(s,cmd,larg,parg));
 		}
@@ -1444,6 +1431,10 @@ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
 
 	p=buf;
 	sk=s->session->ciphers;
+
+	if (sk_SSL_CIPHER_num(sk) == 0)
+		return NULL;
+
 	for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
 		{
 		int n;
@@ -1862,6 +1853,7 @@ void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
 	else
 		*len = ssl->s3->alpn_selected_len;
 	}
+
 #endif /* !OPENSSL_NO_TLSEXT */
 
 int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
@@ -2581,6 +2573,8 @@ CERT_PKEY *ssl_get_server_send_pkey(const SSL *s)
 	int i;
 
 	c = s->cert;
+	if (!s->s3 || !s->s3->tmp.new_cipher)
+		return NULL;
 	ssl_set_cert_masks(c, s->s3->tmp.new_cipher);
 
 #ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
@@ -2643,25 +2637,6 @@ EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher, const EVP_MD **pmd)
 	}
 
 #ifndef OPENSSL_NO_TLSEXT
-unsigned char *ssl_get_authz_data(SSL *s, size_t *authz_length)
-	{
-	CERT *c;
-	int i;
-
-	c = s->cert;
-	i = ssl_get_server_cert_index(s);
-
-	if (i == -1)
-		return NULL;
-
-	*authz_length = 0;
-	if (c->pkeys[i].authz == NULL)
-		return(NULL);
-	*authz_length = c->pkeys[i].authz_length;
-
-	return c->pkeys[i].authz;
-	}
-
 int ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverinfo,
 				   size_t *serverinfo_length)
 	{